;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: 48-377D-7114-93 SRI International, 1 computer, std, 11/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : FC30B25C46930AF1C4957B97E886B42F
; File Name : u:\work\fc30b25c46930af1c4957b97e886b42f_orig.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 1000000
; Section 1. (virtual address 00001000)
; Virtual size : 00003310 ( 13072.)
; Section size in file : 00003400 ( 13312.)
; Offset to raw data for section: 00000600
; Flags 60000020: Text Executable Readable
; Alignment : default
include uni.inc ; see unicode subdir of ida for info on unicode
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 1001000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dd 77D982ACh, 77D92985h, 77D9858Eh, 77D97D4Dh, 77D92C54h
; DATA XREF: .text:0100164B�r
dword_1001014 dd 77DA9694h ; sub_1001DEB+6B�r ...
dd 0
dword_100101C dd 77E7B0BBh, 77E74CA6hdword_1001024 dd 77E7C37Ah dword_1001028 dd 77F877E0h dword_100102C dd 77E7C4E4h dword_1001030 dd 77E6670Dh dword_1001034 dd 77E66F37h dword_1001038 dd 77E6668Ch ; .text:loc_1001762�r ...
dword_100103C dd 77E68778h dword_1001040 dd 77E6B217h ; sub_10018DB+B4�r ...
dword_1001044 dd 77E68D0Fh ; sub_10019F0+14�r
dword_1001048 dd 77E65304h dword_100104C dd 77F8AA7Dh ; .text:01001DC1�r ...
dword_1001050 dd 77FC9C41h dword_1001054 dd 77E6A6C8h ; sub_1001E73+9E�r ...
dword_1001058 dd 77F8AA4Ch ; sub_1002219+13�r ...
dd 77E74A02h, 77E7E673h, 77FC976Bh, 77E7310Fh
dword_100106C dd 77E64B74h ; sub_100205A+4E�r
dd 77F89789h
dword_1001074 dd 77E7CFC6h dd 0
dd 78001DEAh, 78003E70h, 7800B426h, 78014EE9h
dword_100108C dd 78014DABh dword_1001090 dd 7801D884h dword_1001094 dd 78001000h ; sub_100205A+93�r ...
dword_1001098 dd 78001EC9h dword_100109C dd 78012188h dword_10010A0 dd 780010EDh ; sub_1001F54+47�r ...
dword_10010A4 dd 7802A875h ; sub_1001DEB+8�r
dword_10010A8 dd 78017A09h, 7800C9ACh, 78017E4Bh, 78022AA9h ; .text:0100180C�r ...
dword_10010B8 dd 7802A38Bh ; sub_1001DEB+19�r
dd 78003C1Eh, 7800F56Ah, 78003E5Ah, 78003E64h, 78003E6Ah
dd 7803BB70h, 78025147h, 7800BB9Eh, 7800F7DCh, 7800B908h
dd 7801D1CFh, 78014B25h, 7800269Eh, 0
dword_10010F4 dd 74FB1311h dword_10010F8 dd 74FB2B3Ch ; sub_100205A:loc_100209D�r ...
dword_10010FC dd 74FB4A6Ah dword_1001100 dd 74FB5502h dword_1001104 dd 74FB2B57h ; .text:01002406�r ...
dd 74FBD027h
dword_100110C dd 74FB2B57h ; sub_1002B5E+2�r ...
; ---------------------------------------------------------------------------
retf
; ---------------------------------------------------------------------------
db 0ACh, 0FBh, 74h
dd 74FB125Ah
dword_1001118 dd 74FB894Bh dword_100111C dd 74FB3284h ; sub_100205A+E7�r ...
dword_1001120 dd 74FB5413h ; .text:01002F95�r
dword_1001124 dd 74FB3A14h dword_1001128 dd 74FB90C0h dd 74FB3832h
dword_1001130 dd 74FB306Fh ; .text:01002AA2�r ...
align 8
dd 77307866h, 773025A3h, 0
dword_1001144 dd 77F82A70h dd 77F8A557h, 77FB6307h
dword_1001150 dd 77F92A89h dword_1001154 dd 77F97C81h ; sub_1002B5E+114�r ...
dword_1001158 dd 77F816E4h ; .text:01002B3A�r ...
dword_100115C dd 77F8F1D6h, 77F9431Dh, 77F936B1h ; .text:01002459�r ...
dword_1001168 dd 77F912B1h ; sub_1002901+35�r
dd 77F8F73Ch
dword_1001170 dd 77F979C8h dword_1001174 dd 77F8D7C7h ; sub_10018DB+D6�r
dword_1001178 dd 77F975A5h dd 2 dup(0)
dd 37ECADD7h, 0
dd 4, 110h, 0
dd 4C00h, 0
dd 37ECADD7h, 0
dd 3, 310h, 0
dd 4D10h, 0
dd 37ECADD7h, 0
dd 6, 2 dup(0)
dd 5020h, 0
dd 37ECADD7h, 0
dd 2, 1Ah, 0
db 90h
db 0FEh, 0A7h, 0FFh
aDNtPrivateNetS db 'D:\nt\private\net\sockets\tcpsvcs\tftpd\tftpd.c built Sep 24 1999'
db ' 22:17:18',0Ah,0
aOWritableFiles db ' o writable files keyname "%s"',0Ah,0 ; DATA XREF: .text:01001634�o
aWritable db 'writable',0 ; DATA XREF: .text:0100162F�o
align 4
aOReadableFiles db ' o Readable files keyname "%s"',0Ah,0 ; DATA XREF: .text:01001626�o
aReadable db 'readable',0 ; DATA XREF: .text:01001621�o
align 4
aOValidmastersK db ' o ValidMasters keyname "%s"',0Ah,0 ; DATA XREF: .text:01001618�o
aMasters db 'masters',0 ; DATA XREF: .text:01001613�o
aOValidclientsK db ' o ValidClients keyname "%s"',0Ah,0 ; DATA XREF: .text:0100160A�o
aClients db 'clients',0 ; DATA XREF: .text:01001605�o
aTheseKeysAreSh db 'These keys are shell patterns with * and ? (see examples above):',0Ah
; DATA XREF: .text:010015FD�o
db 0
align 4
aOStartdirector db ' o StartDirectory keyname "%s"',0Ah,0 ; DATA XREF: .text:010015F4�o
aDirectory db 'directory',0 ; DATA XREF: .text:010015EF�o
align 4
aRegistryKeyNam db 'Registry key names, all strings: HKEY_LOCAL_MACHINE %s',0Ah,0
; DATA XREF: .text:010015E6�o
aSystemCurrentc db 'System\CurrentControlSet\Services\tftpd\parameters',0
; DATA XREF: .text:010015E1�o
align 10h
aTftpd_logfileI db ' TFTPD_LOGFILE is %s',0Ah ; DATA XREF: .text:010015D8�o
db 0Ah,0
align 4
aTftpd_log db 'tftpd.log',0 ; DATA XREF: .text:010015D3�o
; .text:0100183B�o
align 4
aTftpd_default_ db ' TFTPD_DEFAULT_DIR is %s',0Ah,0 ; DATA XREF: .text:010015CA�o
align 4
aTftpdroot db '\tftpdroot\',0 ; DATA XREF: .text:010015C5�o
a? db '-?',0 ; DATA XREF: .text:01001580�o
align 4
aA db 'a+',0 ; DATA XREF: .text:01001836�o
align 4
aTftp db 'tftp',0 ; DATA XREF: sub_100205A+31�o
align 10h
aUdp db 'udp',0 ; DATA XREF: sub_100205A+2C�o
aOptionNegotiat db 'Option negotiation failure',0
align 10h
aNoSuchUser db 'No such user',0
align 10h
aFileAlreadyExi db 'File already exists',0
aUnknownTransfe db 'Unknown transfer ID',0
aIllegalTftpOpe db 'Illegal TFTP operation',0
align 10h
aDiskFullOrAllo db 'Disk full or allocation exceeded',0
align 4
aAccessViolatio db 'Access violation',0
align 4
aFileNotFound db 'File not found',0
align 4
aErrorUndefined db 'Error undefined',0
aTsize db 'tsize',0 ; DATA XREF: .text:loc_100251A�o
align 10h
aTimeout_0 db 'timeout',0 ; DATA XREF: .text:loc_1002498�o
aBlksize db 'blksize',0 ; DATA XREF: .text:01002426�o
aTimeout db 'Timeout',0 ; DATA XREF: .text:01002B0F�o
aInsufficientRe db 'Insufficient resources',0
align 10h
aFileNameTooLon db 'File name too long',0
align 4
aMalformedFileN db 'Malformed file name',0
aOctet db 'octet',0
align 10h
aNetascii db 'netascii',0 ; DATA XREF: .text:01002FD0�o
align 4
unicode 0, <\>,0
dd 0FFFFFFFFh, 1003B5Eh, 1003B73h, 0
; ---------------------------------------------------------------------------
cmp dword ptr [esp+4], 1
push esi
jle loc_1001646
mov eax, [esp+0Ch]
mov esi, offset a? ; "-?"
mov eax, [eax+4]
loc_1001588: ; CODE XREF: .text:010015A4�j
mov dl, [eax]
mov cl, dl
cmp dl, [esi]
jnz short loc_10015AA
test cl, cl
jz short loc_10015A6
mov dl, [eax+1]
mov cl, dl
cmp dl, [esi+1]
jnz short loc_10015AA
inc eax
inc eax
inc esi
inc esi
test cl, cl
jnz short loc_1001588
loc_10015A6: ; CODE XREF: .text:01001592�j
xor eax, eax
jmp short loc_10015AF
; ---------------------------------------------------------------------------
loc_10015AA: ; CODE XREF: .text:0100158E�j
; .text:0100159C�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_10015AF: ; CODE XREF: .text:010015A8�j
test eax, eax
jnz loc_1001646
mov esi, ds:dword_10010BC+18h
push offset dword_1005010
call esi
pop ecx
push offset aTftpdroot ; "\\tftpdroot\\"
push offset aTftpd_default_ ; " TFTPD_DEFAULT_DIR is %s\n"
call esi
pop ecx
pop ecx
push offset aTftpd_log ; "tftpd.log"
push offset aTftpd_logfileI ; " TFTPD_LOGFILE is %s\n\n"
call esi
pop ecx
pop ecx
push offset aSystemCurrentc ; "System\\CurrentControlSet\\Services\\tftpd"...
push offset aRegistryKeyNam ; "Registry key names, all strings: HKEY_L"...
call esi
pop ecx
pop ecx
push offset aDirectory ; "directory"
push offset aOStartdirector ; " o StartDirectory keyname \"%s\"\n"
call esi
pop ecx
pop ecx
push offset aTheseKeysAreSh ; "These keys are shell patterns with * an"...
call esi
pop ecx
push offset aClients ; "clients"
push offset aOValidclientsK ; " o ValidClients keyname \"%s\"\n"
call esi
pop ecx
pop ecx
push offset aMasters ; "masters"
push offset aOValidmastersK ; " o ValidMasters keyname \"%s\"\n"
call esi
pop ecx
pop ecx
push offset aReadable ; "readable"
push offset aOReadableFiles ; " o Readable files keyname \"%s\"\n"
call esi
pop ecx
pop ecx
push offset aWritable ; "writable"
push offset aOWritableFiles ; " o writable files keyname \"%s\"\n"
call esi
pop ecx
pop ecx
push 0FFFFFFFFh
call ds:dword_10010BC+30h
pop ecx
loc_1001646: ; CODE XREF: .text:01001576�j
; .text:010015B1�j
push offset dword_1005CB0
call ds:dword_1001000+4
test eax, eax
jnz short loc_100165B
call ds:dword_1001038
loc_100165B: ; CODE XREF: .text:01001653�j
push 0
call ds:dword_100101C
pop esi
retn
; ---------------------------------------------------------------------------
push ebx
push ebp
push esi
push edi
xor ebp, ebp
push offset sub_1001DEB
push offset dword_1005CA8
mov dword_1006120, 30h
mov dword_1006124, 2
mov dword_1006128, ebp
mov dword_1006134, 1
mov dword_1006138, 4E20h
mov dword_100612C, ebp
mov dword_1006130, ebp
call ds:dword_1001000+10h
cmp eax, ebp
mov dword_1006044, eax
jz loc_1001762
mov esi, ds:dword_1001014
mov edi, offset dword_1006120
push edi
push eax
call esi ; dword_1001014
cmp eax, ebp
jz loc_1001762
mov ebx, ds:dword_1001040
push ebp
push ebp
push ebp
push ebp
call ebx ; dword_1001040
push ebp
push ebp
push ebp
push ebp
mov dword_1005DDC, eax
call ebx ; dword_1001040
cmp dword_1005DDC, ebp
mov dword_1005DE0, eax
jz short loc_100171C
cmp eax, ebp
jz short loc_100171C
push offset dword_1006140
push 101h
call ds:dword_10010FC
cmp eax, 0FFFFFFFFh
jnz short loc_1001735
call ds:dword_10010F8
loc_100171C: ; CODE XREF: .text:010016FB�j
; .text:010016FF�j ...
push 1Fh
call sub_1001E73
push 1
call ds:dword_10010BC+30h
pop ecx
loc_100172C: ; CODE XREF: .text:0100187D�j
; .text:01001889�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
retn 8
; ---------------------------------------------------------------------------
loc_1001735: ; CODE XREF: .text:01001714�j
push edi
mov dword_1006124, 4
push dword_1006044
mov dword_1006128, 7
mov dword_1006134, ebp
mov dword_1006138, ebp
call esi ; dword_1001014
cmp eax, ebp
jnz short loc_100176A
loc_1001762: ; CODE XREF: .text:010016BC�j
; .text:010016D3�j
call ds:dword_1001038
jmp short loc_100171C
; ---------------------------------------------------------------------------
loc_100176A: ; CODE XREF: .text:01001760�j
push 9
pop ecx
xor eax, eax
mov edx, offset dword_10060C0
mov edi, edx
rep stosd
push edx
call ds:dword_10010A4
pop ecx
mov edx, [esp+14h]
dec edx
mov ebx, offset dword_1005E08
jz short loc_10017F3
mov eax, [esp+18h]
lea eax, [eax+edx*4]
mov [esp+14h], eax
loc_1001797: ; CODE XREF: .text:010017F1�j
mov eax, [esp+14h]
mov eax, [eax]
cmp byte ptr [eax], 2Dh
jnz short loc_10017F3
movsx ecx, byte ptr [eax+1]
sub ecx, 64h
jz short loc_10017C9
dec ecx
jz short loc_10017BD
dec ecx
jnz short loc_10017E9
mov dword_1005DD8, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017BD: ; CODE XREF: .text:010017AC�j
mov dword_1005DD4, 1
jmp short loc_10017E9
; ---------------------------------------------------------------------------
loc_10017C9: ; CODE XREF: .text:010017A9�j
lea edi, [eax+2]
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
loc_10017E9: ; CODE XREF: .text:010017AF�j
; .text:010017BB�j ...
sub dword ptr [esp+14h], 4
dec edx
cmp edx, ebp
ja short loc_1001797
loc_10017F3: ; CODE XREF: .text:0100178A�j
; .text:010017A0�j
call near ptr byte_10037BF
call near ptr dword_1003910
mov esi, ds:dword_10010A8
push ebx
call esi ; dword_10010A8
cmp eax, 0FFFFFFFFh
pop ecx
jnz short loc_100182E
call ds:dword_10010A8+4
push ebx
call ds:dword_10010A8+8
cmp eax, ebp
pop ecx
jnz loc_100171C
push ebx
call esi ; dword_10010A8
cmp eax, ebp
pop ecx
jnz loc_100171C
loc_100182E: ; CODE XREF: .text:0100180A�j
cmp dword_1005DD8, ebp
jz short loc_1001857
push offset aA ; "a+"
push offset aTftpd_log ; "tftpd.log"
call ds:dword_10010A8+0Ch
pop ecx
cmp eax, ebp
pop ecx
mov dword_1005DD0, eax
jnz short loc_1001857
mov dword_1005DD8, ebp
loc_1001857: ; CODE XREF: .text:01001834�j
; .text:0100184F�j
push offset dword_10060C0
call ds:dword_10010B8
pop ecx
call sub_10018DB
call sub_10019F0
push 0FFFFFFFFh
push dword_1005DDC
call ds:dword_100103C
cmp eax, ebp
jz loc_100172C
call ds:dword_1001038
jmp loc_100172C
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100188E proc near ; CODE XREF: sub_100205A+D5�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = byte ptr 10h
push ebp
mov ebp, esp
push ecx
push 3
push [ebp+arg_4]
push [ebp+arg_0]
call ds:dword_1001100
test eax, eax
jz short loc_10018AE
call ds:dword_1001038
xor eax, eax
jmp short locret_10018D7
; ---------------------------------------------------------------------------
loc_10018AE: ; CODE XREF: sub_100188E+14�j
test [ebp+arg_8], 1
push 0
push 0FFFFFFFFh
push [ebp+arg_0]
jz short loc_10018C2
push offset dword_1001D74
jmp short loc_10018C7
; ---------------------------------------------------------------------------
loc_10018C2: ; CODE XREF: sub_100188E+2B�j
push offset byte_1001DDB
loc_10018C7: ; CODE XREF: sub_100188E+32�j
push [ebp+arg_4]
lea eax, [ebp+var_4]
push eax
call ds:dword_1001174
mov eax, [ebp+var_4]
locret_10018D7: ; CODE XREF: sub_100188E+1E�j
leave
retn 0Ch
sub_100188E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_10018DB proc near ; CODE XREF: .text:01001863�p
var_4 = dword ptr -4
push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, ds:dword_1001044
push edi
push offset dword_1006080
call esi ; dword_1001044
push offset dword_1006020
call esi ; dword_1001044
mov eax, offset dword_1006098
mov dword_100609C, eax
mov dword_1006098, eax
mov eax, offset dword_1006038
mov dword_100603C, eax
mov dword_1006038, eax
lea eax, [ebp+var_4]
push eax
call sub_1001FA6
xor esi, esi
test eax, eax
jnz short loc_1001957
mov eax, [ebp+var_4]
xor ebx, ebx
cmp [eax], esi
jbe short loc_100194F
xor edi, edi
loc_100192E: ; CODE XREF: sub_10018DB+72�j
mov ecx, [eax+edi+4]
cmp ecx, esi
jz short loc_1001947
cmp ecx, 100007Fh
jz short loc_1001947
push ecx
call sub_100205A
mov eax, [ebp+var_4]
loc_1001947: ; CODE XREF: sub_10018DB+59�j
; sub_10018DB+61�j
inc ebx
add edi, 18h
cmp ebx, [eax]
jb short loc_100192E
loc_100194F: ; CODE XREF: sub_10018DB+4F�j
push eax
call ds:dword_10010A0
pop ecx
loc_1001957: ; CODE XREF: sub_10018DB+46�j
push offset dword_10060A0
call ds:dword_1001170
cmp eax, esi
jnz loc_10019EB
mov eax, 0EA60h
push esi
push eax
push eax
push esi
push offset sub_10029BA
push offset dword_1006048
push dword_10060A0
call ds:dword_1001178
push esi
push esi
push esi
push esi
mov edi, eax
call ds:dword_1001040
cmp eax, esi
mov dword_1005DF8, eax
jnz short loc_10019A2
mov eax, edi
jmp short loc_10019EB
; ---------------------------------------------------------------------------
loc_10019A2: ; CODE XREF: sub_10018DB+C1�j
push esi
push 0FFFFFFFFh
push esi
push offset sub_1002219
push eax
push offset dword_1005DFC
call ds:dword_1001174
cmp eax, esi
jnz short loc_10019EB
mov ecx, offset dword_1006100
xor eax, eax
mov edi, ecx
push ecx
stosd
stosd
stosd
stosd
stosd
mov eax, dword_1005DF8
push offset dword_1005E00
mov dword_1006110, eax
call near ptr dword_1003A44
cmp eax, esi
jz short loc_10019E9
cmp eax, 3E5h
jnz short loc_10019EB
loc_10019E9: ; CODE XREF: sub_10018DB+105�j
xor eax, eax
loc_10019EB: ; CODE XREF: sub_10018DB+89�j
; sub_10018DB+C5�j ...
pop edi
pop esi
pop ebx
leave
retn
sub_10018DB endp
; =============== S U B R O U T I N E =======================================
sub_10019F0 proc near ; CODE XREF: .text:01001868�p
mov eax, offset dword_1006078
push offset dword_1006060
mov dword_100607C, eax
mov dword_1006078, eax
call ds:dword_1001044
push 0
push 0EFD1Ch
push 0
call ds:dword_1001048
mov dword_1005DEC, eax
retn
sub_10019F0 endp
; =============== S U B R O U T I N E =======================================
sub_1001A1F proc near ; CODE XREF: sub_10029BA+79�p
push ebx
push esi
mov ebx, offset dword_1006060
push edi
push ebx
xor esi, esi
call ds:dword_1001058
mov eax, dword_1005DF0
sub eax, dword_1005DF4
cmp eax, 0Ah
jbe short loc_1001A46
shr eax, 1
mov esi, eax
jmp short loc_1001A4E
; ---------------------------------------------------------------------------
loc_1001A46: ; CODE XREF: sub_1001A1F+1F�j
cmp eax, 3
jbe short loc_1001A4E
push 2
pop esi
loc_1001A4E: ; CODE XREF: sub_1001A1F+25�j
; sub_1001A1F+2A�j
test esi, esi
jbe short loc_1001A86
mov edi, esi
loc_1001A54: ; CODE XREF: sub_1001A1F+65�j
mov eax, dword_1006078
mov esi, eax
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
push dword ptr [esi+30h]
call ds:dword_1001054
push esi
push 0
push dword_1005DEC
call ds:dword_1001050
dec dword_1005DF0
dec edi
jnz short loc_1001A54
loc_1001A86: ; CODE XREF: sub_1001A1F+31�j
push ebx
call ds:dword_100104C
pop edi
pop esi
pop ebx
retn
sub_1001A1F endp
; ---------------------------------------------------------------------------
db 0B8h, 4, 0
dd 0A3E80001h, 5300001Fh, 56ED3355h, 246C8957h, 6060BB10h
dd 448D0100h, 68501424h, 4004667Fh, 2024B4FFh, 0FF000100h
dd 111415h, 0FC53B01h, 25E85h, 246C3900h, 92840F14h, 33000002h
dd 247C8DC0h, 0ABABAB30h, 0FFAB53ABh, 105815h, 6078A101h
dd 5FF0100h, 1005DF4h, 60783Dh, 8B1A7401h, 8BF08B08h, 8890440h
dd 0FF044189h, 15FF3076h, 1001068h, 0EB30468Bh, 0F005FF30h
dd 6801005Dh, 2FF6Ch, 35FF086Ah, 1005DECh, 106415FFh, 0F08B0100h
dd 840FF53Bh, 22Ah, 55555555h, 104015FFh, 46890100h, 44895330h
dd 15FF4424h, 100104Ch, 0B9346E8Dh, 3FEFh, 0FD8BC033h
dd 8BAAABF3h, 1C2484h, 6C890001h, 44C72424h, 0FFBD2024h
dd 44C70000h, 101824h, 46890000h, 24448D1Ch, 50006A30h
dd 2024448Dh, 502C7E8Dh, 500C468Dh, 2024448Dh, 448D5750h
dd 16A3824h, 24B4FF50h, 10038h, 111015FFh, 44890100h, 8B661C24h
dd 0FF500E46h, 110C15h, 247C8301h, 7874001Ch, 10F815FFh
dd 0E53D0100h, 0F000003h, 16285h, 5DDCA100h, 0FF6A0100h
dd 2C244489h, 4424448Bh, 30244489h, 2C24448Dh, 6A50006Ah
dd 6015FF02h, 83010010h, 840FFFF8h, 137h, 1023Dh, 2C840F00h
dd 85000001h, 24840FC0h, 8D000001h, 50102444h, 448D006Ah
dd 50573824h, 2824B4FFh, 0FF000100h, 110815h, 75C08501h
dd 0F815FF0Bh, 0E9010010h, 0B6h, 35FF006Ah, 1005DDCh, 103C15FFh
dd 0C0850100h, 0E5840Fh, 3F830000h, 978C0F02h, 33000000h
dd 24BC39FFh, 1001Ch, 8B667C74h, 0FF500045h, 110415h, 0C8B70F01h
dd 487EC985h, 7E02F983h, 4F9830Ch, 0F9833E74h, 0EB397505h
dd 13D6669h, 0FF0D7500h, 60C405h, 2F31BF01h, 11EB0100h
dd 23D66h, 5FF0B75h, 10060C8h, 333ABFh, 24848B01h, 10018h
dd 4689FF85h, 56377408h, 32EBD7FFh, 46A006Ah, 2024B4FFh
dd 0FF000100h, 60CC05h, 24448D01h, 448D5060h, 0E8505424h
dd 632h, 848B10EBh, 1001824h, 46895600h, 11DEE808h, 0FF530000h
dd 105815h, 6078A101h, 46C70100h, 607804h, 68068901h, 1005DE8h
dd 89047089h, 607835h, 5C15FF01h, 0FF010010h, 5DF40Dh
dd 15FF5301h, 100104Ch, 83E9ED33h, 0FFFFFFFDh, 10F815h
dd 5336EB01h, 105815FFh, 78A10100h, 0C7010060h, 60780446h
dd 6890100h, 5DE868h, 4708901h, 60783589h, 15FF0100h, 100105Ch
dd 5DF40DFFh, 0FF530100h, 104C15h, 5D5E5F01h, 815BC033h
dd 10004C4h, 8C200h
dword_1001D74 dd 56555351h, 6020BEh, 3D8B5701h, 1001070h, 33ED3356h
; DATA XREF: sub_100188E+2D�o
db 0DBh, 0FFh, 0D7h
; ---------------------------------------------------------------------------
loc_1001D8B: ; CODE XREF: .text:01001DA1�j
test eax, eax
jnz short loc_1001DA7
push 0C8h
call ds:dword_100106C
push esi
call edi
inc ebx
cmp ebx, 7Dh
jb short loc_1001D8B
test eax, eax
jz short loc_1001DD1
loc_1001DA7: ; CODE XREF: .text:01001D8D�j
lea eax, [esp+10h]
push eax
push dword ptr [esp+1Ch]
call sub_10021E5
test eax, eax
jnz short loc_1001DC0
mov eax, [esp+10h]
mov ebp, [eax+0Ch]
loc_1001DC0: ; CODE XREF: .text:01001DB7�j
push esi
call ds:dword_100104C
push ebp
push dword ptr [esp+1Ch]
; ---------------------------------------------------------------------------
dd 0FFFCC0E8h
db 0FFh
; ---------------------------------------------------------------------------
loc_1001DD1: ; CODE XREF: .text:01001DA5�j
pop edi
pop esi
pop ebp
xor eax, eax
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
byte_1001DDB db 6Ah ; DATA XREF: sub_100188E:loc_10018C2�o
dd 2474FF00h, 0FCABE808h, 0C033FFFFh
; ---------------------------------------------------------------------------
retn 8
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001DEB proc near ; DATA XREF: .text:0100166B�o
var_4 = byte ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
lea eax, [ebp+var_4]
push eax
call ds:dword_10010A4
inc dword_1006134
pop ecx
lea eax, [ebp+var_4]
push eax
call ds:dword_10010B8
mov eax, [ebp+arg_0]
pop ecx
dec eax
jz short loc_1001E68
dec eax
jz short loc_1001E35
dec eax
jz short loc_1001E1D
dec eax
dec eax
jz short loc_1001E68
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E1D: ; CODE XREF: sub_1001DEB+2A�j
push dword_1006040
call ds:dword_1001034
mov dword_1006124, 4
jmp short loc_1001E4B
; ---------------------------------------------------------------------------
loc_1001E35: ; CODE XREF: sub_1001DEB+27�j
push dword_1006040
call ds:dword_1001074
mov dword_1006124, 7
loc_1001E4B: ; CODE XREF: sub_1001DEB+30�j
; sub_1001DEB+48�j
push offset dword_1006120
push dword_1006044
call ds:dword_1001014
test eax, eax
jnz short locret_1001E6F
call ds:dword_1001038
jmp short locret_1001E6F
; ---------------------------------------------------------------------------
loc_1001E68: ; CODE XREF: sub_1001DEB+24�j
; sub_1001DEB+2E�j
push 0
call sub_1001E73
locret_1001E6F: ; CODE XREF: sub_1001DEB+73�j
; sub_1001DEB+7B�j
leave
retn 4
sub_1001DEB endp
; =============== S U B R O U T I N E =======================================
sub_1001E73 proc near ; CODE XREF: .text:0100171E�p
; sub_1001DEB+7F�p
arg_0 = dword ptr 4
push ebx
push ebp
push esi
mov esi, ds:dword_1001014
push edi
mov edi, offset dword_1006120
push edi
mov dword_1006124, 3
push dword_1006044
call esi ; dword_1001014
mov ebp, ds:dword_1001038
xor ebx, ebx
cmp eax, ebx
jnz short loc_1001EA3
call ebp ; dword_1001038
loc_1001EA3: ; CODE XREF: sub_1001E73+2C�j
push dword_1005DDC
call ds:dword_1001030
mov dword_1006124, 1
mov dword_1006134, ebx
mov eax, [esp+10h+arg_0]
mov dword_1006138, ebx
cmp eax, ebx
jnz short loc_1001EDB
mov dword_100612C, ebx
mov dword_1006130, ebx
jmp short loc_1001EFD
; ---------------------------------------------------------------------------
loc_1001EDB: ; CODE XREF: sub_1001E73+58�j
cmp eax, 834h
jb short loc_1001EF3
cmp eax, 16A7h
mov dword_100612C, 42Ah
jbe short loc_1001EF8
loc_1001EF3: ; CODE XREF: sub_1001E73+6D�j
mov dword_100612C, eax
loc_1001EF8: ; CODE XREF: sub_1001E73+7E�j
mov dword_1006130, eax
loc_1001EFD: ; CODE XREF: sub_1001E73+66�j
push edi
push dword_1006044
call esi ; dword_1001014
cmp eax, ebx
jnz short loc_1001F0C
call ebp ; dword_1001038
loc_1001F0C: ; CODE XREF: sub_1001E73+95�j
mov eax, dword_1005DE0
mov esi, ds:dword_1001054
cmp eax, ebx
jz short loc_1001F24
push eax
call esi ; dword_1001054
mov dword_1005DE0, ebx
loc_1001F24: ; CODE XREF: sub_1001E73+A6�j
mov eax, dword_1005DDC
cmp eax, ebx
jz short loc_1001F36
push eax
call esi ; dword_1001054
mov dword_1005DDC, ebx
loc_1001F36: ; CODE XREF: sub_1001E73+B8�j
mov eax, dword_1005DD0
cmp eax, ebx
jz short loc_1001F4D
push eax
call ds:dword_100109C
pop ecx
mov dword_1005DD0, ebx
loc_1001F4D: ; CODE XREF: sub_1001E73+CA�j
pop edi
pop esi
pop ebp
pop ebx
retn 4
sub_1001E73 endp
; =============== S U B R O U T I N E =======================================
sub_1001F54 proc near ; CODE XREF: sub_1002182+1C�p
; sub_1002219+B7�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
push 0FFFFFFFFh
push dword ptr [esi+10h]
call ds:dword_1001168
push dword ptr [esi+8]
call ds:dword_100111C
push dword ptr [esi+14h]
call ds:dword_1001118
mov eax, [esi]
mov ecx, [esi+4]
cmp eax, ecx
jnz short loc_1001F90
mov eax, dword_1006038
mov ecx, [eax]
mov eax, [eax+4]
mov [eax], ecx
mov [ecx+4], eax
jmp short loc_1001F9A
; ---------------------------------------------------------------------------
loc_1001F90: ; CODE XREF: sub_1001F54+29�j
mov [ecx], eax
mov eax, [esi]
mov ecx, [esi+4]
mov [eax+4], ecx
loc_1001F9A: ; CODE XREF: sub_1001F54+3A�j
push esi
call ds:dword_10010A0
pop ecx
pop esi
retn 4
sub_1001F54 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1001FA6 proc near ; CODE XREF: sub_10018DB+3D�p
; sub_1002219+1D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
mov ebx, [ebp+arg_0]
push esi
push edi
xor edi, edi
lea eax, [ebp+var_4]
push edi
push eax
push edi
mov [ebp+var_4], edi
mov [ebp+var_8], 0C0000017h
mov [ebx], edi
call near ptr word_1003A4A
cmp eax, edi
jz short loc_1001FD3
cmp eax, 7Ah
jnz short loc_100201A
loc_1001FD3: ; CODE XREF: sub_1001FA6+26�j
push [ebp+var_4]
call ds:dword_1001094
mov esi, eax
pop ecx
cmp esi, edi
jz short loc_100201A
loc_1001FE3: ; CODE XREF: sub_1001FA6+63�j
lea eax, [ebp+var_4]
push edi
push eax
push esi
call near ptr word_1003A4A
cmp eax, edi
jz short loc_1002015
cmp eax, 7Ah
jnz short loc_100201A
push [ebp+var_4]
push esi
call ds:dword_1001098
pop ecx
cmp eax, edi
pop ecx
jz short loc_100200B
mov esi, eax
jmp short loc_1001FE3
; ---------------------------------------------------------------------------
loc_100200B: ; CODE XREF: sub_1001FA6+5F�j
push esi
call ds:dword_10010A0
pop ecx
jmp short loc_100201A
; ---------------------------------------------------------------------------
loc_1002015: ; CODE XREF: sub_1001FA6+4A�j
mov [ebp+var_8], edi
mov [ebx], esi
loc_100201A: ; CODE XREF: sub_1001FA6+2B�j
; sub_1001FA6+3B�j ...
mov eax, [ebp+var_8]
pop edi
pop esi
pop ebx
leave
retn 4
sub_1001FA6 endp
; =============== S U B R O U T I N E =======================================
sub_1002024 proc near ; CODE XREF: sub_100205A+B7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push [esp+arg_0]
call ds:dword_1001120
test eax, eax
jz short locret_1002057
push edi
mov edi, eax
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
sub edi, ecx
push esi
mov eax, ecx
mov esi, edi
mov edi, [esp+8+arg_4]
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
pop edi
locret_1002057: ; CODE XREF: sub_1002024+C�j
retn 8
sub_1002024 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100205A proc near ; CODE XREF: sub_10018DB+64�p
; sub_1002219+65�p ...
var_28 = byte ptr -28h
var_14 = word ptr -14h
var_12 = word ptr -12h
var_10 = dword ptr -10h
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
sub esp, 28h
push ebx
push esi
xor esi, esi
push edi
mov [ebp+var_4], esi
loc_1002068: ; CODE XREF: sub_100205A+5D�j
push 1
push esi
push esi
push esi
push 2
push 2
call ds:dword_10010F4
mov ebx, eax
cmp ebx, 0FFFFFFFFh
jz short loc_100209D
xor eax, eax
lea edi, [ebp+var_14]
stosd
stosd
stosd
push offset aUdp ; "udp"
push offset aTftp ; "tftp"
stosd
call ds:dword_1001128
cmp eax, esi
jnz short loc_10020B9
jmp short loc_10020B1
; ---------------------------------------------------------------------------
loc_100209D: ; CODE XREF: sub_100205A+22�j
call ds:dword_10010F8
push 2EEh
call ds:dword_100106C
inc [ebp+var_4]
loc_10020B1: ; CODE XREF: sub_100205A+41�j
cmp [ebp+var_4], 0Ah
jge short loc_10020E6
jmp short loc_1002068
; ---------------------------------------------------------------------------
loc_10020B9: ; CODE XREF: sub_100205A+3F�j
mov [ebp+var_14], 2
mov ax, [eax+8]
mov [ebp+var_12], ax
mov eax, [ebp+arg_0]
mov [ebp+var_10], eax
lea eax, [ebp+var_14]
push 10h
push eax
push ebx
call ds:dword_1001124
test eax, eax
jz short loc_10020E6
call ds:dword_1001038
jmp short loc_100215E
; ---------------------------------------------------------------------------
loc_10020E6: ; CODE XREF: sub_100205A+5B�j
; sub_100205A+82�j
cmp ebx, 0FFFFFFFFh
jz short loc_100215E
push 20h
call ds:dword_1001094
mov esi, eax
pop ecx
test esi, esi
jz short loc_100213D
push 8
xor eax, eax
pop ecx
mov edi, esi
rep stosd
mov eax, [ebp+arg_0]
lea ecx, [ebp+var_28]
push ecx
push eax
mov [esi+8], ebx
mov [esi+0Ch], eax
call sub_1002024
xor eax, eax
push eax
push eax
push eax
push eax
call ds:dword_1001040
mov edi, eax
test edi, edi
jz short loc_1002140
push 1
push edi
push ebx
mov [esi+14h], edi
call sub_100188E
test eax, eax
mov [esi+10h], eax
jnz short loc_1002162
jmp short loc_1002140
; ---------------------------------------------------------------------------
loc_100213D: ; CODE XREF: sub_100205A+9E�j
mov edi, [ebp+arg_0]
loc_1002140: ; CODE XREF: sub_100205A+CC�j
; sub_100205A+E1�j
push ebx
call ds:dword_100111C
test edi, edi
jz short loc_1002152
push edi
call ds:dword_1001054
loc_1002152: ; CODE XREF: sub_100205A+EF�j
test esi, esi
jz short loc_100215E
push esi
call ds:dword_10010A0
pop ecx
loc_100215E: ; CODE XREF: sub_100205A+8A�j
; sub_100205A+8F�j ...
xor eax, eax
jmp short loc_100217B
; ---------------------------------------------------------------------------
loc_1002162: ; CODE XREF: sub_100205A+DF�j
mov eax, dword_1006038
mov dword ptr [esi+4], offset dword_1006038
mov [esi], eax
mov [eax+4], esi
mov dword_1006038, esi
mov eax, esi
loc_100217B: ; CODE XREF: sub_100205A+106�j
pop edi
pop esi
pop ebx
leave
retn 4
sub_100205A endp
; =============== S U B R O U T I N E =======================================
sub_1002182 proc near ; CODE XREF: sub_1002219:loc_1002298�p
mov ecx, dword_1006038
push esi
mov esi, offset dword_1006038
xor eax, eax
cmp ecx, esi
jz short loc_10021B3
push edi
loc_1002195: ; CODE XREF: sub_1002182+2E�j
cmp dword ptr [ecx+18h], 0
mov edi, [ecx]
jnz short loc_10021A8
push ecx
call sub_1001F54
push 1
pop eax
jmp short loc_10021AC
; ---------------------------------------------------------------------------
loc_10021A8: ; CODE XREF: sub_1002182+19�j
and dword ptr [ecx+18h], 0
loc_10021AC: ; CODE XREF: sub_1002182+24�j
cmp edi, esi
mov ecx, edi
jnz short loc_1002195
pop edi
loc_10021B3: ; CODE XREF: sub_1002182+10�j
pop esi
retn
sub_1002182 endp
; =============== S U B R O U T I N E =======================================
sub_10021B5 proc near ; CODE XREF: sub_1002219+43�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset dword_1006038
and dword ptr [edx], 0
mov eax, dword_1006038
loc_10021C7: ; CODE XREF: sub_10021B5+21�j
cmp eax, ecx
jz short loc_10021DF
mov esi, [eax+0Ch]
cmp esi, [esp+4+arg_0]
jz short loc_10021D8
mov eax, [eax]
jmp short loc_10021C7
; ---------------------------------------------------------------------------
loc_10021D8: ; CODE XREF: sub_10021B5+1D�j
push 1
mov [edx], eax
pop eax
jmp short loc_10021E1
; ---------------------------------------------------------------------------
loc_10021DF: ; CODE XREF: sub_10021B5+14�j
xor eax, eax
loc_10021E1: ; CODE XREF: sub_10021B5+28�j
pop esi
retn 8
sub_10021B5 endp
; =============== S U B R O U T I N E =======================================
sub_10021E5 proc near ; CODE XREF: .text:01001DB0�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
mov edx, [esp+arg_4]
push esi
mov ecx, offset dword_1006038
and dword ptr [edx], 0
mov eax, dword_1006038
loc_10021F7: ; CODE XREF: sub_10021E5+21�j
cmp eax, ecx
jz short loc_100220A
mov esi, [eax+8]
cmp esi, [esp+4+arg_0]
jz short loc_1002208
mov eax, [eax]
jmp short loc_10021F7
; ---------------------------------------------------------------------------
loc_1002208: ; CODE XREF: sub_10021E5+1D�j
mov [edx], eax
loc_100220A: ; CODE XREF: sub_10021E5+14�j
mov eax, [edx]
pop esi
neg eax
sbb eax, eax
and al, 0A9h
add eax, 57h
retn 8
sub_10021E5 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002219 proc near ; DATA XREF: sub_10018DB+CB�o
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 0Ch
push ebx
push esi
push edi
xor esi, esi
push offset dword_1006020
mov [ebp+var_C], esi
call ds:dword_1001058
lea eax, [ebp+var_4]
push eax
call sub_1001FA6
test eax, eax
jnz short loc_10022A9
mov eax, [ebp+var_4]
xor ebx, ebx
cmp [eax], esi
jbe short loc_1002298
loc_1002248: ; CODE XREF: sub_1002219+7D�j
mov eax, [eax+esi+4]
test eax, eax
jz short loc_100228D
cmp eax, 100007Fh
jz short loc_100228D
lea ecx, [ebp+var_8]
push ecx
push eax
call sub_10021B5
test eax, eax
jz short loc_1002271
mov eax, [ebp+var_8]
mov dword ptr [eax+18h], 1
jmp short loc_100228D
; ---------------------------------------------------------------------------
loc_1002271: ; CODE XREF: sub_1002219+4A�j
mov eax, [ebp+var_4]
push 1
pop edi
push dword ptr [eax+esi+4]
mov [ebp+var_C], edi
call sub_100205A
test eax, eax
mov [ebp+var_8], eax
jz short loc_100228D
mov [eax+18h], edi
loc_100228D: ; CODE XREF: sub_1002219+35�j
; sub_1002219+3C�j ...
mov eax, [ebp+var_4]
inc ebx
add esi, 18h
cmp ebx, [eax]
jb short loc_1002248
loc_1002298: ; CODE XREF: sub_1002219+2D�j
call sub_1002182
push [ebp+var_4]
mov esi, eax
call ds:dword_10010A0
pop ecx
loc_10022A9: ; CODE XREF: sub_1002219+24�j
cmp [ebp+var_C], 0
jnz short loc_10022E9
test esi, esi
jnz short loc_10022E9
mov eax, dword_1006038
mov edi, offset dword_1006038
cmp eax, edi
jz short loc_10022E9
loc_10022C1: ; CODE XREF: sub_1002219+CE�j
mov [ebp+var_8], eax
mov ebx, [eax]
test byte ptr [eax+1Ch], 1
jnz short loc_10022E3
mov esi, [eax+0Ch]
push eax
call sub_1001F54
push esi
call sub_100205A
test eax, eax
jz short loc_10022E3
or dword ptr [eax+1Ch], 1
loc_10022E3: ; CODE XREF: sub_1002219+B1�j
; sub_1002219+C4�j
cmp ebx, edi
mov eax, ebx
jnz short loc_10022C1
loc_10022E9: ; CODE XREF: sub_1002219+94�j
; sub_1002219+98�j ...
push offset dword_1006100
push offset dword_1005E00
call near ptr dword_1003A44
push offset dword_1006020
call ds:dword_100104C
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002219 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_100230A proc near ; CODE XREF: .text:01002614�p
; .text:01002B1D�p ...
var_FFBC = word ptr -0FFBCh
var_FFBA = word ptr -0FFBAh
var_FFB8 = byte ptr -0FFB8h
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
arg_C = dword ptr 14h
arg_10 = dword ptr 18h
push ebp
mov ebp, esp
mov eax, 0FFBCh
call near ptr word_1003A3E
push ebx
push esi
mov esi, ds:dword_1001104
push edi
push 5
call esi ; dword_1001104
mov edi, [ebp+arg_C]
mov [ebp+var_FFBC], ax
push edi
call esi ; dword_1001104
cmp [ebp+arg_10], 0
mov [ebp+var_FFBA], ax
jz short loc_1002369
mov edi, [ebp+arg_10]
or ecx, 0FFFFFFFFh
xor eax, eax
lea edx, [ebp+var_FFB8]
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, edx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, [ebp+arg_10]
jmp short loc_10023A2
; ---------------------------------------------------------------------------
loc_1002369: ; CODE XREF: sub_100230A+32�j
cmp di, 9
jb short loc_1002371
xor edi, edi
loc_1002371: ; CODE XREF: sub_100230A+63�j
movzx eax, di
or ecx, 0FFFFFFFFh
lea ebx, [ebp+var_FFB8]
mov edx, dword_1005CC0[eax*4]
xor eax, eax
mov edi, edx
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, edx
loc_10023A2: ; CODE XREF: sub_100230A+5D�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
push 10h
push [ebp+arg_0]
not ecx
dec ecx
push eax
add ecx, 5
lea eax, [ebp+var_FFBC]
push ecx
push eax
push [ebp+arg_8]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz short loc_10023D1
call ds:dword_10010F8
loc_10023D1: ; CODE XREF: sub_100230A+BF�j
pop edi
pop esi
pop ebx
leave
retn 14h
sub_100230A endp
; ---------------------------------------------------------------------------
mov eax, [esp+4]
push ebx
push ebp
push esi
mov esi, [esp+20h]
mov dword ptr [eax+20h], 200h
mov dword ptr [eax+28h], 0Ah
mov eax, [esp+24h]
push edi
mov ecx, 3FEFh
and dword ptr [eax], 0
xor eax, eax
mov edi, esi
push 6
rep stosd
call ds:dword_1001104
mov [esi], ax
lea ebx, [esi+2]
mov ebp, [esp+18h]
cmp byte ptr [ebp+0], 0
jz loc_10025E4
loc_1002420: ; CODE XREF: .text:010025DA�j
mov esi, ds:dword_100115C
push offset aBlksize ; "blksize"
push ebp
call esi ; dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short loc_1002498
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
push 8
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop esi
add ebp, esi
add ebx, esi
push ebp
call ds:dword_100115C+4
pop ecx
cmp eax, esi
mov ecx, [esp+14h]
mov [ecx+20h], eax
jb loc_10025FD
cmp eax, 0FFB8h
ja loc_10025FD
cmp eax, 5B0h
jnz short loc_100248F
mov dword ptr [ecx+20h], 200h
sub ebx, esi
jmp loc_10025C6
; ---------------------------------------------------------------------------
loc_100248F: ; CODE XREF: .text:0100247F�j
push 0Ah
push ebx
push eax
jmp loc_1002597
; ---------------------------------------------------------------------------
loc_1002498: ; CODE XREF: .text:01002432�j
push offset aTimeout_0 ; "timeout"
push ebp
call esi ; dword_100115C
pop ecx
test eax, eax
pop ecx
jnz short loc_100251A
mov edi, ebp
or ecx, 0FFFFFFFFh
repne scasb
not ecx
sub edi, ecx
add ebp, 8
mov eax, ecx
mov esi, edi
mov edi, ebx
push ebp
shr ecx, 2
rep movsd
mov ecx, eax
add ebx, 8
and ecx, 3
rep movsb
call ds:dword_100115C+4
pop ecx
mov ecx, [esp+14h]
push 1
pop edx
cmp eax, edx
mov [ecx+28h], eax
jl loc_1002602
cmp eax, 0FFh
jg loc_1002602
mov eax, [esp+28h]
mov edi, ebp
or ecx, 0FFFFFFFFh
mov [eax], edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
mov edi, ebp
jmp loc_10025A2
; ---------------------------------------------------------------------------
loc_100251A: ; CODE XREF: .text:010024A4�j
push offset aTsize ; "tsize"
push ebp
call esi ; dword_100115C
pop ecx
mov edi, ebp
test eax, eax
pop ecx
jnz loc_10025B2
or edx, 0FFFFFFFFh
xor eax, eax
mov ecx, edx
add ebp, 6
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
add ebx, 6
shr ecx, 2
rep movsd
mov ecx, eax
and ecx, 3
cmp dword ptr [esp+1Ch], 2
rep movsb
jnz short loc_100258D
mov edi, ebp
mov ecx, edx
xor eax, eax
repne scasb
not ecx
sub edi, ecx
mov eax, ecx
mov esi, edi
mov edi, ebx
shr ecx, 2
rep movsd
mov ecx, eax
xor eax, eax
and ecx, 3
rep movsb
mov edi, ebp
mov ecx, edx
repne scasb
not ecx
dec ecx
mov edi, ebp
lea ebx, [ebx+ecx+1]
mov ecx, edx
jmp short loc_10025CB
; ---------------------------------------------------------------------------
loc_100258D: ; CODE XREF: .text:01002558�j
mov eax, [esp+14h]
push 0Ah
push ebx
push dword ptr [eax+24h]
loc_1002597: ; CODE XREF: .text:01002493�j
call ds:dword_100115C+8
add esp, 0Ch
mov edi, ebx
loc_10025A2: ; CODE XREF: .text:01002515�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
lea ebx, [ebx+ecx+1]
jmp short loc_10025C6
; ---------------------------------------------------------------------------
loc_10025B2: ; CODE XREF: .text:01002528�j
or ecx, 0FFFFFFFFh
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jz short loc_10025E0
loc_10025C6: ; CODE XREF: .text:0100248A�j
; .text:010025B0�j
mov edi, ebp
or ecx, 0FFFFFFFFh
loc_10025CB: ; CODE XREF: .text:0100258B�j
xor eax, eax
repne scasb
not ecx
dec ecx
cmp [ebp+ecx+1], al
lea ebp, [ebp+ecx+1]
jnz loc_1002420
loc_10025E0: ; CODE XREF: .text:010025C4�j
mov esi, [esp+24h]
loc_10025E4: ; CODE XREF: .text:0100241A�j
mov eax, [esp+20h]
sub ebx, esi
cmp ebx, 2
mov [eax], ebx
jnz short loc_10025F4
and dword ptr [eax], 0
loc_10025F4: ; CODE XREF: .text:010025EF�j
xor eax, eax
loc_10025F6: ; CODE XREF: .text:0100261C�j
pop edi
pop esi
pop ebp
pop ebx
retn 18h
; ---------------------------------------------------------------------------
loc_10025FD: ; CODE XREF: .text:01002469�j
; .text:01002474�j
push 0
push esi
jmp short loc_1002606
; ---------------------------------------------------------------------------
loc_1002602: ; CODE XREF: .text:010024DD�j
; .text:010024E8�j
push 0
push 8
loc_1002606: ; CODE XREF: .text:01002600�j
push dword ptr [ecx+8]
lea eax, [ecx+0FFF1h]
add ecx, 0Ch
push eax
push ecx
call sub_100230A
or eax, 0FFFFFFFFh
jmp short loc_10025F6
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
mov ebx, [ebp+8]
push esi
push edi
mov al, [ebx]
mov ecx, ebx
mov esi, ebx
mov [ebp+8], ebx
loc_1002630: ; CODE XREF: .text:01002640�j
test al, al
jz short loc_1002642
cmp al, 5Ch
jz short loc_100263C
cmp al, 2Fh
jnz short loc_1002642
loc_100263C: ; CODE XREF: .text:01002636�j
mov al, [ecx+1]
inc ecx
jmp short loc_1002630
; ---------------------------------------------------------------------------
loc_1002642: ; CODE XREF: .text:01002632�j
; .text:0100263A�j ...
mov al, [ecx]
test al, al
jz loc_10026E4
cmp al, 2Eh
jnz loc_100271C
mov dl, [ecx+1]
lea edi, [ecx+1]
cmp dl, 5Ch
jz loc_1002718
cmp dl, 2Fh
jz loc_1002718
cmp dl, al
jnz loc_1002703
mov dl, [ecx+2]
lea edi, [ecx+2]
cmp dl, 5Ch
jz short loc_1002684
cmp dl, 2Fh
jnz short loc_1002703
loc_1002684: ; CODE XREF: .text:0100267D�j
dec esi
mov ecx, edi
dec esi
cmp esi, ebx
jbe short loc_10026E0
loc_100268C: ; CODE XREF: .text:01002699�j
mov al, [esi]
cmp al, 5Ch
jz short loc_100269B
cmp al, 2Fh
jz short loc_100269B
dec esi
cmp esi, ebx
jnb short loc_100268C
loc_100269B: ; CODE XREF: .text:01002690�j
; .text:01002694�j
inc esi
loc_100269C: ; CODE XREF: .text:010026AC�j
; .text:0100270C�j ...
cmp esi, [ebp+8]
jbe short loc_10026AE
cmp byte ptr [esi-1], 20h
lea eax, [esi-1]
jnz short loc_10026AE
mov esi, eax
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_10026AE: ; CODE XREF: .text:0100269F�j
; .text:010026A8�j
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026B8
cmp al, 2Fh
jnz short loc_1002642
loc_10026B8: ; CODE XREF: .text:010026B2�j
cmp esi, ebx
jz short loc_10026CB
mov al, [esi-1]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
mov byte ptr [esi], 5Ch
inc esi
loc_10026CB: ; CODE XREF: .text:010026BA�j
; .text:010026C1�j ...
inc ecx
jz short loc_10026D8
mov al, [ecx]
cmp al, 5Ch
jz short loc_10026CB
cmp al, 2Fh
jz short loc_10026CB
loc_10026D8: ; CODE XREF: .text:010026CC�j
mov [ebp+8], esi
jmp loc_1002642
; ---------------------------------------------------------------------------
loc_10026E0: ; CODE XREF: .text:0100268A�j
xor eax, eax
jmp short loc_10026FC
; ---------------------------------------------------------------------------
loc_10026E4: ; CODE XREF: .text:01002646�j
mov cl, [esi-1]
lea eax, [esi-1]
cmp cl, 5Ch
jz short loc_10026F4
cmp cl, 2Fh
jnz short loc_10026F6
loc_10026F4: ; CODE XREF: .text:010026ED�j
mov esi, eax
loc_10026F6: ; CODE XREF: .text:010026F2�j
and byte ptr [esi], 0
push 1
pop eax
loc_10026FC: ; CODE XREF: .text:010026E2�j
pop edi
pop esi
pop ebx
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_1002703: ; CODE XREF: .text:0100266E�j
; .text:01002682�j ...
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
test al, al
jz short loc_100269C
cmp al, 5Ch
jz short loc_100269C
cmp al, 2Fh
jnz short loc_1002703
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_1002718: ; CODE XREF: .text:0100265D�j
; .text:01002666�j
mov ecx, edi
jmp short loc_100269C
; ---------------------------------------------------------------------------
loc_100271C: ; CODE XREF: .text:0100264E�j
; .text:0100273B�j
test al, al
jz loc_100269C
cmp al, 5Ch
jz loc_100269C
cmp al, 2Fh
jz loc_100269C
mov [esi], al
mov al, [ecx+1]
inc esi
inc ecx
jmp short loc_100271C
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
push ebx
push esi
mov esi, [ebp+10h]
push edi
mov edi, esi
or ecx, 0FFFFFFFFh
xor eax, eax
mov edx, [ebp+8]
repne scasb
not ecx
dec ecx
mov edi, edx
mov ebx, ecx
or ecx, 0FFFFFFFFh
repne scasb
not ecx
dec ecx
cmp byte ptr [ebx+esi-1], 5Ch
mov edi, ecx
setz al
xor ecx, ecx
cmp byte ptr [edx], 5Ch
setz cl
test eax, eax
jnz short loc_1002784
test ecx, ecx
jnz short loc_1002784
mov dword ptr [ebp+10h], 1
jmp short loc_1002791
; ---------------------------------------------------------------------------
loc_1002784: ; CODE XREF: .text:01002775�j
; .text:01002779�j
and dword ptr [ebp+10h], 0
test eax, eax
jz short loc_1002791
test ecx, ecx
jz short loc_1002791
dec ebx
loc_1002791: ; CODE XREF: .text:01002782�j
; .text:0100278A�j ...
mov eax, [ebp+10h]
mov ecx, [ebp+0Ch]
add eax, edi
add eax, ebx
dec ecx
cmp eax, ecx
jbe short loc_10027A4
xor eax, eax
jmp short loc_10027DA
; ---------------------------------------------------------------------------
loc_10027A4: ; CODE XREF: .text:0100279E�j
mov eax, [ebp+10h]
inc edi
add eax, ebx
push edi
add eax, edx
push edx
push eax
call ds:dword_1001144
mov eax, [ebp+8]
mov ecx, ebx
mov edx, ecx
mov edi, eax
shr ecx, 2
rep movsd
mov ecx, edx
add esp, 0Ch
and ecx, 3
cmp dword ptr [ebp+10h], 0
rep movsb
jz short loc_10027D7
mov byte ptr [ebx+eax], 5Ch
loc_10027D7: ; CODE XREF: .text:010027D1�j
push 1
pop eax
loc_10027DA: ; CODE XREF: .text:010027A2�j
pop edi
pop esi
pop ebx
pop ebp
retn 0Ch
; =============== S U B R O U T I N E =======================================
sub_10027E1 proc near ; CODE XREF: sub_1002B5E+C7�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push esi
mov esi, [esp+4+arg_0]
push edi
mov ecx, [esi+10024h]
lea eax, [esi+10024h]
test ecx, ecx
jz short loc_1002817
and dword ptr [eax], 0
mov eax, [esp+8+arg_4]
and word ptr [esi+10014h], 0
mov [esi+10020h], ecx
mov eax, [eax+20h]
mov [esi+1001Ch], eax
jmp short loc_1002877
; ---------------------------------------------------------------------------
loc_1002817: ; CODE XREF: sub_10027E1+14�j
mov edi, ds:dword_1001104
push 3
call edi ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call edi ; dword_1001104
mov [esi+3Ah], ax
mov eax, [esp+8+arg_4]
push dword ptr [eax+20h]
lea eax, [esi+3Ch]
push eax
push dword ptr [esi+1002Ch]
call ds:dword_1001090
add esp, 0Ch
cmp eax, 0FFFFFFFFh
mov [esi+1001Ch], eax
jnz short loc_100286E
mov esi, ds:dword_10010A8+4
call esi
call esi
push dword ptr [eax]
call ds:dword_100102C
xor eax, eax
jmp short loc_100287A
; ---------------------------------------------------------------------------
loc_100286E: ; CODE XREF: sub_10027E1+75�j
add eax, 4
mov [esi+10020h], eax
loc_1002877: ; CODE XREF: sub_10027E1+34�j
push 1
pop eax
loc_100287A: ; CODE XREF: sub_10027E1+8B�j
pop edi
pop esi
retn 8
sub_10027E1 endp
; ---------------------------------------------------------------------------
push esi
mov esi, offset dword_1006080
push esi
call ds:dword_1001058
mov ecx, dword_1006098
push esi
mov eax, [esp+0Ch]
mov [eax], ecx
mov dword ptr [eax+4], offset dword_1006098
mov [ecx+4], eax
mov dword_1006098, eax
call ds:dword_100104C
push 1
pop eax
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_10028B5 proc near ; CODE XREF: .text:01002A49�p
; .text:01002ED0�p
arg_0 = dword ptr 4
push ebx
mov ebx, ds:dword_1001058
push esi
push edi
mov edi, offset dword_1006080
push edi
call ebx ; dword_1001058
mov eax, dword_1006098
mov ecx, offset dword_1006098
loc_10028D0: ; CODE XREF: sub_10028B5+2D�j
cmp eax, ecx
jz short loc_10028F2
mov edx, [eax+8]
lea esi, [eax-18h]
cmp edx, [esp+0Ch+arg_0]
jz short loc_10028E4
mov eax, [eax]
jmp short loc_10028D0
; ---------------------------------------------------------------------------
loc_10028E4: ; CODE XREF: sub_10028B5+29�j
push esi
call ebx ; dword_1001058
push edi
call ds:dword_100104C
mov eax, esi
jmp short loc_10028FB
; ---------------------------------------------------------------------------
loc_10028F2: ; CODE XREF: sub_10028B5+1D�j
push edi
call ds:dword_100104C
xor eax, eax
loc_10028FB: ; CODE XREF: sub_10028B5+3B�j
pop edi
pop esi
pop ebx
retn 4
sub_10028B5 endp
; =============== S U B R O U T I N E =======================================
sub_1002901 proc near ; CODE XREF: sub_100297A+A�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+20h]
cmp eax, 0FFFFFFFFh
jz short loc_1002915
push eax
call ds:dword_100111C
loc_1002915: ; CODE XREF: sub_1002901+B�j
mov eax, [esi+10004h]
test eax, eax
jz short loc_100292E
push 0
push eax
push dword_10060A0
call ds:dword_1001158
loc_100292E: ; CODE XREF: sub_1002901+1C�j
push 0
push dword ptr [esi+0FFFCh]
call ds:dword_1001168
push dword ptr [esi+0FFF8h]
call ds:dword_1001054
push esi
call ds:dword_1001028
pop esi
retn 4
sub_1002901 endp
; =============== S U B R O U T I N E =======================================
sub_1002953 proc near ; CODE XREF: sub_100297A+2F�p
; sub_100297A+37�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
mov eax, [esi+1002Ch]
cmp eax, 0FFFFFFFFh
jz short loc_100296B
push eax
call ds:dword_100108C
pop ecx
loc_100296B: ; CODE XREF: sub_1002953+E�j
push esi
call ds:dword_10010A0
pop ecx
pop esi
retn 4
sub_1002953 endp
; [00000003 BYTES: COLLAPSED FUNCTION nullsub_1. PRESS KEYPAD "+" TO EXPAND]
; =============== S U B R O U T I N E =======================================
sub_100297A proc near ; CODE XREF: sub_10029BA+55�p
arg_0 = dword ptr 4
push esi
mov esi, [esp+4+arg_0]
test esi, esi
jz short loc_10029B6
push esi
call sub_1002901
mov eax, [esi+24h]
dec eax
jz short loc_10029B0
dec eax
jz short loc_10029A8
dec eax
jz short loc_10029A0
dec eax
jnz short loc_10029B6
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A0: ; CODE XREF: sub_100297A+19�j
push esi
call nullsub_1
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029A8: ; CODE XREF: sub_100297A+16�j
push esi
call sub_1002953
jmp short loc_10029B6
; ---------------------------------------------------------------------------
loc_10029B0: ; CODE XREF: sub_100297A+13�j
push esi
call sub_1002953
loc_10029B6: ; CODE XREF: sub_100297A+7�j
; sub_100297A+1C�j ...
pop esi
retn 4
sub_100297A endp
; =============== S U B R O U T I N E =======================================
sub_10029BA proc near ; DATA XREF: sub_10018DB+98�o
push ebx
mov ebx, ds:dword_1001058
push esi
push offset dword_1006080
call ebx ; dword_1001058
mov esi, dword_1006098
cmp esi, offset dword_1006098
jz short loc_1002A28
push edi
push ebp
loc_10029D9: ; CODE XREF: sub_10029BA+6A�j
lea edi, [esi-18h]
push edi
call ebx ; dword_1001058
mov ebp, [esi]
inc dword ptr [edi+10008h]
cmp dword ptr [edi+10008h], 4
lea eax, [edi+10008h]
push edi
jb short loc_1002A16
call ebx ; dword_1001058
mov eax, [esi]
mov esi, [esi+4]
mov [esi], eax
mov [eax+4], esi
mov ax, [edi+2Ah]
push eax
call ds:dword_1001104
push edi
call sub_100297A
jmp short loc_1002A1C
; ---------------------------------------------------------------------------
loc_1002A16: ; CODE XREF: sub_10029BA+3B�j
call ds:dword_100104C
loc_1002A1C: ; CODE XREF: sub_10029BA+5A�j
cmp ebp, offset dword_1006098
mov esi, ebp
jnz short loc_10029D9
pop ebp
pop edi
loc_1002A28: ; CODE XREF: sub_10029BA+1B�j
push offset dword_1006080
call ds:dword_100104C
call sub_1001A1F
pop esi
pop ebx
retn 8
sub_10029BA endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 10h
push ebx
push esi
push edi
push dword ptr [ebp+8]
call sub_10028B5
mov esi, eax
xor ebx, ebx
cmp esi, ebx
jz loc_1002B57
mov eax, [esi+1000Ch]
cmp eax, 0Ah
jnb loc_1002B0B
cmp eax, 5
jbe short loc_1002A8E
lea eax, [ebp-10h]
push eax
call ds:dword_1001024
mov ax, [esi+2Ah]
push eax
call ds:dword_100110C
mov ax, [esi+3Ah]
push eax
call ds:dword_1001104
loc_1002A8E: ; CODE XREF: .text:01002A6C�j
lea eax, [esi+28h]
push 10h
push eax
push ebx
push dword ptr [esi+10020h]
lea eax, [esi+38h]
push eax
push dword ptr [esi+20h]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz short loc_1002AB3
call ds:dword_10010F8
loc_1002AB3: ; CODE XREF: .text:01002AAB�j
mov edi, [esi+10004h]
inc dword ptr [esi+1000Ch]
cmp edi, ebx
jz loc_1002B4C
cmp [esi+10028h], ebx
jnz short loc_1002AEA
mov eax, [esi+10000h]
lea ecx, [esi+10000h]
shl eax, 1
mov edx, 2710h
mov [ecx], eax
cmp eax, edx
jbe short loc_1002AEA
mov [ecx], edx
loc_1002AEA: ; CODE XREF: .text:01002ACD�j
; .text:01002AE6�j
mov eax, [esi+10000h]
push eax
push eax
push edi
push dword_10060A0
call ds:dword_1001154
cmp eax, ebx
jz short loc_1002B4C
call ds:dword_1001038
jmp short loc_1002B4C
; ---------------------------------------------------------------------------
loc_1002B0B: ; CODE XREF: .text:01002A63�j
cmp esi, ebx
jz short loc_1002B57
push offset aTimeout ; "Timeout"
push ebx
push dword ptr [esi+20h]
lea eax, [esi+28h]
push ebx
push eax
call sub_100230A
mov eax, [esi+10004h]
lea edi, [esi+10004h]
cmp eax, ebx
jz short loc_1002B40
push ebx
push eax
push dword_10060A0
call ds:dword_1001158
loc_1002B40: ; CODE XREF: .text:01002B30�j
mov [edi], ebx
mov dword ptr [esi+10008h], 4
loc_1002B4C: ; CODE XREF: .text:01002AC1�j
; .text:01002B01�j ...
cmp esi, ebx
jz short loc_1002B57
push esi
call ds:dword_100104C
loc_1002B57: ; CODE XREF: .text:01002A54�j
; .text:01002B0D�j ...
pop edi
pop esi
pop ebx
leave
retn 8
; =============== S U B R O U T I N E =======================================
sub_1002B5E proc near ; CODE XREF: .text:01002F05�p
var_4 = dword ptr -4
arg_0 = dword ptr 4
arg_4 = dword ptr 8
push ecx
push ebx
mov ebx, ds:dword_100110C
push ebp
push esi
mov esi, [esp+10h+arg_0]
push edi
mov edi, [esp+14h+arg_4]
xor ebp, ebp
mov eax, [esi+10018h]
push 4
mov [esp+18h+var_4], ebp
mov [edi+20h], eax
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002BA6
mov ax, [esi+10014h]
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002BA6
and dword ptr [esi+1000Ch], 0
push 1
pop ebp
jmp short loc_1002BCE
; ---------------------------------------------------------------------------
loc_1002BA6: ; CODE XREF: sub_1002B5E+2A�j
; sub_1002B5E+3A�j
mov ax, [edi+36h]
push eax
call ebx ; dword_100110C
mov ax, [edi+34h]
push eax
call ds:dword_1001104
push 4
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002BCE
mov ax, [esi+10014h]
dec ax
push eax
call ebx ; dword_100110C
loc_1002BCE: ; CODE XREF: sub_1002B5E+46�j
; sub_1002B5E+62�j
test ebp, ebp
jz loc_1002C96
cmp dword ptr [esi+10030h], 0
jz short loc_1002C1C
mov eax, [esi+10004h]
lea edi, [esi+10004h]
test eax, eax
jz short loc_1002BFE
push 0
push eax
push dword_10060A0
call ds:dword_1001158
loc_1002BFE: ; CODE XREF: sub_1002B5E+8F�j
and dword ptr [edi], 0
mov dword ptr [esi+10008h], 4
loc_1002C0B: ; CODE XREF: sub_1002B5E+DB�j
; sub_1002B5E+13E�j ...
push esi
call ds:dword_100104C
xor eax, eax
loc_1002C14: ; CODE XREF: sub_1002B5E+183�j
pop edi
pop esi
pop ebp
pop ebx
pop ecx
retn 8
; ---------------------------------------------------------------------------
loc_1002C1C: ; CODE XREF: sub_1002B5E+7F�j
inc word ptr [esi+10014h]
push edi
push esi
call sub_10027E1
mov ebp, eax
xor eax, eax
cmp ebp, eax
jnz short loc_1002C3B
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
jmp short loc_1002C0B
; ---------------------------------------------------------------------------
loc_1002C3B: ; CODE XREF: sub_1002B5E+D2�j
cmp [esi+10028h], eax
mov [esi+1000Ch], eax
mov [esi+10008h], eax
jnz short loc_1002C59
mov dword ptr [esi+10000h], 3E8h
loc_1002C59: ; CODE XREF: sub_1002B5E+EF�j
mov ecx, [esi+10004h]
cmp ecx, eax
jz short loc_1002C78
mov eax, [esi+10000h]
push eax
push eax
push ecx
push dword_10060A0
call ds:dword_1001154
loc_1002C78: ; CODE XREF: sub_1002B5E+103�j
mov eax, [esi+1001Ch]
cmp eax, [edi+20h]
jnb short loc_1002C9A
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
mov dword ptr [esi+10030h], 1
jmp short loc_1002C9A
; ---------------------------------------------------------------------------
loc_1002C96: ; CODE XREF: sub_1002B5E+72�j
mov ebp, [esp+14h+var_4]
loc_1002C9A: ; CODE XREF: sub_1002B5E+123�j
; sub_1002B5E+136�j
test ebp, ebp
jz loc_1002C0B
mov ax, [edi+0Eh]
push eax
call ebx ; dword_100110C
add edi, 0Ch
push 10h
push edi
push 0
push dword ptr [esi+10020h]
lea eax, [esi+38h]
push eax
push dword ptr [esi+20h]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz loc_1002C0B
call ds:dword_10010F8
test esi, esi
jz short loc_1002CDE
push esi
call ds:dword_100104C
loc_1002CDE: ; CODE XREF: sub_1002B5E+177�j
push 1
pop eax
jmp loc_1002C14
sub_1002B5E endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_1002CE6 proc near ; CODE XREF: .text:01002EFC�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
push ecx
and [ebp+var_4], 0
push ebx
mov ebx, ds:dword_100110C
push esi
mov esi, [ebp+arg_0]
push edi
mov edi, [ebp+arg_4]
push 3
mov eax, [esi+10018h]
mov [edi+20h], eax
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002D3A
mov ax, [esi+10014h]
inc ax
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002D3A
inc word ptr [esi+10014h]
xor ebx, ebx
mov [ebp+var_4], 1
mov [esi+10008h], ebx
jmp short loc_1002D9D
; ---------------------------------------------------------------------------
loc_1002D3A: ; CODE XREF: sub_1002CE6+28�j
; sub_1002CE6+3A�j
push 3
call ebx ; dword_100110C
cmp [edi+34h], ax
jnz short loc_1002D9B
mov ax, [esi+10014h]
push eax
call ebx ; dword_100110C
cmp [edi+36h], ax
jnz short loc_1002D9B
mov ebx, ds:dword_1001104
push 4
call ebx ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call ebx ; dword_1001104
add edi, 0Ch
push 10h
mov [esi+3Ah], ax
push edi
push 0
lea eax, [esi+38h]
push 4
push eax
push dword ptr [esi+20h]
call ds:dword_1001130
cmp eax, 0FFFFFFFFh
jnz loc_1002EB3
call ds:dword_10010F8
jmp loc_1002EB3
; ---------------------------------------------------------------------------
loc_1002D9B: ; CODE XREF: sub_1002CE6+5C�j
; sub_1002CE6+6C�j
xor ebx, ebx
loc_1002D9D: ; CODE XREF: sub_1002CE6+52�j
cmp [ebp+var_4], ebx
jz short loc_1002DE4
lea eax, [ebp+arg_4]
push eax
mov eax, [edi+2Ch]
push dword ptr [esi+10030h]
sub eax, 4
push eax
lea eax, [edi+38h]
push eax
push dword ptr [esi+1002Ch]
call near ptr word_100373A
cmp [ebp+var_4], ebx
mov [ebp+arg_0], eax
jz short loc_1002DE4
cmp eax, ebx
jge short loc_1002DF7
push ebx
push 3
push dword ptr [edi+8]
lea eax, [edi+0FFF1h]
add edi, 0Ch
push eax
push edi
call sub_100230A
loc_1002DE4: ; CODE XREF: sub_1002CE6+BA�j
; sub_1002CE6+E2�j
cmp esi, ebx
jz short loc_1002DEF
push esi
call ds:dword_100104C
loc_1002DEF: ; CODE XREF: sub_1002CE6+100�j
push 1
pop eax
jmp loc_1002EBC
; ---------------------------------------------------------------------------
loc_1002DF7: ; CODE XREF: sub_1002CE6+E6�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
ja loc_1002EB3
mov ebx, ds:dword_1001104
push 4
call ebx ; dword_1001104
mov [esi+38h], ax
mov ax, [esi+10014h]
push eax
call ebx ; dword_1001104
mov [esi+3Ah], ax
lea eax, [edi+0Ch]
push 10h
xor ebx, ebx
push eax
push ebx
lea eax, [esi+38h]
push 4
push eax
push dword ptr [esi+20h]
call ds:dword_1001130
mov [ebp+arg_0], eax
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002E74
cmp [esi+10028h], ebx
mov [esi+1000Ch], ebx
jnz short loc_1002E5F
mov dword ptr [esi+10000h], 3E8h
loc_1002E5F: ; CODE XREF: sub_1002CE6+16D�j
mov ecx, [esi+10000h]
push ecx
push ecx
push eax
push dword_10060A0
call ds:dword_1001154
loc_1002E74: ; CODE XREF: sub_1002CE6+15F�j
cmp [ebp+arg_0], 0FFFFFFFFh
jnz short loc_1002E80
call ds:dword_10010F8
loc_1002E80: ; CODE XREF: sub_1002CE6+192�j
mov eax, [edi+2Ch]
sub eax, 4
cmp eax, [edi+20h]
jnb short loc_1002EB3
mov eax, [esi+10004h]
cmp eax, ebx
jz short loc_1002EA3
push ebx
push eax
push dword_10060A0
call ds:dword_1001158
loc_1002EA3: ; CODE XREF: sub_1002CE6+1AD�j
mov [esi+10004h], ebx
mov dword ptr [esi+10008h], 4
loc_1002EB3: ; CODE XREF: sub_1002CE6+A4�j
; sub_1002CE6+B0�j ...
push esi
call ds:dword_100104C
xor eax, eax
loc_1002EBC: ; CODE XREF: sub_1002CE6+10C�j
pop edi
pop esi
pop ebx
leave
retn 8
sub_1002CE6 endp
; =============== S U B R O U T I N E =======================================
sub_1002EC3 proc near ; CODE XREF: .text:01002EEA�p
; .text:01002EF3�p
xor eax, eax
retn 8
sub_1002EC3 endp
; ---------------------------------------------------------------------------
push esi
mov esi, [esp+8]
push dword ptr [esi+8]
call sub_10028B5
test eax, eax
jz short loc_1002F0A
mov ecx, [eax+24h]
dec ecx
jz short loc_1002F03
dec ecx
jz short loc_1002EFA
dec ecx
jz short loc_1002EF1
dec ecx
jnz short loc_1002F0A
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EF1: ; CODE XREF: .text:01002EE3�j
push esi
push eax
call sub_1002EC3
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002EFA: ; CODE XREF: .text:01002EE0�j
push esi
push eax
call sub_1002CE6
jmp short loc_1002F0A
; ---------------------------------------------------------------------------
loc_1002F03: ; CODE XREF: .text:01002EDD�j
push esi
push eax
call sub_1002B5E
loc_1002F0A: ; CODE XREF: .text:01002ED7�j
; .text:01002EE6�j ...
pop esi
retn 4
; =============== S U B R O U T I N E =======================================
sub_1002F0E proc near ; CODE XREF: .text:01002F51�p
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor eax, eax
cmp [esp+arg_4], eax
jbe short loc_1002F27
loc_1002F16: ; CODE XREF: sub_1002F0E+17�j
mov ecx, [esp+arg_0]
cmp byte ptr [eax+ecx], 0
jz short loc_1002F2C
inc eax
cmp eax, [esp+arg_4]
jb short loc_1002F16
loc_1002F27: ; CODE XREF: sub_1002F0E+6�j
xor eax, eax
locret_1002F29: ; CODE XREF: sub_1002F0E+21�j
retn 8
; ---------------------------------------------------------------------------
loc_1002F2C: ; CODE XREF: sub_1002F0E+10�j
push 1
pop eax
jmp short locret_1002F29
sub_1002F0E endp
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
sub esp, 28h
push ebx
and dword ptr [ebp-10h], 0
and dword ptr [ebp-14h], 0
push esi
mov esi, [ebp+8]
push edi
push 0FFBAh
lea ebx, [esi+36h]
push ebx
mov [ebp-18h], ebx
call sub_1002F0E
test eax, eax
jz near ptr byte_100330F
mov edi, ebx
or ecx, 0FFFFFFFFh
xor eax, eax
push 10034h
repne scasb
not ecx
dec ecx
lea eax, [ecx+ebx+1]
mov [ebp-4], eax
call ds:dword_1001094
mov ebx, eax
pop ecx
test ebx, ebx
jz near ptr byte_1003331
mov ecx, 400Dh
xor eax, eax
mov edi, ebx
rep stosd
push dword ptr [esi+10h]
call ds:dword_1001120
mov [ebp-8], eax
mov ax, [esi+0Eh]
push eax
call ds:dword_1001104
mov edi, [ebp-4]
mov [ebp-0Ch], edi
mov al, [edi]
test al, al
jz short loc_1002FCD
loc_1002FB5: ; CODE XREF: .text:01002FC8�j
movsx eax, al
push eax
call ds:dword_1001150
mov [edi], al
mov al, [edi+1]
inc edi
pop ecx
test al, al
jnz short loc_1002FB5
mov [ebp-0Ch], edi
loc_1002FCD: ; CODE XREF: .text:01002FB3�j
mov edi, [ebp-4]
mov eax, offset aNetascii ; "netascii"
loc_1002FD5: ; CODE XREF: .text:01002FF1�j
mov dl, [edi]
mov cl, dl
cmp dl, [eax]
jnz short loc_1002FF7
test cl, cl
jz short loc_1002FF3
mov dl, [edi+1]
mov cl, dl
cmp dl, [eax+1]
jnz short loc_1002FF7
inc edi
inc edi
inc eax
inc eax
test cl, cl
jnz short loc_1002FD5
loc_1002FF3: ; CODE XREF: .text:01002FDF�j
xor eax, eax
jmp short loc_1002FFC
; ---------------------------------------------------------------------------
loc_1002FF7: ; CODE XREF: .text:01002FDB�j
; .text:01002FE9�j
sbb eax, eax
sbb eax, 0FFFFFFFFh
loc_1002FFC: ; CODE XREF: .text:01002FF5�j
test eax, eax
jz short near ptr byte_1003037
; ---------------------------------------------------------------------------
dd 0Dh dup(?)
db 3 dup(?)
byte_1003037 db ? ; CODE XREF: .text:01002FFE�j
dd 0B5h dup(?)
db 3 dup(?)
byte_100330F db ? ; CODE XREF: .text:01002F58�j
dd 8 dup(?)
db ?
byte_1003331 db 3 dup(?) ; CODE XREF: .text:01002F81�j
dd 101h dup(?)
db 2 dup(?)
word_100373A dw ? ; CODE XREF: sub_1002CE6+D7�p
dd 20h dup(?)
db 3 dup(?)
byte_10037BF db ? ; CODE XREF: .text:loc_10017F3�p
dd 54h dup(?)
dword_1003910 dd 4Bh dup(?) db 2 dup(?)
word_1003A3E dw ? ; CODE XREF: sub_100230A+8�p
dd ?
dword_1003A44 dd ? ; sub_1002219+DA�p
db 2 dup(?)
word_1003A4A dw ? ; CODE XREF: sub_1001FA6+1F�p
; sub_1001FA6+43�p
dd 26Dh dup(?)
_text ends
; Section 2. (virtual address 00005000)
; Virtual size : 000012DC ( 4828.)
; Section size in file : 00000E00 ( 3584.)
; Offset to raw data for section: 00003A00
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 1005000h
dd 4 dup(?)
dword_1005010 dd 326h dup(?) dword_1005CA8 dd 2 dup(?) dword_1005CB0 dd 4 dup(?) dword_1005CC0 dd ? dd 43h dup(?)
dword_1005DD0 dd ? ; sub_1001E73:loc_1001F36�r ...
dword_1005DD4 dd ? dword_1005DD8 dd ? ; .text:loc_100182E�r ...
dword_1005DDC dd ? ; .text:010016F0�r ...
dword_1005DE0 dd ? ; sub_1001E73:loc_1001F0C�r ...
dd 2 dup(?)
dword_1005DEC dd ? ; sub_1001A1F+52�r
dword_1005DF0 dd ? ; sub_1001A1F+5E�w
dword_1005DF4 dd ? dword_1005DF8 dd ? ; sub_10018DB+EF�r
dword_1005DFC dd ? dword_1005E00 dd 2 dup(?) ; sub_1002219+D5�o
dword_1005E08 dd 86h dup(?) dword_1006020 dd 6 dup(?) ; sub_1002219+B�o ...
dword_1006038 dd ? ; sub_10018DB+34�w ...
dword_100603C dd ? dword_1006040 dd ? ; sub_1001DEB:loc_1001E35�r
dword_1006044 dd ? ; .text:01001740�r ...
dword_1006048 dd 6 dup(?) dword_1006060 dd 6 dup(?) ; sub_1001A1F+2�o
dword_1006078 dd ? ; sub_10019F0+F�w ...
dword_100607C dd ? dword_1006080 dd 6 dup(?) ; .text:01002880�o ...
dword_1006098 dd ? ; sub_10018DB+25�w ...
dword_100609C dd ? dword_10060A0 dd ? ; sub_10018DB+A2�r ...
dd 7 dup(?)
dword_10060C0 dd 10h dup(?) ; .text:loc_1001857�o
dword_1006100 dd 4 dup(?) ; sub_1002219:loc_10022E9�o
dword_1006110 dd ? align 10h
dword_1006120 dd ? ; .text:010016C8�o ...
dword_1006124 dd ? ; .text:01001736�w ...
dword_1006128 dd ? ; .text:01001746�w
dword_100612C dd ? ; sub_1001E73+5A�w ...
dword_1006130 dd ? ; sub_1001E73+60�w ...
dword_1006134 dd ? ; .text:01001750�w ...
dword_1006138 dd ? ; .text:01001756�w ...
align 10h
dword_1006140 dd 0B0h dup(?) _data ends
; Section 3. (virtual address 00007000)
; Virtual size : 00007400 ( 29696.)
; Section size in file : 00002200 ( 8704.)
; Offset to raw data for section: 00004800
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
_rsrc segment para public 'CODE' use32
assume cs:_rsrc
;org 1007000h
assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
dd 100h dup(?)
assume ds:_data
public start
start dd 1C00h dup(?)
_rsrc ends
end start