Crack Me 3

Disassembly of File: C:\Users\hervet\Desktop\Crackme3\Crackme3.
exe
Code Offset = 00000400, Code Size = 00040C00
Data Offset = 00041000, Data Size = 00000E00
Number of Objects = 0008 (dec), Imagebase = 00400000h
Object01: CODE
RVA: 00001000 Offset: 00000400 Size: 00040C00 Flags: 60000
020
Object02: DATA
RVA: 00042000 Offset: 00041000 Size: 00000E00 Flags: C0000
040
Object03: BSS
RVA: 00043000 Offset: 00041E00 Size: 00000000 Flags: C0000
000
Object04: .idata
040
Object05: .tls
000
Object06: .rdata
RVA: 00047000 Offset: 00043E00 Size: 00000200 Flags: 50000
040
Object07: .reloc
RVA: 00048000 Offset: 00044000 Size: 00004A00 Flags: 50000
040
Object08: .rsrc
RVA: 0004D000 Offset: 00048A00 Size: 00003200 Flags: 50000
040
+++++++++++++++++++ MENU INFORMATION ++++++++++++++++++
There Are No Menu Resources in This Application
+++++++++++++++++ DIALOG INFORMATION ++++++++++++++++++
There Are No Dialog Resources in This Application
+++++++++++++++++++ IMPORTED FUNCTIONS ++++++++++++++++++
Number of Imported Modules = 11 (decimal)
Import
Import
Import
Import
Import
Import
Import
Import
Import
Import
Import
Module
Module
Module
Module
Module
Module
Module
Module
Module
Module
Module
001:
002:
003:
004:
005:
006:
007:
008:
009:
010:
011:
kernel32.dll
user32.dll
advapi32.dll
oleaut32.dll
kernel32.dll
advapi32.dll
kernel32.dll
gdi32.dll
user32.dll
ole32.dll
comctl32.dll
+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++

Import Module 001: kernel32.dll
Addr:0004469E
Addr:000446B4
Addr:000446CC
Addr:000446E4
Addr:000446FC
Addr:00044718
Addr:00044726
Addr:00044736
Addr:00044742
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
Addr:00044750
Addr:00044768
Addr:00044780
Addr:00044790
Addr:000447A6
Addr:000447BC
Addr:000447C8
Addr:000447D4
Addr:000447E6
Addr:000447F8
Addr:0004480A
Addr:00044820
Addr:00044832
Addr:00044842
Addr:00044854
Addr:00044862
Addr:00044870
Addr:0004487C
Addr:0004488E
Addr:0004489E
Addr:000448AA
Addr:000448B6
Addr:000448C8
Addr:000448D8
Addr:000448E6
Addr:000448F4
Addr:00044902
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpyA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
Import Module 002: user32.dll

Addr:0004491C hint(0000) Name: GetKeyboardType
Addr:0004492E hint(0000) Name: LoadStringA
Addr:0004493C hint(0000) Name: MessageBoxA
Import Module 003: advapi32.dll
Addr:00044958 hint(0000) Name: RegQueryValueExA
Addr:0004496C hint(0000) Name: RegOpenKeyExA
Addr:0004497C hint(0000) Name: RegCloseKey
Import Module 004: oleaut32.dll
Addr:00044998
Addr:000449AE
Addr:000449C0
Addr:000449D0
Addr:000449E0
Addr:000449F0
Addr:00044A06
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
VariantChangeTypeEx
VariantCopyInd
VariantClear
SysStringLen
SysFreeString
SysReAllocStringLen
SysAllocStringLen

Addr:00044A28
Addr:00044A36
Addr:00044A44
Addr:00044A52
Addr:00044A66
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
Import Module 006: advapi32.dll
Addr:00044A8A hint(0000) Name: RegQueryValueExA

Addr:00044A9E hint(0000) Name: RegOpenKeyExA
Addr:00044AAE hint(0000) Name: RegCloseKey
Addr:00044ACA
Addr:00044AD6
Addr:00044AE2
Addr:00044AF8
Addr:00044B08
Addr:00044B18
Addr:00044B20
Addr:00044B32
Addr:00044B44
Addr:00044B56
Addr:00044B62
Addr:00044B72
Addr:00044B82
Addr:00044B8E
Addr:00044B98
Addr:00044BA8
Addr:00044BB8
Addr:00044BC8
Addr:00044BE0
Addr:00044BFC
Addr:00044C0C
Addr:00044C1C
Addr:00044C2C
Addr:00044C3A
Addr:00044C48
Addr:00044C5C
Addr:00044C6A
Addr:00044C7C
Addr:00044C8C
Addr:00044C9A
Addr:00044CAA
Addr:00044CBC
Addr:00044CCC
Addr:00044CDE
Addr:00044CF2
Addr:00044D08
Addr:00044D1A
Addr:00044D2A
Addr:00044D3E
Addr:00044D54
Addr:00044D6A
Addr:00044D76
Addr:00044D86
Addr:00044D94
Addr:00044DA6
Addr:00044DB6
Addr:00044DCA
Addr:00044DE2
Addr:00044DFA
Addr:00044E0A
Addr:00044E18
Addr:00044E28
Addr:00044E3A
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
Sleep
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ReadFile
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetDiskFreeSpaceA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
FreeResource
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Import Module 008: gdi32.dll

Addr:00044E52
Addr:00044E64
Addr:00044E72
Addr:00044E84
Addr:00044E9A
Addr:00044EAE
Addr:00044EBE
Addr:00044ED2
Addr:00044EDC
Addr:00044EE8
Addr:00044EFE
Addr:00044F12
Addr:00044F22
Addr:00044F2E
Addr:00044F3C
Addr:00044F4C
Addr:00044F5C
Addr:00044F66
Addr:00044F72
Addr:00044F7E
Addr:00044F8C
Addr:00044F9E
Addr:00044FB0
Addr:00044FBA
Addr:00044FC6
Addr:00044FD0
Addr:00044FDA
Addr:00044FEE
Addr:00045000
Addr:00045016
Addr:00045028
Addr:0004503E
Addr:00045058
Addr:0004506A
Addr:00045076
Addr:0004508A
Addr:00045098
Addr:000450B8
Addr:000450D0
Addr:000450E6
Addr:000450F6
Addr:00045102
Addr:00045116
Addr:00045124
Addr:0004513C
Addr:0004514A
Addr:0004515A
Addr:0004516A
Addr:0004517C
Addr:0004518A
Addr:000451A0
Addr:000451B0
Addr:000451C4
Addr:000451D0
Addr:000451E4
Addr:000451F4
Addr:00045208
Addr:00045218
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
EnumFontsA
EnumFontFamiliesExA
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
Addr:00045230
Addr:00045246
Addr:00045258
Addr:0004526C
Addr:00045282
Addr:0004529C
Addr:000452B2
Addr:000452C2
Addr:000452D6
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt
Import Module 009: user32.dll

Addr:000452EC
Addr:000452FE
Addr:0004530A
Addr:00045318
Addr:00045328
Addr:0004533C
Addr:00045352
Addr:00045366
Addr:0004537E
Addr:00045390
Addr:000453A8
Addr:000453B6
Addr:000453C6
Addr:000453D8
Addr:000453E6
Addr:000453F6
Addr:0004540A
Addr:0004541C
Addr:0004542C
Addr:00045442
Addr:00045454
Addr:00045460
Addr:00045472
Addr:00045482
Addr:00045492
Addr:0004549C
Addr:000454A8
Addr:000454BC
Addr:000454C6
Addr:000454DC
Addr:000454E8
Addr:000454F4
Addr:00045502
Addr:00045514
Addr:00045524
Addr:00045534
Addr:00045546
Addr:00045554
Addr:00045562
Addr:0004556E
Addr:00045580
Addr:0004559A
Addr:000455B6
Addr:000455C8
Addr:000455D4
Addr:000455E6
Addr:000455F6
Addr:00045606
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
WindowFromPoint
WinHelpA
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCursor
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetCapture
SetActiveWindow
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
PtInRect
PostQuitMessage
PostMessageA
PeekMessageA
OffsetRect
Addr:00045614
Addr:00045622
Addr:00045630
Addr:00045642
Addr:00045654
Addr:00045662
Addr:0004566E
Addr:0004567C
Addr:0004568A
Addr:00045696
Addr:000456A2
Addr:000456B4
Addr:000456C6
Addr:000456D2
Addr:000456DE
Addr:000456F2
Addr:000456FC
Addr:0004570E
Addr:0004571E
Addr:00045730
Addr:0004573E
Addr:0004574C
Addr:00045768
Addr:0004577A
Addr:0004578A
Addr:0004579A
Addr:000457B0
Addr:000457C2
Addr:000457D0
Addr:000457E0
Addr:000457F4
Addr:00045804
Addr:00045812
Addr:00045820
Addr:00045832
Addr:00045842
Addr:00045852
Addr:0004585E
Addr:0004586A
Addr:00045876
Addr:00045888
Addr:00045898
Addr:000458AC
Addr:000458BC
Addr:000458D0
Addr:000458DA
Addr:000458F0
Addr:00045904
Addr:0004591C
Addr:00045930
Addr:0004593E
Addr:00045950
Addr:0004595E
Addr:00045974
Addr:00045980
Addr:00045994
Addr:0004599E
Addr:000459A6
Addr:000459B6
Addr:000459C2
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
Addr:000459D6
Addr:000459E6
Addr:000459F6
Addr:00045A04
Addr:00045A16
Addr:00045A22
Addr:00045A30
Addr:00045A3C
Addr:00045A48
Addr:00045A56
Addr:00045A6A
Addr:00045A76
Addr:00045A86
Addr:00045A98
Addr:00045AAA
Addr:00045AB6
Addr:00045AC4
Addr:00045AD0
Addr:00045AE4
Addr:00045AF0
Addr:00045B04
Addr:00045B14
Addr:00045B22
Addr:00045B30
Addr:00045B40
Addr:00045B4E
Addr:00045B60
Addr:00045B74
Addr:00045B84
Addr:00045B96
Addr:00045BA8
Addr:00045BB6
Addr:00045BC4
Addr:00045BD6
Addr:00045BE6
Addr:00045BF8
Addr:00045C0A
Addr:00045C18
Addr:00045C2A
Addr:00045C38
Addr:00045C4E
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
GetClientRect
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharLowerBuffA
CharLowerA
AdjustWindowRectEx
ActivateKeyboardLayout
Import Module 010: ole32.dll

Addr:00045C72 hint(0000) Name: IsEqualGUID
Import Module 011: comctl32.dll
Addr:00045C8E
Addr:00045CA8
Addr:00045CC0
Addr:00045CD8
Addr:00045CEA
Addr:00045D04
Addr:00045D20
Addr:00045D40
Addr:00045D56
Addr:00045D6C
Addr:00045D82
Addr:00045D96
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
Addr:00045DAC
Addr:00045DC0
Addr:00045DD4
Addr:00045DE6
Addr:00045DFE
Addr:00045E16
Addr:00045E2E
Addr:00045E3E
Addr:00045E58
Addr:00045E6C
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
hint(0000)
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
Name:
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
+++++++++++++++++++ EXPORTED FUNCTIONS ++++++++++++++++++

Number of Exported Functions = 0000 (decimal)
+++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++

//********************** Start of Code in Object CODE **************
Program Entry Point = 004419C4 (C:\Users\hervet\Desktop\Crackme3\Crackme3.exe Fi
le Offset:000829C4)
:00401000
:00401002
:00401003
:00401005
:00401006
:00401007
:00401008
:00401009
:0040100A
0410
40
0003
07
42
6F
6F
6C
65
add al, 10
inc eax
add byte ptr [ebx], al
pop es
inc edx
outsd
outsd
insb
BYTE 065h
:0040100B
:0040100C
:0040100D
:0040100F
61
6E
0100
000000
popad
outsb
add dword ptr [eax], eax
BYTE 3 DUP(0)
:00401012 0100
:00401014 000000

BYTE 3 DUP(0)
:00401017 104000
:0040101A 0546616C73
:0040101F 65
adc byte ptr [eax+00], al

add eax, 736C6146
BYTE 065h
:00401020 0454
:00401022 7275
add al, 54
jb 00401099
:00401024 658D4000
:00401028 2C104000
DWORD 00408D65
DWORD 0040102C
:0040102C 020443
:0040102F 6861720100
:00401034 000000
add al, byte ptr [ebx+2*eax]

push 00017261
BYTE 3 DUP(0)
:00401037
:00401039
:0040103B
:0040103C
:0040103D
:00401040
:00401042
:00401043
:00401044
:00401046
:00401047
FF00
0000
90
40
104000
0107
49
6E
7465
67
65
inc dword ptr [eax]

add byte ptr [eax], al
nop
inc eax
add dword ptr [edi], eax
dec ecx
outsb
je 004010AB
BYTE 067h
BYTE 065h
:00401048 7204
:0040104A 000000
jb 0040104E
BYTE 3 DUP(0)
:0040104D
:00401050
:00401051
:00401053
:00401057
:00401059
:0040105B
:0040105D
:00401060
80FFFF
FF
7F8B
C0581040
0001
0442
7974
650100
000000
cmp bh, FF
BYTE 0ffh
jg 00400FDE
rcr byte ptr [eax+10], 40
add byte ptr [ecx], al
add al, 42
jns 004010D1
add dword ptr gs:[eax], eax
BYTE 3 DUP(0)
:00401063
:00401065
:00401067
:00401068
:00401069
:0040106C
:0040106F
:00401070
:00401072
:00401074
FF00
0000
90
6C
104000
010457
6F
7264
0300
000000
inc dword ptr [eax]

nop
insb
add dword ptr [edi+2*edx], eax
outsd
jb 004010D6
add eax, dword ptr [eax]
BYTE 3 DUP(0)
:00401077 FFFF
BYTE 2 DUP(0ffh)
:00401079
:0040107B
:0040107C
:0040107F
:00401081
:00401082
:00401083
:00401085
:0040108C
:00401096
:004010A0
add byte ptr [eax],

nop
adc byte ptr [eax],
add byte ptr [edx],
push es
push ebx
je 004010F7
imul ebp, dword ptr
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
0000
90
801040
000A
06
53
7472
696E67D4104000
00000000000000000000
00000000000000000000
0000000000000000
:004010A8 D410
:004010AA 40
aam (base16)
inc eax
al
40
cl
[esi+67], 004010D4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:00401044(C)
|
:004010AB 000400
add byte ptr [eax+eax], al
:004010AE 000000000000
BYTE 6 DUP(0)
:004010B4
:004010B8
:004010BC
:004010C0
:004010C4
:004010C8
:004010CC
:004010D0
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:004010D4 07
:004010D5 54
pop es
push esp
* Referenced by a (U)nconditional
|:00401070(C)
|
:004010D6 4F
:004010D7 626A65
:004010DA 6374E010
:004010DE 40
:004010DF 0007
:004010E1 07
:004010E2 54
:004010E3 4F
:004010E4 626A65
:004010E7 6374D410
:004010EB 40
:004010EC 00000000000000
or (C)onditional Jump at Address:
:004010F3 06
:004010F4 53
:004010F5 7973
push es
push ebx
jns 0040116A
dec edi
bound ebp, dword ptr [edx+65]
arpl dword ptr [eax+10], esi
inc eax
add byte ptr [edi], al
pop es
push esp
dec edi
arpl dword ptr [esp+8*edx+10], esi
inc eax
BYTE 7 DUP(0)

|:00401083(C)
|
:004010F7 7465
je 0040115E
:004010F9 6D
insd
:004010FA 000000
BYTE 3 DUP(0)
:004010FD
:00401100
:00401102
:00401103
:00401104
:00401105
:00401109
:0040110A
114000
0F08
49
55
6E
6B6E6F77
6E
00000000
adc dword ptr [eax+00], eax

invd
dec ecx
push ebp
outsb
imul ebp, dword ptr [esi+6F], 00000077
outsb
BYTE 4 DUP(0)
:0040110E 0100
:00401110 00000000000000

BYTE 7 DUP(0)
:00401117 C00000
:0040111A 00000000
rol byte ptr [eax], 00

BYTE 4 DUP(0)
:0040111E
:0040111F
:00401120
:00401121
:00401123
:00401125
:00401126
:00401128
:00401129
:0040112E
:00401133
:00401138
:0040113D
:00401142
:00401147
:00401148
:00401149
inc esi
push es
push ebx
jns 00401196
je 0040118A
insd
int 03
add dword ptr [esp+04], FFFFFFF8
jmp 00404ECC
jmp 00404EF4
jmp 00404F08
int 03
int 03
int 03
46
06
53
7973
7465
6D
0000
CC
83442404F8
E9993D0000
83442404F8
E9B73D0000
83442404F8
E9C13D0000
CC
CC
CC
:0040114A 29114000
:0040114E 33114000
:00401152 3D114000
DWORD 00401129
DWORD 00401133
DWORD 0040113D
:00401156
:00401158
:00401162
:00401165

BYTE 10 DUP(0)
BYTE 4 DUP(0)
0100
00000000000000000000
C00000
00000000
:00401169 46
inc esi
|:004010F5(C)
|
:0040116A 4A
:0040116B 114000
:0040116E 0800
:00401170 000000000000
:00401176 8BC0
mov eax, eax
:00401178 C4114000
:0040117C 56114000
DWORD 004011C4
DWORD 00401156
:00401180 00000000000000000000
BYTE 10 DUP(0)
dec edx
adc dword ptr [eax+00], eax
or byte ptr [eax], al
BYTE 6 DUP(0)

|:00401123(C)
|
:0040118A 00000000000000000000
BYTE 10 DUP(0)
:00401194 00000000
BYTE 4 DUP(0)
:00401198
:0040119A
:0040119B
:0040119E
C411
40
000C00
0000
les
inc
add
add
:004011A0
:004011A4
:004011A8
:004011AC
:004011B0
:004011B4
:004011B8
:004011BC
:004011C0
88104000
282E4000
342E4000
BC4E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:004011C4
:004011C8
:004011CA
:004011CC
:004011CD
:004011D0
:004011D1
:004011D4
1154496E
7465
7266
61
636564
4F
626A65
63748BC0
adc dword ptr [ecx+2*ecx+6E], edx

je 0040122F
jb 00401232
popad
arpl dword ptr [ebp+64], esp
dec edi
arpl dword ptr [ebx+4*ecx-40], esi
edx, dword ptr [ecx]

eax
byte ptr [eax+eax], cl
byte ptr [eax], al
00401088
00402E28
00402E34
00404EBC
00402E3C
00402E30
00402BB4
00402BC8
00402C10
* Referenced by a CALL at Addresses:

|:00404F9D , :00405119
|
* Reference To: kernel32.CloseHandle, Ord:0000h
|
:004011D8 FF257C414400
Jmp dword ptr [0044417C]
:004011DE 8BC0
mov eax, eax
* Referenced by a CALL at Address:
|:00405033
|
* Reference To: kernel32.CreateFileA, Ord:0000h
|
:004011E0 FF2578414400
Jmp dword ptr [00444178]
:004011E6 8BC0
mov eax, eax
|:004050FE
|
* Reference To: kernel32.GetFileType, Ord:0000h
|
:004011E8 FF2574414400
:004011EE 8BC0
mov eax, eax
|:00405057
|
* Reference To: kernel32.GetFileSize, Ord:0000h
|
mov eax, eax
:004011F0 FF2570414400
:004011F6 8BC0
|:004050E7
|
* Reference To: kernel32.GetStdHandle, Ord:0000h

|
:004011F8 FF256C414400
:004011FE 8BC0
mov eax, eax
|:00402F88 , :00402FA6 , :00402FBA
|:00403065
|
, :00403028
, :00403048

|:004032C3(U)
|
* Reference To: kernel32.RaiseException, Ord:0000h
|
:00401200 FF2568414400
:00401206 8BC0
mov eax, eax
|:00404F4D , :00405094
|
* Reference To: kernel32.ReadFile, Ord:0000h
|
:00401208 FF2564414400
:0040120E 8BC0
mov eax, eax
|:004030E9 , :0040321E , :00403434
|
* Reference To: kernel32.RtlUnwind, Ord:0000h
|
:00401210 FF2560414400
:00401216 8BC0
mov eax, eax
|:004050C7
|
* Reference To: kernel32.SetEndOfFile, Ord:0000h
|
:00401218 FF255C414400
:0040121E 8BC0
mov eax, eax
|:00405073 , :004050BD
|
* Reference To: kernel32.SetFilePointer, Ord:0000h
|
:00401220 FF2558414400
:00401226 8BC0

mov eax, eax

|:00404F80
|
* Reference To: kernel32.WriteFile, Ord:0000h
|
:00401228 FF2554414400
:0040122E 8BC0
mov eax, eax
|:0040375C
|
* Reference To: kernel32.ExitProcess, Ord:0000h
|
:00401230 FF2550414400
:00401236 8BC0
mov eax, eax
|:004036F2
|
* Reference To: user32.MessageBoxA, Ord:0000h
|
:00401238 FF258C414400
:0040123E 8BC0
mov eax, eax
|:00403736
|
* Reference To: kernel32.FreeLibrary, Ord:0000h
|
:00401240 FF254C414400
:00401246 8BC0
mov eax, eax
|:00405A60
|
* Reference To: kernel32.GetCommandLineA, Ord:0000h
|
:00401248 FF2548414400
:0040124E 8BC0
mov eax, eax
|:00404F59 , :00404F8D , :00404FA6
|
, :00405133
* Reference To: kernel32.GetLastError, Ord:0000h

|
:00401250 FF2544414400
:00401256 8BC0
mov eax, eax
|:00404BBC
|
* Reference To: kernel32.GetLocaleInfoA, Ord:0000h

|
:00401258 FF2540414400
:0040125E 8BC0
mov eax, eax
|:00404AEC
|
* Reference To: kernel32.GetModuleFileNameA, Ord:0000h
|
:00401260 FF253C414400
:00401266 8BC0
mov eax, eax
|:0040131A
|
* Reference To: kernel32.GetStartupInfoA, Ord:0000h
|
:00401268 FF2538414400
:0040126E 8BC0
mov eax, eax
|:00404BB6
|
* Reference To: kernel32.GetThreadLocale, Ord:0000h
|
:00401270 FF2534414400
:00401276 8BC0
mov eax, eax
|:00404C2E , :00404C54 , :00404C78
|
* Reference To: kernel32.LoadLibraryExA, Ord:0000h
|
:00401278 FF2530414400
:0040127E 8BC0
mov eax, eax
|:00404E55
|
* Reference To: user32.LoadStringA, Ord:0000h
|
:00401280 FF2588414400
:00401286 8BC0
mov eax, eax
|:00404BA9 , :00404C1E , :00404C44
|
, :00404C68
* Reference To: kernel32.lstrcpyA, Ord:0000h

|
:00401288 FF252C414400
:0040128E 8BC0
mov eax, eax

|:00404BE7
|
* Reference To: kernel32.lstrlenA, Ord:0000h
|
:00401290 FF2528414400
:00401296 8BC0
mov eax, eax
|:00403E19 , :00403E3B , :00403E57
|:0040443D
|
, :00404406
, :00404424
* Reference To: kernel32.MultiByteToWideChar, Ord:0000h

|
:00401298 FF2524414400
:0040129E 8BC0
mov eax, eax
|:00402B03 , :00404B91
|
* Reference To: advapi32.RegCloseKey, Ord:0000h
|
:004012A0 FF259C414400
:004012A6 8BC0
mov eax, eax
|:00402ABA , :00404B0A , :00404B28
|
* Reference To: advapi32.RegOpenKeyExA, Ord:0000h
|
:004012A8 FF2598414400
:004012AE 8BC0
mov eax, eax
|:00402AED , :00404B5D , :00404B7B
|
* Reference To: advapi32.RegQueryValueExA, Ord:0000h
|
:004012B0 FF2594414400
:004012B6 8BC0
mov eax, eax
|:00403905 , :0040392B , :0040394B
|:00404395
|
, :00404355
, :00404375
* Reference To: kernel32.WideCharToMultiByte, Ord:0000h

|
:004012B8 FF2520414400
:004012BE 8BC0
mov eax, eax
|:00404A87
|
* Reference To: kernel32.VirtualQuery, Ord:0000h

|
:004012C0 FF251C414400
:004012C6 8BC0
mov eax, eax
|:00403E73 , :00403EAF , :00404411
|
, :0040442E
, :0040480D
* Reference To: oleaut32.SysAllocStringLen, Ord:0000h

|
:004012C8 FF25BC414400
Jmp dword ptr [004441BC]
:004012CE 8BC0
mov eax, eax
|:00403DD6
|
* Reference To: oleaut32.SysReAllocStringLen, Ord:0000h
|
:004012D0 FF25B8414400
Jmp dword ptr [004441B8]
:004012D6 8BC0
mov eax, eax
|:00403D7D , :00403D92 , :00403DAF
|
, :00403E85
* Reference To: oleaut32.SysFreeString, Ord:0000h

|
:004012D8 FF25B4414400
:004012DE 8BC0
mov eax, eax
|:004043B7
|
* Reference To: oleaut32.SysStringLen, Ord:0000h
|
:004012E0 FF25B0414400
:004012E6 8BC0
mov eax, eax
|:0040449C , :004044C3
|
* Reference To: oleaut32.VariantClear, Ord:0000h
|
:004012E8 FF25AC414400
Jmp dword ptr [004441AC]
:004012EE 8BC0
mov eax, eax
|:0040452E
|
* Reference To: oleaut32.VariantCopyInd, Ord:0000h
|
:004012F0 FF25A8414400
Jmp dword ptr [004441A8]
:004012F6 8BC0
mov eax, eax
|:004045DA
|
, :00404619
* Reference To: oleaut32.VariantChangeTypeEx, Ord:0000h

|
:004012F8 FF25A4414400
:004012FE 8BC0
mov eax, eax
|:00404EFE
|
* Reference To: kernel32.InterlockedIncrement, Ord:0000h
|
:00401300 FF2518414400
:00401306 8BC0
mov eax, eax
|:00404F14
|
* Reference To: kernel32.InterlockedDecrement, Ord:0000h
|
:00401308 FF2514414400
:0040130E 8BC0
mov eax, eax
|:00405A6A
|
:00401310 53
push ebx
:00401311 83C4BC
add esp, FFFFFFBC
:00401314 BB0A000000
mov ebx, 0000000A
:00401319 54
push esp
* Reference To: kernel32.GetStartupInfoA, Ord:0000h
|
:0040131A E849FFFFFF
Call 00401268
:0040131F F644242C01
test [esp+2C], 01
:00401324 7405
je 0040132B
:00401326 0FB75C2430
movzx ebx, word ptr [esp+30]
|:00401324(C)
|
:0040132B 8BC3
mov eax, ebx
:0040132D 83C444
add esp, 00000044
:00401330 5B
pop ebx
:00401331 C3
ret
:00401332 8BC0
mov eax, eax

|:00401387 , :00401A53
|
* Reference To: kernel32.LocalAlloc, Ord:0000h
|
:00401334 FF2510414400
:0040133A 8BC0
mov eax, eax

|:00401B03 , :00401B61
|
* Reference To: kernel32.LocalFree, Ord:0000h
|
:0040133C FF250C414400
:00401342 8BC0
mov eax, eax
|:00401547 , :0040159A , :004015BF
|
, :00401719
* Reference To: kernel32.VirtualAlloc, Ord:0000h

|
:00401344 FF2508414400
:0040134A 8BC0
mov eax, eax
|:0040156E , :004015E5 , :00401658
|
, :0040179A
, :00401B22
* Reference To: kernel32.VirtualFree, Ord:0000h

|
:0040134C FF2504414400
:00401352 8BC0
mov eax, eax
|:00401A16
|
* Reference To: kernel32.InitializeCriticalSection, Ord:0000h
|
:00401354 FF2500414400
:0040135A 8BC0
mov eax, eax
|:00401A29 , :00401AF1 , :00402117
|
, :004022B0
, :00402613
* Reference To: kernel32.EnterCriticalSection, Ord:0000h

|
:0040135C FF25FC404400
Jmp dword ptr [004440FC]
:00401362 8BC0
mov eax, eax
|:00401AB0 , :00401B8A , :00402242
|
, :004023E8
, :0040267B
* Reference To: kernel32.LeaveCriticalSection, Ord:0000h

|
:00401364 FF25F8404400
Jmp dword ptr [004440F8]
:0040136A 8BC0
mov eax, eax
|:00401B94
|
* Reference To: kernel32.DeleteCriticalSection, Ord:0000h
:0040136C FF25F4404400
:00401372 8BC0
|
mov eax, eax

|:004013D2
|
:00401374 53
push ebx
:00401375 56
push esi
:00401376 BE50344400
mov esi, 00443450
:0040137B 833E00
cmp dword ptr [esi], 00000000
:0040137E 753A
jne 004013BA
:00401380 6844060000
push 00000644
:00401385 6A00
push 00000000
|
:00401387 E8A8FFFFFF
Call 00401334
:0040138C 8BC8
mov ecx, eax
:0040138E 85C9
test ecx, ecx
:00401390 7505
jne 00401397
:00401392 33C0
xor eax, eax
:00401394 5E
pop esi
:00401395 5B
pop ebx
:00401396 C3
ret
|:00401390(C)
|
:00401397 A14C344400
:0040139C 8901
:0040139E 890D4C344400
:004013A4 33D2
|:004013B8(C)
|
:004013A6 8BC2
:004013A8 03C0
:004013AA 8D44C104
:004013AE 8B1E
:004013B0 8918
:004013B2 8906
:004013B4 42
:004013B5 83FA64
:004013B8 75EC
mov
mov
mov
xor
mov
add
lea
mov
mov
mov
inc
cmp
jne
eax, dword ptr [0044344C]

dword ptr [ecx], eax
dword ptr [0044344C], ecx
edx, edx
eax, edx
eax, eax
eax, dword ptr [ecx+8*eax+04]
ebx, dword ptr [esi]
dword ptr [eax], ebx
dword ptr [esi], eax
edx
edx, 00000064
004013A6

|:0040137E(C)
|
:004013BA 8B06
mov eax, dword ptr [esi]
:004013BC 8B10
mov edx, dword ptr [eax]
:004013BE 8916
mov dword ptr [esi], edx
:004013C0 5E
pop esi
:004013C1 5B
pop ebx
:004013C2 C3
ret
:004013C3 90
nop

|:00401A33 , :00401A3D , :00401A47 , :00401B36 , :00401B40
|:00401B4A
|
:004013C4 8900
mov dword ptr [eax], eax
:004013C6 894004
mov dword ptr [eax+04], eax
:004013C9 C3
ret
:004013CA 8BC0
mov eax, eax

|:00401472 , :004014F7 , :0040155B , :004015D2
|
:004013CC 53
push ebx
:004013CD 56
push esi
:004013CE 8BF2
mov esi, edx
:004013D0 8BD8
mov ebx, eax
:004013D2 E89DFFFFFF
call 00401374
:004013D7 85C0
test eax, eax
:004013D9 7505
jne 004013E0
:004013DB 33C0
xor eax, eax
:004013DD 5E
pop esi
:004013DE 5B
pop ebx
:004013DF C3
ret

|:004013D9(C)
|
:004013E0 8B16
mov edx, dword ptr [esi]
:004013E2 895008
mov dword ptr [eax+08], edx
:004013E5 8B5604
mov edx, dword ptr [esi+04]
:004013E8 89500C
mov dword ptr [eax+0C], edx
:004013EB 8B13
mov edx, dword ptr [ebx]
:004013ED 8910
mov dword ptr [eax], edx
:004013EF 895804
mov dword ptr [eax+04], ebx
:004013F2 894204
mov dword ptr [edx+04], eax
:004013F5 8903
mov dword ptr [ebx], eax
:004013F7 B001
mov al, 01
:004013F9 5E
pop esi
:004013FA 5B
pop ebx
:004013FB C3
ret

|:00401440 , :0040145D , :004014C2 , :0040166D , :0040180B
|:0040195D
|
:004013FC 8B5004
mov edx, dword ptr [eax+04]
:004013FF 8B08
mov ecx, dword ptr [eax]
:00401401 890A
mov dword ptr [edx], ecx
:00401403 895104
mov dword ptr [ecx+04], edx
:00401406 8B1550344400
mov edx, dword ptr [00443450]
:0040140C 8910
:0040140E A350344400
mov dword ptr [00443450], eax
:00401413 C3
ret

|:0040182C , :004018B2 , :004018F9 , :004019B2 , :00401EE7
|
:00401414 53
push ebx
:00401415 56
push esi
:00401416 57
push edi
:00401417 55
push ebp
:00401418 51
push ecx
:00401419 8BF1
mov esi, ecx
:0040141B 891424
mov dword ptr [esp], edx
:0040141E 8BE8
mov ebp, eax
:00401420 8B5D00
mov ebx, dword ptr [ebp+00]
:00401423 8B0424
mov eax, dword ptr [esp]
:00401426 8B10
:00401428 8916
:0040142A 8B5004
:0040142D 895604
mov dword ptr [esi+04], edx
|:0040146C(C)
|
:00401430 8B3B
:00401432 8B4308
:00401435 8BD0
:00401437 03530C
:0040143A 3B16
:0040143C 7514
:0040143E 8BC3
:00401440 E8B7FFFFFF
:00401445 8B4308
:00401448 8906
:0040144A 8B430C
:0040144D 014604
:00401450 EB16
|:0040143C(C)
|
:00401452 8B16
:00401454 035604
:00401457 3BC2
:00401459 750D
:0040145B 8BC3
:0040145D E89AFFFFFF
:00401462 8B430C
:00401465 014604
|:00401450(U), :00401459(C)
|
:00401468 8BDF
:0040146A 3BEB
:0040146C 75C2
:0040146E 8BD6
:00401470 8BC5
:00401472 E855FFFFFF
or (C)onditional Jump at Addresses:
mov edi, dword ptr [ebx]

mov eax, dword ptr [ebx+08]
mov edx, eax
add edx, dword ptr [ebx+0C]
cmp edx, dword ptr [esi]
jne 00401452
mov eax, ebx
call 004013FC
mov dword ptr [esi], eax
mov eax, dword ptr [ebx+0C]
add dword ptr [esi+04], eax
jmp 00401468

add edx, dword ptr [esi+04]
cmp eax, edx
jne 00401468
mov eax, ebx
call 004013FC
mov ebx, edi

cmp ebp, ebx
jne 00401430
mov edx, esi
mov eax, ebp
call 004013CC
:00401477
:00401479
:0040147B
:0040147D
84C0
7504
33C0
8906
test al, al
jne 0040147F
xor eax, eax

|:00401479(C)
|
:0040147F 5A
pop edx
:00401480 5D
pop ebp
:00401481 5F
pop edi
:00401482 5E
pop esi
:00401483 5B
pop ebx
:00401484 C3
ret
:00401485 8D4000
lea eax, dword ptr [eax+00]

|:004019EE , :00401DE6
|
:00401488 53
push ebx
:00401489 56
push esi
:0040148A 57
push edi
:0040148B 55
push ebp
:0040148C 83C4F8
add esp, FFFFFFF8
:0040148F 8BD8
mov ebx, eax
:00401491 8BFB
mov edi, ebx
|:0040150C(C)
|
:00401493 8B32
:00401495 8B4308
:00401498 3BF0
:0040149A 726C
:0040149C 8BCE
:0040149E 034A04
:004014A1 8BE8
:004014A3 036B0C
:004014A6 3BCD
:004014A8 775E
:004014AA 3BF0
:004014AC 751B
:004014AE 8B4204
:004014B1 014308
:004014B4 8B4204
:004014B7 29430C
:004014BA 837B0C00
:004014BE 7544
:004014C0 8BC3
:004014C2 E835FFFFFF
:004014C7 EB3B

mov esi, dword ptr [edx]
cmp esi, eax
jb 00401508
mov ecx, esi
add ecx, dword ptr [edx+04]
mov ebp, eax
add ebp, dword ptr [ebx+0C]
cmp ecx, ebp
ja 00401508
cmp esi, eax
jne 004014C9
mov eax, dword ptr [edx+04]
add dword ptr [ebx+08], eax
sub dword ptr [ebx+0C], eax
cmp dword ptr [ebx+0C], 00000000
jne 00401504
mov eax, ebx
call 004013FC
jmp 00401504

|:004014AC(C)
|
:004014C9 8B0A
mov ecx, dword ptr [edx]
:004014CB 8B7204
mov esi, dword ptr [edx+04]
:004014CE 03CE
add ecx, esi
:004014D0
:004014D2
:004014D5
:004014D7
:004014D9
:004014DC
8BF8
037B0C
3BCF
7505
29730C
EB26
|:004014D7(C)
|
:004014DE 8B0A
:004014E0 034A04
:004014E3 890C24
:004014E6 2BF9
:004014E8 897C2404
:004014EC 8B12
:004014EE 2BD0
:004014F0 89530C
:004014F3 8BD4
:004014F5 8BC3
:004014F7 E8D0FEFFFF
:004014FC 84C0
:004014FE 7504
:00401500 33C0
:00401502 EB0C
mov
add
cmp
jne
sub
jmp
edi, eax
edi, dword ptr [ebx+0C]
ecx, edi
004014DE
dword ptr [ebx+0C], esi
00401504

mov dword ptr [esp], ecx
sub edi, ecx
mov dword ptr [esp+04], edi
mov edx, dword ptr [edx]
sub edx, eax
mov dword ptr [ebx+0C], edx
mov edx, esp
mov eax, ebx
call 004013CC
test al, al
jne 00401504
xor eax, eax
jmp 00401510
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:

|:004014BE(C), :004014C7(U), :004014DC(U), :004014FE(C)
|
:00401504 B001
mov al, 01
:00401506 EB08
jmp 00401510
|:0040149A(C), :004014A8(C)
|
:00401508 8B1B
:0040150A 3BFB
:0040150C 7585
:0040150E 33C0
|:00401502(U), :00401506(U)
|
:00401510 59
:00401511 5A
:00401512 5D
:00401513 5F
:00401514 5E
:00401515 5B
:00401516 C3
:00401517 90
nop
mov
cmp
jne
xor
pop
pop
pop
pop
pop
pop
ret
ebx, dword ptr [ebx]

edi, ebx
00401493
eax, eax
ecx
edx
ebp
edi
esi
ebx

|:0040181C
|
:00401518 53
push ebx
:00401519 56
push esi
:0040151A 57
push edi
:0040151B
:0040151D
:0040151F
:00401525
:00401527
:0040152C
8BDA
8BF0
81FE00001000
7D07
BE00001000
EB0C
mov
mov
cmp
jge
mov
jmp
ebx, edx
esi, eax
esi, 00100000
0040152E
esi, 00100000
0040153A

|:00401525(C)
|
:0040152E 81C6FFFF0000
add esi, 0000FFFF
:00401534 81E60000FFFF
and esi, FFFF0000
|:0040152C(U)
|
:0040153A 897304
:0040153D 6A01
:0040153F 6800200000
:00401544 56
:00401545 6A00

mov dword ptr [ebx+04], esi
push 00000001
push 00002000
push esi
push 00000000

|
:00401547 E8F8FDFFFF
Call 00401344
:0040154C 8BF8
mov edi, eax
:0040154E 893B
mov dword ptr [ebx], edi
:00401550 85FF
test edi, edi
:00401552 7423
je 00401577
:00401554 8BD3
mov edx, ebx
:00401556 B854344400
mov eax, 00443454
:0040155B E86CFEFFFF
call 004013CC
:00401560 84C0
test al, al
:00401562 7513
jne 00401577
:00401564 6800800000
push 00008000
:00401569 6A00
push 00000000
:0040156B 8B03
mov eax, dword ptr [ebx]
:0040156D 50
push eax
|
:0040156E E8D9FDFFFF
Call 0040134C
:00401573 33C0
xor eax, eax
:00401575 8903
|:00401552(C), :00401562(C)
|
:00401577 5F
:00401578 5E
:00401579 5B
:0040157A C3
:0040157B 90
nop
pop edi
pop esi
pop ebx
ret

|:0040189C , :004018E3
|
:0040157C 53
push ebx
:0040157D
:0040157E
:0040157F
:00401580
:00401582
:00401584
:00401586
:0040158D
:0040158F
:00401594
:00401599
56
57
55
8BD9
8BF2
8BE8
C7430400001000
6A04
6800200000
6800001000
55
push esi
push edi
push ebp
mov ebx, ecx
mov esi, edx
mov ebp, eax
mov [ebx+04], 00100000
push 00000004
push 00002000
push 00100000
push ebp

|
:0040159A E8A5FDFFFF
Call 00401344
:0040159F 8BF8
mov edi, eax
:004015A1 893B
:004015A3 85FF
test edi, edi
:004015A5 751F
jne 004015C6
:004015A7 81C6FFFF0000
add esi, 0000FFFF
:004015AD 81E60000FFFF
and esi, FFFF0000
:004015B3 897304
:004015B6 6A04
push 00000004
:004015B8 6800200000
push 00002000
:004015BD 56
push esi
:004015BE 55
push ebp
|
:004015BF E880FDFFFF
Call 00401344
:004015C4 8903
|:004015A5(C)
|
:004015C6 833B00
:004015C9 7423
:004015CB 8BD3
:004015CD B854344400
:004015D2 E8F5FDFFFF
:004015D7 84C0
:004015D9 7513
:004015DB 6800800000
:004015E0 6A00
:004015E2 8B03
:004015E4 50

cmp dword ptr [ebx], 00000000
je 004015EE
mov edx, ebx
mov eax, 00443454
call 004013CC
test al, al
jne 004015EE
push 00008000
push 00000000
push eax

|
:004015E5 E862FDFFFF
Call 0040134C
:004015EA 33C0
xor eax, eax
:004015EC 8903
|:004015C9(C), :004015D9(C)
|
:004015EE 5D
:004015EF 5F
:004015F0 5E
:004015F1 5B

pop
pop
pop
pop
ebp
edi
esi
ebx
:004015F2 C3
ret
:004015F3 90
nop

|:0040183E , :004018CA , :00401915 , :004019C9
|
:004015F4 53
push ebx
:004015F5 56
push esi
:004015F6 57
push edi
:004015F7 55
push ebp
:004015F8 83C4EC
add esp, FFFFFFEC
:004015FB 894C2404
mov dword ptr [esp+04], ecx
:004015FF 891424
:00401602 C7442408FFFFFFFF
mov [esp+08], FFFFFFFF
:0040160A 33D2
xor edx, edx
:0040160C 8954240C
mov dword ptr [esp+0C], edx
:00401610 8BE8
mov ebp, eax
:00401612 8B0424
:00401615 03C5
add eax, ebp
:00401617 89442410
mov dword ptr [esp+10], eax
:0040161B 8B1D54344400
mov ebx, dword ptr [00443454]
:00401621 EB51
jmp 00401674
|:0040167A(C)
|
:00401623 8B3B
:00401625 8B7308
:00401628 3BEE
:0040162A 7746
:0040162C 8BC6
:0040162E 03430C
:00401631 3B442410
:00401635 773B
:00401637 3B742408
:0040163B 7304
:0040163D 89742408
|:0040163B(C)
|
:00401641 8BC6
:00401643 03430C
:00401646 3B44240C
:0040164A 7604
:0040164C 8944240C
|:0040164A(C)
|
:00401650 6800800000
:00401655 6A00
:00401657 56

mov esi, dword ptr [ebx+08]
cmp ebp, esi
ja 00401672
mov eax, esi
add eax, dword ptr [ebx+0C]
cmp eax, dword ptr [esp+10]
ja 00401672
cmp esi, dword ptr [esp+08]
jnb 00401641
mov dword ptr [esp+08], esi
mov
add
cmp
jbe
mov
eax, esi
eax, dword ptr [ebx+0C]
eax, dword ptr [esp+0C]
00401650
dword ptr [esp+0C], eax
push 00008000
push 00000000
push esi

|
:00401658 E8EFFCFFFF
Call 0040134C
:0040165D 85C0
test eax, eax
:0040165F 750A
:00401661 C7053034440001000000
jne 0040166B
mov dword ptr [00443430], 00000001

|:0040165F(C)
|
:0040166B 8BC3
mov eax, ebx
:0040166D E88AFDFFFF
call 004013FC
|:0040162A(C), :00401635(C)
|
:00401672 8BDF
mov ebx, edi
|:00401621(U)
|
:00401674 81FB54344400
:0040167A 75A7
:0040167C 8B442404
:00401680 33D2
:00401682 8910
:00401684 837C240C00
:00401689 7419
:0040168B 8B442404
:0040168F 8B542408
:00401693 8910
:00401695 8B44240C
:00401699 2B442408
:0040169D 8B542404
:004016A1 894204

cmp ebx, 00443454
jne 00401623
mov eax, dword ptr [esp+04]
xor edx, edx
cmp dword ptr [esp+0C], 00000000
je 004016A4
mov edx, dword ptr [esp+08]
mov eax, dword ptr [esp+0C]
sub eax, dword ptr [esp+08]

|:00401689(C)
|
:004016A4 83C414
add esp, 00000014
:004016A7 5D
pop ebp
:004016A8 5F
pop edi
:004016A9 5E
pop esi
:004016AA 5B
pop ebx
:004016AB C3
ret

|:004017ED , :00401936
|
:004016AC 53
push ebx
:004016AD 56
push esi
:004016AE 57
push edi
:004016AF 55
push ebp
:004016B0 83C4F4
add esp, FFFFFFF4
:004016B3 894C2404
:004016B7 891424
:004016BA 8BD0
mov edx, eax
:004016BC 8BEA
mov ebp, edx
:004016BE 81E500F0FFFF
and ebp, FFFFF000
:004016C4 031424
add edx, dword ptr [esp]
:004016C7 81C2FF0F0000
add edx, 00000FFF
:004016CD 81E200F0FFFF
and edx, FFFFF000
:004016D3
:004016D7
:004016DB
:004016DD
:004016E1
:004016E3
:004016E7
:004016EA
:004016F0
89542408
8B442404
8928
8B442408
2BC5
8B542404
894204
8B3554344400
EB3C
mov
mov
mov
mov
sub
mov
mov
mov
jmp
dword ptr [esp+08], edx

eax, dword ptr [esp+04]
dword ptr [eax], ebp
eax, ebp
edx, dword ptr [esp+04]
dword ptr [edx+04], eax
esi, dword ptr [00443454]
0040172E

|:00401734(C)
|
:004016F2 8B5E08
mov ebx, dword ptr [esi+08]
:004016F5 8B7E0C
mov edi, dword ptr [esi+0C]
:004016F8 03FB
add edi, ebx
:004016FA 3BEB
cmp ebp, ebx
:004016FC 7602
jbe 00401700
:004016FE 8BDD
mov ebx, ebp
|:004016FC(C)
|
:00401700 3B7C2408
:00401704 7604
:00401706 8B7C2408
|:00401704(C)
|
:0040170A 3BFB
:0040170C 761E
:0040170E 6A04
:00401710 6800100000
:00401715 2BFB
:00401717 57
:00401718 53
cmp edi, dword ptr [esp+08]

jbe 0040170A
mov edi, dword ptr [esp+08]
cmp edi, ebx

jbe 0040172C
push 00000004
push 00001000
sub edi, ebx
push edi
push ebx

|
:00401719 E826FCFFFF
Call 00401344
:0040171E 85C0
test eax, eax
:00401720 750A
jne 0040172C
:00401722 8B442404
:00401726 33D2
xor edx, edx
:00401728 8910
:0040172A EB0A
jmp 00401736
|:0040170C(C), :00401720(C)
|
:0040172C 8B36
mov esi, dword ptr [esi]
|:004016F0(U)
|
:0040172E 81FE54344400
cmp esi, 00443454
:00401734 75BC
jne 004016F2
|:0040172A(U)
|
:00401736 83C40C
:00401739 5D
:0040173A 5F
:0040173B 5E
:0040173C 5B
:0040173D C3
add
pop
pop
pop
pop
ret
:0040173E 8BC0
mov eax, eax
esp, 0000000C
ebp
edi
esi
ebx

|:004019A2
|
:00401740 53
push ebx
:00401741 56
push esi
:00401742 57
push edi
:00401743 55
push ebp
:00401744 51
push ecx
:00401745 8BD8
mov ebx, eax
:00401747 8BF3
mov esi, ebx
:00401749 81C6FF0F0000
add esi, 00000FFF
:0040174F 81E600F0FFFF
and esi, FFFFF000
:00401755 893424
mov dword ptr [esp], esi
:00401758 8BEB
mov ebp, ebx
:0040175A 03EA
add ebp, edx
:0040175C 81E500F0FFFF
and ebp, FFFFF000
:00401762 8B0424
:00401765 8901
mov dword ptr [ecx], eax
:00401767 8BC5
mov eax, ebp
:00401769 2B0424
sub eax, dword ptr [esp]
:0040176C 894104
mov dword ptr [ecx+04], eax
:0040176F 8B3554344400
mov esi, dword ptr [00443454]
:00401775 EB38
jmp 004017AF
|:004017B5(C)
|
:00401777 8B5E08
:0040177A 8B7E0C
:0040177D 03FB
add edi, ebx
:0040177F 3B1C24
cmp ebx, dword ptr [esp]
:00401782 7303
jnb 00401787
:00401784 8B1C24
mov ebx, dword ptr [esp]
|:00401782(C)
|
:00401787 3BEF
cmp ebp, edi
:00401789 7302
jnb 0040178D
:0040178B 8BFD
mov edi, ebp
|:00401789(C)
|
:0040178D 3BFB
:0040178F 761C
:00401791 6800400000
:00401796 2BFB

cmp edi, ebx
jbe 004017AD
push 00004000
sub edi, ebx
:00401798 57
:00401799 53
push edi
push ebx

|
:0040179A E8ADFBFFFF
Call 0040134C
:0040179F 85C0
test eax, eax
:004017A1 750A
jne 004017AD
:004017A3 C7053034440002000000
mov dword ptr [00443430], 00000002
|:0040178F(C), :004017A1(C)
|
:004017AD 8B36
|:00401775(U)
|
:004017AF 81FE54344400
:004017B5 75C0
:004017B7 5A
:004017B8 5D
:004017B9 5F
:004017BA 5E
:004017BB 5B
:004017BC C3
:004017BD 8D4000
cmp
jne
pop
pop
pop
pop
pop
ret
esi, 00443454
00401777
edx
ebp
edi
esi
ebx

|:00401F5F
|
:004017C0 53
push ebx
:004017C1 56
push esi
:004017C2 57
push edi
:004017C3 55
push ebp
:004017C4 83C4F8
add esp, FFFFFFF8
:004017C7 8BF2
mov esi, edx
:004017C9 8BF8
mov edi, eax
:004017CB BD64344400
mov ebp, 00443464
:004017D0 81C7FF3F0000
add edi, 00003FFF
:004017D6 81E700C0FFFF
and edi, FFFFC000
|:00401835(C)
|
:004017DC 8B5D00
:004017DF EB33
jmp 00401814
|:00401816(C)
|
:004017E1 3B7B0C
:004017E4 7F2C
:004017E6 8BCE
:004017E8 8BD7
:004017EA 8B4308
:004017ED E8BAFEFFFF
:004017F2 833E00

cmp edi, dword ptr [ebx+0C]
jg 00401812
mov ecx, esi
mov edx, edi
call 004016AC
:004017F5
:004017F7
:004017FA
:004017FD
:00401800
:00401803
:00401807
:00401809
:0040180B
:00401810
7450
8B4604
014308
8B4604
29430C
837B0C00
753E
8BC3
E8ECFBFFFF
EB35
je 00401847
mov eax, dword ptr [esi+04]
jne 00401847
mov eax, ebx
call 004013FC
jmp 00401847

|:004017E4(C)
|
:00401812 8B1B
mov ebx, dword ptr [ebx]
|:004017DF(U)
|
:00401814 3BDD
:00401816 75C9
:00401818 8BD6
:0040181A 8BC7
:0040181C E8F7FCFFFF
:00401821 833E00
:00401824 7421
:00401826 8BCC
:00401828 8BD6
:0040182A 8BC5
:0040182C E8E3FBFFFF
:00401831 833C2400
:00401835 75A5
:00401837 8BCC
:00401839 8B5604
:0040183C 8B06
:0040183E E8B1FDFFFF
:00401843 33C0
:00401845 8906

cmp ebx, ebp
jne 004017E1
mov edx, esi
mov eax, edi
call 00401518
je 00401847
mov ecx, esp
mov edx, esi
mov eax, ebp
call 00401414
cmp dword ptr [esp], 00000000
jne 004017DC
mov ecx, esp
call 004015F4
xor eax, eax

|:004017F5(C), :00401807(C), :00401810(U), :00401824(C)
|
:00401847 59
pop ecx
:00401848 5A
pop edx
:00401849 5D
pop ebp
:0040184A 5F
pop edi
:0040184B 5E
pop esi
:0040184C 5B
pop ebx
:0040184D C3
ret
:0040184E 8BC0
mov eax, eax

|:00401F90
|
:00401850 53
push ebx
:00401851 56
push esi
:00401852 57
push edi
:00401853 55
push ebp
:00401854
:00401857
:0040185A
:0040185C
:0040185E
:00401863
:00401869
83C4EC
890C24
8BFA
8BF0
BD64344400
81C7FF3F0000
81E700C0FFFF
add
mov
mov
mov
mov
add
and
esp, FFFFFFEC
dword ptr [esp], ecx
edi, edx
esi, eax
ebp, 00443464
edi, 00003FFF
edi, FFFFC000

|:004018BC(C), :00401903(C)
|
:0040186F 8B5D00
:00401872 EB02
jmp 00401876
|:0040187D(C)
|
:00401874 8B1B
|:00401872(U)
|
:00401876 3BDD
cmp ebx, ebp
:00401878 7405
je 0040187F
:0040187A 3B7308
cmp esi, dword ptr [ebx+08]
:0040187D 75F5
jne 00401874
|:00401878(C)
|
:0040187F 3B7308
:00401882 7557
:00401884 3B7B0C
:00401887 0F8E96000000
:0040188D 8D4C2404
:00401891 8BD7
:00401893 2B530C
:00401896 8B4308
:00401899 03430C
:0040189C E8DBFCFFFF
:004018A1 837C240400
:004018A6 7433
:004018A8 8D4C240C
:004018AC 8D542404
:004018B0 8BC5
:004018B2 E85DFBFFFF
:004018B7 837C240C00
:004018BC 75B1
:004018BE 8D4C240C
:004018C2 8B542408
:004018C6 8B442404
:004018CA E825FDFFFF
:004018CF 8B0424
:004018D2 33D2
:004018D4 8910
:004018D6 E990000000

jne 004018DB
jle 00401923
lea ecx, dword ptr [esp+04]
mov edx, edi
sub edx, dword ptr [ebx+0C]
call 0040157C
cmp dword ptr [esp+04], 00000000
je 004018DB
lea ecx, dword ptr [esp+0C]
lea edx, dword ptr [esp+04]
mov eax, ebp
call 00401414
jne 0040186F
call 004015F4
xor edx, edx
jmp 0040196B

|:00401882(C), :004018A6(C)
|
:004018DB
:004018DF
:004018E1
:004018E3
:004018E8
:004018ED
:004018EF
:004018F3
:004018F7
:004018F9
:004018FE
:00401903
:00401909
:0040190D
:00401911
:00401915
:0040191A
:0040191D
:0040191F
:00401921
8D4C2404
8BD7
8BC6
E894FCFFFF
837C240400
7434
8D4C240C
8D542404
8BC5
E816FBFFFF
837C240C00
0F8566FFFFFF
8D4C240C
8B542408
8B442404
E8DAFCFFFF
8B0424
33D2
8910
EB48

mov edx, edi
mov eax, esi
call 0040157C
je 00401923
mov eax, ebp
call 00401414
jne 0040186F
call 004015F4
xor edx, edx
jmp 0040196B
|:00401887(C), :004018ED(C)
|
:00401923 8B6B08
:00401926 3BF5
:00401928 753A
:0040192A 3B7B0C
:0040192D 7F35
:0040192F 8B0C24
:00401932 8BD7
:00401934 8BC5
:00401936 E871FDFFFF
:0040193B 8B0424
:0040193E 833800
:00401941 7428
:00401943 8B0424
:00401946 8B4004
:00401949 014308
:0040194C 8B0424
:0040194F 8B4004
:00401952 29430C
:00401955 837B0C00
:00401959 7510
:0040195B 8BC3
:0040195D E89AFAFFFF
:00401962 EB07
|:00401928(C), :0040192D(C)
|
:00401964 8B0424
:00401967 33D2
:00401969 8910
mov ebp, dword ptr [ebx+08]

cmp esi, ebp
jne 00401964
jg 00401964
mov ecx, dword ptr [esp]
mov edx, edi
mov eax, ebp
call 004016AC
cmp dword ptr [eax], 00000000
je 0040196B
mov eax, dword ptr [eax+04]
jne 0040196B
mov eax, ebx
call 004013FC
jmp 0040196B

xor edx, edx

|:004018D6(U), :00401921(U), :00401941(C), :00401959(C), :00401962(U)
|
:0040196B 83C414
add esp, 00000014
:0040196E 5D
pop ebp
:0040196F
:00401970
:00401971
:00401972
5F
5E
5B
C3
:00401973 90
pop edi
pop esi
pop ebx
ret
nop

|:00401D9C , :00401DAD
|
:00401974 53
push ebx
:00401975 56
push esi
:00401976 57
push edi
:00401977 83C4EC
add esp, FFFFFFEC
:0040197A 8BF9
mov edi, ecx
:0040197C 891424
:0040197F 8D98FF3F0000
lea ebx, dword ptr [eax+00003FFF]
:00401985 81E300C0FFFF
and ebx, FFFFC000
:0040198B 8B3424
mov esi, dword ptr [esp]
:0040198E 03F0
add esi, eax
:00401990 81E600C0FFFF
and esi, FFFFC000
:00401996 3BDE
cmp ebx, esi
:00401998 735B
jnb 004019F5
:0040199A 8BCF
mov ecx, edi
:0040199C 8BD6
mov edx, esi
:0040199E 2BD3
sub edx, ebx
:004019A0 8BC3
mov eax, ebx
:004019A2 E899FDFFFF
call 00401740
:004019A7 8D4C2404
:004019AB 8BD7
mov edx, edi
:004019AD B864344400
mov eax, 00443464
:004019B2 E85DFAFFFF
call 00401414
:004019B7 8B5C2404
mov ebx, dword ptr [esp+04]
:004019BB 85DB
test ebx, ebx
:004019BD 741F
je 004019DE
:004019BF 8D4C240C
:004019C3 8B542408
:004019C7 8BC3
mov eax, ebx
:004019C9 E826FCFFFF
call 004015F4
:004019CE 8B44240C
:004019D2 89442404
:004019D6 8B442410
:004019DA 89442408
|:004019BD(C)
|
:004019DE 837C240400
:004019E3 7414
:004019E5 8D542404
:004019E9 B864344400
:004019EE E895FAFFFF
:004019F3 EB04

je 004019F9
mov eax, 00443464
call 00401488
jmp 004019F9

|:00401998(C)
|
:004019F5 33C0
xor eax, eax
:004019F7 8907
mov dword ptr [edi], eax
|:004019E3(C), :004019F3(U)
|
:004019F9 83C414
:004019FC 5F
:004019FD 5E
:004019FE 5B
:004019FF C3

add
pop
pop
pop
ret
esp, 00000014
edi
esi
ebx

|:004020E8 , :00402275 , :004025E4
|
:00401A00 55
push ebp
:00401A01 8BEC
mov ebp, esp
:00401A03 33D2
xor edx, edx
:00401A05 55
push ebp
:00401A06 68B61A4000
push 00401AB6
:00401A0B 64FF32
push dword ptr fs:[edx]
:00401A0E 648922
mov dword ptr fs:[edx], esp
:00401A11 6834344400
push 00443434
|
:00401A16 E839F9FFFF
Call 00401354
:00401A1B 803D4530440000
cmp byte ptr [00443045], 00
:00401A22 740A
je 00401A2E
:00401A24 6834344400
push 00443434
|
:00401A29 E82EF9FFFF
Call 0040135C
|:00401A22(C)
|
:00401A2E B854344400
:00401A33 E88CF9FFFF
:00401A38 B864344400
:00401A3D E882F9FFFF
:00401A42 B890344400
:00401A47 E878F9FFFF
:00401A4C 68F80F0000
:00401A51 6A00

mov eax, 00443454
call 004013C4
mov eax, 00443464
call 004013C4
mov eax, 00443490
call 004013C4
push 00000FF8
push 00000000

|
:00401A53 E8DCF8FFFF
Call 00401334
:00401A58 A38C344400
mov dword ptr [0044348C], eax
:00401A5D 833D8C34440000
cmp dword ptr [0044348C], 00000000
:00401A64 742F
je 00401A95
:00401A66 B803000000
mov eax, 00000003
|:00401A7D(C)
|
:00401A6B 8B158C344400
mov edx, dword ptr [0044348C]
:00401A71 33C9
xor ecx, ecx
:00401A73
:00401A77
:00401A78
:00401A7D
:00401A7F
:00401A84
:00401A87
:00401A89
:00401A8E
894C82F4
40
3D01040000
75EC
B874344400
894004
8900
A380344400
C6052C34440001
mov
inc
cmp
jne
mov
mov
mov
mov
mov
dword ptr [edx+4*eax-0C], ecx

eax
eax, 00000401
00401A6B
eax, 00443474
dword ptr [eax+04], eax
dword ptr [eax], eax
dword ptr [00443480], eax
byte ptr [0044342C], 01
|:00401A64(C)
|
:00401A95 33C0
:00401A97 5A
:00401A98 59
:00401A99 59
:00401A9A 648910
:00401A9D 68BD1A4000
|:00401ABB(U)
|
:00401AA2 803D4530440000
:00401AA9 740A
:00401AAB 6834344400
xor eax, eax

pop edx
pop ecx
pop ecx
mov dword ptr fs:[eax], edx
push 00401ABD
cmp byte ptr [00443045], 00

je 00401AB5
push 00443434

|
:00401AB0 E8AFF8FFFF
Call 00401364
|:00401AA9(C)
|
:00401AB5 C3
:00401AB6 E9BD170000
:00401ABB EBE5
:00401ABD A02C344400
:00401AC2 5D
:00401AC3 C3

ret
jmp
jmp
mov
pop
ret
00403278
00401AA2
al, byte ptr [0044342C]
ebp

|:00405969
|
:00401AC4 55
push ebp
:00401AC5 8BEC
mov ebp, esp
:00401AC7 53
push ebx
:00401AC8 803D2C34440000
cmp byte ptr [0044342C], 00
:00401ACF 0F84CC000000
je 00401BA1
:00401AD5 33D2
xor edx, edx
:00401AD7 55
push ebp
:00401AD8 689A1B4000
push 00401B9A
:00401ADD 64FF32
:00401AE0 648922
:00401AE3 803D4530440000
cmp byte ptr [00443045], 00
:00401AEA 740A
je 00401AF6
:00401AEC 6834344400
push 00443434

|
:00401AF1 E866F8FFFF
Call 0040135C
|:00401AEA(C)
|
:00401AF6 C6052C34440000
:00401AFD A18C344400
:00401B02 50

mov byte ptr [0044342C], 00
mov eax, dword ptr [0044348C]
push eax

|
:00401B03 E834F8FFFF
Call 0040133C
:00401B08 33C0
xor eax, eax
:00401B0A A38C344400
:00401B0F 8B1D54344400
:00401B15 EB12
jmp 00401B29
|:00401B2F(C)
|
:00401B17 6800800000
:00401B1C 6A00
:00401B1E 8B4308
:00401B21 50

push 00008000
push 00000000
push eax

|
:00401B22 E825F8FFFF
Call 0040134C
:00401B27 8B1B
|:00401B15(U)
|
:00401B29 81FB54344400
:00401B2F 75E6
:00401B31 B854344400
:00401B36 E889F8FFFF
:00401B3B B864344400
:00401B40 E87FF8FFFF
:00401B45 B890344400
:00401B4A E875F8FFFF
:00401B4F A14C344400
:00401B54 85C0
:00401B56 7417
|:00401B6D(C)
|
:00401B58 8B10
:00401B5A 89154C344400
:00401B60 50
cmp ebx, 00443454

jne 00401B17
mov eax, 00443454
call 004013C4
mov eax, 00443464
call 004013C4
mov eax, 00443490
call 004013C4
test eax, eax
je 00401B6F

mov dword ptr [0044344C], edx
push eax

|
:00401B61 E8D6F7FFFF
Call 0040133C
:00401B66 A14C344400
:00401B6B 85C0
test eax, eax
:00401B6D 75E9
jne 00401B58
|:00401B56(C)
|
:00401B6F 33C0
:00401B71 5A
:00401B72 59
:00401B73 59
:00401B74 648910
:00401B77 68A11B4000
|:00401B9F(U)
|
:00401B7C 803D4530440000
:00401B83 740A
:00401B85 6834344400
xor eax, eax

pop edx
pop ecx
pop ecx
push 00401BA1
cmp byte ptr [00443045], 00

je 00401B8F
push 00443434

|
:00401B8A E8D5F7FFFF
Call 00401364
|:00401B83(C)
|
:00401B8F 6834344400
push 00443434
|
:00401B94 E8D3F7FFFF
Call 0040136C
:00401B99 C3
ret
:00401B9A E9D9160000
:00401B9F EBDB
jmp 00403278
jmp 00401B7C

|:00401ACF(C)
|
:00401BA1 5B
pop ebx
:00401BA2 5D
pop ebp
:00401BA3 C3
ret

|:00401D15 , :00401D47 , :00402085 , :0040232B , :004023B7
|:0040248B , :00402555
|
:00401BA4 53
push ebx
:00401BA5 3B0580344400
cmp eax, dword ptr [00443480]
:00401BAB 7509
jne 00401BB6
:00401BAD 8B5004
:00401BB0 891580344400
mov dword ptr [00443480], edx
|:00401BAB(C)
|
:00401BB6 8B5004
:00401BB9 8B4808
mov ecx, dword ptr [eax+08]
:00401BBC
:00401BC2
:00401BC4
:00401BC6
:00401BC8
:00401BCA
:00401BCC
81F900100000
7F38
3BC2
7517
85C9
7903
83C103
|:00401BCA(C)
|
:00401BCF C1F902
:00401BD2 A18C344400
:00401BD7 33D2
:00401BD9 895488F4
:00401BDD EB24
cmp ecx, 00001000

jg 00401BFC
cmp eax, edx
jne 00401BDF
test ecx, ecx
jns 00401BCF
add ecx, 00000003
sar
mov
xor
mov
jmp
ecx, 02
edx, edx
dword ptr [eax+4*ecx-0C], edx
00401C03

|:00401BC6(C)
|
:00401BDF 85C9
test ecx, ecx
:00401BE1 7903
jns 00401BE6
:00401BE3 83C103
add ecx, 00000003
|:00401BE1(C)
|
:00401BE6 C1F902
:00401BE9 8B1D8C344400
:00401BEF 89548BF4
:00401BF3 8B00
:00401BF5 8902
:00401BF7 895004
:00401BFA 5B
:00401BFB C3

sar
mov
mov
mov
mov
mov
pop
ret
ecx, 02
ebx, dword ptr [0044348C]
dword ptr [ebx+4*ecx-0C], edx
eax, dword ptr [eax]
dword ptr [edx], eax
dword ptr [eax+04], edx
ebx

|:00401BC2(C)
|
:00401BFC 8B00
mov eax, dword ptr [eax]
:00401BFE 8902
mov dword ptr [edx], eax
:00401C00 895004
|:00401BDD(U)
|
:00401C03 5B
pop ebx
:00401C04 C3
ret
:00401C05 8D4000

|:00401D69
|
:00401C08 8B1590344400
:00401C0E EB10
jmp 00401C20

|:00401C26(C)
|
:00401C10 8B4A08
mov ecx, dword ptr [edx+08]
:00401C13 3BC1
cmp eax, ecx
:00401C15 7207
jb 00401C1E
:00401C17 034A0C
add ecx, dword ptr [edx+0C]
:00401C1A 3BC1
cmp eax, ecx
:00401C1C 7216
jb 00401C34
|:00401C15(C)
|
:00401C1E 8B12
|:00401C0E(U)
|
:00401C20 81FA90344400
:00401C26 75E8
:00401C28 C7053034440003000000
:00401C32 33D2

cmp
jne
mov
xor
edx, 00443490
00401C10
dword ptr [00443430], 00000003
edx, edx

|:00401C1C(C)
|
:00401C34 8BC2
mov eax, edx
:00401C36 C3
ret
:00401C37 90
nop

|:00401DC3 , :00401F30
|
:00401C38 53
push ebx
:00401C39 8BCA
mov ecx, edx
:00401C3B 83E904
sub ecx, 00000004
:00401C3E 8D1C01
lea ebx, dword ptr [ecx+eax]
:00401C41 83FA10
cmp edx, 00000010
:00401C44 7C0F
jl 00401C55
:00401C46 C70307000080
mov dword ptr [ebx], 80000007
:00401C4C 8BD1
mov edx, ecx
:00401C4E E8A1010000
call 00401DF4
:00401C53 5B
pop ebx
:00401C54 C3
ret
|:00401C44(C)
|
:00401C55 83FA04
:00401C58 7C0C
:00401C5A 8BCA
:00401C5C 81C902000080
:00401C62 8908
:00401C64 890B

cmp edx, 00000004
jl 00401C66
mov ecx, edx
or ecx, 80000002
mov dword ptr [eax], ecx
mov dword ptr [ebx], ecx
|:00401C58(C)
|
:00401C66 5B
:00401C67 C3
pop ebx
ret

|:00401C99 , :00401EB2 , :004024A7
|
:00401C68 FF0520344400
inc dword ptr [00443420]
:00401C6E 8BD0
mov edx, eax
:00401C70 83EA04
sub edx, 00000004
:00401C73 8B12
:00401C75 81E2FCFFFF7F
and edx, 7FFFFFFC
:00401C7B 83EA04
sub edx, 00000004
:00401C7E 011524344400
add dword ptr [00443424], edx
:00401C84 E8D3050000
call 0040225C
:00401C89 C3
ret
:00401C8A 8BC0
mov eax, eax

|:00401DDD
|
:00401C8C 83FA0C
cmp edx, 0000000C
:00401C8F 7C0E
jl 00401C9F
:00401C91 83CA02
or edx, 00000002
:00401C94 8910
:00401C96 83C004
add eax, 00000004
:00401C99 E8CAFFFFFF
call 00401C68
:00401C9E C3
ret
|:00401C8F(C)
|
:00401C9F 83FA04
:00401CA2 7C0A
:00401CA4 8BCA
:00401CA6 81C902000080
:00401CAC 8908

cmp edx, 00000004
jl 00401CAE
mov ecx, edx
or ecx, 80000002

|:00401CA2(C)
|
:00401CAE 03C2
add eax, edx
:00401CB0 8320FE
and dword ptr [eax], FFFFFFFE
:00401CB3 C3
ret

|:00401EFE
|
:00401CB4 53
push ebx
:00401CB5 56
push esi
:00401CB6 8BD0
mov edx, eax
:00401CB8
:00401CBB
:00401CBD
:00401CBF
:00401CC5
:00401CCB
:00401CCD
83EA04
8B12
8BCA
81E102000080
81F902000080
740A
C7053034440004000000
sub edx, 00000004

mov ecx, edx
and ecx, 80000002
cmp ecx, 80000002
je 00401CD7
mov dword ptr [00443430], 00000004
|:00401CCB(C)
|
:00401CD7 8BDA
:00401CD9 81E3FCFFFF7F
:00401CDF 2BC3
:00401CE1 8BC8
:00401CE3 3311
:00401CE5 F7C2FEFFFFFF
:00401CEB 740A
:00401CED C7053034440005000000
|:00401CEB(C)
|
:00401CF7 F60101
:00401CFA 7420
:00401CFC 8BD0
:00401CFE 83EA0C
:00401D01 8B7208
:00401D04 2BC6
:00401D06 3B7008
:00401D09 740A
:00401D0B C7053034440006000000
mov ebx, edx

and ebx, 7FFFFFFC
sub eax, ebx
mov ecx, eax
xor edx, dword ptr [ecx]
test edx, FFFFFFFE
je 00401CF7
mov dword ptr [00443430], 00000005
test byte ptr [ecx], 01

je 00401D1C
mov edx, eax
sub edx, 0000000C
sub eax, esi
cmp esi, dword ptr [eax+08]
je 00401D15
mov dword ptr [00443430], 00000006

|:00401D09(C)
|
:00401D15 E88AFEFFFF
call 00401BA4
:00401D1A 03DE
add ebx, esi
|:00401CFA(C)
|
:00401D1C 8BC3
mov eax, ebx
:00401D1E 5E
pop esi
:00401D1F 5B
pop ebx
:00401D20 C3
ret
:00401D21 8D4000

|:00401F17
|
:00401D24 53
push ebx
:00401D25 56
push esi
:00401D26 57
push edi
:00401D27 8BD8
mov ebx, eax
:00401D29 33FF
xor edi, edi
:00401D2B 8B03
:00401D2D A900000080
test eax, 80000000
:00401D32
:00401D34
:00401D39
:00401D3B
:00401D3D
740B
25FCFFFF7F
03F8
03D8
8B03
|:00401D32(C)
|
:00401D3F A802
:00401D41 7513
:00401D43 8BF3
:00401D45 8BC6
:00401D47 E858FEFFFF
:00401D4C 8B4608
:00401D4F 03F8
:00401D51 03D8
:00401D53 8323FE
je 00401D3F
and eax, 7FFFFFFC
add edi, eax
add ebx, eax
test al, 02
jne 00401D56
mov esi, ebx
mov eax, esi
call 00401BA4
add edi, eax
add ebx, eax
and dword ptr [ebx], FFFFFFFE

|:00401D41(C)
|
:00401D56 8BC7
mov eax, edi
:00401D58 5F
pop edi
:00401D59 5E
pop esi
:00401D5A 5B
pop ebx
:00401D5B C3
ret

|:00401E55
|
:00401D5C 53
push ebx
:00401D5D 56
push esi
:00401D5E 57
push edi
:00401D5F 55
push ebp
:00401D60 83C4F8
add esp, FFFFFFF8
:00401D63 8BFA
mov edi, edx
:00401D65 8BF0
mov esi, eax
:00401D67 8BC6
mov eax, esi
call 00401C08
:00401D6E 8BD8
mov ebx, eax
:00401D70 8B6B08
:00401D73 8BC5
mov eax, ebp
:00401D75 03430C
:00401D78 8BD0
mov edx, eax
:00401D7A 8D0C37
lea ecx, dword ptr [edi+esi]
:00401D7D 2BD1
sub edx, ecx
:00401D7F 83FA0C
cmp edx, 0000000C
:00401D82 7F04
jg 00401D88
:00401D84 8BF8
mov edi, eax
:00401D86 2BFE
sub edi, esi
|:00401D82(C)
|
:00401D88 8BC6
mov eax, esi
:00401D8A 2BC5
sub eax, ebp
:00401D8C 83F80C
cmp eax, 0000000C
:00401D8F
:00401D91
:00401D93
:00401D95
:00401D98
:00401D9A
:00401D9C
:00401DA1
7D12
8BCC
8BD6
2B5308
03D7
8BC5
E8D3FBFFFF
EB0F
|:00401D8F(C)
|
:00401DA3 8BCC
:00401DA5 8BD7
:00401DA7 83EA04
:00401DAA 8D4604
:00401DAD E8C2FBFFFF
jge 00401DA3
mov ecx, esp
mov edx, esi
sub edx, dword ptr [ebx+08]
add edx, edi
mov eax, ebp
call 00401974
jmp 00401DB2
mov ecx, esp
mov edx, edi
sub edx, 00000004
lea eax, dword ptr [esi+04]
call 00401974

|:00401DA1(U)
|
:00401DB2 8B2C24
mov ebp, dword ptr [esp]
:00401DB5 85ED
test ebp, ebp
:00401DB7 7504
jne 00401DBD
:00401DB9 33C0
xor eax, eax
:00401DBB EB30
jmp 00401DED
|:00401DB7(C)
|
:00401DBD 8BD5
:00401DBF 2BD6
:00401DC1 8BC6
:00401DC3 E870FEFFFF
:00401DC8 8BC5
:00401DCA 03442404
:00401DCE 8B5308
:00401DD1 03530C
:00401DD4 3BC2
:00401DD6 730A
:00401DD8 8D1437
:00401DDB 2BD0
:00401DDD E8AAFEFFFF
|:00401DD6(C)
|
:00401DE2 8BD4
:00401DE4 8BC3
:00401DE6 E89DF6FFFF
:00401DEB B001
mov edx, ebp

sub edx, esi
mov eax, esi
call 00401C38
mov eax, ebp
add eax, dword
mov edx, dword
add edx, dword
cmp eax, edx
jnb 00401DE2
lea edx, dword
sub edx, eax
call 00401C8C
ptr [esp+04]
ptr [ebx+08]
ptr [ebx+0C]
ptr [edi+esi]
mov edx, esp

mov eax, ebx
call 00401488
mov al, 01

|:00401DBB(U)
|
:00401DED 59
pop ecx
:00401DEE 5A
pop edx
:00401DEF 5D
pop ebp
:00401DF0 5F
pop edi
:00401DF1 5E
pop esi
:00401DF2 5B
:00401DF3 C3
pop ebx
ret

|:00401C4E , :0040209B , :004023C0 , :0040256E
|
:00401DF4 53
push ebx
:00401DF5 56
push esi
:00401DF6 57
push edi
:00401DF7 8BF2
mov esi, edx
:00401DF9 8BF8
mov edi, eax
:00401DFB 8BDF
mov ebx, edi
:00401DFD 897308
:00401E00 8BC3
mov eax, ebx
:00401E02 03C6
add eax, esi
:00401E04 83E80C
sub eax, 0000000C
:00401E07 897008
mov dword ptr [eax+08], esi
:00401E0A 81FE00100000
cmp esi, 00001000
:00401E10 7F37
jg 00401E49
:00401E12 8BD6
mov edx, esi
:00401E14 85D2
test edx, edx
:00401E16 7903
jns 00401E1B
:00401E18 83C203
add edx, 00000003
|:00401E16(C)
|
:00401E1B C1FA02
:00401E1E A18C344400
:00401E23 8B4490F4
:00401E27 85C0
:00401E29 7510
:00401E2B A18C344400
:00401E30 895C90F4
:00401E34 895B04
:00401E37 891B
:00401E39 EB3A

sar edx, 02
mov eax, dword ptr [eax+4*edx-0C]
test eax, eax
jne 00401E3B
mov dword ptr [eax+4*edx-0C], ebx
mov dword ptr [ebx+04], ebx
mov dword ptr [ebx], ebx
jmp 00401E75

|:00401E29(C)
|
:00401E3B 8B10
:00401E3D 894304
mov dword ptr [ebx+04], eax
:00401E40 8913
mov dword ptr [ebx], edx
:00401E42 8918
mov dword ptr [eax], ebx
:00401E44 895A04
mov dword ptr [edx+04], ebx
:00401E47 EB2C
jmp 00401E75
|:00401E10(C)
|
:00401E49 81FE003C0000
:00401E4F 7C0D
:00401E51 8BD6
:00401E53 8BC7
:00401E55 E802FFFFFF
:00401E5A 84C0
:00401E5C 7517

cmp esi, 00003C00
jl 00401E5E
mov edx, esi
mov eax, edi
call 00401D5C
test al, al
jne 00401E75
|:00401E4F(C)
|
:00401E5E A180344400
:00401E63 891D80344400
:00401E69 8B10
:00401E6B 894304
:00401E6E 8913
:00401E70 8918
:00401E72 895A04

mov
mov
mov
mov
mov
mov
mov
eax, dword ptr [00443480]

dword ptr [00443480], ebx
edx, dword ptr [eax]
dword ptr [ebx+04], eax
dword ptr [ebx], edx
dword ptr [eax], ebx
dword ptr [edx+04], ebx

|:00401E39(U), :00401E47(U), :00401E5C(C)
|
:00401E75 5F
pop edi
:00401E76 5E
pop esi
:00401E77 5B
pop ebx
:00401E78 C3
ret
:00401E79 8D4000

|:00401ED7 , :0040235C , :00402526
|
:00401E7C 833D8434440000
cmp dword ptr [00443484], 00000000
:00401E83 7E40
jle 00401EC5
:00401E85 833D843444000C
cmp dword ptr [00443484], 0000000C
:00401E8C 7D0C
jge 00401E9A
:00401E8E C7053034440007000000
mov dword ptr [00443430], 00000007
:00401E98 EB2B
jmp 00401EC5
|:00401E8C(C)
|
:00401E9A A184344400
:00401E9F 83C802
:00401EA2 8B1588344400
:00401EA8 8902
:00401EAA A188344400
:00401EAF 83C004
:00401EB2 E8B1FDFFFF
:00401EB7 33C0
:00401EB9 A388344400
:00401EBE 33C0
:00401EC0 A384344400

mov eax, dword ptr [00443484]
or eax, 00000002
add eax, 00000004
call 00401C68
xor eax, eax
xor eax, eax

|:00401E83(C), :00401E98(U)
|
:00401EC5 C3
ret
:00401EC6 8BC0
mov eax, eax
|:00401F6C , :00401F9D
|
:00401EC8 53
push ebx
:00401EC9 56
push esi
:00401ECA 57
push edi
:00401ECB
:00401ECE
:00401ED0
:00401ED3
:00401ED4
:00401ED5
:00401ED7
:00401EDC
:00401EE0
:00401EE2
:00401EE7
:00401EEC
:00401EF0
:00401EF2
:00401EF4
:00401EF6
83C4F0
8BF0
8D3C24
A5
A5
8BFC
E8A0FFFFFF
8D4C2408
8BD7
B890344400
E828F5FFFF
8B5C2408
85DB
7504
33C0
EB52
add esp, FFFFFFF0

mov esi, eax
lea edi, dword ptr [esp]
movsd
movsd
mov edi, esp
call 00401E7C
mov edx, edi
mov eax, 00443490
call 00401414
test ebx, ebx
jne 00401EF8
xor eax, eax
jmp 00401F4A
|:00401EF2(C)
|
:00401EF8 8B07
:00401EFA 3BD8
:00401EFC 730A
:00401EFE E8B1FDFFFF
:00401F03 2907
:00401F05 014704
|:00401EFC(C)
|
:00401F08 8B07
:00401F0A 034704
:00401F0D 8BF3
:00401F0F 0374240C
:00401F13 3BC6
:00401F15 7308
:00401F17 E808FEFFFF
:00401F1C 014704
|:00401F15(C)
|
:00401F1F 8B07
:00401F21 034704
:00401F24 3BF0
:00401F26 7511
:00401F28 83E804
:00401F2B BA04000000
:00401F30 E803FDFFFF
:00401F35 836F0404
|:00401F26(C)
|
:00401F39 8B07
:00401F3B A388344400
:00401F40 8B4704
:00401F43 A384344400
:00401F48 B001
mov eax, dword ptr [edi]

cmp ebx, eax
jnb 00401F08
call 00401CB4
sub dword ptr [edi], eax
add dword ptr [edi+04], eax

add eax, dword ptr [edi+04]
mov esi, ebx
add esi, dword ptr [esp+0C]
cmp eax, esi
jnb 00401F1F
call 00401D24

cmp esi, eax
jne 00401F39
sub eax, 00000004
mov edx, 00000004
call 00401C38
sub dword ptr [edi+04], 00000004
mov
mov
mov
mov
mov
eax, dword ptr [edi]

eax, dword ptr [edi+04]
al, 01

|:00401EF6(U)
|
:00401F4A 83C410
add esp, 00000010
:00401F4D 5F
pop edi
:00401F4E 5E
pop esi
:00401F4F 5B
pop ebx
:00401F50 C3
ret
:00401F51 8D4000

|:00402037
|
:00401F54 53
push ebx
:00401F55 83C4F8
add esp, FFFFFFF8
:00401F58 8BD8
mov ebx, eax
:00401F5A 8BD4
mov edx, esp
:00401F5C 8D4304
lea eax, dword ptr [ebx+04]
:00401F5F E85CF8FFFF
call 004017C0
:00401F64 833C2400
:00401F68 740B
je 00401F75
:00401F6A 8BC4
mov eax, esp
:00401F6C E857FFFFFF
call 00401EC8
:00401F71 84C0
test al, al
:00401F73 7504
jne 00401F79
|:00401F68(C)
|
:00401F75 33C0
xor eax, eax
:00401F77 EB02
jmp 00401F7B
|:00401F73(C)
|
:00401F79 B001
mov al, 01
|:00401F77(U)
|
:00401F7B 59
pop ecx
:00401F7C 5A
pop edx
:00401F7D 5B
pop ebx
:00401F7E C3
ret
:00401F7F 90
nop

|:00402599
|
:00401F80 53
push ebx
:00401F81 56
push esi
:00401F82 83C4F8
add esp, FFFFFFF8
:00401F85 8BF2
mov esi, edx
:00401F87 8BD8
mov ebx, eax
:00401F89 8BCC
mov ecx, esp
:00401F8B 8D5604
lea edx, dword ptr [esi+04]
:00401F8E
:00401F90
:00401F95
:00401F99
:00401F9B
:00401F9D
:00401FA2
:00401FA4
8BC3
E8BBF8FFFF
833C2400
740B
8BC4
E826FFFFFF
84C0
7504
mov eax, ebx

call 00401850
je 00401FA6
mov eax, esp
call 00401EC8
test al, al
jne 00401FAA

|:00401F99(C)
|
:00401FA6 33C0
xor eax, eax
:00401FA8 EB02
jmp 00401FAC
|:00401FA4(C)
|
:00401FAA B001
mov al, 01
|:00401FA8(U)
|
:00401FAC 59
pop ecx
:00401FAD 5A
pop edx
:00401FAE 5E
pop esi
:00401FAF 5B
pop ebx
:00401FB0 C3
ret
:00401FB1 8D4000

|:0040202A
|
:00401FB4 33D2
xor edx, edx
:00401FB6 85C0
test eax, eax
:00401FB8 7903
jns 00401FBD
:00401FBA 83C003
add eax, 00000003
|:00401FB8(C)
|
:00401FBD C1F802
:00401FC0 3D00040000
:00401FC5 7F16
|:00401FDB(C)
|
:00401FC7 8B158C344400
:00401FCD 8B5482F4
:00401FD1 85D2
:00401FD3 7508
:00401FD5 40
:00401FD6 3D01040000
:00401FDB 75EA
sar eax, 02
cmp eax, 00000400
jg 00401FDD

mov edx, dword ptr [edx+4*eax-0C]
test edx, edx
jne 00401FDD
inc eax
cmp eax, 00000401
jne 00401FC7

|:00401FC5(C), :00401FD3(C)
|
:00401FDD 8BC2
:00401FDF C3
mov eax, edx

ret

|:0040221F
|
:00401FE0 53
push ebx
:00401FE1 56
push esi
:00401FE2 57
push edi
:00401FE3 55
push ebp
:00401FE4 8BF0
mov esi, eax
:00401FE6 BF80344400
mov edi, 00443480
:00401FEB BD84344400
mov ebp, 00443484
|:0040204A(C)
|
:00401FF0 8B1D78344400
:00401FF6 3B7308
:00401FF9 0F8E84000000
:00401FFF 8B1F
:00402001 8B4308
:00402004 3BF0
:00402006 7E7B
:00402008 897308

mov
cmp
jle
mov
mov
cmp
jle
mov
ebx, dword ptr [00443478]

esi, dword ptr [ebx+08]
00402083
ebx, dword ptr [edi]
eax, dword ptr [ebx+08]
esi, eax
00402083
dword ptr [ebx+08], esi

|:00402011(C)
|
:0040200B 8B5B04
mov ebx, dword ptr [ebx+04]
:0040200E 3B7308
:00402011 7FF8
jg 0040200B
:00402013 8B17
mov edx, dword ptr [edi]
:00402015 894208
:00402018 3B1F
cmp ebx, dword ptr [edi]
:0040201A 7404
je 00402020
:0040201C 891F
mov dword ptr [edi], ebx
:0040201E EB63
jmp 00402083
|:0040201A(C)
|
:00402020 81FE00100000
:00402026 7F0D
:00402028 8BC6
:0040202F 8BD8
:00402031 85DB
:00402033 754E
|:00402026(C)
|
:00402035 8BC6
:00402037 E818FFFFFF
:0040203C 84C0
:0040203E 7507
cmp esi, 00001000

jg 00402035
mov eax, esi
call 00401FB4
mov ebx, eax
test ebx, ebx
jne 00402083
mov eax, esi

call 00401F54
test al, al
jne 00402047
:00402040 33C0
:00402042 E988000000
xor eax, eax

jmp 004020CF
|:0040203E(C)
|
:00402047 3B7500
:0040204A 7FA4
:0040204C 297500
:0040204F 837D000C
:00402053 7D08
:00402055 037500
:00402058 33C0
:0040205A 894500
|:00402053(C)
|
:0040205D A188344400
:00402062 013588344400
:00402068 8BD6
:0040206A 83CA02
:0040206D 8910
:0040206F 83C004
:00402072 FF0520344400
:00402078 83EE04
:0040207B 013524344400
:00402081 EB4C
cmp esi, dword ptr [ebp+00]

jg 00401FF0
sub dword ptr [ebp+00], esi
cmp dword ptr [ebp+00], 0000000C
jge 0040205D
add esi, dword ptr [ebp+00]
xor eax, eax
mov dword ptr [ebp+00], eax

add dword ptr [00443488], esi
mov edx, esi
or edx, 00000002
add eax, 00000004
sub esi, 00000004
jmp 004020CF

|:00401FF9(C), :00402006(C), :0040201E(U), :00402033(C)
|
:00402083 8BC3
mov eax, ebx
:00402085 E81AFBFFFF
call 00401BA4
:0040208A 8B5308
mov edx, dword ptr [ebx+08]
:0040208D 8BC2
mov eax, edx
:0040208F 2BC6
sub eax, esi
:00402091 83F80C
cmp eax, 0000000C
:00402094 7C0C
jl 004020A2
:00402096 8BD3
mov edx, ebx
:00402098 03D6
add edx, esi
:0040209A 92
xchg eax,edx
:0040209B E854FDFFFF
call 00401DF4
:004020A0 EB12
jmp 004020B4
|:00402094(C)
|
:004020A2 8BF2
mov esi, edx
:004020A4 3B1F
cmp ebx, dword ptr [edi]
:004020A6 7505
jne 004020AD
:004020A8 8B4304
:004020AB 8907
|:004020A6(C)
|
:004020AD 8BC3
mov eax, ebx
:004020AF 03C6
add eax, esi
:004020B1 8320FE
|:004020A0(U)
|
:004020B4 8BC3
:004020B6 8BD6
:004020B8 83CA02
:004020BB 8910
:004020BD 83C004
:004020C0 FF0520344400
:004020C6 83EE04
:004020C9 013524344400
|:00402042(U), :00402081(U)
|
:004020CF 5D
:004020D0 5F
:004020D1 5E
:004020D2 5B
:004020D3 C3
mov eax, ebx

mov edx, esi
or edx, 00000002
add eax, 00000004
sub esi, 00000004
pop
pop
pop
pop
ret
ebp
edi
esi
ebx

|:0040262C
|
:004020D4 55
push ebp
:004020D5 8BEC
mov ebp, esp
:004020D7 83C4F8
add esp, FFFFFFF8
:004020DA 53
push ebx
:004020DB 56
push esi
:004020DC 57
push edi
:004020DD 8BD8
mov ebx, eax
:004020DF 803D2C34440000
:004020E6 7513
jne 004020FB
:004020E8 E813F9FFFF
call 00401A00
:004020ED 84C0
test al, al
:004020EF 750A
jne 004020FB
:004020F1 33C0
xor eax, eax
:004020F3 8945FC
mov dword ptr [ebp-04], eax
:004020F6 E954010000
jmp 0040224F
|:004020E6(C), :004020EF(C)
|
:004020FB 33C9
:004020FD 55
:004020FE 6848224000
:00402103 64FF31
:00402106 648921
:00402109 803D4530440000
:00402110 740A
:00402112 6834344400

xor ecx, ecx
push ebp
push 00402248
push dword ptr fs:[ecx]
mov dword ptr fs:[ecx], esp
cmp byte ptr [00443045], 00
je 0040211C
push 00443434

|
:00402117 E840F2FFFF
Call 0040135C
|:00402110(C)
|
:0040211C 83C307
:0040211F 83E3FC
:00402122 83FB0C
:00402125 7D05
:00402127 BB0C000000
add
and
cmp
jge
mov
ebx, 00000007
ebx, FFFFFFFC
ebx, 0000000C
0040212C
ebx, 0000000C
|:00402125(C)
|
:0040212C 81FB00100000
:00402132 0F8F93000000
:00402138 8BC3
:0040213A 85C0
:0040213C 7903
:0040213E 83C003
|:0040213C(C)
|
:00402141 C1F802
:00402144 8B158C344400
:0040214A 8B5482F4
:0040214E 85D2
:00402150 7479
:00402152 8BF2
:00402154 8BC6
:00402156 03C3
:00402158 8320FE
:0040215B 8B4204
:0040215E 3BD0
:00402160 751A
:00402162 8BC3
:00402164 85C0
:00402166 7903
:00402168 83C003
|:00402166(C)
|
:0040216B C1F802
:0040216E 8B0D8C344400
:00402174 33FF
:00402176 897C81F4
:0040217A EB26
cmp ebx, 00001000

jg 004021CB
mov eax, ebx
test eax, eax
jns 00402141
add eax, 00000003
sar eax, 02
mov edx, dword ptr [edx+4*eax-0C]
test edx, edx
je 004021CB
mov esi, edx
mov eax, esi
add eax, ebx
cmp edx, eax
jne 0040217C
mov eax, ebx
test eax, eax
jns 0040216B
add eax, 00000003
sar
mov
xor
mov
jmp
eax, 02
ecx, dword ptr [0044348C]
edi, edi
dword ptr [ecx+4*eax-0C], edi
004021A2

|:00402160(C)
|
:0040217C 8BCB
mov ecx, ebx
:0040217E 85C9
test ecx, ecx
:00402180 7903
jns 00402185
:00402182 83C103
add ecx, 00000003
|:00402180(C)
|
:00402185 C1F902
sar ecx, 02
:00402188 8B3D8C344400
mov edi, dword ptr [0044348C]
:0040218E
:00402192
:00402194
:00402197
:0040219A
:0040219D
:004021A0
89448FF4
8B0A
894DF8
8B4DF8
894104
8B4DF8
8908
mov
mov
mov
mov
mov
mov
mov
dword ptr [edi+4*ecx-0C], eax

ecx, dword ptr [edx]
dword ptr [ebp-08], ecx
ecx, dword ptr [ebp-08]
dword ptr [ecx+04], eax
dword ptr [eax], ecx
|:0040217A(U)
|
:004021A2 8BC6
:004021A4 8B5208
:004021A7 83CA02
:004021AA 8910
:004021AC 83C004
:004021AF 8945FC
:004021B2 FF0520344400
:004021B8 83EB04
:004021BB 011D24344400
:004021C1 E88A110000
:004021C6 E984000000
|:00402132(C), :00402150(C)
|
:004021CB 3B1D84344400
:004021D1 7F4A
:004021D3 291D84344400
:004021D9 833D843444000C
:004021E0 7D0D
:004021E2 031D84344400
:004021E8 33C0
:004021EA A384344400
|:004021E0(C)
|
:004021EF A188344400
:004021F4 011D88344400
:004021FA 8BD3
:004021FC 83CA02
:004021FF 8910
:00402201 83C004
:00402204 8945FC
:00402207 FF0520344400
:0040220D 83EB04
:00402210 011D24344400
:00402216 E835110000
:0040221B EB32
|:004021D1(C)
|
:0040221D 8BC3
:0040221F E8BCFDFFFF
:00402224 8945FC
:00402227 33C0
:00402229 5A
:0040222A 59
mov eax, esi

mov edx, dword ptr [edx+08]
or edx, 00000002
add eax, 00000004
sub ebx, 00000004
add dword ptr [00443424], ebx
call 00403350
jmp 0040224F
cmp ebx, dword ptr [00443484]

jg 0040221D
sub dword ptr [00443484], ebx
cmp dword ptr [00443484], 0000000C
jge 004021EF
add ebx, dword ptr [00443484]
xor eax, eax

mov edx, ebx
or edx, 00000002
add eax, 00000004
sub ebx, 00000004
call 00403350
jmp 0040224F
mov eax, ebx

call 00401FE0
xor eax, eax
pop edx
pop ecx
:0040222B 59
:0040222C 648910
:0040222F 684F224000
pop ecx
push 0040224F
|:0040224D(U)
|
:00402234 803D4530440000
:0040223B 740A
:0040223D 6834344400

cmp byte ptr [00443045], 00
je 00402247
push 00443434

|
:00402242 E81DF1FFFF
Call 00401364
|:0040223B(C)
|
:00402247 C3
:00402248 E92B100000
:0040224D EBE5

ret
jmp 00403278
jmp 00402234

|:004020F6(U), :004021C6(U), :0040221B(U)
|
:0040224F 8B45FC
mov eax, dword ptr [ebp-04]
:00402252 5F
pop edi
:00402253 5E
pop esi
:00402254 5B
pop ebx
:00402255 59
pop ecx
:00402256 59
pop ecx
:00402257 5D
pop ebp
:00402258 C3
ret
:00402259 8D4000

|:00401C84 , :00402658
|
:0040225C 55
push ebp
:0040225D 8BEC
mov ebp, esp
:0040225F 51
push ecx
:00402260 53
push ebx
:00402261 56
push esi
:00402262 57
push edi
:00402263 8BD8
mov ebx, eax
:00402265 33C0
xor eax, eax
:00402267 A330344400
:0040226C 803D2C34440000
:00402273 751F
jne 00402294
:00402275 E886F7FFFF
call 00401A00
:0040227A 84C0
test al, al
:0040227C 7516
jne 00402294
:0040227E C7053034440008000000
mov dword ptr [00443430], 00000008
:00402288 C745FC08000000
mov [ebp-04], 00000008
:0040228F E961010000
jmp 004023F5
|:00402273(C), :0040227C(C)
|
:00402294
:00402296
:00402297
:0040229C
:0040229F
:004022A2
:004022A9
:004022AB
33C9
55
68EE234000
64FF31
648921
803D4530440000
740A
6834344400
xor ecx, ecx

push ebp
push 004023EE
cmp byte ptr [00443045], 00
je 004022B5
push 00443434

|
:004022B0 E8A7F0FFFF
Call 0040135C
|:004022A9(C)
|
:004022B5 8BF3
:004022B7 83EE04
:004022BA 8B1E
:004022BC F6C302
:004022BF 750F
:004022C1 C7053034440009000000
:004022CB E9F5000000
|:004022BF(C)
|
:004022D0 FF0D20344400
:004022D6 8BC3
:004022D8 25FCFFFF7F
:004022DD 83E804
:004022E0 290524344400
:004022E6 F6C301
:004022E9 7445
:004022EB 8BC6
:004022ED 83E80C
:004022F0 8B5008
:004022F3 83FA0C
:004022F6 7C08
:004022F8 F7C203000080
:004022FE 740F
mov esi, ebx

sub esi, 00000004
mov ebx, dword ptr [esi]
test bl, 02
jne 004022D0
mov dword ptr [00443430], 00000009
jmp 004023C5
dec dword ptr [00443420]

mov eax, ebx
and eax, 7FFFFFFC
sub eax, 00000004
sub dword ptr [00443424], eax
test bl, 01
je 00402330
mov eax, esi
sub eax, 0000000C
cmp edx, 0000000C
jl 00402300
test edx, 80000003
je 0040230F

|:004022F6(C)
|
:00402300 C705303444000A000000
mov dword ptr [00443430], 0000000A
:0040230A E9B6000000
jmp 004023C5
|:004022FE(C)
|
:0040230F 8BC6
:00402311 2BC2
:00402313 3B5008
:00402316 740F
:00402318 C705303444000A000000
:00402322 E99E000000

mov eax, esi
sub eax, edx
cmp edx, dword ptr [eax+08]
je 00402327
mov dword ptr [00443430], 0000000A
jmp 004023C5
|:00402316(C)
|
:00402327 03DA
:00402329 8BF0
:0040232B E874F8FFFF
add ebx, edx

mov esi, eax
call 00401BA4
|:004022E9(C)
|
:00402330 81E3FCFFFF7F
:00402336 8BC6
:00402338 03C3
:0040233A 8BF8
:0040233C 3B3D88344400
:00402342 752C
:00402344 291D88344400
:0040234A 011D84344400
:00402350 813D84344400003C0000
:0040235A 7E05
:0040235C E81BFBFFFF
|:0040235A(C)
|
:00402361 33C0
:00402363 8945FC
:00402366 E8E50F0000
:0040236B E985000000
|:00402342(C)
|
:00402370 8B10
:00402372 F6C202
:00402375 741C
:00402377 81E2FCFFFF7F
:0040237D 83FA04
:00402380 7D0C
:00402382 C705303444000B000000
:0040238C EB37
and ebx, 7FFFFFFC

mov eax, esi
add eax, ebx
mov edi, eax
cmp edi, dword ptr [00443488]
jne 00402370
sub dword ptr [00443488], ebx
cmp dword ptr [00443484], 00003C00
jle 00402361
call 00401E7C
xor eax, eax

call 00403350
jmp 004023F5

test dl, 02
je 00402393
and edx, 7FFFFFFC
cmp edx, 00000004
jge 0040238E
mov dword ptr [00443430], 0000000B
jmp 004023C5

|:00402380(C)
|
:0040238E 830801
or dword ptr [eax], 00000001
:00402391 EB29
jmp 004023BC
|:00402375(C)
|
:00402393 8BC7
:00402395 83780400
:00402399 740B
:0040239B 833800
:0040239E 7406
:004023A0 8378080C
:004023A4 7D0C

mov eax, edi
cmp dword ptr [eax+04], 00000000
je 004023A6
je 004023A6
cmp dword ptr [eax+08], 0000000C
jge 004023B2

|:00402399(C), :0040239E(C)
|
:004023A6 C705303444000B000000
:004023B0 EB13
mov dword ptr [00443430], 0000000B

jmp 004023C5
|:004023A4(C)
|
:004023B2 8B5008
:004023B5 03DA
:004023B7 E8E8F7FFFF
|:00402391(U)
|
:004023BC 8BD3
:004023BE 8BC6
:004023C0 E82FFAFFFF

add ebx, edx
call 00401BA4
mov edx, ebx

mov eax, esi
call 00401DF4

|:004022CB(U), :0040230A(U), :00402322(U), :0040238C(U), :004023B0(U)
|
:004023C5 A130344400
:004023CA 8945FC
:004023CD 33C0
xor eax, eax
:004023CF 5A
pop edx
:004023D0 59
pop ecx
:004023D1 59
pop ecx
:004023D2 648910
:004023D5 68F5234000
push 004023F5
|:004023F3(U)
|
:004023DA 803D4530440000
:004023E1 740A
:004023E3 6834344400

cmp byte ptr [00443045], 00
je 004023ED
push 00443434

|
:004023E8 E877EFFFFF
Call 00401364
|:004023E1(C)
|
:004023ED C3
:004023EE E9850E0000
:004023F3 EBE5
|:0040228F(U), :0040236B(U)
|
:004023F5 8B45FC
:004023F8 5F
:004023F9 5E
:004023FA 5B
:004023FB 59
:004023FC 5D
:004023FD C3
ret
jmp 00403278
jmp 004023DA
mov
pop
pop
pop
pop
pop
ret
eax, dword ptr [ebp-04]

edi
esi
ebx
ecx
ebp
:004023FE 8BC0
mov eax, eax

|:0040261C
|
:00402400 53
push ebx
:00402401 56
push esi
:00402402 57
push edi
:00402403 55
push ebp
:00402404 83C4F8
add esp, FFFFFFF8
:00402407 8BF2
mov esi, edx
:00402409 83C607
add esi, 00000007
:0040240C 83E6FC
and esi, FFFFFFFC
:0040240F 83FE0C
cmp esi, 0000000C
:00402412 7D05
jge 00402419
:00402414 BE0C000000
mov esi, 0000000C
|:00402412(C)
|
:00402419 8BE8
:0040241B 83ED04
:0040241E 8B7D00
:00402421 81E7FCFFFF7F
:00402427 8BC5
:00402429 03C7
:0040242B 8BD8
:0040242D 3BFE
:0040242F 0F8C83000000
:00402435 8BD7
:00402437 2BD6
:00402439 891424
:0040243C 3B1D88344400
:00402442 7538
:00402444 8B0424
:00402447 290588344400
:0040244D 8B0424
:00402450 010584344400
:00402456 833D843444000C
:0040245D 0F8D4C010000
:00402463 8B0424
:00402466 010588344400
:0040246C 8B0424
:0040246F 290584344400
:00402475 8BF7
:00402477 E933010000
|:00402442(C)
|
:0040247C 8BD8
:0040247E F60302
:00402481 750D
:00402483 8BC3
:00402485 8B5008
:00402488 011424
:0040248B E814F7FFFF
mov ebp, eax

sub ebp, 00000004
mov edi, dword ptr [ebp+00]
and edi, 7FFFFFFC
mov eax, ebp
add eax, edi
mov ebx, eax
cmp edi, esi
jl 004024B8
mov edx, edi
sub edx, esi
jne 0040247C
add dword ptr [00443484], eax
cmp dword ptr [00443484], 0000000C
jnl 004025AF
mov esi, edi
jmp 004025AF
mov ebx, eax

test byte ptr [ebx], 02
jne 00402490
mov eax, ebx
add dword ptr [esp], edx
call 00401BA4

|:00402481(C)
|
:00402490
:00402494
:00402496
:00402498
:0040249A
:0040249D
:004024A0
:004024A2
:004024A4
:004024A7
:004024AC
833C240C
7C1B
8BDD
03DE
8B0424
83C802
8903
8BC3
83C004
E8BCF7FFFF
E9FE000000
cmp dword ptr [esp], 0000000C

jl 004024B1
mov ebx, ebp
add ebx, esi
or eax, 00000002
mov eax, ebx
add eax, 00000004
call 00401C68
jmp 004025AF

|:00402494(C)
|
:004024B1 8BF7
mov esi, edi
:004024B3 E9F7000000
jmp 004025AF
|:0040242F(C), :004025A6(U)
|
:004024B8 8BC6
:004024BA 2BC7
:004024BC 89442404
:004024C0 3B1D88344400
:004024C6 7567
:004024C8 A184344400
:004024CD 3B442404
:004024D1 7C53
:004024D3 8B442404
:004024D7 290584344400
:004024DD 8B442404
:004024E1 010588344400
:004024E7 833D843444000C
:004024EE 7D18
:004024F0 A184344400
:004024F5 010588344400
:004024FB 033584344400
:00402501 33C0
:00402503 A384344400
|:004024EE(C)
|
:00402508 8BC6
:0040250A 2BC7
:0040250C 010524344400
:00402512 8B4500
:00402515 2503000080
:0040251A 0BF0
:0040251C 897500
:0040251F B001
:00402521 E9A2000000
mov eax, esi

sub eax, edi
jne 0040252F
jl 00402526
cmp dword ptr [00443484], 0000000C
jge 00402508
add esi, dword ptr [00443484]
xor eax, eax
mov eax, esi

sub eax, edi
mov eax, dword ptr [ebp+00]
and eax, 80000003
or esi, eax
mov dword ptr [ebp+00], esi
mov al, 01
jmp 004025C8

|:004024D1(C)
|
:00402526 E851F9FFFF
call 00401E7C
:0040252B 8BDD
mov ebx, ebp
:0040252D 03DF
add ebx, edi
|:004024C6(C)
|
:0040252F F60302
:00402532 754D
:00402534 8BD3
:00402536 8BC2
:00402538 8B4808
:0040253B 890C24
:0040253E 8B0C24
:00402541 3B4C2404
:00402545 7D0E
:00402547 031424
:0040254A 8BDA
:0040254C 8B0424
:0040254F 29442404
:00402553 EB2C
|:00402545(C)
|
:00402555 E84AF6FFFF
:0040255A 8B442404
:0040255E 290424
:00402561 833C240C
:00402565 7C0E
:00402567 8BC5
:00402569 03C6
:0040256B 8B1424
:0040256E E881F8FFFF
:00402573 EB3A
test byte ptr [ebx], 02

jne 00402581
mov edx, ebx
mov eax, edx
cmp ecx, dword ptr [esp+04]
jge 00402555
add edx, dword ptr [esp]
mov ebx, edx
sub dword ptr [esp+04], eax
jmp 00402581
call 00401BA4
sub dword ptr [esp], eax
cmp dword ptr [esp], 0000000C
jl 00402575
mov eax, ebp
add eax, esi
mov edx, dword ptr [esp]
call 00401DF4
jmp 004025AF

|:00402565(C)
|
:00402575 033424
add esi, dword ptr [esp]
:00402578 8BDD
mov ebx, ebp
:0040257A 03DE
add ebx, esi
:0040257C 8323FE
and dword ptr [ebx], FFFFFFFE
:0040257F EB2E
jmp 004025AF
|:00402532(C), :00402553(U)
|
:00402581 8B03
:00402583 A900000080
:00402588 7421
:0040258A 25FCFFFF7F
:0040258F 03C3
:00402591 8BD8
:00402593 8B542404
:00402597 8BC3
:00402599 E8E2F9FFFF
:0040259E 84C0
:004025A0 7409
:004025A2 8BDD
:004025A4 03DF
:004025A6 E90DFFFFFF

test eax, 80000000
je 004025AB
and eax, 7FFFFFFC
add eax, ebx
mov ebx, eax
mov eax, ebx
call 00401F80
test al, al
je 004025AB
mov ebx, ebp
add ebx, edi
jmp 004024B8

|:00402588(C), :004025A0(C)
|
:004025AB 33C0
xor eax, eax
:004025AD EB19
jmp 004025C8
|:0040245D(C), :00402477(U), :004024AC(U), :004024B3(U), :00402573(U)
|:0040257F(U)
|
:004025AF 8BC6
mov eax, esi
:004025B1 2BC7
sub eax, edi
:004025B3 010524344400
:004025B9 8B4500
:004025BC 2503000080
and eax, 80000003
:004025C1 0BF0
or esi, eax
:004025C3 897500
:004025C6 B001
mov al, 01
|:00402521(U), :004025AD(U)
|
:004025C8 59
:004025C9 5A
:004025CA 5D
:004025CB 5F
:004025CC 5E
:004025CD 5B
:004025CE C3
:004025CF
:004025D0
:004025D1
:004025D3
:004025D4
:004025D5
:004025D6
:004025D7
:004025D9
:004025DB
:004025E2
:004025E4
:004025E9
:004025EB
:004025ED
:004025EF
:004025F2
nop
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
jne 004025F7
call 00401A00
test al, al
jne 004025F7
xor eax, eax
jmp 00402688
90
55
8BEC
51
53
56
57
8BF2
8BD8
803D2C34440000
7513
E817F4FFFF
84C0
750A
33C0
8945FC
E991000000
|:004025E2(C), :004025EB(C)
|
:004025F7 33D2
:004025F9 55
:004025FA 6881264000
:004025FF 64FF32
:00402602 648922
:00402605 803D4530440000
:0040260C 740A
pop
pop
pop
pop
pop
pop
ret
ecx
edx
ebp
edi
esi
ebx

xor edx, edx
push ebp
push 00402681
cmp byte ptr [00443045], 00
je 00402618
:0040260E 6834344400
push 00443434

|
:00402613 E844EDFFFF
Call 0040135C
|:0040260C(C)
|
:00402618 8BD6
:0040261A 8BC3
:0040261C E8DFFDFFFF
:00402621 84C0
:00402623 7405
:00402625 895DFC
:00402628 EB36
|:00402623(C)
|
:0040262A 8BC6
:0040262C E8A3FAFFFF
:00402631 8BF8
:00402633 8BC3
:00402635 83E804
:00402638 8B00
:0040263A 25FCFFFF7F
:0040263F 83E804
:00402642 3BF0
:00402644 7D02
:00402646 8BC6
|:00402644(C)
|
:00402648 85FF
:0040264A 7411
:0040264C 8BD7
:0040264E 8BCB
:00402650 91
:00402651 E856010000
:00402656 8BC3
:00402658 E8FFFBFFFF
mov edx, esi

mov eax, ebx
call 00402400
test al, al
je 0040262A
mov dword ptr [ebp-04], ebx
jmp 00402660
mov eax, esi

call 004020D4
mov edi, eax
mov eax, ebx
sub eax, 00000004
and eax, 7FFFFFFC
sub eax, 00000004
cmp esi, eax
jge 00402648
mov eax, esi
test edi, edi

je 0040265D
mov edx, edi
mov ecx, ebx
xchg eax,ecx
call 004027AC
mov eax, ebx
call 0040225C

|:0040264A(C)
|
:0040265D 897DFC
mov dword ptr [ebp-04], edi
|:00402628(U)
|
:00402660 33C0
:00402662 5A
:00402663 59
:00402664 59
:00402665 648910
:00402668 6888264000

xor eax, eax
pop edx
pop ecx
pop ecx
push 00402688
|:00402686(U)
|
:0040266D 803D4530440000
:00402674 740A
:00402676 6834344400
cmp byte ptr [00443045], 00

je 00402680
push 00443434

|
:0040267B E8E4ECFFFF
Call 00401364
|:00402674(C)
|
:00402680 C3
:00402681 E9F20B0000
:00402686 EBE5

ret
jmp 00403278
jmp 0040266D

|:004025F2(U)
|
:00402688 8B45FC
:0040268B 5F
pop edi
:0040268C 5E
pop esi
:0040268D 5B
pop ebx
:0040268E 59
pop ecx
:0040268F 5D
pop ebp
:00402690 C3
ret
:00402691 8D4000
* Referenced by a CALL at
|:00402BB8 , :00403880
|:0040744E , :0040749C
|:004121A0 , :0041349D
|:00417B7B , :004183B5
|:00420863 , :0042F82A
|
:00402694 85C0
:00402696 740A
:00402698 FF1514204400
:0040269E 09C0
:004026A0 7401

Addresses:
, :004042F9
, :00407AD8
, :00417510
, :00419585
, :004363E0
,
,
,
,
,
:00404948
:0040D0E9
:004175F7
:00419714
:0043CFEE
,
,
,
,
,
:00404CD0
:0040EE5A
:00417A6E
:0041A82E
:0043EC65
test eax, eax

je 004026A2
call dword ptr [00442014]
or eax, eax
je 004026A3

|:00402696(C)
|
:004026A2 C3
ret
|:004026A0(C)
|
:004026A3 B001
:004026A5 E976000000
:004026AA C3
:004026AB 90
nop
mov al, 01
jmp 00402720
ret
|:00402BE5 , :004037D3
|:00404313 , :00404A4A
|:00407B25 , :004097C7
|:004135AB , :00415F7F
|:0041639F , :004163AA
|:00417AB8 , :00417BE1
|:0041A9EC , :004208CA
|:0043ECE5 , :0043F995
|
:004026AC 85C0
:004026AE 740A
:004026B0 FF1518204400
:004026B6 09C0
:004026B8 7501
,
,
,
,
,
,
,
:004037FC
:00404D0E
:0040D122
:00415FA2
:004163B5
:004185AB
:0042F97B
,
,
,
,
,
,
,
:00403847
:00404D36
:0040EE99
:00415FC2
:00417596
:00419829
:004364E7
,
,
,
,
,
,
,
:00403871
:00407489
:004121FD
:00416394
:004176BE
:0041990A
:0043CFB7
test eax, eax

je 004026BA
or eax, eax
jne 004026BB

|:004026AE(C)
|
:004026BA C3
ret
|:004026B8(C)
|
:004026BB B002
:004026BD E95E000000
:004026C2 C3
:004026C3 90
nop
mov al, 02
jmp 00402720
ret

|:00403D2A , :00404939 , :0040CDAE , :0040E6D6
|
:004026C4 8B08
:004026C6 85C9
test ecx, ecx
:004026C8 7432
je 004026FC
:004026CA 85D2
test edx, edx
:004026CC 7418
je 004026E6
:004026CE 50
push eax
:004026CF 89C8
mov eax, ecx
:004026D1 FF151C204400
call dword ptr [0044201C]
:004026D7 59
pop ecx
:004026D8 09C0
or eax, eax
:004026DA 7419
je 004026F5
:004026DC 8901
:004026DE C3
ret

|:004026F2(C)
|
:004026DF B002
mov al, 02
:004026E1 E93A000000
jmp 00402720
|:004026CC(C)
|
:004026E6 8910
:004026E8 89C8
mov eax, ecx
:004026EA
:004026F0
:004026F2
:004026F4
FF1518204400
09C0
75EB
C3

or eax, eax
jne 004026DF
ret

|:004026DA(C), :0040270C(C)
|
:004026F5 B001
mov al, 01
:004026F7 E924000000
jmp 00402720
|:004026C8(C)
|
:004026FC 85D2
:004026FE 7410
:00402700 50
:00402701 89D0
:00402703 FF1514204400
:00402709 59
:0040270A 09C0
:0040270C 74E7
:0040270E 8901

test edx, edx
je 00402710
push eax
mov eax, edx
pop ecx
or eax, eax
je 004026F5

|:004026FE(C)
|
:00402710 C3
ret
:00402711 8D4000
|:0040862C , :00408635 , :00408644 , :0040864D
|
:00402714 E8FB330000
call 00405B14
:00402719 8B8000000000
:0040271F C3
ret

|:004048A5 , :004048FC , :00404EC4
|
|:004026A5(U), :004026BD(U), :004026E1(U), :004026F7(U), :0040277B(U)
|:00402DBD(U), :00403D6E(U), :00403F6A(U), :0040403E(U), :0040414E(U)
|:00404245(U), :00404452(U), :0040445A(U)
|
:00402720 83E07F
and eax, 0000007F
:00402723 8B0D04304400
mov ecx, dword ptr [00443004]
:00402729 85C9
test ecx, ecx
:0040272B 7403
je 00402730
:0040272D 5A
pop edx
:0040272E FFD1
call ecx
|:0040272B(C)
|
:00402730
:00402731
:00402737
:00402739
:0040273E
48
8A8049274000
790B
E8D6330000
8B8004000000
dec eax
mov al, byte ptr [eax+00402749]
jns 00402744
call 00405B14

|:00402737(C)
|
:00402744 E963100000
jmp 004037AC
:00402749 CB
retf
:0040274A
:0040274B
:0040274F
:00402753
:00402755
:00402756
:00402758
:0040275A
:0040275C
:0040275E
:00402760
:00402762
CC
C8C9D7CF
C8CDCEDB
D8CA
D9
DADC
DDDE
DFE0
E1E3
00E4
E5C3
8BC0
int 03
enter D7C9, CF
enter CECD, DB
fmul st(0), st(2)
BYTE 0d9h
fcmovu st(0), st(4)
fstp st(6)
fstsw ax
loopz 00402741
add ah, ah
in ax, C3
mov eax, eax

|:00408825
|
:00402764 50
push eax
:00402765 52
push edx
:00402766 51
push ecx
:00402767 E8A8330000
call 00405B14
:0040276C 83B80400000000
cmp dword ptr [eax+00000004], 00000000
:00402773 59
pop ecx
:00402774 5A
pop edx
:00402775 58
pop eax
:00402776 7501
jne 00402779
:00402778 C3
ret
|:00402776(C)
|
:00402779 31C0
:0040277B E9A0FFFFFF
:00402780 C3
:00402781 8D4000
xor eax, eax

jmp 00402720
ret

|:00405201 , :0040523F , :0040524C
|:00405391
|
, :004052C3
, :004052CA

|:004051B0(U), :004051D5(U), :0040538C(U)
|
:00402784
:00402785
:0040278A
:00402790
50
E88A330000
8F8004000000
C3
push eax
call 00405B14
pop dword ptr [eax+00000004]
ret
:00402791 8D4000

|:00408971
|
:00402794 E87B330000
call 00405B14
:00402799 31D2
xor edx, edx
:0040279B 8B8804000000
:004027A1 899004000000
:004027A7 89C8
mov eax, ecx
:004027A9 C3
ret
:004027AA 8BC0
|:00402651 , :00403827
|:00403ABE , :00403ACD
|:00403D58 , :00403EEF
|:0040499C , :0040CAF3
|:0040E161 , :0040E4C9
|:004158C7 , :00415AAD
|:0042F882 , :0043692D
|
:004027AC 56
:004027AD 57
:004027AE 89C6
:004027B0 89D7
:004027B2 89C8
:004027B4 39F7
:004027B6 7713
:004027B8 742F
:004027BA C1F902
:004027BD 782A
:004027BF F3
:004027C0 A5
:004027C1 89C1
:004027C3 83E103
:004027C6 F3
:004027C7 A4
:004027C8 5F
:004027C9 5E
:004027CA C3
mov eax, eax

Addresses:
, :004038B8
, :00403B21
, :0040410F
, :0040CC9B
, :0040EA86
, :00417534
|:004027B6(C)
|
:004027CB 8D740EFC
:004027CF 8D7C0FFC
:004027D3 C1F902
:004027D6 7811
:004027D8 FD
,
,
,
,
,
,
:00403A26
:00403C2D
:004041F8
:0040D118
:0040EC51
:0041850F
,
,
,
,
,
,
:00403A6B
:00403CA9
:004047DF
:0040D983
:004134CA
:0041DD63
push esi
push edi
mov esi, eax
mov edi, edx
mov eax, ecx
cmp edi, esi
ja 004027CB
je 004027E9
sar ecx, 02
js 004027E9
repz
movsd
mov ecx, eax
and ecx, 00000003
repz
movsb
pop edi
pop esi
ret

lea esi, dword ptr [esi+ecx-04]
lea edi, dword ptr [edi+ecx-04]
sar ecx, 02
js 004027E9
std
:004027D9
:004027DA
:004027DB
:004027DD
:004027E0
:004027E3
:004027E6
:004027E7
:004027E8
F3
A5
89C1
83E103
83C603
83C703
F3
A4
FC
repz
movsd
mov ecx,
and ecx,
add esi,
add edi,
repz
movsb
cld
eax
00000003
00000003
00000003

|:004027B8(C), :004027BD(C), :004027D6(C)
|
:004027E9 5F
pop edi
:004027EA 5E
pop esi
:004027EB C3
ret

|:00423A02 , :00423A0D , :0042C39F
|
:004027EC 83EC08
sub esp, 00000008
:004027EF DF3C24
fistp qword ptr [esp]
:004027F2 9B
wait
:004027F3 58
pop eax
:004027F4 5A
pop edx
:004027F5 C3
ret
:004027F6 8BC0
mov eax, eax
|:00402E04(U), :00402E1C(U)
|
:004027F8 833D1830440000
:004027FF 7406
:00402801 FF1518304400
|:004027FF(C)
|
:00402807 B8D2000000
:0040280C E99B0F0000
:00402811 C3
:00402812 8BC0
mov eax, eax
cmp dword ptr [00443018], 00000000

je 00402807
mov eax, 000000D2

jmp 004037AC
ret

|:00413DC6 , :00414227 , :00416FA7
|
:00402814 56
push esi
:00402815 57
push edi
:00402816 89C7
mov edi, eax
:00402818 31C0
xor eax, eax
:0040281A 89D6
mov esi, edx
:0040281C 8A02
mov al, byte ptr [edx]
:0040281E 38C8
cmp al, cl
:00402820 7712
ja 00402834
:00402822
:00402823
:00402825
:00402828
:0040282B
:0040282C
:0040282D
:0040282F
:00402830
:00402831
:00402832
:00402833
40
89C1
83E003
C1E902
F3
A5
89C1
F3
A4
5F
5E
C3
inc eax
mov ecx,
and eax,
shr ecx,
repz
movsd
mov ecx,
repz
movsb
pop edi
pop esi
ret
eax
00000003
02
eax
|:00402820(C)
|
:00402834 880F
:00402836 46
:00402837 47
:00402838 81E1FF000000
:0040283E F3
:0040283F A4
:00402840 5F
:00402841 5E
:00402842 C3
:00402843 90
nop
mov byte ptr [edi], cl

inc esi
inc edi
and ecx, 000000FF
repz
movsb
pop edi
pop esi
ret

|:0043F0A5
|
:00402844 53
push ebx
:00402845 56
push esi
:00402846 57
push edi
:00402847 89C6
mov esi, eax
:00402849 89D7
mov edi, edx
:0040284B 31C0
xor eax, eax
:0040284D 31D2
xor edx, edx
:0040284F 8A06
mov al, byte ptr [esi]
:00402851 8A17
mov dl, byte ptr [edi]
:00402853 46
inc esi
:00402854 47
inc edi
:00402855 29D0
sub eax, edx
:00402857 7702
ja 0040285B
:00402859 01C2
add edx, eax
|:00402857(C)
|
:0040285B 52
push edx
:0040285C C1EA02
shr edx, 02
:0040285F 7426
je 00402887
|:0040287D(C)
|
:00402861 8B0E
mov ecx, dword ptr [esi]
:00402863
:00402865
:00402867
:00402869
:0040286A
:0040286C
:0040286F
:00402872
:00402874
:00402876
:00402879
:0040287C
:0040287D
:0040287F
8B1F
39D9
7544
4A
7415
8B4E04
8B5F04
39D9
7537
83C608
83C708
4A
75E2
EB06
mov ebx, dword ptr [edi]

cmp ecx, ebx
jne 004028AD
dec edx
je 00402881
mov ecx, dword ptr [esi+04]
mov ebx, dword ptr [edi+04]
cmp ecx, ebx
jne 004028AD
add esi, 00000008
add edi, 00000008
dec edx
jne 00402861
jmp 00402887

|:0040286A(C)
|
:00402881 83C604
add esi, 00000004
:00402884 83C704
add edi, 00000004
|:0040285F(C), :0040287F(U)
|
:00402887 5A
:00402888 83E203
:0040288B 741C
:0040288D 8A0E
:0040288F 3A0F
:00402891 752F
:00402893 4A
:00402894 7413
:00402896 8A4E01
:00402899 3A4F01
:0040289C 7524
:0040289E 4A
:0040289F 7408
:004028A1 8A4E02
:004028A4 3A4F02
:004028A7 7519

pop edx
and edx, 00000003
je 004028A9
mov cl, byte ptr [esi]
cmp cl, byte ptr [edi]
jne 004028C2
dec edx
je 004028A9
mov cl, byte ptr [esi+01]
cmp cl, byte ptr [edi+01]
jne 004028C2
dec edx
je 004028A9
jne 004028C2

|:0040288B(C), :00402894(C), :0040289F(C)
|
:004028A9 01C0
add eax, eax
:004028AB EB15
jmp 004028C2
|:00402867(C), :00402874(C)
|
:004028AD 5A
:004028AE 38D9
:004028B0 7510
:004028B2 38FD
:004028B4 750C
:004028B6 C1E910
:004028B9 C1EB10
:004028BC 38D9
:004028BE 7502
:004028C0 38FD

pop
cmp
jne
cmp
jne
shr
shr
cmp
jne
cmp
edx
cl, bl
004028C2
ch, bh
004028C2
ecx, 10
ebx, 10
cl, bl
004028C2
ch, bh

|:00402891(C), :0040289C(C), :004028A7(C), :004028AB(U), :004028B0(C)
|:004028B4(C), :004028BE(C)
|
:004028C2 5F
pop edi
:004028C3 5E
pop esi
:004028C4 5B
pop ebx
:004028C5 C3
ret
:004028C6 8BC0
mov eax, eax

|:004031BA
|
:004028C8 53
push ebx
:004028C9 56
push esi
:004028CA 51
push ecx
:004028CB 89CE
mov esi, ecx
:004028CD C1EE02
shr esi, 02
:004028D0 7426
je 004028F8
|:004028EE(C)
|
:004028D2 8B08
:004028D4 8B1A
mov ebx, dword ptr [edx]
:004028D6 39D9
cmp ecx, ebx
:004028D8 7545
jne 0040291F
:004028DA 4E
dec esi
:004028DB 7415
je 004028F2
:004028DD 8B4804
:004028E0 8B5A04
mov ebx, dword ptr [edx+04]
:004028E3 39D9
cmp ecx, ebx
:004028E5 7538
jne 0040291F
:004028E7 83C008
add eax, 00000008
:004028EA 83C208
add edx, 00000008
:004028ED 4E
dec esi
:004028EE 75E2
jne 004028D2
:004028F0 EB06
jmp 004028F8
|:004028DB(C)
|
:004028F2 83C004
add eax, 00000004
:004028F5 83C204
add edx, 00000004
|:004028D0(C), :004028F0(U)
|
:004028F8 5E
:004028F9 83E603
:004028FC 7436
:004028FE 8A08
:00402900 3A0A
:00402902 7530
:00402904 4E
:00402905 7413
:00402907 8A4801

pop esi
and esi, 00000003
je 00402934
mov cl, byte ptr [eax]
cmp cl, byte ptr [edx]
jne 00402934
dec esi
je 0040291A
mov cl, byte ptr [eax+01]
:0040290A
:0040290D
:0040290F
:00402910
:00402912
:00402915
:00402918
3A4A01
7525
4E
7408
8A4802
3A4A02
751A
cmp cl, byte ptr [edx+01]

jne 00402934
dec esi
je 0040291A
jne 00402934
|:00402905(C), :00402910(C)
|
:0040291A 31C0
:0040291C 5E
:0040291D 5B
:0040291E C3
|:004028D8(C), :004028E5(C)
|
:0040291F 5E
:00402920 38D9
:00402922 7510
:00402924 38FD
:00402926 750C
:00402928 C1E910
:0040292B C1EB10
:0040292E 38D9
:00402930 7502
:00402932 38FD
xor eax, eax

pop esi
pop ebx
ret
pop
cmp
jne
cmp
jne
shr
shr
cmp
jne
cmp
esi
cl, bl
00402934
ch, bh
00402934
ecx, 10
ebx, 10
cl, bl
00402934
ch, bh

|:004028FC(C), :00402902(C), :0040290D(C), :00402918(C), :00402922(C)
|:00402926(C), :00402930(C)
|
:00402934 5E
pop esi
:00402935 5B
pop ebx
:00402936 C3
ret
:00402937 90
|:0040496F , :004049C3
|:00414208 , :00415834
|:00417AEC , :00418C57
|:0041999E , :00419A12
|:0042B1A8 , :00431DD9
|
:00402938 57
:00402939 89C7
:0040293B 88CD
:0040293D 89C8
:0040293F C1E010
:00402942 6689C8
:00402945 89D1
:00402947 C1F902
:0040294A 7809
:0040294C F3
nop
Addresses:
, :0040745B
, :0041603A
, :00419393
, :00419E6E
, :0043CC2B
,
,
,
,
:0040CE3B
:0041620E
:004195C6
:0041A315
push edi
mov edi, eax
mov ch, cl
mov eax, ecx
shl eax, 10
mov ax, cx
mov ecx, edx
sar ecx, 02
js 00402955
repz
,
,
,
,
:0040D0F8
:0041621D
:00419924
:00426214
:0040294D
:0040294E
:00402950
:00402953
:00402954
AB
89D1
83E103
F3
AA
stosd
mov ecx, edx
and ecx, 00000003
repz
stosb

|:0040294A(C)
|
:00402955 5F
pop edi
:00402956 C3
ret
:00402957 90
nop

|:00407666 , :0040834D
|
:00402958 53
push ebx
:00402959 56
push esi
:0040295A 57
push edi
:0040295B 89C6
mov esi, eax
:0040295D 50
push eax
:0040295E 85C0
test eax, eax
:00402960 7473
je 004029D5
:00402962 31C0
xor eax, eax
:00402964 31DB
xor ebx, ebx
:00402966 BFCCCCCC0C
mov edi, 0CCCCCCC
|:00402971(C)
|
:0040296B 8A1E
mov bl, byte ptr [esi]
:0040296D 46
inc esi
:0040296E 80FB20
cmp bl, 20
:00402971 74F8
je 0040296B
:00402973 B500
mov ch, 00
:00402975 80FB2D
cmp bl, 2D
:00402978 7469
je 004029E3
:0040297A 80FB2B
cmp bl, 2B
:0040297D 7466
je 004029E5
:0040297F 80FB24
cmp bl, 24
:00402982 7466
je 004029EA
:00402984 80FB78
cmp bl, 78
:00402987 7461
je 004029EA
:00402989 80FB58
cmp bl, 58
:0040298C 745C
je 004029EA
:0040298E 80FB30
cmp bl, 30
:00402991 7513
jne 004029A6
:00402993 8A1E
:00402995 46
inc esi
:00402996 80FB78
cmp bl, 78
:00402999 744F
je 004029EA
:0040299B 80FB58
cmp bl, 58
:0040299E 744A
je 004029EA
:004029A0 84DB
test bl, bl
:004029A2 7420
je 004029C4
:004029A4 EB04
jmp 004029AA
|:00402991(C), :004029E8(U)
|
:004029A6 84DB
:004029A8 7434
|:004029A4(U), :004029C2(C)
|
:004029AA 80EB30
:004029AD 80FB09
:004029B0 772C
:004029B2 39F8
:004029B4 7728
:004029B6 8D0480
:004029B9 01C0
:004029BB 01D8
:004029BD 8A1E
:004029BF 46
:004029C0 84DB
:004029C2 75E6
test bl, bl
je 004029DE
sub bl, 30
cmp bl, 09
ja 004029DE
cmp eax, edi
ja 004029DE
lea eax, dword ptr [eax+4*eax]
add eax, eax
add eax, ebx
inc esi
test bl, bl
jne 004029AA

|:004029A2(C)
|
:004029C4 FECD
dec ch
:004029C6 7410
je 004029D8
:004029C8 85C0
test eax, eax
:004029CA 7C12
jl 004029DE
|:004029DA(C), :004029DC(C), :00402A21(U)
|
:004029CC 59
pop ecx
:004029CD 31F6
xor esi, esi
|:004029E1(U)
|
:004029CF 8932
mov dword ptr [edx], esi
:004029D1 5F
pop edi
:004029D2 5E
pop esi
:004029D3 5B
pop ebx
:004029D4 C3
ret

|:00402960(C), :004029F4(C)
|
:004029D5 46
inc esi
:004029D6 EB06
jmp 004029DE
|:004029C6(C)
|
:004029D8 F7D8
neg eax
:004029DA 7EF0
jle 004029CC
:004029DC 78EE
js 004029CC
|:004029A8(C), :004029B0(C), :004029B4(C), :004029CA(C), :004029D6(U)

|:00402A0C(C), :00402A13(C)
|
:004029DE 5B
pop ebx
:004029DF 29DE
sub esi, ebx
:004029E1 EBEC
jmp 004029CF
|:00402978(C)
|
:004029E3 FEC5
inc ch
|:0040297D(C)
|
:004029E5 8A1E
:004029E7 46
inc esi
:004029E8 EBBC
jmp 004029A6
|:00402982(C), :00402987(C), :0040298C(C), :00402999(C), :0040299E(C)
|
:004029EA BFFFFFFF0F
mov edi, 0FFFFFFF
:004029EF 8A1E
:004029F1 46
inc esi
:004029F2 84DB
test bl, bl
:004029F4 74DF
je 004029D5
|:00402A1F(C)
|
:004029F6 80FB61
cmp bl, 61
:004029F9 7203
jb 004029FE
:004029FB 80EB20
sub bl, 20
|:004029F9(C)
|
:004029FE 80EB30
sub bl, 30
:00402A01 80FB09
cmp bl, 09
:00402A04 760B
jbe 00402A11
:00402A06 80EB11
sub bl, 11
:00402A09 80FB05
cmp bl, 05
:00402A0C 77D0
ja 004029DE
:00402A0E 80C30A
add bl, 0A
|:00402A04(C)
|
:00402A11 39F8
cmp eax, edi
:00402A13 77C9
ja 004029DE
:00402A15 C1E004
shl eax, 04
:00402A18 01D8
add eax, ebx
:00402A1A 8A1E
:00402A1C 46
inc esi
:00402A1D 84DB
test bl, bl
:00402A1F 75D5
jne 004029F6
:00402A21 EBA9
jmp 004029CC
:00402A23 C3
ret

|:0043F095
|
:00402A24 50
push eax
:00402A25 B1FF
mov cl, FF
|:00402A33(C)
|
:00402A27 8A2A
mov ch, byte ptr [edx]
:00402A29 42
inc edx
:00402A2A 84ED
test ch, ch
:00402A2C 7407
je 00402A35
:00402A2E 40
inc eax
:00402A2F 8828
mov byte ptr [eax], ch
:00402A31 FEC9
dec cl
:00402A33 75F2
jne 00402A27
|:00402A2C(C)
|
:00402A35 5A
pop edx
:00402A36 29D0
sub eax, edx
:00402A38 8802
mov byte ptr [edx], al
:00402A3A C3
ret
:00402A3B 90
nop

|:00413DB8
|
:00402A3C 53
push ebx
:00402A3D 50
push eax
:00402A3E 81F9FF000000
cmp ecx, 000000FF
:00402A44 7605
jbe 00402A4B
:00402A46 B9FF000000
mov ecx, 000000FF
|:00402A44(C), :00402A56(C)
|
:00402A4B 8A1A
:00402A4D 42
:00402A4E 84DB
:00402A50 7406
:00402A52 40
:00402A53 8818
:00402A55 49
:00402A56 75F3

mov bl, byte ptr [edx]
inc edx
test bl, bl
je 00402A58
inc eax
mov byte ptr [eax], bl
dec ecx
jne 00402A4B

|:00402A50(C)
|
:00402A58 5A
pop edx
:00402A59 29D0
sub eax, edx
:00402A5B 8802
mov byte ptr [edx], al
:00402A5D 5B
pop ebx
:00402A5E C3
ret
:00402A5F 90
nop

|:00402A6D , :00402A79
|
* Reference To: user32.GetKeyboardType, Ord:0000h
|
:00402A60 FF2584414400
:00402A66 8BC0
mov eax, eax
|:00405A2F
|
:00402A68 53
push ebx
:00402A69 33DB
xor ebx, ebx
:00402A6B 6A00
push 00000000
|
:00402A6D E8EEFFFFFF
Call 00402A60
:00402A72 83F807
cmp eax, 00000007
:00402A75 751C
jne 00402A93
:00402A77 6A01
push 00000001
|
:00402A79 E8E2FFFFFF
Call 00402A60
:00402A7E 2500FF0000
and eax, 0000FF00
:00402A83 3D000D0000
cmp eax, 00000D00
:00402A88 7407
je 00402A91
:00402A8A 3D00040000
cmp eax, 00000400
:00402A8F 7502
jne 00402A93
|:00402A88(C)
|
:00402A91 B301
mov bl, 01
|:00402A75(C), :00402A8F(C)
|
:00402A93 8BC3
:00402A95 5B
:00402A96 C3
:00402A97 90
nop
mov eax, ebx

pop ebx
ret

|:00405A38
|
:00402A98 55
push ebp
:00402A99 8BEC
mov ebp, esp
:00402A9B 83C4F4
add esp, FFFFFFF4
:00402A9E 0FB70500204400
movzx eax, word ptr [00442000]
:00402AA5 8945F8
:00402AA8 8D45FC
lea eax, dword ptr [ebp-04]
:00402AAB 50
:00402AAC 6A01
:00402AAE 6A00
push eax
push 00000001
push 00000000
* Possible StringData Ref from Code Obj ->"SOFTWARE\Borland\Delphi\RTL"

|
:00402AB0 68302B4000
push 00402B30
:00402AB5 6802000080
push 80000002
|
:00402ABA E8E9E7FFFF
Call 004012A8
:00402ABF 85C0
test eax, eax
:00402AC1 754D
jne 00402B10
:00402AC3 33C0
xor eax, eax
:00402AC5 55
push ebp
:00402AC6 68092B4000
push 00402B09
:00402ACB 64FF30
push dword ptr fs:[eax]
:00402ACE 648920
mov dword ptr fs:[eax], esp
:00402AD1 C745F404000000
mov [ebp-0C], 00000004
:00402AD8 8D45F4
lea eax, dword ptr [ebp-0C]
:00402ADB 50
push eax
:00402ADC 8D45F8
:00402ADF 50
push eax
:00402AE0 6A00
push 00000000
:00402AE2 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"FPUMaskValue"
|
:00402AE4 684C2B4000
push 00402B4C
:00402AE9 8B45FC
:00402AEC 50
push eax
|
:00402AED E8BEE7FFFF
Call 004012B0
:00402AF2 33C0
xor eax, eax
:00402AF4 5A
pop edx
:00402AF5 59
pop ecx
:00402AF6 59
pop ecx
:00402AF7 648910
:00402AFA 68102B4000
push 00402B10
|:00402B0E(U)
|
:00402AFF 8B45FC
:00402B02 50
push eax
|
:00402B03 E898E7FFFF
Call 004012A0
:00402B08 C3
ret
:00402B09 E96A070000
:00402B0E EBEF
jmp 00403278
jmp 00402AFF

|:00402AC1(C)
|
:00402B10
:00402B16
:00402B1A
:00402B1E
:00402B22
:00402B25
:00402B2B
:00402B2D
:00402B2E
66A100204400
6625C0FF
668B55F8
6683E23F
660BC2
66A300204400
8BE5
5D
C3
mov ax, word ptr [00442000]

and ax, FFC0
mov dx, word ptr [ebp-08]
and dx, 003F
or ax, dx
mov word ptr [00442000], ax
mov esp, ebp
pop ebp
ret
:00402B2F 00
BYTE 0
:00402B30
:00402B31
:00402B32
:00402B33
:00402B34
:00402B35
:00402B36
:00402B37
:00402B38
:00402B39
:00402B3A
:00402B3B
:00402B3D
:00402B3E
:00402B3F
push ebx
dec edi
inc esi
push esp
push edi
inc ecx
push edx
inc ebp
pop esp
inc edx
outsd
jb 00402BA9
popad
outsb
BYTE 064h
53
4F
46
54
57
41
52
45
5C
42
6F
726C
61
6E
64
:00402B40 5C
:00402B41 44
:00402B42 65
pop esp
inc esp
BYTE 065h
:00402B43
:00402B44
:00402B46
:00402B4E
:00402B4F
:00402B50
:00402B51
:00402B53
:00402B54
:00402B55
:00402B56
:00402B58
insb
jo 00402BAE
imul ebx, dword ptr [edx+2*edx+54], 5046004C
push ebp
dec ebp
popad
jnb 00402BBE
push esi
popad
insb
jne 00402BBD
BYTE 4 DUP(0)
6C
7068
695C52544C004650
55
4D
61
736B
56
61
6C
7565
00000000

|:00403090 , :0040315A , :00403422 , :00405A3D
|
:00402B5C DBE3
finit
:00402B5E 9B
wait
:00402B5F D92D00204400
fldcw [00442000]
:00402B65 C3
ret
:00402B66 8BC0
mov eax, eax

|:0040C352 , :0040C9DF , :004164F7 , :00416500 , :00416C88
|:00416D46 , :00424C54 , :00427B2E , :004380E6 , :0043830B
|:00438C54 , :0043F9FF
|
:00402B68 8B00
:00402B6A C3
ret
:00402B6B 90
|:0040876B , :0040C38B
|:0040D28A , :0040D343
|:004209B4 , :004262D4
|
:00402B6C 56
:00402B6D 57
:00402B6E 89D7
:00402B70 8B70D4
:00402B73 31C9
:00402B75 8A0E
:00402B77 41
:00402B78 F3
:00402B79 A4
:00402B7A 5F
:00402B7B 5E
:00402B7C C3
:00402B7D 8D4000
nop
Addresses:
, :0040C449
, :0041011B
, :00438139
, :0040C949
, :00416A0C
, :0040D250
, :00416F9A
push esi
push edi
mov edi, edx
mov esi, dword ptr [eax-2C]
xor ecx, ecx
inc ecx
repz
movsb
pop edi
pop esi
ret

|:0040C2A3
|
:00402B80 53
push ebx
:00402B81 31DB
xor ebx, ebx
:00402B83 09D2
or edx, edx
:00402B85 741C
je 00402BA3
:00402B87 8B40D4
mov eax, dword ptr [eax-2C]
:00402B8A 31C9
xor ecx, ecx
:00402B8C 8A08
:00402B8E 3B4AFC
cmp ecx, dword ptr [edx-04]
:00402B91 7510
jne 00402BA3
:00402B93 4A
dec edx
|:00402BA0(C)
|
:00402B94 8A3C08
mov bh, byte ptr [eax+ecx]
:00402B97 323C0A
xor bh, byte ptr [edx+ecx]
:00402B9A 80E7DF
and bh, DF
:00402B9D 7504
jne 00402BA3
:00402B9F 49
dec ecx
:00402BA0 75F2
jne 00402B94
:00402BA2 43
inc ebx

|:00402B85(C), :00402B91(C), :00402B9D(C)
|
:00402BA3 88D8
mov al, bl
:00402BA5 5B
pop ebx
:00402BA6 C3
ret
:00402BA7 90
nop

|:0040C3B6 , :0040C4BB , :0040C934
|
:00402BA8 8B40DC
mov eax, dword ptr [eax-24]
:00402BAB 85C0
test eax, eax
:00402BAD 7402
je 00402BB1
:00402BAF 8B00
|:00402BAD(C)
|
:00402BB1 C3
:00402BB2 8BC0
:00402BB4 50
:00402BB5 8B40D8
:00402BB8 E8D7FAFFFF
|:00402B56(C)
|
:00402BBD 89C2
:00402BBF 58
:00402BC0 E967000000
:00402BC5 C3
:00402BC6 8BC0
mov eax, eax
ret
mov eax, eax
push eax
call 00402694
mov edx, eax

pop eax
jmp 00402C2C
ret

|:0040892E
|
:00402BC8 53
push ebx
:00402BC9 56
push esi
:00402BCA 89C3
mov ebx, eax
:00402BCC 89C6
mov esi, eax
|:00402BE3(C)
|
:00402BCE 8B36
:00402BD0 8B56C0
:00402BD3 8B76DC
:00402BD6 85D2
:00402BD8 7407
:00402BDA E8F1130000
:00402BDF 89D8

mov edx, dword ptr [esi-40]
mov esi, dword ptr [esi-24]
test edx, edx
je 00402BE1
call 00403FD0
mov eax, ebx

|:00402BD8(C)
|
:00402BE1
:00402BE3
:00402BE5
:00402BEA
:00402BEB
:00402BEC
85F6
75E9
E8C2FAFFFF
5E
5B
C3
test esi, esi

jne 00402BCE
call 004026AC
pop esi
pop ebx
ret
:00402BED 8D4000
|:00409846 , :0040C7FA
|:0040EC80 , :0040F051
|:00410B92 , :004115AF
|:00411F54 , :0041248C
|:00416584 , :004167ED
|:004171C8 , :0041746B
|:0041A11F , :0041A2E6
|:0042177D , :00421CEE
|:00425C33 , :00425D1A
|:0042CED6 , :0042DBD7
|:0042F2FF , :0042F9B2
|:00434009 , :00436CD4
|:0043CB85 , :0043CB97
|:0043CBDF , :0043D032
|
:00402BF0 84D2
:00402BF2 7408
:00402BF4 83C4F0
:00402BF7 E808030000

Addresses:
, :0040C830
, :0040F06E
, :0041162F
, :004148F3
, :00416AD5
, :00417962
, :0041A384
, :00422029
, :004279B2
, :0042DBE6
, :0043226C
, :0043790B
, :0043CBA9
, :0043D721
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040CE7E
:0040F4C5
:00411CE1
:00416406
:00416AE4
:00418B56
:0041A43C
:0042544A
:00429428
:0042E675
:004329C2
:00438597
:0043CBBB
:0043DAA8
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040CE93
:0040FD12
:00411DD2
:0041655D
:00416C26
:0041943F
:0042114F
:00425AB5
:0042C51C
:0042F2D8
:00433FF8
:0043CB2A
:0043CBCD
:0043DAB7
test dl, dl
je 00402BFC
add esp, FFFFFFF0
call 00402F04
|:00402BF2(C)
|
:00402BFC 84D2
:00402BFE 740F
:00402C00 E857030000
:00402C05 648F0500000000
:00402C0C 83C40C

test dl, dl
je 00402C0F
call 00402F5C
pop dword ptr fs:[00000000]
add esp, 0000000C

|:00402BFE(C)
|
:00402C0F C3
ret
|:004098B1 , :0040CEF3
|:0040EDCF , :00411D30
|:0041A0CA , :00420C72
|
:00402C10 E84F030000
:00402C15 84D2
:00402C17 7E05
:00402C19 E836030000
Addresses:
, :0040D01F
, :00411FA5
, :0042B079
, :0040D1F5
, :004170EF
, :0042CF6B
, :0040EAD5
, :00418123
, :0042FADC
call 00402F64
test dl, dl
jle 00402C1E
call 00402F54

|:00402C17(C)
|
:00402C1E C3
ret
:00402C1F 90
nop
* Referenced
|:004032FC
|:0040C8E7
|:0040E8D2
|:0040F2E8
|:0040FC9D
|:00411797
|:004123DD
|:004149C3
|:00416672
|:00416CCD
|:004180DC
|:0041A407
|:0041AA64
|:0041AA9B
|:00421C0E
|:00422588
|:004254E6
|:004294F3
|:0042BFB6
|:0042C226
|:0042D42B
|:0042DC46
|:0042E636
|:0042EF35
|:0042F686
|:0042FA84
|:004319FB
|:00433BC5
|:004379FA
|:004392BF
|:0043CD34
|:0043CD5C
|:0043DCCD
|:00440539
|
by a CALL at
, :00403336
, :0040CEE5
, :0040F10B
, :0040F526
, :00410C52
, :00411E2A
, :004123E7
, :004149CB
, :004166FD
, :00416D9E
, :00418BB1
, :0041A470
, :0041AA6E
, :0041AAA5
, :00421C3A
, :0042268E
, :00425B11
, :0042A039
, :0042C003
, :0042C27C
, :0042D43C
, :0042DFDE
, :0042E7D6
, :0042F33D
, :0042F6A3
, :00430F1D
, :0043254E
, :00433F8A
, :004383FB
, :004393C5
, :0043CD3C
, :0043CD7D
, :0043DCD8
, :00441332
Addresses:
, :00408F8C
, :0040D40B
, :0040F136
, :0040F725
, :00410C8E
, :00411F94
, :004123FA
, :004149D3
, :00416B4A
, :00416DC8
, :004194A3
, :0041A96F
, :0041AA7D
, :0041B54E
, :00421D18
, :00423EF8
, :00425CDF
, :0042A92D
, :0042C15E
, :0042C5C2
, :0042D59E
, :0042DFE6
, :0042EA8C
, :0042F35A
, :0042F74A
, :00430F48
, :00432A1A
, :00433F94
, :00438406
, :0043BBF4
, :0043CD44
, :0043CD89
, :0043F296
|:00403135(U), :0040326A(U)
|
:00402C20 85C0
:00402C22 7407
:00402C24 8B08
:00402C26 B201
:00402C28 FF51FC
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040C7CC
:0040DAB6
:0040F186
:0040F731
:00411547
:00412364
:00412411
:004165F2
:00416B52
:00416F14
:0041A0BE
:0041A9E4
:0041AA87
:0041E6DE
:00422573
:00425392
:00425DCD
:0042B06D
:0042C192
:0042D403
:0042DC27
:0042E616
:0042EAA9
:0042F659
:0042FA74
:00430F50
:00432A22
:00437851
:00438411
:0043BCAC
:0043CD4C
:0043D774
:0043F5B3
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040C888
:0040DD4D
:0040F260
:0040F9C9
:00411661
:00412391
:00412420
:0041660F
:00416C5E
:00416F26
:0041A351
:0041AA5A
:0041AA91
:00420C66
:00422580
:004253F3
:00427988
:0042BE01
:0042C21F
:0042D418
:0042DC35
:0042E625
:0042EF18
:0042F661
:0042FA7C
:00430F79
:00433A8F
:0043785C
:0043841C
:0043CD2C
:0043CD54
:0043DCC5
:0043FA11

test eax, eax
je 00402C2B
mov dl, 01
call [ecx-04]

|:00402C22(C)
|
:00402C2B C3
ret
|:00402BC0(U)
|
:00402C2C 53
push ebx
:00402C2D 56
push esi
:00402C2E 57
push edi
:00402C2F 89C3
mov ebx, eax
:00402C31 89D7
mov edi, edx
:00402C33
:00402C34
:00402C37
:00402C39
:00402C3A
:00402C3D
:00402C3E
:00402C3F
:00402C40
:00402C41
:00402C44
:00402C45
:00402C46
:00402C48
AB
8B4BD8
31C0
51
C1E902
49
F3
AB
59
83E103
F3
AA
89D0
89E2
stosd
mov ecx,
xor eax,
push ecx
shr ecx,
dec ecx
repz
stosd
pop ecx
and ecx,
repz
stosb
mov eax,
mov edx,
dword ptr [ebx-28]

eax
02
00000003
edx
esp

|:00402C5B(U)
|
:00402C4A 8B4BB8
mov ecx, dword ptr [ebx-48]
:00402C4D 85C9
test ecx, ecx
:00402C4F 7401
je 00402C52
:00402C51 51
push ecx
|:00402C4F(C)
|
:00402C52 8B5BDC
mov ebx, dword ptr [ebx-24]
:00402C55 85DB
test ebx, ebx
:00402C57 7404
je 00402C5D
:00402C59 8B1B
:00402C5B EBED
jmp 00402C4A
|:00402C57(C)
|
:00402C5D 39D4
cmp esp, edx
:00402C5F 741D
je 00402C7E
|:00402C7C(C)
|
:00402C61 5B
pop ebx
:00402C62 8B0B
mov ecx, dword ptr [ebx]
:00402C64 83C304
add ebx, 00000004
|:00402C78(C)
|
:00402C67 8B7310
:00402C6A 85F6
test esi, esi
:00402C6C 7406
je 00402C74
:00402C6E 8B7B14
mov edi, dword ptr [ebx+14]
:00402C71 893438
mov dword ptr [eax+edi], esi
|:00402C6C(C)
|
:00402C74 83C31C
add ebx, 0000001C
:00402C77 49
dec ecx
:00402C78 75ED
jne 00402C67
:00402C7A 39D4
:00402C7C 75E3
cmp esp, edx

jne 00402C61

|:00402C5F(C)
|
:00402C7E 5F
pop edi
:00402C7F 5E
pop esi
:00402C80 5B
pop ebx
:00402C81 C3
ret
:00402C82 8BC0
mov eax, eax

|:00402CFC
|
:00402C84 87CA
xchg edx, ecx
:00402C86 81F9000000FF
cmp ecx, FF000000
:00402C8C 7311
jnb 00402C9F
:00402C8E 81F9000000FE
cmp ecx, FE000000
:00402C94 7207
jb 00402C9D
:00402C96 0FBFC9
movsx ecx, cx
:00402C99 0308
add ecx, dword ptr [eax]
:00402C9B FF21
jmp dword ptr [ecx]
|:00402C94(C)
|
:00402C9D FFE1
jmp ecx
|:00402C8C(C)
|
:00402C9F 81E1FFFFFF00
:00402CA5 01C1
:00402CA7 89D0
:00402CA9 8B11
:00402CAB E9E4210000
:00402CB0 C3
:00402CB1 8D4000
and
add
mov
mov
jmp
ret
ecx, 00FFFFFF
ecx, eax
eax, edx
00404E94

|:00404EDB , :00411CA3
|
:00402CB4 55
push ebp
:00402CB5 8BEC
mov ebp, esp
:00402CB7 83C4F8
add esp, FFFFFFF8
:00402CBA 53
push ebx
:00402CBB 56
push esi
:00402CBC 57
push edi
:00402CBD 33DB
xor ebx, ebx
:00402CBF 895DF8
:00402CC2 8BF9
mov edi, ecx
:00402CC4 8955FC
mov dword ptr [ebp-04], edx
:00402CC7 8BF0
mov esi, eax
:00402CC9 33C0
xor eax, eax
:00402CCB 55
push ebp
:00402CCC
:00402CD1
:00402CD4
:00402CD7
:00402CDA
:00402CDC
:00402CE1
:00402CE3
:00402CE5
:00402CE7
:00402CEA
:00402CEC
:00402CEE
:00402CF0
:00402CF2
683C2D4000
64FF30
648920
8B55FC
8B06
E86B000000
8BD8
85DB
7439
8B4314
85C0
7406
03F0
8937
EB17
|:00402CEC(C)
|
:00402CF4 8D4DF8
:00402CF7 8B5318
:00402CFA 8BC6
:00402CFC E883FFFFFF
:00402D01 8B55F8
:00402D04 8BC7
:00402D06 E889210000
push 00402D3C
mov edx, dword ptr [ebp-04]
call 00402D4C
mov ebx, eax
test ebx, ebx
je 00402D20
test eax, eax
je 00402CF4
add esi, eax
mov dword ptr [edi], esi
jmp 00402D0B
lea ecx, dword ptr [ebp-08]
mov eax, esi
call 00402C84
mov eax, edi
call 00404E94

|:00402CF2(U)
|
:00402D0B 833F00
cmp dword ptr [edi], 00000000
:00402D0E 740C
je 00402D1C
:00402D10 8B07
:00402D12 50
push eax
:00402D13 8B00
:00402D15 FF5004
call [eax+04]
:00402D18 B301
mov bl, 01
:00402D1A EB0A
jmp 00402D26
|:00402D0E(C)
|
:00402D1C 33DB
xor ebx, ebx
:00402D1E EB06
jmp 00402D26
|:00402CE5(C)
|
:00402D20 33C0
xor eax, eax
:00402D22 8907
:00402D24 33DB
xor ebx, ebx
|:00402D1A(U), :00402D1E(U)
|
:00402D26 33C0
:00402D28 5A
:00402D29 59
:00402D2A 59
:00402D2B 648910

xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx
dword ptr fs:[eax], edx
:00402D2E 68432D4000
push 00402D43
|:00402D41(U)
|
:00402D33 8D45F8
:00402D36 E841210000
:00402D3B C3
:00402D3C
:00402D41
:00402D43
:00402D45
:00402D46
:00402D47
:00402D48
:00402D49
:00402D4A
:00402D4B
jmp
jmp
mov
pop
pop
pop
pop
pop
pop
ret
E937050000
EBF0
8BC3
5F
5E
5B
59
59
5D
C3

call 00404E7C
ret
00403278
00402D33
eax, ebx
edi
esi
ebx
ecx
ecx
ebp

|:00402CDC
|
:00402D4C 53
push ebx
:00402D4D 56
push esi
:00402D4E 89C3
mov ebx, eax
|:00402D89(U)
|
:00402D50 8B43B8
mov eax, dword ptr [ebx-48]
:00402D53 85C0
test eax, eax
:00402D55 7429
je 00402D80
:00402D57 8B08
:00402D59 83C004
add eax, 00000004
|:00402D7E(C)
|
:00402D5C 8B32
:00402D5E 3B30
cmp esi, dword ptr [eax]
:00402D60 7518
jne 00402D7A
:00402D62 8B7204
:00402D65 3B7004
:00402D68 7510
jne 00402D7A
:00402D6A 8B7208
:00402D6D 3B7008
:00402D70 7508
jne 00402D7A
:00402D72 8B720C
mov esi, dword ptr [edx+0C]
:00402D75 3B700C
cmp esi, dword ptr [eax+0C]
:00402D78 7413
je 00402D8D
|:00402D60(C), :00402D68(C), :00402D70(C)
|
:00402D7A 83C01C
add eax, 0000001C
:00402D7D 49
dec ecx
:00402D7E 75DC
jne 00402D5C

|:00402D55(C)
|
:00402D80 8B5BDC
:00402D83 85DB
test ebx, ebx
:00402D85 7404
je 00402D8B
:00402D87 8B1B
:00402D89 EBC5
jmp 00402D50
|:00402D85(C)
|
:00402D8B 31C0
xor eax, eax
|:00402D78(C)
|
:00402D8D 5E
pop esi
:00402D8E 5B
pop ebx
:00402D8F C3
ret
|:00408712 , :00408E5A
|:0040F9B0 , :004100ED
|:0041465E , :00416461
|:00416E1B , :00416FEF
|:0041E314 , :0041E63E
|:00420F12 , :00420FAF
|:00421A9A , :0042205A
|:00422B11 , :00422D33
|:00424DC0 , :00424F8E
|:00425EC2 , :00425F7D
|:00428B27 , :0042958E
|:0042CC6F , :0042CCEC
|:0042DDEA , :0042DED4
|:0042DF24 , :0042DF38
|:0042E0B6 , :0042E117
|:0042E287 , :0042E2E0
|:0042F395 , :00431007
|:00431D08 , :00431DEE
|:00432661 , :004326CA
|:00436C26 , :00436D57
|:004385F3 , :00438C81
|:0043C217 , :0043C362
|:0043EE8F , :0043EEA3
|:004408AA
|
:00402D90 85C0
:00402D92 7410
Addresses:
, :0040D582
, :00410300
, :00416C92
, :00417193
, :00420747
, :00421694
, :0042219E
, :00422F75
, :0042511B
, :00425FF2
, :004295AB
, :0042DA1F
, :0042DEE8
, :0042DF4C
, :0042E16F
, :0042E33B
, :00431459
, :00432499
, :004328E7
, :00437F14
, :00439619
, :0043C462
, :0043FB41
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040D617
:00413EA2
:00416CC2
:00418BE9
:00420B23
:00421874
:004225DE
:0042380A
:00425E0A
:004267EE
:00429A6C
:0042DAE8
:0042DEFC
:0042DF60
:0042E1C7
:0042EFA4
:0043176E
:00432501
:00432BB5
:0043857E
:0043A71C
:0043CEC4
:0043FE28
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040F165
:00414396
:00416DFE
:0041A18F
:00420CA0
:004218AA
:0042275F
:00423C4A
:00425E7A
:004280B4
:00429ACF
:0042DD51
:0042DF10
:0042E017
:0042E226
:0042F056
:0043179C
:00432644
:00432C58
:004385CD
:0043A8AB
:0043ED7E
:00440899
test eax, eax

je 00402DA4

|:00402D9F(C)
|
:00402D94 8B00
:00402D96 39D0
cmp eax, edx
:00402D98 7408
je 00402DA2
:00402D9A
:00402D9D
:00402D9F
:00402DA1
8B40DC
85C0
75F3
C3

test eax, eax
jne 00402D94
ret

|:00402D98(C)
|
:00402DA2 B001
mov al, 01
|:00402D92(C)
|
:00402DA4 C3
ret
:00402DA5 8D4000
|:0041E213 , :0041E243
|:004222E8 , :00422313
|:00425233 , :0042783D
|:00430C17 , :00430C47
|:00430D0B , :00430D3F
|
:00402DA8 85C0
:00402DAA 7416
:00402DAC 89C1
Addresses:
, :00421A69
, :00422347
, :0042DCCF
, :00430C77
, :0043219E
|:00402DB9(C)
|
:00402DAE 8B09
:00402DB0 39D1
:00402DB2 740E
:00402DB4 8B49DC
:00402DB7 85C9
:00402DB9 75F3
:00402DBB B00A
:00402DBD E95EF9FFFF
,
,
,
,
,
:00422162
:00423C66
:00430BBE
:00430CA7
:0043352C
,
,
,
,
:0042228D
:0042520F
:00430BE3
:00430CDB
test eax, eax

je 00402DC2
mov ecx, eax
mov ecx, dword ptr [ecx]
cmp ecx, edx
je 00402DC2
mov ecx, dword ptr [ecx-24]
test ecx, ecx
jne 00402DAE
mov al, 0A
jmp 00402720

|:00402DAA(C), :00402DB2(C)
|
:00402DC2 C3
ret
:00402DC3 90
nop
|:00402DF8 , :00402E11 , :00402E4F
|
:00402DC4 57
push edi
:00402DC5 93
xchg eax,ebx
:00402DC6 EB02
jmp 00402DCA
|:00402DE3(C)
|
:00402DC8 8B1B
|:00402DC6(U)
|
:00402DCA 8B7BD0
:00402DCD 85FF
:00402DCF 740D
:00402DD1 0FB70F
:00402DD4 51
:00402DD5 83C702
:00402DD8 66F2
:00402DDA AF
:00402DDB 740A
:00402DDD 59
mov edi, dword ptr [ebx-30]

test edi, edi
je 00402DDE
movzx ecx, word ptr [edi]
push ecx
add edi, 00000002
repnz
scasd
je 00402DE7
pop ecx

|:00402DCF(C)
|
:00402DDE 8B5BDC
:00402DE1 85DB
test ebx, ebx
:00402DE3 75E3
jne 00402DC8
:00402DE5 5F
pop edi
:00402DE6 C3
ret
|:00402DDB(C)
|
:00402DE7 58
:00402DE8 01C0
:00402DEA 29C8
:00402DEC 8B5C47FC
:00402DF0 5F
:00402DF1 C3
:00402DF2 8BC0
mov eax, eax
* Referenced
|:0040CA47
|:0040FB37
|:00411984
|:00414575
|:0041D5D5
|:0041D79C
|:0041E37A
|:00420B4F
|:00421025
|:004217E2
|:004220EE
|:004226B4
|:00422950
|:004230AA
|:00423C17
|:00423D11
|:00423FA4
|:00424660
|:00424E8B
|:00425D7C
|:004261D5
|:004277A2
by a CALL at
, :0040D35B
, :0040FC6D
, :00411D64
, :00416D0D
, :0041D5F4
, :0041D7EC
, :0041E3A4
, :00420B73
, :004210C4
, :0042182D
, :00422112
, :004226E9
, :00422A85
, :004230CF
, :00423C27
, :00423E28
, :00423FB9
, :004246A1
, :00424F62
, :00425E23
, :0042645A
, :004277BE
pop
add
sub
mov
pop
ret
Addresses:
, :0040D36A
, :0040FDAE
, :004135F8
, :00416DB1
, :0041D65E
, :0041D805
, :0041E53C
, :00420CFE
, :00421573
, :004219CC
, :00422136
, :00422894
, :00422AB7
, :004233EF
, :00423CAE
, :00423EE3
, :00424357
, :00424894
, :00425161
, :00425F0B
, :0042669E
, :004279C6
eax
eax, eax
eax, ecx
ebx, dword ptr [edi+2*eax-04]
edi
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040D376
:0040FDCD
:00413663
:00416F5B
:0041D68A
:0041E17E
:0041E58D
:00420DBA
:004215A1
:00422081
:00422563
:004228AD
:00422AD6
:0042346D
:00423CD1
:00423F3D
:00424505
:00424908
:004258CA
:004261AF
:00426B77
:00427A6A
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040FA9B
:0041167F
:00413FD5
:0041D58C
:0041D6F3
:0041E1F3
:0041E5F0
:00420DCE
:004215C8
:004220CC
:00422610
:0042293F
:00422F21
:00423A86
:00423CF7
:00423F91
:004245B5
:00424972
:00425B3B
:004261BE
:0042745D
:00427B5D
|:00427C0E , :00427CE2
|:00427EB4 , :00427F5F
|:0042830B , :00428371
|:004286E6 , :004289FD
|:004293F8 , :00429447
|:0042B95E , :0042DB14
|:0042E8DC , :0042EABD
|:0042F1CC , :0042FAB4
|:004323C7 , :00432566
|:00432A80 , :00433E1D
|:0043AC2F , :0043ACAE
|:0043B404 , :0043B6A5
|:0043BD15 , :0043C2D7
|:0043C7B8 , :0043C8FA
|:0043F59E , :0043FC9C
|
:00402DF4 50
:00402DF5 51
:00402DF6 8B00
:00402DF8 E8C7FFFFFF
:00402DFD 59
:00402DFE 58
:00402DFF 7402
:00402E01 FFE3
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:00427DC6
:00427F75
:0042837D
:00428A41
:00429C56
:0042DB6C
:0042EB54
:00431313
:0043259B
:00438C19
:0043ACF3
:0043B6B1
:0043C2FA
:0043D576
:004410C6
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:00427E2F
:004282B9
:004286A7
:00429018
:00429C99
:0042DE6E
:0042EBB5
:00431763
:004327AF
:00438CCB
:0043B1E3
:0043B7FD
:0043C3FA
:0043E043
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:00427E7F
:004282EC
:004286C0
:004292AB
:0042AD16
:0042E843
:0042F182
:00431CFD
:00432A5D
:0043A610
:0043B314
:0043BAA1
:0043C58A
:0043EB52
push eax
push ecx
call 00402DC4
pop ecx
pop eax
je 00402E03
jmp ebx
|:00402DFF(C)
|
:00402E03 59
:00402E04 E9EFF9FFFF
:00402E09 C3
:00402E0A 8BC0
mov eax, eax
pop ecx
jmp 004027F8
ret

|:00416CEC , :00416CFD , :00416D6A , :00416D82 , :00416F3A
|:00416F4B , :004404E6
|
:00402E0C 53
push ebx
:00402E0D 89D3
mov ebx, edx
:00402E0F 8B00
:00402E11 E8AEFFFFFF
call 00402DC4
:00402E16 89D8
mov eax, ebx
:00402E18 5B
pop ebx
:00402E19 7506
jne 00402E21
:00402E1B 59
pop ecx
:00402E1C E9D7F9FFFF
jmp 004027F8
|:00402E19(C)
|
:00402E21 C3
ret
:00402E22 8BC0
mov eax, eax
|:004102BE , :00410321
|
:00402E24 8B40C4
:00402E27 C3
ret

|:00411C79
|
:00402E28 B8FFFF0080
mov eax, 8000FFFF
:00402E2D C3
ret
:00402E2E 8BC0
:00402E30 C3
mov eax, eax

ret
:00402E31 8D4000
:00402E34 C3

ret
:00402E35 8D4000
:00402E38 C3

ret
:00402E39
:00402E3C
:00402E3D
:00402E40
:00402E43
:00402E45
:00402E4A
:00402E4C
:00402E4D
:00402E4F
:00402E54
:00402E55
:00402E57
:00402E59
:00402E5A

push ebx
mov bx, word ptr [edx]
or bx, bx
je 00402E5C
cmp bx, C000
jnb 00402E5C
push eax
call 00402DC4
pop eax
je 00402E5C
mov ecx, ebx
pop ebx
jmp ecx
8D4000
53
668B1A
6609DB
7417
6681FB00C0
7310
50
8B00
E870FFFFFF
58
7405
89D9
5B
FFE1

|:00402E43(C), :00402E4A(C), :00402E55(C)
|
:00402E5C 5B
pop ebx
:00402E5D 8B08
:00402E5F FF61F0
jmp [ecx-10]
:00402E62 C3
ret
:00402E63 90
nop

|:0040F5A1
|
:00402E64 53
push ebx
:00402E65 56
push esi
:00402E66 57
push edi
:00402E67 31C9
xor ecx, ecx
:00402E69 31FF
xor edi, edi
:00402E6B 8A1A
:00402E6D EB02
jmp 00402E71

|:00402E92(C)
|
:00402E6F 8B00
|:00402E6D(U)
|
:00402E71 8B70CC
mov esi, dword ptr [eax-34]
:00402E74 85F6
test esi, esi
:00402E76 7415
je 00402E8D
:00402E78 668B3E
mov di, word ptr [esi]
:00402E7B 83C602
add esi, 00000002
|:00402E8B(C)
|
:00402E7E 8A4E06
:00402E81 38D9
cmp cl, bl
:00402E83 7415
je 00402E9A
|:00402E98(U)
|
:00402E85 668B0E
mov cx, word ptr [esi]
:00402E88 01CE
add esi, ecx
:00402E8A 4F
dec edi
:00402E8B 75F1
jne 00402E7E
|:00402E76(C)
|
:00402E8D 8B40DC
:00402E90 85C0
test eax, eax
:00402E92 75DB
jne 00402E6F
:00402E94 EB18
jmp 00402EAE
|:00402EA6(C)
|
:00402E96 8A1A
:00402E98 EBEB
jmp 00402E85
|:00402E83(C)
|
:00402E9A B500
mov ch, 00
|:00402EA9(C)
|
:00402E9C 8A5C0E06
:00402EA0 321C0A
:00402EA3 80E3DF
:00402EA6 75EE
:00402EA8 49
:00402EA9 75F1
:00402EAB 8B4602

mov
xor
and
jne
dec
jne
mov
bl, byte ptr [esi+ecx+06]

bl, byte ptr [edx+ecx]
bl, DF
00402E96
ecx
00402E9C
eax, dword ptr [esi+02]
|:00402E94(U)
|
:00402EAE 5F
:00402EAF 5E
:00402EB0 5B
:00402EB1 C3
pop edi
pop esi
pop ebx
ret
:00402EB2 8BC0
mov eax, eax

|:00411BF7
|
:00402EB4 53
push ebx
:00402EB5 56
push esi
:00402EB6 57
push edi
:00402EB7 31C9
xor ecx, ecx
:00402EB9 31FF
xor edi, edi
:00402EBB 8A1A
:00402EBD 50
push eax
|:00402EE0(C)
|
:00402EBE 8B00
:00402EC0 8B70C8
:00402EC3 85F6
test esi, esi
:00402EC5 7414
je 00402EDB
:00402EC7 668B3E
mov di, word ptr [esi]
:00402ECA 83C606
add esi, 00000006
|:00402ED9(C)
|
:00402ECD 8A4E06
:00402ED0 38D9
cmp cl, bl
:00402ED2 7418
je 00402EEC
|:00402EEA(U)
|
:00402ED4 8D740E07
:00402ED8 4F
:00402ED9 75F2

lea esi, dword ptr [esi+ecx+07]
dec edi
jne 00402ECD

|:00402EC5(C)
|
:00402EDB 8B40DC
:00402EDE 85C0
test eax, eax
:00402EE0 75DC
jne 00402EBE
:00402EE2 5A
pop edx
:00402EE3 EB1B
jmp 00402F00
|:00402EF6(C)
|
:00402EE5 8A1A
:00402EE7 8A4E06
:00402EEA EBE8
jmp 00402ED4
|:00402ED2(C), :00402EF9(C)
|
:00402EEC 8A5C0E06
:00402EF0 321C0A
:00402EF3 80E3DF
:00402EF6 75ED
:00402EF8 49
:00402EF9 75F1
:00402EFB 8B06
:00402EFD 5A
:00402EFE 01D0

mov
xor
and
jne
dec
jne
mov
pop
add
bl, byte ptr [esi+ecx+06]

bl, byte ptr [edx+ecx]
bl, DF
00402EE5
ecx
00402EEC
eax, dword ptr [esi]
edx
eax, edx

|:00402EE3(U)
|
:00402F00 5F
pop edi
:00402F01 5E
pop esi
:00402F02 5B
pop ebx
:00402F03 C3
ret
|:00402BF7 , :00408876
|:0040CE71 , :0040E949
|:004114CA , :00411CD2
|:00413DFD , :0041431D
|:004167D2 , :00416AC5
|:00418B36 , :0041A102
|:0041E2C5 , :0041E3D1
|:0042201A , :00422445
|:0042A8CD , :0042AA23
|:0042DF91 , :0042E5A9
|:00436CC5 , :004377E1
|:0043C661 , :0043CB59
|
:00402F04 52
:00402F05 51
:00402F06 53
:00402F07 84D2
:00402F09 7C03
:00402F0B FF50F4
Addresses:
, :004088B7
, :0040EC71
, :00411DB9
, :004145E9
, :00416C19
, :0041A761
, :0041E845
, :0042527D
, :0042AEF4
, :00430EAD
, :00437F81
, :0043DA8A
|:00402F09(C)
|
:00402F0E 31D2
:00402F10 8D4C2410
:00402F14 648B1A
:00402F17 8919
:00402F19 896908
:00402F1C C741042D2F4000
:00402F23 89410C
:00402F26 64890A
:00402F29 5B
:00402F2A 59
:00402F2B 5A
:00402F2C C3
,
,
,
,
,
,
,
,
,
,
,
,
:00409839
:0040EE49
:00411F45
:004148E6
:00417111
:0041D2F9
:00420AEF
:00429FD9
:0042CEC9
:0043298E
:0043809D
:004404A1
,
,
,
,
,
,
,
,
,
,
,
,
:0040C67E
:0040EF2C
:004133B1
:004163F9
:00417ED6
:0041D8AD
:00420C01
:0042A116
:0042DBBD
:00433CF1
:00438229
:00440BEA
push edx
push ecx
push ebx
test dl, dl
jl 00402F0E
call [eax-0C]
xor
lea
mov
mov
mov
mov
mov
mov
pop
pop
pop
ret
edx, edx
ecx, dword ptr [esp+10]
ebx, dword ptr fs:[edx]
dword ptr [ecx], ebx
dword ptr [ecx+08], ebp
[ecx+04], 00402F2D
dword ptr [ecx+0C], eax
dword ptr fs:[edx], ecx
ebx
ecx
edx
:00402F2D
:00402F32
:00402F36
:00402F39
:00402F3B
:00402F3D
:00402F3F
:00402F41
:00402F42
:00402F45
:00402F46
E93E010000
8B44242C
8B400C
85C0
740E
8B08
B281
50
FF51FC
58
E809000000
jmp 00403070
mov eax, dword ptr [eax+0C]
test eax, eax
je 00402F4B
mov dl, 81
push eax
call [ecx-04]
pop eax
call 00402F54

|:00402F3B(C)
|
:00402F4B E87C030000
call 004032CC
:00402F50 C3
ret
:00402F51 8D4000
|:00402C19 , :00402F46
|:0040D02A , :0040D200
|:0040EAE0 , :0040EDDA
|:00411D3B , :00411E35
|:00414376 , :0041463E
|:00416C75 , :004170FA
|:00418BC8 , :0041A0D5
|:00421EE0 , :004225AA
|:0042B084 , :0042CF76
|:0042E64D , :0042FAE7
|:00437873 , :0043843F
|
:00402F54 8B10
:00402F56 FF52F8
:00402F59 C3
:00402F5A 8BC0
|:00402C00 , :00408891
|:0040CEA1 , :0040EA13
|:004114F0 , :00411CF4
|:00413E34 , :00414342
|:004168A5 , :00416B25
|:00418B7F , :0041A136
|:0041E2E4 , :0041E412
|:00422037 , :004224EA
|:0042A905 , :0042AA2F
|:0042DFBC , :0042E5D6
|:00436D28 , :0043782C
|:0043C6A5 , :0043CCF6
|
:00402F5C 50
:00402F5D 8B10
:00402F5F FF52E4

Addresses:
, :004098CE
, :0040D466
, :0040EEA4
, :00411FB0
, :004149F3
, :00417175
, :0041A171
, :0042541C
, :0042D9BF
, :00430F90
, :0043CDA7
,
,
,
,
,
,
,
,
,
,
,
:0040CA54
:0040DFDE
:0040F408
:004133FE
:0041692E
:00417F2C
:0041A7B1
:0042A050
:0042DC5D
:00432A39
:0043DCE3
,
,
,
,
,
,
,
,
,
,
,
:0040CF2A
:0040EA4D
:00411582
:00413E66
:00416B5D
:0041812E
:00420C7D
:0042A944
:0042DFFD
:00433D81
:00440550

call [edx-08]
ret
mov eax, eax
Addresses:
, :0040890F
, :0040ECA2
, :00411DE0
, :0041460A
, :00416C3B
, :0041A779
, :0041E861
, :00425338
, :0042B027
, :00430EDD
, :00437FC0
, :0043DBE7
,
,
,
,
,
,
,
,
,
,
,
,
:00409882
:0040EE6B
:00411F68
:00414985
:0041713A
:0041D342
:00420AFB
:0042A011
:0042CF3A
:004329F4
:004381F5
:0044050E
,
,
,
,
,
,
,
,
,
,
,
,
:0040C696
:0040EF60
:004133CD
:00416411
:00417EF3
:0041D92E
:00420C42
:0042A198
:0042DC02
:00433D41
:0043832A
:00440C37
push eax
call [edx-1C]
:00402F62 58
:00402F63 C3
|:00402C10 , :0040989A
|:0040D1DE , :0040D442
|:0040EDAE , :0040EE86
|:00411DF7 , :00411F82
|:00414622 , :004149A2
|:004170CA , :00417152
|:0041A0B2 , :0041A14E
|:0042250D , :00425357
|:0042CF52 , :0042DC1B
|:00430EF6 , :00432A0E
|:0043CD20 , :0043DC0E
|
:00402F64 84D2
:00402F66 7F01
:00402F68 C3
pop eax
ret
Addresses:
, :0040CA37
, :0040DF8E
, :0040F3DB
, :004133E6
, :004168F0
, :00417F0A
, :0041A792
, :0042A02A
, :0042DFD2
, :00433D5A
, :0044052A
,
,
,
,
,
,
,
,
,
,
:0040CEBE
:0040EA32
:00411511
:00413E4A
:00416B3E
:004180E6
:00420C5A
:0042A91E
:0042E5EF
:00437842
,
,
,
,
,
,
,
,
,
,
:0040D006
:0040EABE
:00411D12
:0041435A
:00416C52
:00418B96
:00421EBE
:0042B042
:0042FABE
:004383B2
test dl, dl
jg 00402F69
ret

|:00402F66(C)
|
:00402F69 50
push eax
:00402F6A 52
push edx
:00402F6B 8B10
:00402F6D FF52E8
call [edx-18]
:00402F70 5A
pop edx
:00402F71 58
pop eax
:00402F72 C3
ret
:00402F73 90
nop

|:00403301
|
:00402F74 803D0820440001
cmp byte ptr [00442008], 01
:00402F7B 7610
jbe 00402F8D
:00402F7D 6A00
push 00000000
:00402F7F 6A00
push 00000000
:00402F81 6A00
push 00000000
:00402F83 68DFFAED0E
push 0EEDFADF
|
:00402F88 E873E2FFFF
Call 00401200
|:00402F7B(C)
|
:00402F8D C3
ret
:00402F8E 8BC0
mov eax, eax
|:004030BD , :004031F5
|
:00402F90
:00402F97
:00402F99
:00402F9A
:00402F9B
:00402F9C
:00402F9D
:00402F9F
:00402FA1
803D0820440000
7416
50
50
52
54
6A02
6A00
68E4FAED0E
cmp byte ptr [00442008], 00

je 00402FAF
push eax
push eax
push edx
push esp
push 00000002
push 00000000
push 0EEDFAE4

|
:00402FA6 E855E2FFFF
Call 00401200
:00402FAB 83C408
add esp, 00000008
:00402FAE 58
pop eax
|:00402F97(C)
|
:00402FAF C3
ret
|:00402FD1(U), :00402FE3(U)
|
:00402FB0 54
:00402FB1 6A01
:00402FB3 6A00
:00402FB5 68E0FAED0E

push
push
push
push
esp
00000001
00000000
0EEDFAE0

|
:00402FBA E841E2FFFF
Call 00401200
:00402FBF 83C404
add esp, 00000004
:00402FC2 58
pop eax
:00402FC3 C3
ret

|:00403247
|
:00402FC4 803D0820440001
cmp byte ptr [00442008], 01
:00402FCB 7609
jbe 00402FD6
:00402FCD 50
push eax
:00402FCE FF7304
push [ebx+04]
:00402FD1 E9DAFFFFFF
jmp 00402FB0
|:00402FCB(C)
|
:00402FD6 C3
ret
:00402FD7 90
nop
|:00403113
|
:00402FD8 803D0820440001
cmp byte ptr [00442008], 01
:00402FDF 7607
jbe 00402FE8
:00402FE1 50
push eax
:00402FE2 53
:00402FE3 E9C8FFFFFF
push ebx
jmp 00402FB0

|:00402FDF(C)
|
:00402FE8 C3
ret
:00402FE9 8D4000
|:00403018
|
:00402FEC 85C9
test ecx, ecx
:00402FEE 7419
je 00403009
:00402FF0 8B4101
mov eax, dword ptr [ecx+01]
:00402FF3 8039E9
cmp byte ptr [ecx], E9
:00402FF6 740C
je 00403004
:00402FF8 8039EB
cmp byte ptr [ecx], EB
:00402FFB 750C
jne 00403009
:00402FFD 0FBEC0
movsx eax, al
:00403000 41
inc ecx
:00403001 41
inc ecx
:00403002 EB03
jmp 00403007
|:00402FF6(C)
|
:00403004 83C105
add ecx, 00000005
|:00403002(U)
|
:00403007 01C1
add ecx, eax
|:00402FEE(C), :00402FFB(C)
|
:00403009 C3
ret
:0040300A 8BC0
mov eax, eax
|:0040329D
|
:0040300C 803D0820440001
cmp byte ptr [00442008], 01
:00403013 761C
jbe 00403031
:00403015 50
push eax
:00403016 52
push edx
:00403017 51
push ecx
:00403018 E8CFFFFFFF
call 00402FEC
:0040301D 51
push ecx
:0040301E 54
push esp
:0040301F 6A01
push 00000001
:00403021 6A00
push 00000000
:00403023 68E1FAED0E
push 0EEDFAE1
|
:00403028 E8D3E1FFFF
Call 00401200
:0040302D 59
pop ecx
:0040302E 59
pop ecx
:0040302F 5A
:00403030 58
pop edx
pop eax

|:00403013(C)
|
:00403031 C3
ret
:00403032 8BC0
mov eax, eax
|:00403348
|
:00403034 803D0820440001
cmp byte ptr [00442008], 01
:0040303B 7611
jbe 0040304E
:0040303D 52
push edx
:0040303E 54
push esp
:0040303F 6A01
push 00000001
:00403041 6A00
push 00000000
:00403043 68E2FAED0E
push 0EEDFAE2
|
:00403048 E8B3E1FFFF
Call 00401200
:0040304D 5A
pop edx
|:0040303B(C)
|
:0040304E C3
ret
:0040304F 90
nop
|:00403468
|
:00403050 50
push eax
:00403051 52
push edx
:00403052 803D0820440001
cmp byte ptr [00442008], 01
:00403059 760F
jbe 0040306A
:0040305B 54
push esp
:0040305C 6A02
push 00000002
:0040305E 6A00
push 00000000
:00403060 68E3FAED0E
push 0EEDFAE3
|
:00403065 E896E1FFFF
Call 00401200
|:00403059(C)
|
:0040306A 5A
pop edx
:0040306B 58
pop eax
:0040306C C3
ret
:0040306D 8D4000

|:00402F2D(U), :0040351E(U), :0040357E(U), :00404D83(U), :0040FA4C(U)
|:0040FAC1(U), :0040FB4F(U), :0040FC8A(U), :00410C76(U), :00410D65(U)
|:00412007(U), :0041206F(U),
|:004122FD(U), :00416BAC(U),
|:00418D4D(U), :0041949B(U),
|:0041A08A(U), :0041A349(U),
|:00420A96(U), :0042194A(U),
|:00433C83(U), :00436474(U),
|:0043BAB0(U), :0043BE47(U),
|
:00403070 8B442404
:00403074 F7400406000000
:0040307B 0F85B9000000
:00403081 8138DEFAED0E
:00403087 8B5018
:0040308A 8B4814
:0040308D 743C
:0040308F FC
:00403090 E8C7FAFFFF
:00403095 8B150C304400
:0040309B 85D2
:0040309D 0F8497000000
:004030A3 FFD2
:004030A5 85C0
:004030A7 0F848D000000
:004030AD 8B54240C
:004030B1 8B4C2404
:004030B5 8139CEFAEF0E
:004030BB 7405
:004030BD E8CEFEFFFF
:004120E7(U),
:00416DC0(U),
:00419896(U),
:0041A3FF(U),
:004267A6(U),
:00438489(U),
:0043E7BD(U),
:00412149(U),
:00416F0C(U),
:00419A81(U),
:0041A468(U),
:00426864(U),
:004384FD(U),
:0043ED5A(U)
:0041222D(U)
:00418858(U)
:00419D45(U)
:0041A967(U)
:00432D02(U)
:0043B80C(U)

test [eax+04], 00000006
jne 0040313A
cmp dword ptr [eax], 0EEDFADE
je 004030CB
cld
call 00402B5C
test edx, edx
je 0040313A
call edx
test eax, eax
je 0040313A
mov edx, dword ptr [esp+0C]
mov ecx, dword ptr [esp+04]
cmp dword ptr [ecx], 0EEFFACE
je 004030C2
call 00402F90
|:004030BB(C)
|
:004030C2 89C2
:004030C4 8B442404
:004030C8 8B480C
|:0040308D(C)
|
:004030CB 83480402
:004030CF 53
:004030D0 31DB
:004030D2 56
:004030D3 57
:004030D4 55
:004030D5 648B1B
:004030D8 53
:004030D9 50
:004030DA 52
:004030DB 51
:004030DC 8B542428
:004030E0 6A00
:004030E2 50
:004030E3 68EE304000
:004030E8 52
mov edx, eax

mov ecx, dword ptr [eax+0C]
or dword ptr [eax+04], 00000002

push ebx
xor ebx, ebx
push esi
push edi
push ebp
mov ebx, dword ptr fs:[ebx]
push ebx
push eax
push edx
push ecx
push 00000000
push eax
push 004030EE
push edx

|
:004030E9 E822E1FFFF
Call 00401210
:004030EE 8B7C2428
:004030F2
:004030F7
:004030FD
:00403103
:00403106
:00403109
:00403110
:00403113
:00403118
:0040311A
:0040311F
:00403124
:0040312A
:0040312C
:00403132
:00403135
E81D2A0000
FFB000000000
89A000000000
8B6F08
8B5F04
C747041A314000
83C305
E8C0FEFFFF
FFE3
E959010000
E8F0290000
8B8800000000
8B11
899000000000
8B4108
E9E6FAFFFF
call 00405B14
push dword ptr [eax+00000000]
mov dword ptr [eax+00000000], esp
mov ebp, dword ptr [edi+08]
mov [edi+04], 0040311A
add ebx, 00000005
call 00402FD8
jmp ebx
jmp 00403278
call 00405B14
mov edx, dword ptr [ecx]
jmp 00402C20

|:0040307B(C), :0040309D(C), :004030A7(C)
|
:0040313A B801000000
mov eax, 00000001
:0040313F C3
ret

|:0041037A(U), :004103A1(U), :0043F450(U)
|
:00403140 8B442404
:00403144 F7400406000000
test [eax+04], 00000006
:0040314B 0F851E010000
jne 0040326F
:00403151 8138DEFAED0E
:00403157 741F
je 00403178
:00403159 FC
cld
:0040315A E8FDF9FFFF
call 00402B5C
:0040315F 8B1508304400
:00403165 85D2
test edx, edx
:00403167 0F8402010000
je 0040326F
:0040316D FFD2
call edx
:0040316F 85C0
test eax, eax
:00403171 750A
jne 0040317D
:00403173 E9F7000000
jmp 0040326F
|:00403157(C)
|
:00403178 8B4018
:0040317B 8B00
|:00403171(C)
|
:0040317D 8B542408
:00403181 53
:00403182 56
:00403183 57
:00403184 55
:00403185 8B4A04
:00403188 8B5905
:0040318B 8D7109

mov edx,
push ebx
push esi
push edi
push ebp
mov ecx,
mov ebx,
lea esi,
dword ptr [esp+08]
dword ptr [edx+04]

dword ptr [ecx+05]
dword ptr [ecx+09]
:0040318E 89C5
mov ebp, eax

|:004031CE(C)
|
:00403190 8B06
:00403192 85C0
test eax, eax
:00403194 7443
je 004031D9
:00403196 89EF
mov edi, ebp
:00403198 EB02
jmp 0040319C
|:004031C8(C)
|
:0040319A 8B3F
mov edi, dword ptr [edi]
|:00403198(U)
|
:0040319C 8B00
:0040319E 39F8
:004031A0 7437
:004031A2 8B48D8
:004031A5 3B4FD8
:004031A8 7517
:004031AA 8B40D4
:004031AD 8B57D4
:004031B0 31C9
:004031B2 8A08
:004031B4 3A0A
:004031B6 7509
:004031B8 40
:004031B9 42
:004031BA E809F7FFFF
:004031BF 7418
|:004031A8(C), :004031B6(C)
|
:004031C1 8B7FDC
:004031C4 8B06
:004031C6 85FF
:004031C8 75D0
:004031CA 83C608
:004031CD 4B
:004031CE 75C0
:004031D0 5D
:004031D1 5F
:004031D2 5E
:004031D3 5B
:004031D4 E996000000

cmp eax, edi
je 004031D9
mov ecx, dword ptr [eax-28]
cmp ecx, dword ptr [edi-28]
jne 004031C1
mov edx, dword ptr [edi-2C]
xor ecx, ecx
jne 004031C1
inc eax
inc edx
call 004028C8
je 004031D9
mov edi, dword ptr [edi-24]

test edi, edi
jne 0040319A
add esi, 00000008
dec ebx
jne 00403190
pop ebp
pop edi
pop esi
pop ebx
jmp 0040326F

|:00403194(C), :004031A0(C), :004031BF(C)
|
:004031D9 8B442414
:004031DD 8138DEFAED0E
:004031E3 8B5018
:004031E6 8B4814
:004031E9 7418
je 00403203
:004031EB
:004031F1
:004031F5
:004031FA
:004031FC
:00403200
FF150C304400
8B54241C
E896FDFFFF
89C2
8B442414
8B480C
|:004031E9(C)
|
:00403203 31DB
:00403205 648B1B
:00403208 53
:00403209 50
:0040320A 52
:0040320B 51
:0040320C 8B542428
:00403210 83480402
:00403214 56
:00403215 6A00
:00403217 50
:00403218 6823324000
:0040321D 52
call dword ptr

mov edx, dword
call 00402F90
mov edx, eax
mov eax, dword
mov ecx, dword
[0044300C]
ptr [esp+1C]
ptr [esp+14]
ptr [eax+0C]

xor ebx, ebx
mov ebx, dword ptr fs:[ebx]
push ebx
push eax
push edx
push ecx
push esi
push 00000000
push eax
push 00403223
push edx

|
:0040321E E8EDDFFFFF
Call 00401210
:00403223 5B
pop ebx
:00403224 8B7C2428
:00403228 E8E7280000
call 00405B14
:0040322D FFB000000000
:00403233 89A000000000
mov dword ptr [eax+00000000], esp
:00403239 8B6F08
:0040323C C747044F324000
mov [edi+04], 0040324F
:00403243 8B442408
:00403247 E878FDFFFF
call 00402FC4
:0040324C FF6304
jmp [ebx+04]
:0040324F E924000000
jmp 00403278
:00403254 E8BB280000
call 00405B14
:00403259 8B8800000000
:0040325F 8B11
mov edx, dword ptr [ecx]
:00403261 899000000000
:00403267 8B4108
:0040326A E9B1F9FFFF
jmp 00402C20
|:0040314B(C), :00403167(C), :00403173(U), :004031D4(U)
|
:0040326F B801000000
mov eax, 00000001
:00403274 C3
ret
:00403275 8D4000

|:00401AB6(U), :00401B9A(U), :00402248(U), :004023EE(U), :00402681(U)
|:00402B09(U), :00402D3C(U), :0040311A(U), :0040324F(U), :00404598(U)
|:004046F9(U), :0040475E(U), :00404B97(U), :00404E18(U), :0040599A(U)
|:00405A8C(U), :00405BFD(U), :00406681(U), :004066B9(U), :00406971(U)
|:004082EA(U), :004083FD(U), :004085CD(U), :00408902(U), :004089E9(U)
|:00408AFE(U),
|:00409626(U),
|:0040AA0D(U),
|:0040C3E9(U),
|:0040C992(U),
|:0040CCC2(U),
|:0040CF87(U),
|:0040D432(U),
|:0040D84A(U),
|:0040DABC(U),
|:0040DCD7(U),
|:0040DEDB(U),
|:0040E21F(U),
|:0040E5FD(U),
|:0040EA04(U),
|:0040F18C(U),
|:0040F36E(U),
|:0040F82A(U),
|:0040FD53(U),
|:00410487(U),
|:00410CB5(U),
|:00411143(U),
|:00411A9B(U),
|:00412444(U),
|:004136F7(U),
|:00414137(U),
|:00414556(U),
|:00414D48(U),
|:004152AE(U),
|:00415784(U),
|:00415D08(U),
|:004161BD(U),
|:00416678(U),
|:00416F76(U),
|:00417BE7(U),
|:00417EC0(U),
|:004187FB(U),
|:00418B1B(U),
|:004194FB(U),
|:0041A4F2(U),
|:0041A9D3(U),
|:0041B4A5(U),
|:0041D4C6(U),
|:0041DEF7(U),
|:0041E89D(U),
|:00421E86(U),
|:00422AF2(U),
|:00423532(U),
|:00424E63(U),
|:00425BCF(U),
|:00426564(U),
|:00427AC1(U),
|:004294F9(U),
|:0042A0F3(U),
|:0042A6B0(U),
|:0042AFE6(U),
|:0042BE07(U),
|:0042C619(U),
|:0042E705(U),
|:0042EB6F(U),
:00408B6F(U),
:0040977A(U),
:0040AD58(U),
:0040C4EA(U),
:0040CA05(U),
:0040CD34(U),
:0040CFEB(U),
:0040D542(U),
:0040D86C(U),
:0040DB49(U),
:0040DCFC(U),
:0040DEF8(U),
:0040E319(U),
:0040E6BA(U),
:0040EC03(U),
:0040F1AB(U),
:0040F3B6(U),
:0040F8BE(U),
:0040FE2A(U),
:00410580(U),
:00410CD7(U),
:0041118D(U),
:00411B1D(U),
:004134F4(U),
:004137A1(U),
:0041415A(U),
:004146BB(U),
:00414F7E(U),
:00415354(U),
:0041599D(U),
:00415DE9(U),
:004163BB(U),
:00416703(U),
:0041759C(U),
:00417C07(U),
:00417FC8(U),
:00418825(U),
:00418C86(U),
:00419803(U),
:0041A53E(U),
:0041AB01(U),
:0041B4E5(U),
:0041D898(U),
:0041E2AE(U),
:00421BF5(U),
:00421EAE(U),
:00422CB9(U),
:00423759(U),
:00425005(U),
:00425CE5(U),
:00426853(U),
:00427B7E(U),
:004299FA(U),
:0042A267(U),
:0042A9E7(U),
:0042BA96(U),
:0042C29C(U),
:0042CEB1(U),
:0042E7C5(U),
:0042EF1E(U),
:00408DB4(U),
:0040A635(U),
:0040AEFE(U),
:0040C512(U),
:0040CA24(U),
:0040CDCC(U),
:0040D07E(U),
:0040D55F(U),
:0040D8CD(U),
:0040DB66(U),
:0040DD53(U),
:0040DF7E(U),
:0040E388(U),
:0040E7FD(U),
:0040ED32(U),
:0040F1CA(U),
:0040F52C(U),
:0040F970(U),
:004101C6(U),
:00410794(U),
:00410D92(U),
:00411228(U),
:00412203(U),
:0041358B(U),
:00413F2A(U),
:00414402(U),
:004146D8(U),
:004151CA(U),
:0041542D(U),
:00415A3E(U),
:00415F85(U),
:004163E2(U),
:00416898(U),
:004176C4(U),
:00417CC2(U),
:004180B3(U),
:00418847(U),
:00418F7E(U),
:0041982F(U),
:0041A5B3(U),
:0041ACE9(U),
:0041B51D(U),
:0041DAFD(U),
:0041E61D(U),
:00421C40(U),
:00421F6D(U),
:00422FB8(U),
:004238D2(U),
:004254EC(U),
:00425DDB(U),
:00426DB0(U),
:00428AA5(U),
:00429C14(U),
:0042A302(U),
:0042AA0A(U),
:0042BAB3(U),
:0042C417(U),
:0042D1F2(U),
:0042E973(U),
:0042EF3B(U),
:00408E7F(U),
:0040A6A9(U),
:0040C251(U),
:0040C60C(U),
:0040CB0E(U),
:0040CE59(U),
:0040D2F3(U),
:0040D5C9(U),
:0040D9B3(U),
:0040DBF8(U),
:0040DDAD(U),
:0040E06E(U),
:0040E482(U),
:0040E879(U),
:0040EE2F(U),
:0040F283(U),
:0040F6A9(U),
:0040FCC3(U),
:0041021D(U),
:004109FC(U),
:00410E00(U),
:004112E7(U),
:00412254(U),
:0041361D(U),
:00413F47(U),
:0041441F(U),
:00414755(U),
:00415212(U),
:004154BE(U),
:00415C2E(U),
:00415FA8(U),
:004165F8(U),
:004169BB(U),
:00417742(U),
:00417E1A(U),
:00418233(U),
:004188A7(U),
:00418FE9(U),
:004198C7(U),
:0041A5FF(U),
:0041ADBB(U),
:0041B561(U),
:0041DCDE(U),
:0041E6AD(U),
:00421DDD(U),
:00422231(U),
:00423086(U),
:00423C01(U),
:0042553C(U),
:00426308(U),
:0042716A(U),
:00428D63(U),
:00429FB3(U),
:0042A400(U),
:0042ACE6(U),
:0042BDCD(U),
:0042C4D3(U),
:0042D5CB(U),
:0042EA92(U),
:0042EF58(U),
:00408F5A(U)
:0040A6ED(U)
:0040C2FD(U)
:0040C7D2(U)
:0040CBCD(U)
:0040CF1A(U)
:0040D3AD(U)
:0040D745(U)
:0040DA31(U)
:0040DC15(U)
:0040DE37(U)
:0040E183(U)
:0040E586(U)
:0040E8D8(U)
:0040F13C(U)
:0040F30B(U)
:0040F6C6(U)
:0040FCE5(U)
:004103EC(U)
:00410C60(U)
:00410F40(U)
:00411967(U)
:00412385(U)
:00413688(U)
:00413FBD(U)
:00414495(U)
:0041488D(U)
:0041525A(U)
:004155D7(U)
:00415CE8(U)
:00415FC8(U)
:00416615(U)
:00416A4A(U)
:00417ABE(U)
:00417E42(U)
:004185B1(U)
:00418AD3(U)
:004193F4(U)
:00419910(U)
:0041A875(U)
:0041B465(U)
:0041B895(U)
:0041DD7E(U)
:0041E6F1(U)
:00421E04(U)
:004222BB(U)
:00423229(U)
:00423EFE(U)
:00425B17(U)
:00426478(U)
:004279EF(U)
:004292D4(U)
:0042A0D0(U)
:0042A519(U)
:0042AD5D(U)
:0042BDEA(U)
:0042C5C8(U)
:0042E41D(U)
:0042EAAF(U)
:0042F164(U)
|:0042F343(U), :0042F360(U),
|:0042F750(U), :0042F76D(U),
|:00430626(U), :004308B9(U),
|:00431420(U), :004314BB(U),
|:00431EAE(U), :00432308(U),
|:00433A78(U), :00433A95(U),
|:00433FBC(U), :004364AB(U),
|:00437B7B(U), :00437DF9(U),
|:004381E5(U), :0043884A(U),
|:004393AE(U), :004393CB(U),
|:0043A4D4(U), :0043A62B(U),
|:0043B173(U), :0043B68B(U),
|:0043BEFE(U), :0043C0F7(U),
|:0043C99B(U), :0043CB09(U),
|:0043D77A(U), :0043D7F8(U),
|:0043F107(U), :0043F497(U),
|:0043FDB7(U), :0043FF01(U),
|:00440A11(U), :00441245(U),
|:00441881(U), :004418B3(U)
|
:00403278 8B442404
:0040327C 8B542408
:00403280 F7400406000000
:00403287 741F
:00403289 8B4A04
:0040328C C74204A8324000
:00403293 53
:00403294 56
:00403295 57
:00403296 55
:00403297 8B6A08
:0040329A 83C105
:004032A2 FFD1
:004032A4 5D
:004032A5 5F
:004032A6 5E
:004032A7 5B
:0042F66F(U),
:0042F981(U),
:00430A0B(U),
:004316BD(U),
:00432476(U),
:00433BAE(U),
:00436BF2(U),
:00437F49(U),
:00438E21(U),
:004393F2(U),
:0043A919(U),
:0043BBA9(U),
:0043C198(U),
:0043CC9F(U),
:0043DE70(U),
:0043F5B9(U),
:0043FF51(U),
:00441338(U),
:0042F68C(U),
:0042FA8A(U),
:004311EC(U),
:00431A01(U),
:00433054(U),
:00433BCB(U),
:00436CA9(U),
:00438190(U),
:004392A8(U),
:004396B9(U),
:0043AC52(U),
:0043BBC6(U),
:0043C1B8(U),
:0043D16F(U),
:0043EE46(U),
:0043F99B(U),
:004406C5(U),
:004414F2(U),
:0042F6A9(U)
:0042FB2D(U)
:004312BA(U)
:00431C65(U)
:00433299(U)
:00433BF0(U)
:00437A00(U)
:004381C5(U)
:004392C5(U)
:00439C24(U)
:0043AC75(U)
:0043BCB2(U)
:0043C754(U)
:0043D1AD(U)
:0043F039(U)
:0043F9CA(U)
:004409D9(U)
:004417A8(U)

test [eax+04], 00000006
je 004032A8
mov [edx+04], 004032A8
push ebx
push esi
push edi
push ebp
mov ebp, dword ptr [edx+08]
add ecx, 00000005
call 0040300C
call ecx
pop ebp
pop edi
pop esi
pop ebx

|:00403287(C)
|
:004032A8 B801000000
mov eax, 00000001
:004032AD C3
ret
:004032AE 8BC0
* Referenced
|:0040743D
|:0040D063
|:0040E9E9
|:0040F80A
|:00411A44
|:0041532F
|:00426394
|:0042C09E
|:0042F149
|:00432452
|:0043A444
by a CALL at
, :00408B54
, :0040D2CD
, :0040EBE8
, :004101A0
, :00414F63
, :00422C89
, :00428D40
, :0042C0DF
, :0042F735
, :00436C8E
, :0043A5E9
mov eax, eax

Addresses:
, :0040975A
, :0040E7E2
, :0040ED12
, :00410745
, :0041516D
, :00423050
, :0042AA95
, :0042E6AE
, :004305E1
, :00438173
, :0043B7A4
,
,
,
,
,
,
,
,
,
,
,
:0040C231
:0040E85E
:0040EE14
:004112C4
:00415185
:004234EB
:0042AADD
:0042E945
:00431496
:00438E06
:0043BEDC
,
,
,
,
,
,
,
,
,
,
,
:0040C4A3
:0040E9A6
:0040F329
:00411932
:00415293
:00423838
:0042ACBE
:0042EB30
:0043225A
:00439AF9
:0043BF99
|:0043DD83
|
|:00408A54(U), :00408ADB(U), :0040CB4D(U), :0040D789(U)
|
:004032B0 5A
pop edx
:004032B1 54
push esp
:004032B2 55
push ebp
:004032B3 57
push edi
:004032B4 56
push esi
:004032B5 53
push ebx
:004032B6 50
push eax
:004032B7 52
push edx
:004032B8 54
push esp
:004032B9 6A07
push 00000007
:004032BB 6A01
push 00000001
:004032BD 68DEFAED0E
push 0EEDFADE
:004032C2 52
push edx
|
:004032C3 E938DFFFFF
Jmp 00401200
:004032C8 C3
ret
:004032C9 8D4000
|:00402F4B , :00403528
|:0040FB68 , :0040FCA2
|:00416BBF , :00416DCD
|:004194A8 , :004198A4
|:0041A356 , :0041A40C
|:00421956 , :004267B9
|
:004032CC 8B442430
:004032D0 C7400417334000
:004032D7 E838280000
:004032DC 8B9000000000
:004032E2 8B0A
:004032E4 898800000000
:004032EA 8B420C
:004032ED 836004FD
:004032F1 8138DEFAED0E
:004032F7 740D
:004032F9 8B4208
:004032FC E81FF9FFFF
:00403301 E86EFCFFFF

Addresses:
, :00403588
, :004103CC
, :00416F19
, :00419A8E
, :0041A475
, :00436483
,
,
,
,
,
,
:0040FA65
:00410C93
:00418866
:00419D53
:0041A974
:0043ED66
,
,
,
,
,
:0040FADA
:00410D72
:00418D69
:0041A09A
:00420AAB

mov [eax+04], 00403317
call 00405B14
mov dword ptr [eax+00000000], ecx
mov eax, dword ptr [edx+0C]
and dword ptr [eax+04], FFFFFFFD
je 00403306
call 00402C20
call 00402F74

|:004032F7(C)
|
:00403306 31C0
xor eax, eax
:00403308 83C414
add esp, 00000014
:0040330B 648B10
mov edx, dword ptr fs:[eax]
:0040330E 59
pop ecx
:0040330F 8B12
:00403311 8911
mov dword ptr [ecx], edx
:00403313 5D
pop ebp
:00403314
:00403315
:00403316
:00403317
:0040331C
5F
5E
5B
B801000000
C3
pop
pop
pop
mov
ret
:0040331D 8D4000
edi
esi
ebx
eax, 00000001
|:0040352D , :0040358D
|:0040FB6D , :0040FCA7
|:00410D77 , :00412011
|:00412239 , :00412307
|:0041886B , :00418D6E
|:00419D58 , :0041A09F
|:0041A979 , :00420AB0
|:00432D19 , :00433C97
|:0043B81E , :0043BAC2
|:0043F46C
|
:00403320 E8EF270000
:00403325 8B9000000000
:0040332B 8B0A
:0040332D 898800000000
:00403333 8B4208
:00403336 E8E5F8FFFF
:0040333B 5A
:0040333C 8B64242C
:00403340 31C0
:00403342 59
:00403343 648908
:00403346 58
:00403347 5D
:00403348 E8E7FCFFFF
:0040334D FFE2
:0040334F C3
Addresses:
, :00404D88
, :00410392
, :00412079
, :00416BC4
, :004194AD
, :0041A35B
, :0042195B
, :00436488
, :0043BE64
|:004021C1 , :00402216
|:0040FC34 , :0041858C
|:00421DC0 , :0043A7B9
|
:00403350 31D2
:00403352 8B4C2408
:00403356 8B442404
:0040335A 83C105
:0040335D 648902
:00403360 FFD1
:00403362 C20C00
Addresses:
, :00402366
, :00418591
, :0043A7DF
,
,
,
,
,
,
,
,
,
:0040FA6A
:004103D1
:004120F1
:00416DD2
:004198A9
:0041A411
:004267BE
:0043849B
:0043E7CD
,
,
,
,
,
,
,
,
,
:0040FADF
:00410C98
:00412153
:00416F1E
:00419A93
:0041A47A
:00426878
:0043850F
:0043ED6B
call 00405B14
call 00402C20
pop edx
mov esp, dword ptr [esp+2C]
xor eax, eax
pop ecx
mov dword ptr fs:[eax], ecx
pop eax
pop ebp
call 00403034
jmp edx
ret
, :0040C2AC
, :00421A1C
, :0043A834
, :0040C2D9
, :00421DBB
, :0043A884
xor edx, edx

add ecx, 00000005
mov dword ptr fs:[edx], eax
call ecx
ret 000C
:00403365 C3
ret
:00403366 8BC0
mov eax, eax
|:0040340B
|
:00403368 891424
:0040336B E93C040000
:00403370 C3

jmp 004037AC
ret
:00403371 8D4000
|:00403453(C), :0040345F(C)
|
:00403374 55
:00403375 8BEC
:00403377 8B5508
:0040337A 8B02
:0040337C 3D920000C0
:00403381 7F2C
:00403383 745C
:00403385 3D8E0000C0
:0040338A 7F15
:0040338C 7457
:0040338E 2D050000C0
:00403393 745C
:00403395 2D87000000
:0040339A 743D
:0040339C 48
:0040339D 744E
:0040339F EB60
|:0040338A(C)
|
:004033A1 0571FFFF3F
:004033A6 83E802
:004033A9 7236
:004033AB 7430
:004033AD EB52
|:00403381(C)
|
:004033AF 3D960000C0
:004033B4 7F11
:004033B6 743D
:004033B8 2D930000C0
:004033BD 742E
:004033BF 48
:004033C0 7413
:004033C2 48
:004033C3 7424
:004033C5 EB3A
|:004033B4(C)
|
:004033C7 2DFD0000C0
:004033CC 742F
:004033CE 83E83D
:004033D1 7426
push ebp
mov ebp, esp
mov edx, dword ptr [ebp+08]
mov eax, dword ptr [edx]
cmp eax, C0000092
jg 004033AF
je 004033E1
cmp eax, C000008E
jg 004033A1
je 004033E5
sub eax, C0000005
je 004033F1
sub eax, 00000087
je 004033D9
dec eax
je 004033ED
jmp 00403401
add eax, 3FFFFF71

sub eax, 00000002
jb 004033E1
je 004033DD
jmp 00403401
cmp eax, C0000096

jg 004033C7
je 004033F5
sub eax, C0000093
je 004033ED
dec eax
je 004033D5
dec eax
je 004033E9
jmp 00403401
sub eax, C00000FD

je 004033FD
sub eax, 0000003D
je 004033F9
:004033D3 EB2C
jmp 00403401

|:004033C0(C)
|
:004033D5 B0C8
mov al, C8
:004033D7 EB2A
jmp 00403403
|:0040339A(C)
|
:004033D9 B0C9
mov al, C9
:004033DB EB26
jmp 00403403
|:004033AB(C)
|
:004033DD B0CD
mov al, CD
:004033DF EB22
jmp 00403403
|:00403383(C), :004033A9(C)
|
:004033E1 B0CF
mov al, CF
:004033E3 EB1E
jmp 00403403
|:0040338C(C)
|
:004033E5 B0C8
mov al, C8
:004033E7 EB1A
jmp 00403403
|:004033C3(C)
|
:004033E9 B0D7
mov al, D7
:004033EB EB16
jmp 00403403
|:0040339D(C), :004033BD(C)
|
:004033ED B0CE
mov al, CE
:004033EF EB12
jmp 00403403
|:00403393(C)
|
:004033F1 B0D8
mov al, D8
:004033F3 EB0E
jmp 00403403
|:004033B6(C)
|
:004033F5 B0DA
mov al, DA
:004033F7 EB0A
jmp 00403403
|:004033D1(C)
|
:004033F9 B0D9
mov al, D9
:004033FB EB06
jmp 00403403

|:004033CC(C)
|
:004033FD B0CA
mov al, CA
:004033FF EB02
jmp 00403403
|:0040339F(U), :004033AD(U), :004033C5(U), :004033D3(U)
|
:00403401 B0FF
mov al, FF
|:004033D7(U), :004033DB(U), :004033DF(U), :004033E3(U), :004033E7(U)
|:004033EB(U), :004033EF(U), :004033F3(U), :004033F7(U), :004033FB(U)
|:004033FF(U)
|
:00403403 25FF000000
and eax, 000000FF
:00403408 8B520C
mov edx, dword ptr [edx+0C]
:0040340B E858FFFFFF
call 00403368
:00403410 5D
pop ebp
:00403411 C20400
ret 0004
:00403414
:00403418
:0040341F
:00403421
:00403422
:00403427
:0040342B
:0040342D
:0040342E
:00403433
8B442404
F7400406000000
756C
FC
E835F7FFFF
8B542408
6A00
50
6839344000
52

test [eax+04], 00000006
jne 0040348D
cld
call 00402B5C
push 00000000
push eax
push 00403439
push edx

|
:00403434 E8D7DDFFFF
Call 00401210
:00403439 8B5C2404
:0040343D 813BDEFAED0E
cmp dword ptr [ebx], 0EEDFADE
:00403443 8B5314
:00403446 8B4318
:00403449 741D
je 00403468
:0040344B 8B150C304400
:00403451 85D2
test edx, edx
:00403453 0F841BFFFFFF
je 00403374
:00403459 89D8
mov eax, ebx
:0040345B FFD2
call edx
:0040345D 85C0
test eax, eax
:0040345F 0F840FFFFFFF
je 00403374
:00403465 8B530C
mov edx, dword ptr [ebx+0C]
|:00403449(C)
|
:00403468 E8E3FBFFFF
:0040346D 8B0D00304400
:00403473 85C9
:00403475 7402

call 00403050
test ecx, ecx
je 00403479
:00403477 FFD1
call ecx
|:00403475(C)
|
:00403479 8B4C2404
:0040347D B8D9000000
:00403482 8B5114
:00403485 891424
:00403488 E91F030000

mov
mov
mov
mov
jmp
ecx, dword ptr [esp+04]

eax, 000000D9
edx, dword ptr [ecx+14]
dword ptr [esp], edx
004037AC

|:0040341F(C)
|
:0040348D 31C0
xor eax, eax
:0040348F C3
ret

|:004035B5
|
:00403490 31D2
xor edx, edx
:00403492 8D45F4
:00403495 648B0A
mov ecx, dword ptr fs:[edx]
:00403498 648902
:0040349B 8908
:0040349D C7400414344000
mov [eax+04], 00403414
:004034A4 896808
mov dword ptr [eax+08], ebp
:004034A7 8905A4344400
mov dword ptr [004434A4], eax
:004034AD C3
ret
:004034AE 8BC0
mov eax, eax

|:0040373B
|
:004034B0 31D2
xor edx, edx
:004034B2 8B05A4344400
mov eax, dword ptr [004434A4]
:004034B8 648B0A
mov ecx, dword ptr fs:[edx]
:004034BB 39C8
cmp eax, ecx
:004034BD 7508
jne 004034C7
:004034BF 8B00
:004034C1 648902
:004034C4 C3
ret

|:004034CE(C)
|
:004034C5 8B09
|:004034BD(C)
|
:004034C7 83F9FF
cmp ecx, FFFFFFFF
:004034CA 7408
je 004034D4
:004034CC 3901
cmp dword ptr [ecx], eax
:004034CE 75F5
:004034D0 8B00
:004034D2 8901
jne 004034C5

|:004034CA(C)
|
:004034D4 C3
ret
:004034D5 8D4000
|:00403523 , :00403583 , :0040370E
|
:004034D8 55
push ebp
:004034D9 8BEC
mov ebp, esp
:004034DB 53
push ebx
:004034DC 56
push esi
:004034DD 57
push edi
:004034DE BFA0344400
mov edi, 004434A0
:004034E3 8B4708
mov eax, dword ptr [edi+08]
:004034E6 85C0
test eax, eax
:004034E8 7448
je 00403532
:004034EA 8B5F0C
mov ebx, dword ptr [edi+0C]
:004034ED 8B7004
mov esi, dword ptr [eax+04]
:004034F0 33D2
xor edx, edx
:004034F2 55
push ebp
:004034F3 681E354000
push 0040351E
:004034F8 64FF32
:004034FB 648922
:004034FE 85DB
test ebx, ebx
:00403500 7E12
jle 00403514
|:00403512(C)
|
:00403502 4B
:00403503 895F0C
:00403506 8B44DE04
:0040350A 85C0
:0040350C 7402
:0040350E FFD0

dec ebx
mov dword ptr [edi+0C], ebx
mov eax, dword ptr [esi+8*ebx+04]
test eax, eax
je 00403510
call eax

|:0040350C(C)
|
:00403510 85DB
test ebx, ebx
:00403512 7FEE
jg 00403502
|:00403500(C)
|
:00403514 33C0
:00403516 5A
:00403517 59
:00403518 59
:00403519 648910
:0040351C EB14
:0040351E E94DFBFFFF
:00403528 E89FFDFFFF

xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00403532
jmp 00403070
call 004034D8
call 004032CC
:0040352D E8EEFDFFFF
call 00403320
|:004034E8(C), :0040351C(U)
|
:00403532 5F
:00403533 5E
:00403534 5B
:00403535 5D
:00403536 C3
:00403537 90
nop
pop
pop
pop
pop
ret
edi
esi
ebx
ebp

|:004035C1
|
:00403538 55
push ebp
:00403539 8BEC
mov ebp, esp
:0040353B 53
push ebx
:0040353C 56
push esi
:0040353D 57
push edi
:0040353E A1A8344400
:00403543 85C0
test eax, eax
:00403545 744B
je 00403592
:00403547 8B30
mov esi, dword ptr [eax]
:00403549 33DB
xor ebx, ebx
:0040354B 8B7804
mov edi, dword ptr [eax+04]
:0040354E 33D2
xor edx, edx
:00403550 55
push ebp
:00403551 687E354000
push 0040357E
:00403556 64FF32
:00403559 648922
:0040355C 3BF3
cmp esi, ebx
:0040355E 7E14
jle 00403574
|:00403572(C)
|
:00403560 8B04DF
:00403563 43
:00403564 891DAC344400
:0040356A 85C0
:0040356C 7402
:0040356E FFD0

mov eax, dword ptr [edi+8*ebx]
inc ebx
mov dword ptr [004434AC], ebx
test eax, eax
je 00403570
call eax

|:0040356C(C)
|
:00403570 3BF3
cmp esi, ebx
:00403572 7FEC
jg 00403560
|:0040355E(C)
|
:00403574 33C0
xor eax, eax
:00403576 5A
pop edx
:00403577 59
pop ecx
:00403578 59
pop ecx
:00403579 648910
:0040357C
:0040357E
:00403583
:00403588
:0040358D
EB14
E9EDFAFFFF
E850FFFFFF
E83FFDFFFF
E88EFDFFFF
jmp 00403592
jmp 00403070
call 004034D8
call 004032CC
call 00403320
|:00403545(C), :0040357C(U)
|
:00403592 5F
:00403593 5E
:00403594 5B
:00403595 5D
:00403596 C3
:00403597 90
nop
pop
pop
pop
pop
ret
edi
esi
ebx
ebp

|:00405BD0
|
:00403598 8905A8344400
:0040359E 31C0
xor eax, eax
:004035A0 8905AC344400
mov dword ptr [004434AC], eax
:004035A6 8915B0344400
mov dword ptr [004434B0], edx
:004035AC 8B4204
:004035AF 89051C304400
:004035B5 E8D6FEFFFF
call 00403490
:004035BA C6052430440000
mov byte ptr [00443024], 00
call 00403538
:004035C6 C3
ret
:004035C7 90
nop

|:0040A65F , :00433FDA
|
:004035C8 53
push ebx
:004035C9 56
push esi
:004035CA 8B18
mov ebx, dword ptr [eax]
:004035CC 8D7004
lea esi, dword ptr [eax+04]
|:004035DF(C)
|
:004035CF 8B4604
:004035D2 8B16
:004035D4 8B00
:004035D6 E849180000
:004035DB 83C608
:004035DE 4B
:004035DF 75EE
:004035E1 5E
:004035E2 5B
:004035E3 C3

call 00404E24
add esi, 00000008
dec ebx
jne 004035CF
pop esi
pop ebx
ret
|:0040A669 , :0043FF1A
|
:004035E4 53
:004035E5 56
:004035E6 8B18
:004035E8 8D7004
, :0044150A
push ebx
push esi

|:004035FD(C)
|
:004035EB 8B4604
:004035EE 8B16
:004035F0 8B4E08
:004035F3 8B00
:004035F5 01C8
add eax, ecx
:004035F7 8902
:004035F9 83C60C
add esi, 0000000C
:004035FC 4B
dec ebx
:004035FD 75EC
jne 004035EB
:004035FF 5E
pop esi
:00403600 5B
pop ebx
:00403601 C3
ret
:00403602 8BC0
mov eax, eax

|:004036C0
|
:00403604 53
push ebx
:00403605 8B0534304400
:0040360B BB30204400
mov ebx, 00442030
:00403610 B90A000000
mov ecx, 0000000A
|:00403621(C)
|
:00403615 31D2
:00403617 F7F1
:00403619 80C230
:0040361C 8813
:0040361E 4B
:0040361F 85C0
:00403621 75F2
:00403623 8B053C304400
:00403629 E84E140000
:0040362E 8B153C304400
:00403634 92
:00403635 29D0

xor edx, edx
div ecx
add dl, 30
mov byte ptr [ebx], dl
dec ebx
test eax, eax
jne 00403615
call 00404A7C
xchg eax,edx
sub eax, edx
* Possible StringData Ref from Data Obj ->"0"

|
:00403637 BB3C204400
mov ebx, 0044203C
|:0040364D(C)
|
:0040363C 89C2
:0040363E 83E20F
:00403641 8A9248204400

mov edx, eax
and edx, 0000000F
mov dl, byte ptr [edx+00442048]
:00403647
:00403649
:0040364A
:0040364D
:0040364F
:00403650
8813
4B
C1E804
75ED
5B
C3
:00403651 8D4000
mov
dec
shr
jne
pop
ret
byte ptr [ebx], dl

ebx
eax, 04
0040363C
ebx

|:0040374F
|
:00403654 BFA0344400
mov edi, 004434A0
:00403659 8B1DB8344400
mov ebx, dword ptr [004434B8]
:0040365F 8B2DB4344400
mov ebp, dword ptr [004434B4]
:00403665 FF771C
push [edi+1C]
:00403668 FF7720
push [edi+20]
:0040366B 8B37
mov esi, dword ptr [edi]
:0040366D B90B000000
mov ecx, 0000000B
:00403672 F3
repz
:00403673 A5
movsd
:00403674 5F
pop edi
:00403675 5E
pop esi
:00403676 31C0
xor eax, eax
:00403678 870534304400
xchg dword ptr [00443034], eax
:0040367E F7D8
neg eax
:00403680 19C0
sbb eax, eax
:00403682 40
inc eax
:00403683 C9
leave
:00403684 C20C00
ret 000C
:00403687 C3
ret

|:0043E4F5 , :00441A04
|
|:004037A6(U)
|
:00403688 53
:00403689 56
:0040368A 57
:0040368B 55
:0040368C BBA0344400
:00403691 BE34304400
:00403696 BF38304400
:0040369B 807B2400
:0040369F 7516
:004036A1 833F00
:004036A4 7411

push ebx
push esi
push edi
push ebp
mov ebx, 004434A0
mov esi, 00443034
mov edi, 00443038
cmp byte ptr [ebx+24], 00
jne 004036B7
je 004036B7

|:004036B5(C)
|
:004036A6 8B17
:004036A8
:004036AA
:004036AC
:004036AE
:004036B0
:004036B2
:004036B5
89D0
33D2
8917
8BE8
FFD5
833F00
75EF
|:0040369F(C), :004036A4(C)
|
:004036B7 833D3C30440000
:004036BE 743E
:004036C0 E83FFFFFFF
:004036C5 803D4430440000
:004036CC 7416
mov eax, edx

xor edx, edx
mov dword ptr [edi], edx
mov ebp, eax
call ebp
jne 004036A6
cmp dword ptr [0044303C], 00000000
je 004036FE
call 00403604
cmp byte ptr [00443044], 00
je 004036E4
* Possible StringData Ref from Data Obj ->"Runtime error

|
:004036CE BA20204400
mov edx, 00442020
:004036D3 B818324400
mov eax, 00443218
:004036D8 E8D31C0000
call 004053B0
:004036DD E8511C0000
call 00405333
:004036E2 EB13
jmp 004036F7
at 00000000"

|:004036CC(C)
|
:004036E4 6A00
push 00000000
* Possible StringData Ref from Data Obj ->"Error"
|
:004036E6 6840204400
push 00442040
* Possible StringData Ref from Data Obj ->"Runtime error
|
:004036EB 6820204400
push 00442020
:004036F0 6A00
push 00000000
at 00000000"

|
:004036F2 E841DBFFFF
Call 00401238
|:004036E2(U)
|
:004036F7 33C0
xor eax, eax
:004036F9 A33C304400
|:004036BE(C), :00403770(U)
|
:004036FE 807B2402
:00403702 750A
:00403704 833E00
:00403707 7505
:00403709 33C0
:0040370B 89430C

cmp
jne
cmp
jne
xor
mov
byte ptr [ebx+24], 02

0040370E
dword ptr [esi], 00000000
0040370E
eax, eax
dword ptr [ebx+0C], eax
|:00403702(C), :00403707(C)
|
:0040370E E8C5FDFFFF
:00403713 807B2401
:00403717 7605
:00403719 833E00
:0040371C 741D
|:00403717(C)
|
:0040371E 8B4310
:00403721 85C0
:00403723 7416
:00403725 E88A160000
:0040372A 8B4310
:0040372D 8B5010
:00403730 3B5004
:00403733 7406
:00403735 52
call 004034D8
jbe 0040371E
je 0040373B
mov eax, dword
test eax, eax
je 0040373B
call 00404DB4
mov eax, dword
mov edx, dword
cmp edx, dword
je 0040373B
push edx
ptr [ebx+10]
ptr [ebx+10]
ptr [eax+10]
ptr [eax+04]

|
:00403736 E805DBFFFF
Call 00401240
|:0040371C(C), :00403723(C), :00403733(C)
|
call 004034B0
:00403740 807B2401
:00403744 7503
jne 00403749
:00403746 FF5328
call [ebx+28]
|:00403744(C)
|
:00403749 807B2400
:0040374D 7405
:0040374F E800FFFFFF

je 00403754
call 00403654

|:0040374D(C)
|
:00403754 833B00
:00403757 7508
jne 00403761
:00403759 8B06
:0040375B 50
push eax
* Reference To: kernel32.ExitProcess, Ord:0000h
|
:0040375C E8CFDAFFFF
Call 00401230
|:00403757(C)
|
:00403761 8B03
:00403763 56
:00403764 8BF0
:00403766 8BFB
:00403768 B90B000000

mov eax,
push esi
mov esi,
mov edi,
mov ecx,
dword ptr [ebx]

eax
ebx
0000000B
:0040376D
:0040376E
:0040376F
:00403770
:00403772
:00403773
:00403774
:00403776
:0040377D
:0040377F
:00403781
:00403787
:00403789
:0040378B
:0040378D
:0040378F
:00403790
:00403793
:00403795
:00403796
:00403797
:0040379B
:0040379C
:0040379D
F3
A5
5E
EB8C
50
6F
7274
696F6E7320436F
7079
7269
676874202863
2920
3139
3833
2C39
37
20426F
726C
61
6E
64005D5F
5E
5B
C3
repz
movsd
pop esi
jmp 004036FE
push eax
outsd
jb 004037EA
imul ebp, dword ptr [edi+6E], 6F432073
jo 004037F8
jb 004037EA
push 63282074
sub dword ptr [eax], esp
xor dword ptr [ecx], edi
cmp byte ptr [ebx], dh
sub al, 39
aaa
and byte ptr [edx+6F], al
jb 00403801
popad
outsb
add byte ptr fs:[ebp+5F], bl
pop esi
pop ebx
ret
:0040379E 8BC0
mov eax, eax

|:00408E9A
|
|:004037B2(U)
|
:004037A0 890534304400
:004037A6 E9DDFEFFFF
:004037AB C3

jmp 00403688
ret

|:00405ADC , :00405AF8
|
|:00402744(U), :0040280C(U), :0040336B(U), :00403488(U)
|
:004037AC 8F053C304400
pop dword ptr [0044303C]
:004037B2 E9E9FFFFFF
jmp 004037A0
:004037B7 C3
ret
* Referenced
|:004038BF
|:00404332
|:00407F85
|:004085C7
|:00408B69
by a CALL at
, :004038E2
, :004044D5
, :0040808D
, :004088FC
, :00408DAE
Addresses:
, :00403C6E
, :0040479D
, :004082E4
, :004089E3
, :00408E79
,
,
,
,
,
:00403D5F
:00407833
:004083F7
:00408AF0
:00408F54
,
,
,
,
,
:0040404A
:00407B9D
:00408435
:00408AF8
:00409510
|:00409518
|:0040A5F0
|:0040A622
|:0040C98C
|:0040CDC6
|:0040D3A7
|:0040DC0F
|:0040DF78
|:0040E382
|:0040E7F7
|:0040F368
|:0040F824
|:00410217
|:00410A19
|:00411187
|:00411A95
|:0041520C
|:004169B5
|:0041A4EC
|:0041ADB5
|:00422223
|:00423080
|:00424FFF
|:0042A2FC
|:0042BAAD
|:0042CEAB
|:0042F767
|:004311DE
|:004316B7
|:00432470
|:0043A4CE
|:0043C1B2
|:0043D82C
|:0044123F
|
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040A55F
:0040A5FA
:0040AED6
:0040CB08
:0040CE53
:0040D559
:0040DCF6
:0040E068
:0040E47C
:0040E873
:0040F3B0
:0040F8B8
:004103E6
:00410D8C
:00411222
:00411B17
:00415254
:00416A44
:0041A538
:0041D4C0
:0042222B
:00423223
:004252E9
:0042A3FA
:0042C411
:0042E6FF
:00430620
:004311E6
:00431C5F
:00436CA3
:0043A625
:0043C74E
:0043DDDF
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040A5D2
:0040A604
:0040C3E3
:0040CBC7
:0040D078
:0040D8C7
:0040DDA7
:0040E17D
:0040E580
:0040E9FE
:0040F461
:004100DC
:004104D4
:00410DFA
:004112D9
:00414154
:004152A8
:00416F70
:0041A5AD
:0041D892
:004222B5
:0042352C
:00426302
:0042AC90
:0042C4CD
:0042E96D
:0043067A
:004312B4
:00431EA0
:004381DF
:0043B16D
:0043C995
:0043DE6A
|:00404490(U)
|
:004037B8 8B10
:004037BA 85D2
:004037BC 741B
:004037BE C70000000000
:004037C4 8B4AF8
:004037C7 49
:004037C8 7C0F
:004037CA 894AF8
:004037CD 750A
:004037CF 50
:004037D0 8D42F8
:004037D3 E8D4EEFFFF
:004037D8 58
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040A5DC
:0040A60E
:0040C504
:0040CCBC
:0040D2E5
:0040DA2B
:0040DE31
:0040E219
:0040E5F7
:0040EBFD
:0040F539
:004101B8
:00410786
:00410F3A
:004112E1
:00414F78
:0041534E
:00417CBC
:0041A5F9
:0041DAF7
:00422CB3
:004238CC
:00426472
:0042ACE0
:0042C613
:0042EB69
:0043084D
:0043141A
:00431EA8
:00438E1B
:0043BBC0
:0043D043
:0043F0F9
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040A5E6
:0040A618
:0040C50C
:0040CD2E
:0040D2ED
:0040DB60
:0040DEF2
:0040E313
:0040E6B4
:0040EE29
:0040F6C0
:004101C0
:004109F6
:0041113D
:00411961
:004151C4
:00416892
:004193EE
:0041AD68
:0041E617
:00422FB2
:00424E5D
:00428D5D
:0042B88A
:0042CDF7
:0042F15E
:00430899
:004314B5
:00432302
:00439C1E
:0043BEF8
:0043D1A7
:0043F101

test edx, edx
je 004037D9
mov dword ptr [eax], 00000000
mov ecx, dword ptr [edx-08]
dec ecx
jl 004037D9
mov dword ptr [edx-08], ecx
jne 004037D9
push eax
lea eax, dword ptr [edx-08]
call 004026AC
pop eax

|:004037BC(C), :004037C8(C), :004037CD(C)
|
:004037D9 C3
ret
:004037DA 8BC0
mov eax, eax
|:00404056 ,
|:0040D73F ,
|:0041057A ,
|:00430A05 ,
|:0043FDA3 ,
|
:004037DC 53
:004037DD 56
:004037DE 89C3
:004037E0 89D6
:00408DA6
:0040D866
:00410CD1
:00433293
:004417A2
,
,
,
,
:00409620
:0040D9AD
:0041773C
:00436BEC
,
,
,
,
:00409774
:0040ED2C
:0042C296
:0043CB03
,
,
,
,
:0040C24B
:0040FCDF
:004308B3
:0043F491
push ebx
push esi
mov ebx, eax
mov esi, edx
|:00403805(C)
|
:004037E2 8B13
:004037E4 85D2
:004037E6 7419
:004037E8 C70300000000
:004037EE 8B4AF8
:004037F1 49
:004037F2 7C0D
:004037F4 894AF8
:004037F7 7508
:004037F9 8D42F8
:004037FC E8ABEEFFFF

test edx, edx
je 00403801
dec ecx
jl 00403801
jne 00403801
call 004026AC

|:00403793(C), :004037E6(C), :004037F2(C), :004037F7(C)
|
:00403801 83C304
add ebx, 00000004
:00403804 4E
dec esi
:00403805 75DB
jne 004037E2
:00403807 5E
pop esi
:00403808 5B
pop ebx
:00403809 C3
ret
:0040380A 8BC0
* Referenced
|:00403A96
|:0040822D
|:004088E7
|:00409508
|:0040E564
|:00416991
|:0042CE79
|:00431EFF
|
by a CALL at
, :00403ADC
, :00408250
, :004093B2
, :0040A682
, :0040EF4A
, :0042220E
, :0042DA97
, :00432733
mov eax, eax

Addresses:
, :00403B32
, :0040829E
, :00409484
, :0040AC72
, :0040EF55
, :004223E1
, :0042E0D9
, :0043F54F
,
,
,
,
,
,
,
,
:00404158
:004082C3
:004094B1
:0040C73E
:00411AB7
:00424E14
:0042E249
:004412E1
,
,
,
,
,
,
,
:0040424E
:00408886
:004094E6
:0040E4E3
:00416981
:00425301
:00430E11

|:00403A44(C), :00403A86(C), :00403AE7(U), :0040477E(U)
|
:0040380C 85D2
test edx, edx
:0040380E 7423
je 00403833
:00403810 8B4AF8
:00403813 41
inc ecx
:00403814 7F1A
jg 00403830
:00403816 50
push eax
:00403817 52
push edx
:00403818
:0040381B
:00403820
:00403822
:00403823
:00403824
:00403827
:0040382C
:0040382D
:0040382E
8B42FC
E858000000
89C2
58
52
8B48FC
E880EFFFFF
5A
58
EB03
mov eax, dword ptr [edx-04]

call 00403878
mov edx, eax
pop eax
push edx
call 004027AC
pop edx
pop eax
jmp 00403833

|:00403814(C)
|
:00403830 894AF8
|:0040380E(C), :0040382E(U)
|
:00403833 8710
:00403835 85D2
:00403837 7413
:00403839 8B4AF8
:0040383C 49
:0040383D 7C0D
:0040383F 894AF8
:00403842 7508
:00403844 8D42F8
:00403847 E860EEFFFF

xchg dword ptr [eax], edx
test edx, edx
je 0040384C
dec ecx
jl 0040384C
jne 0040384C
call 004026AC

|:00403837(C), :0040383D(C), :00403842(C)
|
:0040384C C3
ret
:0040384D 8D4000
|:00408169 , :004084C3
|:004095AA , :004095B9
|:0040F645 , :0040FF9E
|:004104DE , :00410A2B
|:004206DD , :0042ACCB
|:004307BA , :004307D5
|:0043D81E , :0043E962
|
:00403850 85D2
:00403852 7409
:00403854 8B4AF8
:00403857 41
:00403858 7E03
:0040385A 894AF8
Addresses:
, :00408A8A
, :0040D26D
, :0040FFAC
, :00411262
, :00430779
, :00430FCE
, :0043F07A
|:00403852(C), :00403858(C)
|
:0040385D 8710
:0040385F 85D2
:00403861 7413
:00403863 8B4AF8
:00403866 49
,
,
,
,
,
,
,
:00409548
:0040E2FE
:0040FFBA
:00411877
:0043078C
:00431574
:0043FBC9
,
,
,
,
,
,
:00409557
:0040E647
:00410102
:00420699
:0043079F
:00431E27
test edx, edx

je 0040385D
inc ecx
jle 0040385D
xchg dword ptr [eax], edx
test edx, edx
je 00403876
dec ecx
:00403867
:00403869
:0040386C
:0040386E
:00403871
7C0D
894AF8
7508
8D42F8
E836EEFFFF
jl 00403876
jne 00403876
call 004026AC

|:00403861(C), :00403867(C), :0040386C(C)
|
:00403876 C3
ret
:00403877 90
nop
|:0040381B , :004038A7 , :00403AB0 , :00403B0A , :00403C16
|:00403D40 , :004047D3
|
:00403878 85C0
test eax, eax
:0040387A 7E1C
jle 00403898
:0040387C 50
push eax
:0040387D 83C009
add eax, 00000009
:00403880 E80FEEFFFF
call 00402694
:00403885 83C008
add eax, 00000008
:00403888 5A
pop edx
:00403889 8950FC
mov dword ptr [eax-04], edx
:0040388C C740F801000000
mov [eax-08], 00000001
:00403893 C6041000
mov byte ptr [eax+edx], 00
:00403897 C3
ret

|:0040387A(C)
|
:00403898 31C0
xor eax, eax
:0040389A C3
ret
:0040389B 90
* Referenced
|:00403916
|:00404382
|:0040815E
|:00410E2A
|:0043C95A
|
nop
by a CALL at
, :00403938
, :00404E60
, :0040D946
, :00410E91
, :0043E956
Addresses:
, :00403964
, :0040755D
, :0040DB17
, :0041DD1C
,
,
,
,
:00403C5B
:004080D3
:0040DEA4
:004231BA
,
,
,
,
:00404360
:0040811E
:0040FF7B
:0043C6F1

|:00403993(U), :004039DD(U), :004039F6(U)
|
:0040389C 53
push ebx
:0040389D 56
push esi
:0040389E 57
push edi
:0040389F 89C3
mov ebx, eax
:004038A1 89D6
mov esi, edx
:004038A3 89CF
mov edi, ecx
:004038A5 89F8
mov eax, edi
:004038A7 E8CCFFFFFF
call 00403878
:004038AC 89F9
mov ecx, edi
:004038AE 89C7
mov edi, eax
:004038B0
:004038B2
:004038B4
:004038B6
:004038B8
85F6
7409
89C2
89F0
E8EFEEFFFF
test esi, esi

je 004038BD
mov edx, eax
mov eax, esi
call 004027AC
|:004038B2(C)
|
:004038BD 89D8
:004038BF E8F4FEFFFF
:004038C4 893B
:004038C6 5F
:004038C7 5E
:004038C8 5B
:004038C9 C3
:004038CA 8BC0
mov eax, eax
|:004039CF(U), :00403A07(U)
|
:004038CC 53
:004038CD 56
:004038CE 57
:004038CF 55
:004038D0 81C400F8FFFF
:004038D6 8BD9
:004038D8 8BEA
:004038DA 8BF8
:004038DC 85DB
:004038DE 7F09
:004038E0 8BC7
:004038E2 E8D1FEFFFF
:004038E7 EB67
|:004038DE(C)
|
:004038E9 81FB00040000
:004038EF 7D2C
:004038F1 6A00
:004038F3 6A00
:004038F5 6800080000
:004038FA 8D44240C
:004038FE 50
:004038FF 53
:00403900 55
:00403901 6A00
:00403903 6A00
mov eax, ebx

call 004037B8
pop edi
pop esi
pop ebx
ret
push ebx
push esi
push edi
push ebp
add esp, FFFFF800
mov ebx, ecx
mov ebp, edx
mov edi, eax
test ebx, ebx
jg 004038E9
mov eax, edi
call 004037B8
jmp 00403950
cmp ebx, 00000400

jge 0040391D
push 00000000
push 00000000
push 00000800
lea eax, dword ptr [esp+0C]
push eax
push ebx
push ebp
push 00000000
push 00000000

|
:00403905 E8AED9FFFF
Call 004012B8
:0040390A 8BF0
mov esi, eax
:0040390C 85F6
test esi, esi
:0040390E 7E0D
jle 0040391D
:00403910 8BD4
mov edx, esp
:00403912 8BC7
mov eax, edi
:00403914 8BCE
:00403916 E881FFFFFF
:0040391B EB33
mov ecx, esi

call 0040389C
jmp 00403950
|:004038EF(C), :0040390E(C)
|
:0040391D 6A00
:0040391F 6A00
:00403921 6A00
:00403923 6A00
:00403925 53
:00403926 55
:00403927 6A00
:00403929 6A00

push
push
push
push
push
push
push
push
00000000
00000000
00000000
00000000
ebx
ebp
00000000
00000000

|
:0040392B E888D9FFFF
Call 004012B8
:00403930 8BF0
mov esi, eax
:00403932 8BC7
mov eax, edi
:00403934 8BCE
mov ecx, esi
:00403936 33D2
xor edx, edx
:00403938 E85FFFFFFF
call 0040389C
:0040393D 6A00
push 00000000
:0040393F 6A00
push 00000000
:00403941 56
push esi
:00403942 8B07
:00403944 50
push eax
:00403945 53
push ebx
:00403946 55
push ebp
:00403947 6A00
push 00000000
:00403949 6A00
push 00000000
|
:0040394B E868D9FFFF
Call 004012B8
|:004038E7(U), :0040391B(U)
|
:00403950 81C400080000
:00403956 5D
:00403957 5F
:00403958 5E
:00403959 5B
:0040395A C3
:0040395B 90
nop
add
pop
pop
pop
pop
ret
esp, 00000800
ebp
edi
esi
ebx

|:0040849F , :00408598 , :004307E9 , :004307FD
|:00433254 , :00433265 , :00436BAE , :00436BBD
|
:0040395C 52
push edx
:0040395D 89E2
mov edx, esp
:0040395F B901000000
mov ecx, 00000001
:00403964 E833FFFFFF
call 0040389C
:00403969 5A
pop edx
, :00430811
:0040396A C3
ret
:0040396B 90
nop

|:00404E6C , :00408311 , :0040DE12
|
:0040396C 31C9
xor ecx, ecx
:0040396E 85D2
test edx, edx
:00403970 7421
je 00403993
:00403972 52
push edx
|:00403989(U)
|
:00403973 3A0A
:00403975 7417
je 0040398E
:00403977 3A4A01
:0040397A 7411
je 0040398D
:0040397C 3A4A02
:0040397F 740B
je 0040398C
:00403981 3A4A03
:00403984 7405
je 0040398B
:00403986 83C204
add edx, 00000004
:00403989 EBE8
jmp 00403973
|:00403984(C)
|
:0040398B 42
inc edx
|:0040397F(C)
|
:0040398C 42
inc edx
|:0040397A(C)
|
:0040398D 42
inc edx
|:00403975(C)
|
:0040398E 89D1
mov ecx, edx
:00403990 5A
pop edx
:00403991 29D1
sub ecx, edx
|:00403970(C)
|
:00403993 E904FFFFFF
jmp 0040389C
:00403998 C3
ret
:00403999
:0040399C
:0040399E
:004039A0
8D4000
31C9
85D2
742D

xor ecx, ecx
test edx, edx
je 004039CF
:004039A2 52
push edx
|:004039BD(U)
|
:004039A3 663B0A
:004039A6 7420
:004039A8 663B4A02
:004039AC 7417
:004039AE 663B4A04
:004039B2 740E
:004039B4 663B4A06
:004039B8 7405
:004039BA 83C208
:004039BD EBE4

cmp cx, word ptr [edx]
je 004039C8
cmp cx, word ptr [edx+02]
je 004039C5
je 004039C2
je 004039BF
add edx, 00000008
jmp 004039A3

|:004039B8(C)
|
:004039BF 83C202
add edx, 00000002
|:004039B2(C)
|
:004039C2 83C202
add edx, 00000002
|:004039AC(C)
|
:004039C5 83C202
add edx, 00000002
|:004039A6(C)
|
:004039C8 89D1
mov ecx, edx
:004039CA 5A
pop edx
:004039CB 29D1
sub ecx, edx
:004039CD D1E9
shr ecx, 1
|:004039A0(C)
|
:004039CF E9F8FEFFFF
jmp 004038CC
:004039D4 C3
ret
:004039D5 8D4000
|:0040C399 , :0040C457
|:00410129 , :0041409A
|:00416A1A , :00416ECC
|
:004039D8 31C9
:004039DA 8A0A
:004039DC 42
:004039DD E9BAFEFFFF
:004039E2 C3

Addresses:
, :0040C957
, :004140B8
, :004209BD
xor
mov
inc
jmp
ret
, :0040D25E
, :004140D3
, :004262E2
, :0040D350
, :004141DA
ecx, ecx
cl, byte ptr [edx]
edx
0040389C
:004039E3 90
nop

|:00408CBF , :00409019 , :00415318 , :004306C4
|:0043CAAC , :0043D11A , :0043D153 , :0043DBAE
|
:004039E4 57
push edi
:004039E5 50
push eax
:004039E6 51
push ecx
:004039E7 89D7
mov edi, edx
:004039E9 31C0
xor eax, eax
:004039EB F2
repnz
:004039EC AE
scasb
:004039ED 7502
jne 004039F1
:004039EF F7D1
not ecx
, :00432FC6
|:004039ED(C)
|
:004039F1 58
:004039F2 01C1
:004039F4 58
:004039F5 5F
:004039F6 E9A1FEFFFF
:004039FB C3
:004039FC
:004039FE
:00403A00
:00403A02
:00403A05
xor ecx, ecx

test edx, edx
je 00403A07
shr ecx, 1
31C9
85D2
7405
8B4AFC
D1E9
pop
add
pop
pop
jmp
ret
eax
ecx, eax
eax
edi
0040389C

|:00403A00(C)
|
:00403A07 E9C0FEFFFF
jmp 004038CC
:00403A0C C3
ret
:00403A0D 8D4000

|:0040AC4C , :0040F596 , :00411BEE , :00414218
|
:00403A10 53
push ebx
:00403A11 85D2
test edx, edx
:00403A13 7418
je 00403A2D
:00403A15 8B5AFC
mov ebx, dword ptr [edx-04]
:00403A18 85DB
test ebx, ebx
:00403A1A 7411
je 00403A2D
:00403A1C 39D9
cmp ecx, ebx
:00403A1E 7C02
jl 00403A22
:00403A20 89D9
mov ecx, ebx
|:00403A1E(C)
|
:00403A22 8808
mov byte ptr [eax], cl
:00403A24 40
inc eax
:00403A25
:00403A26
:00403A2B
:00403A2C
92
E881EDFFFF
5B
C3
xchg eax,edx
call 004027AC
pop ebx
ret
|:00403A13(C), :00403A1A(C)
|
:00403A2D C60000
:00403A30 5B
:00403A31 C3
:00403A32 8BC0
mov eax, eax
|:004043DA , :004043E3
|:004075D5 , :004075F2
|:00408037 , :00408053
|:004084B1 , :004085AA
|:0040DD86 , :00410279
|:0041D469 , :0041D490
|:004308F3 , :00430917
|:0043C6F9 , :0043C962
|
:00403A34 85C0
:00403A36 7403
:00403A38 8B40FC
mov byte ptr [eax], 00

pop ebx
ret
Addresses:
, :00407549
, :0040774F
, :00408077
, :00409127
, :0041143D
, :0042C3CF
, :00431648
, :00440EBD
,
,
,
,
,
,
,
:0040757C
:00407782
:0040809E
:0040D92F
:00414C9E
:004308DF
:0043168A
,
,
,
,
,
,
,
:0040758C
:004079B4
:0040831A
:0040D971
:0041D427
:004308E7
:00436BA0
test eax, eax

je 00403A3B

|:00403A36(C)
|
:00403A3B C3
ret
* Referenced
|:004084A9
|:0040858A
|:00430860
|:0043F0B4
|
by a CALL at
, :004084F6
, :004085A2
, :00430873
Addresses:
, :00408521
, :0041D3C9
, :00430886
|:00403A9D(U), :00403AEE(U)
|
:00403A3C 85D2
:00403A3E 743F
:00403A40 8B08
:00403A42 85C9
:00403A44 0F84C2FDFFFF
:00403A4A 53
:00403A4B 56
:00403A4C 57
:00403A4D 89C3
:00403A4F 89D6
:00403A51 8B79FC
:00403A54 8B56FC
:00403A57 01FA
:00403A59 39CE
, :00408547
, :0042C08A
, :00430890
, :0040856F
, :0042C0CB
, :0043159D

test edx, edx
je 00403A7F
test ecx, ecx
je 0040380C
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, dword ptr [ecx-04]
add edx, edi
cmp esi, ecx
:00403A5B
:00403A5D
:00403A62
:00403A64
7417
E8A6020000
89F0
8B4EFC
je 00403A74
call 00403D08
mov eax, esi
mov ecx, dword ptr [esi-04]
|:00403A7D(U)
|
:00403A67 8B13
:00403A69 01FA
:00403A6B E83CEDFFFF
:00403A70 5F
:00403A71 5E
:00403A72 5B
:00403A73 C3
|:00403A5B(C)
|
:00403A74 E88F020000
:00403A79 8B03
:00403A7B 89F9
:00403A7D EBE8

add edx, edi
call 004027AC
pop edi
pop esi
pop ebx
ret
call 00403D08
mov ecx, edi
jmp 00403A67

|:00403A3E(C)
|
:00403A7F C3
ret
|:00430832 , :00431E1A
|
:00403A80 85D2
test edx, edx
:00403A82 7461
je 00403AE5
:00403A84 85C9
test ecx, ecx
:00403A86 0F8480FDFFFF
je 0040380C
:00403A8C 3B10
cmp edx, dword ptr [eax]
:00403A8E 745C
je 00403AEC
:00403A90 3B08
cmp ecx, dword ptr [eax]
:00403A92 740E
je 00403AA2
:00403A94 50
push eax
:00403A95 51
push ecx
call 0040380C
:00403A9B 5A
pop edx
:00403A9C 58
pop eax
:00403A9D E99AFFFFFF
jmp 00403A3C
|:00403A92(C)
|
:00403AA2 53
push ebx
:00403AA3 56
push esi
:00403AA4 57
push edi
:00403AA5 89D3
mov ebx, edx
:00403AA7 89CE
mov esi, ecx
:00403AA9 50
push eax
:00403AAA 8B43FC
mov eax, dword ptr [ebx-04]
:00403AAD 0346FC
add eax, dword ptr [esi-04]
:00403AB0
:00403AB5
:00403AB7
:00403AB9
:00403ABB
:00403ABE
:00403AC3
:00403AC5
:00403AC7
:00403ACA
:00403ACD
:00403AD2
:00403AD3
:00403AD5
:00403AD7
:00403AD9
E8C3FDFFFF
89C7
89C2
89D8
8B4BFC
E8E9ECFFFF
89FA
89F0
8B4EFC
0353FC
E8DAECFFFF
58
89FA
85FF
7403
FF4FF8
|:00403AD7(C)
|
:00403ADC E82BFDFFFF
:00403AE1 5F
:00403AE2 5E
:00403AE3 5B
:00403AE4 C3
call 00403878
mov edi, eax
mov edx, eax
mov eax, ebx
call 004027AC
mov edx, edi
mov eax, esi
add edx, dword ptr [ebx-04]
call 004027AC
pop eax
mov edx, edi
test edi, edi
je 00403ADC
dec [edi-08]
call 0040380C
pop edi
pop esi
pop ebx
ret

|:00403A82(C)
|
:00403AE5 89CA
mov edx, ecx
:00403AE7 E920FDFFFF
jmp 0040380C
|:00403A8E(C)
|
:00403AEC 89CA
:00403AEE E949FFFFFF
:00403AF3 C3

mov edx, ecx
jmp 00403A3C
ret

|:004095D6 , :004095F3 , :0040D392 , :0043102F
|
:00403AF4 53
push ebx
:00403AF5 56
push esi
:00403AF6 52
push edx
:00403AF7 50
push eax
:00403AF8 89D3
mov ebx, edx
:00403AFA 31C0
xor eax, eax
|:00403B08(C)
|
:00403AFC 8B4C9410
:00403B00 85C9
:00403B02 7403
:00403B04 0341FC
, :00441751

mov ecx, dword ptr [esp+4*edx+10]
test ecx, ecx
je 00403B07
add eax, dword ptr [ecx-04]
|:00403B02(C)
|
:00403B07 4A
:00403B08 75F2
:00403B0A E869FDFFFF
:00403B0F 50
:00403B10 89C6
|:00403B27(C)
|
:00403B12 8B449C14
:00403B16 89F2
:00403B18 85C0
:00403B1A 740A
:00403B1C 8B48FC
:00403B1F 01CE
:00403B21 E886ECFFFF
dec edx
jne 00403AFC
call 00403878
push eax
mov esi, eax
mov eax, dword ptr [esp+4*ebx+14]

mov edx, esi
test eax, eax
je 00403B26
add esi, ecx
call 004027AC

|:00403B1A(C)
|
:00403B26 4B
dec ebx
:00403B27 75E9
jne 00403B12
:00403B29 5A
pop edx
:00403B2A 58
pop eax
:00403B2B 85D2
test edx, edx
:00403B2D 7403
je 00403B32
:00403B2F FF4AF8
dec [edx-08]
|:00403B2D(C)
|
:00403B32 E8D5FCFFFF
:00403B37 5A
:00403B38 5E
:00403B39 5B
:00403B3A 58
:00403B3B 8D2494
:00403B3E FFE0
:00403B40 C3
:00403B41 8D4000
|:0040D71B , :00411A05
|:00422321 , :00422F5F
|:0042E201 , :0042E375
|:0043114F , :004315AA
|:0043F543 , :0044175A
|
:00403B44 53
:00403B45 56
:00403B46 57
:00403B47 89C6
:00403B49 89D7
:00403B4B 39D0
call 0040380C
pop edx
pop esi
pop ebx
pop eax
lea esp, dword ptr [esp+4*edx]
jmp eax
ret
Addresses:
, :00416A25
, :004231FC
, :00430BF1
, :004317CA
,
,
,
,
:00417710
:0042DA8B
:00430CB5
:00431D35
push ebx
push esi
push edi
mov esi, eax
mov edi, edx
cmp eax, edx
,
,
,
,
:00422296
:0042E091
:00431090
:00431EF3
:00403B4D
:00403B53
:00403B55
:00403B57
:00403B59
:00403B5B
:00403B5E
:00403B61
:00403B63
:00403B65
0F848F000000
85F6
7468
85FF
746B
8B46FC
8B57FC
29D0
7702
01C2
je 00403BE2
test esi, esi
je 00403BBF
test edi, edi
je 00403BC6
mov eax, dword ptr [esi-04]
mov edx, dword ptr [edi-04]
sub eax, edx
ja 00403B67
add edx, eax

|:00403B63(C)
|
:00403B67 52
push edx
:00403B68 C1EA02
shr edx, 02
:00403B6B 7426
je 00403B93
|:00403B89(C)
|
:00403B6D 8B0E
:00403B6F 8B1F
:00403B71 39D9
cmp ecx, ebx
:00403B73 7558
jne 00403BCD
:00403B75 4A
dec edx
:00403B76 7415
je 00403B8D
:00403B78 8B4E04
:00403B7B 8B5F04
:00403B7E 39D9
cmp ecx, ebx
:00403B80 754B
jne 00403BCD
:00403B82 83C608
add esi, 00000008
:00403B85 83C708
add edi, 00000008
:00403B88 4A
dec edx
:00403B89 75E2
jne 00403B6D
:00403B8B EB06
jmp 00403B93
|:00403B76(C)
|
:00403B8D 83C604
add esi, 00000004
:00403B90 83C704
add edi, 00000004
|:00403B6B(C), :00403B8B(U)
|
:00403B93 5A
:00403B94 83E203
:00403B97 7422
:00403B99 8B0E
:00403B9B 8B1F
:00403B9D 38D9
:00403B9F 7541
:00403BA1 4A
:00403BA2 7417
:00403BA4 38FD
:00403BA6 753A
:00403BA8 4A
:00403BA9 7410
:00403BAB 81E30000FF00

pop edx
and edx, 00000003
je 00403BBB
cmp cl, bl
jne 00403BE2
dec edx
je 00403BBB
cmp ch, bh
jne 00403BE2
dec edx
je 00403BBB
and ebx, 00FF0000
:00403BB1 81E10000FF00
:00403BB7 39D9
:00403BB9 7527
and ecx, 00FF0000

cmp ecx, ebx
jne 00403BE2

|:00403B97(C), :00403BA2(C), :00403BA9(C)
|
:00403BBB 01C0
add eax, eax
:00403BBD EB23
jmp 00403BE2
|:00403B55(C)
|
:00403BBF 8B57FC
mov edx, dword ptr [edi-04]
:00403BC2 29D0
sub eax, edx
:00403BC4 EB1C
jmp 00403BE2
|:00403B59(C)
|
:00403BC6 8B46FC
mov eax, dword ptr [esi-04]
:00403BC9 29D0
sub eax, edx
:00403BCB EB15
jmp 00403BE2
|:00403B73(C), :00403B80(C)
|
:00403BCD 5A
:00403BCE 38D9
:00403BD0 7510
:00403BD2 38FD
:00403BD4 750C
:00403BD6 C1E910
:00403BD9 C1EB10
:00403BDC 38D9
:00403BDE 7502
:00403BE0 38FD

pop
cmp
jne
cmp
jne
shr
shr
cmp
jne
cmp
edx
cl, bl
00403BE2
ch, bh
00403BE2
ecx, 10
ebx, 10
cl, bl
00403BE2
ch, bh

|:00403B4D(C), :00403B9F(C), :00403BA6(C), :00403BB9(C), :00403BBD(U)
|:00403BC4(U), :00403BCB(U), :00403BD0(C), :00403BD4(C), :00403BDE(C)
|
:00403BE2 5F
pop edi
:00403BE3 5E
pop esi
:00403BE4 5B
pop ebx
:00403BE5 C3
ret
:00403BE6 8BC0
mov eax, eax

|:0041AD0D , :0042C3B9 , :00430944
|
:00403BE8 85C0
test eax, eax
:00403BEA 7409
je 00403BF5
:00403BEC 8B50F8
mov edx, dword ptr [eax-08]
:00403BEF 42
inc edx
:00403BF0 7E03
jle 00403BF5
:00403BF2 8950F8
mov dword ptr [eax-08], edx

|:00403BEA(C), :00403BF0(C)
|
:00403BF5 C3
ret
:00403BF6 8BC0
mov eax, eax
|:004043FC , :00407552
|:004076CF , :0040778B
|:004090B3 , :004090E8
|:0040EC8C , :00414CA6
|:0041D499 , :0041DAD9
|:004308FB , :00430903
|:00431651 , :00431693
|:0043DDC3 , :0043F0CE
|:00440E26 , :00440EC6
|
:00403BF8 85C0
:00403BFA 7402
:00403BFC C3
:00403BFD 00
Addresses:
, :00407584
, :004079BC
, :004090F0
, :0041AD70
, :00423205
, :00431117
, :00432F9C
, :0043F0D7
,
,
,
,
,
,
,
,
:00407594
:004079DB
:0040C779
:0041D430
:0042A2D5
:0043119B
:0043C702
:0043F1D2
,
,
,
,
,
,
,
,
:004076A8
:0040871E
:0040D8AB
:0041D472
:0042A586
:004311BA
:0043C96B
:0043F20D
test eax, eax

je 00403BFE
ret
BYTE 0

|:00403BFA(C)
|
:00403BFE B8FD3B4000
mov eax, 00403BFD
:00403C03 C3
ret

|:00403C81 , :00409142 , :00409164 , :00409181 , :0040FF82
|:00410E31
|
:00403C04 8B10
:00403C06 85D2
test edx, edx
:00403C08 742B
je 00403C35
:00403C0A 8B4AF8
:00403C0D 49
dec ecx
:00403C0E 7425
je 00403C35
:00403C10 53
push ebx
:00403C11 89C3
mov ebx, eax
:00403C13 8B42FC
:00403C16 E85DFCFFFF
call 00403878
:00403C1B 89C2
mov edx, eax
:00403C1D 8B03
:00403C1F 8913
:00403C21 8B48F8
:00403C24 49
dec ecx
:00403C25 7C03
jl 00403C2A
:00403C27 8948F8
mov dword ptr [eax-08], ecx
|:00403C25(C)
|
:00403C2A 8B48FC
:00403C2D E87AEBFFFF
:00403C32 8B13
:00403C34 5B
call 004027AC
pop ebx

|:00403C08(C), :00403C0E(C)
|
:00403C35 89D0
mov eax, edx
:00403C37 C3
ret

|:004077E8 , :0040782A , :004084EC , :004102B0 , :00410503
|:00410516 , :004206AB , :004206EF
|
:00403C38 53
push ebx
:00403C39 85C0
test eax, eax
:00403C3B 742D
je 00403C6A
:00403C3D 8B58FC
mov ebx, dword ptr [eax-04]
:00403C40 85DB
test ebx, ebx
:00403C42 7426
je 00403C6A
:00403C44 4A
dec edx
:00403C45 7C1B
jl 00403C62
:00403C47 39DA
cmp edx, ebx
:00403C49 7D1F
jge 00403C6A
|:00403C64(U)
|
:00403C4B 29D3
sub ebx, edx
:00403C4D 85C9
test ecx, ecx
:00403C4F 7C19
jl 00403C6A
:00403C51 39D9
cmp ecx, ebx
:00403C53 7F11
jg 00403C66
|:00403C68(U)
|
:00403C55 01C2
:00403C57 8B442408
:00403C5B E83CFCFFFF
:00403C60 EB11

add edx, eax
call 0040389C
jmp 00403C73

|:00403C45(C)
|
:00403C62 31D2
xor edx, edx
:00403C64 EBE5
jmp 00403C4B
|:00403C53(C)
|
:00403C66 89D9
mov ecx, ebx
:00403C68 EBEB
jmp 00403C55
|:00403C3B(C), :00403C42(C), :00403C49(C), :00403C4F(C)
|
:00403C6A 8B442408
:00403C6E E845FBFFFF
call 004037B8

|:00403C60(U)
|
:00403C73 5B
pop ebx
:00403C74 C20400
ret 0004
:00403C77 C3
ret

|:00430925
|
:00403C78 53
push ebx
:00403C79 56
push esi
:00403C7A 57
push edi
:00403C7B 89C3
mov ebx, eax
:00403C7D 89D6
mov esi, edx
:00403C7F 89CF
mov edi, ecx
:00403C81 E87EFFFFFF
call 00403C04
:00403C86 8B13
:00403C88 85D2
test edx, edx
:00403C8A 7430
je 00403CBC
:00403C8C 8B4AFC
:00403C8F 4E
dec esi
:00403C90 7C2A
jl 00403CBC
:00403C92 39CE
cmp esi, ecx
:00403C94 7D26
jge 00403CBC
:00403C96 85FF
test edi, edi
:00403C98 7E22
jle 00403CBC
:00403C9A 29F1
sub ecx, esi
:00403C9C 39CF
cmp edi, ecx
:00403C9E 7E02
jle 00403CA2
:00403CA0 89CF
mov edi, ecx
|:00403C9E(C)
|
:00403CA2 29F9
:00403CA4 01F2
:00403CA6 8D043A
:00403CA9 E8FEEAFFFF
:00403CAE 8B13
:00403CB0 89D8
:00403CB2 8B52FC
:00403CB5 29FA
:00403CB7 E84C000000

sub ecx, edi
add edx, esi
lea eax, dword ptr [edx+edi]
call 004027AC
mov eax, ebx
mov edx, dword ptr [edx-04]
sub edx, edi
call 00403D08

|:00403C8A(C), :00403C90(C), :00403C94(C), :00403C98(C)
|
:00403CBC 5F
pop edi
:00403CBD 5E
pop esi
:00403CBE 5B
pop ebx
:00403CBF C3
ret

|:004104EA , :00436B93
|
:00403CC0 85C0
test eax, eax
:00403CC2 7440
je 00403D04
:00403CC4 85D2
test edx, edx
:00403CC6 7431
je 00403CF9
:00403CC8 53
push ebx
:00403CC9 56
push esi
:00403CCA 57
push edi
:00403CCB 89C6
mov esi, eax
:00403CCD 89D7
mov edi, edx
:00403CCF 8B4FFC
mov ecx, dword ptr [edi-04]
:00403CD2 57
push edi
:00403CD3 8B56FC
:00403CD6 4A
dec edx
:00403CD7 781B
js 00403CF4
:00403CD9 8A06
:00403CDB 46
inc esi
:00403CDC 29D1
sub ecx, edx
:00403CDE 7E14
jle 00403CF4
|:00403CF2(U)
|
:00403CE0 F2
repnz
:00403CE1 AE
scasb
:00403CE2 7510
jne 00403CF4
:00403CE4 89CB
mov ebx, ecx
:00403CE6 56
push esi
:00403CE7 57
push edi
:00403CE8 89D1
mov ecx, edx
:00403CEA F3
repz
:00403CEB A6
cmpsb
:00403CEC 5F
pop edi
:00403CED 5E
pop esi
:00403CEE 740C
je 00403CFC
:00403CF0 89D9
mov ecx, ebx
:00403CF2 EBEC
jmp 00403CE0
|:00403CD7(C), :00403CDE(C), :00403CE2(C)
|
:00403CF4 5A
pop edx
:00403CF5 31C0
xor eax, eax
:00403CF7 EB08
jmp 00403D01
|:00403CC6(C)
|
:00403CF9 31C0
xor eax, eax
:00403CFB C3
ret

|:00403CEE(C)
|
:00403CFC 5A
pop edx
:00403CFD 89F8
:00403CFF 29D0
mov eax, edi

sub eax, edx

|:00403CF7(U)
|
:00403D01 5F
pop edi
:00403D02 5E
pop esi
:00403D03 5B
pop ebx
|:00403CC2(C)
|
:00403D04 C3
ret
:00403D05 8D4000
|:00403A5D , :00403A74 , :00403CB7 , :00408096 , :004080C3
|:00409132 , :0042B8AD
|
:00403D08 53
push ebx
:00403D09 56
push esi
:00403D0A 57
push edi
:00403D0B 89C3
mov ebx, eax
:00403D0D 89D6
mov esi, edx
:00403D0F 31FF
xor edi, edi
:00403D11 85D2
test edx, edx
:00403D13 7448
je 00403D5D
:00403D15 8B03
:00403D17 85C0
test eax, eax
:00403D19 7423
je 00403D3E
:00403D1B 8378F801
cmp dword ptr [eax-08], 00000001
:00403D1F 751D
jne 00403D3E
:00403D21 83E808
sub eax, 00000008
:00403D24 83C209
add edx, 00000009
:00403D27 50
push eax
:00403D28 89E0
mov eax, esp
:00403D2A E895E9FFFF
call 004026C4
:00403D2F 58
pop eax
:00403D30 83C008
add eax, 00000008
:00403D33 8903
:00403D35 8970FC
mov dword ptr [eax-04], esi
:00403D38 C6043000
mov byte ptr [eax+esi], 00
:00403D3C EB28
jmp 00403D66
|:00403D19(C), :00403D1F(C)
|
:00403D3E 89D0
:00403D40 E833FBFFFF
:00403D45 89C7
:00403D47 8B03
:00403D49 85C0
:00403D4B 7410
:00403D4D 89FA
:00403D4F 8B48FC
:00403D52 39F1
:00403D54 7C02
:00403D56 89F1

mov eax, edx
call 00403878
mov edi, eax
test eax, eax
je 00403D5D
mov edx, edi
cmp ecx, esi
jl 00403D58
mov ecx, esi

|:00403D54(C)
|
:00403D58 E84FEAFFFF
call 004027AC
|:00403D13(C), :00403D4B(C)
|
:00403D5D 89D8
:00403D5F E854FAFFFF
:00403D64 893B

mov eax, ebx
call 004037B8

|:00403D3C(U)
|
:00403D66 5F
pop edi
:00403D67 5E
pop esi
:00403D68 5B
pop ebx
:00403D69 C3
ret
:00403D6A 8BC0
mov eax, eax

|:00403DDD(C), :00403E7A(C), :00403EB6(C), :00404814(C)
|
:00403D6C B001
mov al, 01
:00403D6E E9ADE9FFFF
jmp 00402720
:00403D73 C3
ret

|:00403EF8
|
:00403D74 8B08
:00403D76 8910
:00403D78 85C9
test ecx, ecx
:00403D7A 7406
je 00403D82
:00403D7C 51
push ecx
|
:00403D7D E856D5FFFF
Call 004012D8
|:00403D7A(C)
|
:00403D82 C3
ret
:00403D83 90
nop
|:00403DFA , :00404064 , :0040AD52
|
, :0041077E

|:00403DC2(C), :00403DCD(C), :00403E6A(C)
|
:00403D84 8B10
:00403D86 85D2
test edx, edx
:00403D88
:00403D8A
:00403D90
:00403D91
740E
C70000000000
50
52
je 00403D98
push eax
push edx

|
:00403D92 E841D5FFFF
Call 004012D8
:00403D97 58
pop eax
|:00403D88(C)
|
:00403D98 C3
ret
:00403D99 8D4000
|:0040406D
|
:00403D9C 53
push ebx
:00403D9D 56
push esi
:00403D9E 89C3
mov ebx, eax
:00403DA0 89D6
mov esi, edx
|:00403DB8(C)
|
:00403DA2 8B03
:00403DA4 85C0
:00403DA6 740C
:00403DA8 C70300000000
:00403DAE 50

test eax, eax
je 00403DB4
push eax

|
:00403DAF E824D5FFFF
Call 004012D8
|:00403DA6(C)
|
:00403DB4 83C304
add ebx, 00000004
:00403DB7 4E
dec esi
:00403DB8 75E8
jne 00403DA2
:00403DBA 5E
pop esi
:00403DBB 5B
pop ebx
:00403DBC C3
ret
:00403DBD 8D4000

|:00404169 , :00404265 , :0040ACC6
|
:00403DC0 85D2
test edx, edx
:00403DC2 0F84BCFFFFFF
je 00403D84
:00403DC8 8B4AFC
:00403DCB D1E9
shr ecx, 1
:00403DCD 0F84B1FFFFFF
je 00403D84
:00403DD3 51
push ecx
:00403DD4 52
push edx
:00403DD5 50
push eax
* Reference To: oleaut32.SysReAllocStringLen, Ord:0000h

|
:00403DD6 E8F5D4FFFF
Call 004012D0
:00403DDB 85C0
test eax, eax
:00403DDD 0F8489FFFFFF
je 00403D6C
:00403DE3 C3
ret
|:00403E95(U)
|
:00403DE4 53
:00403DE5 56
:00403DE6 57
:00403DE7 55
:00403DE8 81C400F8FFFF
:00403DEE 8BD9
:00403DF0 8BEA
:00403DF2 8BF8
:00403DF4 85DB
:00403DF6 7F09
:00403DF8 8BC7
:00403DFA E885FFFFFF
:00403DFF EB5B
|:00403DF6(C)
|
:00403E01 81FB00040000
:00403E07 7D28
:00403E09 6800040000
:00403E0E 8D442404
:00403E12 50
:00403E13 53
:00403E14 55
:00403E15 6A00
:00403E17 6A00
push ebx
push esi
push edi
push ebp
add esp, FFFFF800
mov ebx, ecx
mov ebp, edx
mov edi, eax
test ebx, ebx
jg 00403E01
mov eax, edi
call 00403D84
jmp 00403E5C
cmp ebx, 00000400

jge 00403E31
push 00000400
lea eax, dword ptr [esp+04]
push eax
push ebx
push ebp
push 00000000
push 00000000

|
:00403E19 E87AD4FFFF
Call 00401298
:00403E1E 8BF0
mov esi, eax
:00403E20 85F6
test esi, esi
:00403E22 7E0D
jle 00403E31
:00403E24 8BD4
mov edx, esp
:00403E26 8BC7
mov eax, edi
:00403E28 8BCE
mov ecx, esi
:00403E2A E839000000
call 00403E68
:00403E2F EB2B
jmp 00403E5C
|:00403E07(C), :00403E22(C)
|
:00403E31 6A00
:00403E33 6A00
:00403E35 53
:00403E36 55

push
push
push
push
00000000
00000000
ebx
ebp
:00403E37 6A00
:00403E39 6A00
push 00000000
push 00000000

|
:00403E3B E858D4FFFF
Call 00401298
:00403E40 8BF0
mov esi, eax
:00403E42 8BC7
mov eax, edi
:00403E44 8BCE
mov ecx, esi
:00403E46 33D2
xor edx, edx
:00403E48 E81B000000
call 00403E68
:00403E4D 56
push esi
:00403E4E 8B07
:00403E50 50
push eax
:00403E51 53
push ebx
:00403E52 55
push ebp
:00403E53 6A00
push 00000000
:00403E55 6A00
push 00000000
|
:00403E57 E83CD4FFFF
Call 00401298
|:00403DFF(U), :00403E2F(U)
|
:00403E5C 81C400080000
:00403E62 5D
:00403E63 5F
:00403E64 5E
:00403E65 5B
:00403E66 C3
:00403E67 90
nop
add
pop
pop
pop
pop
ret
esp, 00000800
ebp
edi
esi
ebx

|:00403E2A , :00403E48
|
:00403E68 85C9
test ecx, ecx
:00403E6A 0F8414FFFFFF
je 00403D84
:00403E70 50
push eax
:00403E71 51
push ecx
:00403E72 52
push edx
|
:00403E73 E850D4FFFF
Call 004012C8
:00403E78 85C0
test eax, eax
:00403E7A 0F84ECFEFFFF
je 00403D6C
:00403E80 5A
pop edx
:00403E81 FF32
push dword ptr [edx]
:00403E83 8902
|
:00403E85 E84ED4FFFF
Call 004012D8
:00403E8A C3
ret
:00403E8B 90
nop

|:0040AD31
|
:00403E8C 31C9
xor ecx, ecx
:00403E8E 85D2
test edx, edx
:00403E90 7403
je 00403E95
:00403E92 8B4AFC
|:00403E90(C)
|
:00403E95 E94AFFFFFF
jmp 00403DE4
:00403E9A C3
ret
:00403E9B 90
nop

|:00403ED8
|
:00403E9C 85C0
test eax, eax
:00403E9E 7405
je 00403EA5
:00403EA0 8B40FC
:00403EA3 D1E8
shr eax, 1
|:00403E9E(C)
|
:00403EA5 C3
ret
:00403EA6 8BC0
mov eax, eax
|:00403ECF
|
:00403EA8 85C0
test eax, eax
:00403EAA 7410
je 00403EBC
:00403EAC 50
push eax
:00403EAD 6A00
push 00000000
|
:00403EAF E814D4FFFF
Call 004012C8
:00403EB4 85C0
test eax, eax
:00403EB6 0F84B0FEFFFF
je 00403D6C
|:00403EAA(C)
|
:00403EBC C3
ret
:00403EBD 8D4000
|:00410ED7
|
:00403EC0 53
push ebx
:00403EC1 56
push esi
:00403EC2 57
push edi
:00403EC3 8BF2
mov esi, edx
:00403EC5
:00403EC7
:00403EC9
:00403ECB
:00403ECD
:00403ECF
:00403ED4
:00403ED6
:00403ED8
:00403EDD
:00403EDF
:00403EE1
:00403EE3
:00403EE5
8BF8
33DB
85F6
7E27
8BC6
E8D4FFFFFF
8BD8
8B07
E8BFFFFFFF
85C0
7E13
3BF0
7D02
8BC6
mov edi, eax

xor ebx, ebx
test esi, esi
jle 00403EF4
mov eax, esi
call 00403EA8
mov ebx, eax
call 00403E9C
test eax, eax
jle 00403EF4
cmp esi, eax
jge 00403EE7
mov eax, esi
|:00403EE3(C)
|
:00403EE7 8BC8
:00403EE9 03C9
:00403EEB 8BD3
:00403EED 8B07
:00403EEF E8B8E8FFFF
|:00403ECB(C), :00403EDF(C)
|
:00403EF4 8BC7
:00403EF6 8BD3
:00403EF8 E877FEFFFF
:00403EFD 5F
:00403EFE 5E
:00403EFF 5B
:00403F00 C3
:00403F01 8D4000
mov ecx, eax

add ecx, ecx
mov edx, ebx
call 004027AC
mov eax, edi

mov edx, ebx
call 00403D74
pop edi
pop esi
pop ebx
ret

|:00403FB5 , :0043FA5D
|
:00403F04 31C9
xor ecx, ecx
:00403F06 53
push ebx
:00403F07 8A4A01
mov cl, byte ptr [edx+01]
:00403F0A 56
push esi
:00403F0B 57
push edi
:00403F0C 89C3
mov ebx, eax
:00403F0E 8D740A0A
lea esi, dword ptr [edx+ecx+0A]
:00403F12 8B7C0A06
mov edi, dword ptr [edx+ecx+06]
|:00403F28(C)
|
:00403F16 8B16
:00403F18 8B4604
:00403F1B 01D8
:00403F1D 8B12
:00403F1F E8A0000000
:00403F24 83C608
:00403F27 4F

add eax, ebx
call 00403FC4
add esi, 00000008
dec edi
:00403F28
:00403F2A
:00403F2B
:00403F2C
:00403F2D
7FEC
5F
5E
5B
C3
:00403F2E 8BC0
jg 00403F16
pop edi
pop esi
pop ebx
ret
mov eax, eax

|:00403F9F
|
|:00403FC9(U)
|
:00403F30 53
:00403F31 56
:00403F32 57
:00403F33 89C3
:00403F35 89D6
:00403F37 89CF
:00403F39 31D2
:00403F3B 8A06
:00403F3D 8A5601
:00403F40 31C9
:00403F42 80F80A
:00403F45 7428
:00403F47 80F80B
:00403F4A 7423
:00403F4C 80F80C
:00403F4F 7428
:00403F51 80F80D
:00403F54 7436
:00403F56 80F80E
:00403F59 744F
:00403F5B 80F80F
:00403F5E 740F
:00403F60 80F811
:00403F63 740A
:00403F65 B002
:00403F67 5F
:00403F68 5E
:00403F69 5B
:00403F6A E9B1E7FFFF

push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
mov dl, byte ptr [esi+01]
xor ecx, ecx
cmp al, 0A
je 00403F6F
cmp al, 0B
je 00403F6F
cmp al, 0C
je 00403F79
cmp al, 0D
je 00403F8C
cmp al, 0E
je 00403FAA
cmp al, 0F
je 00403F6F
cmp al, 11
je 00403F6F
mov al, 02
pop edi
pop esi
pop ebx
jmp 00402720

|:00403F45(C), :00403F4A(C), :00403F5E(C), :00403F63(C), :00403F75(C)
|
:00403F6F 890B
:00403F71 83C304
add ebx, 00000004
:00403F74 4F
dec edi
:00403F75 7FF8
jg 00403F6F
:00403F77 EB45
jmp 00403FBE
|:00403F4F(C), :00403F88(C)
|
:00403F79 890B
:00403F7B 894B04
mov dword ptr [ebx+04], ecx
:00403F7E
:00403F81
:00403F84
:00403F87
:00403F88
:00403F8A
894B08
894B0C
83C310
4F
7FEF
EB32

mov dword ptr [ebx+0C], ecx
add ebx, 00000010
dec edi
jg 00403F79
jmp 00403FBE

|:00403F54(C)
|
:00403F8C 55
push ebp
:00403F8D 89D5
mov ebp, edx
|:00403FA5(C)
|
:00403F8F 8B542E0A
:00403F93 89D8
:00403F95 035C2E02
:00403F99 8B4C2E06
:00403F9D 8B12
:00403F9F E88CFFFFFF
:00403FA4 4F
:00403FA5 7FE8
:00403FA7 5D
:00403FA8 EB14

mov edx, dword
mov eax, ebx
add ebx, dword
mov ecx, dword
mov edx, dword
call 00403F30
dec edi
jg 00403F8F
pop ebp
jmp 00403FBE
ptr [esi+ebp+0A]
ptr [esi+ebp+02]
ptr [esi+ebp+06]
ptr [edx]

|:00403F59(C)
|
:00403FAA 55
push ebp
:00403FAB 89D5
mov ebp, edx
|:00403FBB(C)
|
:00403FAD 89D8
:00403FAF 035C2E02
:00403FB3 89F2
:00403FB5 E84AFFFFFF
:00403FBA 4F
:00403FBB 7FF0
:00403FBD 5D

mov eax, ebx
add ebx, dword ptr [esi+ebp+02]
mov edx, esi
call 00403F04
dec edi
jg 00403FAD
pop ebp

|:00403F77(U), :00403F8A(U), :00403FA8(U)
|
:00403FBE 5F
pop edi
:00403FBF 5E
pop esi
:00403FC0 5B
pop ebx
:00403FC1 C3
ret
:00403FC2 8BC0
mov eax, eax

|:00403F1F , :00404304
|
:00403FC4 B901000000
mov ecx, 00000001
:00403FC9 E962FFFFFF
jmp 00403F30
:00403FCE C3
ret
:00403FCF 90
nop

|:00402BDA , :004040AC , :0043FDB1
|
:00403FD0 31C9
xor ecx, ecx
:00403FD2 53
push ebx
:00403FD3 8A4A01
:00403FD6 56
push esi
:00403FD7 57
push edi
:00403FD8 89C3
mov ebx, eax
:00403FDA 8D740A0A
lea esi, dword ptr [edx+ecx+0A]
:00403FDE 8B7C0A06
mov edi, dword ptr [edx+ecx+06]
|:00403FF4(C)
|
:00403FE2 8B16
:00403FE4 8B4604
:00403FE7 01D8
:00403FE9 8B12
:00403FEB E8EC000000
:00403FF0 83C608
:00403FF3 4F
:00403FF4 7FEC
:00403FF6 89D8
:00403FF8 5F
:00403FF9 5E
:00403FFA 5B
:00403FFB C3
* Referenced
|:00404096
|:0040A574
|:0040AEEB
|:0042D5B8
|
by a CALL at
, :00404A42
, :0040A589
, :0040DFC5
, :00433FA9

add eax, ebx
call 004040DC
add esi, 00000008
dec edi
jg 00403FE2
mov eax, ebx
pop edi
pop esi
pop ebx
ret
Addresses:
, :0040A52B
, :0040A59E
, :0040E0D4
, :004414DF
|:004040E1(U), :00404870(U)
|
:00403FFC 50
:00403FFD 53
:00403FFE 56
:00403FFF 57
:00404000 89C3
:00404002 89D6
:00404004 89CF
:00404006 31D2
:00404008 8A06
:0040400A 8A5601
:0040400D 80F80A
:00404010 7431
:00404012 80F80B
:00404015 7446
, :0040A540
, :0040A5B3
, :0041AAD9
, :0040A555
, :0040A5C8
, :0041AAEE

push eax
push ebx
push esi
push edi
mov ebx, eax
mov esi, edx
mov edi, ecx
xor edx, edx
cmp al, 0A
je 00404043
cmp al, 0B
je 0040405D
:00404017
:0040401A
:0040401C
:0040401F
:00404021
:00404024
:00404026
:00404029
:0040402F
:00404032
:00404038
:00404039
:0040403A
:0040403B
:0040403C
:0040403E
80F80C
7458
80F80D
7462
80F80E
747B
80F80F
0F8488000000
80F811
0F848E000000
5F
5E
5B
58
B002
E9DDE6FFFF
cmp al, 0C
je 00404074
cmp al, 0D
je 00404083
cmp al, 0E
je 004040A1
cmp al, 0F
je 004040B7
cmp al, 11
je 004040C6
pop edi
pop esi
pop ebx
pop eax
mov al, 02
jmp 00402720
|:00404010(C)
|
:00404043 83F901
:00404046 89D8
:00404048 7F0A
:0040404A E869F7FFFF
:0040404F E981000000
|:00404048(C)
|
:00404054 89CA
:00404056 E881F7FFFF
:0040405B EB78
|:00404015(C)
|
:0040405D 83F901
:00404060 89D8
:00404062 7F07
:00404064 E81BFDFFFF
:00404069 EB6A
|:00404062(C)
|
:0040406B 89CA
:00404072 EB61
|:0040401A(C), :0040407F(C)
|
:00404074 89D8
:00404076 83C310
:00404079 E8A6070000
:0040407E 4F
:0040407F 7FF3
:00404081 EB52
cmp ecx, 00000001

mov eax, ebx
jg 00404054
call 004037B8
jmp 004040D5
mov edx, ecx

call 004037DC
jmp 004040D5
cmp ecx, 00000001

mov eax, ebx
jg 0040406B
call 00403D84
jmp 004040D5
mov edx, ecx

call 00403D9C
jmp 004040D5
mov eax, ebx

add ebx, 00000010
call 00404824
dec edi
jg 00404074
jmp 004040D5
|:0040401F(C)
|
:00404083 55
:00404084 89D5
|:0040409C(C)
|
:00404086 8B542E0A
:0040408A 89D8
:0040408C 035C2E02
:00404090 8B4C2E06
:00404094 8B12
:00404096 E861FFFFFF
:0040409B 4F
:0040409C 7FE8
:0040409E 5D
:0040409F EB34
push ebp
mov ebp, edx
mov edx, dword
mov eax, ebx
add ebx, dword
mov ecx, dword
mov edx, dword
call 00403FFC
dec edi
jg 00404086
pop ebp
jmp 004040D5
ptr [esi+ebp+0A]
ptr [esi+ebp+02]
ptr [esi+ebp+06]
ptr [edx]

|:00404024(C)
|
:004040A1 55
push ebp
:004040A2 89D5
mov ebp, edx
|:004040B2(C)
|
:004040A4 89D8
:004040A6 035C2E02
:004040AA 89F2
:004040AC E81FFFFFFF
:004040B1 4F
:004040B2 7FF0
:004040B4 5D
:004040B5 EB1E
|:00404029(C), :004040C2(C)
|
:004040B7 89D8
:004040B9 83C304
:004040BC E8BB0D0000
:004040C1 4F
:004040C2 7FF3
:004040C4 EB0F
|:00404032(C), :004040D3(C)
|
:004040C6 89D8
:004040C8 89F2
:004040CA 83C304
:004040CD E846090000
:004040D2 4F
:004040D3 7FF1
mov eax, ebx

add ebx, dword ptr [esi+ebp+02]
mov edx, esi
call 00403FD0
dec edi
jg 004040A4
pop ebp
jmp 004040D5
mov eax, ebx

add ebx, 00000004
call 00404E7C
dec edi
jg 004040B7
jmp 004040D5
mov eax, ebx

mov edx, esi
add ebx, 00000004
call 00404A18
dec edi
jg 004040C6

|:0040404F(U), :0040405B(U), :00404069(U), :00404072(U), :00404081(U)
|:0040409F(U), :004040B5(U), :004040C4(U)
|
:004040D5
:004040D6
:004040D7
:004040D8
:004040D9
5F
5E
5B
58
C3
:004040DA 8BC0
pop
pop
pop
pop
ret
edi
esi
ebx
eax
mov eax, eax

|:00403FEB , :0040430D , :0040E13E
|
:004040DC B901000000
mov ecx, 00000001
jmp 00403FFC
:004040E6 C3
ret
:004040E7 90
nop

|:004041B7 , :004042B0
|
:004040E8 53
push ebx
:004040E9 56
push esi
:004040EA 57
push edi
:004040EB 55
push ebp
:004040EC 89C3
mov ebx, eax
:004040EE 89D6
mov esi, edx
:004040F0 31C0
xor eax, eax
:004040F2 8A4101
mov al, byte ptr [ecx+01]
:004040F5 8D7C010A
lea edi, dword ptr [ecx+eax+0A]
:004040F9 8B6FFC
mov ebp, dword ptr [edi-04]
:004040FC 31C0
xor eax, eax
:004040FE 8B4FF8
mov ecx, dword ptr [edi-08]
:00404101 51
push ecx
|:004041E8(C)
|
:00404102 8B4F04
:00404105 29C1
:00404107 7E0B
:00404109 89C2
:0040410B 01F0
:0040410D 01DA
:0040410F E898E6FFFF

mov ecx, dword ptr [edi+04]
sub ecx, eax
jle 00404114
mov edx, eax
add eax, esi
add edx, ebx
call 004027AC

|:00404107(C)
|
:00404114 8B4704
:00404117 8B17
:00404119 8B12
:0040411B 8A0A
mov cl, byte ptr [edx]
:0040411D 80F90A
cmp cl, 0A
:00404120 7431
je 00404153
:00404122 80F90B
cmp cl, 0B
:00404125 743D
je 00404164
:00404127 80F90C
cmp cl, 0C
:0040412A
:0040412C
:0040412F
:00404131
:00404134
:00404136
:00404139
:0040413F
:00404142
:00404148
:0040414A
:0040414B
:0040414C
:0040414D
:0040414E
7449
80F90D
7455
80F90E
7470
80F90F
0F8480000000
80F911
0F8488000000
B002
5D
5F
5E
5B
E9CDE5FFFF
je 00404175
cmp cl, 0D
je 00404186
cmp cl, 0E
je 004041A6
cmp cl, 0F
je 004041BF
cmp cl, 11
je 004041D0
mov al, 02
pop ebp
pop edi
pop esi
pop ebx
jmp 00402720
|:00404120(C)
|
:00404153 8B1406
:00404156 01D8
:00404158 E8AFF6FFFF
:0040415D B804000000
:00404162 EB7D
|:00404125(C)
|
:00404164 8B1406
:00404167 01D8
:00404169 E852FCFFFF
:0040416E B804000000
:00404173 EB6C
|:0040412A(C)
|
:00404175 8D1406
:00404178 01D8
:0040417A E825030000
:0040417F B810000000
:00404184 EB5B
|:0040412F(C)
|
:00404186 31C9
:00404188 8A4A01
:0040418B FF740A02
:0040418F FF740A06
:00404193 8B4C0A0A
:00404197 8B09
:00404199 8D1406
:0040419C 01D8
:0040419E E861000000
:004041A3 58
:004041A4 EB3B
mov edx, dword ptr [esi+eax]

add eax, ebx
call 0040380C
mov eax, 00000004
jmp 004041E1

add eax, ebx
call 00403DC0
mov eax, 00000004
jmp 004041E1
lea edx, dword ptr [esi+eax]

add eax, ebx
call 004044A4
mov eax, 00000010
jmp 004041E1
xor ecx, ecx

push [edx+ecx+02]
push [edx+ecx+06]
mov ecx, dword ptr [edx+ecx+0A]
add eax, ebx
call 00404204
pop eax
jmp 004041E1

|:00404134(C)
|
:004041A6
:004041A8
:004041AB
:004041AF
:004041B0
:004041B2
:004041B5
:004041B7
:004041BC
:004041BD
31C9
8A4A01
8B4C0A02
51
89D1
8D1406
01D8
E82CFFFFFF
58
EB22
xor ecx, ecx

mov ecx, dword ptr [edx+ecx+02]
push ecx
mov ecx, edx
add eax, ebx
call 004040E8
pop eax
jmp 004041E1
|:00404139(C)
|
:004041BF 8B1406
:004041C2 01D8
:004041C4 E8CB0C0000
:004041C9 B804000000
:004041CE EB11
|:00404142(C)
|
:004041D0 89D1
:004041D2 8B1406
:004041D5 01D8
:004041D7 E878080000
:004041DC B804000000

add eax, ebx
call 00404E94
mov eax, 00000004
jmp 004041E1
mov ecx, edx

add eax, ebx
call 00404A54
mov eax, 00000004

|:00404162(U), :00404173(U), :00404184(U), :004041A4(U), :004041BD(U)
|:004041CE(U)
|
:004041E1 034704
:004041E4 83C708
add edi, 00000008
:004041E7 4D
dec ebp
:004041E8 0F8514FFFFFF
jne 00404102
:004041EE 59
pop ecx
:004041EF 29C1
sub ecx, eax
:004041F1 7E0A
jle 004041FD
:004041F3 8D1403
lea edx, dword ptr [ebx+eax]
:004041F6 01F0
add eax, esi
:004041F8 E8AFE5FFFF
call 004027AC
|:004041F1(C)
|
:004041FD 5D
pop ebp
:004041FE 5F
pop edi
:004041FF 5E
pop esi
:00404200 5B
pop ebx
:00404201 C3
ret
:00404202 8BC0
mov eax, eax

|:0040419E , :0040429C , :00404866
|
:00404204
:00404205
:00404206
:00404207
:00404208
:0040420A
:0040420C
:0040420E
:00404212
:00404214
:00404217
:00404219
:0040421C
:0040421E
:00404221
:00404223
:00404226
:00404228
:0040422B
:0040422D
:00404230
:00404236
:00404239
:0040423F
:00404241
:00404242
:00404243
:00404244
:00404245
53
56
57
55
89C3
89D6
89CF
8B6C2414
8A0F
80F90A
7431
80F90B
7443
80F90C
7452
80F90D
7461
80F90E
747D
80F90F
0F8491000000
80F911
0F849C000000
B002
5D
5F
5E
5B
E9D6E4FFFF
push ebx
push esi
push edi
push ebp
mov ebx, eax
mov esi, edx
mov edi, ecx
mov ebp, dword ptr [esp+14]
mov cl, byte ptr [edi]
cmp cl, 0A
je 0040424A
cmp cl, 0B
je 00404261
cmp cl, 0C
je 00404275
cmp cl, 0D
je 00404289
cmp cl, 0E
je 004042AA
cmp cl, 0F
je 004042C7
cmp cl, 11
je 004042DB
mov al, 02
pop ebp
pop edi
pop esi
pop ebx
jmp 00402720
|:00404217(C), :0040425A(C)
|
:0040424A 89D8
:0040424C 8B16
:0040424E E8B9F5FFFF
:00404253 83C304
:00404256 83C604
:00404259 4D
:0040425A 75EE
:0040425C E98E000000
|:0040421C(C), :00404271(C)
|
:00404261 89D8
:00404263 8B16
:00404265 E856FBFFFF
:0040426A 83C304
:0040426D 83C604
:00404270 4D
:00404271 75EE
:00404273 EB7A
|:00404221(C), :00404285(C)
|
:00404275 89D8
:00404277 89F2
:00404279 E826020000
mov eax, ebx

call 0040380C
add ebx, 00000004
add esi, 00000004
dec ebp
jne 0040424A
jmp 004042EF
mov eax, ebx

call 00403DC0
add ebx, 00000004
add esi, 00000004
dec ebp
jne 00404261
jmp 004042EF
mov eax, ebx

mov edx, esi
call 004044A4
:0040427E
:00404281
:00404284
:00404285
:00404287
83C310
83C610
4D
75EE
EB66
add
add
dec
jne
jmp
ebx, 00000010
esi, 00000010
ebp
00404275
004042EF
|:00404226(C)
|
:00404289 31C9
:0040428B 8A4F01
:0040428E 8D7C0F02
|:004042A6(C)
|
:00404292 89D8
:00404294 89F2
:00404296 8B4F08
:00404299 FF7704
:0040429C E863FFFFFF
:004042A1 031F
:004042A3 0337
:004042A5 4D
:004042A6 75EA
:004042A8 EB45
|:0040422B(C), :004042C3(C)
|
:004042AA 89D8
:004042AC 89F2
:004042AE 89F9
:004042B0 E833FEFFFF
:004042B5 31C0
:004042B7 8A4701
:004042BA 035C0702
:004042BE 03740702
:004042C2 4D
:004042C3 75E5
:004042C5 EB28
|:00404230(C), :004042D7(C)
|
:004042C7 89D8
:004042C9 8B16
:004042CB E8C40B0000
:004042D0 83C304
:004042D3 83C604
:004042D6 4D
:004042D7 75EE
:004042D9 EB14
|:00404239(C), :004042ED(C)
|
:004042DB 89D8
:004042DD 8B16
:004042DF 89F9
xor ecx, ecx

mov cl, byte ptr [edi+01]
lea edi, dword ptr [edi+ecx+02]
mov eax, ebx

mov edx, esi
push [edi+04]
call 00404204
add ebx, dword ptr [edi]
add esi, dword ptr [edi]
dec ebp
jne 00404292
jmp 004042EF
mov eax, ebx

mov edx, esi
mov ecx, edi
call 004040E8
xor eax, eax
mov al, byte ptr [edi+01]
add ebx, dword ptr [edi+eax+02]
add esi, dword ptr [edi+eax+02]
dec ebp
jne 004042AA
jmp 004042EF
mov eax, ebx

call 00404E94
add ebx, 00000004
add esi, 00000004
dec ebp
jne 004042C7
jmp 004042EF
mov eax, ebx

mov ecx, edi
:004042E1
:004042E6
:004042E9
:004042EC
:004042ED
E86E070000
83C304
83C604
4D
75EC
call 00404A54
add ebx, 00000004
add esi, 00000004
dec ebp
jne 004042DB

|:0040425C(U), :00404273(U), :00404287(U), :004042A8(U), :004042C5(U)
|:004042D9(U)
|
:004042EF 5D
pop ebp
:004042F0 5F
pop edi
:004042F1 5E
pop esi
:004042F2 5B
pop ebx
:004042F3 C20400
ret 0004
:004042F6 C3
ret
:004042F7 90
nop

|:00416967
|
:004042F8 52
push edx
:004042F9 E896E3FFFF
call 00402694
:004042FE 5A
pop edx
:004042FF 85C0
test eax, eax
:00404301 7407
je 0040430A
:00404303 50
push eax
:00404304 E8BBFCFFFF
call 00403FC4
:00404309 58
pop eax
|:00404301(C)
|
:0040430A C3
ret
:0040430B 90
nop
|:00416913
|
:0040430C 50
push eax
:0040430D E8CAFDFFFF
call 004040DC
:00404312 58
pop eax
:00404313 E894E3FFFF
call 004026AC
:00404318 C3
ret
:00404319 8D4000

|:004043C2
|
:0040431C 53
push ebx
:0040431D 56
push esi
:0040431E 57
push edi
:0040431F 55
push ebp
:00404320 81C400F8FFFF
add esp, FFFFF800
:00404326
:00404328
:0040432A
:0040432C
:0040432E
:00404330
:00404332
:00404337
8BF1
8BDA
8BF8
85DB
7509
8BC6
E881F4FFFF
EB61
|:0040432E(C)
|
:00404339 81FB00040000
:0040433F 7D26
:00404341 6A00
:00404343 6A00
:00404345 6800080000
:0040434A 8D44240C
:0040434E 50
:0040434F 53
:00404350 57
:00404351 6A00
:00404353 6A00
mov esi, ecx

mov ebx, edx
mov edi, eax
test ebx, ebx
jne 00404339
mov eax, esi
call 004037B8
jmp 0040439A
cmp ebx, 00000400
jge 00404367
push 00000000
push 00000000
push 00000800
push eax
push ebx
push edi
push 00000000
push 00000000

|
:00404355 E85ECFFFFF
Call 004012B8
:0040435A 8BC8
mov ecx, eax
:0040435C 8BD4
mov edx, esp
:0040435E 8BC6
mov eax, esi
:00404360 E837F5FFFF
call 0040389C
:00404365 EB33
jmp 0040439A
|:0040433F(C)
|
:00404367 6A00
push 00000000
:00404369 6A00
push 00000000
:0040436B 6A00
push 00000000
:0040436D 6A00
push 00000000
:0040436F 53
push ebx
:00404370 57
push edi
:00404371 6A00
push 00000000
:00404373 6A00
push 00000000
|
Call 004012B8
:0040437A 8BE8
mov ebp, eax
:0040437C 8BC6
mov eax, esi
:0040437E 8BCD
mov ecx, ebp
:00404380 33D2
xor edx, edx
:00404382 E815F5FFFF
call 0040389C
:00404387 6A00
push 00000000
:00404389 6A00
push 00000000
:0040438B 55
push ebp
:0040438C 8B06
:0040438E 50
push eax
:0040438F 53
push ebx
:00404390 57
push edi
:00404391 6A00
:00404393 6A00
push 00000000
push 00000000

|
Call 004012B8
|:00404337(U), :00404365(U)
|
:0040439A 81C400080000
:004043A0 5D
:004043A1 5F
:004043A2 5E
:004043A3 5B
:004043A4 C3
:004043A5 8D4000
add
pop
pop
pop
pop
ret
esp, 00000800
ebp
edi
esi
ebx

|:00404642
|
:004043A8 53
push ebx
:004043A9 56
push esi
:004043AA 6A00
push 00000000
:004043AC 8BF2
mov esi, edx
:004043AE 8BD8
mov ebx, eax
:004043B0 891C24
mov dword ptr [esp], ebx
:004043B3 8B0424
:004043B6 50
push eax
* Reference To: oleaut32.SysStringLen, Ord:0000h
|
:004043B7 E824CFFFFF
Call 004012E0
:004043BC 8BD0
mov edx, eax
:004043BE 8BCE
mov ecx, esi
:004043C0 8BC3
mov eax, ebx
call 0040431C
:004043C7 5A
pop edx
:004043C8 5E
pop esi
:004043C9 5B
pop ebx
:004043CA C3
ret
:004043CB 90
nop

|:00404667
|
:004043CC 53
push ebx
:004043CD 56
push esi
:004043CE 57
push edi
:004043CF 55
push ebp
:004043D0 81C400F8FFFF
add esp, FFFFF800
:004043D6 8BD8
mov ebx, eax
:004043D8 8BC3
mov eax, ebx
:004043DA E855F6FFFF
call 00403A34
:004043DF 8BF0
mov esi, eax
:004043E1 8BC3
mov eax, ebx
:004043E3
:004043E8
:004043ED
:004043EF
:004043F4
:004043F8
:004043F9
:004043FA
:004043FC
:00404401
:00404402
:00404404
E84CF6FFFF
3D00040000
7D2B
6800040000
8D442404
50
56
8BC3
E8F7F7FFFF
50
6A00
6A00
call 00403A34
cmp eax, 00000400
jge 0040441A
push 00000400
push eax
push esi
mov eax, ebx
call 00403BF8
push eax
push 00000000
push 00000000

|
:00404406 E88DCEFFFF
Call 00401298
:0040440B 50
push eax
:0040440C 8D442404
:00404410 50
push eax
|
:00404411 E8B2CEFFFF
Call 004012C8
:00404416 8BF8
mov edi, eax
:00404418 EB28
jmp 00404442
|:004043ED(C)
|
:0040441A 6A00
push 00000000
:0040441C 6A00
push 00000000
:0040441E 56
push esi
:0040441F 53
push ebx
:00404420 6A00
push 00000000
:00404422 6A00
push 00000000
|
:00404424 E86FCEFFFF
Call 00401298
:00404429 8BE8
mov ebp, eax
:0040442B 55
push ebp
:0040442C 6A00
push 00000000
|
:0040442E E895CEFFFF
Call 004012C8
:00404433 8BF8
mov edi, eax
:00404435 55
push ebp
:00404436 57
push edi
:00404437 56
push esi
:00404438 53
push ebx
:00404439 6A00
push 00000000
:0040443B 6A00
push 00000000
|
:0040443D E856CEFFFF
Call 00401298
|:00404418(U)
|
:00404442
:00404444
:0040444A
:0040444B
:0040444C
:0040444D
:0040444E
8BC7
81C400080000
5D
5F
5E
5B
C3
:0040444F 90
mov
add
pop
pop
pop
pop
ret
eax, edi
esp, 00000800
ebp
edi
esi
ebx
nop

|:004045E3 , :00404622
|
:00404450 B00F
mov al, 0F
:00404452 E9C9E2FFFF
jmp 00402720
:00404457 C3
ret
|:00404535(C)
|
:00404458 B010
:0040445A E9C1E2FFFF
:0040445F C3

mov al, 10
jmp 00402720
ret

|:004045EA , :00404649 , :00404670 , :004046F3 , :00404758
|:004047B8 , :004047F8 , :00404825 , :00410635
|
:00404460 31D2
xor edx, edx
:00404462 668B10
mov dx, word ptr [eax]
:00404465 F7C200400000
test edx, 00004000
:0040446B 7528
jne 00404495
:0040446D 83FA08
cmp edx, 00000008
:00404470 7223
jb 00404495
:00404472 81FA00010000
cmp edx, 00000100
:00404478 740E
je 00404488
:0040447A 81FA01010000
cmp edx, 00000101
:00404480 7519
jne 0040449B
:00404482 FF25E4334400
jmp dword ptr [004433E4]
|:00404478(C)
|
:00404488 66C7000000
:0040448D 83C008
:00404490 E923F3FFFF

mov word ptr [eax], 0000
add eax, 00000008
jmp 004037B8

|:0040446B(C), :00404470(C)
|
:00404495 66C7000000
:0040449A C3
ret

|:00404480(C)
|
:0040449B 50
push eax
|
:0040449C E847CEFFFF
Call 004012E8
:004044A1 C3
ret
:004044A2 8BC0
mov eax, eax

|:0040417A , :00404279 , :00404697 , :00404844 , :0040AE36
|:00410648
|
:004044A4 39D0
cmp eax, edx
:004044A6 0F848F000000
je 0040453B
:004044AC 66833808
cmp word ptr [eax], 0008
:004044B0 722A
jb 004044DC
:004044B2 50
push eax
:004044B3 52
push edx
:004044B4 6681380001
:004044B9 7417
je 004044D2
:004044BB 6681380101
:004044C0 7408
je 004044CA
:004044C2 50
push eax
|
:004044C3 E820CEFFFF
Call 004012E8
:004044C8 EB10
jmp 004044DA
|:004044C0(C)
|
:004044CA FF15E4334400
call dword ptr [004433E4]
:004044D0 EB08
jmp 004044DA
|:004044B9(C)
|
:004044D2 83C008
add eax, 00000008
:004044D5 E8DEF2FFFF
call 004037B8
|:004044C8(U), :004044D0(U)
|
:004044DA 5A
pop edx
:004044DB 58
pop eax
|:004044B0(C)
|
:004044DC 66833A08
cmp word ptr [edx], 0008
:004044E0 7311
jnb 004044F3
|:00404502
|
:004044E2 8B0A
:004044E4 8908
:004044E6 8B4A08
:004044E9 894808
:004044EC 8B4A0C
:004044EF 89480C
:004044F2 C3
|:004044E0(C)
|
:004044F3 66813A0001
:004044F8 7414
:004044FA 66813A0101
:004044FF 7526
:00404501 50
:00404502 E8DBFFFFFF
:00404507 58
:00404508 FF25EC334400
mov
mov
mov
mov
mov
mov
ret
ecx, dword ptr [edx]

dword ptr [eax], ecx
ecx, dword ptr [edx+08]
dword ptr [eax+08], ecx
ecx, dword ptr [edx+0C]
dword ptr [eax+0C], ecx

je 0040450E
jne 00404527
push eax
call 004044E2
pop eax
jmp dword ptr [004433EC]

|:004044F8(C)
|
:0040450E 8B5208
:00404511 09D2
or edx, edx
:00404513 7409
je 0040451E
:00404515 8B4AF8
:00404518 41
inc ecx
:00404519 7E03
jle 0040451E
:0040451B 894AF8
|:00404513(C), :00404519(C)
|
:0040451E 66C7000001
:00404523 895008
:00404526 C3
|:004044FF(C)
|
:00404527 66C7000000
:0040452C 52
:0040452D 50

ret

push edx
push eax
* Reference To: oleaut32.VariantCopyInd, Ord:0000h

|
:0040452E E8BDCDFFFF
Call 004012F0
:00404533 09C0
or eax, eax
:00404535 0F851DFFFFFF
jne 00404458
|:004044A6(C)
|
:0040453B C3
ret

|:00404608
|
:0040453C 55
push ebp
:0040453D 8BEC
mov ebp, esp
:0040453F 83C4F0
add esp, FFFFFFF0
:00404542 53
push ebx
:00404543 56
push esi
:00404544 57
push edi
:00404545 8BF2
mov esi, edx
:00404547 8D7DF0
lea edi, dword ptr [ebp-10]
:0040454A 51
push ecx
:0040454B B904000000
mov ecx, 00000004
:00404550 F3
repz
:00404551 A5
movsd
:00404552 59
pop ecx
:00404553 8BF1
mov esi, ecx
:00404555 8BD8
mov ebx, eax
:00404557 8D45F0
:0040455A E8CD020000
call 0040482C
:0040455F 33C0
xor eax, eax
:00404561 55
push ebp
:00404562 6898454000
push 00404598
:00404567 64FF30
:0040456A 648920
:0040456D 8D45F0
:00404570 FF15E8334400
call dword ptr [004433E8]
:00404576 8D55F0
lea edx, dword ptr [ebp-10]
:00404579 8BC3
mov eax, ebx
:0040457B 8BCE
mov ecx, esi
:0040457D E826000000
call 004045A8
:00404582 33C0
xor eax, eax
:00404584 5A
pop edx
:00404585 59
pop ecx
:00404586 59
pop ecx
:00404587 648910
* Possible StringData Ref from Code Obj ->"_^["
|
:0040458A 689F454000
push 0040459F
|:0040459D(U)
|
:0040458F 8D45F0
:00404592 E88D020000
:00404597 C3
:00404598
:0040459D
:0040459F
:004045A0
:004045A1
:004045A2
:004045A4
:004045A5
jmp
jmp
pop
pop
pop
mov
pop
ret
E9DBECFFFF
EBF0
5F
5E
5B
8BE5
5D
C3

call 00404824
ret
00403278
0040458F
edi
esi
ebx
esp, ebp
ebp
:004045A6 8BC0
mov eax, eax

|:0040457D , :004046DE , :0040472A , :0040476A
|
:004045A8 55
push ebp
:004045A9 8BEC
mov ebp, esp
:004045AB 83C4F0
add esp, FFFFFFF0
:004045AE 53
push ebx
:004045AF 56
push esi
:004045B0 57
push edi
:004045B1 8BF9
mov edi, ecx
:004045B3 8BF2
mov esi, edx
:004045B5 8BD8
mov ebx, eax
:004045B7 668B03
mov ax, word ptr [ebx]
:004045BA 662D0001
sub ax, 0100
:004045BE 7407
je 004045C7
:004045C0 66FFC8
dec ax
:004045C3 743D
je 00404602
:004045C5 EB48
jmp 0040460F
|:004045BE(C)
|
:004045C7 66C745F00000
:004045CD 57
:004045CE 6A00
:004045D0 6800040000
:004045D5 56
:004045D6 8D45F0
:004045D9 50

mov [ebp-10], 0000
push edi
push 00000000
push 00000400
push esi
push eax

|
:004045DA E819CDFFFF
Call 004012F8
:004045DF 85C0
test eax, eax
:004045E1 7405
je 004045E8
:004045E3 E868FEFFFF
call 00404450
|:004045E1(C)
|
:004045E8 8BC3
:004045EA E871FEFFFF
:004045EF 8B45F0
:004045F2 8903
:004045F4 8B45F8
:004045F7 894308
:004045FA 8B45FC
:004045FD 89430C
:00404600 EB25
|:004045C3(C)
|
:00404602 8BD6
:00404604 8BC3
:00404606 8BCF
mov eax, ebx

call 00404460
mov dword ptr [ebx+0C], eax
jmp 00404627
mov edx, esi

mov eax, ebx
mov ecx, edi
call 0040453C
:0040460D EB18
jmp 00404627
|:004045C5(U)
|
:0040460F 57
:00404610 6A00
:00404612 6800040000
:00404617 56
:00404618 53

push
push
push
push
push
edi
00000000
00000400
esi
ebx

|
:00404619 E8DACCFFFF
Call 004012F8
:0040461E 85C0
test eax, eax
:00404620 7405
je 00404627
:00404622 E829FEFFFF
call 00404450
|:00404600(U), :0040460D(U), :00404620(C)
|
:00404627 5F
pop edi
:00404628 5E
pop esi
:00404629 5B
pop ebx
:0040462A 8BE5
mov esp, ebp
:0040462C 5D
pop ebp
:0040462D C3
ret
:0040462E 8BC0
mov eax, eax

|:00404716 , :00404743
|
:00404630 55
push ebp
:00404631 8BEC
mov ebp, esp
:00404633 51
push ecx
:00404634 53
push ebx
:00404635 8BD8
mov ebx, eax
:00404637 33C0
xor eax, eax
:00404639 8945FC
:0040463C 8B4208
:0040463F 8D55FC
:00404642 E861FDFFFF
call 004043A8
:00404647 8BC3
mov eax, ebx
:00404649 E812FEFFFF
call 00404460
:0040464E 66C7030001
mov word ptr [ebx], 0100
:00404653 8B45FC
:00404656 894308
:00404659 5B
pop ebx
:0040465A 59
pop ecx
:0040465B 5D
pop ebp
:0040465C C3
ret
:0040465D 8D4000

|:004046B0 , :004046C3
|
:00404660
:00404661
:00404662
:00404664
:00404667
:0040466C
:0040466E
:00404670
:00404675
:0040467A
:0040467D
:0040467E
:0040467F
53
56
8BD8
8B4208
E860FDFFFF
8BF0
8BC3
E8EBFDFFFF
66C7030800
897308
5E
5B
C3
push ebx
push esi
mov ebx, eax
call 004043CC
mov esi, eax
mov eax, ebx
call 00404460
mov word ptr [ebx], 0008
pop esi
pop ebx
ret

|:00404796
|
:00404680 55
push ebp
:00404681 8BEC
mov ebp, esp
:00404683 83C4EC
add esp, FFFFFFEC
:00404686 53
push ebx
:00404687 8945EC
:0040468A 668B02
mov ax, word ptr [edx]
:0040468D 8BD9
mov ebx, ecx
:0040468F 663BD8
cmp bx, ax
:00404692 750D
jne 004046A1
:00404694 8B45EC
:00404697 E808FEFFFF
call 004044A4
:0040469C E9CE000000
jmp 0040476F
|:00404692(C)
|
:004046A1 663D0001
:004046A5 7559
:004046A7 6683FB08
:004046AB 750D
:004046AD 8B45EC
:004046B0 E8ABFFFFFF
:004046B5 E9B5000000
|:004046AB(C)
|
:004046BA 66C745F00000
:004046C0 8D45F0
:004046C8 33C0
:004046CA 55
:004046CB 68F9464000
:004046D0 64FF30
:004046D3 648920
:004046D6 8D55F0
:004046D9 8B45EC
:004046DC 8BCB
:004046DE E8C5FEFFFF
:004046E3 33C0
:004046E5 5A
cmp ax, 0100

jne 00404700
cmp bx, 0008
jne 004046BA
call 00404660
jmp 0040476F
mov [ebp-10], 0000

call 00404660
xor eax, eax
push ebp
push 004046F9
mov ecx, ebx
call 004045A8
xor eax, eax
pop edx
:004046E6
:004046E7
:004046E8
:004046EB
59
59
648910
686F474000
pop ecx
pop ecx
push 0040476F
|:004046FE(U)
|
:004046F0 8D45F0
:004046F8 C3
:004046F9 E97AEBFFFF
:004046FE EBF0
jmp 00403278
jmp 004046F0
|:004046A5(C)
|
:00404700 6681FB0001
:00404705 755E
:00404707 663D0101
:0040470B 7458
:0040470D 6683F808
:00404711 750A
:00404713 8B45EC
:00404716 E815FFFFFF
:0040471B EB52
|:00404711(C)
|
:0040471D 66C745F00000
:00404723 8D45F0
:00404726 66B90800
:0040472A E879FEFFFF
:0040472F 33C0
:00404731 55
:00404732 685E474000
:00404737 64FF30
:0040473A 648920
:0040473D 8D55F0
:00404740 8B45EC
:00404743 E8E8FEFFFF
:00404748 33C0
:0040474A 5A
:0040474B 59
:0040474C 59
:0040474D 648910
:00404750 686F474000
|:00404763(U)
|
:00404755 8D45F0
:00404758 E803FDFFFF
:0040475D C3
:0040475E E915EBFFFF
jmp 00403278

call 00404460
ret
cmp bx, 0100

jne 00404765
cmp ax, 0101
je 00404765
cmp ax, 0008
jne 0040471D
call 00404630
jmp 0040476F
mov [ebp-10], 0000

mov cx, 0008
call 004045A8
xor eax, eax
push ebp
push 0040475E
call 00404630
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040476F

call 00404460
ret
:00404763 EBF0
jmp 00404755
|:00404705(C), :0040470B(C)
|
:00404765 8B45EC
:00404768 8BCB

mov ecx, ebx
call 004045A8

|:0040469C(U), :004046B5(U), :0040471B(U)
|
:0040476F 5B
pop ebx
:00404770 8BE5
mov esp, ebp
:00404772 5D
pop ebp
:00404773 C3
ret

|:00407B8E
|
:00404774 66813A0001
:00404779 7508
jne 00404783
:0040477B 8B5208
:0040477E E989F0FFFF
jmp 0040380C
|:00404779(C)
|
:00404783 53
:00404784 89C3
:00404786 83EC10
:00404789 66C704240000
:0040478F 89E0
:00404791 B900010000
:0040479B 89D8
:0040479D E816F0FFFF
:004047A2 8B442408
:004047A6 8903
:004047A8 83C410
:004047AB 5B
:004047AC C3
:004047AD 8D4000
push ebx
mov ebx, eax
sub esp, 00000010
mov word ptr [esp], 0000
mov eax, esp
mov ecx, 00000100
call 00404680
mov eax, ebx
call 004037B8
add esp, 00000010
pop ebx
ret

|:004106ED
|
:004047B0 66833808
:004047B4 7209
jb 004047BF
:004047B6 50
push eax
:004047B7 52
push edx
:004047B8 E8A3FCFFFF
call 00404460
:004047BD 5A
pop edx
:004047BE 58
pop eax
|:004047B4(C)
|
:004047BF 85D2
:004047C1 7423
:004047C3 8B4AF8
:004047C6 41
:004047C7 7E05
:004047C9 894AF8
:004047CC EB18
test edx, edx

je 004047E6
inc ecx
jle 004047CE
jmp 004047E6
|:004047C7(C)
|
:004047CE 50
:004047CF 52
:004047D0 8B42FC
:004047D3 E8A0F0FFFF
:004047D8 89C2
:004047DA 58
:004047DB 52
:004047DC 8B4AFC
:004047DF E8C8DFFFFF
:004047E4 5A
:004047E5 58
|:004047C1(C), :004047CC(U)
|
:004047E6 66C7000001
:004047EB 895008
:004047EE C3
:004047EF 90
nop
push eax
push edx
call 00403878
mov edx, eax
pop eax
push edx
call 004027AC
pop edx
pop eax

ret

|:00410708
|
:004047F0 50
push eax
:004047F1 66833808
:004047F5 7207
jb 004047FE
:004047F7 52
push edx
:004047F8 E863FCFFFF
call 00404460
:004047FD 5A
pop edx
|:004047F5(C)
|
:004047FE 31C0
xor eax, eax
:00404800 85D2
test edx, edx
:00404802 7416
je 0040481A
:00404804 8B42FC
:00404807 D1E8
shr eax, 1
:00404809 740F
je 0040481A
:0040480B 50
push eax
:0040480C 52
push edx
|
:0040480D E8B6CAFFFF
Call 004012C8
:00404812 85C0
:00404814 0F8452F5FFFF
test eax, eax

je 00403D6C
|:00404802(C), :00404809(C)
|
:0040481A 5A
:0040481B 66C7020800
:00404820 894208
:00404823 C3

pop edx
mov word ptr [edx], 0008
ret

|:00404079 , :00404592 , :00405973 , :0040597D
|:0041078E
|
:00404824 50
push eax
:00404825 E836FCFFFF
call 00404460
:0040482A 58
pop eax
:0040482B C3
ret
, :00405987

|:0040455A
|
:0040482C 66833808
:00404830 721A
jb 0040484C
:00404832 FF700C
push [eax+0C]
:00404835 FF7008
push [eax+08]
:00404838 FF7004
push [eax+04]
:0040483B FF30
push dword ptr [eax]
:0040483D 66C7000000
:00404842 89E2
mov edx, esp
:00404844 E85BFCFFFF
call 004044A4
:00404849 83C410
add esp, 00000010
|:00404830(C)
|
:0040484C C3
ret
:0040484D 8D4000
|:00404858
|
:00404850 85C0
test eax, eax
:00404852 7403
je 00404857
:00404854 8B40FC
|:00404852(C)
|
:00404857 C3
ret
|:004098E9
|
:00404858 E8F3FFFFFF
call 00404850
:0040485D 48
:0040485E C3
dec eax
ret
:0040485F 90
nop

|:00404984
|
:00404860 55
push ebp
:00404861 8BEC
mov ebp, esp
:00404863 FF7508
push [ebp+08]
:00404866 E899F9FFFF
call 00404204
:0040486B 5D
pop ebp
:0040486C C20400
ret 0004
:0040486F 90
nop

|:0040492E
|
:00404870 E987F7FFFF
jmp 00403FFC
:00404875 C3
ret
:00404876 8BC0
mov eax, eax

|:004048AF
|
:00404878 E89B010000
call 00404A18
:0040487D C3
ret
:0040487E 8BC0
mov eax, eax

|:004049F1 , :00404A11
|
:00404880 55
push ebp
:00404881 8BEC
mov ebp, esp
:00404883 83C4E0
add esp, FFFFFFE0
:00404886 53
push ebx
:00404887 56
push esi
:00404888 57
push edi
:00404889 894DF8
mov dword ptr [ebp-08], ecx
:0040488C 8BF2
mov esi, edx
:0040488E 8945FC
:00404891 8B5DFC
mov ebx, dword ptr [ebp-04]
:00404894 8B1B
:00404896 8B4508
:00404899 8B38
mov edi, dword ptr [eax]
:0040489B 85FF
test edi, edi
:0040489D 7F1A
jg 004048B9
:0040489F 85FF
test edi, edi
:004048A1 7D07
jge 004048AA
:004048A3 B004
mov al, 04
:004048A5 E876DEFFFF
call 00402720
|:004048A1(C)
|
:004048AA 8B45FC
:004048AD 8BD6
:004048AF E8C4FFFFFF
:004048B4 E948010000

mov edx, esi
call 00404878
jmp 00404A01

|:0040489D(C)
|
:004048B9 33C0
xor eax, eax
:004048BB 8945F0
:004048BE 85DB
test ebx, ebx
:004048C0 740B
je 004048CD
:004048C2 83EB04
sub ebx, 00000004
:004048C5 8B03
:004048C7 8945F0
:004048CA 83EB04
sub ebx, 00000004
|:004048C0(C)
|
:004048CD 33C0
xor eax, eax
:004048CF 8A4601
mov al, byte ptr [esi+01]
:004048D2 01C6
add esi, eax
:004048D4 8B4602
:004048D7 8945E8
:004048DA 8B4606
:004048DD 85C0
test eax, eax
:004048DF 7404
je 004048E5
:004048E1 8B30
:004048E3 EB02
jmp 004048E7
|:004048DF(C)
|
:004048E5 33F6
xor esi, esi
|:004048E3(U)
|
:004048E7 8BC7
:004048E9 F76DE8
:004048EC 8945E4
:004048EF 8B45E4
:004048F2 99
:004048F3 F7FF
:004048F5 3B45E8
:004048F8 7407
:004048FA B004
:004048FC E81FDEFFFF
|:004048F8(C)
|
:00404901 8345E408
:00404905 85DB
:00404907 7405
:00404909 833B01
mov eax, edi

imul [ebp-18]
mov dword ptr [ebp-1C], eax
mov eax, dword ptr [ebp-1C]
cdq
idiv edi
cmp eax, dword ptr [ebp-18]
je 00404901
mov al, 04
call 00402720
add dword ptr [ebp-1C], 00000008

test ebx, ebx
je 0040490E
:0040490C 7535
jne 00404943
|:00404907(C)
|
:0040490E 895DE0
:00404911 3B7DF0
:00404914 7D1D
:00404916 85F6
:00404918 7419
:0040491A 8BC3
:0040491C 83C008
:0040491F 8BD7
:00404921 0FAF55E8
:00404925 03C2
:00404927 8B4DF0
:0040492A 2BCF
:0040492C 8BD6
:0040492E E83DFFFFFF
|:00404914(C), :00404918(C)
|
:00404933 8D45E0
:00404936 8B55E4
:00404939 E886DDFFFF
:0040493E 8B5DE0
:00404941 EB5E
|:0040490C(C)
|
:00404943 FF0B
:00404945 8B45E4
:00404948 E847DDFFFF
:0040494D 8BD8
:0040494F 8B45F0
:00404952 8945EC
:00404955 3B7DEC
:00404958 7D03
:0040495A 897DEC
|:00404958(C)
|
:0040495D 85F6
:0040495F 742A
:00404961 8B55EC
:00404964 0FAF55E8
:00404968 8BC3
:0040496A 83C008
:0040496D 33C9
:0040496F E8C4DFFFFF
:00404974 8B45EC
:00404977 50
:00404978 8B55FC
:0040497B 8B12
:0040497D 8BC3
:0040497F 83C008
:00404982 8BCE

cmp edi, dword ptr [ebp-10]
jge 00404933
test esi, esi
je 00404933
mov eax, ebx
add eax, 00000008
mov edx, edi
imul edx, dword ptr [ebp-18]
add eax, edx
mov ecx, dword ptr [ebp-10]
sub ecx, edi
mov edx, esi
call 00404870

mov edx, dword ptr [ebp-1C]
call 004026C4
jmp 004049A1
dec dword ptr [ebx]

call 00402694
mov ebx, eax
jge 0040495D
test esi, esi

je 0040498B
mov eax, ebx
add eax, 00000008
xor ecx, ecx
call 00402938
push eax
mov eax, ebx
add eax, 00000008
mov ecx, esi
:00404984 E8D7FEFFFF
:00404989 EB16
call 00404860
jmp 004049A1
|:0040495F(C)
|
:0040498B 8B4DEC
:0040498E 0FAF4DE8
:00404992 8BD3
:00404994 83C208
:00404997 8B45FC
:0040499A 8B00
:0040499C E80BDEFFFF
|:00404941(U), :00404989(U)
|
:004049A1 C70301000000
:004049A7 83C304
:004049AA 893B
:004049AC 83C304
:004049AF 8BD7
:004049B1 2B55F0
:004049B4 0FAF55E8
:004049B8 8B45E8
:004049BB 0FAF45F0
:004049BF 03C3
:004049C1 33C9
:004049C3 E870DFFFFF
:004049C8 837DF801
:004049CC 7E2E
:004049CE 83450804
:004049D2 FF4DF8
:004049D5 4F
:004049D6 85FF
:004049D8 7C22
:004049DA 47
:004049DB C745F400000000
|:004049FA(C)
|
:004049E2 8B4508
:004049E5 50
:004049E6 8B45F4
:004049E9 8D0483
:004049EC 8B4DF8
:004049EF 8BD6
:004049F1 E88AFEFFFF
:004049F6 FF45F4
:004049F9 4F
:004049FA 75E6

imul ecx, dword ptr [ebp-18]
mov edx, ebx
add edx, 00000008
call 004027AC

add ebx, 00000004
add ebx, 00000004
mov edx, edi
sub edx, dword ptr [ebp-10]
imul eax, dword ptr [ebp-10]
add eax, ebx
xor ecx, ecx
call 00402938
cmp dword ptr [ebp-08], 00000001
jle 004049FC
add dword ptr [ebp+08], 00000004
dec [ebp-08]
dec edi
test edi, edi
jl 004049FC
inc edi
mov [ebp-0C], 00000000
mov eax, dword

push eax
mov eax, dword
lea eax, dword
mov ecx, dword
mov edx, esi
call 00404880
inc [ebp-0C]
dec edi
jne 004049E2
ptr [ebp+08]
ptr [ebp-0C]
ptr [ebx+4*eax]
ptr [ebp-08]

|:004049CC(C), :004049D8(C)
|
:004049FC 8B45FC
:004049FF 8918
|:004048B4(U)
|
:00404A01 5F
:00404A02 5E
:00404A03 5B
:00404A04 8BE5
:00404A06 5D
:00404A07 C20400
pop
pop
pop
mov
pop
ret
:00404A0A 8BC0
mov eax, eax
edi
esi
ebx
esp, ebp
ebp
0004

|:00409874
|
:00404A0C 54
push esp
:00404A0D 83042404
add dword ptr [esp], 00000004
:00404A11 E86AFEFFFF
call 00404880
:00404A16 C3
ret
:00404A17 90
nop

|:004040CD , :00404878 , :00404A6E
|
:00404A18 8B08
:00404A1A 85C9
test ecx, ecx
:00404A1C 7432
je 00404A50
:00404A1E C70000000000
:00404A24 FF49F8
dec [ecx-08]
:00404A27 7527
jne 00404A50
:00404A29 50
push eax
:00404A2A 89C8
mov eax, ecx
:00404A2C 31C9
xor ecx, ecx
:00404A2E 8A4A01
:00404A31 8B540A06
mov edx, dword ptr [edx+ecx+06]
:00404A35 85D2
test edx, edx
:00404A37 740E
je 00404A47
:00404A39 8B48FC
:00404A3C 85C9
test ecx, ecx
:00404A3E 7407
je 00404A47
:00404A40 8B12
:00404A42 E8B5F5FFFF
call 00403FFC
|:00404A37(C), :00404A3E(C)
|
:00404A47 83E808
:00404A4A E85DDCFFFF
:00404A4F 58

sub eax, 00000008
call 004026AC
pop eax

|:00404A1C(C), :00404A27(C)
|
:00404A50 C3
ret
:00404A51 8D4000
|:004041D7 , :004042E1
|
:00404A54
:00404A55
:00404A57
:00404A59
:00404A5B
53
8B18
85D2
7403
FF42F8
push ebx
test edx, edx
je 00404A5E
inc [edx-08]
|:00404A59(C)
|
:00404A5E 85DB
:00404A60 7413
:00404A62 FF4BF8
:00404A65 750E
:00404A67 50
:00404A68 52
:00404A69 89CA
:00404A6B FF43F8
:00404A6E E8A5FFFFFF
:00404A73 5A
:00404A74 58
|:00404A60(C), :00404A65(C)
|
:00404A75 8910
:00404A77 5B
:00404A78 C3
:00404A79 8D4000
test ebx, ebx

je 00404A75
dec [ebx-08]
jne 00404A75
push eax
push edx
mov edx, ecx
inc [ebx-08]
call 00404A18
pop edx
pop eax

pop ebx
ret

|:00403629 , :00404AA4
|
:00404A7C 83C4E4
add esp, FFFFFFE4
:00404A7F 6A1C
push 0000001C
:00404A81 8D542404
:00404A85 52
push edx
:00404A86 50
push eax
|
:00404A87 E834C8FFFF
Call 004012C0
:00404A8C 817C241000100000
:00404A94 7506
jne 00404A9C
:00404A96 8B442404
:00404A9A EB02
jmp 00404A9E
|:00404A94(C)
|
:00404A9C 33C0
xor eax, eax
|:00404A9A(U)
|
:00404A9E 83C41C
add esp, 0000001C
:00404AA1 C3
ret
:00404AA2 8BC0
mov eax, eax

|:0040C962
|
:00404AA4 E8D3FFFFFF
call 00404A7C
:00404AA9 C3
ret
:00404AAA 8BC0
mov eax, eax

|:00404E4F , :00408758 , :00408843 , :0040C967
|
:00404AAC 8B150C204400
:00404AB2 85D2
test edx, edx
:00404AB4 7419
je 00404ACF
|:00404ACD(C)
|
:00404AB6 3B4204
cmp eax, dword ptr [edx+04]
:00404AB9 740A
je 00404AC5
:00404ABB 3B4208
:00404ABE 7405
je 00404AC5
:00404AC0 3B420C
cmp eax, dword ptr [edx+0C]
:00404AC3 7504
jne 00404AC9
|:00404AB9(C), :00404ABE(C)
|
:00404AC5 8B4210
:00404AC8 C3
ret

|:00404AC3(C)
|
:00404AC9 8B12
:00404ACB 85D2
test edx, edx
:00404ACD 75E7
jne 00404AB6
|:00404AB4(C)
|
:00404ACF C3
ret
|:00405B76
|
:00404AD0 55
push ebp
:00404AD1 8BEC
mov ebp, esp
:00404AD3 81C4E0FEFFFF
add esp, FFFFFEE0
:00404AD9 53
push ebx
:00404ADA 56
push esi
:00404ADB 8945FC
:00404ADE 6805010000
push 00000105
:00404AE3 8D85E3FEFFFF
lea eax, dword ptr [ebp+FFFFFEE3]
:00404AE9 50
:00404AEA 6A00
push eax
push 00000000

|
:00404AEC E86FC7FFFF
Call 00401260
:00404AF1 C645EE00
mov [ebp-12], 00
:00404AF5 8D45F8
:00404AF8 50
push eax
:00404AF9 683F000F00
push 000F003F
:00404AFE 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"Software\Borland\Locales"
|
:00404B00 68884C4000
push 00404C88
:00404B05 6801000080
push 80000001
|
:00404B0A E899C7FFFF
Call 004012A8
:00404B0F 85C0
test eax, eax
:00404B11 741E
je 00404B31
:00404B13 8D45F8
:00404B16 50
push eax
:00404B17 683F000F00
push 000F003F
:00404B1C 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"Software\Borland\Delphi\Locales"
|
:00404B1E 68A44C4000
push 00404CA4
:00404B23 6801000080
push 80000001
|
:00404B28 E87BC7FFFF
Call 004012A8
:00404B2D 85C0
test eax, eax
:00404B2F 756D
jne 00404B9E
|:00404B11(C)
|
:00404B31 33C0
:00404B33 55
:00404B34 68974B4000
:00404B39 64FF30
:00404B3C 648920
:00404B3F C745E805000000
:00404B46 8D45E8
:00404B49 50
:00404B4A 8D45EE
:00404B4D 50
:00404B4E 6A00
:00404B50 6A00
:00404B52 8D85E3FEFFFF
:00404B58 50
:00404B59 8B45F8
:00404B5C 50

xor eax, eax
push ebp
push 00404B97
mov [ebp-18], 00000005
push eax
push eax
push 00000000
push 00000000
push eax
push eax

|
:00404B5D
:00404B62
:00404B64
:00404B66
:00404B69
:00404B6A
:00404B6D
:00404B6E
:00404B70
:00404B72
:00404B77
:00404B7A
E84EC7FFFF
85C0
741A
8D45E8
50
8D45EE
50
6A00
6A00
68C44C4000
8B45F8
50
Call 004012B0
test eax, eax
je 00404B80
push eax
push eax
push 00000000
push 00000000
push 00404CC4
push eax

|
:00404B7B E830C7FFFF
Call 004012B0
|:00404B64(C)
|
:00404B80 33C0
:00404B82 5A
:00404B83 59
:00404B84 59
:00404B85 648910
:00404B88 689E4B4000

xor eax, eax
pop edx
pop ecx
pop ecx
push 00404B9E

|:00404B9C(U)
|
:00404B8D 8B45F8
:00404B90 50
push eax
|
:00404B91 E80AC7FFFF
Call 004012A0
:00404B96 C3
ret
:00404B97 E9DCE6FFFF
:00404B9C EBEF
jmp 00403278
jmp 00404B8D
|:00404B2F(C)
|
:00404B9E 8B45FC
:00404BA1 50
:00404BA2 8D85E3FEFFFF
:00404BA8 50

push eax
push eax

|
:00404BA9 E8DAC6FFFF
Call 00401288
:00404BAE 6A05
push 00000005
:00404BB0 8D45F3
lea eax, dword ptr [ebp-0D]
:00404BB3 50
push eax
:00404BB4 6A03
push 00000003
|
:00404BB6 E8B5C6FFFF
:00404BBB 50
Call 00401270
push eax

|
:00404BBC E897C6FFFF
Call 00401258
:00404BC1 33F6
xor esi, esi
:00404BC3 80BDE3FEFFFF00
cmp byte ptr [ebp+FFFFFEE3], 00
:00404BCA 0F84AF000000
je 00404C7F
:00404BD0 807DF300
cmp byte ptr [ebp-0D], 00
:00404BD4 750A
jne 00404BE0
:00404BD6 807DEE00
cmp byte ptr [ebp-12], 00
:00404BDA 0F849F000000
je 00404C7F
|:00404BD4(C)
|
:00404BE0 8D85E3FEFFFF
:00404BE6 50
push eax
* Reference To: kernel32.lstrlenA, Ord:0000h
|
:00404BE7 E8A4C6FFFF
Call 00401290
:00404BEC 8BD8
mov ebx, eax
:00404BEE 8D85E3FEFFFF
:00404BF4 03D8
add ebx, eax
:00404BF6 EB01
jmp 00404BF9
|:00404C06(C)
|
:00404BF8 4B
dec ebx
|:00404BF6(U)
|
:00404BF9 803B2E
:00404BFC 740A
:00404BFE 8D85E3FEFFFF
:00404C04 3BD8
:00404C06 75F0
|:00404BFC(C)
|
:00404C08 8D85E3FEFFFF
:00404C0E 3BD8
:00404C10 746D
:00404C12 43
:00404C13 807DEE00
:00404C17 741C
:00404C19 8D45EE
:00404C1C 50
:00404C1D 53
cmp byte ptr [ebx], 2E

je 00404C08
cmp ebx, eax
jne 00404BF8

cmp ebx, eax
je 00404C7F
inc ebx
je 00404C35
push eax
push ebx

|
:00404C1E E865C6FFFF
Call 00401288
:00404C23 6A02
push 00000002
:00404C25 6A00
push 00000000
:00404C2D 50

push eax

|
Call 00401278
:00404C33 8BF0
mov esi, eax
|:00404C17(C)
|
:00404C35 85F6
:00404C37 7546
:00404C39 807DF300
:00404C3D 7440
:00404C3F 8D45F3
:00404C42 50
:00404C43 53

test esi, esi
jne 00404C7F
je 00404C7F
push eax
push ebx

|
:00404C44 E83FC6FFFF
Call 00401288
:00404C49 6A02
push 00000002
:00404C4B 6A00
push 00000000
:00404C4D 8D85E3FEFFFF
:00404C53 50
push eax
|
:00404C54 E81FC6FFFF
Call 00401278
:00404C59 8BF0
mov esi, eax
:00404C5B 85F6
test esi, esi
:00404C5D 7520
jne 00404C7F
:00404C5F C645F500
mov [ebp-0B], 00
:00404C63 8D45F3
:00404C66 50
push eax
:00404C67 53
push ebx
|
:00404C68 E81BC6FFFF
Call 00401288
:00404C6D 6A02
push 00000002
:00404C6F 6A00
push 00000000
:00404C77 50
push eax
|
:00404C78 E8FBC5FFFF
Call 00401278
:00404C7D 8BF0
mov esi, eax
|:00404BCA(C), :00404BDA(C), :00404C10(C), :00404C37(C), :00404C3D(C)
|:00404C5D(C)
|
:00404C7F 8BC6
mov eax, esi
:00404C81 5E
pop esi
:00404C82 5B
pop ebx
:00404C83 8BE5
mov esp, ebp
:00404C85 5D
pop ebp
:00404C86 C3
ret
:00404C87 00
BYTE 0
:00404C88
:00404C89
:00404C8A
:00404C8D
:00404C8E
:00404C90
:00404C91
:00404C92
:00404C93
:00404C95
:00404C96
:00404C97
53
6F
667477
61
7265
5C
42
6F
726C
61
6E
64
push ebx
outsd
je 00404D04
popad
jb 00404CF5
pop esp
inc edx
outsd
jb 00404D01
popad
outsb
BYTE 064h
:00404C98
:00404C99
:00404C9A
:00404C9B
:00404C9E
5C
4C
6F
63616C
65
pop esp
dec esp
outsd
arpl dword ptr [ecx+6C], esp
BYTE 065h
:00404C9F 7300
jnb 00404CA1

|:00404C9F(C)
|
:00404CA1 000000
BYTE 3 DUP(0)
:00404CA4 53
push ebx
:00404CA5 6F
outsd
:00404CA6 667477
je 00404D20
:00404CA9 61
popad
:00404CAA 7265
jb 00404D11
:00404CAC 5C
pop esp
:00404CAD 42
inc edx
:00404CAE 6F
outsd
:00404CAF 726C
jb 00404D1D
:00404CB1 61
popad
:00404CB2 6E
outsb
:00404CB3 64
BYTE 064h
:00404CB4 5C
:00404CB5 44
:00404CB6 65
pop esp
inc esp
BYTE 065h
:00404CB7
:00404CB8
:00404CBA
:00404CC2
insb
jo 00404D22
imul ebx, dword ptr [esp+2*ecx+6F], 656C6163
jnb 00404CC4
6C
7068
695C4C6F63616C65
7300

|:00404CC2(C)
|
:00404CC4 00000000
BYTE 4 DUP(0)

|:0041245E
|
:00404CC8 53
push ebx
:00404CC9 8BD8
mov ebx, eax
:00404CCB B808000000
mov eax, 00000008
:00404CD0 E8BFD9FFFF
call 00402694
:00404CD5 8B1510204400
:00404CDB 8910
:00404CDD 895804
:00404CE0 A310204400
:00404CE5 5B
pop ebx
:00404CE6 C3
ret
:00404CE7 90
nop

|:00412431
|
:00404CE8 53
push ebx
:00404CE9 56
push esi
:00404CEA 8B3510204400
mov esi, dword ptr [00442010]
:00404CF0 85F6
test esi, esi
:00404CF2 7422
je 00404D16
:00404CF4 8B5604
:00404CF7 3BD0
cmp edx, eax
:00404CF9 751B
jne 00404D16
:00404CFB A110204400
:00404D00 8B00
:00404D02 A310204400
:00404D07 BA08000000
mov edx, 00000008
:00404D0C 8BC6
mov eax, esi
:00404D0E E899D9FFFF
call 004026AC
:00404D13 5E
pop esi
:00404D14 5B
pop ebx
:00404D15 C3
ret
|:00404CF2(C), :00404CF9(C)
|
:00404D16 8BD6
:00404D18 85D2
:00404D1A 7427

mov edx, esi
test edx, edx
je 00404D43

|:00404D41(C)
|
:00404D1C 8B0A
:00404D1E 85C9
test ecx, ecx
|:00404CA7(C)
|
:00404D20 741B
je 00404D3D
|:00404CB8(C)
|
:00404D22 8B5904
:00404D25 3BD8
:00404D27 7514
:00404D29 8BF1
:00404D2B 8B01
:00404D2D 8902
:00404D2F BA08000000
:00404D34 8BC6
:00404D36 E871D9FFFF
:00404D3B EB06
|:00404D20(C), :00404D27(C)
|
:00404D3D 8B12
:00404D3F 85D2
:00404D41 75D9
|:00404D1A(C), :00404D3B(U)
|
:00404D43 5E
:00404D44 5B
:00404D45 C3
:00404D46 8BC0
mov eax, eax
mov ebx, dword ptr [ecx+04]

cmp ebx, eax
jne 00404D3D
mov esi, ecx
mov eax, dword ptr [ecx]
mov edx, 00000008
mov eax, esi
call 004026AC
jmp 00404D43

test edx, edx
jne 00404D1C
pop esi
pop ebx
ret

|:00404DCF
|
:00404D48 55
push ebp
:00404D49 8BEC
mov ebp, esp
:00404D4B 83C4F8
add esp, FFFFFFF8
:00404D4E 53
push ebx
:00404D4F 56
push esi
:00404D50 57
push edi
:00404D51 8945FC
:00404D54 A110204400
:00404D59 8945F8
:00404D5C 837DF800
:00404D60 7439
je 00404D9B
|:00404D99(C)
|
:00404D62 33C0
:00404D64 55
:00404D65 68834D4000
:00404D6A 64FF30
:00404D6D 648920
:00404D70 8B5DF8
:00404D73 8B45FC
:00404D76 FF5304
:00404D79 33C0
:00404D7B 5A
:00404D7C 59

xor eax, eax
push ebp
push 00404D83
call [ebx+04]
xor eax, eax
pop edx
pop ecx
:00404D7D
:00404D7E
:00404D81
:00404D83
:00404D88
59
648910
EB0A
E9E8E2FFFF
E893E5FFFF
|:00404D81(U)
|
:00404D8D 8B45F8
:00404D90 8B00
:00404D92 8945F8
:00404D95 837DF800
:00404D99 75C7
pop ecx
jmp 00404D8D
jmp 00403070
call 00403320
mov
mov
mov
cmp
jne

dword ptr [ebp-08], eax
dword ptr [ebp-08], 00000000
00404D62

|:00404D60(C)
|
:00404D9B 5F
pop edi
:00404D9C 5E
pop esi
:00404D9D 5B
pop ebx
:00404D9E 59
pop ecx
:00404D9F 59
pop ecx
:00404DA0 5D
pop ebp
:00404DA1 C3
ret
:00404DA2 8BC0
mov eax, eax

|:00405B96
|
:00404DA4 8B150C204400
:00404DAA 8910
:00404DAC A30C204400
:00404DB1 C3
ret
:00404DB2 8BC0
mov eax, eax

|:00403725
|
:00404DB4 55
push ebp
:00404DB5 8BEC
mov ebp, esp
:00404DB7 51
push ecx
:00404DB8 8945FC
:00404DBB 33D2
xor edx, edx
:00404DBD 55
push ebp
:00404DBE 68184E4000
push 00404E18
:00404DC3 64FF32
:00404DC6 648922
:00404DC9 8B45FC
:00404DCC 8B4004
:00404DCF E874FFFFFF
call 00404D48
:00404DD4 33C0
xor eax, eax
:00404DD6 5A
pop edx
:00404DD7 59
pop ecx
:00404DD8 59
pop ecx
:00404DD9 648910
:00404DDC 681F4E4000
push 00404E1F
|:00404E1D(U)
|
:00404DE1 8B45FC
:00404DE4 3B050C204400
:00404DEA 750C
:00404DEC 8B45FC
:00404DEF 8B00
:00404DF1 A30C204400
:00404DF6 EB1F
|:00404DEA(C)
|
:00404DF8 A10C204400
:00404DFD 85C0
:00404DFF 7416
mov
cmp
jne
mov
mov
mov
jmp

00404DF8
dword ptr [0044200C], eax
00404E17

test eax, eax
je 00404E17

|:00404E15(C)
|
:00404E01 8B10
:00404E03 3B55FC
cmp edx, dword ptr [ebp-04]
:00404E06 7509
jne 00404E11
:00404E08 8B55FC
:00404E0B 8B12
:00404E0D 8910
:00404E0F EB06
jmp 00404E17
|:00404E06(C)
|
:00404E11 8B00
:00404E13 85C0
test eax, eax
:00404E15 75EA
jne 00404E01
|:00404DF6(U), :00404DFF(C), :00404E0F(U)
|
:00404E17 C3
ret
:00404E18 E95BE4FFFF
jmp 00403278
:00404E1D EBC2
jmp 00404DE1
:00404E1F 59
pop ecx
:00404E20 5D
pop ebp
:00404E21 C3
ret
:00404E22 8BC0
* Referenced
|:004035D6
|:00408B40
|:00408E3C
|:0040C207
|:0040CD09
|:0040E03B
|:0040E35A
|:0040E5C1
by a CALL at
, :004081CE
, :00408C4E
, :00408EBB
, :0040C48C
, :0040CD92
, :0040E11A
, :0040E42E
, :0040E7CE
mov eax, eax

Addresses:
, :004089BA
, :00408C5D
, :00408EDC
, :0040CAC6
, :0040CE05
, :0040E1BD
, :0040E450
, :0040E84A
,
,
,
,
,
,
,
,
:00408A99
:00408D19
:00409725
:0040CBA2
:0040D04F
:0040E1DF
:0040E522
:0040E992
,
,
,
,
,
,
,
,
:00408AC7
:00408D75
:00409743
:0040CC63
:0040D2B6
:0040E2E5
:0040E544
:0040E9D5
|:0040EBD4 , :0040ECE4
|:0040F7F6 , :00410189
|:00410DDD , :004112B0
|:00414F4F , :004151A7
|:00416802 , :00416826
|:00419375 , :0041A4CF
|:00422C75 , :0042303C
|:00428D2C , :0042ACAA
|:0042C0C2 , :0042E69A
|:0042F721 , :00430603
|:0043243E , :00436C7A
|:0043A430 , :0043A5D5
|:0043DD6F , :00440E1E
|
:00404E24 53
:00404E25 56
:00404E26 81C400FCFFFF
:00404E2C 8BF2
:00404E2E 8BD8
:00404E30 85DB
:00404E32 743D
:00404E34 817B0400000100
:00404E3B 7D2A
:00404E3D 6800040000
:00404E42 8D442404
:00404E46 50
:00404E47 8B4304
:00404E4A 50
:00404E4B 8B03
:00404E4D 8B00
:00404E4F E858FCFFFF
:00404E54 50
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040EE00
:004101FA
:0041191E
:004151EF
:0041684A
:0041A51B
:004234D7
:0042C070
:0042E931
:004313D7
:0043815C
:0043B790
:00440FDE
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040F34B
:00410731
:00411A30
:00415237
:0041686E
:0041A590
:00423824
:0042C081
:0042EB1C
:00431482
:00438DF2
:0043BEC8
:0044119B
,
,
,
,
,
,
,
,
,
,
,
,
:0040F393
:004107D4
:00411AE7
:0041527F
:00417C47
:0041A5DC
:0042637D
:0042C0B1
:0042F135
:00432246
:00439AE5
:0043BF85
push ebx
push esi
add esp, FFFFFC00
mov esi, edx
mov ebx, eax
test ebx, ebx
je 00404E71
cmp dword ptr [ebx+04], 00010000
jge 00404E67
push 00000400
push eax
push eax
call 00404AAC
push eax

|
:00404E55 E826C4FFFF
Call 00401280
:00404E5A 8BC8
mov ecx, eax
:00404E5C 8BD4
mov edx, esp
:00404E5E 8BC6
mov eax, esi
:00404E60 E837EAFFFF
call 0040389C
:00404E65 EB0A
jmp 00404E71
|:00404E3B(C)
|
:00404E67 8BC6
:00404E69 8B5304
:00404E6C E8FBEAFFFF
|:00404E32(C), :00404E65(U)
|
:00404E71 81C400040000
:00404E77 5E
:00404E78 5B
:00404E79 C3
:00404E7A 8BC0
mov eax, eax
mov eax, esi

call 0040396C
add esp, 00000400

pop esi
pop ebx
ret

|:00402D36 , :004040BC , :0041224E , :00425387 , :0042799B
|:004279E9 , :004292CE
|
:00404E7C 8B10
:00404E7E 85D2
test edx, edx
:00404E80 740E
je 00404E90
:00404E82 C70000000000
:00404E88 50
push eax
:00404E89 52
push edx
:00404E8A 8B02
:00404E8C FF5008
call [eax+08]
:00404E8F 58
pop eax
|:00404E80(C)
|
:00404E90 C3
ret
:00404E91 8D4000
|:00402D06 , :004041C4 , :004042CB
|:00427925 , :004279D4 , :004292B9
|
, :0040DDD9
, :0043C5E7
, :00427916

|:00402CAB(U)
|
:00404E94 8B08
:00404E96 8910
:00404E98 85D2
test edx, edx
:00404E9A 7408
je 00404EA4
:00404E9C 51
push ecx
:00404E9D 52
push edx
:00404E9E 8B02
:00404EA0 FF5004
call [eax+04]
:00404EA3 59
pop ecx
|:00404E9A(C)
|
:00404EA4 85C9
test ecx, ecx
:00404EA6 7406
je 00404EAE
:00404EA8 51
push ecx
:00404EA9 8B01
:00404EAB FF5008
call [eax+08]
|:00404EA6(C)
|
:00404EAE C3
ret
:00404EAF 90
nop
|:00412176
|
:00404EB0 85C0
test eax, eax
:00404EB2 7406
je 00404EBA
:00404EB4 50
push eax
:00404EB5 8B00
:00404EB7 FF5004
call [eax+04]
|:00404EB2(C)
|
:00404EBA C3
:00404EBB 90
:00404EBC 83780400
:00404EC0 7407
:00404EC2 B002
:00404EC4 E857D8FFFF

ret
nop
je 00404EC9
mov al, 02
call 00402720

|:00404EC0(C)
|
:00404EC9 C3
ret
:00404ECA 8BC0
mov eax, eax
|:0040112E(U), :0040BC77(U), :00420269(U)
|
:00404ECC 55
push ebp
:00404ECD 8BEC
mov ebp, esp
:00404ECF 53
push ebx
:00404ED0 8B5D08
:00404ED3 8B4D10
mov ecx, dword ptr [ebp+10]
:00404ED6 8B550C
mov edx, dword ptr [ebp+0C]
:00404ED9 8BC3
mov eax, ebx
:00404EDB E8D4DDFFFF
call 00402CB4
:00404EE0 84C0
test al, al
:00404EE2 7404
je 00404EE8
:00404EE4 33C0
xor eax, eax
:00404EE6 EB05
jmp 00404EED
|:00404EE2(C)
|
:00404EE8 B802400080
mov eax, 80004002
|:00404EE6(U)
|
:00404EED 5B
pop ebx
:00404EEE 5D
pop ebp
:00404EEF C20C00
ret 000C
:00404EF2 8BC0
mov eax, eax

|:00401138(U), :0040BC81(U), :00420273(U)
|
:00404EF4 55
push ebp
:00404EF5 8BEC
mov ebp, esp
:00404EF7 8B4508
:00404EFA 83C004
add eax, 00000004
:00404EFD 50
push eax
* Reference To: kernel32.InterlockedIncrement, Ord:0000h
|
:00404EFE E8FDC3FFFF
:00404F03 5D
:00404F04 C20400
Call 00401300
pop ebp
ret 0004
:00404F07 90
nop

|:00401142(U), :0040BC8B(U), :0042027D(U)
|
:00404F08 55
push ebp
:00404F09 8BEC
mov ebp, esp
:00404F0B 53
push ebx
:00404F0C 56
push esi
:00404F0D 8B5D08
:00404F10 8D4304
:00404F13 50
push eax
* Reference To: kernel32.InterlockedDecrement, Ord:0000h
|
:00404F14 E8EFC3FFFF
Call 00401308
:00404F19 8BF0
mov esi, eax
:00404F1B 85F6
test esi, esi
:00404F1D 7509
jne 00404F28
:00404F1F B201
mov dl, 01
:00404F21 8BC3
mov eax, ebx
:00404F23 8B08
:00404F25 FF51FC
call [ecx-04]
|:00404F1D(C)
|
:00404F28 8BC6
mov eax, esi
:00404F2A 5E
pop esi
:00404F2B 5B
pop ebx
:00404F2C 5D
pop ebp
:00404F2D C20400
ret 0004

|:00405A74
|
* Reference To: kernel32.GetCurrentThreadId, Ord:0000h
|
:00404F30 FF25F0404400
:00404F36 8BC0
mov eax, eax
:00404F38 33D2
xor edx, edx
:00404F3A 895010
:00404F3D 89500C
:00404F40 52
push edx
:00404F41 8D5010
lea edx, dword ptr [eax+10]
:00404F44 52
push edx
:00404F45 FF7008
push [eax+08]
:00404F48 FF7014
push [eax+14]
:00404F4B FF30
|
:00404F4D E8B6C2FFFF
:00404F52 85C0
:00404F54 7403
Call 00401208
test eax, eax
je 00404F59

|:00404F61(C)
|
:00404F56 33C0
xor eax, eax
:00404F58 C3
ret

|:00404F54(C)
|
|
:00404F59 E8F2C2FFFF
Call 00401250
:00404F5E 83F86D
cmp eax, 0000006D
:00404F61 74F3
je 00404F56
:00404F63 C3
ret
:00404F64 33C0
:00404F66 C3
xor eax, eax

ret
:00404F67
:00404F68
:00404F6B
:00404F6D
:00404F6F
:00404F71
:00404F74
:00404F75
:00404F79
:00404F7A
:00404F7B
:00404F7E
push ecx
mov edx, dword ptr [eax+0C]
test edx, edx
jle 00404F89
xor ecx, ecx
mov dword ptr [eax+0C], ecx
push ecx
push ecx
push edx
push [eax+14]
51
8B500C
85D2
7E1A
33C9
89480C
51
8D4C2404
51
52
FF7014
FF30

|
:00404F80 E8A3C2FFFF
Call 00401228
:00404F85 85C0
test eax, eax
:00404F87 7404
je 00404F8D
|:00404F6D(C)
|
:00404F89 33C0
xor eax, eax
|:00404F92(U)
|
:00404F8B 59
pop ecx
:00404F8C C3
ret

|:00404F87(C)
|
|
:00404F8D E8BEC2FFFF
Call 00401250
:00404F92 EBF7
jmp 00404F8B
:00404F94 FF30
:00404F96 C74004B0D70000
mov [eax+04], 0000D7B0
|
:00404F9D E836C2FFFF
Call 004011D8
:00404FA2 48
dec eax
:00404FA3 7501
jne 00404FA6
:00404FA5 C3
ret

|:00404FA3(C)
|
|
:00404FA6 E8A5C2FFFF
Call 00401250
:00404FAB C3
ret
:00404FAC
:00404FAD
:00404FAF
:00404FB1
:00404FB4
:00404FB7
:00404FBA
:00404FBF
:00404FC1
:00404FC2
:00404FC4
:00404FC5
:00404FC7
56
8BF0
33C0
89460C
894610
8B4604
2DB1D70000
740B
48
7420
48
742E
E949010000
push esi
mov esi, eax
xor eax, eax
mov dword ptr [esi+0C], eax
mov dword ptr [esi+10], eax
sub eax, 0000D7B1
je 00404FCC
dec eax
je 00404FE4
dec eax
je 00404FF5
jmp 00405115
|:00404FBF(C)
|
:00404FCC B800000080
:00404FD1 BA01000000
:00404FD6 B903000000
:00404FDB C7461C384F4000
:00404FE2 EB27
|:00404FC2(C)
|
:00404FE4 B800000040
:00404FE9 BA01000000
:00404FEE B902000000
:00404FF3 EB0F
mov
mov
mov
mov
jmp
mov
mov
mov
jmp
eax, 80000000
edx, 00000001
ecx, 00000003
[esi+1C], 00404F38
0040500B
eax, 40000000
edx, 00000001
ecx, 00000002
00405004
|:00404FC5(C)
|
:00404FF5 B8000000C0
:00404FFA BA01000000
:00404FFF B903000000

mov eax, C0000000
mov edx, 00000001
mov ecx, 00000003

|:00404FF3(U)
|
:00405004 C7461C674F4000
mov [esi+1C], 00404F67
|:00404FE2(U)
|
:0040500B C74624944F4000
:00405012 C74620644F4000
:00405019 807E4800
:0040501D 0F84AE000000
:00405023 6A00
:00405025 6880000000
:0040502A 51
:0040502B 6A00
:0040502D 52
:0040502E 50
:0040502F 8D4648
:00405032 50

mov [esi+24], 00404F94
mov [esi+20], 00404F64
cmp byte ptr [esi+48], 00
je 004050D1
push 00000000
push 00000080
push ecx
push 00000000
push edx
push eax
push eax

|
:00405033 E8A8C1FFFF
Call 004011E0
:00405038 83F8FF
cmp eax, FFFFFFFF
:0040503B 0F84EB000000
je 0040512C
:00405041 8906
:00405043 817E04B3D70000
cmp dword ptr [esi+04], 0000D7B3
:0040504A 0F85A3000000
jne 004050F3
:00405050 FF4E04
dec [esi+04]
:00405053 6A00
push 00000000
:00405055 FF36
push dword ptr [esi]
* Reference To: kernel32.GetFileSize, Ord:0000h
|
:00405057 E894C1FFFF
Call 004011F0
:0040505C 40
inc eax
:0040505D 0F84C9000000
je 0040512C
:00405063 2D81000000
sub eax, 00000081
:00405068 7302
jnb 0040506C
:0040506A 33C0
xor eax, eax
|:00405068(C)
|
:0040506C 6A00
push 00000000
:0040506E 6A00
push 00000000
:00405070 50
push eax
:00405071 FF36
|
:00405073
:00405078
:00405079
:0040507F
:00405081
:00405083
:00405085
:00405086
:0040508B
:00405091
:00405092
E8A8C1FFFF
40
0F84AD000000
6A00
8BD4
6A00
52
6880000000
8D964C010000
52
FF36
Call 00401220
inc eax
je 0040512C
push 00000000
mov edx, esp
push 00000000
push edx
push 00000080
lea edx, dword ptr [esi+0000014C]
push edx

|
:00405094 E86FC1FFFF
Call 00401208
:00405099 5A
pop edx
:0040509A 48
dec eax
:0040509B 0F858B000000
jne 0040512C
:004050A1 33C0
xor eax, eax
|:004050B2(U)
|
:004050A3 3BC2
:004050A5 734C
:004050A7 80BC064C0100001A
:004050AF 7403
:004050B1 40
:004050B2 EBEF

cmp eax, edx
jnb 004050F3
cmp byte ptr [esi+eax+0000014C], 1A
je 004050B4
inc eax
jmp 004050A3

|:004050AF(C)
|
:004050B4 6A02
push 00000002
:004050B6 6A00
push 00000000
:004050B8 2BC2
sub eax, edx
:004050BA 50
push eax
:004050BB FF36
|
:004050BD E85EC1FFFF
Call 00401220
:004050C2 40
inc eax
:004050C3 7467
je 0040512C
:004050C5 FF36
|
:004050C7 E84CC1FFFF
Call 00401218
:004050CC 48
dec eax
:004050CD 755D
jne 0040512C
:004050CF EB22
jmp 004050F3
|:0040501D(C)
|
:004050D1 C74624644F4000
:004050D8 817E04B2D70000
:004050DF 7404
:004050E1 6AF6

mov [esi+24], 00404F64
je 004050E5
push FFFFFFF6
:004050E3 EB02
jmp 004050E7

|:004050DF(C)
|
:004050E5 6AF5
push FFFFFFF5
|:004050E3(U)
|
* Reference To: kernel32.GetStdHandle, Ord:0000h
|
:004050E7 E80CC1FFFF
Call 004011F8
:004050EC 83F8FF
cmp eax, FFFFFFFF
:004050EF 743B
je 0040512C
:004050F1 8906
|:0040504A(C), :004050A5(C), :004050CF(U)
|
:004050F3 817E04B1D70000
:004050FA 7417
je 00405113
:004050FC FF36
* Reference To: kernel32.GetFileType, Ord:0000h
|
:004050FE E8E5C0FFFF
Call 004011E8
:00405103 85C0
test eax, eax
:00405105 7410
je 00405117
:00405107 83F802
cmp eax, 00000002
:0040510A 7507
jne 00405113
:0040510C C74620674F4000
mov [esi+20], 00404F67
|:004050FA(C), :0040510A(C)
|
:00405113 33C0
xor eax, eax
|:00404FC7(U), :0040512A(U), :00405138(U)
|
:00405115 5E
pop esi
:00405116 C3
ret

|:00405105(C)
|
:00405117 FF36
|
:00405119 E8BAC0FFFF
Call 004011D8
:0040511E C74604B0D70000
mov [esi+04], 0000D7B0
:00405125 B869000000
mov eax, 00000069
:0040512A EBE9
jmp 00405115
|:0040503B(C), :0040505D(C), :00405079(C), :0040509B(C), :004050C3(C)

|:004050CD(C), :004050EF(C)
|
:0040512C C74604B0D70000
mov [esi+04], 0000D7B0
|
:00405133 E818C1FFFF
Call 00401250
:00405138 EBDB
jmp 00405115
|:00405A4C , :00405A5B
|
:0040513A 8D884C010000
lea ecx, dword ptr [eax+0000014C]
:00405140 894814
:00405143 33C9
xor ecx, ecx
:00405145 8908
:00405147 C74004B0D70000
mov [eax+04], 0000D7B0
:0040514E C7400880000000
mov [eax+08], 00000080
:00405155 89480C
:00405158 894810
:0040515B C74018AC4F4000
mov [eax+18], 00404FAC
:00405162 89481C
:00405165 894820
:00405168 894824
:0040516B 8D4048
:0040516E 85D2
test edx, edx
:00405170 741B
je 0040518D
:00405172 B582
mov ch, 82
|:0040518A(C)
|
:00405174 8A0A
:00405176 42
inc edx
:00405177 8808
:00405179 40
inc eax
:0040517A 84C9
test cl, cl
:0040517C 7411
je 0040518F
:0040517E 8A0A
:00405180 42
inc edx
:00405181 8808
:00405183 40
inc eax
:00405184 84C9
test cl, cl
:00405186 7407
je 0040518F
:00405188 FECD
dec ch
:0040518A 75E8
jne 00405174
:0040518C 48
dec eax
|:00405170(C)
|
:0040518D 8828
|:0040517C(C), :00405186(C)
|
:0040518F C3
:00405190 8B5004
:00405193 81FAB2D70000

ret
cmp edx, 0000D7B2
:00405199
:0040519B
:0040519E
:004051A0
7508
FF501C
85C0
750E
jne 004051A3
call [eax+1C]
test eax, eax
jne 004051B0

|:004051A9(C)
|
:004051A2 C3
ret
|:00405199(C)
|
:004051A3 81FAB1D70000
:004051A9 74F7
:004051AB B867000000

cmp edx, 0000D7B1
je 004051A2
mov eax, 00000067

|:004051A0(C)
|
:004051B0 E9CFD5FFFF
jmp 00402784
|:00405342(U)
|
:004051B5 8B5004
:004051B8 81FAB2D70000
:004051BE 7508
:004051C0 FF5020
:004051C3 85C0
:004051C5 750E

cmp edx, 0000D7B2
jne 004051C8
call [eax+20]
test eax, eax
jne 004051D5

|:004051CE(C)
|
:004051C7 C3
ret
|:004051BE(C)
|
:004051C8 81FAB1D70000
:004051CE 74F7
:004051D0 B867000000

cmp edx, 0000D7B1
je 004051C7
mov eax, 00000067

|:004051C5(C)
|
:004051D5 E9AAD5FFFF
jmp 00402784
:004051DA 8BC0
mov eax, eax
|:0040522E , :0040595A , :00405964
|
:004051DC 53
push ebx
:004051DD 8BD8
mov ebx, eax
:004051DF 8B5004
:004051E2 81EAB1D70000
sub edx, 0000D7B1
:004051E8 740E
je 004051F8
:004051EA 83FA02
cmp edx, 00000002
:004051ED 7719
ja 00405208
:004051EF
:004051F2
:004051F4
:004051F6
FF501C
85C0
750B
8BC3
call [eax+1C]
test eax, eax
jne 00405201
mov eax, ebx

|:004051E8(C)
|
:004051F8 FF5324
call [ebx+24]
:004051FB 85C0
test eax, eax
:004051FD 7502
jne 00405201
|:00405206(U), :0040520D(C)
|
:004051FF 5B
pop ebx
:00405200 C3
ret

|:004051F4(C), :004051FD(C), :00405214(U)
|
:00405201 E87ED5FFFF
call 00402784
:00405206 EBF7
jmp 004051FF
|:004051ED(C)
|
:00405208 3D4C304400
:0040520D 74F0
:0040520F B867000000
:00405214 EBEB
:00405216 8BC0

cmp eax, 0044304C
je 004051FF
mov eax, 00000067
jmp 00405201
mov eax, eax

|:00405258(U), :0040525F(U), :00405266(U)
|
:00405218 53
push ebx
:00405219 56
push esi
:0040521A 8BF0
mov esi, eax
:0040521C 8BDA
mov ebx, edx
:0040521E 8B5604
:00405221 81EAB0D70000
sub edx, 0000D7B0
:00405227 740A
je 00405233
:00405229 83FA03
cmp edx, 00000003
:0040522C 7719
ja 00405247
:0040522E E8A9FFFFFF
call 004051DC
|:00405227(C)
|
:00405233 8BC6
:00405235 895E04
:00405238 FF5618
:0040523B 85C0
:0040523D 7405
:0040523F E840D5FFFF

mov eax, esi
mov dword ptr [esi+04], ebx
call [esi+18]
test eax, eax
je 00405244
call 00402784
|:0040523D(C), :00405251(U)
|
:00405244 5E
:00405245 5B
:00405246 C3
|:0040522C(C)
|
:00405247 B866000000
:0040524C E833D5FFFF
:00405251 EBF1
:00405253 BAB1D70000
:00405258 EBBE
pop esi
pop ebx
ret

mov eax, 00000066
call 00402784
jmp 00405244
mov edx, 0000D7B1
jmp 00405218

|:004052AD , :00405377
|
:0040525A BAB2D70000
mov edx, 0000D7B2
:0040525F EBB7
jmp 00405218
:00405261 BAB3D70000
mov edx, 0000D7B3
:00405266 EBB0
jmp 00405218
|:004052E9 , :0040533D , :004053A9
|
|:00405302(C), :00405311(U), :0040532E(U), :004053D9(U)
|
:00405268 56
push esi
:00405269 57
push edi
:0040526A 8BF2
mov esi, edx
:0040526C 817804B2D70000
cmp dword ptr [eax+04], 0000D7B2
:00405273 752E
jne 004052A3
|:00405299(U), :004052BC(C)
|
:00405275 8B7814
:00405278 03780C
:0040527B 8B5008
:0040527E 2B500C
:00405281 3BD1
:00405283 7F16
:00405285 01500C
:00405288 2BCA
:0040528A 50
:0040528B 51
:0040528C 8BCA
:0040528E F3
:0040528F A4
:00405290 FF501C
:00405293 85C0
:00405295 7533
:00405297 59
:00405298 58
:00405299 EBDA

add edi, dword ptr [eax+0C]
sub edx, dword ptr [eax+0C]
cmp edx, ecx
jg 0040529B
add dword ptr [eax+0C], edx
sub ecx, edx
push eax
push ecx
mov ecx, edx
repz
movsb
call [eax+1C]
test eax, eax
jne 004052CA
pop ecx
pop eax
jmp 00405275

|:00405283(C)
|
:0040529B 01480C
add dword ptr [eax+0C], ecx
:0040529E F3
repz
:0040529F A4
movsb
|:004052C8(U), :004052D1(U)
|
:004052A0 5F
:004052A1 5E
:004052A2 C3
|:00405273(C)
|
:004052A3 3D18324400
:004052A8 7514
:004052AA 51
:004052AB 52
:004052AC 50
:004052AD E8A8FFFFFF
:004052B2 58
:004052B3 5A
:004052B4 59
:004052B5 817804B2D70000
:004052BC 74B7
|:004052A8(C)
|
:004052BE B869000000
:004052C3 E8BCD4FFFF
:004052C8 EBD6
|:00405295(C)
|
:004052CA E8B5D4FFFF
:004052CF 59
:004052D0 58
:004052D1 EBCD
pop edi
pop esi
ret
cmp eax, 00443218

jne 004052BE
push ecx
push edx
push eax
call 0040525A
pop eax
pop edx
pop ecx
je 00405275
mov eax, 00000069

call 00402784
jmp 004052A0
call 00402784
pop ecx
pop eax
jmp 004052A0

|:00405323 , :0040539D , :004053CD
|
:004052D3 8BCA
mov ecx, edx
|:004052FE(U)
|
:004052D5 BA58204400
:004052DA 83F940
:004052DD 7E21
:004052DF 83E940
:004052E2 50

mov edx, 00442058
cmp ecx, 00000040
jle 00405300
sub ecx, 00000040
push eax
:004052E3
:004052E4
:004052E9
:004052EE
:004052F3
:004052FA
:004052FC
:004052FD
:004052FE
51
B940000000
E87AFFFFFF
E821080000
83B80400000000
750D
59
58
EBD5
|:004052DD(C)
|
:00405300 85C9
:00405302 0F8F60FFFFFF
:00405308 C3
push ecx
mov ecx, 00000040
call 00405268
call 00405B14
cmp dword ptr [eax+00000004], 00000000
jne 00405309
pop ecx
pop eax
jmp 004052D5
test ecx, ecx
jg 00405268
ret

|:004052FA(C)
|
:00405309 59
pop ecx
:0040530A 58
pop eax
:0040530B C3
ret
:0040530C
:0040530E
:00405310
:00405311
:00405316
:00405317
:00405319
:0040531B
:0040531D
:0040531F
:00405320
:00405321
:00405323
:00405328
:00405329
33C9
8A0A
42
E952FFFFFF
53
33DB
8A1A
2BCB
7E0B
50
52
8BD1
E8ABFFFFFF
5A
58
|:0040531D(C)
|
:0040532A 8BCB
:0040532C 5B
:0040532D 42
:0040532E E935FFFFFF
xor ecx, ecx

inc edx
jmp 00405268
push ebx
xor ebx, ebx
sub ecx, ebx
jle 0040532A
push eax
push edx
mov edx, ecx
call 004052D3
pop edx
pop eax
mov
pop
inc
jmp
ecx, ebx
ebx
edx
00405268

|:004036DD , :00408820
|
:00405333 BA98204400
mov edx, 00442098
:00405338 B902000000
mov ecx, 00000002
:0040533D E826FFFFFF
call 00405268
:00405342 E96EFEFFFF
jmp 004051B5
:00405347 817804B2D70000
:0040534E 751E
jne 0040536E
|:0040536C(U), :00405385(C)
|
:00405350 8B480C
:00405353 3B4808
:00405356 7D09
:00405358 034814
:0040535B 8811
:0040535D FF400C
:00405360 C3

mov
cmp
jge
add
mov
inc
ret
ecx, dword ptr [eax+0C]

ecx, dword ptr [eax+08]
00405361
byte ptr [ecx], dl
[eax+0C]

|:00405356(C)
|
:00405361 50
push eax
:00405362 52
push edx
:00405363 FF501C
call [eax+1C]
:00405366 85C0
test eax, eax
:00405368 7527
jne 00405391
:0040536A 5A
pop edx
:0040536B 58
pop eax
:0040536C EBE2
jmp 00405350
|:0040534E(C)
|
:0040536E 3D18324400
:00405373 7512
:00405375 52
:00405376 50
:00405377 E8DEFEFFFF
:0040537C 58
:0040537D 5A
:0040537E 817804B2D70000
:00405385 74C9

cmp eax, 00443218
jne 00405387
push edx
push eax
call 0040525A
pop eax
pop edx
je 00405350

|:00405373(C)
|
:00405387 B869000000
mov eax, 00000069
:0040538C E9F3D3FFFF
jmp 00402784
|:00405368(C)
|
:00405391 E8EED3FFFF
:00405396 5A
:00405397 58
:00405398 C3
:00405399
:0040539A
:0040539D
:004053A2
:004053A4
:004053A9
push edx
lea edx, dword ptr [ecx-01]
call 004052D3
mov edx, esp
mov ecx, 00000001
call 00405268
52
8D51FF
E831FFFFFF
8BD4
B901000000
E8BAFEFFFF
call 00402784
pop edx
pop eax
ret
:004053AE 5A
:004053AF C3
pop edx
ret

|:004036D8 , :0040881B
|
:004053B0 33C9
xor ecx, ecx
:004053B2 EB00
jmp 004053B4
|:004053B2(U)
|
:004053B4 56
:004053B5 57
:004053B6 8BF0
:004053B8 51
:004053B9 8BFA
:004053BB 83C9FF
:004053BE B000
:004053C0 F2
:004053C1 AE
:004053C2 F7D1
:004053C4 49
:004053C5 8BFA
:004053C7 5A
:004053C8 2BD1
:004053CA 8BC6
:004053CC 51
:004053CD E801FFFFFF
:004053D2 59
:004053D3 8BC6
:004053D5 8BD7
:004053D7 5F
:004053D8 5E
:004053DE 8BC0

push esi
push edi
mov esi, eax
push ecx
mov edi, edx
or ecx, FFFFFFFF
mov al, 00
repnz
scasb
not ecx
dec ecx
mov edi, edx
pop edx
sub edx, ecx
mov eax, esi
push ecx
call 004052D3
pop ecx
mov eax, esi
mov edx, edi
pop edi
pop esi
jmp 00405268
mov eax, eax

|:0040A26F , :0040A468
|
:004053E0 85C0
test eax, eax
:004053E2 7C48
jl 0040542C
:004053E4 7445
je 0040542B
:004053E6 3D00140000
cmp eax, 00001400
:004053EB 0F8D7F000000
jnl 00405470
:004053F1 8BD0
mov edx, eax
:004053F3 83E21F
and edx, 0000001F
:004053F6 8D1492
lea edx, dword ptr [edx+4*edx]
:004053F9 DB2C5584544000
fld tbyte ptr [2*edx+00405484]
:00405400 DEC9
fmulp st(1), st(0)
:00405402 C1E805
shr eax, 05
:00405405 7424
je 0040542B
:00405407 8BD0
mov edx, eax
:00405409 83E20F
and edx, 0000000F
:0040540C 740C
je 0040541A
:0040540E 8D1492
:00405411 DB2C55BA554000
fld tbyte ptr [2*edx+004055BA]
:00405418 DEC9
fmulp st(1), st(0)
|:0040540C(C)
|
:0040541A C1E804
:0040541D 740C
:0040541F 8D0480
:00405422 DB2C4550564000
:00405429 DEC9

shr eax, 04
je 0040542B
fld tbyte ptr [2*eax+00405650]
fmulp st(1), st(0)

|:004053E4(C), :00405405(C), :0040541D(C), :00405449(C), :00405461(C)
|
:0040542B C3
ret
|:004053E2(C)
|
:0040542C F7D8
:0040542E 3D00140000
:00405433 7D42
:00405435 8BD0
:00405437 83E21F
:0040543A 8D1492
:0040543D DB2C5584544000
:00405444 DEF9
:00405446 C1E805
:00405449 74E0
:0040544B 8BD0
:0040544D 83E20F
:00405450 740C
:00405452 8D1492
:00405455 DB2C55BA554000
:0040545C DEF9
|:00405450(C)
|
:0040545E C1E804
:00405461 74C8
:00405463 8D0480
:00405466 DB2C4550564000
:0040546D DEF9
:0040546F C3
neg eax
cmp eax, 00001400
jge 00405477
mov edx, eax
and edx, 0000001F
fld tbyte ptr [2*edx+00405484]
fdivp st(1), st(0)
shr eax, 05
je 0040542B
mov edx, eax
and edx, 0000000F
je 0040545E
fld tbyte ptr [2*edx+004055BA]
fdivp st(1), st(0)
shr eax, 04
je 0040542B
fld tbyte ptr [2*eax+00405650]
fdivp st(1), st(0)
ret

|:004053EB(C)
|
:00405470 DB2D7A544000
fld tbyte ptr [0040547A]
:00405476 C3
ret

|:00405433(C)
|
:00405477 D9EE
fldz
:00405479 C3
ret
:0040547A 00000000000000
BYTE 7 DUP(0)
:00405481 80FF7F
:00405484 00000000000000
cmp bh, 7F
BYTE 7 DUP(0)
:0040548B 80FF3F
:0040548E 00000000000000
cmp bh, 3F
BYTE 7 DUP(0)
:00405495 A002400000
:0040549A 0000000000
mov al, byte ptr [00004002]

BYTE 5 DUP(0)
:0040549F C8054000
:004054A3 000000000000
enter 4005, 00
BYTE 6 DUP(0)
:004054A9 FA
:004054AA 084000
:004054AD 0000000000
cli
or byte ptr [eax+00], al
BYTE 5 DUP(0)
:004054B2
:004054B3
:004054B4
:004054B6
inc eax
pushfd
or al, 40
BYTE 6 DUP(0)
40
9C
0C40
000000000000
:004054BC 50
:004054BD C3
push eax
ret
:004054BE 0F4000
:004054C1 0000000000
cmovo eax, dword ptr [eax]

BYTE 5 DUP(0)
:004054C6 24F4
:004054C8 124000
:004054CB 00000000
and al, F4
adc al, byte ptr [eax+00]
BYTE 4 DUP(0)
:004054CF 80969816400000
:004054D6 000000
adc byte ptr [esi+00401698], 00

BYTE 3 DUP(0)
:004054D9 20BCBE19400000
:004054E0 000000
and byte ptr [esi+4*edi+00004019], bh

BYTE 3 DUP(0)
:004054E3 286BEE
:004054E6 1C40
:004054E8 0000000000
sub byte ptr [ebx-12], ch

sbb al, 40
BYTE 5 DUP(0)
:004054ED F9
:004054EE 029520400000
stc
add dl, byte ptr [ebp+00004020]
:004054F4
:004054F6
:004054F7
:004054F9
:004054FE
:00405500
:00405506
0000
40
B743
BA23400000
0000
10A5D4E82640
00000000

inc eax
mov bh, 43
mov edx, 00004023
adc byte ptr [ebp+4026E8D4], ah
BYTE 4 DUP(0)
:0040550A
:0040550C
:00405512
:00405518
:0040551D
:00405522
:00405525
:00405527
:00405529
:0040552A
:00405530
:00405532
2AE7
84912A400000
0080F420E6B5
2D40000000
A031A95FE3
304000
0000
04BF
C9
1B8E34400000
00C5
2E
sub ah, bh
test byte ptr [ecx+0000402A], dl
add byte ptr [eax+B5E620F4], al
sub eax, 00000040
mov al, byte ptr [E35FA931]
xor byte ptr [eax+00], al
add al, BF
leave
sbb ecx, dword ptr [esi+00004034]
add ch, al
BYTE 02eh
:00405533
:00405538
:0040553A
:0040553B
:0040553D
:00405540
:00405543
:00405545
:00405548
:00405552
:00405554
:00405555
:00405556
:0040555C
:0040555D
:00405561
:00405562
:00405563
:00405564
:00405567
:0040556A
:00405571
:00405576
BCA2B13740
0000
40
763A
6B0BDE
3A4000
00E8
890423
C78A3E40000062ACC5EB
78AD
41
40
00807A17B726
D7
D8444000
90
AC
6E
327886
874840
00B4570A3F1668
A94B4000A1
ED
mov esp, 4037B1A2

inc eax
jbe 00405577
imul ecx, dword ptr [ebx], FFFFFFDE
cmp al, byte ptr [eax+00]
add al, ch
mov dword ptr [ebx+0000403E], EBC5AC62
js 00405501
inc ecx
inc eax
add byte ptr [eax+26B7177A], al
xlat
fadd dword ptr [eax+2*eax]
nop
lodsb
outsb
xor bh, byte ptr [eax-7A]
xchg dword ptr [eax+40], ecx
add byte ptr [edi+2*edx+68163F0A], dh
test eax, A100404B
in ax, dx
|:0040553B(C)
|
:00405577 CC
:00405578 CE
:00405579 1BC2
:0040557B D34E40
:0040557E A084144061
:00405583 51
:00405584 59
:00405585 845240
:00405588 C8A51990
:0040558C B9A56FA555

int 03
into
sbb eax, edx
ror dword ptr [esi+40], cl
push ecx
pop ecx
test byte ptr [edx+40], dl
enter 19A5, 90
mov ecx, 55A56FA5
:00405591
:00405592
:00405594
:00405596
:00405597
:00405599
:0040559A
:0040559B
:0040559C
:0040559E
:0040559F
:004055A0
:004055A2
:004055A3
:004055AB
:004055AC
:004055B2
:004055B5
:004055B6
:004055B7
:004055B8
:004055BB
:004055C1
:004055C2
40
3A0F
20F4
27
8FCB
CE
58
40
8409
94
F8
7839
3F
815C40E50BB936D7
07
8FA15F40DF4E
6704CD
C9
F2
C9
624096
228145407C6F
FC
65
inc eax
cmp cl, byte ptr [edi]
and ah, dh
daa
pop ebx
into
pop eax
inc eax
test byte ptr [ecx], cl
xchg eax,esp
clc
js 004055DB
aas
sbb dword ptr [eax+2*eax-1B], D736B90B
pop es
pop dword ptr [ecx+4EDF405F]
add al, CD
leave
repnz
leave
bound eax, dword ptr [eax-6A]
and al, byte ptr [ecx+6F7C4045]
cld
BYTE 065h
:004055C3
:004055C4
:004055C5
:004055C7
:004055CD
:004055CE
:004055D0
40
9E
B570
2BA8ADC59D69
40
D5A6
CF
inc eax
sahf
mov ch, 70
sub ebp, dword ptr [eax+699DC5AD]
inc eax
aad (base=166)
iret
:004055D1
:004055D4
:004055D6
:004055D9
FF491F
78C2
D340A3
149B
dec [ecx+1F]
js 00405598
rol dword ptr [eax-5D], cl
adc al, 9B

|:004055A0(C)
|
:004055DB C516
lds edx, dword ptr [esi]
:004055DD AB
stosd
|:004055FC(C)
|
:004055DE B3EF
:004055E0 3D41E08CE9
:004055E5 80C947
:004055E8 BA93A841AA
:004055ED 17
:004055EE E67F
:004055F0 2BA116B61242
:004055F6 6B552739
:004055FA 8DF7
:004055FC 70E0
:004055FE 7C42

mov bl, EF
cmp eax, E98CE041
or cl, 47
mov edx, AA41A893
pop ss
out 7F, al
sub esp, dword ptr [ecx+4212B616]
imul edx, dword ptr [ebp+27], 00000039
lea esi, edi
jo 004055DE
jl 00405642
:00405600
:00405602
:00405604
:0040560A
:0040560C
:0040560D
:0040560E
:0040560F
:00405611
:00405612
:00405613
:00405614
:00405616
:00405618
:0040561A
:00405621
:00405622
:00405624
:0040562A
:0040562B
:0040562D
:0040562E
:0040562F
:00405630
:00405631
:00405632
:00405633
:00405634
:00405635
:00405636
:00405638
:0040563A
:0040563B
:0040563C
:0040563D
:0040563E
:00405640
:00405641
30C9
3CE3
FF96528AE742
8EDE
F9
9D
FB
EB7E
AA
51
43
8C2F
6A5C
19FC
26D2BB4376E3CC
F2
292F
84812644D20A
90
DB00
27
A4
9F
90
44
17
AA
F8
AE
10E3
C5C4
FA
44
59
9C
B0E9
07
9C
xor cl, cl
cmp al, E3
call dword ptr [esi+42E78A52]
mov ds, si
stc
popfd
sti
jmp 0040568F
stosb
push ecx
inc ebx
mov [edi], gs
push 0000005C
sbb esp, edi
sar byte ptr es:[ebx+CCE37643], cl
repnz
sub dword ptr [edi], ebp
test byte ptr [ecx+0AD24426], al
nop
fild dword ptr [eax]
daa
movsb
lahf
nop
inc esp
pop ss
stosb
clc
scasb
adc bl, ah
lds eax, esp
cli
inc esp
pop ecx
pushfd
mov al, E9
pop es
pushfd

|:004055FE(C)
|
:00405642 8AF2
mov dh, dl
:00405644 64
BYTE 064h
:00405645
:00405646
:00405648
:0040564A
:0040564C
:0040564E
45
D4F3
F7EB
E14A
7A95
CF
inc ebp
aam (base243)
imul ebx
loopz 00405696
jpe 004055E3
iret
:0040564F 45
:00405650 62A29507DCD8
:00405656 3E
inc ebp
bound esp, dword ptr [edx+D8DC0795]
BYTE 03eh
:00405657 B83946C791
mov eax, 91C74639
:0040565C
:0040565D
:0040565E
:0040565F
:00405664
:00405665
:00405667
:00405671
:00405673
:00405678
:0040567A
:0040567F
:00405680
:00405681
:00405682
:00405683
:00405684
:00405689
:0040568B
:0040568C
0E
A6
AE
A019E3A346
17
0C75
81867576C9484DE4A793
393B
35B8B2ED53
E55D
3DC55D3B8B
9E
92
5A
A6
F0
A120C054A5
8C37
61
8B5A8B
|:0040560F(U)
|
:0040568F D8255D89F9DB
:00405695 67F8
:00405697 F3
:00405698 27
:00405699 BFA2C85DDD
:0040569E 806E9B97
:004056A2 208A025260C4
:004056A8 2575F059D5
:004056AD 6E
:004056AE 6211
:004056B0 35
:004056B1 AE
:004056B2 CA
:004056B3 7B
push cs
cmpsb
scasb
mov al, byte ptr [46A3E319]
pop ss
or al, 75
add dword ptr [esi+48C97675], 93A7E44D
cmp dword ptr [ebx], edi
xor eax, 53EDB2B8
in ax, 5D
cmp eax, 8B3B5DC5
sahf
xchg eax,edx
pop edx
cmpsb
lock
mov eax, dword ptr [A554C020]
mov [edi], xx
popad
mov ebx, dword ptr [edx-75]
fsub dword ptr [DBF9895D]
clc
repz
daa
mov edi, DD5DC8A2
sub byte ptr [esi-65], 97
and byte ptr [edx+C4605202], cl
and eax, D559F075
outsb
bound edx, dword ptr [ecx]
BYTE 35h
BYTE aeh
BYTE cah
BYTE 7bh

|:0040788B , :004078A5
|
:004056B4 52
push edx
:004056B5 50
push eax
:004056B6 8B442410
:004056BA F72424
mul dword ptr [esp]
:004056BD 8BC8
mov ecx, eax
:004056BF 8B442404
:004056C3 F764240C
mul [esp+0C]
:004056C7 03C8
add ecx, eax
:004056C9 8B0424
:004056CC F764240C
mul [esp+0C]
:004056D0 03D1
add edx, ecx
:004056D2 59
pop ecx
:004056D3 59
pop ecx
:004056D4 C20800
ret 0008
:004056D7 52
push edx
:004056D8
:004056D9
:004056DD
:004056E0
:004056E2
:004056E6
:004056EA
:004056EC
:004056EF
:004056F3
:004056F5
:004056F6
:004056F7
50
8B442410
F72424
8BC8
8B442404
F764240C
03C8
8B0424
F764240C
03D1
59
59
C20800
push eax
mul dword ptr [esp]
mov ecx, eax
mul [esp+0C]
add ecx, eax
mul [esp+0C]
add edx, ecx
pop ecx
pop ecx
ret 0008

|:0040579A
|
:004056FA 55
push ebp
:004056FB 53
push ebx
:004056FC 56
push esi
:004056FD 57
push edi
:004056FE 33FF
xor edi, edi
:00405700 8B5C2414
:00405704 8B4C2418
:00405708 0BC9
or ecx, ecx
:0040570A 7508
jne 00405714
:0040570C 0BD2
or edx, edx
:0040570E 745C
je 0040576C
:00405710 0BDB
or ebx, ebx
:00405712 7458
je 0040576C
|:0040570A(C)
|
:00405714 0BD2
or edx, edx
:00405716 790A
jns 00405722
:00405718 F7DA
neg edx
:0040571A F7D8
neg eax
:0040571C 83DA00
sbb edx, 00000000
:0040571F 83CF01
or edi, 00000001
|:00405716(C)
|
:00405722 0BC9
or ecx, ecx
:00405724 790A
jns 00405730
:00405726 F7D9
neg ecx
:00405728 F7DB
neg ebx
:0040572A 83D900
sbb ecx, 00000000
:0040572D 83F701
xor edi, 00000001
|:00405724(C)
|
:00405730 8BE9
:00405732 B940000000
:00405737 57
:00405738 33FF

mov ebp, ecx
mov ecx, 00000040
push edi
xor edi, edi
:0040573A
:0040573C
:0040573E
:00405740
:00405742
:00405744
:00405746
:00405748
:0040574A
:0040574C
33F6
D1E0
D1D2
D1D6
D1D7
3BFD
720B
7704
3BF3
7205
xor esi, esi

shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb 00405753
ja 0040574E
cmp esi, ebx
jb 00405753

|:00405748(C)
|
:0040574E 2BF3
sub esi, ebx
:00405750 1BFD
sbb edi, ebp
:00405752 40
inc eax
|:00405746(C), :0040574C(C)
|
:00405753 E2E7
:00405755 5B
:00405756 F7C301000000
:0040575C 7407
:0040575E F7DA
:00405760 F7D8
:00405762 83DA00
|:0040575C(C), :00405770(U)
|
:00405765 5F
:00405766 5E
:00405767 5B
:00405768 5D
:00405769 C20800
|:0040570E(C), :00405712(C)
|
:0040576C F7F3
:0040576E 33D2
:00405770 EBF3
:00405772 56
:00405773 8B74240C
:00405777 23742408
:0040577B 83FEFF
:0040577E 7511
:00405780 8BF0
:00405782 0BF2
:00405784 81FE00000080
:0040578A 7505
:0040578C 8BC6
:0040578E 5E
:0040578F 48
:00405790 C3
loop 0040573C
pop ebx
test ebx, 00000001
je 00405765
neg edx
neg eax
sbb edx, 00000000
pop
pop
pop
pop
ret
edi
esi
ebx
ebp
0008
div ebx
xor edx, edx
jmp 00405765
push esi
mov esi, dword ptr [esp+0C]
and esi, dword ptr [esp+08]
cmp esi, FFFFFFFF
jne 00405791
mov esi, eax
or esi, edx
cmp esi, 80000000
jne 00405791
mov eax, esi
pop esi
dec eax
ret
|:0040577E(C), :0040578A(C)
|
:00405791 5E
:00405792 FF742408
:00405796 FF742408
:0040579A E85BFFFFFF
:0040579F 23C0
:004057A1 C20800

pop esi
push [esp+08]
push [esp+08]
call 004056FA
and eax, eax
ret 0008

|:00407DBE
|
:004057A4 55
push ebp
:004057A5 53
push ebx
:004057A6 56
push esi
:004057A7 57
push edi
:004057A8 8B5C2414
:004057AC 8B4C2418
:004057B0 0BC9
or ecx, ecx
:004057B2 7508
jne 004057BC
:004057B4 0BD2
or edx, edx
:004057B6 742F
je 004057E7
:004057B8 0BDB
or ebx, ebx
:004057BA 742B
je 004057E7
|:004057B2(C)
|
:004057BC 8BE9
:004057BE B940000000
:004057C3 33FF
:004057C5 33F6
:004057C7 D1E0
:004057C9 D1D2
:004057CB D1D6
:004057CD D1D7
:004057CF 3BFD
:004057D1 720B
:004057D3 7704
:004057D5 3BF3
:004057D7 7205

mov ebp, ecx
mov ecx, 00000040
xor edi, edi
xor esi, esi
shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb 004057DE
ja 004057D9
cmp esi, ebx
jb 004057DE

|:004057D3(C)
|
:004057D9 2BF3
sub esi, ebx
:004057DB 1BFD
sbb edi, ebp
:004057DD 40
inc eax
|:004057D1(C), :004057D7(C)
|
:004057DE E2E7
loop 004057C7
|:004057EB(U)
|
:004057E0 5F
:004057E1 5E
:004057E2 5B
:004057E3 5D
:004057E4 C20800
|:004057B6(C), :004057BA(C)
|
:004057E7 F7F3
:004057E9 33D2
:004057EB EBF3
pop
pop
pop
pop
ret
edi
esi
ebx
ebp
0008

div ebx
xor edx, edx
jmp 004057E0

|:0040588F
|
:004057ED 55
push ebp
:004057EE 53
push ebx
:004057EF 56
push esi
:004057F0 57
push edi
:004057F1 33FF
xor edi, edi
:004057F3 8B5C2414
:004057F7 8B4C2418
:004057FB 0BC9
or ecx, ecx
:004057FD 7508
jne 00405807
:004057FF 0BD2
or edx, edx
:00405801 745D
je 00405860
:00405803 0BDB
or ebx, ebx
:00405805 7459
je 00405860
|:004057FD(C)
|
:00405807 0BD2
or edx, edx
:00405809 790A
jns 00405815
:0040580B F7DA
neg edx
:0040580D F7D8
neg eax
:0040580F 83DA00
sbb edx, 00000000
:00405812 83CF01
or edi, 00000001
|:00405809(C)
|
:00405815 0BC9
or ecx, ecx
:00405817 7907
jns 00405820
:00405819 F7D9
neg ecx
:0040581B F7DB
neg ebx
:0040581D 83D900
sbb ecx, 00000000
|:00405817(C)
|
:00405820 8BE9
:00405822 B940000000
:00405827 57
:00405828 33FF

mov ebp, ecx
mov ecx, 00000040
push edi
xor edi, edi
:0040582A
:0040582C
:0040582E
:00405830
:00405832
:00405834
:00405836
:00405838
:0040583A
:0040583C
33F6
D1E0
D1D2
D1D6
D1D7
3BFD
720B
7704
3BF3
7205
xor esi, esi

shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb 00405843
ja 0040583E
cmp esi, ebx
jb 00405843

|:00405838(C)
|
:0040583E 2BF3
sub esi, ebx
:00405840 1BFD
sbb edi, ebp
:00405842 40
inc eax
|:00405836(C), :0040583C(C)
|
:00405843 E2E7
:00405845 8BC6
:00405847 8BD7
:00405849 5B
:0040584A F7C301000000
:00405850 7407
:00405852 F7DA
:00405854 F7D8
:00405856 83DA00
|:00405850(C), :00405865(U)
|
:00405859 5F
:0040585A 5E
:0040585B 5B
:0040585C 5D
:0040585D C20800
|:00405801(C), :00405805(C)
|
:00405860 F7F3
:00405862 92
:00405863 33D2
:00405865 EBF2
:00405867 56
:00405868 8B74240C
:0040586C 23742408
:00405870 83FEFF
:00405873 7511
:00405875 8BF0
:00405877 0BF2
:00405879 81FE00000080
:0040587F 7505
:00405881 8BC6
:00405883 5E
loop 0040582C
mov eax, esi
mov edx, edi
pop ebx
test ebx, 00000001
je 00405859
neg edx
neg eax
sbb edx, 00000000
pop
pop
pop
pop
ret
edi
esi
ebx
ebp
0008
div ebx
xchg eax,edx
xor edx, edx
jmp 00405859
push esi
mov esi, dword ptr [esp+0C]
and esi, dword ptr [esp+08]
cmp esi, FFFFFFFF
jne 00405886
mov esi, eax
or esi, edx
cmp esi, 80000000
jne 00405886
mov eax, esi
pop esi
:00405884 48
:00405885 C3
dec eax
ret
|:00405873(C), :0040587F(C)
|
:00405886 5E
:00405887 FF742408
:0040588B FF742408
:00405894 23C0
:00405896 C20800

pop esi
push [esp+08]
push [esp+08]
call 004057ED
and eax, eax
ret 0008

|:00407DA0
|
:00405899 55
push ebp
:0040589A 53
push ebx
:0040589B 56
push esi
:0040589C 57
push edi
:0040589D 8B5C2414
:004058A1 8B4C2418
:004058A5 0BC9
or ecx, ecx
:004058A7 7508
jne 004058B1
:004058A9 0BD2
or edx, edx
:004058AB 7433
je 004058E0
:004058AD 0BDB
or ebx, ebx
:004058AF 742F
je 004058E0
|:004058A7(C)
|
:004058B1 8BE9
:004058B3 B940000000
:004058B8 33FF
:004058BA 33F6
:004058BC D1E0
:004058BE D1D2
:004058C0 D1D6
:004058C2 D1D7
:004058C4 3BFD
:004058C6 720B
:004058C8 7704
:004058CA 3BF3
:004058CC 7205

mov ebp, ecx
mov ecx, 00000040
xor edi, edi
xor esi, esi
shl eax, 1
rcl edx, 1
rcl esi, 1
rcl edi, 1
cmp edi, ebp
jb 004058D3
ja 004058CE
cmp esi, ebx
jb 004058D3

|:004058C8(C)
|
:004058CE 2BF3
sub esi, ebx
:004058D0 1BFD
sbb edi, ebp
:004058D2 40
inc eax
|:004058C6(C), :004058CC(C)
|
:004058D3 E2E7
:004058D5 8BC6
:004058D7 8BD7
loop 004058BC
mov eax, esi
mov edx, edi

|:004058E5(U)
|
:004058D9 5F
pop edi
:004058DA 5E
pop esi
:004058DB 5B
pop ebx
:004058DC 5D
pop ebp
:004058DD C20800
ret 0008
|:004058AB(C), :004058AF(C)
|
:004058E0 F7F3
:004058E2 92
:004058E3 33D2
:004058E5 EBF2
:004058E7 80F920
:004058EA 7C11
:004058EC 80F940
:004058EF 7C05
:004058F1 33D2
:004058F3 33C0
:004058F5 C3

div ebx
xchg eax,edx
xor edx, edx
jmp 004058D9
cmp cl, 20
jl 004058FD
cmp cl, 40
jl 004058F6
xor edx, edx
xor eax, eax
ret

|:004058EF(C)
|
:004058F6 8BD0
mov edx, eax
:004058F8 D3E2
shl edx, cl
:004058FA 33C0
xor eax, eax
:004058FC C3
ret

|:004058EA(C)
|
:004058FD 0FA5C2
shld edx, eax, cl
:00405900 D3E0
shl eax, cl
:00405902 C3
ret
:00405903
:00405906
:00405908
:0040590B
:0040590D
:00405910
:00405912
80F920
7C11
80F940
7C06
C1FA1F
8BC2
C3
cmp cl, 20
jl 00405919
cmp cl, 40
jl 00405913
sar edx, 1F
mov eax, edx
ret

|:0040590B(C)
|
:00405913 8BC2
mov eax, edx
:00405915 99
cdq
:00405916 D3F8
sar eax, cl
:00405918 C3
ret

|:00405906(C)
|
:00405919 0FADD0
shrd eax, edx, cl
:0040591C D3FA
sar edx, cl
:0040591E C3
ret
:0040591F
:00405922
:00405924
:00405927
:00405929
:0040592B
:0040592D
80F920
7C11
80F940
7C05
33D2
33C0
C3
cmp cl, 20
jl 00405935
cmp cl, 40
jl 0040592E
xor edx, edx
xor eax, eax
ret

|:00405927(C)
|
:0040592E 8BC2
mov eax, edx
:00405930 33D2
xor edx, edx
:00405932 D3E8
shr eax, cl
:00405934 C3
ret

|:00405922(C)
|
:00405935 0FADD0
shrd eax, edx, cl
:00405938 D3EA
shr edx, cl
:0040593A C3
ret
:0040593B
:0040593C
:0040593D
:0040593F
:00405941
:00405942
:00405947
:0040594A
:0040594D
:00405953
:00405955
:0040595A
:0040595F
:00405964
90
55
8BEC
33C0
55
689A594000
64FF30
648920
FF0528344400
7537
B84C304400
E87DF8FFFF
B818324400
E873F8FFFF
nop
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0040599A
jne 0040598C
mov eax, 0044304C
call 004051DC
mov eax, 00443218
call 004051DC
:00405969
:0040596E
:00405973
:00405978
:0040597D
:00405982
:00405987
E856C1FFFF
B810344400
E8ACEEFFFF
B800344400
E8A2EEFFFF
B8F0334400
E898EEFFFF
call 00401AC4
mov eax, 00443410
call 00404824
mov eax, 00443400
call 00404824
mov eax, 004433F0
call 00404824
|:00405953(C)
|
:0040598C 33C0
:0040598E 5A
:0040598F 59
:00405990 59
:00405991 648910
:00405994 68A1594000
|:0040599F(U)
|
:00405999 C3
:0040599A E9D9D8FFFF
:0040599F EBF8
:004059A1 5D
:004059A2 C3
:004059A3
:004059A4
:004059A5
:004059A7
:004059A9
:004059AA
:004059AF
:004059B2
:004059B5
:004059BC
:004059C2
:004059C4
:004059C9
:004059CB
:004059D0
:004059D2
:004059D7
:004059DE
:004059E5
:004059EC
:004059F5
:004059FE
:00405A07
:00405A11
:00405A1B
:00405A25
:00405A2F
:00405A34
:00405A36
:00405A38
nop
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 00405A8C
sub dword ptr [00443428], 00000001
jnb 00405A7E
xor eax, eax
xor eax, eax
xor eax, eax
mov byte ptr [00443046], 02
mov byte ptr [00443047], 02
mov byte ptr [00443048], 03
mov word ptr [004433F0], 0000
mov word ptr [00443400], 0001
mov word ptr [00443410], 000A
mov dword ptr [00443418], 80020004
mov dword ptr [004433E4], 00404458
mov dword ptr [004433E8], 00404450
mov dword ptr [004433EC], 00404458
call 00402A68
test al, al
je 00405A3D
call 00402A98
90
55
8BEC
33C0
55
688C5A4000
64FF30
648920
832D2834440001
0F83BC000000
33C0
A334304400
33C0
A33C304400
33C0
A340304400
C6054630440002
C6054730440002
C6054830440003
66C705F03344000000
66C705003444000100
66C705103444000A00
C7051834440004000280
C705E433440058444000
C705E833440050444000
C705EC33440058444000
E834D0FFFF
84C0
7405
E85BD0FFFF
xor eax, eax

pop edx
pop ecx
pop ecx
push 004059A1
ret
jmp 00403278
jmp 00405999
pop ebp
ret
|:00405A36(C)
|
:00405A3D E81AD1FFFF
:00405A42 B84C304400
:00405A47 BA985A4000
:00405A4C E8E9F6FFFF
:00405A51 B818324400
:00405A56 BA985A4000
:00405A5B E8DAF6FFFF
call 00402B5C
mov eax, 0044304C
mov edx, 00405A98
call 0040513A
mov eax, 00443218
mov edx, 00405A98
call 0040513A
* Reference To: kernel32.GetCommandLineA, Ord:0000h

|
:00405A60 E8E3B7FFFF
Call 00401248
:00405A65 A32C304400
:00405A6A E8A1B8FFFF
call 00401310
:00405A6F A328304400
|
Call 00404F30
:00405A79 A320304400
|:004059BC(C)
|
:00405A7E 33C0
:00405A80 5A
:00405A81 59
:00405A82 59
:00405A83 648910
:00405A86 68935A4000
|:00405A91(U)
|
:00405A8B C3
:00405A8C E9E7D7FFFF
:00405A91 EBF8
:00405A93 5D
:00405A94 C3
:00405A95 00000000000000
BYTE 7 DUP(0)
xor eax, eax

pop edx
pop ecx
pop ecx
push 00405A93
ret
jmp 00403278
jmp 00405A8B
pop ebp
ret

|:00405B6F
|
|
:00405A9C FF25D4414400
Jmp dword ptr [004441D4]
:00405AA2 8BC0
mov eax, eax
|:00405BA7
|
* Reference To: kernel32.GetModuleHandleA, Ord:0000h
|
mov eax, eax
:00405AA4 FF25D0414400
:00405AAA 8BC0
|:00405AE8
|

|
:00405AAC FF25CC414400
Jmp dword ptr [004441CC]
:00405AB2 8BC0
mov eax, eax
|:00405B3B , :00405B4D
|
* Reference To: kernel32.TlsGetValue, Ord:0000h
|
:00405AB4 FF25C8414400
Jmp dword ptr [004441C8]
:00405ABA 8BC0
mov eax, eax
|:00405B06
|
* Reference To: kernel32.TlsSetValue, Ord:0000h
|
:00405ABC FF25C4414400
:00405AC2 8BC0
mov eax, eax
|:00405B2F
|
:00405AC4 53
push ebx
:00405AC5 B810000000
mov eax, 00000010
:00405ACA 85C0
test eax, eax
:00405ACC 7443
je 00405B11
:00405ACE 833DD034440000
cmp dword ptr [004434D0], 00000000
:00405AD5 7D0A
jge 00405AE1
:00405AD7 B8E2000000
mov eax, 000000E2
:00405ADC E8CBDCFFFF
call 004037AC
|:00405AD5(C)
|
:00405AE1 6810000000
push 00000010
:00405AE6 6A40
push 00000040
|
:00405AE8 E8BFFFFFFF
Call 00405AAC
:00405AED 8BD8
mov ebx, eax
:00405AEF 85DB
test ebx, ebx
:00405AF1 750C
jne 00405AFF
:00405AF3 B8E2000000
mov eax, 000000E2
:00405AF8 E8AFDCFFFF
call 004037AC
:00405AFD EB0C
jmp 00405B0B
|:00405AF1(C)
|
:00405AFF 53
:00405B00 A1D0344400
:00405B05 50
push ebx
mov eax, dword ptr [004434D0]
push eax
* Reference To: kernel32.TlsSetValue, Ord:0000h

|
:00405B06 E8B1FFFFFF
Call 00405ABC
|:00405AFD(U)
|
:00405B0B 891DE0344400
mov dword ptr [004434E0], ebx
|:00405ACC(C)
|
:00405B11 5B
pop ebx
:00405B12 C3
ret
:00405B13 90
|:00402714 , :00402739
|:004030F2 , :0040311F
|:00403320 , :004052EE
|:0040C818 , :0040C837
|:0040C88D , :0040C89F
|:0040C8DC , :0040C8EC
|:00410C3E , :00412406
|
:00405B14 8A0DCC344400
:00405B1A 8B05D0344400
:00405B20 84C9
:00405B22 7528
:00405B24 648B152C000000
:00405B2B 8B0482
:00405B2E C3
nop
Addresses:
, :00402767
, :00403228
, :0040C7E5
, :0040C846
, :0040C8AA
, :00410B6A
|:00405B54(C)
|
:00405B2F E890FFFFFF
:00405B34 8B05D0344400
:00405B3A 50
,
,
,
,
,
,
:00402785
:00403254
:0040C801
:0040C85C
:0040C8BA
:00410B78
,
,
,
,
,
,
:00402794
:004032D7
:0040C80C
:0040C87D
:0040C8CB
:00410BF4
mov cl, byte ptr [004434CC]

test cl, cl
jne 00405B4C
mov edx, dword ptr fs:[0000002C]
mov eax, dword ptr [edx+4*eax]
ret

call 00405AC4
push eax

|
:00405B3B E874FFFFFF
Call 00405AB4
:00405B40 85C0
test eax, eax
:00405B42 7401
je 00405B45
:00405B44 C3
ret
|:00405B42(C)
|
:00405B45 8B05E0344400
:00405B4B C3
mov eax, dword ptr [004434E0]

ret

|:00405B22(C)
|
:00405B4C 50
push eax
|
:00405B4D E862FFFFFF
Call 00405AB4
:00405B52 85C0
test eax, eax
:00405B54 74D9
je 00405B2F
:00405B56 C3
ret
:00405B57 90
nop

|:00405BC9
|
:00405B58 53
push ebx
:00405B59 81C4F8FEFFFF
add esp, FFFFFEF8
:00405B5F 6805010000
push 00000105
:00405B64 8D442404
:00405B68 50
push eax
:00405B69 A1D8344400
:00405B6E 50
push eax
|
:00405B6F E828FFFFFF
Call 00405A9C
:00405B74 8BC4
mov eax, esp
:00405B76 E855EFFFFF
call 00404AD0
:00405B7B 8BD8
mov ebx, eax
:00405B7D 891DAC204400
mov dword ptr [004420AC], ebx
:00405B83 85DB
test ebx, ebx
:00405B85 750A
jne 00405B91
:00405B87 A1A0204400
:00405B8C A3AC204400
|:00405B85(C)
|
:00405B91 B89C204400
:00405B96 E809F2FFFF
:00405B9B 81C408010000
:00405BA1 5B
:00405BA2 C3
:00405BA3 90
nop

|:004419CF
|
mov eax, 0044209C

call 00404DA4
add esp, 00000108
pop ebx
ret
:00405BA4 50
:00405BA5 6A00
push eax
push 00000000

|
:00405BA7 E8F8FEFFFF
Call 00405AA4
:00405BAC BA9C204400
mov edx, 0044209C
:00405BB1 52
push edx
:00405BB2 8905D8344400
mov dword ptr [004434D8], eax
:00405BB8 894204
:00405BBB C7420800000000
mov [edx+08], 00000000
:00405BC2 C7420C00000000
mov [edx+0C], 00000000
:00405BC9 E88AFFFFFF
call 00405B58
:00405BCE 5A
pop edx
:00405BCF 58
pop eax
:00405BD0 E8C3D9FFFF
call 00403598
:00405BD5 C3
ret
:00405BD6
:00405BD8
:00405BD9
:00405BDB
:00405BDD
:00405BDE
:00405BE3
:00405BE6
:00405BE9
:00405BEF
:00405BF1
:00405BF2
:00405BF3
:00405BF4
:00405BF7
8BC0
55
8BEC
33C0
55
68FD5B4000
64FF30
648920
FF05DC344400
33C0
5A
59
59
648910
68045C4000
mov eax, eax

push ebp
mov ebp, esp
xor eax, eax
push ebp
push 00405BFD
inc dword ptr [004434DC]
xor eax, eax
pop edx
pop ecx
pop ecx
push 00405C04
|:00405C02(U)
|
:00405BFC C3
:00405BFD E976D6FFFF
:00405C02 EBF8
:00405C04 5D
:00405C05 C3
:00405C06 8BC0
:00405C08 832DDC34440001
:00405C0F C3
mov eax, eax

sub dword ptr [004434DC], 00000001
ret
ret
jmp 00403278
jmp 00405BFC
pop ebp
ret

|:0043D169
|
|
:00405C10 FF25E4414400
Jmp dword ptr [004441E4]
:00405C16 8BC0
mov eax, eax

|:0043D0C6
|
|
:00405C18 FF25E0414400
:00405C1E 8BC0
mov eax, eax
|:0043D100
|
|
:00405C20 FF25DC414400
Jmp dword ptr [004441DC]
:00405C26 8BC0
mov eax, eax
|:00407741 , :004098BA , :00418117
|
, :0043D9D3
, :0043FEEE

|
:00405C28 FF25BC424400
:00405C2E 8BC0
mov eax, eax
|:004075A1 , :004075C0 , :00409205
|
* Reference To: kernel32.CompareStringA, Ord:0000h
|
:00405C30 FF25B8424400
:00405C36 8BC0
mov eax, eax
|:0040985C , :0043D953
|
* Reference To: kernel32.CreateEventA, Ord:0000h
|
:00405C38 FF25B4424400
:00405C3E 8BC0
mov eax, eax
|:004076AE , :004076D5
|
|
:00405C40 FF25B0424400
:00405C46 8BC0
mov eax, eax
|:0043D977
|
* Reference To: kernel32.CreateThread, Ord:0000h
|
:00405C48 FF25AC424400
:00405C4E 8BC0

mov eax, eax

|:004098C3 , :0040CF14 , :004133F3
|:0041AABA , :0041AAC4
|
, :004149DC
, :0041A7A6

|
:00405C50 FF25A8424400
:00405C56 8BC0
mov eax, eax
|:0040991B , :0040CF9B , :0041340C
|:00414BC2 , :00414D08 , :00414D69
|:0041A7C0
|
, :00413B54
, :00418BFB
, :00414BAC
, :004194B7

|
:00405C58 FF25A4424400
:00405C5E 8BC0
mov eax, eax
|:004083CF , :004083E2
|
* Reference To: kernel32.EnumCalendarInfoA, Ord:0000h
|
:00405C60 FF25A0424400
:00405C66 8BC0
mov eax, eax
|:0040C780 , :0040ED57
|
* Reference To: kernel32.FindResourceA, Ord:0000h
|
:00405C68 FF259C424400
:00405C6E 8BC0
mov eax, eax
|:004080FF , :004152FE
|
* Reference To: kernel32.FormatMessageA, Ord:0000h
|
:00405C70 FF2598424400
:00405C76 8BC0
mov eax, eax
|:0042D468 , :004367C9 , :004368C6
|
, :0043DC23

|
:00405C78 FF2594424400
:00405C7E 8BC0
mov eax, eax

|:0040EDC3
|
* Reference To: kernel32.FreeResource, Ord:0000h
|
:00405C80 FF2590424400
:00405C86 8BC0
mov eax, eax
|:00409319
|
* Reference To: kernel32.GetCPInfo, Ord:0000h
|
:00405C88 FF258C424400
:00405C8E 8BC0
mov eax, eax
|:0042D475
|
* Reference To: kernel32.GetCurrentProcessId, Ord:0000h
|
:00405C90 FF2588424400
:00405C96 8BC0
mov eax, eax
|:00409926 , :00420F54 , :0042D4B3
|:004365EC , :0043D291 , :0043D87C
|:0044137F
|
, :00436457
, :0043D928
, :00436572
, :0043D9B3

|
:00405C98 FF2584424400
:00405C9E 8BC0
mov eax, eax
|:00407869
|
* Reference To: kernel32.GetDiskFreeSpaceA, Ord:0000h
|
:00405CA0 FF2580424400
:00405CA6 8BC0
mov eax, eax
|:004096F1 , :004152D8 , :004197CB
|
, :0041985C
, :0043E586

|
:00405CA8 FF257C424400
:00405CAE 8BC0
mov eax, eax
|:0040814A , :0040818B
|

|
:00405CB0 FF2578424400
:00405CB6 8BC0
mov eax, eax
|:004086A9 , :004086C6 , :00408C91
|
, :0043DB48

|
:00405CB8 FF2574424400
:00405CBE 8BC0
mov eax, eax
|:004097DA , :0041B5F3 , :0042D0C9
|
|
:00405CC0 FF2570424400
:00405CC6 8BC0
mov eax, eax
* Referenced
|:004097EB
|:0041B638
|:0041B6CC
|:0042D114
|:0042D17D
|:004366E4
|:00436763
|:0043E55D
|
by a CALL at
, :0041AD7C
, :0041B648
, :0041B6ED
, :0042D129
, :0042D192
, :0043670F
, :00436778
Addresses:
, :0041B608
, :0041B669
, :0041B70E
, :0042D13E
, :0042D1A7
, :00436724
, :0043678D
,
,
,
,
,
,
,
:0041B618
:0041B68A
:0041B72F
:0042D153
:0042D1BC
:00436739
:004367A2
,
,
,
,
,
,
,
:0041B628
:0041B6AB
:0042D0D6
:0042D168
:0042D1D1
:0043674E
:004367B7
* Reference To: kernel32.GetProcAddress, Ord:0000h

|
:00405CC8 FF256C424400
:00405CCE 8BC0
mov eax, eax
|:00415858
|
* Reference To: kernel32.GetSystemInfo, Ord:0000h
|
:00405CD0 FF2568424400
:00405CD6 8BC0
mov eax, eax
|:004081F8 , :00408394 , :004083C4
|:004092CF , :00409391
|
, :004083D7
, :0040843E

|
:00405CD8 FF2564424400
:00405CDE 8BC0
mov eax, eax
|:004064AC
|
* Reference To: kernel32.GetTickCount, Ord:0000h
|
:00405CE0 FF2560424400
:00405CE6 8BC0
mov eax, eax
|:0042D5DD , :00431034 , :00436686
|
, :0043CC12
* Reference To: kernel32.GetVersion, Ord:0000h

|
:00405CE8 FF255C424400
:00405CEE 8BC0
mov eax, eax
|:00408FDE
|
* Reference To: kernel32.GetVersionExA, Ord:0000h
|
:00405CF0 FF2558424400
:00405CF6 8BC0
mov eax, eax
|:0042D496 , :0042D4D4 , :004413A0
|
* Reference To: kernel32.GlobalAddAtomA, Ord:0000h
|
:00405CF8 FF2554424400
:00405CFE 8BC0
mov eax, eax
|:004064BA
|
* Reference To: kernel32.GlobalAlloc, Ord:0000h
|
:00405D00 FF2550424400
:00405D06 8BC0
mov eax, eax
|:0042D448 , :0042D454 , :004414CA
|
* Reference To: kernel32.GlobalDeleteAtom, Ord:0000h
|
:00405D08 FF254C424400
:00405D0E 8BC0
mov eax, eax
|:004064F1
|
* Reference To: kernel32.GlobalFree, Ord:0000h
|
:00405D10 FF2548424400
:00405D16 8BC0
mov eax, eax

|:004064C0 , :004064DD
|
* Reference To: kernel32.GlobalLock, Ord:0000h
|
:00405D18 FF2544424400
:00405D1E 8BC0
mov eax, eax
|:004064CB , :004064E5
|
* Reference To: kernel32.GlobalHandle, Ord:0000h
|
:00405D20 FF2540424400
:00405D26 8BC0
mov eax, eax
|:004064D7
|
* Reference To: kernel32.GlobalReAlloc, Ord:0000h
|
:00405D28 FF253C424400
:00405D2E 8BC0
mov eax, eax
|:004064D2 , :004064EC
|
* Reference To: kernel32.GlobalUnlock, Ord:0000h
|
:00405D30 FF2538424400
:00405D36 8BC0
mov eax, eax
|:0040984F , :0040CE87 , :004133C2
|:0041AB23 , :0041AB2D
|
, :004148FC
, :0041A76E

|
:00405D38 FF2534424400
:00405D3E 8BC0
mov eax, eax
|:0040997C , :0040CFFC , :00413418
|:00414D42 , :00414D5F , :00414D76
|:0041A7CC
|
, :00413B64
, :00418C80
, :00414BB9
, :004194F5

|
:00405D40 FF2530424400
:00405D46 8BC0
mov eax, eax
|:0042D0F2 , :004366AE , :0043E532
|
* Reference To: kernel32.LoadLibraryA, Ord:0000h
|
:00405D48 FF252C424400
:00405D4E 8BC0
mov eax, eax
|:0040ED71
|
* Reference To: kernel32.LoadResource, Ord:0000h
|
:00405D50 FF2528424400
:00405D56 8BC0
mov eax, eax
|:0040ED95
|
* Reference To: kernel32.LockResource, Ord:0000h
|
:00405D58 FF2524424400
:00405D5E 8BC0
mov eax, eax
* Referenced
|:00414251
|:004173F7
|:004178AD
|:0041A6D4
|:00422E97
|:00438709
|:00438A0A
|:00440DC7
|
by a CALL at
, :00414269
, :0041764B
, :004178C9
, :00422E01
, :00422EAB
, :00438781
, :00440D90
, :00440E6D
Addresses:
, :004172F1
, :00417668
, :00417B1E
, :00422E1B
, :00422EE6
, :004387B0
, :00440DA0
, :00440E7D
,
,
,
,
,
,
,
:00417307
:004177BD
:00417B35
:00422E49
:00437D51
:004389DE
:00440DAD
,
,
,
,
,
,
,
:004173E1
:004177D9
:0041A695
:00422E5F
:00437D71
:004389EF
:00440DBA
* Reference To: kernel32.MulDiv, Ord:0000h

|
:00405D60 FF2520424400
:00405D66 8BC0
mov eax, eax
|:004076F0
|
|
:00405D68 FF251C424400
:00405D6E 8BC0
mov eax, eax
|:0040E925
|
|
:00405D70 FF2518424400
:00405D76 8BC0
mov eax, eax
|:0042D0A5
|
, :0042D1EC
, :004366A2
, :004366BC
* Reference To: kernel32.SetErrorMode, Ord:0000h

|
:00405D78 FF2514424400
:00405D7E 8BC0
mov eax, eax
|:0043D9AE
|
* Reference To: kernel32.SetEvent, Ord:0000h
|
:00405D80 FF2510424400
:00405D86 8BC0
mov eax, eax
|:00407739
|
|
:00405D88 FF250C424400
:00405D8E 8BC0
mov eax, eax
|:0043E094
|
* Reference To: kernel32.SetThreadLocale, Ord:0000h
|
:00405D90 FF2508424400
:00405D96 8BC0
mov eax, eax
|:0040ED8B
|
* Reference To: kernel32.SizeofResource, Ord:0000h
|
:00405D98 FF2504424400
:00405D9E 8BC0
mov eax, eax
|:004371DB
|
* Reference To: kernel32.Sleep, Ord:0000h
|
:00405DA0 FF2500424400
:00405DA6 8BC0
mov eax, eax
|:00436912
|
|
:00405DA8 FF25FC414400
:00405DAE 8BC0
mov eax, eax

|:00408685 , :00408C6F , :0040C592
|
, :0040C5D4

|
:00405DB0 FF25F8414400
:00405DB6 8BC0
mov eax, eax
|:0040993F , :0043D8B9 , :0043D9C8
|
* Reference To: kernel32.WaitForSingleObject, Ord:0000h
|
:00405DB8 FF25F4414400
:00405DBE 8BC0
mov eax, eax
|:0040771C
|
|
:00405DC0 FF25F0414400
:00405DC6 8BC0
mov eax, eax
|:0041B0C1 , :0041B199 , :0041B271
|
|
:00405DC8 FF25EC414400
Jmp dword ptr [004441EC]
:00405DCE 8BC0
mov eax, eax
|:004187BE , :00418A8E , :00427127
|
, :0042ED27
, :0042ED73
* Reference To: gdi32.BitBlt, Ord:0000h

|
:00405DD0 FF25CC434400
:00405DD6 8BC0
mov eax, eax
|:00417976 , :00417C61 , :00417CF7
|
* Reference To: gdi32.CopyEnhMetaFileA, Ord:0000h
|
:00405DD8 FF25C8434400
:00405DDE 8BC0
mov eax, eax
|:004153C8 , :0041837A , :0041899D
|
* Reference To: gdi32.CreateBitmap, Ord:0000h

|
:00405DE0 FF25C4434400
:00405DE6 8BC0
mov eax, eax
|:0041486A
|
* Reference To: gdi32.CreateBrushIndirect, Ord:0000h
|
:00405DE8 FF25C0434400
:00405DEE 8BC0
mov eax, eax
|:00415401 , :00415547 , :00415606
|:00427087 , :0042E75E
|
, :0041839E
, :00419750
* Reference To: gdi32.CreateCompatibleBitmap, Ord:0000h

|
:00405DF0 FF25BC434400
:00405DF6 8BC0
mov eax, eax
* Referenced
|:00415387
|:00418029
|:004189E7
|
by a CALL at
, :00415391
, :004181CE
, :00418EF5
Addresses:
, :004155E5
, :0041832E
, :0041973B
, :00415A69
, :00418714
, :00427099
, :00416142
, :00418982
* Reference To: gdi32.CreateCompatibleDC, Ord:0000h

|
:00405DF8 FF25B8434400
:00405DFE 8BC0
mov eax, eax
|:00418526 , :00419848 , :0042F868
|
, :0042F924
* Reference To: gdi32.CreateDIBSection, Ord:0000h

|
:00405E00 FF25B4434400
:00405E06 8BC0
mov eax, eax
|:00415BED , :00415CA4 , :004197BD
|
* Reference To: gdi32.CreateDIBitmap, Ord:0000h
|
:00405E08 FF25B0434400
:00405E0E 8BC0
mov eax, eax
|:00414114 , :0042A158 , :004336A4
|:00440C22
|
, :00438ED8
* Reference To: gdi32.CreateFontIndirectA, Ord:0000h

|
, :0043D2FF
:00405E10 FF25AC434400
:00405E16 8BC0

mov eax, eax

|:00419325
|
* Reference To: gdi32.CreateHalftonePalette, Ord:0000h
|
:00405E18 FF25A8434400
:00405E1E 8BC0
mov eax, eax
|:004159AB , :00415ADE , :00417380
|
, :0041890B
* Reference To: gdi32.CreatePalette, Ord:0000h

|
:00405E20 FF25A4434400
:00405E26 8BC0
mov eax, eax
|:00414533
|
* Reference To: gdi32.CreatePenIndirect, Ord:0000h
|
:00405E28 FF25A0434400
:00405E2E 8BC0
mov eax, eax
|:00438F93 , :00438FB3 , :00439036
|
* Reference To: gdi32.CreateRectRgn, Ord:0000h
|
:00405E30 FF259C434400
:00405E36 8BC0
mov eax, eax
|:00426F76 , :00426FC3
|
* Reference To: gdi32.CreateSolidBrush, Ord:0000h
|
:00405E38 FF2598434400
:00405E3E 8BC0
mov eax, eax
* Referenced
|:004154AF
|:00417FA0
|:00418B04
|
by a CALL at
, :004154B8
, :00418222
, :00418F78
Addresses:
, :0041577E
, :004187F5
, :00419821
, :00415A98
, :00418881
, :0042715B
, :004161B7
, :00418ACD
* Reference To: gdi32.DeleteDC, Ord:0000h

|
:00405E40 FF2594434400
:00405E46 8BC0
mov eax, eax
|:004170DB
|
* Reference To: gdi32.DeleteEnhMetaFile, Ord:0000h
|
:00405E48 FF2590434400
:00405E4E 8BC0
mov eax, eax
* Referenced
|:0041332D
|:00415C28
|:004163DC
|:00418AB7
|:0041989F
|:00427000
|:0043F9B7
|
by a CALL at
, :004135A3
, :00415CE2
, :004180FF
, :00418D64
, :00419D4E
, :00427164
, :0043F9C4
Addresses:
, :004136D1
, :00415F2D
, :00418150
, :00419031
, :0041A095
, :0042E9AD
,
,
,
,
,
,
:004155D1
:00415F36
:00418165
:0041924F
:0041AAB0
:0042E9ED
,
,
,
,
,
,
:00415753
:004163D3
:00418861
:00419760
:00426FB3
:00439067
* Reference To: gdi32.DeleteObject, Ord:0000h

|
:00405E50 FF258C434400
:00405E56 8BC0
mov eax, eax
|:0043CC4A
|
* Reference To: gdi32.EnumFontFamiliesExA, Ord:0000h
|
:00405E58 FF2588434400
:00405E5E 8BC0
mov eax, eax
|:0043CC63
|
* Reference To: gdi32.EnumFontsA, Ord:0000h
|
:00405E60 FF2584434400
:00405E66 8BC0
mov eax, eax
|:00426D4C , :00429DF1
|
* Reference To: gdi32.ExcludeClipRect, Ord:0000h
|
:00405E68 FF2580434400
:00405E6E 8BC0
mov eax, eax
|:00415F16 , :00415F24
|
* Reference To: gdi32.GetBitmapBits, Ord:0000h
|
:00405E70 FF257C434400
:00405E76 8BC0
mov eax, eax
|:00418E52
|
* Reference To: gdi32.GetBrushOrgEx, Ord:0000h
|
:00405E78 FF2578434400
:00405E7E 8BC0
mov eax, eax
|:0041B31F
|
* Reference To: gdi32.GetClipBox, Ord:0000h
|
:00405E80 FF2574434400
:00405E86 8BC0
mov eax, eax
|:00414DC0
|
* Reference To: gdi32.GetCurrentPositionEx, Ord:0000h
|
:00405E88 FF2570434400
:00405E8E 8BC0
mov eax, eax
|:0041B32C
|
* Reference To: gdi32.GetDCOrgEx, Ord:0000h
|
:00405E90 FF256C434400
:00405E96 8BC0
mov eax, eax
|:00415A86 , :00418498 , :00419EC8
|
* Reference To: gdi32.GetDIBColorTable, Ord:0000h
|
:00405E98 FF2568434400
:00405E9E 8BC0
mov eax, eax
|:00416186 , :004184C3 , :00418587
|
* Reference To: gdi32.GetDIBits, Ord:0000h
|
:00405EA0 FF2564434400
:00405EA6 8BC0
mov eax, eax
|:004158EA , :004159EC , :00415D9D
|:00418E1E , :004192F7 , :00419301
|
, :00415DAA
, :0041A619
* Reference To: gdi32.GetDeviceCaps, Ord:0000h

|
, :00418E0F
, :0043CC7B
:00405EA8 FF2560434400
:00405EAE 8BC0

mov eax, eax

|:00417A63 , :00417A93
|
* Reference To: gdi32.GetEnhMetaFileBits, Ord:0000h
|
:00405EB0 FF255C434400
:00405EB6 8BC0
mov eax, eax
|:004172DD , :004173CD , :004177AC
|
, :0041789C
, :00417C73
* Reference To: gdi32.GetEnhMetaFileHeader, Ord:0000h

|
:00405EB8 FF2558434400
:00405EBE 8BC0
mov eax, eax
|:0041733C , :00417378
|
* Reference To: gdi32.GetEnhMetaFilePaletteEntries, Ord:0000h
|
:00405EC0 FF2554434400
:00405EC6 8BC0
mov eax, eax
* Referenced
|:00413D66
|:00416004
|:004191BE
|
by a CALL at
, :004153B1
, :0041830C
, :0041939F
Addresses:
, :00415B0B
, :004188A1
, :00419936
, :00415EB6
, :004188D5
, :00419A22
, :00415EC5
, :00418943
* Reference To: gdi32.GetObjectA, Ord:0000h

|
:00405EC8 FF2550434400
:00405ECE 8BC0
mov eax, eax
|:00415A04 , :00415A1C , :00415B2E
|
, :00418901
* Reference To: gdi32.GetPaletteEntries, Ord:0000h

|
:00405ED0 FF254C434400
:00405ED6 8BC0
mov eax, eax
|:00414E08
|
* Reference To: gdi32.GetPixel, Ord:0000h
|
:00405ED8 FF2548434400
:00405EDE 8BC0
mov eax, eax
|:0041AB34
|:00433B2E
|
, :0041AB40
, :00438EE1
, :0041AB4C
, :0043D312
, :004336AD
, :004339A0
* Reference To: gdi32.GetStockObject, Ord:0000h

|
:00405EE0 FF2544434400
:00405EE6 8BC0
mov eax, eax
|:00415909 , :0041592D , :0041594B
|
, :0041595F
, :0041597F
* Reference To: gdi32.GetSystemPaletteEntries, Ord:0000h

|
:00405EE8 FF2540434400
:00405EEE 8BC0
mov eax, eax
|:00414CB0 , :00440A67
|
* Reference To: gdi32.GetTextExtentPointA, Ord:0000h
|
:00405EF0 FF253C434400
:00405EF6 8BC0
mov eax, eax
|:0041A66A , :0041DFC7 , :0041DFE3
|
* Reference To: gdi32.GetTextMetricsA, Ord:0000h
|
:00405EF8 FF2538434400
:00405EFE 8BC0
mov eax, eax
|:00417B70 , :00417BA3
|
* Reference To: gdi32.GetWinMetaFileBits, Ord:0000h
|
:00405F00 FF2534434400
:00405F06 8BC0
mov eax, eax
|:00421D32
|
* Reference To: gdi32.GetWindowOrgEx, Ord:0000h
|
:00405F08 FF2530434400
:00405F0E 8BC0
mov eax, eax
|:00423517 , :00423720 , :00426EDA
|
, :00429F50
* Reference To: gdi32.IntersectClipRect, Ord:0000h

|
:00405F10 FF252C434400
:00405F16 8BC0

mov eax, eax

|:00414B8F
|
* Reference To: gdi32.LineTo, Ord:0000h
|
:00405F18 FF2528434400
:00405F1E 8BC0
mov eax, eax
|:004155AB
|
* Reference To: gdi32.MaskBlt, Ord:0000h
|
:00405F20 FF2524434400
:00405F26 8BC0
mov eax, eax
|:00414BEA
|
* Reference To: gdi32.MoveToEx, Ord:0000h
|
:00405F28 FF2520434400
:00405F2E 8BC0
mov eax, eax
|:00418701 , :004189D9 , :00423B79
|:00423BD4 , :0042C8A8
|
, :00423B9B
, :00423BBA
* Reference To: gdi32.PatBlt, Ord:0000h

|
:00405F30 FF251C434400
:00405F36 8BC0
mov eax, eax
|:00417286
|
* Reference To: gdi32.PlayEnhMetaFile, Ord:0000h
|
:00405F38 FF2518434400
:00405F3E 8BC0
mov eax, eax
|:00415678 , :0041616F , :00417251
|:0041875E , :00418A4B , :00418A60
|:0042263C
|
, :00418077
, :00418DFD
, :00418614
, :00419799
* Reference To: gdi32.RealizePalette, Ord:0000h

|
:00405F40 FF2514434400
:00405F46 8BC0
mov eax, eax

|:00426EA1
|
* Reference To: gdi32.RectVisible, Ord:0000h
|
:00405F48 FF2510434400
:00405F4E 8BC0
mov eax, eax
|:00414C26
|
* Reference To: gdi32.Rectangle, Ord:0000h
|
:00405F50 FF250C434400
:00405F56 8BC0
mov eax, eax
|:00426D76 , :00426EF5 , :004392A2
|
, :004393A8
* Reference To: gdi32.RestoreDC, Ord:0000h

|
:00405F58 FF2508434400
:00405F5E 8BC0
mov eax, eax
|:00426CEA , :00426EB7 , :004391E4
|
, :00439345
* Reference To: gdi32.SaveDC, Ord:0000h

|
:00405F60 FF2504434400
:00405F66 8BC0
mov eax, eax
* Referenced
|:00414EA3
|:0041509E
|:00415451
|:0041561B
|:00418042
|:004185C8
|:00418A2F
|:0041975A
|:0041DFEA
|:0042C880
|:00433BA8
|
by a CALL at
, :00414EB2
, :00415113
, :0041548B
, :0041574A
, :004181DB
, :00418737
, :00418AAB
, :00419EA9
, :00423B53
, :0042C8B2
Addresses:
, :00414EC1
, :00415133
, :00415499
, :00415A72
, :00418219
, :004187DA
, :00418AE8
, :00419ED9
, :00423BE1
, :004339AD
,
,
,
,
,
,
,
,
,
,
:00415034
:00415153
:0041555C
:00415A92
:00418472
:00418841
:00418F0A
:0041A65F
:004270A9
:00433A72
,
,
,
,
,
,
,
,
,
,
:00415060
:00415442
:004155C5
:00417F71
:004184D0
:004189B7
:00418F69
:0041DFD6
:00427152
:00433B38
* Reference To: gdi32.SelectObject, Ord:0000h

|
:00405F68 FF2500434400
:00405F6E 8BC0
mov eax, eax
* Referenced
|:0041562F
|:00416163
|:0041806B
|:00418A42
by a CALL at
, :00415641
, :004161AE
, :00418608
, :00418A57
Addresses:
, :00415656
, :00417242
, :00418753
, :00418DEE
,
,
,
,
:0041566C
:0041729A
:004187D0
:00418FE3
,
,
,
,
:00415775
:00417F8A
:0041881F
:0041978D
|:004197FD
|
, :00422634
, :00422650
* Reference To: gdi32.SelectPalette, Ord:0000h

|
:00405F70 FF25FC424400
:00405F76 8BC0
mov eax, eax
* Referenced
|:00414AD0
|:00418697
|:0042ED02
|
by a CALL at Addresses:
, :004150C1 , :004150E7
, :00418796 , :00418A6A
, :0042ED50
, :004156D2
, :00418A98
, :00415737
, :00426C04
* Reference To: gdi32.SetBkColor, Ord:0000h

|
:00405F78 FF25F8424400
:00405F7E 8BC0
mov eax, eax
|:004150CC , :004150F2
|
* Reference To: gdi32.SetBkMode, Ord:0000h
|
:00405F80 FF25F4424400
:00405F86 8BC0
mov eax, eax
|:00418E78
|
* Reference To: gdi32.SetBrushOrgEx, Ord:0000h
|
:00405F88 FF25F0424400
:00405F8E 8BC0
mov eax, eax
|:004181FF , :004186DF
|
* Reference To: gdi32.SetDIBColorTable, Ord:0000h
|
:00405F90 FF25EC424400
:00405F96 8BC0
mov eax, eax
|:00417554
|
* Reference To: gdi32.SetEnhMetaFileBits, Ord:0000h
|
:00405F98 FF25E8424400
:00405F9E 8BC0
mov eax, eax
|:00414E47
|
* Reference To: gdi32.SetPixel, Ord:0000h
|
mov eax, eax
:00405FA0 FF25E4424400
:00405FA6 8BC0
|:00415079
|
* Reference To: gdi32.SetROP2, Ord:0000h

|
:00405FA8 FF25E0424400
:00405FAE 8BC0
mov eax, eax
|:00418E60 , :00418E95
|
* Reference To: gdi32.SetStretchBltMode, Ord:0000h
|
:00405FB0 FF25DC424400
:00405FB6 8BC0
mov eax, eax
|:00414AE5 , :00415049 , :004156C4
|:0041877C , :00426BEA , :0042ECFA
|
, :0041572D
, :0042ED48
, :0041867D
* Reference To: gdi32.SetTextColor, Ord:0000h

|
:00405FB8 FF25D8424400
:00405FBE 8BC0
mov eax, eax
|:00423505
|
* Reference To: gdi32.SetViewportOrgEx, Ord:0000h
|
:00405FC0 FF25D4424400
:00405FC6 8BC0
mov eax, eax
|:00417694
|
* Reference To: gdi32.SetWinMetaFileBits, Ord:0000h
|
:00405FC8 FF25D0424400
:00405FCE 8BC0
mov eax, eax
|:00421D48
|
* Reference To: gdi32.SetWindowOrgEx, Ord:0000h
|
:00405FD0 FF25CC424400
:00405FD6 8BC0
mov eax, eax
|:00414A66
|:00415723
|
, :0041547D
, :00418FBE
, :0041569A
, :004156BC
, :004156FE
* Reference To: gdi32.StretchBlt, Ord:0000h

|
:00405FD8 FF25C8424400
:00405FDE 8BC0
mov eax, eax
|:0041508C
|
* Reference To: gdi32.UnrealizeObject, Ord:0000h
|
:00405FE0 FF25C4424400
:00405FE6 8BC0
mov eax, eax
|:00427645 , :0042769D
|
* Reference To: user32.ActivateKeyboardLayout, Ord:0000h
|
:00405FE8 FF2524464400
:00405FEE 8BC0
mov eax, eax
|:00438B9D
|
* Reference To: user32.AdjustWindowRectEx, Ord:0000h
|
:00405FF0 FF2520464400
:00405FF6 8BC0
mov eax, eax
|:0043DB9B
|
* Reference To: user32.CharLowerA, Ord:0000h
|
:00405FF8 FF251C464400
:00405FFE 8BC0
mov eax, eax
|:00426CB6 , :004270CB , :0043AD78
|
, :0043E11D
* Reference To: user32.BeginPaint, Ord:0000h

|
:00406000 FF2514464400
:00406006 8BC0
mov eax, eax
|:0043D8E4
|
* Reference To: user32.CallNextHookEx, Ord:0000h
|
:00406008 FF2510464400
:0040600E 8BC0

mov eax, eax

|:00426C2C , :0043944E , :0043BA38
|
* Reference To: user32.CallWindowProcA, Ord:0000h
|
:00406010 FF250C464400
:00406016 8BC0
mov eax, eax
|:0040756A
|
* Reference To: user32.CharLowerBuffA, Ord:0000h
|
:00406018 FF2518464400
:0040601E 8BC0
mov eax, eax
|:00431F90
|
* Reference To: user32.CheckMenuItem, Ord:0000h
|
:00406020 FF2508464400
:00406026 8BC0
mov eax, eax
|:00420A33 , :00428FC0 , :0042A5C8
|
, :0043FB5E
* Reference To: user32.ClientToScreen, Ord:0000h

|
:00406028 FF2504464400
:0040602E 8BC0
mov eax, eax
|:00415F55
|
* Reference To: user32.CreateIcon, Ord:0000h
|
:00406030 FF2500464400
:00406036 8BC0
mov eax, eax
|:0043146C
|
* Reference To: user32.CreateMenu, Ord:0000h
|
:00406038 FF25FC454400
:0040603E 8BC0
mov eax, eax
|:00431462
|
* Reference To: user32.CreatePopupMenu, Ord:0000h

|
:00406040 FF25F8454400
:00406046 8BC0
mov eax, eax
|:00406559 , :004264B7 , :00436A3A
|
, :0043A36F
* Reference To: user32.CreateWindowExA, Ord:0000h

|
:00406048 FF25F4454400
:0040604E 8BC0
mov eax, eax
|:0043A56F
|
* Reference To: user32.DefFrameProcA, Ord:0000h
|
:00406050 FF25F0454400
:00406056 8BC0
mov eax, eax
* Reference To: user32.DefMDIChildProcA, Ord:0000h
|
:00406058 FF25EC454400
:0040605E 8BC0
mov eax, eax
|:00433C71 , :0043A54B , :0043E0F6
|
* Reference To: user32.DefWindowProcA, Ord:0000h
|
:00406060 FF25E8454400
:00406066 8BC0
mov eax, eax
|:0043AEC1 , :0043AECE , :0043AEDB
|:0043AF02 , :0043AF0F , :0043DE31
|
, :0043AEE8
, :0043DE3E
, :0043AEF5
, :0043DE55
* Reference To: user32.DeleteMenu, Ord:0000h

|
:00406068 FF25E4454400
:0040606E 8BC0
mov eax, eax
|:0043CFA9 , :0043CFD6
|
* Reference To: user32.DestroyCursor, Ord:0000h
|
:00406070 FF25E0454400
:00406076 8BC0
mov eax, eax
|:0041A0EB
|
* Reference To: user32.DestroyIcon, Ord:0000h

|
:00406078 FF25DC454400
:0040607E 8BC0
mov eax, eax
|:00430F40
|
* Reference To: user32.DestroyMenu, Ord:0000h
|
:00406080 FF25D8454400
:00406086 8BC0
mov eax, eax
|:004114B3 , :00426548 , :00436A7B
|
, :0043DCA9
* Reference To: user32.DestroyWindow, Ord:0000h

|
:00406088 FF25D4454400
:0040608E 8BC0
mov eax, eax
|:0043EBF3
|
* Reference To: user32.DispatchMessageA, Ord:0000h
|
:00406090 FF25D0454400
:00406096 8BC0
mov eax, eax
|:00429F37 , :0042A242 , :004315DE
|
, :00431B3D
* Reference To: user32.DrawEdge, Ord:0000h

|
:00406098 FF25CC454400
:0040609E 8BC0
mov eax, eax
|:0042BBF9
|
* Reference To: user32.DrawFrameControl, Ord:0000h
|
:004060A0 FF25C8454400
:004060A6 8BC0
mov eax, eax
|:0041A205 , :0043AD8C , :0043E135
|
* Reference To: user32.DrawIcon, Ord:0000h
|
:004060A8 FF25C4454400
:004060AE 8BC0
mov eax, eax

|:00432E61 , :00433585 , :00439A27
|
* Reference To: user32.DrawMenuBar, Ord:0000h
|
:004060B0 FF25C0454400
:004060B6 8BC0
mov eax, eax
|:0041D442 , :0041D484 , :0041D4AB
|:00431660 , :004316A2 , :00440E3A
|
, :0042A2E7
, :00440EDA
, :0042A598
* Reference To: user32.DrawTextA, Ord:0000h

|
:004060B8 FF25BC454400
:004060BE 8BC0
mov eax, eax
|:00432011 , :0043AF2D , :0043AF49
|
* Reference To: user32.EnableMenuItem, Ord:0000h
|
:004060C0 FF25B8454400
:004060C6 8BC0
mov eax, eax
* Reference To: user32.EnableScrollBar, Ord:0000h
|
:004060C8 FF25B4454400
:004060CE 8BC0
mov eax, eax
|:0042847D , :004363F8 , :004364D9
|
* Reference To: user32.EnableWindow, Ord:0000h
|
:004060D0 FF25B0454400
:004060D6 8BC0
mov eax, eax
|:00426DAA , :00427138 , :0043AD9A
|
, :0043E148
* Reference To: user32.EndPaint, Ord:0000h

|
:004060D8 FF25AC454400
:004060DE 8BC0
mov eax, eax
|:00420F5A , :0043645D , :00436578
|
, :004365F2
* Reference To: user32.EnumThreadWindows, Ord:0000h

|
:004060E0 FF25A8454400
:004060E6 8BC0
mov eax, eax

|:0043DF72
|
* Reference To: user32.EnumWindows, Ord:0000h
|
:004060E8 FF25A4454400
:004060EE 8BC0
mov eax, eax
|:004235B4
|
* Reference To: user32.EqualRect, Ord:0000h
|
:004060F0 FF25A0454400
:004060F6 8BC0
mov eax, eax
|:00414B58 , :00418665 , :00427316
|:0043ADF5
|
, :00429F8E
, :00439509
* Reference To: user32.FillRect, Ord:0000h

|
:004060F8 FF259C454400
:004060FE 8BC0
mov eax, eax
|:0040657C
|
* Reference To: user32.FindWindowA, Ord:0000h
|
:00406100 FF2598454400
:00406106 8BC0
mov eax, eax
|:00426FA9 , :00426FF6
|
* Reference To: user32.FrameRect, Ord:0000h
|
:00406108 FF2594454400
:0040610E 8BC0
mov eax, eax
|:004365D7 , :0043BB2E , :0043BFC7
|
, :0043C0D3
, :0043EF07
* Reference To: user32.GetActiveWindow, Ord:0000h

|
:00406110 FF2590454400
:00406116 8BC0
mov eax, eax
|:00420704 , :0042695B , :00426AE9
|:0042CF80 , :0043BF9E , :0043BFAD
|:0043EE79
|
, :00428125
, :0043EA5B
, :004284EE
, :0043EE6A
* Reference To: user32.GetCapture, Ord:0000h

|
:00406118 FF258C454400
:0040611E 8BC0
mov eax, eax
|:0042612B , :0042613B , :00426151
|:004369D5 , :0043DD43
|
, :00426163
, :004263B1
* Reference To: user32.GetClassInfoA, Ord:0000h

|
:00406120 FF2588454400
:00406126 8BC0
mov eax, eax
|:00428FD7 , :00429D9B
|
* Reference To: user32.GetClientRect, Ord:0000h
|
:00406128 FF2584454400
:0040612E 8BC0
mov eax, eax
|:00417C34
|
* Reference To: user32.GetClipboardData, Ord:0000h
|
:00406130 FF2580454400
:00406136 8BC0
mov eax, eax
|:0042166D , :0043F8A3
|
* Reference To: user32.GetCursor, Ord:0000h
|
:00406138 FF257C454400
:0040613E 8BC0
mov eax, eax
|:00421651 , :004218B7 , :00423867
|:0042CD20 , :0043D26F , :0043D899
|:0043F800
|
, :004274C6
, :0043F311
, :004284F8
, :0043F7A9
* Reference To: user32.GetCursorPos, Ord:0000h

|
:00406140 FF2578454400
:00406146 8BC0
mov eax, eax
* Referenced
|:004153D4
|:00417B4C
|:004196D5
|:004236E6
|:0043CBEC
by a CALL at
, :004158CE
, :004181C2
, :0041A60F
, :00427063
Addresses:
, :004159D0
, :0041831D
, :0041A64D
, :00428D19
,
,
,
,
:00415BA6
:00418971
:0041D628
:0042E730
,
,
,
,
:00415D76
:004192E2
:0041DFBE
:0042F9E8
|
* Reference To: user32.GetDC, Ord:0000h
|
:00406148 FF2574454400
:0040614E 8BC0
mov eax, eax
|:00423B30 , :00428D08 , :0042C72B
|
* Reference To: user32.GetDCEx, Ord:0000h
|
:00406150 FF2570454400
:00406156 8BC0
mov eax, eax
|:004208FF , :004213D0 , :004214F5
|
, :0042175F
, :00423B1D
* Reference To: user32.GetDesktopWindow, Ord:0000h

|
:00406158 FF256C454400
:0040615E 8BC0
mov eax, eax
|:00428EC4 , :0043A96D , :0043E641
|
, :0043E6EE
* Reference To: user32.GetFocus, Ord:0000h

|
:00406160 FF2568454400
:00406166 8BC0
mov eax, eax
|:00427540
|
* Reference To: user32.GetForegroundWindow, Ord:0000h
|
:00406168 FF2564454400
:0040616E 8BC0
mov eax, eax
|:00416227 , :0043F8A9
|
* Reference To: user32.GetIconInfo, Ord:0000h
|
:00406170 FF2560454400
:00406176 8BC0
mov eax, eax
|:004306A0
|
* Reference To: user32.GetKeyNameTextA, Ord:0000h
|
:00406178 FF255C454400
:0040617E 8BC0
mov eax, eax

|:00420FFE , :00432D47 , :00432D59
|:00436B03 , :0043B6C0 , :0043B6E1
|
, :00436AD2
, :0043B6EF
, :00436AF4
* Reference To: user32.GetKeyState, Ord:0000h

|
:00406180 FF2558454400
:00406186 8BC0
mov eax, eax
|:0043D04A
|
* Reference To: user32.GetKeyboardLayout, Ord:0000h
|
:00406188 FF2554454400
:0040618E 8BC0
mov eax, eax
|:0043D05E
|
* Reference To: user32.GetKeyboardLayoutList, Ord:0000h
|
:00406190 FF2550454400
:00406196 8BC0
mov eax, eax
|:00426B48
|
* Reference To: user32.GetKeyboardState, Ord:0000h
|
:00406198 FF254C454400
:0040619E 8BC0
mov eax, eax
|:00427539 , :0043E8F8
|
* Reference To: user32.GetLastActivePopup, Ord:0000h
|
:004061A0 FF2548454400
:004061A6 8BC0
mov eax, eax
|:004399FE , :00439B82
|
* Reference To: user32.GetMenu, Ord:0000h
|
:004061A8 FF2544454400
:004061AE 8BC0
mov eax, eax
|:00431367 , :00432E80 , :004332D8
|
* Reference To: user32.GetMenuItemCount, Ord:0000h

|
:004061B0 FF2540454400
:004061B6 8BC0
mov eax, eax
|:004331B2 , :0043346B
|
* Reference To: user32.GetMenuItemID, Ord:0000h
|
:004061B8 FF253C454400
:004061BE 8BC0
mov eax, eax
|:00432E02
|
* Reference To: user32.GetMenuItemInfoA, Ord:0000h
|
:004061C0 FF2538454400
:004061C6 8BC0
mov eax, eax
|:00432ED3 , :004332F8 , :0043338F
|
, :00433447
* Reference To: user32.GetMenuState, Ord:0000h

|
:004061C8 FF2534454400
:004061CE 8BC0
mov eax, eax
|:004334BE
|
* Reference To: user32.GetMenuStringA, Ord:0000h
|
:004061D0 FF2530454400
:004061D6 8BC0
mov eax, eax
|:0042092D
|
* Reference To: user32.GetWindow, Ord:0000h
|
:004061D8 FF252C454400
:004061DE 8BC0
mov eax, eax
|:00420840 , :0042122D , :00421C86
|
* Reference To: user32.GetParent, Ord:0000h
|
:004061E0 FF2528454400
:004061E6 8BC0
mov eax, eax
|:0042048E
|
, :004211FC
* Reference To: user32.GetPropA, Ord:0000h

|
:004061E8 FF2524454400
:004061EE 8BC0
mov eax, eax
* Reference To: user32.GetScrollInfo, Ord:0000h
|
:004061F0 FF2520454400
:004061F6 8BC0
mov eax, eax
* Reference To: user32.GetScrollPos, Ord:0000h
|
:004061F8 FF251C454400
:004061FE 8BC0
mov eax, eax
* Reference To: user32.GetScrollRange, Ord:0000h
|
:00406200 FF2518454400
:00406206 8BC0
mov eax, eax
|:00433199 , :0043320D , :00433452
|
, :004337C5
, :0043B11D
* Reference To: user32.GetSubMenu, Ord:0000h

|
:00406208 FF2514454400
:0040620E 8BC0
mov eax, eax
|:00413B12
|
* Reference To: user32.GetSysColor, Ord:0000h
|
:00406210 FF2510454400
:00406216 8BC0
mov eax, eax
|:0043AEA3 , :0043DE22
|
* Reference To: user32.GetSystemMenu, Ord:0000h
|
:00406218 FF250C454400
:0040621E 8BC0
mov eax, eax
|:004092F6 , :00409305 , :00415B5B
|:00415D6C , :0041A242 , :0041A24A
|:0041E032
|
, :00415B65
, :0041AE46
, :00415D62
, :0041E018
* Reference To: user32.GetSystemMetrics, Ord:0000h

|
:00406220 FF2508454400
:00406226 8BC0
mov eax, eax

|:00420905
|
* Reference To: user32.GetTopWindow, Ord:0000h
|
:00406228 FF2504454400
:0040622E 8BC0
mov eax, eax
|:00420E78 , :0043DEEB , :0043DF87
|
|
:00406230 FF252C454400
:00406236 8BC0
mov eax, eax
|:00429D78 , :0042A206 , :00433AF9
|
, :0043930E
* Reference To: user32.GetWindowDC, Ord:0000h

|
:00406238 FF2500454400
:0040623E 8BC0
mov eax, eax
* Referenced
|:0041E0EA
|:00420409
|:00436341
|:0043704A
|:0043DEFE
|
by a CALL at
, :0041E1A7
, :00429154
, :00436524
, :00438B77
, :0043DF94
Addresses:
, :0041E1E4
, :00429342
, :00436A73
, :00438B96
, :0043EAA0
,
,
,
,
:0041E47D
:00429357
:00436F69
:004395C6
,
,
,
,
:004203F7
:00429E6B
:00436FA1
:0043A394
* Reference To: user32.GetWindowLongA, Ord:0000h

|
:00406240 FF25FC444400
:00406246 8BC0
mov eax, eax
|:0041AF4B , :004289C9 , :00429318
|
* Reference To: user32.GetWindowPlacement, Ord:0000h
|
:00406248 FF25F8444400
:0040624E 8BC0
mov eax, eax
|:0041AF57 , :00420E11 , :00420F6D
|:00423A39 , :004278A0 , :00429334
|:0043EF61
|
, :00420F7A
, :00429DAD
, :0042188C
, :0042A5D2
* Reference To: user32.GetWindowRect, Ord:0000h

|
:00406250 FF25F4444400
:00406256 8BC0
mov eax, eax

|:00438FA4
|
* Reference To: user32.GetWindowRgn, Ord:0000h
|
:00406258 FF25F0444400
:0040625E 8BC0
mov eax, eax
|:0043E94B
|
* Reference To: user32.GetWindowTextA, Ord:0000h
|
:00406260 FF25EC444400
:00406266 8BC0
mov eax, eax
|:0043D28A
|
* Reference To: user32.GetWindowThreadProcessId, Ord:0000h
|
:00406268 FF25E8444400
:0040626E 8BC0
mov eax, eax
|:004278AA , :00428E20 , :00429CDE
|
, :00429E12
* Reference To: user32.InflateRect, Ord:0000h

|
:00406270 FF25E4444400
:00406276 8BC0
mov eax, eax
|:004311B0 , :004311C9
|
* Reference To: user32.InsertMenuA, Ord:0000h
|
:00406278 FF25E0444400
:0040627E 8BC0
mov eax, eax
|:0043113D
|
* Reference To: user32.InsertMenuItemA, Ord:0000h
|
:00406280 FF25DC444400
:00406286 8BC0
mov eax, eax
|:0041B356 , :0041B36C , :0041B38C
|
, :00420F8B
* Reference To: user32.IntersectRect, Ord:0000h
, :004235A4
|
mov eax, eax
:00406288 FF25D8444400
:0040628E 8BC0

|:00423650 , :00428DCA , :00428E36
|
, :0043F520
* Reference To: user32.InvalidateRect, Ord:0000h

|
:00406290 FF25D4444400
:00406296 8BC0
mov eax, eax
|:00420FD0
|
* Reference To: user32.IsChild, Ord:0000h
|
:00406298 FF25D0444400
:0040629E 8BC0
mov eax, eax
|:0043E985
|
* Reference To: user32.IsDialogMessageA, Ord:0000h
|
:004062A0 FF25CC444400
:004062A6 8BC0
mov eax, eax
* Referenced
|:0041AF3D
|:00438B56
|:0043BB40
|:0043E86C
|
by a CALL at
, :0042811C
, :0043AD3D
, :0043C847
, :0043F50F
Addresses:
, :00428963
, :0043AE1A
, :0043E37B
, :004292FB
, :0043AFAB
, :0043E6E1
, :00438A67
, :0043B337
, :0043E823
* Reference To: user32.IsIconic, Ord:0000h

|
:004062A8 FF25C8444400
:004062AE 8BC0
mov eax, eax
|:0041E0AF , :004364CA
|
* Reference To: user32.IsWindow, Ord:0000h
|
:004062B0 FF25C4444400
:004062B6 8BC0
mov eax, eax
|:004363D2 , :00436518 , :0043E618
|:0043F2ED
|
, :0043E913
, :0043EB40
* Reference To: user32.IsWindowEnabled, Ord:0000h

|
:004062B8 FF25C0444400
:004062BE 8BC0
* Referenced
|:0042107E
|:004363C8
|:0043F5D8
|
mov eax, eax
, :00427364 , :00427386
, :0043650E , :0043E62D
, :0043F833
, :00428579
, :0043E909
, :00428ACF
, :0043F2DC
* Reference To: user32.IsWindowVisible, Ord:0000h

|
:004062C0 FF25BC444400
:004062C6 8BC0
mov eax, eax
|:0043B351
|
* Reference To: user32.IsZoomed, Ord:0000h
|
:004062C8 FF25B8444400
:004062CE 8BC0
mov eax, eax
|:0043F6C6
|
* Reference To: user32.KillTimer, Ord:0000h
|
:004062D0 FF25B4444400
:004062D6 8BC0
mov eax, eax
|:00431976
|
* Reference To: user32.LoadBitmapA, Ord:0000h
|
:004062D8 FF25B0444400
:004062DE 8BC0
mov eax, eax
|:004262B5 , :0043CF39 , :0043CF6A
|
, :0043CFC9
* Reference To: user32.LoadCursorA, Ord:0000h

|
:004062E0 FF25AC444400
:004062E6 8BC0
mov eax, eax
|:0041AB5D , :0043DB16 , :0043E816
|
, :00441038
* Reference To: user32.LoadIconA, Ord:0000h

|
:004062E8 FF25A8444400
:004062EE 8BC0
mov eax, eax
|:0040875E , :00408849
|
|
:004062F0 FF25A4444400
:004062F6 8BC0
mov eax, eax
|:00430687
|
* Reference To: user32.MapVirtualKeyA, Ord:0000h
|
:004062F8 FF25A0444400
:004062FE 8BC0
mov eax, eax
|:00423D7D , :00423E8F , :00423ECE
|:0042BF7D
|
, :00427A3C
, :00429DC3
* Reference To: user32.MapWindowPoints, Ord:0000h

|
:00406300 FF259C444400
:00406306 8BC0
mov eax, eax
|:0040885F , :0043EFD2
|
|
:00406308 FF2598444400
:0040630E 8BC0
mov eax, eax
|:0043DB5B
|
* Reference To: user32.OemToCharA, Ord:0000h
|
:00406310 FF2594444400
:00406316 8BC0
mov eax, eax
* Referenced
|:0041B345
|:00420DA1
|:00429DD8
|:0043166D
|
by a CALL at
, :0041D40A
, :00425638
, :00429F72
, :00431BED
Addresses:
, :0041D44C
, :0042564F
, :0042BC52
, :0043FB75
,
,
,
,
:0041D5A9
:00425687
:0042BCA0
:0043FC8E
, :0041D5C6
, :0042569E
, :0043162B
* Reference To: user32.OffsetRect, Ord:0000h

|
:00406318 FF2590444400
:0040631E 8BC0
mov eax, eax
|:0043EB83
|
* Reference To: user32.PeekMessageA, Ord:0000h

|
:00406320 FF258C444400
:00406326 8BC0
mov eax, eax
|:0043AFE2 , :0043BF20 , :0043C889
|:0043E444 , :0043F240 , :00440759
|
, :0043E3D4
, :0043E422
* Reference To: user32.PostMessageA, Ord:0000h

|
:00406328 FF2588444400
:0040632E 8BC0
mov eax, eax
|:0043EE5B
|
* Reference To: user32.PostQuitMessage, Ord:0000h
|
:00406330 FF2584444400
:00406336 8BC0
mov eax, eax
|:00420E20 , :004210D9 , :00424963
|
, :004268E9
, :0043F753
* Reference To: user32.PtInRect, Ord:0000h

|
:00406338 FF2580444400
:0040633E 8BC0
mov eax, eax
|:004263EF , :00436A0A , :0043DD5D
|
* Reference To: user32.RegisterClassA, Ord:0000h
|
:00406340 FF257C444400
:00406346 8BC0
mov eax, eax
|:0041E70A , :0041E71A
|
* Reference To: user32.RegisterClipboardFormatA, Ord:0000h
|
:00406348 FF2578444400
:0040634E 8BC0
mov eax, eax
|:00406588 , :00406597 , :004065A3
|
, :00441354
, :00441363
* Reference To: user32.RegisterWindowMessageA, Ord:0000h

|
:00406350 FF2574444400
:00406356 8BC0
mov eax, eax

|:0042072F , :004209CF , :0042D015
|
, :0043BFB8
* Reference To: user32.ReleaseCapture, Ord:0000h

|
:00406358 FF2570444400
:0040635E 8BC0
mov eax, eax
* Referenced
|:00415427
|:00417C01
|:004198C1
|:00421FB6
|:00429FAD
|:00433BEA
|
by a CALL at
, :00415997
, :0041822D
, :0041A626
, :0042265B
, :0042A261
, :004393EC
Addresses:
, :00415A38
, :0041888C
, :0041A67A
, :00423753
, :0042C76E
, :0043CC99
,
,
,
,
,
:00415D02
:00418B15
:0041D673
:00423BFB
:0042E7BF
,
,
,
,
,
:00415DE3
:00419330
:0041DFF2
:00427092
:0042FA6C
* Reference To: user32.ReleaseDC, Ord:0000h

|
:00406360 FF256C444400
:00406366 8BC0
mov eax, eax
|:0043135A
|
* Reference To: user32.RemoveMenu, Ord:0000h
|
:00406368 FF2568444400
:0040636E 8BC0
mov eax, eax
|:00428219 , :0042822D
|
* Reference To: user32.RemovePropA, Ord:0000h
|
:00406370 FF2564444400
:00406376 8BC0
mov eax, eax
|:00429364 , :0042936F
|
* Reference To: user32.ScreenToClient, Ord:0000h
|
:00406378 FF2560444400
:0040637E 8BC0
mov eax, eax
|:00428AFE
|
* Reference To: user32.ScrollWindow, Ord:0000h
|
:00406380 FF255C444400
:00406386 8BC0
mov eax, eax
|:004065BB
|:0041DAC7
|:0041DBD8
|:0041DF4A
|:00426BD0
|:00438A58
|:0043A49C
|:0043B9DD
|:0043C0C4
|:0043E4D8
|:0043EE7F
|
,
,
,
,
,
,
,
,
,
,
,
:004065DF
:0041DB3B
:0041DBFB
:0041E104
:0042D07F
:004397EB
:0043A50A
:0043BA5D
:0043D2AA
:0043EA90
:0043F504
,
,
,
,
,
,
,
,
,
,
:0041D962
:0041DB5C
:0041DC11
:0041E49C
:0043355D
:00439A16
:0043AB2E
:0043BC43
:0043D2C1
:0043EAC1
,
,
,
,
,
,
,
,
,
,
:0041DA36
:0041DB7D
:0041DC4C
:004204B2
:004335FA
:0043A2D8
:0043AB40
:0043BFB3
:0043DCA0
:0043EC4E
,
,
,
,
,
,
,
,
,
,
:0041DA6D
:0041DBA5
:0041DE9E
:004211D9
:004365A4
:0043A2F0
:0043B02D
:0043C05D
:0043DE17
:0043ECAC
* Reference To: user32.SendMessageA, Ord:0000h

|
:00406388 FF2558444400
:0040638E 8BC0
mov eax, eax
|:0043BB7A , :0043C180 , :0043E837
|
, :0043E879
, :0043F033
* Reference To: user32.SetActiveWindow, Ord:0000h

|
:00406390 FF2554444400
:00406396 8BC0
mov eax, eax
|:00420767 , :00420993 , :0042D01D
|
* Reference To: user32.SetCapture, Ord:0000h
|
:00406398 FF2550444400
:0040639E 8BC0
mov eax, eax
|:00421535 , :0042154A , :00421B6B
|:0043D2D3
|
, :0042750B
, :0042CDB2
* Reference To: user32.SetCursor, Ord:0000h

|
:004063A0 FF254C444400
:004063A6 8BC0
mov eax, eax
|:0041E392 , :004266C7 , :00428EA8
|:0043B417 , :0043E650 , :0043E66F
|
, :00439103
, :0043E70F
, :0043A95F
, :0043E8CB
* Reference To: user32.SetFocus, Ord:0000h

|
:004063A8 FF2548444400
:004063AE 8BC0
mov eax, eax
|:0043E91D
|
* Reference To: user32.SetForegroundWindow, Ord:0000h

|
:004063B0 FF2544444400
:004063B6 8BC0
mov eax, eax
|:00439B9F , :00439BD4 , :00439BF0
|
, :0043B04E
* Reference To: user32.SetMenu, Ord:0000h

|
:004063B8 FF2540444400
:004063BE 8BC0
mov eax, eax
|:00432E54
|
* Reference To: user32.SetMenuItemInfoA, Ord:0000h
|
:004063C0 FF253C444400
:004063C6 8BC0
mov eax, eax
|:00420433 , :0042044A , :004265ED
|
, :00426602
* Reference To: user32.SetPropA, Ord:0000h

|
:004063C8 FF2538444400
:004063CE 8BC0
mov eax, eax
|:00438B68 , :00438BBA , :00440EA3
|
* Reference To: user32.SetRect, Ord:0000h
|
:004063D0 FF2534444400
:004063D6 8BC0
mov eax, eax
* Reference To: user32.SetScrollInfo, Ord:0000h
|
:004063D8 FF2530444400
:004063DE 8BC0
mov eax, eax
* Reference To: user32.SetScrollPos, Ord:0000h
|
:004063E0 FF252C444400
:004063E6 8BC0
mov eax, eax
* Reference To: user32.SetScrollRange, Ord:0000h
|
:004063E8 FF2528444400
:004063EE 8BC0
mov eax, eax
|:0043F696
|
* Reference To: user32.SetTimer, Ord:0000h

|
:004063F0 FF2524444400
:004063F6 8BC0
mov eax, eax
|:004203EC , :0042041C , :00429171
|:004395F4 , :0043A3AF , :0043DDF5
|
, :00436364
, :00436A57
* Reference To: user32.SetWindowLongA, Ord:0000h

|
:004063F8 FF2520444400
:004063FE 8BC0
mov eax, eax
|:004289F2
|
* Reference To: user32.SetWindowPlacement, Ord:0000h
|
:00406400 FF251C444400
:00406406 8BC0
mov eax, eax
* Referenced
|:00426629
|:00428C71
|:0043959A
|:0043C86F
|:0043F614
|
by a CALL at
, :00428436
, :00428CD3
, :0043A3CA
, :0043DFCA
Addresses:
, :00428551
, :0042900D
, :0043AFC8
, :0043E031
,
,
,
,
:00428984
:0042A4F4
:0043BB1B
:0043EF99
,
,
,
,
:00428B74
:00436376
:0043BB74
:0043F022
* Reference To: user32.SetWindowPos, Ord:0000h

|
:00406408 FF2518444400
:0040640E 8BC0
mov eax, eax
|:0041DC2C
|
* Reference To: user32.SetWindowTextA, Ord:0000h
|
:00406410 FF2514444400
:00406416 8BC0
mov eax, eax
|:0043D938
|
* Reference To: user32.SetWindowsHookExA, Ord:0000h
|
:00406418 FF2510444400
:0040641E 8BC0
mov eax, eax
|:00438FC2 , :00438FDD , :00439061
|
* Reference To: user32.SetWindowRgn, Ord:0000h
|
mov eax, eax
:00406420 FF250C444400
:00406426 8BC0

|:0042A76D , :0042A8AF
|
* Reference To: user32.ShowCursor, Ord:0000h
|
:00406428 FF2508444400
:0040642E 8BC0
mov eax, eax
|:0043638F
|
* Reference To: user32.ShowOwnedPopups, Ord:0000h
|
:00406430 FF2504444400
:00406436 8BC0
mov eax, eax
* Reference To: user32.ShowScrollBar, Ord:0000h
|
:00406438 FF2500444400
:0040643E 8BC0
mov eax, eax
|:00439DCB , :0043B397 , :0043B9ED
|:0043BB8C , :0043DA53 , :0043F847
|
, :0043BA0F
, :0043BA82
* Reference To: user32.ShowWindow, Ord:0000h

|
:00406440 FF25FC434400
:00406446 8BC0
mov eax, eax
* Referenced
|:0041B074
|:0042D06C
|:0043D7C8
|
by a CALL at
, :0041B14C
, :00431CA4
, :0043D9F5
Addresses:
, :0041B224
, :00433694
, :0043DA2D
, :0042A14B
, :00438EC8
, :00440C15
, :0042CFCA
, :0043D2F5
* Reference To: user32.SystemParametersInfoA, Ord:0000h

|
:00406448 FF25F8434400
:0040644E 8BC0
mov eax, eax
|:00433ECD
|
* Reference To: user32.TrackPopupMenu, Ord:0000h
|
:00406450 FF25F4434400
:00406456 8BC0
mov eax, eax
|:0043EA2F
|
* Reference To: user32.TranslateMDISysAccel, Ord:0000h

|
:00406458 FF25F0434400
:0040645E 8BC0
mov eax, eax
|:0043EBED
|
* Reference To: user32.TranslateMessage, Ord:0000h
|
:00406460 FF25EC434400
:00406466 8BC0
mov eax, eax
|:0043D993
|
* Reference To: user32.UnhookWindowsHookEx, Ord:0000h
|
:00406468 FF25E8434400
:0040646E 8BC0
mov eax, eax
|:004263D9 , :00436A00
|
* Reference To: user32.UnregisterClassA, Ord:0000h
|
:00406470 FF25E4434400
:00406476 8BC0
mov eax, eax
|:00428DE9
|
* Reference To: user32.UpdateWindow, Ord:0000h
|
:00406478 FF25E0434400
:0040647E 8BC0
mov eax, eax
|:0043F477
|
* Reference To: user32.WaitMessage, Ord:0000h
|
:00406480 FF25DC434400
:00406486 8BC0
mov eax, eax
|:0043F1D9 , :0043F214
|
* Reference To: user32.WinHelpA, Ord:0000h
|
:00406488 FF25D8434400
:0040648E 8BC0
mov eax, eax

|:00421216 , :00421C6B , :0043D27C
|
* Reference To: user32.WindowFromPoint, Ord:0000h
|
:00406490 FF25D4434400
:00406496 8BC0
mov eax, eax
|:0043D2B7
|
:00406498 0FB7C0
movzx eax, ax
:0040649B 0FB7D2
movzx edx, dx
:0040649E C1E210
shl edx, 10
:004064A1 0BC2
or eax, edx
:004064A3 C3
ret

|:00436694
|
:004064A4 0FB7C0
movzx eax, ax
:004064A7 C1E808
shr eax, 08
:004064AA C3
ret
:004064AB 90
nop

|:004371C3
|
* Reference To: kernel32.GetTickCount, Ord:0000h
|
:004064AC E82FF8FFFF
Call 00405CE0
:004064B1 C3
ret
:004064B2 8BC0
mov eax, eax

|:0040EDBA
|
:004064B4 33C0
xor eax, eax
:004064B6 C3
ret
:004064B7 90
nop

|:0040EBAB
|
:004064B8 52
push edx
:004064B9 50
push eax
* Reference To: kernel32.GlobalAlloc, Ord:0000h
|
Call 00405D00
:004064BF 50
push eax

|
:004064C0 E853F8FFFF
Call 00405D18
:004064C5 C3
ret
:004064C6 8BC0
mov eax, eax

|:0040EBC1
|
:004064C8 51
push ecx
:004064C9 52
push edx
:004064CA 50
push eax
* Reference To: kernel32.GlobalHandle,
|
:004064CB E850F8FFFF
Call
:004064D0 50
push
:004064D1 50
push
Ord:0000h
00405D20
eax
eax

|
:004064D2 E859F8FFFF
Call 00405D30
* Reference To: kernel32.GlobalReAlloc, Ord:0000h
|
:004064D7 E84CF8FFFF
Call 00405D28
:004064DC 50
push eax
|
:004064DD E836F8FFFF
Call 00405D18
:004064E2 C3
ret
:004064E3 90
nop

|:0040EB94
|
:004064E4 50
push eax
* Reference To: kernel32.GlobalHandle,
|
:004064E5 E836F8FFFF
Call
:004064EA 50
push
:004064EB 50
push
Ord:0000h
00405D20
eax
eax

|
:004064EC E83FF8FFFF
Call 00405D30
* Reference To: kernel32.GlobalFree, Ord:0000h
|
:004064F1 E81AF8FFFF
Call 00405D10
:004064F6 C3
ret
:004064F7 90
nop

|:0041557C
|
:004064F8 C1E208
shl edx, 08
:004064FB 81E2000000FF
and edx, FF000000
:00406501 0BC2
or eax, edx
:00406503 C3
ret

|:00420A24 , :004246C5 , :00424946 , :00426988 , :00426A7B
|:00427E1C , :0042CBA8 , :0042CBD6 , :0042CC25 , :0042CCBA
|:0043F6E8 , :0043F733
|
:00406504 51
push ecx
:00406505 890424
mov dword ptr [esp], eax
:00406508 0FBF0424
movsx eax, word ptr [esp]
:0040650C 8902
:0040650E 0FBF442402
movsx eax, word ptr [esp+02]
:00406513 894204
:00406516 5A
pop edx
:00406517 C3
ret

|:00423888 , :0042691A , :004269B9 , :0043B509 , :0043B54E
|:0043D29C
|
:00406518 51
push ecx
:00406519 668B10
mov dx, word ptr [eax]
:0040651C 66891424
mov word ptr [esp], dx
:00406520 668B4004
mov ax, word ptr [eax+04]
:00406524 6689442402
mov word ptr [esp+02], ax
:00406529 8B0424
:0040652C 5A
pop edx
:0040652D C3
ret
:0040652E 8BC0
mov eax, eax

|:0043DDD4
|
:00406530 55
push ebp
:00406531 8BEC
mov ebp, esp
:00406533 53
push ebx
:00406534 8B5D08
:00406537 53
push ebx
:00406538 8B5D0C
mov ebx, dword ptr [ebp+0C]
:0040653B 53
push ebx
:0040653C 8B5D10
:0040653F 53
push ebx
:00406540 8B5D14
:00406543 53
push ebx
:00406544 8B5D18
:00406547
:00406548
:0040654B
:0040654C
:0040654F
:00406550
:00406553
:00406554
:00406555
:00406556
:00406557
53
8B5D1C
53
8B5D20
53
8B5D24
53
51
52
50
6A00
push ebx
push ebx
push ebx
push ebx
push ecx
push edx
push eax
push 00000000

|
:00406559 E8EAFAFFFF
Call 00406048
:0040655E 5B
pop ebx
:0040655F 5D
pop ebp
:00406560 C22000
ret 0020
:00406563 90
nop

|:0042CFE6
|
:00406564 55
push ebp
:00406565 8BEC
mov ebp, esp
:00406567 51
push ecx
:00406568 53
push ebx
:00406569 56
push esi
:0040656A 57
push edi
:0040656B 8BF9
mov edi, ecx
:0040656D 8BF2
mov esi, edx
:0040656F 8945FC
* Possible StringData Ref from Code Obj ->"Magellan MSWHEEL"
|
:00406572 6800664000
push 00406600
* Possible StringData Ref from Code Obj ->"MouseZ"
|
:00406577 6814664000
push 00406614
* Reference To: user32.FindWindowA, Ord:0000h
|
:0040657C E87FFBFFFF
Call 00406100
:00406581 8BD8
mov ebx, eax
* Possible StringData Ref from Code Obj ->"MSWHEEL_ROLLMSG"
|
:00406583 681C664000
push 0040661C
|
:00406588 E8C3FDFFFF
Call 00406350
:0040658D 8B55FC
:00406590 8902
* Possible StringData Ref from Code Obj ->"MSH_WHEELSUPPORT_MSG"
|
:00406592 682C664000
push 0040662C

|
:00406597 E8B4FDFFFF
Call 00406350
:0040659C 8906
* Possible StringData Ref from Code Obj ->"MSH_SCROLL_LINES_MSG"
|
:0040659E 6844664000
push 00406644
|
:004065A3 E8A8FDFFFF
Call 00406350
:004065A8 8907
:004065AA 833E00
:004065AD 7418
je 004065C7
:004065AF 85DB
test ebx, ebx
:004065B1 7414
je 004065C7
:004065B3 6A00
push 00000000
:004065B5 6A00
push 00000000
:004065B7 8B06
:004065B9 50
push eax
:004065BA 53
push ebx
|
:004065BB E8C8FDFFFF
Call 00406388
:004065C0 8B550C
:004065C3 8902
:004065C5 EB07
jmp 004065CE
|:004065AD(C), :004065B1(C)
|
:004065C7 8B450C
:004065CA 33D2
:004065CC 8910

mov eax, dword ptr [ebp+0C]
xor edx, edx

|:004065C5(U)
|
:004065CE 833F00
:004065D1 7418
je 004065EB
:004065D3 85DB
test ebx, ebx
:004065D5 7414
je 004065EB
:004065D7 6A00
push 00000000
:004065D9 6A00
push 00000000
:004065DB 8B07
:004065DD 50
push eax
:004065DE 53
push ebx
|
:004065DF E8A4FDFFFF
Call 00406388
:004065E4 8B5508
:004065E7 8902
:004065E9 EB09
jmp 004065F4
|:004065D1(C), :004065D5(C)
|
:004065EB 8B4508
:004065EE C70003000000


|:004065E9(U)
|
:004065F4 8BC3
mov eax, ebx
:004065F6 5F
pop edi
:004065F7 5E
pop esi
:004065F8 5B
pop ebx
:004065F9 59
pop ecx
:004065FA 5D
pop ebp
:004065FB C20800
ret 0008
:004065FE 0000
BYTE 2 DUP(0)
:00406600
:00406601
:00406602
:00406603
4D
61
67
65
dec ebp
popad
BYTE 067h
BYTE 065h
:00406604
:00406605
:00406606
:00406607
:00406608
:0040660B
:0040660C
:0040660D
:0040660E
:0040660F
:00406610
6C
6C
61
6E
204D53
57
48
45
45
4C
00000000
insb
insb
popad
outsb
and byte ptr [ebp+53], cl
push edi
dec eax
inc ebp
inc ebp
dec esp
BYTE 4 DUP(0)
:00406614
:00406615
:00406616
:00406618
4D
6F
7573
65
dec ebp
outsd
jne 0040668B
BYTE 065h
:00406619
:0040661A
:0040661C
:0040661D
:0040661E
:0040661F
:00406620
:00406621
:00406622
:00406623
:00406624
:00406625
:00406626
:00406627
:00406628
5A
0000
4D
53
57
48
45
45
4C
5F
52
4F
4C
4C
4D
pop edx
dec ebp
push ebx
push edi
dec eax
inc ebp
inc ebp
dec esp
pop edi
push edx
dec edi
dec esp
dec esp
dec ebp
:00406629
:0040662A
:0040662B
:0040662E
:0040662F
:00406630
:00406631
:00406632
:00406633
:00406634
:00406635
:00406636
:00406637
:00406638
:00406639
:0040663A
:0040663B
:0040663C
:0040663D
:0040663E
:0040663F
:00406640
53
47
004D53
48
5F
57
48
45
45
4C
53
55
50
50
4F
52
54
5F
4D
53
47
00000000
push ebx
inc edi
add byte ptr [ebp+53], cl
dec eax
pop edi
push edi
dec eax
inc ebp
inc ebp
dec esp
push ebx
push ebp
push eax
push eax
dec edi
push edx
push esp
pop edi
dec ebp
push ebx
inc edi
BYTE 4 DUP(0)
:00406644
:00406645
:00406646
:00406647
:00406648
:00406649
:0040664A
:0040664B
:0040664C
:0040664D
:0040664E
:0040664F
:00406650
:00406651
:00406652
:00406653
:00406654
:00406655
:00406656
:00406657
:00406658
4D
53
48
5F
53
43
52
4F
4C
4C
5F
4C
49
4E
45
53
5F
4D
53
47
00000000
dec ebp
push ebx
dec eax
pop edi
push ebx
inc ebx
push edx
dec edi
dec esp
dec esp
pop edi
dec esp
dec ecx
dec esi
inc ebp
push ebx
pop edi
dec ebp
push ebx
inc edi
BYTE 4 DUP(0)
:0040665C
:0040665D
:0040665F
:00406661
:00406662
:00406667
:0040666A
:0040666D
:00406673
:00406675
:00406676
:00406677
:00406678
55
8BEC
33C0
55
6881664000
64FF30
648920
FF05E4344400
33C0
5A
59
59
648910
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 00406681
inc dword ptr [004434E4]
xor eax, eax
pop edx
pop ecx
pop ecx
:0040667B 6888664000
push 00406688
|:00406686(U)
|
:00406680 C3
:00406681 E9F2CBFFFF
:00406686 EBF8
:00406688 5D
:00406689 C3
:0040668A 8BC0
:0040668C 832DE434440001
:00406693 C3
mov eax, eax

sub dword ptr [004434E4], 00000001
ret
:00406694
:00406695
:00406697
:00406699
:0040669A
:0040669F
:004066A2
:004066A5
:004066AB
:004066AD
:004066AE
:004066AF
:004066B0
:004066B3
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 004066B9
xor eax, eax
pop edx
pop ecx
pop ecx
push 004066C0
55
8BEC
33C0
55
68B9664000
64FF30
648920
FF05E8344400
33C0
5A
59
59
648910
68C0664000
ret
jmp 00403278
jmp 00406680
pop ebp
ret
|:004066BE(U)
|
:004066B8 C3
:004066B9 E9BACBFFFF
:004066BE EBF8
:004066C0 5D
:004066C1 C3
:004066C2 8BC0
:004066C4 832DE834440001
:004066CB C3
mov eax, eax

sub dword ptr [004434E8], 00000001
ret
:004066CC
:004066CF
:004066D1
:004066D3
:004066D5
:004066D7
:004066D9
:004066DB
:004066DD
:004066DF
:004066E1
:004066E3
:004066E5
fdiv dword ptr [esp+2*eax]

add al, dh
inc dword ptr [eax]
add al, bl
xor al, 44
add cl, dh
inc dword ptr [eax]
add al, bl
xor al, 44
add dl, dh
inc dword ptr [eax]
add al, bl
xor al, 44
D83444
00F0
FF00
00D8
3444
00F1
FF00
00D8
3444
00F2
FF00
00D8
3444
ret
jmp 00403278
jmp 004066B8
pop ebp
ret
:004066E7
:004066E9
:004066EB
:004066ED
:004066EF
:004066F1
:004066F3
:004066F5
:004066F7
:004066F9
:004066FB
:004066FD
:004066FF
:00406701
:00406703
:00406705
:00406707
:00406709
:0040670B
:0040670D
:0040670F
:00406711
:00406713
:00406715
:00406717
:00406719
:0040671B
:0040671D
:0040671F
:00406721
:00406723
:00406725
:00406727
:00406729
:0040672B
:0040672D
:0040672F
:00406731
:00406733
:00406735
:00406737
:00406739
:0040673B
:0040673D
:0040673F
:00406741
:00406743
:00406745
:00406747
:00406749
:0040674B
:0040674D
:0040674F
:00406751
:00406753
:00406755
:00406757
:00406759
:0040675B
:0040675D
00F3
FF00
00D8
3444
00F4
FF00
00D8
3444
00F5
FF00
00D8
3444
00F6
FF00
00D8
3444
00F7
FF00
00D8
3444
00F8
FF00
00D8
3444
00F9
FF00
00D8
3444
00FA
FF00
00D8
3444
00FB
FF00
00D8
3444
00FC
FF00
00D8
3444
00FD
FF00
00D8
3444
00FE
FF00
00D8
3444
00FF
FF00
00D8
3444
00E0
FF00
00D8
3444
00E1
FF00
00D8
3444
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
bl, dh
dword ptr
al, bl
al, 44
ah, dh
dword ptr
al, bl
al, 44
ch, dh
dword ptr
al, bl
al, 44
dh, dh
dword ptr
al, bl
al, 44
bh, dh
dword ptr
al, bl
al, 44
al, bh
dword ptr
al, bl
al, 44
cl, bh
dword ptr
al, bl
al, 44
dl, bh
dword ptr
al, bl
al, 44
bl, bh
dword ptr
al, bl
al, 44
ah, bh
dword ptr
al, bl
al, 44
ch, bh
dword ptr
al, bl
al, 44
dh, bh
dword ptr
al, bl
al, 44
bh, bh
dword ptr
al, bl
al, 44
al, ah
dword ptr
al, bl
al, 44
cl, ah
dword ptr
al, bl
al, 44
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
:0040675F
:00406761
:00406763
:00406765
:00406767
:00406769
:0040676B
:0040676D
:0040676F
:00406771
:00406773
:00406775
:00406777
:00406779
:0040677B
:0040677D
:0040677F
:00406781
:00406783
:00406785
:00406787
:00406789
:0040678B
:0040678D
:0040678F
:00406791
:00406793
:00406795
:00406797
:00406799
:0040679B
:0040679D
:0040679F
:004067A1
:004067A3
:004067A5
:004067A7
:004067A9
:004067AB
:004067AD
:004067AF
:004067B1
:004067B3
:004067B5
:004067B7
:004067B9
:004067BB
:004067BD
:004067BF
:004067C1
:004067C3
:004067C5
:004067C7
:004067C9
:004067CB
:004067CD
:004067CF
:004067D1
:004067D3
:004067D5
00E2
FF00
00D8
3444
00E3
FF00
00D8
3444
00E4
FF00
00D8
3444
00E5
FF00
00D8
3444
00E6
FF00
00D8
3444
00E7
FF00
00D8
3444
00E8
FF00
00D8
3444
00E9
FF00
00D8
3444
00EA
FF00
00D8
3444
00EB
FF00
00D8
3444
00EC
FF00
00D8
3444
00ED
FF00
00D8
3444
00EE
FF00
00D8
3444
00EF
FF00
00D8
3444
00D0
FF00
00D8
3444
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
dl, ah
dword ptr
al, bl
al, 44
bl, ah
dword ptr
al, bl
al, 44
ah, ah
dword ptr
al, bl
al, 44
ch, ah
dword ptr
al, bl
al, 44
dh, ah
dword ptr
al, bl
al, 44
bh, ah
dword ptr
al, bl
al, 44
al, ch
dword ptr
al, bl
al, 44
cl, ch
dword ptr
al, bl
al, 44
dl, ch
dword ptr
al, bl
al, 44
bl, ch
dword ptr
al, bl
al, 44
ah, ch
dword ptr
al, bl
al, 44
ch, ch
dword ptr
al, bl
al, 44
dh, ch
dword ptr
al, bl
al, 44
bh, ch
dword ptr
al, bl
al, 44
al, dl
dword ptr
al, bl
al, 44
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
:004067D7
:004067D9
:004067DB
:004067DD
:004067DF
:004067E1
:004067E3
:004067E5
:004067E7
:004067E9
:004067EB
:004067ED
:004067EF
:004067F1
:004067F3
:004067F5
:004067F7
:004067F9
:004067FB
:004067FD
:004067FF
:00406801
:00406803
:00406805
:00406807
:00406809
:0040680B
:0040680D
:0040680F
:00406811
:00406813
:00406815
:00406817
:00406819
:0040681B
:0040681D
:0040681F
:00406821
:00406823
:00406825
:00406827
:00406829
:0040682B
:0040682D
:0040682F
:00406831
:00406833
:00406835
:00406837
:00406839
:0040683B
:0040683D
:0040683F
:00406841
:00406843
:00406845
:00406847
:00406849
:0040684B
:0040684D
00D1
FF00
00D8
3444
00D2
FF00
00D8
3444
00D3
FF00
00D8
3444
00D4
FF00
00D8
3444
00D5
FF00
00D8
3444
00D6
FF00
00D8
3444
00D7
FF00
00D8
3444
00D8
FF00
00D8
3444
00D9
FF00
00D8
3444
00DA
FF00
00D8
3444
00DB
FF00
00D8
3444
00DC
FF00
00D8
3444
00DD
FF00
00D8
3444
00DE
FF00
00D8
3444
00DF
FF00
00D8
3444
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
cl, dl
dword ptr
al, bl
al, 44
dl, dl
dword ptr
al, bl
al, 44
bl, dl
dword ptr
al, bl
al, 44
ah, dl
dword ptr
al, bl
al, 44
ch, dl
dword ptr
al, bl
al, 44
dh, dl
dword ptr
al, bl
al, 44
bh, dl
dword ptr
al, bl
al, 44
al, bl
dword ptr
al, bl
al, 44
cl, bl
dword ptr
al, bl
al, 44
dl, bl
dword ptr
al, bl
al, 44
bl, bl
dword ptr
al, bl
al, 44
ah, bl
dword ptr
al, bl
al, 44
ch, bl
dword ptr
al, bl
al, 44
dh, bl
dword ptr
al, bl
al, 44
bh, bl
dword ptr
al, bl
al, 44
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
:0040684F
:00406851
:00406853
:00406855
:00406857
:00406859
:0040685B
:0040685D
:0040685F
:00406861
:00406863
:00406865
:00406867
:00406869
:0040686B
:0040686D
:0040686F
:00406871
:00406873
:00406875
:00406877
:00406879
:0040687B
:0040687D
:0040687F
:00406881
:00406883
:00406885
:00406887
:00406889
:0040688B
:0040688D
:0040688F
:00406891
:00406893
:00406895
:00406897
:00406899
:0040689B
:0040689D
:0040689F
:004068A1
:004068A3
:004068A5
:004068A7
:004068A9
:004068AB
:004068AD
:004068AF
:004068B1
:004068B3
:004068B5
:004068B7
:004068B9
:004068BB
:004068BD
:004068BF
:004068C1
:004068C3
:004068C5
00C0
FF00
00D8
3444
00C1
FF00
00D8
3444
00C2
FF00
00D8
3444
00C3
FF00
00D8
3444
00C4
FF00
00D8
3444
00C5
FF00
00D8
3444
00C6
FF00
00D8
3444
00C7
FF00
00D8
3444
00C8
FF00
00D8
3444
00C9
FF00
00D8
3444
00CA
FF00
00D8
3444
00CB
FF00
00D8
3444
00CC
FF00
00D8
3444
00CD
FF00
00D8
3444
00CE
FF00
00D8
3444
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
add
inc
add
xor
al, al
dword ptr
al, bl
al, 44
cl, al
dword ptr
al, bl
al, 44
dl, al
dword ptr
al, bl
al, 44
bl, al
dword ptr
al, bl
al, 44
ah, al
dword ptr
al, bl
al, 44
ch, al
dword ptr
al, bl
al, 44
dh, al
dword ptr
al, bl
al, 44
bh, al
dword ptr
al, bl
al, 44
al, cl
dword ptr
al, bl
al, 44
cl, cl
dword ptr
al, bl
al, 44
dl, cl
dword ptr
al, bl
al, 44
bl, cl
dword ptr
al, bl
al, 44
ah, cl
dword ptr
al, bl
al, 44
ch, cl
dword ptr
al, bl
al, 44
dh, cl
dword ptr
al, bl
al, 44
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
[eax]
:004068C7
:004068C9
:004068CB
:004068CD
:004068CF
:004068D5
:004068D7
:004068DD
:004068DF
:004068E5
:004068E7
:004068ED
:004068EF
:004068F6
:004068F7
:004068FD
:004068FF
:00406905
:00406907
:0040690D
:0040690F
:00406915
:00406917
:0040691D
:0040691F
:00406925
:00406927
:0040692D
:0040692F
:00406936
:00406937
:0040693D
:0040693F
:00406945
:00406947
:0040694D
:0040694F
:00406951
:00406952
:00406957
:0040695A
:0040695D
:00406963
:00406965
:00406966
:00406967
:00406968
:0040696B
00CF
FF00
00D8
3444
00B0FF0000D8
3444
00B1FF0000D8
3444
00B2FF0000D8
3444
00B3FF0000D8
3444
00B4FF0000D834
44
00B5FF0000D8
3444
00B6FF0000D8
3444
00B7FF0000D8
3444
00B8FF0000D8
3444
00B9FF0000D8
3444
00BAFF0000D8
3444
00BBFF0000D8
3444
00BCFF0000D834
44
00BDFF0000D8
3444
00BEFF0000D8
3444
00BFFF000055
8BEC
33C0
55
6871694000
64FF30
648920
FF05EC344400
33C0
5A
59
59
648910
6878694000
add bh, cl
inc dword ptr [eax]
add al, bl
xor al, 44
add byte ptr [eax+D80000FF], dh
xor al, 44
add byte ptr [ecx+D80000FF], dh
xor al, 44
add byte ptr [edx+D80000FF], dh
xor al, 44
add byte ptr [ebx+D80000FF], dh
xor al, 44
add byte ptr [edi+8*edi+34D80000], dh
inc esp
add byte ptr [ebp+D80000FF], dh
xor al, 44
add byte ptr [esi+D80000FF], dh
xor al, 44
add byte ptr [edi+D80000FF], dh
xor al, 44
add byte ptr [eax+D80000FF], bh
xor al, 44
add byte ptr [ecx+D80000FF], bh
xor al, 44
add byte ptr [edx+D80000FF], bh
xor al, 44
add byte ptr [ebx+D80000FF], bh
xor al, 44
add byte ptr [edi+8*edi+34D80000], bh
inc esp
add byte ptr [ebp+D80000FF], bh
xor al, 44
add byte ptr [esi+D80000FF], bh
xor al, 44
add byte ptr [edi+550000FF], bh
mov ebp, esp
xor eax, eax
push ebp
push 00406971
inc dword ptr [004434EC]
xor eax, eax
pop edx
pop ecx
pop ecx
push 00406978
|:00406976(U)
|
:00406970 C3
:00406971 E902C9FFFF
:00406976 EBF8
:00406978 5D
:00406979 C3
:0040697A 8BC0
mov eax, eax
ret
jmp 00403278
jmp 00406970
pop ebp
ret
:0040697C 832DEC34440001
:00406983 C3
sub dword ptr [004434EC], 00000001

ret
:00406984 D06940
:00406987 000000000000000000
shr byte ptr [ecx+40], 1

BYTE 9 DUP(0)
:00406990 D06940
:00406993 00000000000000000000
:0040699D 00000000000000
shr byte ptr [ecx+40], 1

BYTE 10 DUP(0)
BYTE 7 DUP(0)
:004069A4
:004069A6
:004069A7
:004069AA
E269
40
000C00
0000
loop 00406A0F
inc eax
add byte ptr [eax+eax], cl
:004069AC
:004069B0
:004069B4
:004069B8
:004069BC
:004069C0
:004069C4
:004069C8
:004069CC
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10

|:00406A3E(C)
|
:004069D0 0E
push cs
:004069D1 0000000000
BYTE 5 DUP(0)
:004069D6
:004069D8
:004069DA
:004069DC
:004069DD
:004069E0
:004069E2
:004069E5
:004069E8
:004069EA
:004069EB
0100
0000
7C10
40
000400
0000
094578
636570
7469
6F
6E

jl 004069EC
inc eax
or dword ptr [ebp+78], eax
je 00406A53
outsd
outsb
|:004069DA(C)
|
:004069EC 386A40
:004069EF 00000000000000000000
:004069F9 00000000000000000000
:00406A03 000000000000000000
:00406A0C 386A40
:00406A0F 000C00
cmp byte ptr [edx+40], ch

cmp byte ptr [edx+40], ch

BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00406A12 0000
:00406A14
:00406A18
:00406A1C
:00406A20
:00406A24
:00406A28
:00406A2C
:00406A30
:00406A34
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00406A38
:00406A39
:00406A3A
:00406A3B
:00406A3E
:00406A40
:00406A43
:00406A4D
:00406A57
06
45
41
626F72
7490
8C6A40
00000000000000000000
00000000000000000000
000000000000000000
push es
inc ebp
inc ecx
bound ebp, dword ptr [edi+72]
je 004069D0
mov [edx+40], gs
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:00406A60 8C6A40
:00406A63 0010
:00406A65 000000
mov [edx+40], gs
add byte ptr [eax], dl
BYTE 3 DUP(0)
:00406A68
:00406A6C
:00406A70
:00406A74
:00406A78
:00406A7C
:00406A80
:00406A84
:00406A88
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
28894000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00406A8C
:00406A8D
:00406A8E
:00406A8F
0E
45
48
65
push cs
inc ebp
dec eax
BYTE 065h
:00406A90
:00406A91
:00406A93
:00406A95
61
7045
7863
65
popad
jo 00406AD8
js 00406AF8
BYTE 065h
:00406A96
:00406A98
:00406A9F
:00406AA9
:00406AB3
7074
696F6E90E86A40
00000000000000000000
00000000000000000000
000000000000000000
jo 00406B0C
imul ebp, dword ptr [edi+6E], 406AE890
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00408928
00402C10
:00406ABC E86A400010
:00406AC1 000000
call 1040AB2B
BYTE 3 DUP(0)
:00406AC4
:00406AC8
:00406ACC
:00406AD0
:00406AD4
DWORD
DWORD
DWORD
DWORD
DWORD
406A4000
282E4000
342E4000
382E4000
3C2E4000
00406A40
00402E28
00402E34
00402E38
00402E3C
|:00406A91(C)
|
:00406AD8 302E4000
:00406ADC B42B4000
:00406AE0 28894000
:00406AE4 102C4000
:00406AE8 0C45
:00406AEA 4F
:00406AEB 7574
or al, 45
dec edi
jne 00406B61
DWORD
DWORD
DWORD
DWORD
00402E30
00402BB4
00408928
00402C10

|:00406B4F(C)
|
:00406AED 4F
dec edi
:00406AEE 664D
dec bp
:00406AF0 65
BYTE 065h
:00406AF1
:00406AF2
:00406AF3
:00406AF5
6D
6F
7279
8D4000
insd
outsd
jb 00406B6E
|:00406A93(C)
|
:00406AF8 44
:00406AF9 6B400000
:00406AFD 00000000000000000000
:00406B07 00000000000000000000
:00406B11 00000000000000
:00406B18 44
:00406B19 6B400010
:00406B1D 000000
inc esp
imul eax, dword ptr [eax+00], 00000010
BYTE 3 DUP(0)
:00406B20
:00406B24
:00406B28
:00406B2C
:00406B30
:00406B34
:00406B38
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
inc esp
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 7 DUP(0)
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
:00406B3C C82B4000
:00406B40 102C4000
DWORD 00402BC8
DWORD 00402C10
:00406B44
:00406B47
:00406B48
:00406B49
:00406B4B
:00406B4C
:00406B4E
:00406B4F
:00406B51
:00406B55
:00406B5F
:00406B69
or eax, dword ptr [ebp+49]

outsb
dec edi
jne 00406BBF
inc ebp
jb 00406BC0
outsd
jb 00406AED
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 7 DUP(0)
0B4549
6E
4F
7574
45
7272
6F
729C
6B400000
00000000000000000000
00000000000000000000
00000000000000
:00406B70 9C
:00406B71 6B400010
:00406B75 000000
pushfd
BYTE 3 DUP(0)
:00406B78
:00406B7C
:00406B80
:00406B84
:00406B88
:00406B8C
:00406B90
:00406B94
:00406B98
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:00406B9C 094545
:00406B9F 7874
:00406BA1 65

js 00406C15
BYTE 065h
:00406BA2
:00406BA4
:00406BA5
:00406BA6
:00406BA8
:00406BA9
:00406BAD
:00406BB7
:00406BC1
jb 00406C12
popad
insb
mov eax, eax
hlt
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 7 DUP(0)
726E
61
6C
8BC0
F4
6B400000
00000000000000000000
00000000000000000000
00000000000000
:00406BC8 F4
:00406BC9 6B400010
:00406BCD 000000
hlt
BYTE 3 DUP(0)
:00406BD0 506B4000
:00406BD4 282E4000
:00406BD8 342E4000
DWORD 00406B50
DWORD 00402E28
DWORD 00402E34
:00406BDC
:00406BE0
:00406BE4
:00406BE8
:00406BEC
:00406BF0
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:00406BF4 124545
:00406BF7 7874
:00406BF9 65
adc al, byte ptr [ebp+45]

js 00406C6D
BYTE 065h
:00406BFA
:00406BFC
:00406BFD
:00406BFE
:00406BFF
:00406C01
jb 00406C6A
popad
insb
inc ebp
js 00406C64
BYTE 065h
726E
61
6C
45
7863
65
:00406C02 7074
:00406C04 696F6E90546C40
:00406C0B 00000000000000000000
jo 00406C78
imul ebp, dword ptr [edi+6E], 406C5490
BYTE 10 DUP(0)

|:00406B9F(C)
|
:00406C15 00000000000000000000
BYTE 10 DUP(0)
:00406C1F 000000000000000000
BYTE 9 DUP(0)
:00406C28
:00406C29
:00406C2A
:00406C2B
:00406C2D
54
6C
40
0010
000000
push esp
insb
inc eax
BYTE 3 DUP(0)
:00406C30
:00406C34
:00406C38
:00406C3C
:00406C40
:00406C44
:00406C48
:00406C4C
:00406C50
506B4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00406C54
:00406C57
:00406C58
:00406C5A
:00406C5C
:00406C5D
:00406C5F
:00406C67
:00406C71
094549
6E
7445
7272
6F
728B
C0AC6C4000000000
00000000000000000000
00000000000000000000

outsb
je 00406C9F
jb 00406CCE
outsd
jb 00406BEA
shr byte ptr [esp+2*ebp+00000040], 00
BYTE 10 DUP(0)
BYTE 10 DUP(0)
00406B50
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:00406C7B 0000000000
BYTE 5 DUP(0)
:00406C80
:00406C81
:00406C82
:00406C83
:00406C85
AC
6C
40
0010
000000
lodsb
insb
inc eax
BYTE 3 DUP(0)
:00406C88
:00406C8C
:00406C90
:00406C94
:00406C98
:00406C9C
:00406CA0
:00406CA4
:00406CA8
086C4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00406CAC
:00406CAF
:00406CB6
:00406CB7
:00406CB8
:00406CBA
:00406CBB
:00406CC5
:00406CCF
0A4544
697642795A6572
6F
90
046D
40
00000000000000000000
00000000000000000000
000000000000000000
or al, byte ptr [ebp+44]

imul esi, dword ptr [esi+42], 72655A79
outsd
nop
add al, 6D
inc eax
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00406CD8
:00406CDA
:00406CDB
:00406CDD
046D
40
0010
000000
add al, 6D
inc eax
BYTE 3 DUP(0)
:00406CE0
:00406CE4
:00406CE8
:00406CEC
:00406CF0
:00406CF4
:00406CF8
:00406CFC
:00406D00
086C4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00406D04
:00406D07
:00406D08
:00406D09
:00406D0A
0B4552
61
6E
67
65

popad
outsb
BYTE 067h
BYTE 065h
:00406D0B 45
:00406D0C 7272
00406C08
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
00406C08
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
inc ebp
jb 00406D80
:00406D0E
:00406D0F
:00406D11
:00406D12
:00406D13
:00406D1D
:00406D27
6F
725C
6D
40
00000000000000000000
00000000000000000000
000000000000000000
outsd
jb 00406D6D
insd
inc eax
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00406D30
:00406D31
:00406D32
:00406D33
:00406D35
5C
6D
40
0010
000000
pop esp
insd
inc eax
BYTE 3 DUP(0)
:00406D38
:00406D3C
:00406D40
:00406D44
:00406D48
:00406D4C
:00406D50
086C4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00406C08
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4

|:00406DC2(C)
|
:00406D54 C82B4000
DWORD 00402BC8
:00406D58 102C4000
DWORD 00402C10
:00406D5C
:00406D5E
:00406D5F
:00406D60
:00406D62
:00406D64
:00406D66
:00406D67
0C45
49
6E
744F
7665
7266
6C
6F
or al, 45
dec ecx
outsb
je 00406DB1
jbe 00406DC9
jb 00406DCC
insb
outsd
:00406D68 778D4000
:00406D6C B86D4000
DWORD 00408D77
DWORD 00406DB8
:00406D70 00000000000000000000
:00406D7A 00000000000000000000
:00406D84 0000000000000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
:00406D8C B86D400010
:00406D91 000000
mov eax, 1000406D

BYTE 3 DUP(0)
:00406D94
:00406D98
:00406D9C
:00406DA0
:00406DA4
DWORD
DWORD
DWORD
DWORD
DWORD
506B4000
282E4000
342E4000
382E4000
3C2E4000
00406B50
00402E28
00402E34
00402E38
00402E3C
:00406DA8
:00406DAC
:00406DB0
:00406DB4
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
00402E30
00402BB4
00402BC8
00402C10
:00406DB8
:00406DBB
:00406DBC
:00406DBE
:00406DBF
:00406DC1
:00406DC2
:00406DC4
:00406DC7
:00406DD1
:00406DDB
0A454D
61
7468
45
7272
6F
7290
106E40
00000000000000000000
00000000000000000000
000000000000000000
or al, byte ptr [ebp+4D]

popad
je 00406E26
inc ebp
jb 00406E33
outsd
jb 00406D54
adc byte ptr [esi+40], ch
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00406DE4 106E40
:00406DE7 0010
:00406DE9 000000
adc byte ptr [esi+40], ch

BYTE 3 DUP(0)
:00406DEC
:00406DF0
:00406DF4
:00406DF8
:00406DFC
:00406E00
:00406E04
:00406E08
:00406E0C
6C6D4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00406E10
:00406E13
:00406E14
:00406E16
:00406E17
:00406E1F
:00406E29
0A4549
6E
7661
6C
69644F7090686E40
00000000000000000000
00000000000000000000

outsb
jbe 00406E77
insb
imul esp, dword ptr [edi+2*ecx+70], 406E6890
BYTE 10 DUP(0)
BYTE 10 DUP(0)
00406D6C
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
|:00406DBF(C)
|
:00406E33 000000000000000000
:00406E3C 686E400010
:00406E41 000000
:00406E44
:00406E48
:00406E4C
:00406E50
:00406E54
:00406E58
:00406E5C
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
6C6D4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
BYTE 9 DUP(0)
push 1000406E
BYTE 3 DUP(0)
00406D6C
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
:00406E60 C82B4000
:00406E64 102C4000
DWORD 00402BC8
DWORD 00402C10
:00406E68 0B455A
:00406E6B 65
or eax, dword ptr [ebp+5A]

BYTE 065h
:00406E6C
:00406E6E
:00406E6F
:00406E76
jb 00406EDD
inc esp
imul esi, dword ptr [esi+69], 6EC06564
inc eax
726F
44
6976696465C06E
40
|:00406E14(C)
|
:00406E77 00000000000000000000
:00406E81 00000000000000000000
:00406E8B 000000000000000000
:00406E94 C06E4000
:00406E98 1000
:00406E9A 0000
shr byte ptr [esi+40], 00

adc byte ptr [eax], al
:00406E9C
:00406EA0
:00406EA4
:00406EA8
:00406EAC
:00406EB0
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
6C6D4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
00406D6C
00402E28
00402E34
00402E38
00402E3C
00402E30
|:00406F22(C)
|
:00406EB4 B42B4000
:00406EB8 C82B4000
:00406EBC 102C4000
:00406EC0
:00406EC3
:00406EC5
:00406EC7
:00406EC8
:00406EC9
:00406ECB
:00406ECE
:00406ECF
:00406ED9
:00406EE3
or dword ptr [ebp+4F], eax

jbe 00406F2A
jb 00406F2D
insb
outsd
ja 00406E56
rcr byte ptr [eax], 6F
inc eax
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
09454F
7665
7266
6C
6F
778B
C0186F
40
00000000000000000000
00000000000000000000
000000000000000000
DWORD 00402BB4
DWORD 00402BC8
DWORD 00402C10
:00406EEC 186F40
:00406EEF 0010
:00406EF1 000000
sbb byte ptr [edi+40], ch

BYTE 3 DUP(0)
:00406EF4 6C6D4000
DWORD 00406D6C
:00406EF8
:00406EFC
:00406F00
:00406F04
:00406F08
:00406F0C
:00406F10
:00406F14
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:00406F18 0A4555
:00406F1B 6E
:00406F1C 64

outsb
BYTE 064h
:00406F1D 65
BYTE 065h
:00406F1E
:00406F20
:00406F21
:00406F22
:00406F24
:00406F26
:00406F27
:00406F31
:00406F3B
7266
6C
6F
7790
706F
40
00000000000000000000
00000000000000000000
000000000000000000
jb 00406F86
insb
outsd
ja 00406EB4
jo 00406F95
inc eax
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00406F44
:00406F46
:00406F47
:00406F49
706F
40
0010
000000
jo 00406FB5
inc eax
BYTE 3 DUP(0)
:00406F4C
:00406F50
:00406F54
:00406F58
:00406F5C
:00406F60
:00406F64
:00406F68
:00406F6C
406A4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
28894000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00406F70
:00406F74
:00406F76
:00406F77
:00406F7F
:00406F81
:00406F82
:00406F83
:00406F8D
:00406F97
0F45496E
7661
6C
6964506F696E7465
72CC
6F
40
00000000000000000000
00000000000000000000
000000000000000000
cmovne ecx, dword ptr [ecx+6E]

jbe 00406FD7
insb
imul esp, dword ptr [eax+2*edx+6F], 65746E69
jb 00406F4D
outsd
inc eax
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00406FA0 CC
int 03
00406A40
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00408928
00402C10
:00406FA1
:00406FA2
:00406FA3
:00406FA6
6F
40
000C00
0000
outsd
inc eax
:00406FA8
:00406FAC
:00406FB0
:00406FB4
:00406FB8
:00406FBC
:00406FC0
:00406FC4
:00406FC8
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00406FCC
:00406FCE
:00406FCF
:00406FD0
:00406FD2
:00406FD3
:00406FDB
:00406FDD
:00406FDF
:00406FE9
:00406FF3
0C45
49
6E
7661
6C
6964436173748D40
0028
7040
00000000000000000000
00000000000000000000
000000000000000000
or al, 45
dec ecx
outsb
jbe 00407033
insb
imul esp, dword ptr [ebx+2*eax+61], 408D7473
add byte ptr [eax], ch
jo 0040701F
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:00406FFC 287040
:00406FFF 000C00
:00407002 0000
sub byte ptr [eax+40], dh

:00407004
:00407008
:0040700C
:00407010
:00407014
:00407018
:0040701C
:00407020
:00407024
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00407028
:0040702D
:0040702F
:00407031
:00407032
:00407034
:00407035
:00407037
:0040703F
:00407049
:00407053
0D45436F6E
7665
7274
45
7272
6F
728B
C084704000000000
00000000000000000000
00000000000000000000
0000000000
or eax, 6E6F4345
jbe 00407094
jb 004070A5
inc ebp
jb 004070A6
outsd
jb 00406FC2
rol byte ptr [eax+2*esi+00000040], 00
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 5 DUP(0)
:00407058 847040
:0040705B 0010
:0040705D 000000
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
test byte ptr [eax+40], dh

BYTE 3 DUP(0)
:00407060
:00407064
:00407068
:0040706C
:00407070
:00407074
:00407078
:0040707C
:00407080
506B4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00406B50
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:00407084
:00407087
:0040708A
:0040708C
:0040708D
104541
636365
7373
56
696F6C6174696F
adc byte ptr [ebp+41], al

arpl dword ptr [ebx+65], esp
jnb 004070FF
push esi
imul ebp, dword ptr [edi+6C], 6F697461

|:0040702D(C)
|
:00407094 6E8D4000
DWORD 00408D6E
:00407098 E4704000
DWORD 004070E4
:0040709C 00000000000000000000
BYTE 10 DUP(0)

|:00407032(C)
|
:004070A6 00000000000000000000
BYTE 10 DUP(0)
:004070B0 0000000000000000
BYTE 8 DUP(0)
:004070B8
:004070BA
:004070BB
:004070BD
E470
40
0010
000000
in al, 70
inc eax
BYTE 3 DUP(0)
:004070C0
:004070C4
:004070C8
:004070CC
:004070D0
:004070D4
:004070D8
506B4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00406B50
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4

|:0040714A(C)
|
:004070DC C82B4000
DWORD 00402BC8
:004070E0 102C4000
DWORD 00402C10
:004070E4 0A4550
:004070E7
:004070E9
:004070EB
:004070EC
:004070ED
7269
7669
6C
67
6765
jb 00407152
jbe 00407154
insb
BYTE 067h
BYTE 065h
:004070EF
:004070F0
:004070F2
:004070F3
:004070FD
:00407107
90
3C71
40
00000000000000000000
00000000000000000000
000000000000000000
nop
cmp al,
inc eax
BYTE 10
BYTE 10
BYTE 9
:00407110
:00407112
:00407113
:00407115
3C71
40
0010
000000
cmp al, 71
inc eax
BYTE 3 DUP(0)
:00407118
:0040711C
:00407120
:00407124
:00407128
:0040712C
:00407130
:00407134
:00407138
506B4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040713C
:0040713D
:0040713E
:0040713F
:00407141
:00407144
:00407146
:00407148
:00407149
:0040714A
:0040714C
:0040714D
:0040714F
:00407159
:00407163
0E
45
53
7461
636B4F
7665
7266
6C
6F
7790
98
7140
00000000000000000000
00000000000000000000
000000000000000000
push cs
inc ebp
push ebx
je 004071A2
arpl dword ptr [ebx+4F], ebp
jbe 004071AB
jb 004071AE
insb
outsd
ja 004070DC
cwde
jno 0040718F
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0040716C
:0040716D
:0040716F
:00407171
98
7140
0010
000000
cwde
jno 004071AF
BYTE 3 DUP(0)
:00407174 506B4000
:00407178 282E4000
:0040717C 342E4000
71
DUP(0)
DUP(0)
DUP(0)
00406B50
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
DWORD 00406B50
DWORD 00402E28
DWORD 00402E34
:00407180
:00407184
:00407188
:0040718C
:00407190
:00407194
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:00407198
:0040719B
:0040719C
:0040719D
:0040719F
:004071A0
:004071A1
094543
6F
6E
7472
6F
6C
43

outsd
outsb
je 00407211
outsd
insb
inc ebx
|:0040713F(C)
|
:004071A2 8BC0
:004071A4 F0
:004071A5 7140
:004071A7 00000000000000000000
:004071B1 00000000000000000000
:004071BB 000000000000000000
:004071C4
:004071C5
:004071C7
:004071CA
F0
7140
000C00
0000
lock
jno 00407207
:004071CC
:004071D0
:004071D4
:004071D8
:004071DC
:004071E0
:004071E4
:004071E8
:004071EC
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:004071F0
:004071F5
:004071FC
:004071FD
:004071FF
:00407204
:0040720E
:00407218
0D45566172
69616E74457272
6F
728B
C04C724000
00000000000000000000
00000000000000000000
0000000000000000
or eax, 72615645
imul esp, dword ptr [ecx+6E], 72724574
outsd
jb 0040718A
ror byte ptr [edx+2*esi+40], 00
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
:00407220
:00407221
:00407223
:00407226
4C
7240
000C00
0000
dec esp
jb 00407263
:00407228 84694000
:0040722C 282E4000
mov eax, eax

lock
jno 004071E7
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
DWORD 00406984
DWORD 00402E28
:00407230
:00407234
:00407238
:0040723C
:00407240
:00407244
:00407248
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10

|:004072BA(C)
|
:0040724C 104541
adc byte ptr [ebp+41], al
:0040724F 7373
jnb 004072C4
:00407251 65
BYTE 065h
:00407252 7274
:00407254 696F6E4661696C
:0040725B 65
jb 004072C8
imul ebp, dword ptr [edi+6E], 6C696146
BYTE 065h
:0040725C 648D4000
:00407260 AC724000
DWORD 00408D64
DWORD 004072AC
:00407264 00000000000000000000
:0040726E 00000000000000000000
:00407278 0000000000000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
:00407280
:00407281
:00407283
:00407286
AC
7240
000C00
0000
lodsb
jb 004072C3
:00407288
:0040728C
:00407290
:00407294
:00407298
:0040729C
:004072A0
:004072A4
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
|:00407316(C)
|
:004072A8 102C4000
:004072AC 0E
:004072AD 45
:004072AE 41
:004072AF 627374
:004072B2 7261
:004072B4 63744572
:004072B8 726F
:004072BA 7290
:004072BC 087340
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8

DWORD 00402C10
push cs
inc ebp
inc ecx
bound esi, dword ptr [ebx+74]
jb 00407315
arpl dword ptr [ebp+2*eax+72], esi
jb 00407329
jb 0040724C
or byte ptr [ebx+40], dh
:004072BF 00000000000000000000
:004072C9 00000000000000000000
:004072D3 000000000000000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:004072DC 087340
:004072DF 000C00
:004072E2 0000
or byte ptr [ebx+40], dh

:004072E4
:004072E8
:004072EC
:004072F0
:004072F4
:004072F8
:004072FC
:00407300
:00407304
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00407308
:00407309
:0040730A
:0040730B
:0040730C
:0040730E
:0040730F
:00407310
:00407312
:00407313
0E
45
49
6E
7466
43
61
7374
45
7272
push cs
inc ebp
dec ecx
outsb
je 00407374
inc ebx
popad
jnb 00407386
inc ebp
jb 00407387
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10

|:004072B2(C)
|
:00407315 6F
outsd
:00407316 7290
jb 004072A8
:00407318 64
BYTE 064h
:00407319
:0040731B
:00407325
:0040732F
7340
00000000000000000000
00000000000000000000
000000000000000000
jnb 0040735B
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00407338 64
BYTE 064h
:00407339 7340
:0040733B 0010
:0040733D 000000
jnb 0040737B
BYTE 3 DUP(0)
:00407340
:00407344
:00407348
:0040734C
:00407350
:00407354
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
:00407358 B42B4000
:0040735C C82B4000
:00407360 102C4000
DWORD 00402BB4
DWORD 00402BC8
DWORD 00402C10
:00407364
:00407367
:0040736E
:0040736F
:00407371

imul ebp, dword ptr [esi+33], 72724532
outsd
jb 00407370
BYTE 3 DUP(0ffh)
0B4557
696E3332457272
6F
72FF
FFFFFF
|:0040730C(C)
|
:00407374 0100
:00407376 0000
:00407378 2400
:0040737A 0000
:0040737C 80734000
:00407380 1112
:00407382 54
:00407383 41
:00407384 63746976
:00407388 65
:00407389
:0040738A
:0040738F
:00407390
:00407392
:00407393
:00407395
push esp
push 64616572
inc ecx
jb 00407404
popad
jns 0040739D
BYTE 7 DUP(0)
54
6872656164
41
7272
61
7908
00000000000000

and al, 00
xor byte ptr [ebx+40], 00
adc dword ptr [edx], edx
push esp
inc ecx
arpl dword ptr [ecx+2*ebp+76], esi
BYTE 065h
:0040739C FFFFFFFF
BYTE 4 DUP(0ffh)
:004073A0 EC
:004073A1 7340
:004073A3 000000000000000000
in al, dx
jnb 004073E3
BYTE 9 DUP(0)
:004073AC
:004073AD
:004073AF
:004073B9
in al, dx
jnb 004073EF
BYTE 10 DUP(0)
BYTE 7 DUP(0)
EC
7340
00000000000000000000
00000000000000
:004073C0 FE7340
:004073C3 0038
:004073C5 000000
push [ebx+40]
add byte ptr [eax], bh
BYTE 3 DUP(0)
:004073C8 88104000
:004073CC 282E4000
:004073D0 342E4000
DWORD 00401088
DWORD 00402E28
DWORD 00402E34
:004073D4
:004073D8
:004073DC
:004073E0
:004073E4
:004073E8
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
98984000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00409898
:004073EC 0E
:004073ED 0000000000
push cs
BYTE 5 DUP(0)
:004073F2
:004073F4
:004073F6
:004073F8
:004073F9
:004073FB
0100
0000
7C73
40
0028
000000

jl 0040746B
inc eax
BYTE 3 DUP(0)
:004073FE
:00407400
:00407401
:00407403
:00407405
:00407406
2454
4D
756C
7469
52
65
and al, 54
dec ebp
jne 0040746F
je 0040746E
push edx
BYTE 065h
:00407407 61
:00407408 64
popad
BYTE 064h
:00407409
:0040740A
:0040740C
:0040740D
:0040740F
:00407416
45
7863
6C
7573
69766557726974
65
inc ebp
js 0040746F
insb
jne 00407482
imul esi, dword ptr [esi+65], 74697257
BYTE 065h
:00407417
:00407418
:0040741A
:0040741D
:0040741E
:0040741F
:00407420
:00407421
:00407422
:00407423
53
796E
636872
6F
6E
69
7A
65
72
90
push ebx
jns 00407488
arpl dword ptr [eax+72], ebp
outsd
outsb
BYTE 69h
BYTE 7ah
BYTE 65h
BYTE 72h
BYTE 90h

|:00407B78
|
:00407424 53
push ebx
:00407425 56
push esi
:00407426 57
push edi
:00407427 8BF9
mov edi, ecx
:00407429 8BF2
mov esi, edx
:0040742B
:0040742D
:0040742E
:0040742F
:00407431
:00407433
:00407438
:0040743D
:00407442
:00407443
:00407444
:00407445
8BD8
56
57
8BCB
B201
A1DC6F4000
E86B140000
E86EBEFFFF
5F
5E
5B
C3
:00407446 8BC0
mov ebx, eax

push esi
push edi
mov ecx, ebx
mov dl, 01
mov eax, dword ptr [00406FDC]
call 004088A8
call 004032B0
pop edi
pop esi
pop ebx
ret
mov eax, eax

|:00415D36 , :00415E5C , :00415EF2 , :00416284
|:0041629A , :004162A5 , :0043F8D8
|
:00407448 53
push ebx
:00407449 56
push esi
:0040744A 8BD8
mov ebx, eax
:0040744C 8BC3
mov eax, ebx
:0040744E E841B2FFFF
call 00402694
:00407453 8BF0
mov esi, eax
:00407455 8BC6
mov eax, esi
:00407457 33C9
xor ecx, ecx
:00407459 8BD3
mov edx, ebx
:0040745B E8D8B4FFFF
call 00402938
:00407460 8BC6
mov eax, esi
:00407462 5E
pop esi
:00407463 5B
pop ebx
:00407464 C3
ret
, :0041628F
:00407465 8D4000
:00407468 53
:00407469 A1F4204400

push ebx
mov eax, dword ptr [004420F4]
|:00407403(C)
|
:0040746E 8B10
:00407470 8915F4204400
:00407476 8B154C2A4400
:0040747C 8B4804
:0040747F 890A
:00407481 8B5808
:00407484 BA0C000000
:00407489 E81EB2FFFF
:0040748E FFD3
:00407490 5B
:00407491 C3
:00407492 8BC0
mov eax, eax

|:0043EDC0

mov dword ptr [004420F4], edx
mov edx, dword ptr [00442A4C]
mov ebx, dword ptr [eax+08]
mov edx, 0000000C
call 004026AC
call ebx
pop ebx
ret
|
:00407494
:00407495
:00407497
:0040749C
:004074A1
:004074A7
:004074A9
:004074AF
:004074B1
:004074B4
:004074B7
:004074BC
:004074C1
:004074C7
:004074C8
53
8BD8
B80C000000
E8F3B1FFFF
8B15F4204400
8910
8B154C2A4400
8B12
895004
895808
A3F4204400
A14C2A4400
C70068744000
5B
C3
:004074C9 8D4000
push ebx
mov ebx, eax
mov eax, 0000000C
call 00402694
mov edx, dword ptr [004420F4]
mov edx, dword ptr [00442A4C]
mov dword ptr [004420F4], eax
mov eax, dword ptr [00442A4C]
pop ebx
ret

|:00413484 , :004165D0 , :004215F0 , :0042C2F7
|
:004074CC 56
push esi
:004074CD 57
push edi
:004074CE 89C6
mov esi, eax
:004074D0 89D7
mov edi, edx
:004074D2 89CA
mov edx, ecx
:004074D4 31C0
xor eax, eax
:004074D6 83E203
and edx, 00000003
:004074D9 D1E9
shr ecx, 1
:004074DB D1E9
shr ecx, 1
:004074DD F3
repz
:004074DE A7
cmpsd
:004074DF 7507
jne 004074E8
:004074E1 89D1
mov ecx, edx
:004074E3 F3
repz
:004074E4 A6
cmpsb
:004074E5 7501
jne 004074E8
:004074E7 40
inc eax
, :0042F26E
|:004074DF(C), :004074E5(C)
|
:004074E8 5F
:004074E9 5E
:004074EA C3
:004074EB 90
nop
pop edi
pop esi
ret

|:0040C3A4 , :0040C6F3 , :0040F0D9 , :0040F24C
|:0040F480 , :0040F671 , :004118F3 , :004119C6
|:00436661
|
:004074EC 56
push esi
:004074ED 57
push edi
:004074EE 53
push ebx
:004074EF 89C6
mov esi, eax
, :0040F446
, :0043662D
:004074F1
:004074F3
:004074F5
:004074F7
89D7
09C0
7403
8B40FC
mov edi, edx

or eax, eax
je 004074FA

|:004074F5(C)
|
:004074FA 09D2
or edx, edx
:004074FC 7403
je 00407501
:004074FE 8B52FC
|:004074FC(C)
|
:00407501 89C1
mov ecx, eax
:00407503 39D1
cmp ecx, edx
:00407505 7602
jbe 00407509
:00407507 89D1
mov ecx, edx
|:00407505(C)
|
:00407509 39C9
cmp ecx, ecx
|:00407531(C)
|
:0040750B F3
repz
:0040750C A6
cmpsb
:0040750D 742A
je 00407539
:0040750F 8A5EFF
mov bl, byte ptr [esi-01]
:00407512 80FB61
cmp bl, 61
:00407515 7208
jb 0040751F
:00407517 80FB7A
cmp bl, 7A
:0040751A 7703
ja 0040751F
:0040751C 80EB20
sub bl, 20
|:00407515(C), :0040751A(C)
|
:0040751F 8A7FFF
:00407522 80FF61
:00407525 7208
:00407527 80FF7A
:0040752A 7703
:0040752C 80EF20
|:00407525(C), :0040752A(C)
|
:0040752F 38FB
:00407531 74D8
:00407533 0FB6C3
:00407536 0FB6D7
mov bh, byte ptr [edi-01]

cmp bh, 61
jb 0040752F
cmp bh, 7A
ja 0040752F
sub bh, 20
cmp bl, bh
je 0040750B
movzx eax, bl
movzx edx, bh

|:0040750D(C)
|
:00407539 29D0
sub eax, edx
:0040753B
:0040753C
:0040753D
:0040753E
5B
5F
5E
C3
:0040753F 90
pop ebx
pop edi
pop esi
ret
nop

|:00409196 , :00416976
|
:00407540 53
push ebx
:00407541 56
push esi
:00407542 57
push edi
:00407543 8BFA
mov edi, edx
:00407545 8BF0
mov esi, eax
:00407547 8BC6
mov eax, esi
:00407549 E8E6C4FFFF
call 00403A34
:0040754E 8BD8
mov ebx, eax
:00407550 8BC6
mov eax, esi
:00407552 E8A1C6FFFF
call 00403BF8
:00407557 8BD0
mov edx, eax
:00407559 8BC7
mov eax, edi
:0040755B 8BCB
mov ecx, ebx
:0040755D E83AC3FFFF
call 0040389C
:00407562 85DB
test ebx, ebx
:00407564 7E09
jle 0040756F
:00407566 53
push ebx
:00407567 8B07
:00407569 50
push eax
* Reference To: user32.CharLowerBuffA, Ord:0000h
|
:0040756A E8A9EAFFFF
Call 00406018
|:00407564(C)
|
:0040756F 5F
pop edi
:00407570 5E
pop esi
:00407571 5B
pop ebx
:00407572 C3
ret
:00407573 90
nop

|:0040DA0B , :0040E27D , :0040E658 , :0040E66D
|:004275E5 , :00427687 , :004309D8 , :0043326E
|:0043CAD6
|
:00407574 53
push ebx
:00407575 56
push esi
:00407576 8BF2
mov esi, edx
:00407578 8BD8
mov ebx, eax
:0040757A 8BC6
mov eax, esi
:0040757C E8B3C4FFFF
call 00403A34
:00407581 50
push eax
:00407582 8BC6
mov eax, esi
:00407584 E86FC6FFFF
call 00403BF8
, :004140A7
, :00436BC6
:00407589
:0040758A
:0040758C
:00407591
:00407592
:00407594
:00407599
:0040759A
:0040759C
50
8BC3
E8A3C4FFFF
50
8BC3
E85FC6FFFF
50
6A01
6800040000
push eax
mov eax, ebx
call 00403A34
push eax
mov eax, ebx
call 00403BF8
push eax
push 00000001
push 00000400

|
:004075A1 E88AE6FFFF
Call 00405C30
:004075A6 83E802
sub eax, 00000002
:004075A9 5E
pop esi
:004075AA 5B
pop ebx
:004075AB C3
ret

|:0043090A
|
:004075AC 53
push ebx
:004075AD 56
push esi
:004075AE 57
push edi
:004075AF 8BD9
mov ebx, ecx
:004075B1 8BFA
mov edi, edx
:004075B3 8BF0
mov esi, eax
:004075B5 53
push ebx
:004075B6 57
push edi
:004075B7 53
push ebx
:004075B8 56
push esi
:004075B9 6A01
push 00000001
:004075BB 6800040000
push 00000400
|
:004075C0 E86BE6FFFF
Call 00405C30
:004075C5 83E802
sub eax, 00000002
:004075C8 5F
pop edi
:004075C9 5E
pop esi
:004075CA 5B
pop ebx
:004075CB C3
ret

|:00411A12
|
:004075CC 53
push ebx
:004075CD 56
push esi
:004075CE 57
push edi
:004075CF 8BF0
mov esi, eax
:004075D1 33DB
xor ebx, ebx
:004075D3 8BC6
mov eax, esi
:004075D5 E85AC4FFFF
call 00403A34
:004075DA 85C0
test eax, eax
:004075DC 744B
je 00407629
:004075DE 8A06
:004075E0
:004075E2
:004075E4
:004075E6
:004075E8
:004075EA
:004075EC
:004075EE
04BF
2C1A
720A
2C04
7406
04FE
2C1A
7339
add al, BF
sub al, 1A
jb 004075F0
sub al, 04
je 004075F0
add al, FE
sub al, 1A
jnb 00407629
|:004075E4(C), :004075E8(C)
|
:004075F0 8BC6
:004075F2 E83DC4FFFF
:004075F7 83E802
:004075FA 7C2B
:004075FC 40
:004075FD BF02000000
|:00407625(C)
|
:00407602 8A543EFF
:00407606 80C2D0
:00407609 80EA0A
:0040760C 7215
:0040760E 80C2F9
:00407611 80EA1A
:00407614 720D
:00407616 80EA04
:00407619 7408
:0040761B 80C2FE
:0040761E 80EA1A
:00407621 7306
mov eax, esi

call 00403A34
sub eax, 00000002
jl 00407627
inc eax
mov edi, 00000002
mov dl, byte ptr [esi+edi-01]

add dl, D0
sub dl, 0A
jb 00407623
add dl, F9
sub dl, 1A
jb 00407623
sub dl, 04
je 00407623
add dl, FE
sub dl, 1A
jnb 00407629

|:0040760C(C), :00407614(C), :00407619(C)
|
:00407623 47
inc edi
:00407624 48
dec eax
:00407625 75DB
jne 00407602
|:004075FA(C)
|
:00407627 B301
mov bl, 01
|:004075DC(C), :004075EE(C), :00407621(C)
|
:00407629 8BC3
mov eax, ebx
:0040762B 5F
pop edi
:0040762C 5E
pop esi
:0040762D 5B
pop ebx
:0040762E C3
ret
:0040762F 90
nop
|:00430822
|
:00407630 83C4F8
:00407633 6A00
:00407635 89442404
:00407639 C644240800
:0040763E 8D4C2404
:00407642 8BC2
:00407644 BA5C764000
:00407649 E8CA090000
:0040764E 59
:0040764F 5A
:00407650 C3
add esp, FFFFFFF8

push 00000000
mov [esp+08], 00
mov eax, edx
mov edx, 0040765C
call 00408018
pop ecx
pop edx
ret
:00407651 000000
BYTE 3 DUP(0)
:00407654 FFFFFFFF
BYTE 4 DUP(0ffh)
:00407658
:0040765A
:0040765C
:0040765D
:0040765E
:0040765F
add al, byte ptr [eax]

BYTE 25h
BYTE 64h
BYTE 00h
BYTE 00h
0200
0000
25
64
00
00

|:004083B0 , :0040845A , :004093D1 , :004093F5 , :0040943F
|:00409537 , :00409576 , :00409599
|
:00407660 53
push ebx
:00407661 51
push ecx
:00407662 8BDA
mov ebx, edx
:00407664 8BD4
mov edx, esp
:00407666 E8EDB2FFFF
call 00402958
:0040766B 833C2400
:0040766F 7402
je 00407673
:00407671 8BC3
mov eax, ebx
|:0040766F(C)
|
:00407673 5A
pop edx
:00407674 5B
pop ebx
:00407675 C3
ret
:00407676 8BC0
mov eax, eax

|:0040E9B2
|
:00407678 53
push ebx
:00407679 56
push esi
:0040767A 8BDA
mov ebx, edx
:0040767C 8BF0
mov esi, eax
:0040767E 6A00
push 00000000
:00407680
:00407685
:00407687
:00407689
:0040768B
:00407690
:00407693
:0040769A
:0040769B
:0040769E
:004076A5
:004076A6
:004076A8
:004076AD
6880000000
6A03
6A00
8BC3
25F0000000
C1E804
8B048504214400
50
83E303
8B049DF8204400
50
8BC6
E84BC5FFFF
50
push 00000080
push 00000003
push 00000000
mov eax, ebx
and eax, 000000F0
shr eax, 04
mov eax, dword ptr [4*eax+00442104]
push eax
and ebx, 00000003
mov eax, dword ptr [4*ebx+004420F8]
push eax
mov eax, esi
call 00403BF8
push eax

|
:004076AE E88DE5FFFF
Call 00405C40
:004076B3 5E
pop esi
:004076B4 5B
pop ebx
:004076B5 C3
ret
:004076B6 8BC0
mov eax, eax

|:0040E96F
|
:004076B8 53
push ebx
:004076B9 8BD8
mov ebx, eax
:004076BB 6A00
push 00000000
:004076BD 6880000000
push 00000080
:004076C2 6A02
push 00000002
:004076C4 6A00
push 00000000
:004076C6 6A00
push 00000000
:004076C8 68000000C0
push C0000000
:004076CD 8BC3
mov eax, ebx
:004076CF E824C5FFFF
call 00403BF8
:004076D4 50
push eax
|
:004076D5 E866E5FFFF
Call 00405C40
:004076DA 5B
pop ebx
:004076DB C3
ret

|:0040E8EB
|
:004076DC 53
push ebx
:004076DD 56
push esi
:004076DE 57
push edi
:004076DF 51
push ecx
:004076E0 8BF9
mov edi, ecx
:004076E2 8BF2
mov esi, edx
:004076E4 8BD8
mov ebx, eax
:004076E6 6A00
push 00000000
:004076E8 8D442404
:004076EC
:004076ED
:004076EE
:004076EF
50
57
56
53
push
push
push
push
eax
edi
esi
ebx

|
:004076F0 E873E6FFFF
Call 00405D68
:004076F5 85C0
test eax, eax
:004076F7 7507
jne 00407700
:004076F9 C70424FFFFFFFF
mov dword ptr [esp], FFFFFFFF
|:004076F7(C)
|
:00407700 8B0424
:00407703 5A
pop edx
:00407704 5F
pop edi
:00407705 5E
pop esi
:00407706 5B
pop ebx
:00407707 C3
ret

|:0040E8FB
|
:00407708 53
push ebx
:00407709 56
push esi
:0040770A 57
push edi
:0040770B 51
push ecx
:0040770C 8BF9
mov edi, ecx
:0040770E 8BF2
mov esi, edx
:00407710 8BD8
mov ebx, eax
:00407712 6A00
push 00000000
:00407714 8D442404
:00407718 50
push eax
:00407719 57
push edi
:0040771A 56
push esi
:0040771B 53
push ebx
|
:0040771C E89FE6FFFF
Call 00405DC0
:00407721 85C0
test eax, eax
:00407723 7507
jne 0040772C
:00407725 C70424FFFFFFFF
|:00407723(C)
|
:0040772C 8B0424
:0040772F 5A
pop edx
:00407730 5F
pop edi
:00407731 5E
pop esi
:00407732 5B
pop ebx
:00407733 C3
ret

|:0040E90E
|
:00407734 51
push ecx
:00407735 6A00
push 00000000
:00407737 52
push edx
:00407738 50
push eax
|
:00407739 E84AE6FFFF
Call 00405D88
:0040773E C3
ret
:0040773F 90
nop

|:0040EA42
|
:00407740 50
push eax
|
:00407741 E8E2E4FFFF
Call 00405C28
:00407746 C3
ret
:00407747 90
nop

|:0043F088
|
:00407748 53
push ebx
:00407749 56
push esi
:0040774A 57
push edi
:0040774B 8BF0
mov esi, eax
:0040774D 8BC6
mov eax, esi
:0040774F E8E0C2FFFF
call 00403A34
:00407754 8BD8
mov ebx, eax
:00407756 85DB
test ebx, ebx
:00407758 7414
je 0040776E
:0040775A 8D7C1EFF
lea edi, dword ptr [esi+ebx-01]
:0040775E 8BD3
mov edx, ebx
:00407760 8BC6
mov eax, esi
:00407762 E839190000
call 004090A0
:00407767 3C02
cmp al, 02
:00407769 7505
jne 00407770
:0040776B 4F
dec edi
:0040776C EB02
jmp 00407770
|:00407758(C)
|
:0040776E 33FF
xor edi, edi
|:00407769(C), :0040776C(U)
|
:00407770 8BC7
mov eax, edi
:00407772 5F
pop edi
:00407773 5E
:00407774 5B
:00407775 C3
pop esi
pop ebx
ret
:00407776 8BC0
mov eax, eax

|:004077D6 , :0040780E
|
:00407778 53
push ebx
:00407779 56
push esi
:0040777A 57
push edi
:0040777B 55
push ebp
:0040777C 8BF2
mov esi, edx
:0040777E 8BD8
mov ebx, eax
:00407780 8BC6
mov eax, esi
:00407782 E8ADC2FFFF
call 00403A34
:00407787 8BF8
mov edi, eax
:00407789 8BC3
mov eax, ebx
:0040778B E868C4FFFF
call 00403BF8
:00407790 8BE8
mov ebp, eax
:00407792 85FF
test edi, edi
:00407794 7E28
jle 004077BE
|:004077BC(C)
|
:00407796 8A5C3EFF
:0040779A 84DB
:0040779C 741B
:0040779E 8BD3
:004077A0 8BC5
:004077A2 E8B5020000
:004077A7 85C0
:004077A9 740E
:004077AB 8BD7
:004077AD 8BC6
:004077AF E8EC180000
:004077B4 3C02
:004077B6 7506
:004077B8 4F
|:0040779C(C), :004077A9(C)
|
:004077B9 4F
:004077BA 85FF
:004077BC 7FD8
|:00407794(C), :004077B6(C)
|
:004077BE 8BC7
:004077C0 5D
:004077C1 5F
:004077C2 5E
:004077C3 5B
:004077C4 C3
mov bl, byte ptr [esi+edi-01]

test bl, bl
je 004077B9
mov edx, ebx
mov eax, ebp
call 00407A5C
test eax, eax
je 004077B9
mov edx, edi
mov eax, esi
call 004090A0
cmp al, 02
jne 004077BE
dec edi
dec edi
test edi, edi
jg 00407796
mov
pop
pop
pop
pop
ret
eax, edi
ebp
edi
esi
ebx
:004077C5 8D4000

|:00408CD0
|
:004077C8 53
push ebx
:004077C9 56
push esi
:004077CA 57
push edi
:004077CB 8BFA
mov edi, edx
:004077CD 8BD8
mov ebx, eax
:004077CF 8BD3
mov edx, ebx
:004077D1 B8FC774000
mov eax, 004077FC
:004077D6 E89DFFFFFF
call 00407778
:004077DB 8BF0
mov esi, eax
:004077DD 57
push edi
:004077DE 8D5601
:004077E1 B9FFFFFF7F
mov ecx, 7FFFFFFF
:004077E6 8BC3
mov eax, ebx
:004077E8 E84BC4FFFF
call 00403C38
:004077ED 5F
pop edi
:004077EE 5E
pop esi
:004077EF 5B
pop ebx
:004077F0 C3
ret
:004077F1 000000
BYTE 3 DUP(0)
:004077F4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004077F8
:004077FA
:004077FC
:004077FD
:004077FF

pop esp
cmp al, byte ptr [eax]
BYTE 00h
0200
0000
5C
3A00
00

|:004176F8
|
:00407800 53
push ebx
:00407801 56
push esi
:00407802 57
push edi
:00407803 8BFA
mov edi, edx
:00407805 8BF0
mov esi, eax
:00407807 8BD6
mov edx, esi
* Possible StringData Ref from Code Obj ->".\:"
|
:00407809 B844784000
mov eax, 00407844
:0040780E E865FFFFFF
call 00407778
:00407813 8BD8
mov ebx, eax
:00407815 85DB
test ebx, ebx
:00407817 7E18
jle 00407831
:00407819 807C1EFF2E
cmp byte ptr [esi+ebx-01], 2E
:0040781E 7511
jne 00407831
:00407820 57
push edi
:00407821 B9FFFFFF7F
mov ecx, 7FFFFFFF
:00407826
:00407828
:0040782A
:0040782F
8BD3
8BC6
E809C4FFFF
EB07
mov edx, ebx

mov eax, esi
call 00403C38
jmp 00407838

|:00407817(C), :0040781E(C)
|
:00407831 8BC7
mov eax, edi
:00407833 E880BFFFFF
call 004037B8
|:0040782F(U)
|
:00407838 5F
pop edi
:00407839 5E
pop esi
:0040783A 5B
pop ebx
:0040783B C3
ret
:0040783C FFFFFFFF
BYTE 4 DUP(0ffh)
:00407840 0300
:00407842 0000
:00407844 2E

BYTE 02eh
:00407845
:00407846
:00407848
:00407849
:0040784B
:0040784E
:0040784F
:00407852
:00407854
:00407856
pop esp
cmp al, byte ptr [eax]
push ebp
mov ebp, esp
add esp, FFFFFFE8
push ebx
test eax, eax
jne 00407858
xor eax, eax
5C
3A00
55
8BEC
83C4E8
53
8B4508
85C0
7502
33C0

|:00407854(C)
|
:00407858 8D55F0
:0040785B 52
push edx
:0040785C 8D55F4
lea edx, dword ptr [ebp-0C]
:0040785F 52
push edx
:00407860 8D55F8
:00407863 52
push edx
:00407864 8D55FC
:00407867 52
push edx
:00407868 50
push eax
* Reference To: kernel32.GetDiskFreeSpaceA, Ord:0000h
|
:00407869 E832E4FFFF
Call 00405CA0
:0040786E 8BD8
mov ebx, eax
:00407870 8B45FC
:00407873 F76DF8
imul [ebp-08]
:00407876 33D2
xor edx, edx
:00407878 8945E8
:0040787B
:0040787E
:00407881
:00407883
:00407884
:00407885
:00407888
:0040788B
:00407890
:00407893
:00407895
:00407898
:0040789B
:0040789D
:0040789E
:0040789F
:004078A2
:004078A5
:004078AA
:004078AD
:004078AF
:004078B2
:004078B4
:004078B5
:004078B7
:004078B8
8955EC
8B45F4
33D2
52
50
8B45E8
8B55EC
E824DEFFFF
8B4D0C
8901
895104
8B45F0
33D2
52
50
8B45E8
8B55EC
E80ADEFFFF
8B4D10
8901
895104
8BC3
5B
8BE5
5D
C21000
:004078BB 90

xor edx, edx
push edx
push eax
call 004056B4
mov ecx, dword ptr [ebp+0C]
xor edx, edx
push edx
push eax
call 004056B4
mov eax, ebx
pop ebx
mov esp, ebp
pop ebp
ret 0010
nop

|:00407AFF , :00407FAA , :00407FDE , :00408364
|:004087DD , :004091C6 , :004091D0 , :004243C4
|:004334A5
|
:004078BC 89FA
mov edx, edi
:004078BE 89C7
mov edi, eax
:004078C0 B9FFFFFFFF
mov ecx, FFFFFFFF
:004078C5 30C0
xor al, al
:004078C7 F2
repnz
:004078C8 AE
scasb
:004078C9 B8FEFFFFFF
mov eax, FFFFFFFE
:004078CE 29C8
sub eax, ecx
:004078D0 89D7
mov edi, edx
:004078D2 C3
ret
:004078D3 90
, :00408727
, :004243DE
nop

|:00432EC2
|
:004078D4 89FA
mov edx, edi
:004078D6 89C7
mov edi, eax
:004078D8 B9FFFFFFFF
mov ecx, FFFFFFFF
:004078DD 30C0
xor al, al
:004078DF F2
repnz
:004078E0 AE
scasb
:004078E1 8D47FF
lea eax, dword ptr [edi-01]
:004078E4 89D7
mov edi, edx
:004078E6 C3
ret
:004078E7 90
nop

|:00407B12 , :00407B57
|
:004078E8 56
push esi
:004078E9 57
push edi
:004078EA 89D6
mov esi, edx
:004078EC 89C7
mov edi, eax
:004078EE 89CA
mov edx, ecx
:004078F0 39F7
cmp edi, esi
:004078F2 7711
ja 00407905
:004078F4 742B
je 00407921
:004078F6 C1E902
shr ecx, 02
:004078F9 F3
repz
:004078FA A5
movsd
:004078FB 89D1
mov ecx, edx
:004078FD 83E103
and ecx, 00000003
:00407900 F3
repz
:00407901 A4
movsb
:00407902 5F
pop edi
:00407903 5E
pop esi
:00407904 C3
ret
|:004078F2(C)
|
:00407905 8D740EFF
:00407909 8D7C0FFF
:0040790D 83E103
:00407910 FD
:00407911 F3
:00407912 A4
:00407913 83EE03
:00407916 83EF03
:00407919 89D1
:0040791B C1E902
:0040791E F3
:0040791F A5
:00407920 FC

lea esi,
lea edi,
and ecx,
std
repz
movsb
sub esi,
sub edi,
mov ecx,
shr ecx,
repz
movsd
cld
dword ptr [esi+ecx-01]

dword ptr [edi+ecx-01]
00000003
00000003
00000003
edx
02

|:004078F4(C)
|
:00407921 5F
pop edi
:00407922 5E
pop esi
:00407923 C3
ret

|:0043DB7A
|
:00407924 57
push edi
:00407925 56
push esi
:00407926
:00407928
:0040792A
:0040792F
:00407931
:00407932
:00407933
:00407935
:00407937
:00407939
:0040793B
:0040793D
:00407940
:00407941
:00407942
:00407944
:00407947
:00407948
:00407949
:0040794A
:0040794B
89C6
89D7
B9FFFFFFFF
30C0
F2
AE
F7D1
89F7
89D6
89CA
89F8
C1E902
F3
A5
89D1
83E103
F3
A4
5E
5F
C3
mov esi, eax

mov edi, edx
mov ecx, FFFFFFFF
xor al, al
repnz
scasb
not ecx
mov edi, esi
mov esi, edx
mov edx, ecx
mov eax, edi
shr ecx, 02
repz
movsd
mov ecx, edx
and ecx, 00000003
repz
movsb
pop esi
pop edi
ret

|:00432EE8 , :00432EFD , :00432F12 , :00432F20
|
:0040794C 57
push edi
:0040794D 56
push esi
:0040794E 89C6
mov esi, eax
:00407950 89D7
mov edi, edx
:00407952 B9FFFFFFFF
mov ecx, FFFFFFFF
:00407957 30C0
xor al, al
:00407959 F2
repnz
:0040795A AE
scasb
:0040795B F7D1
not ecx
:0040795D 89F7
mov edi, esi
:0040795F 89D6
mov esi, edx
:00407961 89CA
mov edx, ecx
:00407963 C1E902
shr ecx, 02
:00407966 F3
repz
:00407967 A5
movsd
:00407968 89D1
mov ecx, edx
:0040796A 83E103
and ecx, 00000003
:0040796D F3
repz
:0040796E A4
movsb
:0040796F 8D47FF
:00407972 5E
pop esi
:00407973 5F
pop edi
:00407974 C3
ret
:00407975 8D4000

|:004079C6 , :004079E6 , :004086FB , :0041DCC3
|
:00407978 57
push edi
:00407979 56
push esi
:0040797A 53
push ebx
, :004243BF
:0040797B
:0040797D
:0040797F
:00407981
:00407983
:00407985
:00407987
:00407988
:00407989
:0040798B
89C6
89D7
89CB
30C0
85C9
7405
F2
AE
7501
41
mov esi, eax

mov edi, edx
mov ebx, ecx
xor al, al
test ecx, ecx
je 0040798C
repnz
scasb
jne 0040798C
inc ecx
|:00407985(C), :00407989(C)
|
:0040798C 29CB
:0040798E 89F7
:00407990 89D6
:00407992 89FA
:00407994 89D9
:00407996 C1E902
:00407999 F3
:0040799A A5
:0040799B 89D9
:0040799D 83E103
:004079A0 F3
:004079A1 A4
:004079A2 AA
:004079A3 89D0
:004079A5 5B
:004079A6 5E
:004079A7 5F
:004079A8 C3
:004079A9 8D4000
sub ebx,
mov edi,
mov esi,
mov edx,
mov ecx,
shr ecx,
repz
movsd
mov ecx,
and ecx,
repz
movsb
stosb
mov eax,
pop ebx
pop esi
pop edi
ret
ecx
esi
edx
edi
ebx
02
ebx
00000003
edx

|:004140C3 , :004140DE , :004262ED
|
:004079AC 53
push ebx
:004079AD 56
push esi
:004079AE 8BDA
mov ebx, edx
:004079B0 8BF0
mov esi, eax
:004079B2 8BC3
mov eax, ebx
:004079B4 E87BC0FFFF
call 00403A34
:004079B9 50
push eax
:004079BA 8BC3
mov eax, ebx
:004079BC E837C2FFFF
call 00403BF8
:004079C1 8BD0
mov edx, eax
:004079C3 8BC6
mov eax, esi
:004079C5 59
pop ecx
:004079C6 E8ADFFFFFF
call 00407978
:004079CB 5E
pop esi
:004079CC 5B
pop ebx
:004079CD C3
ret
:004079CE 8BC0
mov eax, eax
|:0043349D
|
:004079D0 53
:004079D1 56
:004079D2 57
:004079D3 8BF9
:004079D5 8BF2
:004079D7 8BD8
:004079D9 8BC6
:004079DB E818C2FFFF
:004079E0 8BD0
:004079E2 8BCF
:004079E4 8BC3
:004079E6 E88DFFFFFF
:004079EB 5F
:004079EC 5E
:004079ED 5B
:004079EE C3
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov eax, esi
call 00403BF8
mov edx, eax
mov ecx, edi
mov eax, ebx
call 00407978
pop edi
pop esi
pop ebx
ret
:004079EF 90
nop

|:00432FA7
|
:004079F0 57
push edi
:004079F1 56
push esi
:004079F2 89D7
mov edi, edx
:004079F4 89C6
mov esi, eax
:004079F6 B9FFFFFFFF
mov ecx, FFFFFFFF
:004079FB 31C0
xor eax, eax
:004079FD F2
repnz
:004079FE AE
scasb
:004079FF F7D1
not ecx
:00407A01 89D7
mov edi, edx
:00407A03 31D2
xor edx, edx
:00407A05 F3
repz
:00407A06 A6
cmpsb
:00407A07 8A46FF
mov al, byte ptr [esi-01]
:00407A0A 8A57FF
mov dl, byte ptr [edi-01]
:00407A0D 29D0
sub eax, edx
:00407A0F 5E
pop esi
:00407A10 5F
pop edi
:00407A11 C3
ret
:00407A12 8BC0
mov eax, eax

|:00408511 , :00408537 , :0040855F
|
:00407A14 57
push edi
:00407A15 56
push esi
:00407A16 53
push ebx
:00407A17 89D7
mov edi, edx
:00407A19 89C6
mov esi, eax
:00407A1B 89CB
mov ebx, ecx
:00407A1D 31C0
xor eax, eax
:00407A1F 09C9
or ecx, ecx
:00407A21 7432
je 00407A55
:00407A23
:00407A24
:00407A25
:00407A27
:00407A29
:00407A2B
F2
AE
29CB
89D9
89D7
31D2
repnz
scasb
sub ebx,
mov ecx,
mov edi,
xor edx,
ecx
ebx
edx
edx

|:00407A53(C)
|
:00407A2D F3
repz
:00407A2E A6
cmpsb
:00407A2F 7424
je 00407A55
:00407A31 8A46FF
mov al, byte ptr [esi-01]
:00407A34 80F861
cmp al, 61
:00407A37 7208
jb 00407A41
:00407A39 80F87A
cmp al, 7A
:00407A3C 7703
ja 00407A41
:00407A3E 80E820
sub al, 20
|:00407A37(C), :00407A3C(C)
|
:00407A41 8A57FF
:00407A44 80FA61
:00407A47 7208
:00407A49 80FA7A
:00407A4C 7703
:00407A4E 80EA20

mov dl, byte ptr [edi-01]
cmp dl, 61
jb 00407A51
cmp dl, 7A
ja 00407A51
sub dl, 20

|:00407A47(C), :00407A4C(C)
|
:00407A51 29D0
sub eax, edx
:00407A53 74D8
je 00407A2D
|:00407A21(C), :00407A2F(C)
|
:00407A55 5B
:00407A56 5E
:00407A57 5F
:00407A58 C3
:00407A59 8D4000
pop ebx
pop esi
pop edi
ret

|:004077A2 , :00409273 , :00409297
|
:00407A5C 57
push edi
:00407A5D 50
push eax
:00407A5E 89C7
mov edi, eax
:00407A60 B9FFFFFFFF
mov ecx, FFFFFFFF
:00407A65 30C0
xor al, al
:00407A67 F2
repnz
:00407A68 AE
scasb
:00407A69 F7D1
not ecx
:00407A6B 5F
pop edi
:00407A6C 88D0
mov al, dl
:00407A6E
:00407A6F
:00407A70
:00407A75
:00407A77
:00407A79
F2
AE
B800000000
7503
89F8
48
repnz
scasb
mov eax, 00000000
jne 00407A7A
mov eax, edi
dec eax

|:00407A75(C)
|
:00407A7A 5F
pop edi
:00407A7B C3
ret

|:004091DB , :0040921C
|
:00407A7C 57
push edi
:00407A7D 56
push esi
:00407A7E 53
push ebx
:00407A7F 09C0
or eax, eax
:00407A81 7444
je 00407AC7
:00407A83 09D2
or edx, edx
:00407A85 7440
je 00407AC7
:00407A87 89C3
mov ebx, eax
:00407A89 89D7
mov edi, edx
:00407A8B 30C0
xor al, al
:00407A8D B9FFFFFFFF
mov ecx, FFFFFFFF
:00407A92 F2
repnz
:00407A93 AE
scasb
:00407A94 F7D1
not ecx
:00407A96 49
dec ecx
:00407A97 742E
je 00407AC7
:00407A99 89CE
mov esi, ecx
:00407A9B 89DF
mov edi, ebx
mov ecx, FFFFFFFF
:00407AA2 F2
repnz
:00407AA3 AE
scasb
:00407AA4 F7D1
not ecx
:00407AA6 29F1
sub ecx, esi
:00407AA8 761D
jbe 00407AC7
:00407AAA 89DF
mov edi, ebx
:00407AAC 8D5EFF
lea ebx, dword ptr [esi-01]
|:00407AC0(C)
|
:00407AAF 89D6
mov esi, edx
:00407AB1 AC
lodsb
:00407AB2 F2
repnz
:00407AB3 AE
scasb
:00407AB4 7511
jne 00407AC7
:00407AB6 89C8
mov eax, ecx
:00407AB8 57
push edi
:00407AB9 89D9
mov ecx, ebx
:00407ABB F3
repz
:00407ABC A6
cmpsb
:00407ABD 5F
pop edi
:00407ABE 89C1
mov ecx, eax
:00407AC0 75ED
:00407AC2 8D47FF
:00407AC5 EB02
jne 00407AAF
jmp 00407AC9

|:00407A81(C), :00407A85(C), :00407A97(C), :00407AA8(C), :00407AB4(C)
|
:00407AC7 31C0
xor eax, eax
|:00407AC5(U)
|
:00407AC9 5B
pop ebx
:00407ACA 5E
pop esi
:00407ACB 5F
pop edi
:00407ACC C3
ret
:00407ACD 8D4000

|:00407B09 , :0041DC85 , :0041DD2D , :004264ED
|
:00407AD0 53
push ebx
:00407AD1 8BD8
mov ebx, eax
:00407AD3 83C304
add ebx, 00000004
:00407AD6 8BC3
mov eax, ebx
:00407AD8 E8B7ABFFFF
call 00402694
:00407ADD 8918
:00407ADF 83C004
add eax, 00000004
:00407AE2 5B
pop ebx
:00407AE3 C3
ret

|:0041DC9E , :0041DD46 , :004264F9
|
:00407AE4 83E804
sub eax, 00000004
:00407AE7 8B00
:00407AE9 83E804
sub eax, 00000004
:00407AEC C3
ret
:00407AED 8D4000

|:0040D8B0 , :004243EB , :004264E0
|
:00407AF0 53
push ebx
:00407AF1 56
push esi
:00407AF2 8BD8
mov ebx, eax
:00407AF4 85DB
test ebx, ebx
:00407AF6 7505
jne 00407AFD
:00407AF8 33C0
xor eax, eax
:00407AFA 5E
pop esi
:00407AFB 5B
pop ebx
:00407AFC C3
ret
|:00407AF6(C)
|
:00407AFD 8BC3
:00407AFF E8B8FDFFFF
:00407B04 8BF0
:00407B06 46
:00407B07 8BC6
:00407B09 E8C2FFFFFF
:00407B0E 8BCE
:00407B10 8BD3
:00407B12 E8D1FDFFFF
:00407B17 5E
:00407B18 5B
:00407B19 C3
:00407B1A 8BC0
mov eax, eax
mov eax, ebx

call 004078BC
mov esi, eax
inc esi
mov eax, esi
call 00407AD0
mov ecx, esi
mov edx, ebx
call 004078E8
pop esi
pop ebx
ret

|:0041DCD8 , :0041DD78 , :00422590 , :004243F5 , :00426425
|
:00407B1C 85C0
test eax, eax
:00407B1E 740A
je 00407B2A
:00407B20 83E804
sub eax, 00000004
:00407B23 8B10
:00407B25 E882ABFFFF
call 004026AC
|:00407B1E(C)
|
:00407B2A C3
:00407B2B 90
:00407B2C 53
:00407B2D 56
:00407B2E 57
:00407B2F 83C4D8
:00407B32 8BD9
:00407B34 8BF2
:00407B36 8BF8
:00407B38 83FB1F
:00407B3B 7605
:00407B3D BB1F000000
|:00407B3B(C)
|
:00407B42 8BD3
:00407B44 4A
:00407B45 8BC6
:00407B47 E878150000
:00407B4C 3C01
:00407B4E 7501
:00407B50 4B
ret
nop
push ebx
push esi
push edi
add esp, FFFFFFD8
mov ebx, ecx
mov esi, edx
mov edi, eax
cmp ebx, 0000001F
jbe 00407B42
mov ebx, 0000001F
mov edx, ebx

dec edx
mov eax, esi
call 004090C4
cmp al, 01
jne 00407B51
dec ebx

|:00407B4E(C)
|
:00407B51 8BC4
mov eax, esp
:00407B53
:00407B55
:00407B57
:00407B5C
:00407B60
:00407B62
:00407B66
:00407B6B
:00407B6F
:00407B76
:00407B78
:00407B7D
:00407B80
:00407B81
:00407B82
:00407B83
8BCB
8BD6
E88CFDFFFF
C6041C00
8BC4
89442420
C644242406
8D542420
8B04BD18214400
33C9
E8A7F8FFFF
83C428
5F
5E
5B
C3
mov ecx, ebx

mov edx, esi
call 004078E8
mov byte ptr [esp+ebx], 00
mov eax, esp
mov [esp+24], 06
mov eax, dword ptr [4*edi+00442118]
xor ecx, ecx
call 00407424
add esp, 00000028
pop edi
pop esi
pop ebx
ret

|:00407E74
|
:00407B84 53
push ebx
:00407B85 56
push esi
:00407B86 8BF2
mov esi, edx
:00407B88 8BD8
mov ebx, eax
:00407B8A 8BC3
mov eax, ebx
:00407B8C 8BD6
mov edx, esi
:00407B8E E8E1CBFFFF
call 00404774
:00407B93 5E
pop esi
:00407B94 5B
pop ebx
:00407B95 C3
ret
:00407B96 8BC0
mov eax, eax

|:00407C77
|
:00407B98 53
push ebx
:00407B99 8BD8
mov ebx, eax
:00407B9B 8BC3
mov eax, ebx
:00407B9D E816BCFFFF
call 004037B8
:00407BA2 5B
pop ebx
:00407BA3 C3
ret

|:00407FBE , :00407FF2 , :0040806D , :004080B4
|
:00407BA4 55
push ebp
:00407BA5 8BEC
mov ebp, esp
:00407BA7 83C48C
add esp, FFFFFF8C
:00407BAA 53
push ebx
:00407BAB 33DB
xor ebx, ebx
:00407BAD 895DF0
:00407BB0 53
push ebx
:00407BB1 56
push esi
:00407BB2 57
push edi
:00407BB3
:00407BB5
:00407BB7
:00407BBA
:00407BBD
:00407BBF
:00407BC2
:00407BC5
89C7
89CE
034D10
897DFC
31C0
8945F8
8945F4
8945F0
mov
mov
add
mov
xor
mov
mov
mov
edi, eax
esi, ecx
ecx, dword ptr [ebp+10]
dword ptr [ebp-04], edi
eax, eax
dword ptr [ebp-0C], eax

|:00407C81(U)
|
:00407BC8 09D2
or edx, edx
:00407BCA 740E
je 00407BDA
|:00407BD8(C)
|
:00407BCC 39CE
cmp esi, ecx
:00407BCE 740A
je 00407BDA
:00407BD0 AC
lodsb
:00407BD1 80F825
cmp al, 25
:00407BD4 740E
je 00407BE4
|:00407BEC(C)
|
:00407BD6 AA
stosb
:00407BD7 4A
dec edx
:00407BD8 75F2
jne 00407BCC
|:00407BCA(C), :00407BCE(C), :00407BE6(C), :00407BFE(C), :00407C10(C)
|:00407C24(C), :00407CAA(U)
|
:00407BDA 89F8
mov eax, edi
:00407BDC 2B45FC
sub eax, dword ptr [ebp-04]
:00407BDF E9A8030000
jmp 00407F8C
|:00407BD4(C)
|
:00407BE4 39CE
cmp esi, ecx
:00407BE6 74F2
je 00407BDA
:00407BE8 AC
lodsb
:00407BE9 80F825
cmp al, 25
:00407BEC 74E8
je 00407BD6
:00407BEE 8D5EFE
lea ebx, dword ptr [esi-02]
:00407BF1 895DEC
|:00407C13(U)
|
:00407BF4 8845EB
mov byte ptr [ebp-15], al
:00407BF7 80F82D
cmp al, 2D
:00407BFA 7505
jne 00407C01
:00407BFC 39CE
cmp esi, ecx
:00407BFE 74DA
je 00407BDA
:00407C00 AC
lodsb
|:00407BFA(C)
|
:00407C01 E880000000
:00407C06 80F83A
:00407C09 750A
:00407C0B 895DF8
:00407C0E 39CE
:00407C10 74C8
:00407C12 AC
:00407C13 EBDF
|:00407C09(C)
|
:00407C15 895DE4
:00407C18 BBFFFFFFFF
:00407C1D 80F82E
:00407C20 750A
:00407C22 39CE
:00407C24 74B4
:00407C26 AC
:00407C27 E85A000000
|:00407C20(C)
|
:00407C2C 895DE0
:00407C2F 8975DC
:00407C32 51
:00407C33 52
:00407C34 E896000000
:00407C39 5A
:00407C3A 8B5DE4
:00407C3D 29CB
:00407C3F 7302
:00407C41 31DB
|:00407C3F(C)
|
:00407C43 807DEB2D
:00407C47 750A
:00407C49 29CA
:00407C4B 7304
:00407C4D 01D1
:00407C4F 31D2
call 00407C86
cmp al, 3A
jne 00407C15
cmp esi, ecx
je 00407BDA
lodsb
jmp 00407BF4
mov dword ptr [ebp-1C], ebx

mov ebx, FFFFFFFF
cmp al, 2E
jne 00407C2C
cmp esi, ecx
je 00407BDA
lodsb
call 00407C86

mov dword ptr [ebp-24], esi
push ecx
push edx
call 00407CCF
pop edx
mov ebx, dword ptr [ebp-1C]
sub ebx, ecx
jnb 00407C43
xor ebx, ebx
cmp
jne
sub
jnb
add
xor
byte ptr [ebp-15], 2D

00407C53
edx, ecx
00407C51
ecx, edx
edx, edx

|:00407C4B(C)
|
:00407C51 F3
repz
:00407C52 A4
movsb
|:00407C47(C)
|
:00407C53 87CB
xchg ebx, ecx
:00407C55 29CA
sub edx, ecx
:00407C57 7304
jnb 00407C5D
:00407C59 01D1
:00407C5B 31D2
add ecx, edx

xor edx, edx

|:00407C57(C)
|
:00407C5D B020
mov al, 20
:00407C5F F3
repz
:00407C60 AA
stosb
:00407C61 87CB
xchg ebx, ecx
:00407C63 29CA
sub edx, ecx
:00407C65 7304
jnb 00407C6B
:00407C67 01D1
add ecx, edx
:00407C69 31D2
xor edx, edx
|:00407C65(C)
|
:00407C6B F3
:00407C6C A4
:00407C6D 837DF400
:00407C71 740A
:00407C73 52
:00407C74 8D45F4
:00407C77 E81CFFFFFF
:00407C7C 5A
|:00407C71(C)
|
:00407C7D 59
:00407C7E 8B75DC
repz
movsb
cmp dword ptr [ebp-0C], 00000000
je 00407C7D
push edx
call 00407B98
pop edx
pop ecx
mov esi, dword ptr [ebp-24]
jmp 00407BC8

|:00407C01 , :00407C27
|
:00407C86 31DB
xor ebx, ebx
:00407C88 80F82A
cmp al, 2A
:00407C8B 7422
je 00407CAF
|:00407CA7(U)
|
:00407C8D 80F830
cmp al, 30
:00407C90 723C
jb 00407CCE
:00407C92 80F839
cmp al, 39
:00407C95 7737
ja 00407CCE
:00407C97 6BDB0A
imul ebx, 0000000A
:00407C9A 80E830
sub al, 30
:00407C9D 0FB6C0
movzx eax, al
:00407CA0 01C3
add ebx, eax
:00407CA2 39CE
cmp esi, ecx
:00407CA4 7403
je 00407CA9
:00407CA6 AC
lodsb
:00407CA7 EBE4
jmp 00407C8D
|:00407CA4(C), :00407CCB(C)
|
:00407CA9 58
:00407CAA E92BFFFFFF
pop eax
jmp 00407BDA
|:00407C8B(C)
|
:00407CAF 8B45F8
:00407CB2 3B4508
:00407CB5 7712
:00407CB7 FF45F8
:00407CBA 8B5D0C
:00407CBD 807CC30400
:00407CC2 8B1CC3
:00407CC5 7402
:00407CC7 31DB
|:00407CB5(C), :00407CC5(C)
|
:00407CC9 39CE
:00407CCB 74DC
:00407CCD AC

cmp eax, dword ptr [ebp+08]
ja 00407CC9
inc [ebp-08]
cmp byte ptr [ebx+8*eax+04], 00
mov ebx, dword ptr [ebx+8*eax]
je 00407CC9
xor ebx, ebx
cmp esi, ecx

je 00407CA9
lodsb

|:00407C90(C), :00407C95(C)
|
:00407CCE C3
ret
|:00407C34
|
:00407CCF 24DF
and al, DF
:00407CD1 88C1
mov cl, al
:00407CD3 B801000000
mov eax, 00000001
:00407CD8 8B5DF8
:00407CDB 3B5D08
cmp ebx, dword ptr [ebp+08]
:00407CDE 775C
ja 00407D3C
:00407CE0 FF45F8
inc [ebp-08]
:00407CE3 8B750C
mov esi, dword ptr [ebp+0C]
:00407CE6 8D34DE
lea esi, dword ptr [esi+8*ebx]
:00407CE9 8B06
:00407CEB 0FB65E04
movzx ebx, byte ptr [esi+04]
:00407CEF FF249DF67C4000
jmp dword ptr [4*ebx+00407CF6]
:00407CF6
:00407CFA
:00407CFE
:00407D02
:00407D06
:00407D0A
:00407D0E
:00407D12
:00407D16
:00407D1A
:00407D1E
:00407D22
:00407D26
:00407D2A
:00407D2E
:00407D32
EA7D4000
3A7D4000
517E4000
0F7F4000
817E4000
F17E4000
D17E4000
3A7D4000
3A7D4000
3A7D4000
927E4000
B57E4000
0B7F4000
607E4000
3A7D4000
997E4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00407DEA
00407D3A
00407E51
00407F0F
00407E81
00407EF1
00407ED1
00407D3A
00407D3A
00407D3A
00407E92
00407EB5
00407F0B
00407E60
00407D3A
00407E99
:00407D36 4E7D4000
DWORD 00407D4E

|:00407D68(C), :00407DF7(C), :00407E54(C), :00407E63(C), :00407E84(C)
|:00407EA1(C), :00407EB8(C), :00407ED4(C), :00407EF4(C), :00407F32(C)
|
:00407D3A 31C0
xor eax, eax
|:00407CDE(C)
|
:00407D3C E840020000
:00407D41 8B55EC
:00407D44 8B4DDC
:00407D47 29D1
:00407D49 E8DEFDFFFF
:00407D4E 8D5DD0

call 00407F81
sub ecx, edx
call 00407B2C
lea ebx, dword ptr [ebp-30]

|:00407D0F(C)
|
:00407D51 8B10
:00407D53 8913
|:00407D13(C)
|
:00407D55 8B5004
:00407D58 895304
mov dword ptr [ebx+04], edx
:00407D5B 80F944
cmp cl, 44
:00407D5E 7411
je 00407D71
:00407D60 80F955
cmp cl, 55
:00407D63 742A
je 00407D8F
|:00407D23(C)
|
:00407D65 80F958
:00407D68 75D0
:00407D6A B910000000
:00407D6F EB23
|:00407D2F(C), :00407D5E(C)
|
:00407D71 F7430400000080
:00407D78 7415
:00407D7A F71B
:00407D7C 83530400
:00407D80 F75B04
:00407D83 E807000000
:00407D88 B02D
:00407D8A 41
:00407D8B 4E
:00407D8C 8806
:00407D8E C3
cmp
jne
mov
jmp
cl, 58
00407D3A
ecx, 00000010
00407D94
test [ebx+04], 80000000

je 00407D8F
neg dword ptr [ebx]
adc dword ptr [ebx+04], 00000000
neg [ebx+04]
call 00407D8F
mov al, 2D
inc ecx
dec esi
mov byte ptr [esi], al
ret

|:00407D83
|
|:00407D63(C), :00407D78(C)
|
:00407D8F B90A000000
mov ecx, 0000000A
|:00407D6F(U)
|
:00407D94 8D75AF
lea esi, dword ptr [ebp-51]
|:00407DCB(C)
|
:00407D97 51
:00407D98 6A00
:00407D9A 51
:00407D9B 8B03
:00407D9D 8B5304
:00407DA0 E8F4DAFFFF
:00407DA5 59
:00407DA6 92
:00407DA7 80C230
:00407DAA 80FA3A
:00407DAD 7203
:00407DAF 80C207
|:00407DAD(C)
|
:00407DB2 4E
:00407DB3 8816
:00407DB5 51
:00407DB6 6A00
:00407DB8 51
:00407DB9 8B03
:00407DBB 8B5304
:00407DBE E8E1D9FFFF
:00407DC3 59
:00407DC4 8903
:00407DC6 895304
:00407DC9 09D0
:00407DCB 75CA
:00407DCD 8D4DAF
:00407DD0 29F1
:00407DD2 8B55E0
:00407DD5 83FA10
:00407DD8 7201
:00407DDA C3
push ecx
push 00000000
push ecx
call 00405899
pop ecx
xchg eax,edx
add dl, 30
cmp dl, 3A
jb 00407DB2
add dl, 07
dec esi
mov byte ptr [esi], dl
push ecx
push 00000000
push ecx
call 004057A4
pop ecx
or eax, edx
jne 00407D97
sub ecx, esi
cmp edx, 00000010
jb 00407DDB
ret

|:00407DD8(C)
|
:00407DDB 29CA
sub edx, ecx
:00407DDD 760A
:00407DDF 01D1
:00407DE1 B030
jbe 00407DE9
add ecx, edx
mov al, 30

|:00407DE7(C)
|
:00407DE3 4E
dec esi
:00407DE4 8806
:00407DE6 4A
dec edx
:00407DE7 75FA
jne 00407DE3
|:00407DDD(C)
|
:00407DE9 C3
:00407DEA 80F944
:00407DED 7415
:00407DEF 80F955
:00407DF2 7422
:00407DF4 80F958
:00407DF7 0F853DFFFFFF
:00407DFD B910000000
:00407E02 EB17
|:00407DED(C)
|
:00407E04 09C0
:00407E06 790E
:00407E08 F7D8
:00407E0A E807000000
:00407E0F B02D
:00407E11 41
:00407E12 4E
:00407E13 8806
:00407E15 C3
ret
cmp cl, 44
je 00407E04
cmp cl, 55
je 00407E16
cmp cl, 58
jne 00407D3A
mov ecx, 00000010
jmp 00407E1B
or eax, eax
jns 00407E16
neg eax
call 00407E16
mov al, 2D
inc ecx
dec esi
ret

|:00407E0A
|
|:00407DF2(C), :00407E06(C)
|
:00407E16 B90A000000
mov ecx, 0000000A
|:00407E02(U), :00407F06(U)
|
:00407E1B 8D759F
|:00407E32(C)
|
:00407E1E 31D2
xor edx, edx
:00407E20 F7F1
div ecx
:00407E22 80C230
add dl, 30
:00407E25 80FA3A
:00407E28 7203
:00407E2A 80C207
cmp dl, 3A
jb 00407E2D
add dl, 07

|:00407E28(C)
|
:00407E2D 4E
dec esi
:00407E2E 8816
mov byte ptr [esi], dl
:00407E30 09C0
or eax, eax
:00407E32 75EA
jne 00407E1E
:00407E34 8D4D9F
:00407E37 29F1
sub ecx, esi
:00407E39 8B55E0
:00407E3C 83FA10
cmp edx, 00000010
:00407E3F 7201
jb 00407E42
:00407E41 C3
ret

|:00407E3F(C)
|
:00407E42 29CA
sub edx, ecx
:00407E44 760A
jbe 00407E50
:00407E46 01D1
add ecx, edx
:00407E48 B030
mov al, 30
|:00407E4E(C)
|
:00407E4A 4E
dec esi
:00407E4B 8806
:00407E4D 4A
dec edx
:00407E4E 75FA
jne 00407E4A
|:00407E44(C)
|
:00407E50 C3
:00407E51 80F953
:00407E54 0F85E0FEFFFF
:00407E5A B901000000
:00407E5F C3
:00407E60
:00407E63
:00407E69
:00407E6D
:00407E6F
:00407E71
:00407E74
:00407E79
:00407E7C
cmp cl, 53
jne 00407D3A
jbe 00407E7E
mov edx, eax
call 00407B84
mov esi, dword ptr [ebp-0C]
jmp 00407EC0
80F953
0F85D1FEFFFF
66833801
760F
89C2
8D45F4
E80BFDFFFF
8B75F4
EB42
ret
cmp cl, 53
jne 00407D3A
mov ecx, 00000001
ret

|:00407E6D(C), :00407EC2(C)
|
:00407E7E 31C9
xor ecx, ecx
:00407E80 C3
ret
:00407E81
:00407E84
:00407E8A
:00407E8C
:00407E8D
:00407E90
:00407E92
:00407E97
:00407E99
cmp cl, 53
jne 00407D3A
mov esi, eax
lodsb
movzx ecx, al
jmp 00407EC7
mov esi, 0040399C
jmp 00407E9E
mov esi, 004039FC
80F953
0F85B0FEFFFF
89C6
AC
0FB6C8
EB35
BE9C394000
EB05
BEFC394000
|:00407E97(U)
|
:00407E9E 80F953
:00407EA1 0F8593FEFFFF
:00407EA7 89C2
:00407EA9 8D45F0
:00407EAC FFD6
:00407EAE 8B75F0
:00407EB1 89F0
:00407EB3 EB0B
:00407EB5 80F953
:00407EB8 0F857CFEFFFF
:00407EBE 89C6
|:00407E7C(U), :00407EB3(U)
|
:00407EC0 09F6
:00407EC2 74BA
:00407EC4 8B4EFC
cmp cl, 53
jne 00407D3A
mov edx, eax
call esi
mov eax, esi
jmp 00407EC0
cmp cl, 53
jne 00407D3A
mov esi, eax
or esi, esi
je 00407E7E

|:00407E90(U)
|
:00407EC7 3B4DE0
cmp ecx, dword ptr [ebp-20]
:00407ECA 7701
ja 00407ECD
:00407ECC C3
ret

|:00407ECA(C)
|
:00407ECD 8B4DE0
:00407ED0 C3
ret
:00407ED1
:00407ED4
:00407EDA
:00407EDC
:00407EDD
:00407EDF
:00407EE1
:00407EE4
:00407EE6
80F953
0F8560FEFFFF
89C6
57
89C7
30C0
8B4DE0
E305
F2
cmp cl, 53
jne 00407D3A
mov esi, eax
push edi
mov edi, eax
xor al, al
jcxz 00407EEB
repnz
:00407EE7 AE
:00407EE8 7501
:00407EEA 4F
scasb
jne 00407EEB
dec edi

|:00407EE8(C)
|
:00407EEB 89F9
mov ecx, edi
:00407EED 29F1
sub ecx, esi
:00407EEF 5F
pop edi
:00407EF0 C3
ret
:00407EF1
:00407EF4
:00407EFA
:00407F01
:00407F06
:00407F0B
:00407F0D
:00407F0F
80F950
0F8540FEFFFF
C745E008000000
B910000000
E910FFFFFF
B701
EB02
B700
cmp
jne
mov
mov
jmp
mov
jmp
mov
cl, 50
00407D3A
[ebp-20], 00000008
ecx, 00000010
00407E1B
bh, 01
00407F11
bh, 00
|:00407F0D(U)
|
:00407F11 89C6
:00407F13 B300
:00407F15 80F947
:00407F18 743F
:00407F1A B301
:00407F1C 80F945
:00407F1F 7438
:00407F21 B302
:00407F23 80F946
:00407F26 7412
:00407F28 B303
:00407F2A 80F94E
:00407F2D 740B
:00407F2F 80F94D
:00407F32 0F8502FEFFFF
:00407F38 B304
|:00407F26(C), :00407F2D(C)
|
:00407F3A B812000000
:00407F3F 8B55E0
:00407F42 39C2
:00407F44 7625
:00407F46 BA02000000
:00407F4B 80F94D
:00407F4E 751B
:00407F50 0FB615F8344400
:00407F57 EB12
mov esi, eax

mov bl, 00
cmp cl, 47
je 00407F59
mov bl, 01
cmp cl, 45
je 00407F59
mov bl, 02
cmp cl, 46
je 00407F3A
mov bl, 03
cmp cl, 4E
je 00407F3A
cmp cl, 4D
jne 00407D3A
mov bl, 04
mov eax, 00000012

cmp edx, eax
jbe 00407F6B
mov edx, 00000002
cmp cl, 4D
jne 00407F6B
movzx edx, byte ptr [004434F8]
jmp 00407F6B

|:00407F18(C), :00407F1F(C)
|
:00407F59 8B45E0
:00407F5C BA03000000
mov edx, 00000003
:00407F61 83F812
:00407F64 7605
:00407F66 B80F000000
cmp eax, 00000012

jbe 00407F6B
mov eax, 0000000F

|:00407F44(C), :00407F4E(C), :00407F57(U), :00407F64(C)
|
:00407F6B 53
push ebx
:00407F6C 50
push eax
:00407F6D 52
push edx
:00407F6E 8D458F
:00407F71 89F2
mov edx, esi
:00407F73 0FB6CF
movzx ecx, bh
:00407F76 E8EB1C0000
call 00409C66
:00407F7B 89C1
mov ecx, eax
:00407F7D 8D758F
:00407F80 C3
ret

|:00407F8C
|
:00407F81 50
push eax
:00407F82 8D45F0
:00407F85 E82EB8FFFF
call 004037B8
:00407F8A 58
pop eax
:00407F8B C3
ret
|:00407BDF(U)
|
:00407F8C E8F0FFFFFF
:00407F91 5F
:00407F92 5E
:00407F93 5B
:00407F94 5B
:00407F95 8BE5
:00407F97 5D
:00407F98 C20C00
:00407F9B 90
nop
call 00407F81
pop edi
pop esi
pop ebx
pop ebx
mov esp, ebp
pop ebp
ret 000C

|:0042D490 , :0042D4CE , :0043D0BB , :0044139A
|
:00407F9C 55
push ebp
:00407F9D 8BEC
mov ebp, esp
:00407F9F 53
push ebx
:00407FA0 56
push esi
:00407FA1 57
push edi
:00407FA2 8BF9
mov edi, ecx
:00407FA4 8BF2
mov esi, edx
:00407FA6 8BD8
mov ebx, eax
:00407FA8 8BC6
mov eax, esi
:00407FAA E80DF9FFFF
call 004078BC
:00407FAF 50
push eax
:00407FB0
:00407FB1
:00407FB4
:00407FB5
:00407FB7
:00407FB9
:00407FBE
:00407FC3
:00407FC7
:00407FC9
:00407FCA
:00407FCB
:00407FCC
:00407FCD
57
8B4508
50
8BCE
8BC3
BAFFFFFF7F
E8E1FBFFFF
C6040300
8BC3
5F
5E
5B
5D
C20400
push edi
push eax
mov ecx, esi
mov eax, ebx
mov edx, 7FFFFFFF
call 00407BA4
mov byte ptr [ebx+eax], 00
mov eax, ebx
pop edi
pop esi
pop ebx
pop ebp
ret 0004

|:004087D5
|
:00407FD0 55
push ebp
:00407FD1 8BEC
mov ebp, esp
:00407FD3 53
push ebx
:00407FD4 56
push esi
:00407FD5 57
push edi
:00407FD6 8BF1
mov esi, ecx
:00407FD8 8BFA
mov edi, edx
:00407FDA 8BD8
mov ebx, eax
:00407FDC 8BC6
mov eax, esi
:00407FDE E8D9F8FFFF
call 004078BC
:00407FE3 50
push eax
:00407FE4 8B450C
:00407FE7 50
push eax
:00407FE8 8B4508
:00407FEB 50
push eax
:00407FEC 8BCE
mov ecx, esi
:00407FEE 8BC3
mov eax, ebx
:00407FF0 8BD7
mov edx, edi
:00407FF2 E8ADFBFFFF
call 00407BA4
:00407FF7 C6040300
mov byte ptr [ebx+eax], 00
:00407FFB 8BC3
mov eax, ebx
:00407FFD 5F
pop edi
:00407FFE 5E
pop esi
:00407FFF 5B
pop ebx
:00408000 5D
pop ebp
:00408001 C20800
ret 0008

|:004088DC , :0040C21D , :0040ECFE , :00410A4F , :00422204
|
:00408004 55
push ebp
:00408005 8BEC
mov ebp, esp
:00408007 51
push ecx
:00408008 8B4D08
:0040800B 91
xchg eax,ecx
:0040800C 87D1
xchg ecx, edx
:0040800E E805000000
call 00408018
:00408013 5D
pop ebp
:00408014 C20400
ret 0004
:00408017 90
nop

|:00407649 , :0040800E
|
:00408018 55
push ebp
:00408019 8BEC
mov ebp, esp
:0040801B 81C404F0FFFF
add esp, FFFFF004
:00408021 50
push eax
:00408022 83C4F4
add esp, FFFFFFF4
:00408025 53
push ebx
:00408026 56
push esi
:00408027 894DF8
:0040802A 8955FC
:0040802D 8BF0
mov esi, eax
:0040802F BB02100000
mov ebx, 00001002
:00408034 8B45FC
:00408037 E8F8B9FFFF
call 00403A34
:0040803C 8BD3
mov edx, ebx
:0040803E 85D2
test edx, edx
:00408040 7903
jns 00408045
:00408042 83C203
add edx, 00000003
|:00408040(C)
|
:00408045 C1FA02
:00408048 8BCB
:0040804A 2BCA
:0040804C 3BC1
:0040804E 7D24
:00408050 8B45FC
:00408053 E8DCB9FFFF
:00408058 50
:00408059 8B45F8
:0040805C 50
:0040805D 8B4508
:00408060 50
:00408061 8B4DFC
:00408064 8BD3
:00408066 4A
:00408067 8D85F6EFFFFF
:0040806D E832FBFFFF
:00408072 EB0C
|:0040804E(C)
|
:00408074 8B45FC
:00408077 E8B8B9FFFF
:0040807C 8BD8
:0040807E 8BC3
sar edx, 02
mov ecx, ebx
sub ecx, edx
cmp eax, ecx
jge 00408074
mov eax, dword
call 00403A34
push eax
mov eax, dword
push eax
mov eax, dword
push eax
mov ecx, dword
mov edx, ebx
dec edx
lea eax, dword
call 00407BA4
jmp 00408080
ptr [ebp-04]
ptr [ebp-08]
ptr [ebp+08]
ptr [ebp-04]
ptr [ebp+FFFFEFF6]

call 00403A34
mov ebx, eax
mov eax, ebx

|:00408072(U)
|
:00408080 8BD3
mov edx, ebx
:00408082
:00408083
:00408085
:00408087
4A
3BC2
7C43
EB30
dec edx
cmp eax, edx
jl 004080CA
jmp 004080B9
|:004080BE(C)
|
:00408089 03DB
:0040808B 8BC6
:0040808D E826B7FFFF
:00408092 8BC6
:00408094 8BD3
:00408096 E86DBCFFFF
:0040809B 8B45FC
:0040809E E891B9FFFF
:004080A3 50
:004080A4 8B45F8
:004080A7 50
:004080A8 8B4508
:004080AB 50
:004080AC 8B4DFC
:004080AF 8BD3
:004080B1 4A
:004080B2 8B06
:004080B4 E8EBFAFFFF
|:00408087(U)
|
:004080B9 8BD3
:004080BB 4A
:004080BC 3BC2
:004080BE 7DC9
:004080C0 8BD6
:004080C2 92
:004080C3 E840BCFFFF
:004080C8 EB0E
|:00408085(C)
|
:004080CA 8D95F6EFFFFF
:004080D0 8BCE
:004080D2 91
:004080D3 E8C4B7FFFF
add ebx, ebx

mov eax, esi
call 004037B8
mov eax, esi
mov edx, ebx
call 00403D08
mov eax, dword
call 00403A34
push eax
mov eax, dword
push eax
mov eax, dword
push eax
mov ecx, dword
mov edx, ebx
dec edx
mov eax, dword
call 00407BA4
ptr [ebp-04]
ptr [ebp-08]
ptr [ebp+08]
ptr [ebp-04]
ptr [esi]
mov edx, ebx

dec edx
cmp eax, edx
jge 00408089
mov edx, esi
xchg eax,edx
call 00403D08
jmp 004080D8
lea edx, dword ptr [ebp+FFFFEFF6]

mov ecx, esi
xchg eax,ecx
call 0040389C

|:004080C8(U)
|
:004080D8 5E
pop esi
:004080D9 5B
pop ebx
:004080DA 8BE5
mov esp, ebp
:004080DC 5D
pop ebp
:004080DD C20400
ret 0004

|:00409708
|
:004080E0
:004080E1
:004080E7
:004080E9
:004080EB
:004080F0
:004080F4
:004080F5
:004080F7
:004080F8
:004080FA
53
81C400FFFFFF
8BDA
6A00
6800010000
8D542408
52
6A00
50
6A00
6800300000
push ebx
add esp, FFFFFF00
mov ebx, edx
push 00000000
push 00000100
push edx
push 00000000
push eax
push 00000000
push 00003000

|
:004080FF E86CDBFFFF
Call 00405C70
:00408104 EB01
jmp 00408107
|:00408112(C), :00408117(C)
|
:00408106 48
dec eax
|:00408104(U)
|
:00408107 85C0
:00408109 7E0E
:0040810B 8A5404FF
:0040810F 80EA21
:00408112 72F2
:00408114 80EA0D
:00408117 74ED
|:00408109(C)
|
:00408119 8BD4
:0040811B 8BCB
:0040811D 91
:0040811E E879B7FFFF
:00408123 81C400010000
:00408129 5B
:0040812A C3
:0040812B 90
nop
|:004081BC , :004083A3
|:004093EB , :00409435
|:004094FB , :0040952D
|
:0040812C 55
:0040812D 8BEC
:0040812F 81C400FFFFFF
:00408135 53
:00408136 56
:00408137 8BF1
:00408139 8B5D08
test eax, eax

jle 00408119
mov dl, byte ptr [esp+eax-01]
sub dl, 21
jb 00408106
sub dl, 0D
je 00408106
mov edx, esp

mov ecx, ebx
xchg eax,ecx
call 0040389C
add esp, 00000100
pop ebx
ret
Addresses:
, :0040844D
, :0040946C
, :0040956C
, :004093A5
, :00409499
, :0040958F
push ebp
mov ebp,
add esp,
push ebx
push esi
mov esi,
mov ebx,
, :004093C7
, :004094D9
esp
FFFFFF00
ecx
dword ptr [ebp+08]
:0040813C
:00408141
:00408147
:00408148
:00408149
6800010000
8D8D00FFFFFF
51
52
50
push 00000100
lea ecx, dword ptr [ebp+FFFFFF00]
push ecx
push edx
push eax

|
:0040814A E861DBFFFF
Call 00405CB0
:0040814F 85C0
test eax, eax
:00408151 7E12
jle 00408165
:00408153 8BC8
mov ecx, eax
:00408155 49
dec ecx
:00408156 8D9500FFFFFF
lea edx, dword ptr [ebp+FFFFFF00]
:0040815C 8BC3
mov eax, ebx
:0040815E E839B7FFFF
call 0040389C
:00408163 EB09
jmp 0040816E
|:00408151(C)
|
:00408165 8BC3
:00408167 8BD6
:00408169 E8E2B6FFFF

mov eax, ebx
mov edx, esi
call 00403850

|:00408163(U)
|
:0040816E 5E
pop esi
:0040816F 5B
pop ebx
:00408170 8BE5
mov esp, ebp
:00408172 5D
pop ebp
:00408173 C20400
ret 0004
:00408176 8BC0
mov eax, eax

|:00409408 , :0040941B , :00409452 , :004094BF , :00409601
|
:00408178 53
push ebx
:00408179 56
push esi
:0040817A 57
push edi
:0040817B 51
push ecx
:0040817C 8BD9
mov ebx, ecx
:0040817E 8BF2
mov esi, edx
:00408180 8BF8
mov edi, eax
:00408182 6A02
push 00000002
:00408184 8D442404
:00408188 50
push eax
:00408189 56
push esi
:0040818A 57
push edi
|
:0040818B E820DBFFFF
Call 00405CB0
:00408190 85C0
test eax, eax
:00408192 7E05
jle 00408199
:00408194 8A0424
mov al, byte ptr [esp]
:00408197 EB02
jmp 0040819B

|:00408192(C)
|
:00408199 8BC3
mov eax, ebx
|:00408197(U)
|
:0040819B 5A
pop edx
:0040819C 5F
pop edi
:0040819D 5E
pop esi
:0040819E 5B
pop ebx
:0040819F C3
ret

|:00408222 , :00408245 , :00408293 , :004082B8
|
:004081A0 55
push ebp
:004081A1 8BEC
mov ebp, esp
:004081A3 51
push ecx
:004081A4 53
push ebx
:004081A5 56
push esi
:004081A6 57
push edi
:004081A7 894DFC
:004081AA 8BFA
mov edi, edx
:004081AC 8BF0
mov esi, eax
:004081AE 8B5D08
:004081B1 53
push ebx
:004081B2 8B4510
:004081B5 8B40FC
:004081B8 33C9
xor ecx, ecx
:004081BA 8BD6
mov edx, esi
:004081BC E86BFFFFFF
call 0040812C
:004081C1 833B00
:004081C4 750D
jne 004081D3
:004081C6 8B45FC
:004081C9 8B04B8
mov eax, dword ptr [eax+4*edi]
:004081CC 8BD3
mov edx, ebx
:004081CE E851CCFFFF
call 00404E24
|:004081C4(C)
|
:004081D3 5F
pop edi
:004081D4 5E
pop esi
:004081D5 5B
pop ebx
:004081D6 59
pop ecx
:004081D7 5D
pop ebp
:004081D8 C20800
ret 0008
:004081DB 90
nop

|:0040937E
|
:004081DC 55
push ebp
:004081DD
:004081DF
:004081E2
:004081E3
:004081E4
:004081E5
:004081E7
:004081EA
:004081EC
:004081ED
:004081F2
:004081F5
8BEC
83C4F4
53
56
57
33C0
8945F4
33C0
55
68EA824000
64FF30
648920
mov ebp, esp

add esp, FFFFFFF4
push ebx
push esi
push edi
xor eax, eax
xor eax, eax
push ebp
push 004082EA

|
:004081F8 E8DBDAFFFF
Call 00405CD8
:004081FD 8945FC
:00408200 BB01000000
mov ebx, 00000001
:00408205 BE18354400
mov esi, 00443518
:0040820A BF48354400
mov edi, 00443548
|:0040825F(C)
|
:0040820F 55
:00408210 6A0B
:00408212 8D45F4
:00408215 50
:00408216 B920214400
:0040821B 8BD3
:0040821D 4A
:0040821E 8D4344
:00408221 48
:00408222 E879FFFFFF
:00408227 59
:00408228 8B55F4
:0040822B 8BC6
:0040822D E8DAB5FFFF
:00408232 55
:00408233 6A0B
:00408235 8D45F4
:00408238 50

push ebp
push 0000000B
lea eax, dword ptr
push eax
mov ecx, 00442120
mov edx, ebx
dec edx
lea eax, dword ptr
dec eax
call 004081A0
pop ecx
mov edx, dword ptr
mov eax, esi
call 0040380C
push ebp
push 0000000B
lea eax, dword ptr
push eax
[ebp-0C]
[ebx+44]
[ebp-0C]
[ebp-0C]
* Possible StringData Ref from Data Obj ->"|h@"

|
:00408239 B950214400
mov ecx, 00442150
:0040823E 8BD3
mov edx, ebx
:00408240 4A
dec edx
:00408241 8D4338
:00408244 48
dec eax
:00408245 E856FFFFFF
call 004081A0
:0040824A 59
pop ecx
:0040824B 8B55F4
:0040824E 8BC7
mov eax, edi
:00408250 E8B7B5FFFF
call 0040380C
:00408255 43
inc ebx
:00408256 83C704
add edi, 00000004
:00408259 83C604
add esi, 00000004
:0040825C 83FB0D
cmp ebx, 0000000D
:0040825F 75AE
jne 0040820F
:00408261 BB01000000
:00408266 BE78354400
:0040826B BF94354400
mov ebx, 00000001

mov esi, 00443578
mov edi, 00443594
|:004082D2(C)
|
:00408270 8D4305
:00408273 B907000000
:00408278 99
:00408279 F7F9
:0040827B 8955F8
:0040827E 55
:0040827F 6A06
:00408281 8D45F4
:00408284 50
:00408285 B980214400
:0040828A 8BD3
:0040828C 4A
:0040828D 8B45F8
:00408290 83C031
:00408293 E808FFFFFF
:00408298 59
:00408299 8B55F4
:0040829C 8BC6
:0040829E E869B5FFFF
:004082A3 55
:004082A4 6A06
:004082A6 8D45F4
:004082A9 50
:004082AA B99C214400
:004082AF 8BD3
:004082B1 4A
:004082B2 8B45F8
:004082B5 83C02A
:004082B8 E8E3FEFFFF
:004082BD 59
:004082BE 8B55F4
:004082C1 8BC7
:004082C3 E844B5FFFF
:004082C8 43
:004082C9 83C704
:004082CC 83C604
:004082CF 83FB08
:004082D2 759C
:004082D4 33C0
:004082D6 5A
:004082D7 59
:004082D8 59
:004082D9 648910

mov ecx, 00000007
cdq
idiv ecx
push ebp
push 00000006
push eax
mov ecx, 00442180
mov edx, ebx
dec edx
add eax, 00000031
call 004081A0
pop ecx
mov eax, esi
call 0040380C
push ebp
push 00000006
push eax
mov ecx, 0044219C
mov edx, ebx
dec edx
add eax, 0000002A
call 004081A0
pop ecx
mov eax, edi
call 0040380C
inc ebx
add edi, 00000004
add esi, 00000004
cmp ebx, 00000008
jne 00408270
xor eax, eax
pop edx
pop ecx
pop ecx

|
:004082DC 68F1824000
push 004082F1
|:004082EF(U)
|
:004082E1 8D45F4
:004082E4 E8CFB4FFFF
call 004037B8
:004082E9 C3
ret
:004082EA
:004082EF
:004082F1
:004082F2
:004082F3
:004082F4
:004082F6
:004082F7
E989AFFFFF
EBF0
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:004082F8
:004082F9
:004082FB
:004082FC
:004082FD
:004082FE
:00408301
:00408306
55
8BEC
53
56
57
8B7508
BFBC354400
BB01000000
push ebp
mov ebp,
push ebx
push esi
push edi
mov esi,
mov edi,
mov ebx,
00403278
004082E1
edi
esi
ebx
esp, ebp
ebp
esp
dword ptr [ebp+08]

004435BC
00000001
|:00408326(C)
|
:0040830B 8D449FFC
:0040830F 8BD6
:00408311 E856B6FFFF
:00408316 8B449FFC
:0040831A E815B7FFFF
:0040831F 40
:00408320 03F0
:00408322 43
:00408323 803E00
:00408326 75E3
:00408328 33C0
:0040832A 5F
:0040832B 5E
:0040832C 5B
:0040832D 5D
:0040832E C20400
:00408331
:00408334
:00408335
:00408337
:00408338
:00408339
:0040833A
:0040833B
:0040833E
:00408343
lea eax,
push ebp
mov ebp,
push ecx
push ebx
push esi
push edi
mov ebx,
mov edi,
mov esi,
8D4000
55
8BEC
51
53
56
57
8B5D08
BFD8354400
BE01000000
|:00408370(C)
|
:00408348 8D55FC
:0040834B 8BC3
:0040834D E806A6FFFF
lea eax, dword ptr [edi+4*ebx-04]

mov edx, esi
call 0040396C
mov eax, dword ptr [edi+4*ebx-04]
call 00403A34
inc eax
add esi, eax
inc ebx
cmp byte ptr [esi], 00
jne 0040830B
xor eax, eax
pop edi
pop esi
pop ebx
pop ebp
ret 0004
dword ptr [eax+00]
esp
dword ptr [ebp+08]

004435D8
00000001

mov eax, ebx
call 00402958
:00408352
:00408356
:0040835A
:0040835C
:0040835E
8944B7FC
837DFC00
7406
33C0
8944B7FC
|:0040835A(C)
|
:00408362 8BC3
:00408364 E853F5FFFF
:00408369 40
:0040836A 03D8
:0040836C 46
:0040836D 803B00
:00408370 75D6
:00408372 33C0
:00408374 5F
:00408375 5E
:00408376 5B
:00408377 59
:00408378 5D
:00408379 C20400
mov dword ptr [edi+4*esi-04], eax

je 00408362
xor eax, eax
mov dword ptr [edi+4*esi-04], eax
mov eax, ebx
call 004078BC
inc eax
add ebx, eax
inc esi
cmp byte ptr [ebx], 00
jne 00408348
xor eax, eax
pop edi
pop esi
pop ebx
pop ecx
pop ebp
ret 0004

|:0040938C
|
:0040837C 55
push ebp
:0040837D 8BEC
mov ebp, esp
:0040837F 6A00
push 00000000
:00408381 53
push ebx
:00408382 33C0
xor eax, eax
:00408384 55
push ebp
:00408385 68FD834000
push 004083FD
:0040838A 64FF30
:0040838D 648920
:00408390 8D45FC
:00408393 50
push eax
|
:00408394 E83FD9FFFF
Call 00405CD8
:00408399 B910844000
mov ecx, 00408410
:0040839E BA0B100000
mov edx, 0000100B
call 0040812C
:004083A8 8B45FC
:004083AB BA01000000
mov edx, 00000001
:004083B0 E8ABF2FFFF
call 00407660
:004083B5 8BD8
mov ebx, eax
:004083B7 8BC3
mov eax, ebx
:004083B9 83C0FD
add eax, FFFFFFFD
:004083BC 83E803
sub eax, 00000003
:004083BF 7326
jnb 004083E7
:004083C1 6A04
push 00000004
:004083C3 53
push ebx
|
:004083C4 E80FD9FFFF
:004083C9 50
:004083CA 68F8824000
Call 00405CD8
push eax
push 004082F8

|
:004083CF E88CD8FFFF
Call 00405C60
:004083D4 6A03
push 00000003
:004083D6 53
push ebx
|
:004083D7 E8FCD8FFFF
Call 00405CD8
:004083DC 50
push eax
:004083DD 6834834000
push 00408334
|
:004083E2 E879D8FFFF
Call 00405C60
|:004083BF(C)
|
:004083E7 33C0
xor eax, eax
:004083E9 5A
pop edx
:004083EA 59
pop ecx
:004083EB 59
pop ecx
:004083EC 648910
* Possible StringData Ref from Code Obj ->"[Y]"
|
:004083EF 6804844000
push 00408404
|:00408402(U)
|
:004083F4 8D45FC
:004083F7 E8BCB3FFFF
:004083FC C3
:004083FD
:00408402
:00408404
:00408405
:00408406
:00408407
jmp
jmp
pop
pop
pop
ret
E976AEFFFF
EBF0
5B
59
5D
C3

call 004037B8
ret
00403278
004083F4
ebx
ecx
ebp
:00408408 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040840C
:0040840E
:00408410
:00408412
add
add
xor
add
0100
0000
3100
0000

|:00409477 , :004094A4
|

byte ptr [eax], al
byte ptr [eax], al
:00408414
:00408415
:00408417
:00408419
:0040841A
:0040841B
:0040841C
:0040841E
:00408420
:00408422
:00408423
:00408428
:0040842B
:0040842E
:00408433
:00408435
:0040843A
:0040843D
55
8BEC
6A00
53
56
57
8BFA
8BF0
33C0
55
68CD854000
64FF30
648920
BB01000000
8BC7
E87EB3FFFF
8D45FC
50
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
xor eax, eax
push ebp
push 004085CD
mov ebx, 00000001
mov eax, edi
call 004037B8
push eax

|
:0040843E E895D8FFFF
Call 00405CD8
:00408443 B9E4854000
mov ecx, 004085E4
:00408448 BA09100000
mov edx, 00001009
:0040844D E8DAFCFFFF
call 0040812C
:00408452 8B45FC
:00408455 BA01000000
mov edx, 00000001
:0040845A E801F2FFFF
call 00407660
:0040845F 83C0FD
add eax, FFFFFFFD
:00408462 83E803
sub eax, 00000003
:00408465 0F823D010000
jb 004085A8
:0040846B 66A1B4354400
mov ax, word ptr [004435B4]
:00408471 6683E804
sub ax, 0004
:00408475 740D
je 00408484
:00408477 83C0F3
add eax, FFFFFFF3
:0040847A 6683E802
sub ax, 0002
:0040847E 7204
jb 00408484
:00408480 33C0
xor eax, eax
:00408482 EB02
jmp 00408486
|:00408475(C), :0040847E(C)
|
:00408484 B001
mov al, 01
|:00408482(U)
|
:00408486 84C0
test al, al
:00408488 7435
je 004084BF
:0040848A EB23
jmp 004084AF
|:004084B8(C)
|
:0040848C 8A441EFF
:00408490 2C47
:00408492 741A
:00408494 2C20
:00408496 7416

mov al, byte ptr [esi+ebx-01]
sub al, 47
je 004084AE
sub al, 20
je 004084AE
:00408498
:0040849B
:0040849F
:004084A4
:004084A7
:004084A9
8D45FC
8A541EFF
E8B8B4FFFF
8B55FC
8BC7
E88EB5FFFF

mov dl, byte ptr [esi+ebx-01]
call 0040395C
mov eax, edi
call 00403A3C

|:00408492(C), :00408496(C)
|
:004084AE 43
inc ebx
|:0040848A(U)
|
:004084AF 8BC6
:004084B1 E87EB5FFFF
:004084B6 3BD8
:004084B8 7ED2
:004084BA E9F8000000
|:00408488(C)
|
:004084BF 8BC7
:004084C1 8BD6
:004084C3 E888B3FFFF
:004084C8 E9EA000000
|:004085B1(C)
|
:004084CD 8A441EFF
:004084D1 25FF000000
:004084D6 0FA305CC204400
:004084DD 7324
:004084DF 8D45FC
:004084E2 50
:004084E3 B902000000
:004084E8 8BD3
:004084EA 8BC6
:004084EC E847B7FFFF
:004084F1 8B55FC
:004084F4 8BC7
:004084F6 E841B5FFFF
:004084FB 83C302
:004084FE E9A5000000
|:004084DD(C)
|
:00408503 BAE8854000
:00408508 8D441EFF
:0040850C B902000000
:00408511 E8FEF4FFFF
:00408516 85C0
:00408518 750F
:0040851A 8BC7
mov eax, esi

call 00403A34
cmp ebx, eax
jle 0040848C
jmp 004085B7
mov eax, edi

mov edx, esi
call 00403850
jmp 004085B7

and eax, 000000FF
bt dword ptr [004420CC], eax
jnb 00408503
push eax
mov ecx, 00000002
mov edx, ebx
mov eax, esi
call 00403C38
mov eax, edi
call 00403A3C
add ebx, 00000002
jmp 004085A8
mov edx, 004085E8

lea eax, dword ptr [esi+ebx-01]
mov ecx, 00000002
call 00407A14
test eax, eax
jne 00408529
mov eax, edi
* Possible StringData Ref from Code Obj ->"ggg"
:0040851C
:00408521
:00408526
:00408527
BAF4854000
E816B5FFFF
43
EB7E
|
mov edx, 004085F4
call 00403A3C
inc ebx
jmp 004085A7

|:00408518(C)
|
* Possible StringData Ref from Code Obj ->"yyyy"
|
:00408529 BAF8854000
mov edx, 004085F8
:0040852E 8D441EFF
:00408532 B904000000
mov ecx, 00000004
:00408537 E8D8F4FFFF
call 00407A14
:0040853C 85C0
test eax, eax
:0040853E 7511
jne 00408551
:00408540 8BC7
mov eax, edi
* Possible StringData Ref from Code Obj ->"eeee"
|
:00408542 BA08864000
mov edx, 00408608
:00408547 E8F0B4FFFF
call 00403A3C
:0040854C 83C303
add ebx, 00000003
:0040854F EB56
jmp 004085A7
|:0040853E(C)
|
:00408551 BA10864000
:00408556 8D441EFF
:0040855A B902000000
:0040855F E8B0F4FFFF
:00408564 85C0
:00408566 750F
:00408568 8BC7
:0040856A BA1C864000
:0040856F E8C8B4FFFF
:00408574 43
:00408575 EB30
|:00408566(C)
|
:00408577 8A441EFF
:0040857B 2C59
:0040857D 7404
:0040857F 2C20
:00408581 750E
|:0040857D(C)
|
:00408583 8BC7
:00408585 BA28864000
:0040858A E8ADB4FFFF
:0040858F EB16
mov edx, 00408610

mov ecx, 00000002
call 00407A14
test eax, eax
jne 00408577
mov eax, edi
mov edx, 0040861C
call 00403A3C
inc ebx
jmp 004085A7

sub al, 59
je 00408583
sub al, 20
jne 00408591
mov eax, edi

mov edx, 00408628
call 00403A3C
jmp 004085A7
|:00408581(C)
|
:00408591 8D45FC
:00408594 8A541EFF
:00408598 E8BFB3FFFF
:0040859D 8B55FC
:004085A0 8BC7
:004085A2 E895B4FFFF

call 0040395C
mov eax, edi
call 00403A3C

|:00408527(U), :0040854F(U), :00408575(U), :0040858F(U)
|
:004085A7 43
inc ebx
|:00408465(C), :004084FE(U)
|
:004085A8 8BC6
:004085AA E885B4FFFF
:004085AF 3BD8
:004085B1 0F8E16FFFFFF
|:004084BA(U), :004084C8(U)
|
:004085B7 33C0
:004085B9 5A
:004085BA 59
:004085BB 59
:004085BC 648910
mov eax, esi

call 00403A34
cmp ebx, eax
jle 004084CD
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx
* Possible StringData Ref from Code Obj ->"_^[Y]"

|
:004085BF 68D4854000
push 004085D4
|:004085D2(U)
|
:004085C4 8D45FC
:004085C7 E8ECB1FFFF
:004085CC C3
:004085CD
:004085D2
:004085D4
:004085D5
:004085D6
:004085D7
:004085D8
:004085D9
jmp
jmp
pop
pop
pop
pop
pop
ret
E9A6ACFFFF
EBF0
5F
5E
5B
59
5D
C3

call 004037B8
ret
00403278
004085C4
edi
esi
ebx
ecx
ebp
:004085DA 0000
BYTE 2 DUP(0)
:004085DC FFFFFFFF
BYTE 4 DUP(0ffh)
:004085E0 0100
:004085E2
:004085E4
:004085E6
:004085E8
:004085E9
:004085EC
0000
3100
0000
67
670000
FFFFFFFF

xor dword ptr [eax], eax
BYTE 067h
add [bx+si], al
BYTE 4 DUP(0ffh)
:004085F0
:004085F2
:004085F4
:004085F5
:004085F6
:004085FA
:004085FC
0300
0000
67
67
67007979
7979
00000000

BYTE 067h
BYTE 067h
add [bx+di+79], bh
jns 00408675
BYTE 4 DUP(0)
:00408600 FFFFFFFF
BYTE 4 DUP(0ffh)
:00408604 0400
:00408606 0000
:00408608 65
add al, 00
BYTE 065h
:00408609 65
BYTE 065h
:0040860A 65
BYTE 065h
:0040860B 65
BYTE 065h
:0040860C 00000000
BYTE 4 DUP(0)
:00408610 7979
:00408612 0000
:00408614 FFFFFFFF
jns 0040868B
BYTE 4 DUP(0ffh)
:00408618 0200
:0040861A 0000
:0040861C 65

BYTE 065h
:0040861D 65
BYTE 065h
:0040861E 0000
:00408620 FFFFFFFF

BYTE 4 DUP(0ffh)
:00408624 0100
:00408626 0000
:00408628 65

BYTE 065h
:00408629 000000
BYTE 3 DUP(0)

|:0040F9A5 , :0040F9DF , :0043EE84 , :0043EE98 , :0043EEB6
|:0043EECD , :0043EEE4
|
:0040862C E8E3A0FFFF
call 00402714
:00408631 85C0
test eax, eax
:00408633 7409
je 0040863E
:00408635 E8DAA0FFFF
call 00402714
:0040863A 8B4008
:0040863D C3
ret

|:00408633(C)
|
:0040863E 33C0
xor eax, eax
:00408640 C3
ret
:00408641 8D4000

|:0043EEDE
|
:00408644 E8CBA0FFFF
call 00402714
:00408649 85C0
test eax, eax
:0040864B 7409
je 00408656
:0040864D E8C2A0FFFF
call 00402714
:00408652 8B4004
:00408655 C3
ret

|:0040864B(C)
|
:00408656 33C0
xor eax, eax
:00408658 C3
ret
:00408659 8D4000

|:004086CD
|
:0040865C 85C0
test eax, eax
:0040865E 7405
je 00408665
:00408660 2D00100000
sub eax, 00001000
|:0040865E(C)
|
:00408665 C3
ret
:00408666 8BC0
mov eax, eax
|:00408803
|
:00408668 55
:00408669 8BEC
:0040866B 81C4A8FBFFFF
:00408671 53
:00408672 56
:00408673 57
:00408674 894DFC
:00408677 8BDA
:00408679 8BF0
:0040867B 6A1C
:0040867D 8D85D0FCFFFF
:00408683 50
:00408684 53
push ebp
mov ebp, esp
add esp, FFFFFBA8
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
push 0000001C
lea eax, dword ptr [ebp+FFFFFCD0]
push eax
push ebx

|
:00408685 E826D7FFFF
Call 00405DB0
:0040868A 81BDE0FCFFFF00100000
cmp dword ptr [ebp+FFFFFCE0], 00001000
:00408694 751C
jne 004086B2
:00408696 6805010000
push 00000105
:0040869B 8D85EEFDFFFF
lea eax, dword ptr [ebp+FFFFFDEE]
:004086A1 50
push eax
:004086A2 8B85D4FCFFFF
mov eax, dword ptr [ebp+FFFFFCD4]
:004086A8 50
push eax
|
:004086A9 E80AD6FFFF
Call 00405CB8
:004086AE 85C0
test eax, eax
:004086B0 7525
jne 004086D7
|:00408694(C)
|
:004086B2 6805010000
:004086B7 8D85EEFDFFFF
:004086BD 50
:004086BE A1E02B4400
:004086C3 8B00
:004086C5 50

push 00000105
push eax
mov eax, dword ptr [00442BE0]
push eax

|
:004086C6 E8EDD5FFFF
Call 00405CB8
:004086CB 8BC3
mov eax, ebx
:004086CD E88AFFFFFF
call 0040865C
:004086D2 8945F8
:004086D5 EB09
jmp 004086E0
|:004086B0(C)
|
:004086D7 2B9DD4FCFFFF
sub ebx, dword ptr [ebp+FFFFFCD4]
:004086DD 895DF8
|:004086D5(U)
|
:004086E0
:004086E6
:004086E8
:004086ED
:004086EF
:004086F0
:004086F6
:004086FB
:00408700
:00408705
:0040870A
:0040870C
:00408712
:00408717
:00408719
:0040871B
:0040871E
:00408723
:00408725
:00408727
:0040872C
:0040872E
:00408730
:00408735
:00408737
8D85EEFDFFFF
B25C
E8530B0000
8BD0
42
8D85F3FEFFFF
B904010000
E878F2FFFF
BBEC874000
BFEC874000
8BC6
8B1584694000
E879A6FFFF
84C0
7421
8B4604
E8D5B4FFFF
8BD8
8BC3
E890F1FFFF
85C0
740C
807C03FF2E
7405
BFF0874000

mov dl, 5C
call 00409240
mov edx, eax
inc edx
lea eax, dword ptr [ebp+FFFFFEF3]
mov ecx, 00000104
call 00407978
mov ebx, 004087EC
mov edi, 004087EC
mov eax, esi
call 00402D90
test al, al
je 0040873C
call 00403BF8
mov ebx, eax
mov eax, ebx
call 004078BC
test eax, eax
je 0040873C
cmp byte ptr [ebx+eax-01], 2E
je 0040873C
mov edi, 004087F0

|:00408719(C), :0040872E(C), :00408735(C)
|
:0040873C 6800010000
push 00000100
:00408741 8D85EEFCFFFF
lea eax, dword ptr [ebp+FFFFFCEE]
:00408747 50
push eax
:00408748 A12C2D4400
mov eax, dword ptr [00442D2C]
:0040874D 8B4004
:00408750 50
push eax
:00408751 A1E02B4400
:00408756 8B00
:00408758 E84FC3FFFF
call 00404AAC
:0040875D 50
push eax
|
:0040875E E88DDBFFFF
Call 004062F0
:00408763 8D95A8FBFFFF
lea edx, dword ptr [ebp+FFFFFBA8]
:00408769 8B06
:0040876B E8FCA3FFFF
call 00402B6C
:00408770 8D85A8FBFFFF
lea eax, dword ptr [ebp+FFFFFBA8]
:00408776 8985A8FCFFFF
mov dword ptr [ebp+FFFFFCA8], eax
:0040877C C685ACFCFFFF04
mov byte ptr [ebp+FFFFFCAC], 04
:00408783 8D85F3FEFFFF
:00408789 8985B0FCFFFF
mov dword ptr [ebp+FFFFFCB0], eax
:0040878F C685B4FCFFFF06
mov byte ptr [ebp+FFFFFCB4], 06
:00408796 8B45F8
:00408799 8985B8FCFFFF
mov dword ptr [ebp+FFFFFCB8], eax
:0040879F C685BCFCFFFF05
mov byte ptr [ebp+FFFFFCBC], 05
:004087A6 899DC0FCFFFF
mov dword ptr [ebp+FFFFFCC0], ebx
:004087AC C685C4FCFFFF06
mov byte ptr [ebp+FFFFFCC4], 06
:004087B3 89BDC8FCFFFF
mov dword ptr [ebp+FFFFFCC8], edi
:004087B9 C685CCFCFFFF06
mov byte ptr [ebp+FFFFFCCC], 06
:004087C0 8D85A8FCFFFF
lea eax, dword ptr [ebp+FFFFFCA8]
:004087C6
:004087C7
:004087C9
:004087CF
:004087D2
:004087D5
:004087DA
:004087DD
:004087E2
:004087E3
:004087E4
:004087E5
:004087E7
:004087E8
50
6A04
8D8DEEFCFFFF
8B5508
8B45FC
E8F6F7FFFF
8B45FC
E8DAF0FFFF
5F
5E
5B
8BE5
5D
C20400
push eax
push 00000004
lea ecx, dword
mov edx, dword
mov eax, dword
call 00407FD0
mov eax, dword
call 004078BC
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret 0004
:004087EB 0000000000
BYTE 5 DUP(0)
:004087F0 2E
BYTE 02eh
:004087F1 000000
BYTE 3 DUP(0)
ptr [ebp+FFFFFCEE]
ptr [ebp+08]
ptr [ebp-04]
ptr [ebp-04]

|:00408E90 , :0043EEEA
|
:004087F4 81C4C0FBFFFF
add esp, FFFFFBC0
:004087FA 6800040000
push 00000400
:004087FF 8D4C2444
:00408803 E860FEFFFF
call 00408668
:00408808 A17C2C4400
mov eax, dword ptr [00442C7C]
:0040880D 803800
cmp byte ptr [eax], 00
:00408810 741A
je 0040882C
:00408812 8D542440
:00408816 A1F42A4400
mov eax, dword ptr [00442AF4]
:0040881B E890CBFFFF
call 004053B0
:00408820 E80ECBFFFF
call 00405333
:00408825 E83A9FFFFF
call 00402764
:0040882A EB38
jmp 00408864
|:00408810(C)
|
:0040882C 6A40
:0040882E 8D442404
:00408832 50
:00408833 A1BC2A4400
:00408838 8B4004
:0040883B 50
:0040883C A1E02B4400
:00408841 8B00
:00408843 E864C2FFFF
:00408848 50

push 00000040
lea eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
mov eax, dword
mov eax, dword
call 00404AAC
push eax

|
:00408849 E8A2DAFFFF
Call 004062F0
ptr [esp+04]
ptr [00442ABC]
ptr [eax+04]
ptr [00442BE0]
ptr [eax]
:0040884E
:00408853
:00408857
:00408858
:0040885C
:0040885D
6810200000
8D442404
50
8D442448
50
6A00
push 00002010
push eax
push eax
push 00000000

|
:0040885F E8A4DAFFFF
Call 00406308
|:0040882A(U)
|
:00408864 81C440040000
add esp, 00000440
:0040886A C3
ret
:0040886B 90
|:0040899C , :00408A47
|:00409752 , :0040C22C
|:0040EBE3 , :0040ED0D
|:00410740 , :00414F5E
|:0041532A , :0042304B
|:0042AAD8 , :0042ACB9
|:0042E940 , :0042EB2B
|:00431491 , :00432255
|:0043A5E4 , :0043B79F
|
:0040886C 53
:0040886D 56
:0040886E 57
:0040886F 84D2
:00408871 7408
:00408873 83C4F0
:00408876 E889A6FFFF
nop
Addresses:
, :00408E0E
, :0040D05E
, :0040EE0F
, :00415168
, :00423833
, :0042C099
, :0042F144
, :0043244D
, :0043BED7
|:00408871(C)
|
:0040887B 8BF1
:0040887D 8BDA
:0040887F 8BF8
:00408881 8D4704
:00408884 8BD6
:00408886 E881AFFFFF
:0040888B 8BC7
:0040888D 84DB
:0040888F 740F
:00408891 E8C6A6FFFF
:00408896 648F0500000000
:0040889D 83C40C
,
,
,
,
,
,
,
,
,
:00408ECA
:0040E7DD
:0040F324
:00415180
:00428D3B
:0042C0DA
:0042F730
:00438E01
:0043BF94
,
,
,
,
,
,
,
,
,
:00408EEB
:0040E859
:0040F805
:0041528E
:0042AA90
:0042E6A9
:004305DC
:0043A43F
:0043DD7E
push ebx
push esi
push edi
test dl, dl
je 0040887B
add esp, FFFFFFF0
call 00402F04
mov esi, ecx
mov ebx, edx
mov edi, eax
lea eax, dword ptr [edi+04]
mov edx, esi
call 0040380C
mov eax, edi
test bl, bl
je 004088A0
call 00402F5C
add esp, 0000000C

|:0040888F(C)
|
:004088A0 8BC7
mov eax, edi
:004088A2 5F
pop edi
:004088A3 5E
:004088A4 5B
:004088A5 C3
pop esi
pop ebx
ret
:004088A6 8BC0
mov eax, eax
|:00407438 , :004089C9
|:00408D87 , :00408E4B
|:0040D2C8 , :0040D784
|:004112BF , :0041192D
|:0042638F , :00436C89
|
:004088A8 55
:004088A9 8BEC
:004088AB 6A00
:004088AD 53
:004088AE 56
:004088AF 57
:004088B0 84D2
:004088B2 7408
:004088B4 83C4F0
:004088B7 E848A6FFFF
Addresses:
, :00408AD6
, :00409734
, :0040E9A1
, :00411A3F
, :0043816E
,
,
,
,
,
:00408B4F
:0040C49E
:0040E9E4
:00422C84
:00439AF4
,
,
,
,
:00408D2B
:0040CB48
:0041019B
:004234E6
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
test dl, dl
je 004088BC
add esp, FFFFFFF0
call 00402F04
|:004088B2(C)
|
:004088BC 8BF1
:004088BE 8BDA
:004088C0 8BF8
:004088C2 33C0
:004088C4 55
:004088C5 6802894000
:004088CA 64FF30
:004088CD 648920
:004088D0 8D45FC
:004088D3 50
:004088D4 8B550C
:004088D7 8B4D08
:004088DA 8BC6
:004088DC E823F7FFFF
:004088E1 8B55FC
:004088E4 8D4704
:004088E7 E820AFFFFF
:004088EC 33C0
:004088EE 5A
:004088EF 59
:004088F0 59
:004088F1 648910
:004088F4 6809894000
|:00408907(U)
|
:004088F9 8D45FC
:004088FC E8B7AEFFFF
:00408901 C3
mov esi, ecx

mov ebx, edx
mov edi, eax
xor eax, eax
push ebp
push 00408902
push eax
mov eax, esi
call 00408004
call 0040380C
xor eax, eax
pop edx
pop ecx
pop ecx
push 00408909

call 004037B8
ret
:00408902
:00408907
:00408909
:0040890B
:0040890D
:0040890F
:00408914
:0040891B
E971A9FFFF
EBF0
8BC7
84DB
740F
E848A6FFFF
648F0500000000
83C40C
jmp 00403278
jmp 004088F9
mov eax, edi
test bl, bl
je 0040891E
call 00402F5C
add esp, 0000000C

|:0040890D(C)
|
:0040891E 8BC7
mov eax, edi
:00408920 5F
pop edi
:00408921 5E
pop esi
:00408922 5B
pop ebx
:00408923 59
pop ecx
:00408924 5D
pop ebp
:00408925 C20800
ret 0008
:00408928 80780C00
:0040892C 7405
:0040892E E895A2FFFF
cmp byte ptr [eax+0C], 00

je 00408933
call 00402BC8
|:0040892C(C)
|
:00408933 C3
:00408934 388940000E09
:0040893A 54
:0040893B 45
:0040893C 7272
:0040893E 6F
:0040893F 7252
:00408941 656308
:00408944 000000
:00408947
:00408949
:0040894B
:0040894D
:0040894E
:00408951
:00408953

jl 0040895D
inc eax
nop
0100
0000
7C10
40
000400
0000
90
ret
cmp byte ptr [ecx+090E0040], cl
push esp
inc ebp
jb 004089B0
outsd
jb 00408993
arpl dword ptr gs:[eax], ecx
BYTE 3 DUP(0)

|:00408A4E
|
:00408954 55
push ebp
:00408955 8BEC
mov ebp, esp
:00408957 83C4F4
add esp, FFFFFFF4
:0040895A 53
push ebx
:0040895B 56
push esi
:0040895C 33C0
xor eax, eax
:0040895E 8945F4
:00408961 33C0
xor eax, eax
:00408963 55
push ebp
:00408964 68E9894000
push 004089E9
:00408969
:0040896C
:0040896F
:00408971
:00408976
:00408978
64FF30
648920
33DB
E81E9EFFFF
8BF0
EB01

xor ebx, ebx
call 00402794
mov esi, eax
jmp 0040897B

|:00408987(C)
|
:0040897A 43
inc ebx
|:00408978(U)
|
:0040897B 83FB06
:0040897E 7F09
:00408980 3B34DDB8214400
:00408987 75F1
|:0040897E(C)
|
:00408989 83FB06
:0040898C 7F17
:0040898E 8B0CDDBC214400
:00408995 B201
:00408997 A1F86A4000
:0040899C E8CBFEFFFF
:004089A1 8BD8
:004089A3 EB2B
|:0040898C(C)
|
:004089A5 8975F8
:004089A8 C645FC00
:004089AC 8D45F8
:004089AF 50
|:0040893C(C)
|
:004089B0 6A00
:004089B2 8D55F4
:004089B5 A1B82A4400
:004089BA E865C4FFFF
:004089BF 8B4DF4
:004089C2 B201
:004089C4 A1F86A4000
:004089C9 E8DAFEFFFF
:004089CE 8BD8
cmp ebx, 00000006

jg 00408989
cmp esi, dword ptr [8*ebx+004421B8]
jne 0040897A
cmp ebx, 00000006

jg 004089A5
mov ecx, dword ptr [8*ebx+004421BC]
mov dl, 01
call 0040886C
mov ebx, eax
jmp 004089D0

mov [ebp-04], 00
push eax
push 00000000
lea edx, dword
mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 004088A8
mov ebx, eax
ptr [ebp-0C]
ptr [00442AB8]
ptr [ebp-0C]
ptr [00406AF8]

|:004089A3(U)
|
:004089D0 89730C
mov dword ptr [ebx+0C], esi
:004089D3 33C0
xor eax, eax
:004089D5 5A
pop edx
:004089D6 59
pop ecx
:004089D7 59
:004089D8 648910
:004089DB 68F0894000
pop ecx
push 004089F0
|:004089EE(U)
|
:004089E0 8D45F4
:004089E3 E8D0ADFFFF
:004089E8 C3
:004089E9
:004089EE
:004089F0
:004089F2
:004089F3
:004089F4
:004089F6
:004089F7
E98AA8FFFF
EBF0
8BC3
5E
5B
8BE5
5D
C3
jmp
jmp
mov
pop
pop
mov
pop
ret
:004089F8
:004089F9
:004089FC
:004089FD
:00408A01
:00408A04
:00408A06
:00408A09
FC
894000
0E
0A544578
636570
7452
656308
000000
cld
mov dword ptr [eax+00], eax
push cs
or dl, byte ptr [ebp+2*eax+78]
je 00408A58
arpl dword ptr gs:[eax], ecx
BYTE 3 DUP(0)
:00408A0C
:00408A0E
:00408A10
:00408A12
:00408A13
:00408A16
:00408A18
:00408A19
:00408A1B
:00408A1D
:00408A1E
:00408A20
:00408A21
:00408A23
:00408A24
:00408A27
:00408A29
0100
0000
7C10
40
000400
0000
53
8BDA
8BD0
4A
740B
4A
740F
4A
83EA15
7210
EB23

jl 00408A22
inc eax
push ebx
mov ebx, edx
mov edx, eax
dec edx
je 00408A2B
dec edx
je 00408A32
dec edx
sub edx, 00000015
jb 00408A39
jmp 00408A4E

call 004037B8
ret
00403278
004089E0
eax, ebx
esi
ebx
esp, ebp
ebp

|:00408A1E(C)
|
:00408A2B A1FC354400
mov eax, dword ptr [004435FC]
:00408A30 EB21
jmp 00408A53
|:00408A21(C)
|
:00408A32 A100364400
:00408A37 EB1A
jmp 00408A53
|:00408A27(C)
|
:00408A39 8D04C5D8214400
:00408A40 8B4804
:00408A43 8B00
:00408A45 B201
:00408A47 E820FEFFFF
:00408A4C EB05

lea eax, dword ptr [8*eax+004421D8]
mov dl, 01
call 0040886C
jmp 00408A53

|:00408A29(U)
|
:00408A4E E801FFFFFF
call 00408954
|:00408A30(U), :00408A37(U), :00408A4C(U)
|
:00408A53 53
push ebx
:00408A54 E957A8FFFF
jmp 004032B0
:00408A59 5B
pop ebx
:00408A5A C3
ret
:00408A5B
:00408A5C
:00408A5D
:00408A5F
:00408A62
:00408A63
:00408A64
:00408A65
:00408A67
:00408A6A
:00408A6D
:00408A6F
:00408A71
:00408A73
:00408A75
:00408A76
:00408A7B
:00408A7E
:00408A81
:00408A83
:00408A85
:00408A88
:00408A8A
:00408A8F
90
55
8BEC
83C4E0
53
56
57
33DB
895DE0
895DFC
8BF9
8BF2
8BD8
33C0
55
68FE8A4000
64FF30
648920
85DB
740C
8D45FC
8BD3
E8C1ADFFFF
EB0D
|:00408A83(C)
|
:00408A91 8D55FC
:00408A94 A1542C4400
:00408A99 E886C3FFFF
nop
push ebp
mov ebp, esp
add esp, FFFFFFE0
push ebx
push esi
push edi
xor ebx, ebx
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 00408AFE
test ebx, ebx
je 00408A91
mov edx, ebx
call 00403850
jmp 00408A9E
mov eax, dword ptr [00442C54]
call 00404E24

|:00408A8F(U)
|
:00408A9E
:00408AA1
:00408AA4
:00408AA7
:00408AAB
:00408AAE
:00408AB2
:00408AB5
:00408AB9
:00408ABC
:00408ABD
:00408ABF
:00408AC2
:00408AC7
:00408ACC
:00408ACF
:00408AD1
:00408AD6
:00408ADB
:00408AE0
:00408AE2
:00408AE3
:00408AE4
:00408AE5
FF7508
8B45FC
8945E4
C645E80B
8975EC
C645F00B
897DF4
C645F800
8D45E4
50
6A02
8D55E0
A1B02C4400
E858C3FFFF
8B4DE0
B201
A100724000
E8CDFDFFFF
E9D0A7FFFF
33C0
5A
59
59
648910
push [ebp+08]
mov [ebp-18], 0B
mov [ebp-10], 0B
mov dword ptr [ebp-0C], edi
mov [ebp-08], 00
push eax
push 00000002
mov eax, dword ptr [00442CB0]
call 00404E24
mov dl, 01
call 004088A8
jmp 004032B0
xor eax, eax
pop edx
pop ecx
pop ecx

|
:00408AE8 68058B4000
push 00408B05
|:00408B03(U)
|
:00408AED 8D45E0
:00408AF0 E8C3ACFFFF
:00408AF5 8D45FC
:00408AF8 E8BBACFFFF
:00408AFD C3
:00408AFE
:00408B03
:00408B05
:00408B06
:00408B07
:00408B08
:00408B0A
:00408B0B
E975A7FFFF
EBE8
5F
5E
5B
8BE5
5D
C20400
jmp
jmp
pop
pop
pop
mov
pop
ret
:00408B0E
:00408B10
:00408B11
:00408B13
:00408B16
:00408B18
:00408B1B
:00408B1D
:00408B1E
:00408B23
8BC0
55
8BEC
83C4F4
33C0
8945F4
33C0
55
686F8B4000
64FF30
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF4
xor eax, eax
xor eax, eax
push ebp
push 00408B6F

call 004037B8
call 004037B8
ret
00403278
00408AED
edi
esi
ebx
esp, ebp
ebp
0004
:00408B26
:00408B29
:00408B2B
:00408B2E
:00408B32
:00408B35
:00408B36
:00408B38
:00408B3B
:00408B40
:00408B45
:00408B48
:00408B4A
:00408B4F
:00408B54
:00408B59
:00408B5B
:00408B5C
:00408B5D
:00408B5E
:00408B61
648920
33C0
8945F8
C645FC0B
8D45F8
50
6A00
8D55F4
A1D02A4400
E8DFC2FFFF
8B4DF4
B201
A160724000
E854FDFFFF
E857A7FFFF
33C0
5A
59
59
648910
68768B4000

xor eax, eax
mov [ebp-04], 0B
push eax
push 00000000
mov eax, dword ptr [00442AD0]
call 00404E24
mov ecx, dword ptr [ebp-0C]
mov dl, 01
call 004088A8
call 004032B0
xor eax, eax
pop edx
pop ecx
pop ecx
push 00408B76
|:00408B74(U)
|
:00408B66 8D45F4
:00408B69 E84AACFFFF
:00408B6E C3
:00408B6F
:00408B74
:00408B76
:00408B78
:00408B79
jmp
jmp
mov
pop
ret
E904A7FFFF
EBF0
8BE5
5D
C3
:00408B7A 8BC0

call 004037B8
ret
00403278
00408B66
esp, ebp
ebp
mov eax, eax

|:00408BFC , :00408DE4
|
:00408B7C 8B00
:00408B7E 3D920000C0
cmp eax, C0000092
:00408B83 7F2C
jg 00408BB1
:00408B85 7459
je 00408BE0
:00408B87 3D8E0000C0
cmp eax, C000008E
:00408B8C 7F15
jg 00408BA3
:00408B8E 7453
je 00408BE3
:00408B90 2D050000C0
sub eax, C0000005
:00408B95 7455
je 00408BEC
:00408B97 2D87000000
sub eax, 00000087
:00408B9C 743C
je 00408BDA
:00408B9E 48
dec eax
:00408B9F 7448
je 00408BE9
:00408BA1 EB55
jmp 00408BF8
|:00408B8C(C)
|
:00408BA3
:00408BA8
:00408BAB
:00408BAD
:00408BAF
0571FFFF3F
83E802
7233
7437
EB47
add eax, 3FFFFF71

sub eax, 00000002
jb 00408BE0
je 00408BE6
jmp 00408BF8
|:00408B83(C)
|
:00408BB1 3D960000C0
:00408BB6 7F11
:00408BB8 7435
:00408BBA 2D930000C0
:00408BBF 7428
:00408BC1 48
:00408BC2 7413
:00408BC4 48
:00408BC5 7416
:00408BC7 EB2F
|:00408BB6(C)
|
:00408BC9 2DFD0000C0
:00408BCE 7425
:00408BD0 83E83D
:00408BD3 741D
:00408BD5 EB21
cmp eax, C0000096

jg 00408BC9
je 00408BEF
sub eax, C0000093
je 00408BE9
dec eax
je 00408BD7
dec eax
je 00408BDD
jmp 00408BF8
sub eax, C00000FD

je 00408BF5
sub eax, 0000003D
je 00408BF2
jmp 00408BF8

|:00408BC2(C)
|
:00408BD7 B003
mov al, 03
:00408BD9 C3
ret

|:00408B9C(C)
|
:00408BDA B004
mov al, 04
:00408BDC C3
ret

|:00408BC5(C)
|
:00408BDD B005
mov al, 05
:00408BDF C3
ret

|:00408B85(C), :00408BAB(C)
|
:00408BE0 B006
mov al, 06
:00408BE2 C3
ret

|:00408B8E(C)
|
:00408BE3 B007
mov al, 07
:00408BE5 C3
ret

|:00408BAD(C)
|
:00408BE6 B008
mov al, 08
:00408BE8 C3
ret

|:00408B9F(C), :00408BBF(C)
|
:00408BE9 B009
mov al, 09
:00408BEB C3
ret

|:00408B95(C)
|
:00408BEC B00B
mov al, 0B
:00408BEE C3
ret

|:00408BB8(C)
|
:00408BEF B00C
mov al, 0C
:00408BF1 C3
ret

|:00408BD3(C)
|
:00408BF2 B00D
mov al, 0D
:00408BF4 C3
ret

|:00408BCE(C)
|
:00408BF5 B00E
mov al, 0E
:00408BF7 C3
ret

|:00408BA1(U), :00408BAF(U), :00408BC7(U), :00408BD5(U)
|
:00408BF8 B016
:00408BFA C3
mov al, 16
ret
:00408BFB
:00408BFC
:00408C01
:00408C06
:00408C0D
nop
call 00408B7C
and eax, 000000FF
mov eax, dword ptr [8*eax+004421D8]
ret
90
E87BFFFFFF
25FF000000
8B04C5D8214400
C3
:00408C0E 8BC0
mov eax, eax

|:00408E18
|
:00408C10 55
push ebp
:00408C11 8BEC
mov ebp, esp
:00408C13 81C498FEFFFF
add esp, FFFFFE98
:00408C19 53
push ebx
:00408C1A 56
push esi
:00408C1B 33C0
xor eax, eax
:00408C1D 8985B4FEFFFF
mov dword ptr [ebp+FFFFFEB4], eax
:00408C23 8985B0FEFFFF
:00408C29 8945FC
:00408C2C 33C0
xor eax, eax
:00408C2E 55
push ebp
:00408C2F 68B48D4000
push 00408DB4
:00408C34 64FF30
:00408C37 648920
:00408C3A 8B4508
:00408C3D 8B58FC
mov ebx, dword ptr [eax-04]
:00408C40 837B1400
:00408C44 750F
jne 00408C55
:00408C46 8D55FC
:00408C49 A1542D4400
:00408C4E E8D1C1FFFF
call 00404E24
:00408C53 EB0D
jmp 00408C62
|:00408C44(C)
|
:00408C55 8D55FC
:00408C58 A1342C4400
:00408C5D E8C2C1FFFF

call 00404E24

|:00408C53(U)
|
:00408C62 8B7318
:00408C65 6A1C
push 0000001C
:00408C67 8D45E0
:00408C6A 50
push eax
:00408C6B 8B430C
:00408C6E 50
push eax
|
:00408C6F E83CD1FFFF
Call 00405DB0
:00408C74 817DF000100000
:00408C7B
:00408C81
:00408C86
:00408C8C
:00408C8D
:00408C90
0F85B3000000
6805010000
8D85DBFEFFFF
50
8B45E4
50
jne 00408D34
push 00000105
lea eax, dword ptr [ebp+FFFFFEDB]
push eax
push eax

|
:00408C91 E822D0FFFF
Call 00405CB8
:00408C96 85C0
test eax, eax
:00408C98 0F8496000000
je 00408D34
:00408C9E 8B430C
:00408CA1 8985B8FEFFFF
:00408CA7 C685BCFEFFFF05
mov byte ptr [ebp+FFFFFEBC], 05
:00408CAE 8D85B0FEFFFF
lea eax, dword ptr [ebp+FFFFFEB0]
:00408CB4 8D95DBFEFFFF
lea edx, dword ptr [ebp+FFFFFEDB]
:00408CBA B905010000
mov ecx, 00000105
:00408CBF E820ADFFFF
call 004039E4
:00408CC4 8B85B0FEFFFF
mov eax, dword ptr [ebp+FFFFFEB0]
:00408CCA 8D95B4FEFFFF
lea edx, dword ptr [ebp+FFFFFEB4]
:00408CD0 E8F3EAFFFF
call 004077C8
:00408CD5 8B85B4FEFFFF
mov eax, dword ptr [ebp+FFFFFEB4]
:00408CDB 8985C0FEFFFF
mov dword ptr [ebp+FFFFFEC0], eax
:00408CE1 C685C4FEFFFF0B
mov byte ptr [ebp+FFFFFEC4], 0B
:00408CE8 8B45FC
:00408CEB 8985C8FEFFFF
mov dword ptr [ebp+FFFFFEC8], eax
:00408CF1 C685CCFEFFFF0B
mov byte ptr [ebp+FFFFFECC], 0B
:00408CF8 89B5D0FEFFFF
mov dword ptr [ebp+FFFFFED0], esi
:00408CFE C685D4FEFFFF05
mov byte ptr [ebp+FFFFFED4], 05
:00408D05 8D85B8FEFFFF
:00408D0B 50
push eax
:00408D0C 6A03
push 00000003
:00408D0E 8D95B0FEFFFF
:00408D14 A18C2C4400
:00408D19 E806C1FFFF
call 00404E24
:00408D1E 8B8DB0FEFFFF
mov ecx, dword ptr [ebp+FFFFFEB0]
:00408D24 B201
mov dl, 01
:00408D26 A138704000
:00408D2B E878FBFFFF
call 004088A8
:00408D30 8BD8
mov ebx, eax
:00408D32 EB5A
jmp 00408D8E
|:00408C7B(C), :00408C98(C)
|
:00408D34 8B430C
:00408D37 898598FEFFFF
:00408D3D C6859CFEFFFF05
:00408D44 8B45FC
:00408D47 8985A0FEFFFF
:00408D4D C685A4FEFFFF0B
:00408D54 89B5A8FEFFFF
:00408D5A C685ACFEFFFF05
:00408D61 8D8598FEFFFF
:00408D67 50
:00408D68 6A02
:00408D6A 8D95B4FEFFFF
:00408D70 A1E02C4400
:00408D75 E8AAC0FFFF

mov dword ptr [ebp+FFFFFE98], eax
mov byte ptr [ebp+FFFFFE9C], 05
mov dword ptr [ebp+FFFFFEA0], eax
mov byte ptr [ebp+FFFFFEA4], 0B
mov dword ptr [ebp+FFFFFEA8], esi
mov byte ptr [ebp+FFFFFEAC], 05
lea eax, dword ptr [ebp+FFFFFE98]
push eax
push 00000002
mov eax, dword ptr [00442CE0]
call 00404E24
:00408D7A
:00408D80
:00408D82
:00408D87
:00408D8C
8B8DB4FEFFFF
B201
A138704000
E81CFBFFFF
8BD8
mov ecx, dword ptr [ebp+FFFFFEB4]

mov dl, 01
call 004088A8
mov ebx, eax
|:00408D32(U)
|
:00408D8E 33C0
:00408D90 5A
:00408D91 59
:00408D92 59
:00408D93 648910
:00408D96 68BB8D4000
|:00408DB9(U)
|
:00408D9B 8D85B0FEFFFF
:00408DA1 BA02000000
:00408DA6 E831AAFFFF
:00408DAB 8D45FC
:00408DAE E805AAFFFF
:00408DB3 C3
:00408DB4
:00408DB9
:00408DBB
:00408DBD
:00408DBE
:00408DBF
:00408DC1
:00408DC2
E9BFA4FFFF
EBE0
8BC3
5E
5B
8BE5
5D
C3
jmp
jmp
mov
pop
pop
mov
pop
ret
:00408DC3
:00408DC4
:00408DC5
:00408DC7
:00408DCA
:00408DCB
:00408DCD
:00408DD0
:00408DD3
:00408DD5
:00408DD6
:00408DDB
:00408DDE
:00408DE1
:00408DE4
:00408DE9
:00408DEE
:00408DF0
:00408DF3
:00408DF6
:00408DF8
:00408DFA
:00408DFB
90
55
8BEC
83C4F0
53
33D2
8955F0
8945FC
33C0
55
687F8E4000
64FF30
648920
8B45FC
E893FDFFFF
25FF000000
8BD0
83C2FD
83EA08
7208
741D
4A
83EA0A
nop
push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
xor edx, edx
xor eax, eax
push ebp
push 00408E7F
call 00408B7C
and eax, 000000FF
mov edx, eax
add edx, FFFFFFFD
sub edx, 00000008
jb 00408E00
je 00408E17
dec edx
sub edx, 0000000A
xor eax, eax

pop edx
pop ecx
pop ecx
push 00408DBB

mov edx, 00000002
call 004037DC
call 004037B8
ret
00403278
00408D9B
eax, ebx
esi
ebx
esp, ebp
ebp
:00408DFE 7322
jnb 00408E22
|:00408DF6(C)
|
:00408E00 8D04C5D8214400
:00408E07 8B4804
:00408E0A 8B00
:00408E0C B201
:00408E0E E859FAFFFF
:00408E13 8BD8
:00408E15 EB3B
|:00408DF8(C)
|
:00408E17 55
:00408E18 E8F3FDFFFF
:00408E1D 59
:00408E1E 8BD8
:00408E20 EB30
|:00408DFE(C)
|
:00408E22 8B45FC
:00408E25 8B00
:00408E27 8945F4
:00408E2A C645F800
:00408E2E 8D45F4
:00408E31 50
:00408E32 6A00
:00408E34 8D55F0
:00408E37 A1402A4400
:00408E3C E8E3BFFFFF
:00408E41 8B4DF0
:00408E44 B201
:00408E46 A1A86B4000
:00408E4B E858FAFFFF
:00408E50 8BD8
|:00408E15(U), :00408E20(U)
|
:00408E52 8BC3
:00408E54 8B15506B4000
:00408E5A E8319FFFFF
:00408E5F 84C0
:00408E61 7406
:00408E63 8B45FC
:00408E66 89430C
lea eax, dword ptr [8*eax+004421D8]

mov dl, 01
call 0040886C
mov ebx, eax
jmp 00408E52
push ebp
call 00408C10
pop ecx
mov ebx, eax
jmp 00408E52

mov [ebp-08], 00
push eax
push 00000000
call 00404E24
mov dl, 01
mov eax, dword ptr [00406BA8]
call 004088A8
mov ebx, eax
mov eax, ebx

mov edx, dword ptr [00406B50]
call 00402D90
test al, al
je 00408E69

|:00408E61(C)
|
:00408E69 33C0
xor eax, eax
:00408E6B 5A
pop edx
:00408E6C 59
pop ecx
:00408E6D 59
pop ecx
:00408E6E 648910
:00408E71 68868E4000
push 00408E86
|:00408E84(U)
|
:00408E76 8D45F0
:00408E79 E83AA9FFFF
:00408E7E C3
:00408E7F
:00408E84
:00408E86
:00408E88
:00408E89
:00408E8B
:00408E8C
E9F4A3FFFF
EBF0
8BC3
5B
8BE5
5D
C3
jmp
jmp
mov
pop
mov
pop
ret
:00408E8D
:00408E90
:00408E95
:00408E9A
:00408E9F
8D4000
E85FF9FFFF
B801000000
E801A9FFFF
C3

call 004087F4
mov eax, 00000001
call 004037A0
ret

call 004037B8
ret
00403278
00408E76
eax, ebx
ebx
esp, ebp
ebp

|:0040A687
|
:00408EA0 55
push ebp
:00408EA1 8BEC
mov ebp, esp
:00408EA3 6A00
push 00000000
:00408EA5 33C0
xor eax, eax
:00408EA7 55
push ebp
:00408EA8 685A8F4000
push 00408F5A
:00408EAD 64FF30
:00408EB0 648920
:00408EB3 8D55FC
:00408EB6 A1C02A4400
mov eax, dword ptr [00442AC0]
:00408EBB E864BFFFFF
call 00404E24
:00408EC0 8B4DFC
:00408EC3 B201
mov dl, 01
:00408EC5 A19C6A4000
:00408ECA E89DF9FFFF
call 0040886C
:00408ECF A3FC354400
mov dword ptr [004435FC], eax
:00408ED4 8D55FC
:00408ED7 A10C2C4400
:00408EDC E843BFFFFF
call 00404E24
:00408EE1 8B4DFC
:00408EE4 B201
mov dl, 01
:00408EE6 A1246F4000
:00408EEB E87CF9FFFF
call 0040886C
:00408EF0 A300364400
:00408EF5 A1502A4400
:00408EFA C700188A4000
mov dword ptr [eax], 00408A18
:00408F00 A12C2B4400
mov eax, dword ptr [00442B2C]
:00408F05 C700908E4000
mov dword ptr [eax], 00408E90
:00408F0B A1B02A4400
mov eax, dword ptr [00442AB0]
:00408F10 8B1584694000
:00408F16
:00408F18
:00408F1D
:00408F23
:00408F28
:00408F2E
:00408F33
:00408F39
:00408F3E
:00408F44
:00408F46
:00408F47
:00408F48
:00408F49
:00408F4C
8910
A1102B4400
C700FC8B4000
A1342B4400
C700C48D4000
A12C2C4400
C7005C8A4000
A13C2A4400
C700108B4000
33C0
5A
59
59
648910
68618F4000

mov eax, dword ptr [00442B10]
mov dword ptr [eax], 00408BFC
mov dword ptr [eax], 00408DC4
mov dword ptr [eax], 00408A5C
mov dword ptr [eax], 00408B10
xor eax, eax
pop edx
pop ecx
pop ecx
push 00408F61
|:00408F5F(U)
|
:00408F51 8D45FC
:00408F54 E85FA8FFFF
:00408F59 C3
:00408F5A
:00408F5F
:00408F61
:00408F62
:00408F63
jmp
jmp
pop
pop
ret
E919A3FFFF
EBF0
59
5D
C3

call 004037B8
ret
00403278
00408F51
ecx
ebp

|:0040A516
|
:00408F64 A1FC354400
:00408F69 C6400C01
mov [eax+0C], 01
:00408F6D A1FC354400
:00408F72 8B10
:00408F74 FF52F8
call [edx-08]
:00408F77 33C0
xor eax, eax
:00408F79 A3FC354400
:00408F7E A100364400
:00408F83 C6400C01
mov [eax+0C], 01
:00408F87 A100364400
:00408F8C E88F9CFFFF
call 00402C20
:00408F91 33C0
xor eax, eax
:00408F93 A300364400
:00408F98 A1502A4400
:00408F9D 33D2
xor edx, edx
:00408F9F 8910
:00408FA1 A12C2B4400
:00408FA6 33D2
xor edx, edx
:00408FA8 8910
:00408FAA A1B02A4400
mov eax, dword ptr [00442AB0]
:00408FAF 33D2
xor edx, edx
:00408FB1 8910
:00408FB3 A1102B4400
:00408FB8 33D2
xor edx, edx
:00408FBA 8910
:00408FBC
:00408FC1
:00408FC3
:00408FC5
:00408FCA
:00408FCC
:00408FCE
A1342B4400
33D2
8910
A12C2C4400
33D2
8910
C3
:00408FCF 90
mov
xor
mov
mov
xor
mov
ret
eax, dword ptr [00442B34]

edx, edx
dword ptr [eax], edx
eax, dword ptr [00442C2C]
edx, edx
nop

|:0040A691
|
:00408FD0 81C46CFFFFFF
add esp, FFFFFF6C
:00408FD6 C7042494000000
mov dword ptr [esp], 00000094
:00408FDD 54
push esp
* Reference To: kernel32.GetVersionExA, Ord:0000h
|
:00408FDE E80DCDFFFF
Call 00405CF0
:00408FE3 85C0
test eax, eax
:00408FE5 7437
je 0040901E
:00408FE7 8B442410
:00408FEB A3B8204400
mov dword ptr [004420B8], eax
:00408FF0 8B442404
:00408FF4 A3BC204400
mov dword ptr [004420BC], eax
:00408FF9 8B442408
:00408FFD A3C0204400
mov dword ptr [004420C0], eax
:00409002 8B44240C
:00409006 A3C4204400
:0040900B B8C8204400
mov eax, 004420C8
:00409010 8D542414
:00409014 B980000000
mov ecx, 00000080
:00409019 E8C6A9FFFF
call 004039E4
|:00408FE5(C)
|
:0040901E 81C494000000
add esp, 00000094
:00409024 C3
ret
:00409025 8D4000

|:004090BB , :004090CF
|
:00409028 56
push esi
:00409029 57
push edi
:0040902A 8BFA
mov edi, edx
:0040902C 33D2
xor edx, edx
:0040902E 85C0
test eax, eax
:00409030 7466
je 00409098
:00409032 803C3800
cmp byte ptr [eax+edi], 00
:00409036 7460
je 00409098
:00409038 85FF
test edi, edi
:0040903A 7514
jne 00409050
:0040903C 8A00
mov al, byte ptr [eax]
:0040903E 25FF000000
and eax, 000000FF
:00409043
:0040904A
:0040904C
:0040904E
0FA305CC204400
734C
B201
EB48

jnb 00409098
mov dl, 01
jmp 00409098

|:0040903A(C)
|
:00409050 8BF7
mov esi, edi
:00409052 4E
dec esi
:00409053 EB01
jmp 00409056
|:0040906A(C)
|
:00409055 4E
dec esi
|:00409053(U)
|
:00409056 85F6
:00409058 7C12
:0040905A 8A0C30
:0040905D 81E1FF000000
:00409063 0FA30DCC204400
:0040906A 72E9
|:00409058(C)
|
:0040906C 8BCF
:0040906E 2BCE
:00409070 81E101000080
:00409076 7905
:00409078 49
:00409079 83C9FE
:0040907C 41
test esi, esi

jl 0040906C
mov cl, byte ptr [eax+esi]
and ecx, 000000FF
bt dword ptr [004420CC], ecx
jb 00409055
mov ecx, edi

sub ecx, esi
and ecx, 80000001
jns 0040907D
dec ecx
or ecx, FFFFFFFE
inc ecx

|:00409076(C)
|
:0040907D 85C9
test ecx, ecx
:0040907F 7504
jne 00409085
:00409081 B202
mov dl, 02
:00409083 EB13
jmp 00409098
|:0040907F(C)
|
:00409085 8A0438
:00409088 25FF000000
:0040908D 0FA305CC204400
:00409094 7302
:00409096 B201

mov al, byte ptr [eax+edi]
and eax, 000000FF
jnb 00409098
mov dl, 01

|:00409030(C), :00409036(C), :0040904A(C), :0040904E(U), :00409083(U)
|:00409094(C)
|
:00409098 8BC2
mov eax, edx
:0040909A 5F
:0040909B 5E
:0040909C C3
pop edi
pop esi
ret
:0040909D 8D4000

|:00407762 , :004077AF
|
:004090A0 53
push ebx
:004090A1 56
push esi
:004090A2 8BF2
mov esi, edx
:004090A4 8BD8
mov ebx, eax
:004090A6 33C0
xor eax, eax
:004090A8 803DB835440000
cmp byte ptr [004435B8], 00
:004090AF 740F
je 004090C0
:004090B1 8BC3
mov eax, ebx
:004090B3 E840ABFFFF
call 00403BF8
:004090B8 8BD6
mov edx, esi
:004090BA 4A
dec edx
:004090BB E868FFFFFF
call 00409028
|:004090AF(C)
|
:004090C0 5E
pop esi
:004090C1 5B
pop ebx
:004090C2 C3
ret
:004090C3 90
nop

|:00407B47 , :004091EA , :00409284
|
:004090C4 33C9
xor ecx, ecx
:004090C6 803DB835440000
:004090CD 7407
je 004090D6
:004090CF E854FFFFFF
call 00409028
:004090D4 8BC8
mov ecx, eax
|:004090CD(C)
|
:004090D6 8BC1
mov eax, ecx
:004090D8 C3
ret
:004090D9 8D4000

|:0042068A , :004206CE
|
:004090DC 53
push ebx
:004090DD 56
push esi
:004090DE 57
push edi
:004090DF 55
push ebp
:004090E0 8BF2
mov esi, edx
:004090E2 8BD8
mov ebx, eax
:004090E4
:004090E6
:004090E8
:004090ED
:004090EE
:004090F0
:004090F5
:004090F7
:004090F9
:004090FA
:004090FF
:00409101
:00409103
:00409105
:00409107
:00409109
33FF
8BC3
E80BABFFFF
50
8BC6
E803ABFFFF
8BE8
8BC5
5A
E8A1000000
8BD8
85DB
7405
8BFB
2BFD
47
xor edi, edi

mov eax, ebx
call 00403BF8
push eax
mov eax, esi
call 00403BF8
mov ebp, eax
mov eax, ebp
pop edx
call 004091A0
mov ebx, eax
test ebx, ebx
je 0040910A
mov edi, ebx
sub edi, ebp
inc edi

|:00409103(C)
|
:0040910A 8BC7
mov eax, edi
:0040910C 5D
pop ebp
:0040910D 5F
pop edi
:0040910E 5E
pop esi
:0040910F 5B
pop ebx
:00409110 C3
ret
:00409111 8D4000

|:00417703
|
:00409114 53
push ebx
:00409115 56
push esi
:00409116 57
push edi
:00409117 55
push ebp
:00409118 8BFA
mov edi, edx
:0040911A 8BF0
mov esi, eax
:0040911C 803DB835440000
:00409123 746D
je 00409192
:00409125 8BC6
mov eax, esi
:00409127 E808A9FFFF
call 00403A34
:0040912C 8BE8
mov ebp, eax
:0040912E 8BC7
mov eax, edi
:00409130 8BD5
mov edx, ebp
:00409132 E8D1ABFFFF
call 00403D08
:00409137 BB01000000
mov ebx, 00000001
:0040913C 3BEB
cmp ebp, ebx
:0040913E 7C5B
jl 0040919B
|:0040918E(C)
|
:00409140 8BC7
:00409142 E8BDAAFFFF
:00409147 8A541EFF
:0040914B 885418FF
:0040914F 8A441EFF
:00409153 25FF000000

mov eax, edi
call 00403C04
mov byte ptr [eax+ebx-01], dl
and eax, 000000FF
:00409158
:0040915F
:00409161
:00409162
:00409164
:00409169
:0040916D
:00409171
0FA305CC204400
7312
43
8BC7
E89BAAFFFF
8A541EFF
885418FF
EB18

jnb 00409173
inc ebx
mov eax, edi
call 00403C04
mov byte ptr [eax+ebx-01], dl
jmp 0040918B
|:0040915F(C)
|
:00409173 8B07
:00409175 8A4418FF
:00409179 04BF
:0040917B 2C1A
:0040917D 730C
:0040917F 8BC7
:00409181 E87EAAFFFF
:00409186 804418FF20
|:00409171(U), :0040917D(C)
|
:0040918B 43
:0040918C 3BEB
:0040918E 7DB0
:00409190 EB09
|:00409123(C)
|
:00409192 8BD7
:00409194 8BC6
:00409196 E8A5E3FFFF
|:0040913E(C), :00409190(U)
|
:0040919B 5D
:0040919C 5F
:0040919D 5E
:0040919E 5B
:0040919F C3

mov al, byte ptr [eax+ebx-01]
add al, BF
sub al, 1A
jnb 0040918B
mov eax, edi
call 00403C04
add byte ptr [eax+ebx-01], 20
inc
cmp
jge
jmp
ebx
ebp, ebx
00409140
0040919B
mov edx, edi

mov eax, esi
call 00407540
pop
pop
pop
pop
ret
ebp
edi
esi
ebx

|:004090FA
|
:004091A0 53
push ebx
:004091A1 56
push esi
:004091A2 57
push edi
:004091A3 55
push ebp
:004091A4 83C4F8
add esp, FFFFFFF8
:004091A7 8BEA
mov ebp, edx
:004091A9 8BF0
mov esi, eax
:004091AB 33DB
xor ebx, ebx
:004091AD 85F6
test esi, esi
:004091AF 0F8481000000
je 00409236
:004091B5
:004091B8
:004091BA
:004091BC
:004091BE
:004091C2
:004091C4
:004091C6
:004091CB
:004091CE
:004091D0
:004091D5
:004091D7
:004091D9
:004091DB
:004091E0
:004091E2
803E00
747C
85ED
7478
807D0000
7472
8BC6
E8F1E6FFFF
890424
8BC5
E8E7E6FFFF
8BF8
8BD5
8BC6
E89CE8FFFF
8BD8
EB3F
|:00409232(C)
|
:004091E4 8BD3
:004091E6 2BD6
:004091E8 8BC6
:004091EA E8D5FEFFFF
:004091EF 88442404
:004091F3 807C240402
:004091F8 7415
:004091FA 57
:004091FB 55
:004091FC 57
:004091FD 53
:004091FE 6A00
:00409200 6800040000

je 00409236
test ebp, ebp
je 00409236
cmp byte ptr [ebp+00], 00
je 00409236
mov eax, esi
call 004078BC
mov eax, ebp
call 004078BC
mov edi, eax
mov edx, ebp
mov eax, esi
call 00407A7C
mov ebx, eax
jmp 00409223
mov edx, ebx
sub edx, esi
mov eax, esi
call 004090C4
mov byte ptr [esp+04], al
cmp byte ptr [esp+04], 02
je 0040920F
push edi
push ebp
push edi
push ebx
push 00000000
push 00000400

|
:00409205 E826CAFFFF
Call 00405C30
:0040920A 83F802
cmp eax, 00000002
:0040920D 7427
je 00409236
|:004091F8(C)
|
:0040920F 807C240401
:00409214 7501
:00409216 43
|:00409214(C)
|
:00409217 43
:00409218 8BD5
:0040921A 8BC3
:0040921C E85BE8FFFF
:00409221 8BD8

jne 00409217
inc ebx
inc ebx
mov edx, ebp
mov eax, ebx
call 00407A7C
mov ebx, eax

|:004091E2(U)
|
:00409223
:00409225
:00409227
:00409229
:0040922B
:0040922E
:00409230
:00409232
85DB
740D
8BC3
2BC6
8B1424
2BD0
3BFA
76B0
test ebx, ebx

je 00409234
mov eax, ebx
sub eax, esi
sub edx, eax
cmp edi, edx
jbe 004091E4

|:00409225(C)
|
:00409234 33DB
xor ebx, ebx
|:004091AF(C), :004091B8(C), :004091BC(C), :004091C2(C), :0040920D(C)
|
:00409236 8BC3
mov eax, ebx
:00409238 59
pop ecx
:00409239 5A
pop edx
:0040923A 5D
pop ebp
:0040923B 5F
pop edi
:0040923C 5E
pop esi
:0040923D 5B
pop ebx
:0040923E C3
ret
:0040923F 90
nop

|:004086E8 , :0043DB68
|
:00409240 53
push ebx
:00409241 56
push esi
:00409242 8BDA
mov ebx, edx
:00409244 8BD3
mov edx, ebx
:00409246 E81D000000
call 00409268
:0040924B 8BF0
mov esi, eax
:0040924D 84DB
test bl, bl
:0040924F 7412
je 00409263
:00409251 85C0
test eax, eax
:00409253 740E
je 00409263
|:00409261(C)
|
:00409255 8BF0
:00409257 40
:00409258 8BD3
:0040925A E809000000
:0040925F 85C0
:00409261 75F2
|:0040924F(C), :00409253(C)
|
:00409263 8BC6
:00409265 5E
:00409266 5B
:00409267 C3
mov esi, eax

inc eax
mov edx, ebx
call 00409268
test eax, eax
jne 00409255
mov eax, esi

pop esi
pop ebx
ret

|:00409246 , :0040925A , :0043DB87
|
:00409268 53
push ebx
:00409269 56
push esi
:0040926A 57
push edi
:0040926B 8BDA
mov ebx, edx
:0040926D 8BF0
mov esi, eax
:0040926F 8BD3
mov edx, ebx
:00409271 8BC6
mov eax, esi
:00409273 E8E4E7FFFF
call 00407A5C
:00409278 8BF8
mov edi, eax
:0040927A 85FF
test edi, edi
:0040927C 7424
je 004092A2
|:004092A0(C)
|
:0040927E 8BD7
:00409280 2BD6
:00409282 8BC6
:00409284 E83BFEFFFF
:00409289 2C01
:0040928B 7215
:0040928D 7402
:0040928F EB01

mov edx, edi
sub edx, esi
mov eax, esi
call 004090C4
sub al, 01
jb 004092A2
je 00409291
jmp 00409292

|:0040928D(C)
|
:00409291 47
inc edi
|:0040928F(U)
|
:00409292 47
:00409293 8BD3
:00409295 8BC7
:00409297 E8C0E7FFFF
:0040929C 8BF8
:0040929E 85FF
:004092A0 75DC
|:0040927C(C), :0040928B(C)
|
:004092A2 8BC7
:004092A4 5F
:004092A5 5E
:004092A6 5B
:004092A7 C3
inc edi
mov edx, ebx
mov eax, edi
call 00407A5C
mov edi, eax
test edi, edi
jne 0040927E

|:00409379
|
mov
pop
pop
pop
ret
eax, edi
edi
esi
ebx
:004092A8
:004092A9
:004092AA
:004092AB
:004092AC
:004092AF
:004092B4
:004092B8
:004092BD
:004092C3
:004092C9
53
56
57
55
83C4E8
BFCC204400
8D6C2404
BEB0354400
C70609040000
66C746040900
66C746060100
push ebx
push esi
push edi
push ebp
add esp, FFFFFFE8
mov edi, 004420CC
lea ebp, dword ptr [esp+04]
mov esi, 004435B0
mov dword ptr [esi], 00000409
mov [esi+04], 0009
mov [esi+06], 0001

|
:004092CF E804CAFFFF
Call 00405CD8
:004092D4 85C0
test eax, eax
:004092D6 7402
je 004092DA
:004092D8 8906
|:004092D6(C)
|
:004092DA 6685C0
:004092DD 7415
:004092DF 8BD0
:004092E1 6681E2FF03
:004092E6 66895604
:004092EA 0FB7C0
:004092ED C1E80A
:004092F0 66894606

test ax, ax
je 004092F4
mov edx, eax
and dx, 03FF
mov word ptr [esi+04], dx
movzx eax, ax
shr eax, 0A
mov word ptr [esi+06], ax

|:004092DD(C)
|
:004092F4 6A4A
push 0000004A
|
:004092F6 E825CFFFFF
Call 00406220
:004092FB 85C0
test eax, eax
:004092FD 0F95C0
setne al
:00409300 884609
mov byte ptr [esi+09], al
:00409303 6A2A
push 0000002A
|
:00409305 E816CFFFFF
Call 00406220
:0040930A 85C0
test eax, eax
:0040930C 0F95C3
setne bl
:0040930F 885E08
mov byte ptr [esi+08], bl
:00409312 84DB
test bl, bl
:00409314 7440
je 00409356
:00409316 55
push ebp
:00409317 6A00
push 00000000
* Reference To: kernel32.GetCPInfo, Ord:0000h
|
:00409319 E86AC9FFFF
Call 00405C88
:0040931E 33F6
xor esi, esi
:00409320 EB25
jmp 00409347
|:00409354(C)
|
:00409322 8A443506
:00409326 8A5C3507
:0040932A 2AD8
:0040932C 7216
:0040932E 43
:0040932F 880424
|:00409342(C)
|
:00409332 8A0424
:00409335 25FF000000
:0040933A 0FAB07
:0040933D FE0424
:00409340 FECB
:00409342 75EE
mov al, byte ptr [ebp+esi+06]

mov bl, byte ptr [ebp+esi+07]
sub bl, al
jb 00409344
inc ebx
mov byte ptr [esp], al
mov
and
bts
inc
dec
jne
al, byte ptr [esp]

eax, 000000FF
dword ptr [edi], eax
byte ptr [esp]
bl
00409332

|:0040932C(C)
|
:00409344 83C602
add esi, 00000002
|:00409320(U)
|
:00409347 83FE0C
:0040934A 7D0A
:0040934C 8A443506
:00409350 0A443507
:00409354 75CC
|:00409314(C), :0040934A(C)
|
:00409356 83C418
:00409359 5D
:0040935A 5F
:0040935B 5E
:0040935C 5B
:0040935D C3
:0040935E 8BC0
mov eax, eax
cmp esi, 0000000C

jge 00409356
mov al, byte ptr [ebp+esi+06]
or al, byte ptr [ebp+esi+07]
jne 00409322
add
pop
pop
pop
pop
ret
esp, 00000018
ebp
edi
esi
ebx

|:0040A68C , :0043E099
|
:00409360 55
push ebp
:00409361 8BEC
mov ebp, esp
:00409363 33C9
xor ecx, ecx
:00409365 51
push ecx
:00409366 51
push ecx
:00409367 51
push ecx
:00409368 51
push ecx
:00409369 51
push ecx
:0040936A 53
push ebx
:0040936B
:0040936D
:0040936E
:00409373
:00409376
:00409379
:0040937E
:00409383
:0040938A
:0040938C
33C0
55
6826964000
64FF30
648920
E82AFFFFFF
E859EEFFFF
803DB835440000
7405
E8EBEFFFFF
xor eax, eax

push ebp
push 00409626
call 004092A8
call 004081DC
je 00409391
call 0040837C

|:0040938A(C)
|
|
:00409391 E842C9FFFF
Call 00405CD8
:00409396 8BD8
mov ebx, eax
:00409398 8D45F0
:0040939B 50
push eax
:0040939C 33C9
xor ecx, ecx
:0040939E BA14000000
mov edx, 00000014
:004093A3 8BC3
mov eax, ebx
:004093A5 E882EDFFFF
call 0040812C
:004093AA 8B55F0
:004093AD B8F0344400
mov eax, 004434F0
:004093B2 E855A4FFFF
call 0040380C
:004093B7 8D45F0
:004093BA 50
push eax
:004093BB B93C964000
mov ecx, 0040963C
:004093C0 BA1B000000
mov edx, 0000001B
:004093C5 8BC3
mov eax, ebx
:004093C7 E860EDFFFF
call 0040812C
:004093CC 8B45F0
:004093CF 33D2
xor edx, edx
:004093D1 E88AE2FFFF
call 00407660
:004093D6 A2F4344400
mov byte ptr [004434F4], al
:004093DB 8D45F0
:004093DE 50
push eax
:004093DF B93C964000
mov ecx, 0040963C
:004093E4 BA1C000000
mov edx, 0000001C
:004093E9 8BC3
mov eax, ebx
:004093EB E83CEDFFFF
call 0040812C
:004093F0 8B45F0
:004093F3 33D2
xor edx, edx
:004093F5 E866E2FFFF
call 00407660
:004093FA A2F5344400
:004093FF B12C
mov cl, 2C
:00409401 BA0F000000
mov edx, 0000000F
:00409406 8BC3
mov eax, ebx
:00409408 E86BEDFFFF
call 00408178
:0040940D A2F6344400
:00409412 B12E
mov cl, 2E
:00409414 BA0E000000
mov edx, 0000000E
:00409419 8BC3
mov eax, ebx
:0040941B E858EDFFFF
call 00408178
:00409420 A2F7344400
:00409425 8D45F0
:00409428 50
push eax
:00409429
:0040942E
:00409433
:00409435
:0040943A
:0040943D
:0040943F
:00409444
:00409449
:0040944B
:00409450
:00409452
:00409457
:0040945C
:0040945F
B93C964000
BA19000000
8BC3
E8F2ECFFFF
8B45F0
33D2
E81CE2FFFF
A2F8344400
B12F
BA1D000000
8BC3
E821EDFFFF
A2F9344400
8D45EC
50
mov ecx, 0040963C

mov edx, 00000019
mov eax, ebx
call 0040812C
xor edx, edx
call 00407660
mov cl, 2F
mov edx, 0000001D
mov eax, ebx
call 00408178
push eax
* Possible StringData Ref from Code Obj ->"m/d/yy"

|
:00409460 B948964000
mov ecx, 00409648
:00409465 BA1F000000
mov edx, 0000001F
:0040946A 8BC3
mov eax, ebx
:0040946C E8BBECFFFF
call 0040812C
:00409471 8B45EC
mov eax, dword ptr
:00409474 8D55F0
lea edx, dword ptr
:00409477 E898EFFFFF
call 00408414
:0040947C 8B55F0
mov edx, dword ptr
:0040947F B8FC344400
mov eax, 004434FC
:00409484 E883A3FFFF
call 0040380C
:00409489 8D45EC
lea eax, dword ptr
:0040948C 50
push eax
[ebp-14]
[ebp-10]
[ebp-10]
[ebp-14]
* Possible StringData Ref from Code Obj ->"mmmm d, yyyy"

|
:0040948D B958964000
mov ecx, 00409658
:00409492 BA20000000
mov edx, 00000020
:00409497 8BC3
mov eax, ebx
:00409499 E88EECFFFF
call 0040812C
:0040949E 8B45EC
:004094A1 8D55F0
:004094A4 E86BEFFFFF
call 00408414
:004094A9 8B55F0
:004094AC B800354400
mov eax, 00443500
:004094B1 E856A3FFFF
call 0040380C
:004094B6 B13A
mov cl, 3A
:004094B8 BA1E000000
mov edx, 0000001E
:004094BD 8BC3
mov eax, ebx
:004094BF E8B4ECFFFF
call 00408178
:004094C4 A204354400
mov byte ptr [00443504], al
:004094C9 8D45F0
:004094CC 50
push eax
:004094CD B970964000
mov ecx, 00409670
:004094D2 BA28000000
mov edx, 00000028
:004094D7 8BC3
mov eax, ebx
:004094D9 E84EECFFFF
call 0040812C
:004094DE 8B55F0
:004094E1 B808354400
mov eax, 00443508
:004094E6 E821A3FFFF
call 0040380C
:004094EB 8D45F0
:004094EE 50
push eax
:004094EF B97C964000
mov ecx, 0040967C
:004094F4
:004094F9
:004094FB
:00409500
:00409503
:00409508
:0040950D
:00409510
:00409515
:00409518
:0040951D
:00409520
:00409521
:00409526
:0040952B
:0040952D
:00409532
:00409535
:00409537
:0040953C
:0040953E
:00409540
:00409543
:00409548
:0040954D
BA29000000
8BC3
E82CECFFFF
8B55F0
B80C354400
E8FFA2FFFF
8D45F8
E8A3A2FFFF
8D45F4
E89BA2FFFF
8D45F0
50
B93C964000
BA25000000
8BC3
E8FAEBFFFF
8B45F0
33D2
E824E1FFFF
85C0
750F
8D45FC
BA88964000
E803A3FFFF
EB0D
mov edx, 00000029

mov eax, ebx
call 0040812C
mov edx, dword ptr
mov eax, 0044350C
call 0040380C
lea eax, dword ptr
call 004037B8
lea eax, dword ptr
call 004037B8
lea eax, dword ptr
push eax
mov ecx, 0040963C
mov edx, 00000025
mov eax, ebx
call 0040812C
mov eax, dword ptr
xor edx, edx
call 00407660
test eax, eax
jne 0040954F
lea eax, dword ptr
mov edx, 00409688
call 00403850
jmp 0040955C
[ebp-10]
[ebp-08]
[ebp-0C]
[ebp-10]
[ebp-10]
[ebp-04]
|:0040953E(C)
|
:0040954F 8D45FC
:00409552 BA94964000
:00409557 E8F4A2FFFF
|:0040954D(U)
|
:0040955C 8D45F0
:0040955F 50
:00409560 B93C964000
:00409565 BA23000000
:0040956A 8BC3
:0040956C E8BBEBFFFF
:00409571 8B45F0
:00409574 33D2
:00409576 E8E5E0FFFF
:0040957B 85C0
:0040957D 753F
:0040957F 8D45F0
:00409582 50
:00409583 B93C964000
:00409588 BA05100000
:0040958D 8BC3
:0040958F E898EBFFFF
:00409594 8B45F0
:00409597 33D2
:00409599 E8C2E0FFFF
:0040959E 85C0
:004095A0 750F
:004095A2 8D45F4

mov edx, 00409694
call 00403850
lea eax, dword ptr

push eax
mov ecx, 0040963C
mov edx, 00000023
mov eax, ebx
call 0040812C
mov eax, dword ptr
xor edx, edx
call 00407660
test eax, eax
jne 004095BE
lea eax, dword ptr
push eax
mov ecx, 0040963C
mov edx, 00001005
mov eax, ebx
call 0040812C
mov eax, dword ptr
xor edx, edx
call 00407660
test eax, eax
jne 004095B1
lea eax, dword ptr
[ebp-10]
[ebp-10]
[ebp-10]
[ebp-10]
[ebp-0C]
* Possible StringData Ref from Code Obj ->" AMPM"

|
:004095A5 BAA0964000
mov edx, 004096A0
:004095AA E8A1A2FFFF
call 00403850
:004095AF EB0D
jmp 004095BE
|:004095A0(C)
|
:004095B1 8D45F8
* Possible StringData Ref from Code Obj ->"AMPM "
|
:004095B4 BAB0964000
mov edx, 004096B0
:004095B9 E892A2FFFF
call 00403850
|:0040957D(C), :004095AF(U)
|
:004095BE FF75F8
push [ebp-08]
:004095C1 FF75FC
push [ebp-04]
* Possible StringData Ref from Code Obj ->":mm"
|
:004095C4 68C0964000
push 004096C0
:004095C9 FF75F4
push [ebp-0C]
:004095CC B810354400
mov eax, 00443510
:004095D1 BA04000000
mov edx, 00000004
:004095D6 E819A5FFFF
call 00403AF4
:004095DB FF75F8
push [ebp-08]
:004095DE FF75FC
push [ebp-04]
* Possible StringData Ref from Code Obj ->":mm:ss"
|
:004095E1 68CC964000
push 004096CC
:004095E6 FF75F4
push [ebp-0C]
:004095E9 B814354400
mov eax, 00443514
:004095EE BA04000000
mov edx, 00000004
:004095F3 E8FCA4FFFF
call 00403AF4
:004095F8 B12C
mov cl, 2C
:004095FA BA0C000000
mov edx, 0000000C
:004095FF 8BC3
mov eax, ebx
:00409601 E872EBFFFF
call 00408178
:00409606 A2F4354400
:0040960B 33C0
xor eax, eax
:0040960D 5A
pop edx
:0040960E 59
pop ecx
:0040960F 59
pop ecx
:00409610 648910
:00409613 682D964000
push 0040962D
|:0040962B(U)
|
:00409618 8D45EC
:0040961B BA05000000
:00409620 E8B7A1FFFF
:00409625 C3

mov edx, 00000005
call 004037DC
ret
:00409626
:0040962B
:0040962D
:0040962E
:00409630
:00409631
E94D9CFFFF
EBEB
5B
8BE5
5D
C3
jmp
jmp
pop
mov
pop
ret
00403278
00409618
ebx
esp, ebp
ebp
:00409632 0000
BYTE 2 DUP(0)
:00409634 FFFFFFFF
BYTE 4 DUP(0ffh)
:00409638
:0040963A
:0040963C
:0040963E
:00409640

xor byte ptr [eax], al
BYTE 4 DUP(0ffh)
0100
0000
3000
0000
FFFFFFFF
:00409644 06
:00409645 000000
push es
BYTE 3 DUP(0)
:00409648 6D
:00409649 2F
:0040964A 64
insd
das
BYTE 064h
:0040964B
:0040964C
:0040964E
:00409650
2F
7979
0000
FFFFFFFF
das
jns 004096C7
BYTE 4 DUP(0ffh)
:00409654
:00409656
:00409658
:00409659
:0040965A
:0040965B
:0040965C
:00409660
:00409662
:00409664
0C00
0000
6D
6D
6D
6D
20642C20
7979
7979
00000000
or al, 00
insd
insd
insd
insd
and byte ptr [esp+ebp+20], ah
jns 004096DB
jns 004096DD
BYTE 4 DUP(0)
:00409668 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040966C
:0040966E
:00409670
:00409671
:00409672
:00409674

popad
insd
BYTE 4 DUP(0ffh)
0200
0000
61
6D
0000
FFFFFFFF
:00409678 0200
:0040967A
:0040967C
:0040967E
:00409680
0000
706D
0000
FFFFFFFF

jo 004096EB
BYTE 4 DUP(0ffh)
:00409684
:00409686
:00409688
:0040968D
0100
0000
68000000FF
FFFFFF

push FF000000
BYTE 3 DUP(0ffh)
:00409690
:00409692
:00409694
:00409699
0200
0000
68680000FF
FFFFFF

push FF000068
BYTE 3 DUP(0ffh)
:0040969C
:004096A1
:004096A2
:004096A3
:004096A4
:004096A5
0500000020
41
4D
50
4D
000000
add eax, 20000000

inc ecx
dec ebp
push eax
dec ebp
BYTE 3 DUP(0)
:004096A8 FFFFFFFF
BYTE 4 DUP(0ffh)
:004096AC
:004096B1
:004096B2
:004096B3
:004096B4
:004096B6
:004096B8
0500000041
4D
50
4D
2000
0000
FFFFFFFF
add eax, 41000000

dec ebp
push eax
dec ebp
and byte ptr [eax], al
BYTE 4 DUP(0ffh)
:004096BC
:004096BE
:004096C0
:004096C3
:004096C5
0300
0000
3A6D6D
00FF
FFFFFF

cmp ch, byte ptr [ebp+6D]
add bh, bh
BYTE 3 DUP(0ffh)
:004096C8 06
:004096C9 000000
push es
BYTE 3 DUP(0)
:004096CC 3A6D6D
:004096CF 3A7373
:004096D2 0000
cmp ch, byte ptr [ebp+6D]

cmp dh, byte ptr [ebx+73]

|:0040978F , :004197DB , :0041986C , :004263F9
|
:004096D4 55
push ebp
:004096D5 8BEC
mov ebp, esp
:004096D7 83C4E8
add esp, FFFFFFE8
:004096DA 53
push ebx
, :0042641D

|:00409660(C)
|
:004096DB 33C0
xor eax, eax
|:00409662(C)
|
:004096DD 8945EC
:004096E0 8945E8
:004096E3 33C0
:004096E5 55
:004096E6 687A974000

xor eax, eax
push ebp
push 0040977A

|:0040967C(C)
|
:004096EB 64FF30
:004096EE 648920
|
:004096F1 E8B2C5FFFF
Call 00405CA8
:004096F6 8BD8
mov ebx, eax
:004096F8 85DB
test ebx, ebx
:004096FA 743F
je 0040973B
:004096FC 895DF0
:004096FF C645F400
mov [ebp-0C], 00
:00409703 8D55EC
:00409706 8BC3
mov eax, ebx
:00409708 E8D3E9FFFF
call 004080E0
:0040970D 8B45EC
:00409710 8945F8
:00409713 C645FC0B
mov [ebp-04], 0B
:00409717 8D45F0
:0040971A 50
push eax
:0040971B 6A01
push 00000001
:0040971D 8D55E8
:00409720 A1642A4400
:00409725 E8FAB6FFFF
call 00404E24
:0040972A 8B4DE8
:0040972D B201
mov dl, 01
:0040972F A118734000
:00409734 E86FF1FFFF
call 004088A8
:00409739 EB1C
jmp 00409757
|:004096FA(C)
|
:0040973B 8D55EC
:0040973E A1042B4400
:00409743 E8DCB6FFFF
:00409748 8B4DEC
:0040974B B201
:0040974D A118734000
:00409752 E815F1FFFF

lea edx, dword
mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
ptr [ebp-14]
ptr [00442B04]
ptr [ebp-14]
ptr [00407318]

|:00409739(U)
|
:00409757
:0040975A
:0040975F
:00409761
:00409762
:00409763
:00409764
:00409767
89580C
E8519BFFFF
33C0
5A
59
59
648910
6881974000
mov dword ptr [eax+0C], ebx

call 004032B0
xor eax, eax
pop edx
pop ecx
pop ecx
push 00409781
|:0040977F(U)
|
:0040976C 8D45E8
:0040976F BA02000000
:00409774 E863A0FFFF
:00409779 C3
:0040977A
:0040977F
:00409781
:00409782
:00409784
:00409785
jmp
jmp
pop
mov
pop
ret
E9F99AFFFF
EBEB
5B
8BE5
5D
C3
:00409786 8BC0

mov edx, 00000002
call 004037DC
ret
00403278
0040976C
ebx
esp, ebp
ebp
mov eax, eax

|:0040E92A
|
:00409788 53
push ebx
:00409789 8BD8
mov ebx, eax
:0040978B 85DB
test ebx, ebx
:0040978D 7505
jne 00409794
call 004096D4
|:0040978D(C)
|
:00409794 8BC3
mov eax, ebx
:00409796 5B
pop ebx
:00409797 C3
ret

|:0043B224 , :0043EE50
|
:00409798 53
push ebx
:00409799 B001
mov al, 01
:0040979B 8B1D98224400
:004097A1 EB05
jmp 004097A8
|:004097AE(C)
|
:004097A3 FF5304
call [ebx+04]
:004097A6 8B1B

|:004097A1(U)
|
:004097A8 84C0
test al, al
:004097AA 7404
je 004097B0
:004097AC 85DB
test ebx, ebx
:004097AE 75F3
jne 004097A3
|:004097AA(C)
|
:004097B0 5B
pop ebx
:004097B1 C3
ret
:004097B2 8BC0
mov eax, eax

|:0040A511
|
:004097B4 53
push ebx
:004097B5 BB98224400
mov ebx, 00442298
:004097BA EB10
jmp 004097CC
|:004097CF(C)
|
:004097BC 8B03
:004097BE 8B10
:004097C0 8913
:004097C2 BA08000000
:004097C7 E8E08EFFFF

mov edx, 00000008
call 004026AC

|:004097BA(U)
|
:004097CC 833B00
:004097CF 75EB
jne 004097BC
:004097D1 5B
pop ebx
:004097D2 C3
ret
:004097D3 90
nop

|:0040A696
|
:004097D4 53
push ebx
* Possible StringData Ref from Code Obj ->"kernel32.dll"
|
:004097D5 680C984000
push 0040980C
|
:004097DA E8E1C4FFFF
Call 00405CC0
:004097DF 8BD8
mov ebx, eax
:004097E1 85DB
test ebx, ebx
:004097E3 7410
je 004097F5
* Possible StringData Ref from Code Obj ->"GetDiskFreeSpaceExA"

|
:004097E5 681C984000
push 0040981C
:004097EA 53
push ebx
|
:004097EB E8D8C4FFFF
Call 00405CC8
:004097F0 A3F0204400
|:004097E3(C)
|
:004097F5 833DF020440000
:004097FC 750A
:004097FE B848784000
:00409803 A3F0204400

cmp
jne
mov
mov
dword ptr [004420F0], 00000000

00409808
eax, 00407848
dword ptr [004420F0], eax

|:004097FC(C)
|
:00409808 5B
pop ebx
:00409809 C3
ret
:0040980A 0000
BYTE 2 DUP(0)
:0040980C 6B65726E
:00409810 65
imul esp, dword ptr [ebp+72], 0000006E

BYTE 065h
:00409811 6C
:00409812 3332
:00409814 2E
insb
xor esi, dword ptr [edx]
BYTE 02eh
:00409815 64
BYTE 064h
:00409816 6C
:00409817 6C
:00409818 00000000
insb
insb
BYTE 4 DUP(0)
:0040981C 47
:0040981D 65
inc edi
BYTE 065h
:0040981E
:00409820
:00409827
:00409828
:0040982A
:0040982D
:0040982F
je 00409864
imul esi, dword ptr [ebx+6B], 65657246
push ebx
jo 0040988B
js 00409870
BYTE 00h
7444
69736B46726565
53
7061
636545
7841
00
|:0041246A
|
:00409830 53
:00409831 56
:00409832 84D2
:00409834 7408
:00409836 83C4F0
:00409839 E8C696FFFF
|:00409834(C)
|
:0040983E 8BDA
:00409840 8BF0
:00409842 33D2
:00409844 8BC6
:00409846 E8A593FFFF
:0040984B 8D4604
:0040984E 50
push ebx
push esi
test dl, dl
je 0040983E
add esp, FFFFFFF0
call 00402F04
mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 00402BF0
push eax

|
:0040984F E8E4C4FFFF
Call 00405D38
:00409854 6A00
push 00000000
:00409856 6AFF
push FFFFFFFF
:00409858 6AFF
push FFFFFFFF
:0040985A 6A00
push 00000000
|
:0040985C E8D7C3FFFF
Call 00405C38
:00409861 89461C
|:0040981E(C)
|
:00409864 6A04
:00409866 8D4628
:00409869 B901000000
:0040986E 8B157C734000
:00409874 E893B1FFFF
:00409879 83C404
:0040987C 8BC6
:0040987E 84DB
:00409880 740F
:00409882 E8D596FFFF
:00409887 648F0500000000
:0040988E 83C40C

push 00000004
mov ecx, 00000001
call 00404A0C
add esp, 00000004
mov eax, esi
test bl, bl
je 00409891
call 00402F5C
add esp, 0000000C

|:00409880(C)
|
:00409891 8BC6
mov eax, esi
:00409893 5E
pop esi
:00409894 5B
pop ebx
:00409895 C3
ret
:00409896 8BC0
:00409898 53
mov eax, eax

push ebx
:00409899
:0040989A
:0040989F
:004098A1
:004098A3
:004098A5
:004098AA
:004098AC
:004098AF
:004098B1
:004098B6
:004098B9
56
E8C596FFFF
8BDA
8BF0
8BC6
E86A000000
8BD3
80E2FC
8BC6
E85A93FFFF
8B461C
50
push esi
call 00402F64
mov ebx, edx
mov esi, eax
mov eax, esi
call 00409914
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
mov eax, dword ptr [esi+1C]
push eax

|
Call 00405C28
:004098BF 8D4604
:004098C2 50
push eax
|
:004098C3 E888C3FFFF
Call 00405C50
:004098C8 84DB
test bl, bl
:004098CA 7E07
jle 004098D3
:004098CC 8BC6
mov eax, esi
:004098CE E88196FFFF
call 00402F54
|:004098CA(C)
|
:004098D3 5E
pop esi
:004098D4 5B
pop ebx
:004098D5 C3
ret
:004098D6 8BC0
mov eax, eax

|:00409930
|
:004098D8 53
push ebx
:004098D9 56
push esi
:004098DA 8BF0
mov esi, eax
:004098DC 33C0
xor eax, eax
:004098DE 837E2C00
cmp dword ptr [esi+2C], 00000000
:004098E2 742A
je 0040990E
:004098E4 33DB
xor ebx, ebx
:004098E6 8B4628
:004098E9 E86AAFFFFF
call 00404858
:004098EE 8BD0
mov edx, eax
:004098F0 EB01
jmp 004098F3
|:004098FF(C), :00409907(C)
|
:004098F2 43
inc ebx
|:004098F0(U)
|
:004098F3
:004098F5
:004098F7
:004098FA
:004098FD
:004098FF
:00409901
:00409904
:00409907
3BD3
7E12
8B4628
8B04D8
85C0
74F1
8B4E28
3B462C
74E9
cmp edx, ebx

jle 00409909
mov eax, dword
mov eax, dword
test eax, eax
je 004098F2
mov ecx, dword
cmp eax, dword
je 004098F2
ptr [esi+28]
ptr [eax+8*ebx]
ptr [esi+28]
ptr [esi+2C]

|:004098F5(C)
|
:00409909 3BD3
cmp edx, ebx
:0040990B 0F9EC0
setle al
|:004098E2(C)
|
:0040990E 5E
pop esi
:0040990F 5B
pop ebx
:00409910 C3
ret
:00409911 8D4000

|:004098A5 , :0040C9B5 , :0040F013 , :00410AAF , :004123CE
|:004380BF , :00438356
|
:00409914 53
push ebx
:00409915 8BD8
mov ebx, eax
:00409917 8D4304
:0040991A 50
push eax
|
:0040991B E838C3FFFF
Call 00405C58
:00409920 807B3400
:00409924 7532
jne 00409958
|
:00409926 E86DC3FFFF
Call 00405C98
:0040992B 89432C
:0040992E 8BC3
mov eax, ebx
:00409930 E8A3FFFFFF
call 004098D8
:00409935 84C0
test al, al
:00409937 750B
jne 00409944
:00409939 6AFF
push FFFFFFFF
:0040993B 8B431C
:0040993E 50
push eax
|
:0040993F E874C4FFFF
Call 00405DB8
|:00409937(C)
|
:00409944
:00409947
:0040994A
:0040994C
:0040994F
:00409951
:00409954
8B4320
894324
33C0
894320
33C0
89432C
C6433401
mov
mov
xor
mov
xor
mov
mov

eax, eax
eax, eax
[ebx+34], 01

|:00409924(C)
|
:00409958 FF4320
inc [ebx+20]
:0040995B 5B
pop ebx
:0040995C C3
ret
:0040995D 8D4000

|:0040CA1E , :0040F1C4 , :00410CAF , :004381BF , :00438434
|
:00409960 FF4820
dec [eax+20]
:00409963 83782000
:00409967 750F
jne 00409978
:00409969 8B5024
:0040996C 895020
:0040996F 33D2
xor edx, edx
:00409971 895024
:00409974 C6403400
mov [eax+34], 00
|:00409967(C)
|
:00409978 83C004
add eax, 00000004
:0040997B 50
push eax
|
:0040997C E8BFC3FFFF
Call 00405D40
:00409981 C3
ret
:00409982 8BC0
:00409984 1E
:00409985 000000
mov eax, eax

push ds
BYTE 3 DUP(0)
:00409988
:00409989
:0040998D
:00409991
:00409995
:00409999
:0040999D
:0040999F
:004099A3
:004099AA
:004099AB
:004099AD
:004099B1
xchg eax,esp
and al, byte ptr [eax+eax-80]
sub eax, dword ptr [eax+eax-74]
and al, byte ptr [eax+eax+40]
sub al, byte ptr [eax+eax-7C]
sub al, 44
add byte ptr [edx+44], bh
add byte ptr [esp+ebp+22740044], al
inc esp
sub eax, dword ptr [eax+eax+6C]
94
22440080
2B44008C
22440040
2A440084
22440054
2C44
007C2244
00842C44007422
44
0000
2B44006C
22440070
:004099B5
:004099B9
:004099BD
:004099C1
:004099C5
:004099C9
:004099CD
:004099D1
:004099D5
:004099D9
:004099DD
:004099E1
:004099E5
:004099E7
:004099EA
:004099EB
:004099ED
:004099EF
:004099F2
:004099F3
:004099FA
:004099FB
:004099FE
:004099FF
:00409A02
:00409A03
:00409A05
:00409A09
:00409A0D
:00409A12
:00409A13
:00409A1A
:00409A1B
:00409A1E
:00409A1F
:00409A21
:00409A25
:00409A27
:00409A29
:00409A2D
:00409A2F
:00409A31
:00409A35
:00409A39
:00409A3D
:00409A41
:00409A45
:00409A49
:00409A4D
:00409A4F
:00409A51
:00409A55
:00409A59
:00409A5D
:00409A5F
:00409A66
:00409A67
:00409A6A
:00409A6B
:00409A6E
2B440064
22440014
2A44005C
224400B0
2B440054
224400DC
2B44004C
22440050
2B440044
22440054
2B44003C
224400EC
2C44
003422
44
00E0
2C44
002C22
44
00342D44002422
44
00142C
44
001C22
44
00F8
2B440014
22440040
2D44000C22
44
00142D44000422
44
00602B
44
00FC
214400F4
2C44
00F4
214400FC
2C44
00EC
214400C8
2A4400E4
21440090
2A4400DC
214400F4
2B4400D4
2144004C
2C44
00CC
21440018
2A4400C4
214400E8
2C44
00BC2144005C2B
44
001C21
44
00682B
44
sub
and
sub
and
sub
and
sub
and
sub
and
sub
and
sub
add
inc
add
sub
add
inc
add
inc
add
inc
add
inc
add
sub
and
sub
inc
add
inc
add
inc
add
and
sub
add
and
sub
add
and
sub
and
sub
and
sub
and
sub
add
and
sub
and
sub
add
inc
add
inc
add
inc
eax, dword ptr [eax+eax+64]

al, byte ptr [eax+eax+14]
al, byte ptr [eax+eax+5C]
al, byte ptr [eax+eax-50]
eax, dword ptr [eax+eax+4C]
eax, dword ptr [eax+eax+3C]
al, 44
byte ptr [edx], dh
esp
al, ah
al, 44
byte ptr [edx], ch
esp
byte ptr [ebp+22240044], dh
esp
byte ptr [esp+ebp], dl
esp
byte ptr [edx], bl
esp
al, bh
eax, 220C0044
esp
byte ptr [ebp+22040044], dl
esp
byte ptr [eax+2B], ah
esp
ah, bh
dword ptr [eax+eax-0C], eax
al, 44
ah, dh
dword ptr [eax+eax-04], eax
al, 44
ah, ch
al, byte ptr [eax+eax-1C]
dword ptr [eax+eax-0C], eax
eax, dword ptr [eax+eax-2C]
dword ptr [eax+eax+4C], eax
al, 44
ah, cl
dword ptr [eax+eax+18], eax
al, byte ptr [eax+eax-3C]
al, 44
byte ptr [ecx+2B5C0044], bh
esp
byte ptr [ecx], bl
esp
byte ptr [eax+2B], ch
esp
:00409A6F
:00409A71
:00409A75
:00409A79
0018
214400CC
2A440026
000000
add byte ptr [eax], bl

and dword ptr [eax+eax-34], eax
sub al, byte ptr [eax+eax+26]
BYTE 3 DUP(0)
:00409A7C
:00409A7E
:00409A7F
:00409A81
:00409A83
B421
44
00CC
2C44
0000000000
mov ah,
inc esp
add ah,
sub al,
BYTE 5
:00409A88
:00409A8A
:00409A8B
:00409A8E
:00409A8F
B021
44
00482A
44
0000000000
mov al, 21
inc esp
add byte ptr [eax+2A], cl
inc esp
BYTE 5 DUP(0)
:00409A94
:00409A95
:00409A99
:00409A9B
AC
21440044
2C44
0000000000
lodsb
and dword ptr [eax+eax+44], eax
sub al, 44
BYTE 5 DUP(0)
:00409AA0
:00409AA2
:00409AA3
:00409AA6
:00409AA7
A821
44
00242A
44
0000000000
test al, 21
inc esp
add byte ptr [edx+ebp], ah
inc esp
BYTE 5 DUP(0)
:00409AAC
:00409AAD
:00409AB1
:00409AB5
A4
214400AC
2A440000
000000
movsb
sub al, byte ptr [eax+eax]
BYTE 3 DUP(0)
21
cl
44
DUP(0)
:00409AB8 A0214400A4
:00409ABD 2A440000
:00409AC1 000000
mov al, byte ptr [A4004421]

BYTE 3 DUP(0)
:00409AC4
:00409AC5
:00409AC9
:00409ACD
9C
21440060
2A440000
000000
pushfd
BYTE 3 DUP(0)
:00409AD0
:00409AD1
:00409AD5
:00409AD9
98
21440058
2B440000
000000
cwde
sub eax, dword ptr [eax+eax]
BYTE 3 DUP(0)
:00409ADC
:00409ADD
:00409AE1
:00409AE3
94
21440010
2C44
0000000000
xchg eax,esp
sub al, 44
BYTE 5 DUP(0)
:00409AE8
:00409AE9
:00409AED
:00409AF1
90
214400A8
2A440000
000000
nop
BYTE 3 DUP(0)
:00409AF4
:00409AF6
:00409AF7
:00409AF9
:00409AFD
8C21
44
00EC
2B440000
000000
mov [ecx], fs
inc esp
add ah, ch
BYTE 3 DUP(0)
:00409B00
:00409B02
:00409B03
:00409B09
8821
44
00802C440000
000000
mov byte ptr [ecx], ah

inc esp
add byte ptr [eax+0000442C], al
BYTE 3 DUP(0)
:00409B0C
:00409B0E
:00409B0F
:00409B12
:00409B13
8421
44
00702C
44
0000000000
test byte ptr [ecx], ah

inc esp
add byte ptr [eax+2C], dh
inc esp
BYTE 5 DUP(0)
:00409B18
:00409B1B
:00409B1E
:00409B1F
802144
00242C
44
0000000000
and byte ptr [ecx], 44

add byte ptr [esp+ebp], ah
inc esp
BYTE 5 DUP(0)
:00409B24
:00409B26
:00409B27
:00409B2B
7C21
44
004C2B44
0000000000
jl 00409B47
inc esp
add byte ptr [ebx+ebp+44], cl
BYTE 5 DUP(0)
:00409B30
:00409B32
:00409B33
:00409B35
:00409B39
7821
44
00FC
2A440000
000000
js 00409B53
inc esp
add ah, bh
BYTE 3 DUP(0)
:00409B3C
:00409B3E
:00409B3F
:00409B41
:00409B45
7421
44
0020
2A440000
000000
je 00409B5F
inc esp
add byte ptr [eax], ah
BYTE 3 DUP(0)
:00409B48
:00409B4A
:00409B4B
:00409B4F
7021
44
006C2C44
0000000000
jo 00409B6B
inc esp
add byte ptr [esp+ebp+44], ch
BYTE 5 DUP(0)
:00409B54
:00409B55
:00409B59
:00409B5D
6C
214400C4
2B440000
000000
insb
and dword ptr [eax+eax-3C], eax
BYTE 3 DUP(0)
:00409B60 68214400EC
:00409B65 2A440000
:00409B69 000000
push EC004421
BYTE 3 DUP(0)
:00409B6C 64214400AC
:00409B71 2B440000
:00409B75 000000
and dword ptr fs:[eax+eax-54], eax

BYTE 3 DUP(0)
:00409B78
:00409B79
:00409B7D
:00409B81
60
214400FC
2B440000
000000
pushad
BYTE 3 DUP(0)
:00409B84
:00409B85
:00409B89
:00409B8D
5C
214400BC
2B440000
000000
pop esp
BYTE 3 DUP(0)
:00409B90
:00409B91
:00409B95
:00409B99
58
21440028
2B440000
000000
pop eax
BYTE 3 DUP(0)
:00409B9C
:00409B9D
:00409BA1
:00409BA5
54
2144001C
2A440000
000000
push esp
and dword ptr [eax+eax+1C], eax
BYTE 3 DUP(0)
:00409BA8
:00409BA9
:00409BAD
:00409BB1
50
21440074
2B440000
000000
push eax
BYTE 3 DUP(0)
:00409BB4
:00409BB5
:00409BB9
:00409BBE
:00409BC0
:00409BC1
:00409BC5
:00409BC7
4C
21440004
2D44000000
0000
48
214400B4
2C44
0000000000
dec esp
sub eax, 00000044
dec eax
sub al, 44
BYTE 5 DUP(0)
:00409BCC
:00409BCD
:00409BD1
:00409BD5
44
214400E8
2B440000
000000
inc esp
BYTE 3 DUP(0)
:00409BD8
:00409BD9
:00409BDD
:00409BE1
40
214400C4
2A440000
000000
inc eax
BYTE 3 DUP(0)
:00409BE4
:00409BE6
:00409BE7
:00409BE9
:00409BED
3C21
44
0030
2A440000
000000
cmp al, 21
inc esp
add byte ptr [eax], dh
BYTE 3 DUP(0)
:00409BF0
:00409BF2
:00409BF3
:00409BF9
3821
44
00A82C440000
000000
cmp byte ptr [ecx], ah

inc esp
add byte ptr [eax+0000442C], ch
BYTE 3 DUP(0)
:00409BFC
:00409BFE
:00409BFF
:00409C02
:00409C03
3421
44
00582D
44
0000000000
xor al, 21
inc esp
add byte ptr [eax+2D], bl
inc esp
BYTE 5 DUP(0)
:00409C08
:00409C0A
:00409C0B
:00409C0F
3021
44
006C2A44
0000000000
xor byte ptr [ecx], ah

inc esp
add byte ptr [edx+ebp+44], ch
BYTE 5 DUP(0)
:00409C14
:00409C16
:00409C17
:00409C19
:00409C1D
2C21
44
0010
2A440000
000000
sub al, 21
inc esp
BYTE 3 DUP(0)
:00409C20
:00409C22
:00409C23
:00409C25
:00409C27
2821
44
00DC
2C44
0000000000
sub byte ptr [ecx], ah

inc esp
add ah, bl
sub al, 44
BYTE 5 DUP(0)
:00409C2C
:00409C2E
:00409C2F
:00409C31
:00409C35
2421
44
00E4
2B440000
000000
and al, 21
inc esp
add ah, ah
BYTE 3 DUP(0)
:00409C38
:00409C3A
:00409C3B
:00409C3D
:00409C42
2021
44
0020
2D44000000
0000
and
inc
add
sub
add
byte
esp
byte
eax,
byte
ptr [ecx], ah
ptr [eax], ah
00000044
ptr [eax], al
:00409C44 0A00
:00409C46 0000
:00409C48 64
or al, byte ptr [eax]

BYTE 064h
:00409C49 000000
BYTE 3 DUP(0)
:00409C4C E803000010
:00409C51 27
:00409C52 00000000
call 10409C54
daa
BYTE 4 DUP(0)
:00409C56
:00409C57
:00409C59
:00409C5C
:00409C5F
:00409C62
:00409C63
:00409C64
:00409C65
inc eax
jbe 00409C93
imul ecx, dword ptr [ebx], FFFFFFDE
cmp al, byte ptr [eax+3F]
adc ecx, dword ptr [ecx+4E]
inc esi
dec esi
inc ecx
dec esi
40
763A
6B0BDE
3A403F
13494E
46
4E
41
4E

|:00407F76 , :00409FCA
|
:00409C66 55
push ebp
:00409C67 8BEC
mov ebp, esp
:00409C69 83EC1C
sub esp, 0000001C
:00409C6C 57
push edi
:00409C6D 56
push esi
:00409C6E 53
push ebx
:00409C6F 8945FC
:00409C72 B813000000
mov eax, 00000013
:00409C77 80F900
cmp cl, 00
:00409C7A 7517
jne 00409C93
:00409C7C 8B450C
:00409C7F 83F802
cmp eax, 00000002
:00409C82 7D05
jge 00409C89
:00409C84 B802000000
mov eax, 00000002
|:00409C82(C)
|
:00409C89 83F812
:00409C8C 7E05
:00409C8E B812000000

cmp eax, 00000012
jle 00409C93
mov eax, 00000012

|:00409C57(C), :00409C7A(C), :00409C8C(C)
|
:00409C93 89450C
mov dword ptr [ebp+0C], eax
:00409C96 50
push eax
:00409C97 B80F270000
mov eax, 0000270F
:00409C9C 807D1002
:00409CA0 7203
jb 00409CA5
:00409CA2 8B4508
|:00409CA0(C)
|
:00409CA5
:00409CA6
:00409CA9
:00409CAE
:00409CB1
:00409CB5
:00409CBA
:00409CBD
:00409CBF
:00409CC6
:00409CCB
:00409CCC
:00409CCD
50
8D45E4
E854050000
8B7DFC
0FB745E4
2DFF7F0000
83F802
7310
8DB440609C4000
B903000000
F3
A4
EB23
|:00409CBD(C)
|
:00409CCF 8D75E7
:00409CD2 0FB65D10
:00409CD6 80FB01
:00409CD9 7410
:00409CDB 80FB04
:00409CDE 7709
:00409CE0 0FBF45E4
:00409CE4 3B450C
:00409CE7 7E02
push eax
call 0040A202
mov edi, dword ptr [ebp-04]
movzx eax, word ptr [ebp-1C]
sub eax, 00007FFF
cmp eax, 00000002
jnb 00409CCF
lea esi, dword ptr [eax+2*eax+00409C60]
mov ecx, 00000003
repz
movsb
jmp 00409CF2
movzx ebx, byte ptr [ebp+10]
cmp bl, 01
je 00409CEB
cmp bl, 04
ja 00409CE9
movsx eax, word ptr [ebp-1C]
cmp eax, dword ptr [ebp+0C]
jle 00409CEB

|:00409CDE(C)
|
:00409CE9 B300
mov bl, 00
|:00409CD9(C), :00409CE7(C)
|
:00409CEB FF149D009D4000
call dword ptr [4*ebx+00409D00]
|:00409CCD(U)
|
:00409CF2 8BC7
mov eax, edi
:00409CF4 2B45FC
:00409CF7 5B
pop ebx
:00409CF8 5E
pop esi
:00409CF9 5F
pop edi
:00409CFA 8BE5
mov esp, ebp
:00409CFC 5D
pop ebp
:00409CFD C20C00
ret 000C
:00409D00
:00409D04
:00409D08
:00409D0C
:00409D10
279D4000
899D4000
FC9D4000
FC9D4000
629E4000
DWORD
DWORD
DWORD
DWORD
DWORD
00409D27
00409D89
00409DFC
00409DFC
00409E62

|:00409D8E , :00409D9F , :00409E2D , :00409E58
|
:00409D14 AC
lodsb
:00409D15 0AC0
or al, al
:00409D17 7503
jne 00409D1C
:00409D19 B030
mov al, 30
:00409D1B 4E
dec esi
:00409D1C C3
ret

|:00409D27 , :00409D89 , :00409DFC
|
:00409D1D 807DE600
cmp byte ptr [ebp-1A], 00
:00409D21 7403
je 00409D26
:00409D23 B02D
mov al, 2D
:00409D25 AA
stosb
|:00409D21(C)
|
:00409D26 C3
:00409D27 E8F1FFFFFF
:00409D2C 0FBF4DE4
:00409D30 33D2
:00409D32 3B4D0C
:00409D35 7F1F
:00409D37 83F9FD
:00409D3A 7C1A
:00409D3C 0BC9
:00409D3E 7F1C
:00409D40 B030
:00409D42 AA
:00409D43 803E00
:00409D46 7440
:00409D48 A0F7344400
:00409D4D AA
:00409D4E F7D9
:00409D50 B030
:00409D52 F3
:00409D53 AA
:00409D54 EB1C

ret
call 00409D1D
movsx ecx, word ptr [ebp-1C]
xor edx, edx
cmp ecx, dword ptr [ebp+0C]
jg 00409D56
cmp ecx, FFFFFFFD
jl 00409D56
or ecx, ecx
jg 00409D5C
mov al, 30
stosb
je 00409D88
mov al, byte ptr [004434F7]
stosb
neg ecx
mov al, 30
repz
stosb
jmp 00409D72

|:00409D35(C), :00409D3A(C)
|
:00409D56 B901000000
mov ecx, 00000001
:00409D5B 42
inc edx
|:00409D3E(C)
|
:00409D5C AC
lodsb
:00409D5D 0AC0
or al, al
:00409D5F 7419
je 00409D7A
:00409D61 AA
stosb
:00409D62 E2F8
loop 00409D5C
:00409D64 AC
lodsb
:00409D65
:00409D67
:00409D69
:00409D6B
:00409D70
0AC0
7415
8AE0
A0F7344400
66AB
|:00409D54(U), :00409D78(U)
|
:00409D72 AC
:00409D73 0AC0
:00409D75 7407
:00409D77 AA
:00409D78 EBF8
or al, al
je 00409D7E
mov ah, al
stosw
lodsb
or al, al
je 00409D7E
stosb
jmp 00409D72

|:00409D5F(C)
|
:00409D7A B030
mov al, 30
:00409D7C F3
repz
:00409D7D AA
stosb
|:00409D67(C), :00409D75(C)
|
:00409D7E 0BD2
:00409D80 7406
:00409D82 33C0
:00409D84 33C9
:00409D86 EB2B
|:00409D46(C), :00409D80(C)
|
:00409D88 C3
:00409D89 E88FFFFFFF
:00409D8E E881FFFFFF
:00409D93 8A25F7344400
:00409D99 66AB
:00409D9B 8B4D0C
:00409D9E 49
:00409D9F E870FFFFFF
:00409DA4 AA
:00409DA5 E2F8
:00409DA7 B42B
:00409DA9 8B4D08
:00409DAC 83F904
:00409DAF 7202
:00409DB1 33C9
|:00409D86(U), :00409DAF(C)
|
:00409DB3 B045
:00409DB5 8A5DE7
:00409DB8 0FBF55E4
:00409DBC 4A
or edx, edx
je 00409D88
xor eax, eax
xor ecx, ecx
jmp 00409DB3
ret
call 00409D1D
call 00409D14
mov ah, byte ptr [004434F7]
stosw
dec ecx
call 00409D14
stosb
loop 00409D9F
mov ah, 2B
cmp ecx, 00000004
jb 00409DB3
xor ecx, ecx

|:0040A18E
mov al, 45
mov bl, byte ptr [ebp-19]
movsx edx, word ptr [ebp-1C]
dec edx
|
:00409DBD
:00409DBE
:00409DC0
:00409DC2
:00409DC4
AA
0ADB
7504
33D2
EB0A
stosb
or bl, bl
jne 00409DC6
xor edx, edx
jmp 00409DD0

|:00409DC0(C)
|
:00409DC6 0BD2
or edx, edx
:00409DC8 7D06
jge 00409DD0
:00409DCA B02D
mov al, 2D
:00409DCC F7DA
neg edx
:00409DCE EB06
jmp 00409DD6
|:00409DC4(U), :00409DC8(C)
|
:00409DD0 0AE4
:00409DD2 7403
:00409DD4 8AC4

or ah, ah
je 00409DD7
mov al, ah

|:00409DCE(U)
|
:00409DD6 AA
stosb
|:00409DD2(C)
|
:00409DD7 92
xchg eax,edx
:00409DD8 50
push eax
:00409DD9 8BDC
mov ebx, esp
|:00409DEC(C), :00409DF0(C)
|
:00409DDB 33D2
:00409DDD F735449C4000
:00409DE3 80C230
:00409DE6 8813
:00409DE8 43
:00409DE9 49
:00409DEA 0BC0
:00409DEC 75ED
:00409DEE 0BC9
:00409DF0 7FE9

xor edx, edx
div dword ptr [00409C44]
add dl, 30
mov byte ptr [ebx], dl
inc ebx
dec ecx
or eax, eax
jne 00409DDB
or ecx, ecx
jg 00409DDB

|:00409DF8(C)
|
:00409DF2 4B
dec ebx
:00409DF3 8A03
mov al, byte ptr [ebx]
:00409DF5 AA
stosb
:00409DF6 3BDC
cmp ebx, esp
:00409DF8 75F8
jne 00409DF2
:00409DFA 58
pop eax
:00409DFB C3
ret
:00409DFC E81CFFFFFF
call 00409D1D

|:00409EAE
|
:00409E01 8B5508
:00409E04 83FA12
cmp edx, 00000012
:00409E07 7205
jb 00409E0E
:00409E09 BA12000000
mov edx, 00000012
|:00409E07(C)
|
:00409E0E 0FBF4DE4
:00409E12 0BC9
:00409E14 7F05
:00409E16 B030
:00409E18 AA
:00409E19 EB28
|:00409E14(C)
|
:00409E1B 33DB
:00409E1D 807D1002
:00409E21 740A
:00409E23 8BC1
:00409E25 48
:00409E26 B303
:00409E28 F6F3
:00409E2A 8ADC
:00409E2C 43
movsx ecx, word ptr [ebp-1C]

or ecx, ecx
jg 00409E1B
mov al, 30
stosb
jmp 00409E43
xor ebx, ebx

je 00409E2D
mov eax, ecx
dec eax
mov bl, 03
div bl
mov bl, ah
inc ebx

|:00409E21(C), :00409E37(C), :00409E41(U)
|
:00409E2D E8E2FEFFFF
call 00409D14
:00409E32 AA
stosb
:00409E33 49
dec ecx
:00409E34 740D
je 00409E43
:00409E36 4B
dec ebx
:00409E37 75F4
jne 00409E2D
:00409E39 A0F6344400
:00409E3E AA
stosb
:00409E3F B303
mov bl, 03
:00409E41 EBEA
jmp 00409E2D
|:00409E19(U), :00409E34(C)
|
:00409E43 0BD2
:00409E45 741A
:00409E47 A0F7344400
:00409E4C AA
:00409E4D E309
:00409E4F B030

or edx, edx
je 00409E61
stosb
jcxz 00409E58
mov al, 30

|:00409E56(C)
|
:00409E51
:00409E52
:00409E53
:00409E55
:00409E56
AA
4A
740C
41
75F9
stosb
dec edx
je 00409E61
inc ecx
jne 00409E51
|:00409E5F(C)
|
:00409E58 E8B7FEFFFF
:00409E5D AA
:00409E5E 4A
:00409E5F 75F7
|:00409E45(C), :00409E53(C)
|
:00409E61 C3
:00409E62 33DB
:00409E64 8A1DF4344400
:00409E6A B903000000
:00409E6F 807DE600
:00409E73 740B
:00409E75 8A1DF5344400
:00409E7B B90F040000
call 00409D14
stosb
dec edx
jne 00409E58
ret
xor ebx, ebx
mov bl, byte ptr [004434F4]
mov ecx, 00000003
cmp byte ptr [ebp-1A], 00
je 00409E80
mov ecx, 0000040F

|:00409E73(C)
|
:00409E80 3AD9
cmp bl, cl
:00409E82 7602
jbe 00409E86
:00409E84 8AD9
mov bl, cl
|:00409E82(C)
|
:00409E86 02DD
:00409E88 8D9C9BCB9E4000
:00409E8F B905000000
:00409E94 8A03
:00409E96 3C40
:00409E98 741E
:00409E9A 51
:00409E9B 53
:00409E9C 3C24
:00409E9E 7407
:00409EA0 3C2A
:00409EA2 740A
:00409EA4 AA
:00409EA5 EB0C

add bl, ch
lea ebx, dword ptr [ebx+4*ebx+00409ECB]
mov ecx, 00000005
cmp al, 40
je 00409EB8
push ecx
push ebx
cmp al, 24
je 00409EA7
cmp al, 2A
je 00409EAE
stosb
jmp 00409EB3

|:00409E9E(C)
|
:00409EA7 E80D000000
call 00409EB9
:00409EAC EB05
jmp 00409EB3
|:00409EA2(C)
|
:00409EAE E84EFFFFFF
|:00409EA5(U), :00409EAC(U)
|
:00409EB3 5B
:00409EB4 59
:00409EB5 43
:00409EB6 E2DC
call 00409E01
pop ebx
pop ecx
inc ebx
loop 00409E94

|:00409E98(C)
|
:00409EB8 C3
ret
|:00409EA7
|
:00409EB9 56
push esi
:00409EBA 8B35F0344400
mov esi, dword ptr [004434F0]
:00409EC0 85F6
test esi, esi
:00409EC2 7405
je 00409EC9
:00409EC4 8B4EFC
:00409EC7 F3
repz
:00409EC8 A4
movsb
|:00409EC2(C)
|
:00409EC9 5E
pop esi
:00409ECA C3
ret
:00409ECB
:00409ECD
:00409ECE
:00409ECF
:00409ED0
:00409ED3
:00409ED4
:00409ED5
:00409ED7
:00409EDA
:00409EDC
:00409EDE
:00409EDF
:00409EE2
:00409EE5
:00409EE7
:00409EE8
:00409EE9
:00409EEB
:00409EEE
:00409EF0
:00409EF5
:00409EF7
:00409EF8
:00409EFD
:00409F03
242A
40
40
40
2A2440
40
40
2420
2A4040
2A20
2440
40
28242A
29402D
242A
40
40
242D
2A4040
242A
2D4040282A
2429
40
2D2A244040
2A2D2440402A
242D
and
inc
inc
inc
sub
inc
inc
and
sub
sub
and
inc
sub
sub
and
inc
inc
and
sub
and
sub
and
inc
sub
sub
and
al, 2A
eax
eax
eax
ah, byte ptr [eax+2*eax]
eax
eax
al, 20
al, byte ptr [eax+40]
ah, byte ptr [eax]
al, 40
eax
byte ptr [edx+ebp], ah
dword ptr [eax+2D], eax
al, 2A
eax
eax
al, 2D
al, byte ptr [eax+40]
al, 2A
eax, 2A284040
al, 29
eax
eax, 4040242A
ch, byte ptr [2A404024]
al, 2D
:00409F05
:00409F06
:00409F07
:00409F0C
:00409F11
:00409F13
:00409F15
:00409F16
:00409F18
:00409F1E
:00409F21
:00409F26
:00409F28
:00409F2A
:00409F2C
:00409F2F
:00409F30
:00409F32
:00409F35
:00409F36
:00409F37
:00409F38
:00409F3B
:00409F3D
:00409F3F
:00409F44
:00409F47
:00409F49
:00409F4B
:00409F4E
:00409F50
:00409F53
:00409F56
40
40
2D2A202440
2D24202A40
2A20
242D
40
2420
2A2D4024202D
2A402A
2D20244028
2420
2A29
282A
202429
55
8BEC
83EC40
57
56
53
8945FC
8BFA
8BD9
B902000000
80FB00
740F
8B07
0B4704
741A
8B4F04
C1E91F
EB12
|:00409F47(C)
|
:00409F58 0FB74708
:00409F5C 0B07
:00409F5E 0B4704
:00409F61 7407
:00409F63 0FB74F08
:00409F67 C1E90F
inc eax
inc eax
sub eax, 4024202A
sub eax, 402A2024
sub ah, byte ptr [eax]
and al, 2D
inc eax
and al, 20
sub ch, byte ptr [2D202440]
sub al, byte ptr [eax+2A]
sub eax, 28402420
and al, 20
sub ch, byte ptr [ecx]
sub byte ptr [edx], ch
and byte ptr [ecx+ebp], ah
push ebp
mov ebp, esp
sub esp, 00000040
push edi
push esi
push ebx
mov edi, edx
mov ebx, ecx
mov ecx, 00000002
cmp bl, 00
je 00409F58
or eax, dword ptr [edi+04]
je 00409F6A
shr ecx, 1F
jmp 00409F6A
movzx eax, word ptr [edi+08]
or eax, dword ptr [edi]
or eax, dword ptr [edi+04]
je 00409F6A
movzx ecx, word ptr [edi+08]
shr ecx, 0F

|:00409F4E(C), :00409F56(U), :00409F61(C)
|
:00409F6A E88C000000
call 00409FFB
:00409F6F 744C
je 00409FBD
:00409F71 E8C0000000
call 0040A036
:00409F76 8B45EC
:00409F79 BA0F270000
mov edx, 0000270F
:00409F7E 807DF400
cmp byte ptr [ebp-0C], 00
:00409F82 750A
jne 00409F8E
:00409F84 2B45E8
:00409F87 8BD0
mov edx, eax
:00409F89 B812000000
mov eax, 00000012
|:00409F82(C)
|
:00409F8E
:00409F8F
:00409F90
:00409F93
:00409F95
:00409F97
:00409F9C
:00409FA0
:00409FA4
:00409FA6
:00409FAA
:00409FAC
:00409FAF
:00409FB1
:00409FB5
:00409FB7
:00409FBB
50
52
8D45C0
8BD7
8BCB
E866020000
668B45C0
663D0080
7417
663DFF7F
7411
80FB00
7520
663D1200
7E1A
807DF400
7514
push eax
push edx
mov edx, edi
mov ecx, ebx
call 0040A202
mov ax, word ptr [ebp-40]
cmp ax, 8000
je 00409FBD
cmp ax, 7FFF
je 00409FBD
cmp bl, 00
jne 00409FD1
cmp ax, 0012
jle 00409FD1
jne 00409FD1

|:00409F6F(C), :00409FA4(C), :00409FAA(C), :00409FE1(C)
|
:00409FBD 6A00
push 00000000
:00409FBF 6A0F
push 0000000F
:00409FC1 6A00
push 00000000
:00409FC3 8B45FC
:00409FC6 8BD7
mov edx, edi
:00409FC8 8BCB
mov ecx, ebx
:00409FCA E897FCFFFF
call 00409C66
:00409FCF EB21
jmp 00409FF2
|:00409FAF(C), :00409FB5(C), :00409FBB(C)
|
:00409FD1 807DC300
:00409FD5 7516
jne 00409FED
:00409FD7 B902000000
mov ecx, 00000002
:00409FDC E81A000000
call 00409FFB
:00409FE1 74DA
je 00409FBD
:00409FE3 3B75F0
cmp esi, dword ptr [ebp-10]
:00409FE6 7405
je 00409FED
:00409FE8 E849000000
call 0040A036
|:00409FD5(C), :00409FE6(C)
|
:00409FED E8EF000000
call 0040A0E1
|:00409FCF(U)
|
:00409FF2 5B
pop ebx
:00409FF3 5E
pop esi
:00409FF4 5F
pop edi
:00409FF5 8BE5
mov esp, ebp
:00409FF7 5D
pop ebp
:00409FF8 C20400
ret 0004

|:00409F6A , :00409FDC
|
:00409FFB 8B7508
mov esi, dword ptr [ebp+08]
:00409FFE E31D
jcxz 0040A01D
|:0040A00F(C), :0040A02E(C)
|
:0040A000 AC
:0040A001 3C27
:0040A003 7424
:0040A005 3C22
:0040A007 7420
:0040A009 0AC0
:0040A00B 7410
:0040A00D 3C3B
:0040A00F 75EF
:0040A011 E2ED
:0040A013 8A06
:0040A015 0AC0
:0040A017 7404
:0040A019 3C3B
:0040A01B 750B

lodsb
cmp al, 27
je 0040A029
cmp al, 22
je 0040A029
or al, al
je 0040A01D
cmp al, 3B
jne 0040A000
loop 0040A000
or al, al
je 0040A01D
cmp al, 3B
jne 0040A028

|:0040A00B(C), :0040A017(C), :0040A034(U)
|
:0040A01D 8B7508
:0040A020 8A06
:0040A022 0AC0
or al, al
:0040A024 7402
je 0040A028
:0040A026 3C3B
cmp al, 3B
|:0040A01B(C), :0040A024(C)
|
:0040A028 C3
ret
|:0040A003(C), :0040A007(C)
|
:0040A029 8AE0
mov ah, al
|:0040A032(C)
|
:0040A02B AC
lodsb
:0040A02C 3AC4
cmp al, ah
:0040A02E 74D0
je 0040A000
:0040A030 0AC0
or al, al
:0040A032 75F7
jne 0040A02B
:0040A034 EBE7
jmp 0040A01D
|:00409F71 , :00409FE8
|
:0040A036 53
push ebx
:0040A037 8975F0
:0040A03A BBFF7F0000
mov ebx, 00007FFF
:0040A03F
:0040A041
:0040A043
:0040A04A
:0040A04D
33C9
33D2
C745E8FFFFFFFF
8855F8
8855F4
xor
xor
mov
mov
mov
ecx, ecx
edx, edx
[ebp-18], FFFFFFFF
byte ptr [ebp-08], dl
byte ptr [ebp-0C], dl

|:0040A077(C), :0040A07C(U), :0040A087(U), :0040A08D(C), :0040A092(U)
|:0040A098(U), :0040A09F(C)
|
:0040A050 AC
lodsb
|:0040A0AE(C), :0040A0B9(U)
|
:0040A051 3C23
:0040A053 7426
:0040A055 3C30
:0040A057 7425
:0040A059 3C2E
:0040A05B 742C
:0040A05D 3C2C
:0040A05F 7433
:0040A061 3C27
:0040A063 7435
:0040A065 3C22
:0040A067 7431
:0040A069 3C45
:0040A06B 743A
:0040A06D 3C65
:0040A06F 7436
:0040A071 3C3B
:0040A073 7446
:0040A075 0AC0
:0040A077 75D7
:0040A079 EB40

cmp al, 23
je 0040A07B
cmp al, 30
je 0040A07E
cmp al, 2E
je 0040A089
cmp al, 2C
je 0040A094
cmp al, 27
je 0040A09A
cmp al, 22
je 0040A09A
cmp al, 45
je 0040A0A7
cmp al, 65
je 0040A0A7
cmp al, 3B
je 0040A0BB
or al, al
jne 0040A050
jmp 0040A0BB

|:0040A053(C)
|
:0040A07B 42
inc edx
:0040A07C EBD2
jmp 0040A050
|:0040A057(C)
|
:0040A07E 3BD3
cmp edx, ebx
:0040A080 7D02
jge 0040A084
:0040A082 8BDA
mov ebx, edx
|:0040A080(C)
|
:0040A084 42
inc edx
:0040A085 8BCA
mov ecx, edx
:0040A087 EBC7
jmp 0040A050
|:0040A05B(C)
|
:0040A089
:0040A08D
:0040A08F
:0040A092
837DE8FF
75C1
8955E8
EBBC
cmp
jne
mov
jmp
dword ptr [ebp-18], FFFFFFFF

0040A050
dword ptr [ebp-18], edx
0040A050

|:0040A05F(C)
|
:0040A094 C645F801
mov [ebp-08], 01
:0040A098 EBB6
jmp 0040A050
|:0040A063(C), :0040A067(C)
|
:0040A09A 8AE0
mov ah, al
|:0040A0A3(C)
|
:0040A09C AC
lodsb
:0040A09D 3AC4
cmp al, ah
:0040A09F 74AF
je 0040A050
:0040A0A1 0AC0
or al, al
:0040A0A3 75F7
jne 0040A09C
:0040A0A5 EB14
jmp 0040A0BB
|:0040A06B(C), :0040A06F(C)
|
:0040A0A7 AC
:0040A0A8 3C2D
:0040A0AA 7404
:0040A0AC 3C2B
:0040A0AE 75A1

lodsb
cmp al, 2D
je 0040A0B0
cmp al, 2B
jne 0040A051

|:0040A0AA(C)
|
:0040A0B0 C645F401
mov [ebp-0C], 01
|:0040A0B7(C)
|
:0040A0B4 AC
lodsb
:0040A0B5 3C30
cmp al, 30
:0040A0B7 74FB
je 0040A0B4
:0040A0B9 EB96
jmp 0040A051
|:0040A073(C), :0040A079(U), :0040A0A5(U)
|
:0040A0BB 8955EC
:0040A0BE 837DE8FF
cmp dword ptr [ebp-18], FFFFFFFF
:0040A0C2 7503
jne 0040A0C7
:0040A0C4 8955E8
|:0040A0C2(C)
|
:0040A0C7 8B45E8
:0040A0CA 2BC1
:0040A0CC 7E02
:0040A0CE 33C0
sub eax, ecx

jle 0040A0D0
xor eax, eax

|:0040A0CC(C)
|
:0040A0D0 8945E0
:0040A0D3 8B45E8
:0040A0D6 2BC3
sub eax, ebx
:0040A0D8 7D02
jge 0040A0DC
:0040A0DA 33C0
xor eax, eax
|:0040A0D8(C)
|
:0040A0DC 8945E4
:0040A0DF 5B
pop ebx
:0040A0E0 C3
ret

|:00409FED
|
:0040A0E1 807DF400
:0040A0E5 7407
je 0040A0EE
:0040A0E7 8B45E8
:0040A0EA 33D2
xor edx, edx
:0040A0EC EB13
jmp 0040A101
|:0040A0E5(C)
|
:0040A0EE 0FBF45C0
:0040A0F2 3B45E8
:0040A0F5 7F03
:0040A0F7 8B45E8

movsx eax, word ptr [ebp-40]
jg 0040A0FA

|:0040A0F5(C)
|
:0040A0FA 0FBF55C0
movsx edx, word ptr [ebp-40]
:0040A0FE 2B55E8
|:0040A0EC(U)
|
:0040A101 8945DC
:0040A104 8955D8
:0040A107 8B75F0
:0040A10A 8B7DFC
:0040A10D 8D5DC3
:0040A110 807DC200
:0040A114 7408
:0040A116 3B7508
:0040A119 7503
:0040A11B B02D
:0040A11D AA

lea ebx, dword ptr [ebp-3D]
cmp byte ptr [ebp-3E], 00
je 0040A11E
jne 0040A11E
mov al, 2D
stosb

|:0040A114(C), :0040A119(C), :0040A129(C), :0040A12D(C), :0040A148(U)
|:0040A14F(U), :0040A156(C), :0040A194(U)
|
:0040A11E AC
lodsb
:0040A11F 3C23
cmp al, 23
:0040A121 7427
je 0040A14A
:0040A123 3C30
cmp al, 30
:0040A125 7423
je 0040A14A
:0040A127 3C2E
cmp al, 2E
:0040A129 74F3
je 0040A11E
:0040A12B 3C2C
cmp al, 2C
:0040A12D 74EF
je 0040A11E
:0040A12F 3C27
cmp al, 27
:0040A131 741E
je 0040A151
:0040A133 3C22
cmp al, 22
:0040A135 741A
je 0040A151
:0040A137 3C45
cmp al, 45
:0040A139 7424
je 0040A15F
:0040A13B 3C65
cmp al, 65
:0040A13D 7420
je 0040A15F
:0040A13F 3C3B
cmp al, 3B
:0040A141 7453
je 0040A196
:0040A143 0AC0
or al, al
:0040A145 744F
je 0040A196
|:0040A169(C)
|
:0040A147 AA
stosb
:0040A148 EBD4
jmp 0040A11E
|:0040A121(C), :0040A125(C)
|
:0040A14A E84D000000
call 0040A19C
:0040A14F EBCD
jmp 0040A11E
|:0040A131(C), :0040A135(C)
|
:0040A151 8AE0
mov ah, al
|:0040A15D(U)
|
:0040A153 AC
lodsb
:0040A154 3AC4
cmp al, ah
:0040A156 74C6
je 0040A11E
:0040A158 0AC0
or al, al
:0040A15A 743A
je 0040A196
:0040A15C AA
stosb
:0040A15D EBF4
jmp 0040A153
|:0040A139(C), :0040A13D(C)
|
:0040A15F 8A26
:0040A161 80FC2B
:0040A164 7407

mov ah, byte ptr [esi]
cmp ah, 2B
je 0040A16D
:0040A166 80FC2D
:0040A169 75DC
:0040A16B 32E4
cmp ah, 2D
jne 0040A147
xor ah, ah

|:0040A164(C)
|
mov ecx, FFFFFFFF
|:0040A177(C)
|
:0040A172 41
:0040A173 46
:0040A174 803E30
:0040A177 74F9
:0040A179 83F904
:0040A17C 7205
:0040A17E B904000000
|:0040A17C(C)
|
:0040A183 53
:0040A184 8A5DC3
:0040A187 0FBF55C0
:0040A18B 2B55E8
:0040A18E E82AFCFFFF
:0040A193 5B
:0040A194 EB88
inc ecx
inc esi
je 0040A172
cmp ecx, 00000004
jb 0040A183
mov ecx, 00000004
push ebx
mov bl, byte ptr [ebp-3D]
movsx edx, word ptr [ebp-40]
call 00409DBD
pop ebx
jmp 0040A11E

|:0040A141(C), :0040A145(C), :0040A15A(C)
|
:0040A196 8BC7
mov eax, edi
:0040A198 2B45FC
:0040A19B C3
ret

|:0040A14A
|
:0040A19C 837DD800
:0040A1A0 741B
je 0040A1BD
:0040A1A2 7C0C
jl 0040A1B0
|:0040A1AC(C)
|
:0040A1A4 E814000000
:0040A1A9 FF4DD8
:0040A1AC 75F6
:0040A1AE EB0D

call 0040A1BD
dec [ebp-28]
jne 0040A1A4
jmp 0040A1BD

|:0040A1A2(C)
|
:0040A1B0 FF45D8
inc [ebp-28]
:0040A1B3 8B45DC
:0040A1B6 3B45E4
:0040A1B9 7E12
:0040A1BB EB41
cmp eax, dword ptr [ebp-1C]

jle 0040A1CD
jmp 0040A1FE

|:0040A1A4
|
|:0040A1A0(C), :0040A1AE(U)
|
:0040A1BD 8A03
:0040A1BF 43
:0040A1C0 0AC0
:0040A1C2 750B
:0040A1C4 4B
:0040A1C5 8B45DC
:0040A1C8 3B45E0
:0040A1CB 7E31

inc ebx
or al, al
jne 0040A1CF
dec ebx
jle 0040A1FE

|:0040A1B9(C)
|
:0040A1CD B030
mov al, 30
|:0040A1C2(C)
|
:0040A1CF 837DDC00
:0040A1D3 750B
:0040A1D5 8AE0
:0040A1D7 A0F7344400
:0040A1DC 66AB
:0040A1DE EB1E
|:0040A1D3(C)
|
:0040A1E0 AA
:0040A1E1 807DF800
:0040A1E5 7417
:0040A1E7 8B45DC
:0040A1EA 83F801
:0040A1ED 7E0F
:0040A1EF B203
:0040A1F1 F6F2
:0040A1F3 80FC01
:0040A1F6 7506
:0040A1F8 A0F6344400
:0040A1FD AA

jne 0040A1E0
mov ah, al
stosw
jmp 0040A1FE
stosb
je 0040A1FE
cmp eax, 00000001
jle 0040A1FE
mov dl, 03
div dl
cmp ah, 01
jne 0040A1FE
stosb

|:0040A1BB(U), :0040A1CB(C), :0040A1DE(U), :0040A1E5(C), :0040A1ED(C)
|:0040A1F6(C)
|
:0040A1FE FF4DDC
dec [ebp-24]
:0040A201 C3
ret

|:00409CA9 , :00409F97
|
:0040A202 55
push ebp
:0040A203 8BEC
mov ebp, esp
:0040A205 83EC1A
sub esp, 0000001A
:0040A208 57
push edi
:0040A209 56
push esi
:0040A20A 53
push ebx
:0040A20B 8BD8
mov ebx, eax
:0040A20D 8BF2
mov esi, edx
:0040A20F 80F900
cmp cl, 00
:0040A212 7407
je 0040A21B
:0040A214 E809010000
call 0040A322
:0040A219 EB05
jmp 0040A220
|:0040A212(C)
|
:0040A21B E809000000
call 0040A229
|:0040A219(U)
|
:0040A220 5B
pop ebx
:0040A221 5E
pop esi
:0040A222 5F
pop edi
:0040A223 8BE5
mov esp, ebp
:0040A225 5D
pop ebp
:0040A226 C20800
ret 0008

|:0040A21B
|
:0040A229 668B4608
mov ax, word ptr [esi+08]
:0040A22D 8BD0
mov edx, eax
:0040A22F 25FF7F0000
and eax, 00007FFF
:0040A234 7410
je 0040A246
:0040A236 3DFF7F0000
cmp eax, 00007FFF
:0040A23B 7514
jne 0040A251
:0040A23D 66817E060080
cmp word ptr [esi+06], 8000
:0040A243 7403
je 0040A248
:0040A245 40
inc eax
|:0040A234(C), :0040A2C2(U)
|
:0040A246 33D2
xor edx, edx
|:0040A243(C)
|
:0040A248 C6430300
mov [ebx+03], 00
:0040A24C E9C2000000
jmp 0040A313
|:0040A23B(C)
|
:0040A251
:0040A253
:0040A258
:0040A25E
:0040A261
:0040A262
:0040A265
:0040A26A
:0040A26D
:0040A26F
:0040A274
:0040A276
:0040A27C
:0040A27E
:0040A27F
:0040A282
:0040A283
:0040A289
:0040A28B
:0040A291
DB2E
2DFF3F0000
69C0104D0000
C1F810
40
8945F8
B812000000
2B45F8
D9E1
E86CB1FFFF
D9FC
DB2D549C4000
D8D9
9B
DD7DFC
9B
66F745FC0041
7409
DA35449C4000
FF45F8
fld tbyte ptr [esi]

sub eax, 00003FFF
imul eax, 00004D10
sar eax, 10
inc eax
mov eax, 00000012
fabs
call 004053E0
frndint
fld tbyte ptr [00409C54]
fcomp st(0), st(1)
wait
fstsw word ptr [ebp-04]
wait
test [ebp-04], 4100
je 0040A294
ffidiv dword ptr [00409C44]
inc [ebp-08]
|:0040A289(C)
|
:0040A294 DF75E6
:0040A297 8D7B03
:0040A29A BA09000000
:0040A29F 9B
|:0040A2B3(C)
|
:0040A2A0 8A4415E5
:0040A2A4 8AE0
:0040A2A6 C0E804
:0040A2A9 80E40F
:0040A2AC 66053030
:0040A2B0 66AB
:0040A2B2 4A
:0040A2B3 75EB
:0040A2B5 32C0
:0040A2B7 AA
:0040A2B8 8B7DF8
:0040A2BB 037D08
:0040A2BE 7904
:0040A2C0 33C0
:0040A2C2 EB82
fbstp tbyte ptr [ebp-1A]

lea edi, dword ptr [ebx+03]
mov edx, 00000009
wait
mov al, byte ptr [ebp+edx-1B]

mov ah, al
shr al, 04
and ah, 0F
add ax, 3030
stosw
dec edx
jne 0040A2A0
xor al, al
stosb
add edi, dword ptr [ebp+08]
jns 0040A2C4
xor eax, eax
jmp 0040A246

|:0040A2BE(C)
|
:0040A2C4 3B7D0C
cmp edi, dword ptr [ebp+0C]
:0040A2C7 7203
jb 0040A2CC
:0040A2C9 8B7D0C
mov edi, dword ptr [ebp+0C]
|:0040A2C7(C)
|
:0040A2CC 83FF12
cmp edi, 00000012
:0040A2CF 7327
jnb 0040A2F8
:0040A2D1 807C3B0335
:0040A2D6 7225
cmp byte ptr [ebx+edi+03], 35

jb 0040A2FD
|:0040A2E9(C)
|
:0040A2D8 C6443B0300
:0040A2DD 4F
:0040A2DE 780D
:0040A2E0 FE443B03
:0040A2E4 807C3B0339
:0040A2E9 77ED
:0040A2EB EB1F
|:0040A2DE(C)
|
:0040A2ED 66C743033100
:0040A2F3 FF45F8
:0040A2F6 EB14
mov [ebx+edi+03], 00
dec edi
js 0040A2ED
inc [ebx+edi+03]
ja 0040A2D8
jmp 0040A30C
mov [ebx+03], 0031

inc [ebp-08]
jmp 0040A30C

|:0040A2CF(C)
|
:0040A2F8 BF12000000
mov edi, 00000012
|:0040A2D6(C), :0040A30A(C)
|
:0040A2FD C6443B0300
:0040A302 4F
:0040A303 7819
:0040A305 807C3B0330
:0040A30A 74F1

mov [ebx+edi+03], 00
dec edi
js 0040A31E
je 0040A2FD

|:0040A2EB(U), :0040A2F6(U)
|
:0040A30C 668B5608
mov dx, word ptr [esi+08]
|:0040A320(U)
|
:0040A310 8B45F8
|:0040A24C(U)
|
:0040A313 66C1EA0F
:0040A317 668903
:0040A31A 885302
:0040A31D C3

shr dx, 0F
mov word ptr [ebx], ax
mov byte ptr [ebx+02], dl
ret

|:0040A303(C)
|
:0040A31E 33D2
xor edx, edx
:0040A320 EBEE
jmp 0040A310

|:0040A214
|
:0040A322 8B06
:0040A324 8B5604
:0040A327 8BC8
mov ecx, eax
:0040A329 0BCA
or ecx, edx
:0040A32B 0F84B4000000
je 0040A3E5
:0040A331 0BD2
or edx, edx
:0040A333 7907
jns 0040A33C
:0040A335 F7DA
neg edx
:0040A337 F7D8
neg eax
:0040A339 83DA00
sbb edx, 00000000
|:0040A333(C)
|
:0040A33C 33C9
xor ecx, ecx
:0040A33E 8B7D08
:0040A341 0BFF
or edi, edi
:0040A343 7D02
jge 0040A347
:0040A345 33FF
xor edi, edi
|:0040A343(C)
|
:0040A347 83FF04
:0040A34A 7C1F
:0040A34C BF04000000
|:0040A35D(C)
|
:0040A351 41
:0040A352 2D000064A7
:0040A357 81DAB3B6E00D
:0040A35D 73F2
:0040A35F 49
:0040A360 05000064A7
:0040A365 81D2B3B6E00D
|:0040A34A(C)
|
:0040A36B 8945F0
:0040A36E 8955F4
:0040A371 DF6DF0
:0040A374 8BD7
:0040A376 B804000000
:0040A37B 2BC2
:0040A37D 7407
:0040A37F DA3485409C4000
cmp edi, 00000004

jl 0040A36B
mov edi, 00000004
inc
sub
sbb
jnb
dec
add
adc
ecx
eax, A7640000
edx, 0DE0B6B3
0040A351
ecx
eax, A7640000
edx, 0DE0B6B3

mov dword ptr [ebp-0C], edx
fild qword ptr [ebp-10]
mov edx, edi
mov eax, 00000004
sub eax, edx
je 0040A386
ffidiv dword ptr [4*eax+00409C40]

|:0040A37D(C)
|
:0040A386 DF75E6
fbstp tbyte ptr [ebp-1A]
:0040A389 8D7B03
lea edi, dword ptr [ebx+03]
:0040A38C 9B
wait
:0040A38D 0BC9
:0040A38F 751B
:0040A391 B909000000
or ecx, ecx
jne 0040A3AC
mov ecx, 00000009
|:0040A3A8(C)
|
:0040A396 8A440DE5
:0040A39A 8AE0
:0040A39C C0E804
:0040A39F 751E
:0040A3A1 8AC4
:0040A3A3 240F
:0040A3A5 751F
:0040A3A7 49
:0040A3A8 75EC
:0040A3AA EB39
|:0040A38F(C)
|
:0040A3AC 8AC1
:0040A3AE 0430
:0040A3B0 AA
:0040A3B1 B909000000
|:0040A3CA(C)
|
:0040A3B6 8A440DE5
:0040A3BA 8AE0
:0040A3BC C0E804
mov
mov
shr
jne
mov
and
jne
dec
jne
jmp
al, byte ptr [ebp+ecx-1B]

ah, al
al, 04
0040A3BF
al, ah
al, 0F
0040A3C6
ecx
0040A396
0040A3E5
mov al, cl
add al, 30
stosb
mov ecx, 00000009
mov al, byte ptr [ebp+ecx-1B]

mov ah, al
shr al, 04

|:0040A39F(C)
|
:0040A3BF 0430
add al, 30
:0040A3C1 AA
stosb
:0040A3C2 8AC4
mov al, ah
:0040A3C4 240F
and al, 0F
|:0040A3A5(C)
|
:0040A3C6 0430
:0040A3C8 AA
:0040A3C9 49
:0040A3CA 75EA
:0040A3CC 8BC7
:0040A3CE 8D4C1303
:0040A3D2 2BC1

add al, 30
stosb
dec ecx
jne 0040A3B6
mov eax, edi
lea ecx, dword ptr [ebx+edx+03]
sub eax, ecx

|:0040A3DB(C)
|
:0040A3D4 C60700
mov byte ptr [edi], 00
:0040A3D7 4F
dec edi
:0040A3D8 803F30
cmp byte ptr [edi], 30
:0040A3DB 74F7
je 0040A3D4
:0040A3DD 8B5604
:0040A3E0 C1EA1F
:0040A3E3 EB07
shr edx, 1F
jmp 0040A3EC
|:0040A32B(C), :0040A3AA(U)
|
:0040A3E5 33C0
:0040A3E7 33D2
:0040A3E9 884303

xor eax, eax
xor edx, edx
mov byte ptr [ebx+03], al

|:0040A3E3(U)
|
:0040A3EC 668903
mov word ptr [ebx], ax
:0040A3EF 885302
:0040A3F2 C3
ret
:0040A3F3
:0040A3F4
:0040A3F6
:0040A3F9
:0040A3FA
:0040A3FB
:0040A3FC
:0040A3FE
:0040A400
:0040A402
:0040A403
:0040A406
:0040A407
:0040A409
:0040A40F
:0040A411
:0040A416
:0040A418
:0040A41B
:0040A41D
:0040A420
55
8BEC
83EC06
57
56
53
8BF0
8BFA
8BD9
9B
D97DFA
9B
DBE2
D92D5E9C4000
D9EE
E888000000
8A3E
80FF2B
7405
80FF2D
7501
push ebp
mov ebp, esp
sub esp, 00000006
push edi
push esi
push ebx
mov esi, eax
mov edi, edx
mov ebx, ecx
wait
fstcw word ptr [ebp-06]
wait
fclex
fldcw [00409C5E]
fldz
call 0040A49E
mov bh, byte ptr [esi]
cmp bh, 2B
je 0040A422
cmp bh, 2D
jne 0040A423

|:0040A41B(C)
|
:0040A422 46
inc esi
|:0040A420(C)
|
:0040A423 8BCE
:0040A425 E87F000000
:0040A42A 33D2
:0040A42C 8A06
:0040A42E 3A05F7344400
:0040A434 7508
:0040A436 46
:0040A437 E86D000000
:0040A43C F7DA

mov ecx, esi
call 0040A4A9
xor edx, edx
cmp al, byte ptr [004434F7]
jne 0040A43E
inc esi
call 0040A4A9
neg edx

|:0040A434(C)
|
:0040A43E
:0040A440
:0040A442
:0040A444
:0040A446
:0040A448
:0040A44A
:0040A44B
:0040A44C
:0040A451
:0040A452
3BCE
744A
8A06
24DF
3C45
750A
46
52
E874000000
58
03D0
cmp ecx, esi

je 0040A48C
and al, DF
cmp al, 45
jne 0040A454
inc esi
push edx
call 0040A4C5
pop eax
add edx, eax
|:0040A448(C)
|
:0040A454 E845000000
:0040A459 803E00
:0040A45C 752E
:0040A45E 8BC2
:0040A460 80FB01
:0040A463 7503
:0040A465 83C004
|:0040A463(C)
|
:0040A468 E873AFFFFF
:0040A46D 80FF2D
:0040A470 7502
:0040A472 D9E0
call 0040A49E
jne 0040A48C
mov eax, edx
cmp bl, 01
jne 0040A468
add eax, 00000004
call 004053E0
cmp bh, 2D
jne 0040A474
fchs

|:0040A470(C)
|
:0040A474 80FB00
cmp bl, 00
:0040A477 7404
je 0040A47D
:0040A479 DF3F
fistp qword ptr [edi]
:0040A47B EB02
jmp 0040A47F
|:0040A477(C)
|
:0040A47D DB3F
fstp tbyte ptr [edi]
|:0040A47B(U)
|
:0040A47F 9B
:0040A480 DFE0
:0040A482 66A90900
:0040A486 7506
:0040A488 B001
:0040A48A EB04

wait
fstsw ax
test ax, 0009
jne 0040A48E
mov al, 01
jmp 0040A490

|:0040A440(C), :0040A45C(C)
|
:0040A48C DDD8
fstp st(0)

|:0040A486(C)
|
:0040A48E 33C0
xor eax, eax
|:0040A48A(U)
|
:0040A490 9B
wait
:0040A491 DBE2
fclex
:0040A493 D96DFA
fldcw [ebp-06]
:0040A496 9B
wait
:0040A497 5B
pop ebx
:0040A498 5E
pop esi
:0040A499 5F
pop edi
:0040A49A 8BE5
mov esp, ebp
:0040A49C 5D
pop ebp
:0040A49D C3
ret

|:0040A411 , :0040A454
|
|:0040A4A5(C)
|
:0040A49E AC
lodsb
:0040A49F 0AC0
or al, al
:0040A4A1 7404
je 0040A4A7
:0040A4A3 3C20
cmp al, 20
:0040A4A5 74F7
je 0040A49E
|:0040A4A1(C)
|
:0040A4A7 4E
dec esi
:0040A4A8 C3
ret

|:0040A425 , :0040A437
|
:0040A4A9 33C0
xor eax, eax
:0040A4AB 33D2
xor edx, edx
|:0040A4C1(U)
|
:0040A4AD AC
:0040A4AE 2C3A
:0040A4B0 040A
:0040A4B2 730F
:0040A4B4 DA0D449C4000
:0040A4BA 8945FC
:0040A4BD DA45FC
:0040A4C0 42
:0040A4C1 EBEA

lodsb
sub al, 3A
add al, 0A
jnb 0040A4C3
fimul dword ptr [00409C44]
fiadd dword ptr [ebp-04]
inc edx
jmp 0040A4AD

|:0040A4B2(C)
|
:0040A4C3 4E
dec esi
:0040A4C4 C3
ret

|:0040A44C
|
:0040A4C5 33C0
xor eax, eax
:0040A4C7 33D2
xor edx, edx
:0040A4C9 8A0E
:0040A4CB 80F92B
cmp cl, 2B
:0040A4CE 7405
je 0040A4D5
:0040A4D0 80F92D
cmp cl, 2D
:0040A4D3 7501
jne 0040A4D6
|:0040A4CE(C)
|
:0040A4D5 46
inc esi
|:0040A4D3(C), :0040A4EA(C)
|
:0040A4D6 8A06
:0040A4D8 2C3A
:0040A4DA 040A
:0040A4DC 730E
:0040A4DE 46
:0040A4DF 6BD20A
:0040A4E2 03D0
:0040A4E4 81FAF4010000
:0040A4EA 72EA

sub al, 3A
add al, 0A
jnb 0040A4EC
inc esi
imul edx, 0000000A
add edx, eax
cmp edx, 000001F4
jb 0040A4D6

|:0040A4DC(C)
|
:0040A4EC 80F92D
cmp cl, 2D
:0040A4EF 7502
jne 0040A4F3
:0040A4F1 F7DA
neg edx
|:0040A4EF(C)
|
:0040A4F3 C3
:0040A4F4 55
:0040A4F5 8BEC
:0040A4F7 33C0
:0040A4F9 55
:0040A4FA 6835A64000
:0040A4FF 64FF30
:0040A502 648920
:0040A505 FF05F8354400
:0040A50B 0F8516010000
:0040A511 E89EF2FFFF
:0040A516 E849EAFFFF

ret
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0040A635
inc dword ptr [004435F8]
jne 0040A627
call 004097B4
call 00408F64
:0040A51B
:0040A520
:0040A525
:0040A52B
:0040A530
:0040A535
:0040A53A
:0040A540
:0040A545
:0040A54A
:0040A54F
:0040A555
B8F0214400
B915000000
8B15F8894000
E8CC9AFFFF
B8B8214400
B907000000
8B1534894000
E8B79AFFFF
B818214400
B902000000
8B157C104000
E8A29AFFFF
mov eax, 004421F0

mov ecx, 00000015
mov edx, dword ptr [004089F8]
call 00403FFC
mov eax, 004421B8
mov ecx, 00000007
call 00403FFC
mov eax, 00442118
mov ecx, 00000002
call 00403FFC
* Possible StringData Ref from Data Obj ->"xs@"

|
:0040A55A B8EC204400
mov eax, 004420EC
:0040A55F E85492FFFF
call 004037B8
:0040A564 B8BC354400
mov eax, 004435BC
:0040A569 B907000000
mov ecx, 00000007
:0040A56E 8B157C104000
mov edx, dword ptr
:0040A574 E8839AFFFF
call 00403FFC
:0040A579 B894354400
mov eax, 00443594
:0040A57E B907000000
mov ecx, 00000007
:0040A583 8B157C104000
mov edx, dword ptr
:0040A589 E86E9AFFFF
call 00403FFC
:0040A58E B878354400
mov eax, 00443578
:0040A593 B907000000
mov ecx, 00000007
:0040A598 8B157C104000
mov edx, dword ptr
:0040A59E E8599AFFFF
call 00403FFC
:0040A5A3 B848354400
mov eax, 00443548
:0040A5A8 B90C000000
mov ecx, 0000000C
:0040A5AD 8B157C104000
mov edx, dword ptr
:0040A5B3 E8449AFFFF
call 00403FFC
:0040A5B8 B818354400
mov eax, 00443518
:0040A5BD B90C000000
mov ecx, 0000000C
:0040A5C2 8B157C104000
mov edx, dword ptr
:0040A5C8 E82F9AFFFF
call 00403FFC
:0040A5CD B814354400
mov eax, 00443514
:0040A5D2 E8E191FFFF
call 004037B8
:0040A5D7 B810354400
mov eax, 00443510
:0040A5DC E8D791FFFF
call 004037B8
:0040A5E1 B80C354400
mov eax, 0044350C
:0040A5E6 E8CD91FFFF
call 004037B8
:0040A5EB B808354400
mov eax, 00443508
:0040A5F0 E8C391FFFF
call 004037B8
:0040A5F5 B800354400
mov eax, 00443500
:0040A5FA E8B991FFFF
call 004037B8
:0040A5FF B8FC344400
mov eax, 004434FC
:0040A604 E8AF91FFFF
call 004037B8
:0040A609 B8F0344400
mov eax, 004434F0
:0040A60E E8A591FFFF
call 004037B8
:0040A613 B8C8204400
mov eax, 004420C8
:0040A618 E89B91FFFF
call 004037B8
:0040A61D B8B4204400
mov eax, 004420B4
:0040A622 E89191FFFF
call 004037B8
[0040107C]
[0040107C]
[0040107C]
[0040107C]
[0040107C]

|:0040A50B(C)
|
:0040A627 33C0
xor eax, eax
:0040A629
:0040A62A
:0040A62B
:0040A62C
:0040A62F
5A
59
59
648910
683CA64000
pop edx
pop ecx
pop ecx
push 0040A63C
|:0040A63A(U)
|
:0040A634 C3
:0040A635 E93E8CFFFF
:0040A63A EBF8
:0040A63C 5D
:0040A63D C3
:0040A63E
:0040A640
:0040A641
:0040A643
:0040A645
:0040A646
:0040A64B
:0040A64E
:0040A651
:0040A658
:0040A65A
:0040A65F
:0040A664
:0040A669
:0040A66E
:0040A673
:0040A676
mov eax, eax

push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0040A6A9
sub dword ptr [004435F8], 00000001
jnb 0040A69B
mov eax, 00409984
call 004035C8
mov eax, 00409A78
call 004035E4
je 0040A687
8BC0
55
8BEC
33C0
55
68A9A64000
64FF30
648920
832DF835440001
7341
B884994000
E8648FFFFF
B8789A4000
E8768FFFFF
A19C2C4400
803800
740F
ret
jmp 00403278
jmp 0040A634
pop ebp
ret
* Possible StringData Ref from Data Obj ->"xs@"

|
:0040A678 B8EC204400
mov eax, 004420EC
:0040A67D BABCA64000
mov edx, 0040A6BC
:0040A682 E88591FFFF
call 0040380C
|:0040A676(C)
|
:0040A687 E814E8FFFF
:0040A68C E8CFECFFFF
:0040A691 E83AE9FFFF
:0040A696 E839F1FFFF
|:0040A658(C)
|
:0040A69B 33C0
:0040A69D 5A
:0040A69E 59
:0040A69F 59
:0040A6A0 648910
:0040A6A3 68B0A64000
call
call
call
call
00408EA0
00409360
00408FD0
004097D4
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040A6B0

|:0040A6AE(U)
|
:0040A6A8
:0040A6A9
:0040A6AE
:0040A6B0
:0040A6B1
C3
E9CA8BFFFF
EBF8
5D
C3
ret
jmp 00403278
jmp 0040A6A8
pop ebp
ret
:0040A6B2 0000
BYTE 2 DUP(0)
:0040A6B4 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040A6B8
:0040A6BA
:0040A6BC
:0040A6BF

xor byte ptr [eax+00], bh
BYTE 00h
0200
0000
307800
00

|:0043C5C5 , :0043C5D4
|
* Reference To: ole32.IsEqualGUID, Ord:0000h
|
:0040A6C0 FF252C464400
:0040A6C6 8BC0
mov eax, eax
:0040A6C8 55
push ebp
:0040A6C9 8BEC
mov ebp, esp
:0040A6CB 33C0
xor eax, eax
:0040A6CD 55
push ebp
:0040A6CE 68EDA64000
push 0040A6ED
:0040A6D3 64FF30
:0040A6D6 648920
:0040A6D9 FF0504364400
:0040A6DF 33C0
xor eax, eax
:0040A6E1 5A
pop edx
:0040A6E2 59
pop ecx
:0040A6E3 59
pop ecx
:0040A6E4 648910
:0040A6E7 68F4A64000
push 0040A6F4
|:0040A6F2(U)
|
:0040A6EC C3
:0040A6ED E9868BFFFF
:0040A6F2 EBF8
:0040A6F4 5D
:0040A6F5 C3
:0040A6F6 8BC0
:0040A6F8 832D0436440001
:0040A6FF C3
mov eax, eax

sub dword ptr [00443604], 00000001
ret
:0040A700 D83444
:0040A703 00A0FF0000D8

add byte ptr [eax+D80000FF], ah
ret
jmp 00403278
jmp 0040A6EC
pop ebp
ret
:0040A709
:0040A70B
:0040A711
:0040A713
:0040A719
:0040A71B
:0040A721
:0040A723
:0040A72A
:0040A72B
:0040A731
:0040A733
:0040A739
:0040A73B
:0040A741
:0040A743
:0040A749
:0040A74B
:0040A751
:0040A753
:0040A759
:0040A75B
:0040A761
:0040A763
:0040A76A
:0040A76B
:0040A771
:0040A773
:0040A779
:0040A77B
:0040A781
:0040A783
:0040A789
:0040A78B
:0040A791
:0040A793
:0040A799
:0040A79B
:0040A7A1
:0040A7A3
:0040A7AA
:0040A7AB
:0040A7B1
:0040A7B3
:0040A7B9
:0040A7BB
:0040A7C1
:0040A7C3
:0040A7C9
:0040A7CB
:0040A7D1
:0040A7D3
:0040A7D9
:0040A7DB
:0040A7E1
:0040A7E3
:0040A7EA
:0040A7EB
:0040A7F1
:0040A7F3
3444
00A1FF0000D8
3444
00A2FF0000D8
3444
00A3FF0000D8
3444
00A4FF0000D834
44
00A5FF0000D8
3444
00A6FF0000D8
3444
00A7FF0000D8
3444
00A8FF0000D8
3444
00A9FF0000D8
3444
00AAFF0000D8
3444
00ABFF0000D8
3444
00ACFF0000D834
44
00ADFF0000D8
3444
00AEFF0000D8
3444
00AFFF0000D8
3444
0090FF0000D8
3444
0091FF0000D8
3444
0092FF0000D8
3444
0093FF0000D8
3444
0094FF0000D834
44
0095FF0000D8
3444
0096FF0000D8
3444
0097FF0000D8
3444
0098FF0000D8
3444
0099FF0000D8
3444
009AFF0000D8
3444
009BFF0000D8
3444
009CFF0000D834
44
009DFF0000D8
3444
009EFF0000D8
xor
add
xor
add
xor
add
xor
add
inc
add
xor
add
xor
add
xor
add
xor
add
xor
add
xor
add
xor
add
inc
add
xor
add
xor
add
xor
add
xor
add
xor
add
xor
add
xor
add
inc
add
xor
add
xor
add
xor
add
xor
add
xor
add
xor
add
xor
add
inc
add
xor
add
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
esp
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
esp
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
esp
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
al, 44
byte ptr
esp
byte ptr
al, 44
byte ptr
[ecx+D80000FF], ah
[edx+D80000FF], ah
[ebx+D80000FF], ah
[edi+8*edi+34D80000], ah
[ebp+D80000FF], ah
[esi+D80000FF], ah
[edi+D80000FF], ah
[eax+D80000FF], ch
[ecx+D80000FF], ch
[edx+D80000FF], ch
[ebx+D80000FF], ch
[edi+8*edi+34D80000], ch
[ebp+D80000FF], ch
[esi+D80000FF], ch
[edi+D80000FF], ch
[eax+D80000FF], dl
[ecx+D80000FF], dl
[edx+D80000FF], dl
[ebx+D80000FF], dl
[edi+8*edi+34D80000], dl
[ebp+D80000FF], dl
[esi+D80000FF], dl
[edi+D80000FF], dl
[eax+D80000FF], bl
[ecx+D80000FF], bl
[edx+D80000FF], bl
[ebx+D80000FF], bl
[edi+8*edi+34D80000], bl
[ebp+D80000FF], bl
[esi+D80000FF], bl
:0040A7F9
:0040A7FB
:0040A801
:0040A803
:0040A809
:0040A80B
:0040A811
:0040A813
:0040A819
:0040A81B
:0040A821
:0040A823
:0040A82A
:0040A82B
:0040A831
:0040A833
:0040A839
:0040A83B
:0040A841
:0040A843
:0040A849
:0040A84B
:0040A851
:0040A853
:0040A859
:0040A85B
:0040A861
:0040A863
:0040A86A
:0040A86B
:0040A871
:0040A873
:0040A879
:0040A87B
:0040A881
:0040A883
:0040A886
:0040A888
:0040A88B
:0040A88E
:0040A890
:0040A893
:0040A896
:0040A898
:0040A89B
:0040A89E
:0040A8A0
:0040A8A3
:0040A8A7
:0040A8A9
:0040A8AB
:0040A8AE
:0040A8B0
:0040A8B3
:0040A8B6
:0040A8B8
:0040A8BB
:0040A8BE
:0040A8C0
:0040A8C3
3444
009FFF0000D8
3444
0080FF0000D8
3444
0081FF0000D8
3444
0082FF0000D8
3444
0083FF0000D8
3444
0084FF0000D834
44
0085FF0000D8
3444
0086FF0000D8
3444
0087FF0000D8
3444
0088FF0000D8
3444
0089FF0000D8
3444
008AFF0000D8
3444
008BFF0000D8
3444
008CFF0000D834
44
008DFF0000D8
3444
008EFF0000D8
3444
008FFF0000D8
3444
0070FF
0000
D83444
0071FF
0000
D83444
0072FF
0000
D83444
0073FF
0000
D83444
0074FF00
00D8
3444
0075FF
0000
D83444
0076FF
0000
D83444
0077FF
0000
D83444
0078FF
xor al, 44
add byte ptr [edi+D80000FF], bl
xor al, 44
add byte ptr [eax+D80000FF], al
xor al, 44
add byte ptr [ecx+D80000FF], al
xor al, 44
add byte ptr [edx+D80000FF], al
xor al, 44
add byte ptr [ebx+D80000FF], al
xor al, 44
add byte ptr [edi+8*edi+34D80000], al
inc esp
add byte ptr [ebp+D80000FF], al
xor al, 44
add byte ptr [esi+D80000FF], al
xor al, 44
add byte ptr [edi+D80000FF], al
xor al, 44
add byte ptr [eax+D80000FF], cl
xor al, 44
add byte ptr [ecx+D80000FF], cl
xor al, 44
add byte ptr [edx+D80000FF], cl
xor al, 44
add byte ptr [ebx+D80000FF], cl
xor al, 44
add byte ptr [edi+8*edi+34D80000], cl
inc esp
add byte ptr [ebp+D80000FF], cl
xor al, 44
add byte ptr [esi+D80000FF], cl
xor al, 44
add byte ptr [edi+D80000FF], cl
xor al, 44
add byte ptr [eax-01], dh
add byte ptr [ecx-01], dh
add byte ptr [edx-01], dh
add byte ptr [ebx-01], dh
add byte ptr [edi+8*edi], dh
add al, bl
xor al, 44
add byte ptr [ebp-01], dh
add byte ptr [esi-01], dh
add byte ptr [edi-01], dh
add byte ptr [eax-01], bh
:0040A8C6
:0040A8C8
:0040A8CB
:0040A8CE
:0040A8D0
:0040A8D3
:0040A8D6
:0040A8D8
:0040A8DB
:0040A8DE
:0040A8E0
:0040A8E3
:0040A8E7
:0040A8E9
:0040A8EB
:0040A8EE
:0040A8F0
:0040A8F3
:0040A8F6
:0040A8F8
:0040A8FB
:0040A8FE
:0040A900
:0040A903
:0040A906
:0040A908
:0040A90B
:0040A90E
:0040A910
:0040A913
:0040A916
:0040A918
:0040A91B
:0040A91E
:0040A920
:0040A923
:0040A927
:0040A929
:0040A92B
:0040A92E
:0040A930
:0040A933
:0040A936
:0040A938
:0040A93B
:0040A93E
:0040A940
:0040A943
:0040A946
:0040A948
:0040A94B
:0040A94E
:0040A950
:0040A953
:0040A956
:0040A958
:0040A95B
:0040A95E
:0040A960
:0040A963
0000
D83444
0079FF
0000
D83444
007AFF
0000
D83444
007BFF
0000
D83444
007CFF00
00D8
3444
007DFF
0000
D83444
007EFF
0000
D83444
007FFF
0000
D83444
0060FF
0000
D83444
0061FF
0000
D83444
0062FF
0000
D83444
0063FF
0000
D83444
0064FF00
00D8
3444
0065FF
0000
D83444
0066FF
0000
D83444
0067FF
0000
D83444
0068FF
0000
D83444
0069FF
0000
D83444
006AFF
0000
D83444
006BFF
0000
D83444
006CFF00

add byte ptr [ecx-01], bh
add byte ptr [edx-01], bh
add byte ptr [ebx-01], bh
add byte ptr [edi+8*edi], bh
add al, bl
xor al, 44
add byte ptr [ebp-01], bh
add byte ptr [esi-01], bh
add byte ptr [edi-01], bh
add byte ptr [eax-01], ah
add byte ptr [ecx-01], ah
add byte ptr [edx-01], ah
add byte ptr [ebx-01], ah
add byte ptr [edi+8*edi], ah
add al, bl
xor al, 44
add byte ptr [ebp-01], ah
add byte ptr [esi-01], ah
add byte ptr [edi-01], ah
add byte ptr [eax-01], ch
add byte ptr [ecx-01], ch
add byte ptr [edx-01], ch
add byte ptr [ebx-01], ch
add byte ptr [edi+8*edi], ch
:0040A967
:0040A969
:0040A96B
:0040A96E
:0040A970
:0040A973
:0040A976
:0040A978
:0040A97B
:0040A97E
:0040A980
:0040A983
:0040A986
:0040A988
:0040A98B
:0040A98E
:0040A990
:0040A993
:0040A996
:0040A998
:0040A99B
:0040A99E
:0040A9A0
:0040A9A3
:0040A9A7
:0040A9A9
:0040A9AB
:0040A9AE
:0040A9B0
:0040A9B3
:0040A9B6
:0040A9B8
:0040A9BB
:0040A9BE
:0040A9C0
:0040A9C3
:0040A9C6
:0040A9C8
:0040A9CB
:0040A9CE
:0040A9D0
:0040A9D3
:0040A9D6
:0040A9D8
:0040A9DB
:0040A9DE
:0040A9E0
:0040A9E3
:0040A9E7
00D8
3444
006DFF
0000
D83444
006EFF
0000
D83444
006FFF
0000
D83444
0050FF
0000
D83444
0051FF
0000
D83444
0052FF
0000
D83444
0053FF
0000
D83444
0054FF00
00D8
3444
0055FF
0000
D83444
0056FF
0000
D83444
0057FF
0000
D83444
0058FF
0000
D83444
0059FF
0000
D83444
005AFF
0000
D83444
005BFF
0000
D83444
005CFF00
00
add al, bl
xor al, 44
add byte ptr [ebp-01], ch
add byte ptr [esi-01], ch
add byte ptr [edi-01], ch
add byte ptr [eax-01], dl
add byte ptr [ecx-01], dl
add byte ptr [edx-01], dl
add byte ptr [ebx-01], dl
add byte ptr [edi+8*edi], dl
add al, bl
xor al, 44
add byte ptr [ebp-01], dl
add byte ptr [esi-01], dl
add byte ptr [edi-01], dl
add byte ptr [eax-01], bl
add byte ptr [ecx-01], bl
add byte ptr [edx-01], bl
add byte ptr [ebx-01], bl
add byte ptr [edi+8*edi], bl
BYTE 0
:0040A9E8
:0040A9E9
:0040A9EB
:0040A9ED
:0040A9EE
:0040A9F3
:0040A9F6
:0040A9F9
:0040A9FF
55
8BEC
33C0
55
680DAA4000
64FF30
648920
FF0508364400
33C0
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0040AA0D
xor eax, eax
:0040AA01
:0040AA02
:0040AA03
:0040AA04
:0040AA07
5A
59
59
648910
6814AA4000
pop edx
pop ecx
pop ecx
push 0040AA14
|:0040AA12(U)
|
:0040AA0C C3
:0040AA0D E96688FFFF
:0040AA12 EBF8
:0040AA14 5D
:0040AA15 C3
:0040AA16 8BC0
:0040AA18 832D0836440001
:0040AA1F C3
mov eax, eax

sub dword ptr [00443608], 00000001
ret
:0040AA20 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040AA24
:0040AA29
:0040AA2A
:0040AA2B
:0040AA2D
add eax, 46000000

popad
insb
jnb 0040AA92
BYTE 3 DUP(0)
0500000046
61
6C
7365
000000
ret
jmp 00403278
jmp 0040AA0C
pop ebp
ret
:0040AA30 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040AA34
:0040AA36
:0040AA38
:0040AA39
:0040AA3B
add al, 00
push esp
jb 0040AAB0
BYTE 065h
0400
0000
54
7275
65
:0040AA3C 00000000
BYTE 4 DUP(0)
:0040AA40 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040AA44 0100
:0040AA46 0000
:0040AA48 2E

BYTE 02eh
:0040AA49 000000
BYTE 3 DUP(0)

|:00410D2A
|
:0040AA4C 31D2
xor edx, edx
:0040AA4E 8A5001
:0040AA51 8D441002
:0040AA55 C3
mov dl, byte ptr [eax+01]

lea eax, dword ptr [eax+edx+02]
ret
:0040AA56 8BC0
mov eax, eax

|:0040F3C1
|
:0040AA58 53
push ebx
:0040AA59 56
push esi
:0040AA5A 57
push edi
:0040AA5B 85D2
test edx, edx
:0040AA5D 743B
je 0040AA9A
:0040AA5F 31C9
xor ecx, ecx
:0040AA61 8A4801
:0040AA64 8B44080B
mov eax, dword ptr [eax+ecx+0B]
:0040AA68 8B00
:0040AA6A 8A4801
:0040AA6D 8D74080F
lea esi, dword ptr [eax+ecx+0F]
:0040AA71 8B7C0807
mov edi, dword ptr [eax+ecx+07]
:0040AA75 31C0
xor eax, eax
|:0040AA98(C)
|
:0040AA77 8A0E
:0040AA79 3B4AFC
cmp ecx, dword ptr [edx-04]
:0040AA7C 7513
jne 0040AA91
|:0040AA8B(C)
|
:0040AA7E 8A5C0AFF
:0040AA82 321C0E
:0040AA85 F6C3DF
:0040AA88 7505
:0040AA8A 49
:0040AA8B 75F1
:0040AA8D EB0E

mov bl, byte ptr [edx+ecx-01]
xor bl, byte ptr [esi+ecx]
test bl, DF
jne 0040AA8F
dec ecx
jne 0040AA7E
jmp 0040AA9D

|:0040AA88(C)
|
:0040AA8F 8A0E
|:0040AA7C(C)
|
:0040AA91 40
inc eax
|:0040AA2B(C)
|
:0040AA92 8D740E01
:0040AA96 39F8
:0040AA98 7EDD

lea esi, dword ptr [esi+ecx+01]
cmp eax, edi
jle 0040AA77
|:0040AA5D(C)
|
:0040AA9A 83C8FF
or eax, FFFFFFFF

|:0040AA8D(U)
|
:0040AA9D 5F
pop edi
:0040AA9E 5E
pop esi
:0040AA9F 5B
pop ebx
:0040AAA0 C3
ret
:0040AAA1 8D4000

|:004102C9 , :0041032C
|
:0040AAA4 53
push ebx
:0040AAA5 56
push esi
:0040AAA6 57
push edi
:0040AAA7 89D1
mov ecx, edx
:0040AAA9 09D2
or edx, edx
:0040AAAB 740B
je 0040AAB8
:0040AAAD 8A4AFC
mov cl, byte ptr [edx-04]
|:0040AA39(C)
|
:0040AAB0 8A2A
:0040AAB2 81E1FFDF0000
and ecx, 0000DFFF
|:0040AAAB(C), :0040AAEE(U)
|
:0040AAB8 31DB
:0040AABA 8A5801
:0040AABD 8D741802
:0040AAC1 8A5E0A
:0040AAC4 0FB77C1E0B
:0040AAC9 85FF
:0040AACB 7418
:0040AACD 8D441E0D
|:0040AAE3(C)
|
:0040AAD1 668B581A
:0040AAD5 80E7DF
:0040AAD8 39CB
:0040AADA 741E
|:0040AAF8(U)
|
:0040AADC B700
:0040AADE 4F
:0040AADF 8D44181B
:0040AAE3 75EC
xor ebx, ebx

mov bl, byte ptr [eax+01]
lea esi, dword ptr [eax+ebx+02]
mov bl, byte ptr [esi+0A]
movzx edi, word ptr [esi+ebx+0B]
test edi, edi
je 0040AAE5
lea eax, dword ptr [esi+ebx+0D]
mov bx, word ptr [eax+1A]

and bh, DF
cmp ebx, ecx
je 0040AAFA
mov
dec
lea
jne
bh, 00
edi
eax, dword ptr [eax+ebx+1B]
0040AAD1

|:0040AACB(C)
|
:0040AAE5 8B4604
:0040AAE8 85C0
test eax, eax
:0040AAEA 7420
je 0040AB0C
:0040AAEC 8B00
:0040AAEE EBC8
jmp 0040AAB8
|:0040AB07(C)
|
:0040AAF0 8A2A
:0040AAF2 80E5DF
and ch, DF
:0040AAF5 8A581A
mov bl, byte ptr [eax+1A]
:0040AAF8 EBE2
jmp 0040AADC
|:0040AADA(C)
|
:0040AAFA B700
mov bh, 00
|:0040AB0A(C)
|
:0040AAFC 8A6C1AFF
:0040AB00 326C181A
:0040AB04 F6C5DF
:0040AB07 75E7
:0040AB09 4B
:0040AB0A 75F0

mov ch, byte ptr [edx+ebx-01]
xor ch, byte ptr [eax+ebx+1A]
test ch, DF
jne 0040AAF0
dec ebx
jne 0040AAFC

|:0040AAEA(C)
|
:0040AB0C 5F
pop edi
:0040AB0D 5E
pop esi
:0040AB0E 5B
pop ebx
:0040AB0F C3
ret

|:0040F0AE , :004102EF , :0041094A
|
:0040AB10 53
push ebx
:0040AB11 57
push edi
:0040AB12 8B3A
mov edi, dword ptr [edx]
:0040AB14 8B3F
:0040AB16 B304
mov bl, 04
:0040AB18 803F07
cmp byte ptr [edi], 07
:0040AB1B 7409
je 0040AB26
:0040AB1D 31C9
xor ecx, ecx
:0040AB1F 8A4F01
mov cl, byte ptr [edi+01]
:0040AB22 8A5C0F02
mov bl, byte ptr [edi+ecx+02]
|:0040AB1B(C)
|
:0040AB26 8B4A04
:0040AB29
:0040AB2D
:0040AB30
:0040AB32
:0040AB34
:0040AB37
:0040AB39
:0040AB3B
807A07FE
8B5210
720B
770D
0FBFC9
0308
FF11
EB1D
cmp byte ptr [edx+07], FE

jb 0040AB3D
ja 0040AB41
movsx ecx, cx
call dword ptr [ecx]
jmp 0040AB5A

|:0040AB30(C)
|
:0040AB3D FFD1
call ecx
:0040AB3F EB19
jmp 0040AB5A
|:0040AB32(C)
|
:0040AB41 81E1FFFFFF00
:0040AB47 01C1
:0040AB49 8A01
:0040AB4B 80FB02
:0040AB4E 720A
:0040AB50 668B01
:0040AB53 80FB04
:0040AB56 7202
:0040AB58 8B01

and ecx, 00FFFFFF
add ecx, eax
mov al, byte ptr [ecx]
cmp bl, 02
jb 0040AB5A
mov ax, word ptr [ecx]
cmp bl, 04
jb 0040AB5A

|:0040AB3B(U), :0040AB3F(U), :0040AB4E(C), :0040AB56(C)
|
:0040AB5A 80FB04
cmp bl, 04
:0040AB5D 731F
jnb 0040AB7E
:0040AB5F 80FB02
cmp bl, 02
:0040AB62 7310
jnb 0040AB74
:0040AB64 80FB00
cmp bl, 00
:0040AB67 0FBEC0
movsx eax, al
:0040AB6A 7412
je 0040AB7E
:0040AB6C 25FF000000
and eax, 000000FF
:0040AB71 5F
pop edi
:0040AB72 5B
pop ebx
:0040AB73 C3
ret
|:0040AB62(C)
|
:0040AB74 0FBFC0
:0040AB77 7405
:0040AB79 25FFFF0000

movsx eax, ax
je 0040AB7E
and eax, 0000FFFF

|:0040AB5D(C), :0040AB6A(C), :0040AB77(C)
|
:0040AB7E 5F
pop edi
:0040AB7F 5B
pop ebx
:0040AB80 C3
ret
:0040AB81 8D4000

|:0040F0F1 , :0040F688 , :0041049D , :0041086A , :00410886
|:004108AD , :00410906 , :00410932
|
:0040AB84 53
push ebx
:0040AB85 56
push esi
:0040AB86 57
push edi
:0040AB87 89D7
mov edi, edx
:0040AB89 8B37
:0040AB8B 8B36
:0040AB8D B304
mov bl, 04
:0040AB8F 803E07
:0040AB92 7409
je 0040AB9D
:0040AB94 31DB
xor ebx, ebx
:0040AB96 8A5E01
mov bl, byte ptr [esi+01]
:0040AB99 8A5C1E02
mov bl, byte ptr [esi+ebx+02]
|:0040AB92(C)
|
:0040AB9D 8B5710
:0040ABA0 81FA00000080
:0040ABA6 7502
:0040ABA8 89CA
|:0040ABA6(C)
|
:0040ABAA 8B7708
:0040ABAD 807F0BFE
:0040ABB1 770F
:0040ABB3 7209
:0040ABB5 0FBFF6
:0040ABB8 0330
:0040ABBA FF16
:0040ABBC EB1D
mov
cmp
jne
mov
edx, dword ptr [edi+10]

edx, 80000000
0040ABAA
edx, ecx
mov esi, dword ptr [edi+08]

cmp byte ptr [edi+0B], FE
ja 0040ABC2
jb 0040ABBE
movsx esi, si
add esi, dword ptr [eax]
call dword ptr [esi]
jmp 0040ABDB

|:0040ABB3(C)
|
:0040ABBE FFD6
call esi
:0040ABC0 EB19
jmp 0040ABDB
|:0040ABB1(C)
|
:0040ABC2 81E6FFFFFF00
:0040ABC8 01F0
:0040ABCA 8808
:0040ABCC 80FB02
:0040ABCF 720A
:0040ABD1 668908
:0040ABD4 80FB04
:0040ABD7 7202
:0040ABD9 8908

and esi, 00FFFFFF
add eax, esi
cmp bl, 02
jb 0040ABDB
mov word ptr [eax], cx
cmp bl, 04
jb 0040ABDB

|:0040ABBC(U), :0040ABC0(U), :0040ABCF(C), :0040ABD7(C)
|
:0040ABDB
:0040ABDC
:0040ABDD
:0040ABDE
5F
5E
5B
C3
:0040ABDF 90
pop edi
pop esi
pop ebx
ret
nop

|:0040AC57
|
:0040ABE0 56
push esi
:0040ABE1 57
push edi
:0040ABE2 89D6
mov esi, edx
:0040ABE4 8B5610
:0040ABE7 81FA00000080
cmp edx, 80000000
:0040ABED 7502
jne 0040ABF1
:0040ABEF 89CA
mov edx, ecx
|:0040ABED(C)
|
:0040ABF1 8B7E08
:0040ABF4 807E0BFE
:0040ABF8 7711
:0040ABFA 720A
:0040ABFC 0FBFFF
:0040ABFF 0338
:0040AC01 FF17
:0040AC03 5F
:0040AC04 5E
:0040AC05 C3

mov edi, dword ptr [esi+08]
cmp byte ptr [esi+0B], FE
ja 0040AC0B
jb 0040AC06
movsx edi, di
add edi, dword ptr [eax]
call dword ptr [edi]
pop edi
pop esi
ret

|:0040ABFA(C)
|
:0040AC06 FFD7
call edi
:0040AC08 5F
pop edi
:0040AC09 5E
pop esi
:0040AC0A C3
ret
|:0040ABF8(C)
|
:0040AC0B 81E7FFFFFF00
:0040AC11 01C7
:0040AC13 8B06
:0040AC15 8B00
:0040AC17 89CE
:0040AC19 31C9
:0040AC1B 8A4801
:0040AC1E 8A4C0802
:0040AC22 AC
:0040AC23 38C8
:0040AC25 7202

and edi, 00FFFFFF
add edi, eax
mov esi, ecx
xor ecx, ecx
mov cl, byte ptr [eax+ecx+02]
lodsb
cmp al, cl
jb 0040AC29
:0040AC27 88C8
mov al, cl

|:0040AC25(C)
|
:0040AC29 AA
stosb
:0040AC2A 88C1
mov cl, al
:0040AC2C F3
repz
:0040AC2D A4
movsb
:0040AC2E 5F
pop edi
:0040AC2F 5E
pop esi
:0040AC30 C3
ret
:0040AC31 8D4000

|:0040AD7F
|
:0040AC34 53
push ebx
:0040AC35 56
push esi
:0040AC36 57
push edi
:0040AC37 81C400FFFFFF
add esp, FFFFFF00
:0040AC3D 8BF9
mov edi, ecx
:0040AC3F 8BF2
mov esi, edx
:0040AC41 8BD8
mov ebx, eax
:0040AC43 8BC4
mov eax, esp
:0040AC45 8BD7
mov edx, edi
:0040AC47 B9FF000000
mov ecx, 000000FF
:0040AC4C E8BF8DFFFF
call 00403A10
:0040AC51 8BCC
mov ecx, esp
:0040AC53 8BD6
mov edx, esi
:0040AC55 8BC3
mov eax, ebx
:0040AC57 E884FFFFFF
call 0040ABE0
:0040AC5C 81C400010000
add esp, 00000100
:0040AC62 5F
pop edi
:0040AC63 5E
pop esi
:0040AC64 5B
pop ebx
:0040AC65 C3
ret
:0040AC66 8BC0
mov eax, eax

|:0040ACB1
|
:0040AC68 53
push ebx
:0040AC69 56
push esi
:0040AC6A 8BF2
mov esi, edx
:0040AC6C 8BD8
mov ebx, eax
:0040AC6E 8BC3
mov eax, ebx
:0040AC70 8BD6
mov edx, esi
:0040AC72 E8958BFFFF
call 0040380C
:0040AC77 5E
pop esi
:0040AC78 5B
pop ebx
:0040AC79 C3
ret
:0040AC7A 8BC0
mov eax, eax

|:0040AD86
|
:0040AC7C 56
push esi
:0040AC7D 57
push edi
:0040AC7E 89D6
mov esi, edx
:0040AC80 8B5610
:0040AC83 81FA00000080
cmp edx, 80000000
:0040AC89 7502
jne 0040AC8D
:0040AC8B 89CA
mov edx, ecx
|:0040AC89(C)
|
:0040AC8D 8B7E08
:0040AC90 807E0BFE
:0040AC94 7711
:0040AC96 720A
:0040AC98 0FBFFF
:0040AC9B 0338
:0040AC9D FF17
:0040AC9F 5F
:0040ACA0 5E
:0040ACA1 C3

ja 0040ACA7
jb 0040ACA2
movsx edi, di
pop edi
pop esi
ret

|:0040AC96(C)
|
:0040ACA2 FFD7
call edi
:0040ACA4 5F
pop edi
:0040ACA5 5E
pop esi
:0040ACA6 C3
ret
|:0040AC94(C)
|
:0040ACA7 81E7FFFFFF00
:0040ACAD 01F8
:0040ACAF 89CA
:0040ACB1 E8B2FFFFFF
:0040ACB6 5F
:0040ACB7 5E
:0040ACB8 C3
:0040ACB9 8D4000
and edi, 00FFFFFF

add eax, edi
mov edx, ecx
call 0040AC68
pop edi
pop esi
ret

|:0040AD05
|
:0040ACBC 53
push ebx
:0040ACBD 56
push esi
:0040ACBE 8BF2
mov esi, edx
:0040ACC0 8BD8
mov ebx, eax
:0040ACC2 8BC3
mov eax, ebx
:0040ACC4 8BD6
mov edx, esi
:0040ACC6
:0040ACCB
:0040ACCC
:0040ACCD
E8F590FFFF
5E
5B
C3
:0040ACCE 8BC0
call 00403DC0
pop esi
pop ebx
ret
mov eax, eax

|:0040AD3D
|
:0040ACD0 56
push esi
:0040ACD1 57
push edi
:0040ACD2 89D6
mov esi, edx
:0040ACD4 8B5610
:0040ACD7 81FA00000080
cmp edx, 80000000
:0040ACDD 7502
jne 0040ACE1
:0040ACDF 89CA
mov edx, ecx
|:0040ACDD(C)
|
:0040ACE1 8B7E08
:0040ACE4 807E0BFE
:0040ACE8 7711
:0040ACEA 720A
:0040ACEC 0FBFFF
:0040ACEF 0338
:0040ACF1 FF17
:0040ACF3 5F
:0040ACF4 5E
:0040ACF5 C3

ja 0040ACFB
jb 0040ACF6
movsx edi, di
pop edi
pop esi
ret

|:0040ACEA(C)
|
:0040ACF6 FFD7
call edi
:0040ACF8 5F
pop edi
:0040ACF9 5E
pop esi
:0040ACFA C3
ret
|:0040ACE8(C)
|
:0040ACFB 81E7FFFFFF00
:0040AD01 01F8
:0040AD03 89CA
:0040AD05 E8B2FFFFFF
:0040AD0A 5F
:0040AD0B 5E
:0040AD0C C3
:0040AD0D 8D4000
and edi, 00FFFFFF

add eax, edi
mov edx, ecx
call 0040ACBC
pop edi
pop esi
ret
|:0040AD8D
|
:0040AD10 55
:0040AD11 8BEC
:0040AD13 6A00
:0040AD15 53
:0040AD16 56
:0040AD17 57
:0040AD18 8BF9
:0040AD1A 8BF2
:0040AD1C 8BD8
:0040AD1E 33C0
:0040AD20 55
:0040AD21 6858AD4000
:0040AD26 64FF30
:0040AD29 648920
:0040AD2C 8D45FC
:0040AD2F 8BD7
:0040AD31 E85691FFFF
:0040AD36 8B4DFC
:0040AD39 8BD6
:0040AD3B 8BC3
:0040AD3D E88EFFFFFF
:0040AD42 33C0
:0040AD44 5A
:0040AD45 59
:0040AD46 59
:0040AD47 648910
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040AD58
mov edx, edi
call 00403E8C
mov edx, esi
mov eax, ebx
call 0040ACD0
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040AD4A 685FAD4000
push 0040AD5F
|:0040AD5D(U)
|
:0040AD4F 8D45FC
:0040AD52 E82D90FFFF
:0040AD57 C3
:0040AD58
:0040AD5D
:0040AD5F
:0040AD60
:0040AD61
:0040AD62
:0040AD63
:0040AD64
jmp
jmp
pop
pop
pop
pop
pop
ret
E91B85FFFF
EBF0
5F
5E
5B
59
5D
C3
:0040AD65 8D4000

call 00403D84
ret
00403278
0040AD4F
edi
esi
ebx
ecx
ebp

|:004108EA
|
:0040AD68 53
push ebx
:0040AD69 8B1A
mov ebx, dword ptr [edx]
:0040AD6B 8B1B
:0040AD6D 8A1B
mov bl, byte ptr [ebx]
:0040AD6F
:0040AD72
:0040AD74
:0040AD77
:0040AD79
:0040AD7B
:0040AD7D
80EB05
740B
80EB05
740D
FECB
7410
EB13
sub bl, 05
je 0040AD7F
sub bl, 05
je 0040AD86
dec bl
je 0040AD8D
jmp 0040AD92
|:0040AD72(C)
|
:0040AD7F E8B0FEFFFF
:0040AD84 5B
:0040AD85 C3
|:0040AD77(C)
|
:0040AD86 E8F1FEFFFF
:0040AD8B 5B
:0040AD8C C3
call 0040AC34
pop ebx
ret
call 0040AC7C
pop ebx
ret

|:0040AD7B(C)
|
:0040AD8D E87EFFFFFF
call 0040AD10
|:0040AD7D(U)
|
:0040AD92 5B
pop ebx
:0040AD93 C3
ret

|:004108CC
|
:0040AD94 55
push ebp
:0040AD95 8BEC
mov ebp, esp
:0040AD97 53
push ebx
:0040AD98 56
push esi
:0040AD99 31DB
xor ebx, ebx
:0040AD9B 8B0A
:0040AD9D 8B09
:0040AD9F 8A5901
mov bl, byte ptr [ecx+01]
:0040ADA2 8A5C1902
mov bl, byte ptr [ecx+ebx+02]
:0040ADA6 C1E302
shl ebx, 02
:0040ADA9 DB6D08
fld tbyte ptr [ebp+08]
:0040ADAC 8B4A08
:0040ADAF 807A0BFE
cmp byte ptr [edx+0B], FE
:0040ADB3 7761
ja 0040AE16
:0040ADB5 2BA3D9AD4000
sub esp, dword ptr [ebx+0040ADD9]
:0040ADBB 89E6
mov esi, esp
:0040ADBD FF93EDAD4000
call dword ptr [ebx+0040ADED]
:0040ADC3 807A0BFE
:0040ADC7
:0040ADCA
:0040ADCC
:0040ADCF
:0040ADD1
:0040ADD3
8B5210
7209
0FBFC9
0308
FF11
EB50

jb 0040ADD5
movsx ecx, cx
jmp 0040AE25

|:0040ADCA(C)
|
:0040ADD5 FFD1
call ecx
:0040ADD7 EB4C
jmp 0040AE25
:0040ADD9 0400
add al, 00
:0040ADDB 0000
:0040ADDD 0800
:0040ADDF 0000
:0040ADE1 0C00
or al, 00
:0040ADE3 0000
:0040ADE5 0800
:0040ADE7 0000
:0040ADE9 0800
:0040ADEB 0000
:0040ADED
:0040ADF1
:0040ADF5
:0040ADF9
:0040ADFD
01AE4000
04AE4000
07AE4000
0AAE4000
0DAE4000
DWORD
DWORD
DWORD
DWORD
DWORD
0040AE01
0040AE04
0040AE07
0040AE0A
0040AE0D
:0040AE01 D91E
:0040AE03 C3
fstp dword ptr [esi]

ret
:0040AE04 DD1E
:0040AE06 C3
fstp qword ptr [esi]

ret
:0040AE07 DB3E
:0040AE09 C3
fstp tbyte ptr [esi]

ret
:0040AE0A DF3E
:0040AE0C C3
fistp qword ptr [esi]

ret
:0040AE0D D80DA8224400
:0040AE13 DF3E
:0040AE15 C3
fmul dword ptr [004422A8]

fistp qword ptr [esi]
ret
|:0040ADB3(C)
|
:0040AE16 81E1FFFFFF00
:0040AE1C 8D3408
:0040AE1F FF93EDAD4000

and ecx, 00FFFFFF
lea esi, dword ptr [eax+ecx]
call dword ptr [ebx+0040ADED]
|:0040ADD3(U), :0040ADD7(U)
|
:0040AE25 5E
:0040AE26 5B
:0040AE27 5D
:0040AE28 C20C00
pop
pop
pop
ret
:0040AE2B 90
nop
esi
ebx
ebp
000C

|:0040AE75
|
:0040AE2C 53
push ebx
:0040AE2D 56
push esi
:0040AE2E 8BF2
mov esi, edx
:0040AE30 8BD8
mov ebx, eax
:0040AE32 8BC3
mov eax, ebx
:0040AE34 8BD6
mov edx, esi
:0040AE36 E86996FFFF
call 004044A4
:0040AE3B 5E
pop esi
:0040AE3C 5B
pop ebx
:0040AE3D C3
ret
:0040AE3E 8BC0
mov eax, eax

|:00410769
|
:0040AE40 56
push esi
:0040AE41 57
push edi
:0040AE42 89D6
mov esi, edx
:0040AE44 8B5610
:0040AE47 81FA00000080
cmp edx, 80000000
:0040AE4D 7502
jne 0040AE51
:0040AE4F 89CA
mov edx, ecx
|:0040AE4D(C)
|
:0040AE51 8B7E08
:0040AE54 807E0BFE
:0040AE58 7711
:0040AE5A 720A
:0040AE5C 0FBFFF
:0040AE5F 0338
:0040AE61 FF17
:0040AE63 5F
:0040AE64 5E
:0040AE65 C3

ja 0040AE6B
jb 0040AE66
movsx edi, di
pop edi
pop esi
ret

|:0040AE5A(C)
|
:0040AE66 FFD7
call edi
:0040AE68 5F
pop edi
:0040AE69 5E
pop esi
:0040AE6A C3
ret
|:0040AE58(C)
|
:0040AE6B 81E7FFFFFF00
:0040AE71 01F8
:0040AE73 89CA
:0040AE75 E8B2FFFFFF
:0040AE7A 5F
:0040AE7B 5E
:0040AE7C C3
:0040AE7D 8D4000
and edi, 00FFFFFF

add eax, edi
mov edx, ecx
call 0040AE2C
pop edi
pop esi
ret

|:0041099A , :004109D8
|
:0040AE80 53
push ebx
:0040AE81 8B5A08
mov ebx, dword ptr [edx+08]
:0040AE84 807A0BFE
:0040AE88 7717
ja 0040AEA1
:0040AE8A 8B5210
:0040AE8D FF7104
push [ecx+04]
:0040AE90 FF31
push dword ptr [ecx]
:0040AE92 7209
jb 0040AE9D
:0040AE94 0FBFDB
movsx ebx, bx
:0040AE97 0318
add ebx, dword ptr [eax]
:0040AE99 FF13
call dword ptr [ebx]
:0040AE9B 5B
pop ebx
:0040AE9C C3
ret

|:0040AE92(C)
|
:0040AE9D FFD3
call ebx
:0040AE9F 5B
pop ebx
:0040AEA0 C3
ret
|:0040AE88(C)
|
:0040AEA1 81E3FFFFFF00
:0040AEA7 01D8
:0040AEA9 8B11
:0040AEAB 8B5904
:0040AEAE 8910
:0040AEB0 895804
:0040AEB3 5B
:0040AEB4 C3
:0040AEB5 8D4000
and
add
mov
mov
mov
mov
pop
ret
ebx, 00FFFFFF
eax, ebx
ebx, dword ptr [ecx+04]
dword ptr [eax+04], ebx
ebx
:0040AEB8
:0040AEB9
:0040AEBB
:0040AEBD
:0040AEBE
:0040AEC3
:0040AEC6
:0040AEC9
:0040AECF
55
8BEC
33C0
55
68FEAE4000
64FF30
648920
FF050C364400
751F
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0040AEFE
inc dword ptr [0044360C]
jne 0040AEF0
* Possible StringData Ref from Data Obj ->"H"

|
:0040AED1 B8A4224400
mov eax, 004422A4
:0040AED6 E8DD88FFFF
call 004037B8
* Possible StringData Ref from Data Obj ->"("
|
:0040AEDB B89C224400
mov eax, 0044229C
:0040AEE0 B902000000
mov ecx, 00000002
:0040AEE5 8B157C104000
:0040AEEB E80C91FFFF
call 00403FFC
|:0040AECF(C)
|
:0040AEF0 33C0
:0040AEF2 5A
:0040AEF3 59
:0040AEF4 59
:0040AEF5 648910
:0040AEF8 6805AF4000
|:0040AF03(U)
|
:0040AEFD C3
:0040AEFE E97583FFFF
:0040AF03 EBF8
:0040AF05 5D
:0040AF06 C3
:0040AF07 90
:0040AF08 832D0C36440001
:0040AF0F C3
nop
sub dword ptr [0044360C], 00000001
ret
:0040AF10
:0040AF12
:0040AF13
:0040AF15
:0040AF19
:0040AF20
:0040AF22
14AF
40
0003
0A54416C
69676E6D656E74
0100
000000
adc al, AF
inc eax
or dl, byte ptr [ecx+2*eax+6C]
imul esp, dword ptr [edi+6E], 746E656D
BYTE 3 DUP(0)
:0040AF25
:0040AF27
:0040AF29
:0040AF2F
0200
0000
10AF40000D74
61

adc byte ptr [edi+740D0040], ch
popad
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040AF05
ret
jmp 00403278
jmp 0040AEFD
pop ebp
ret
:0040AF30
:0040AF31
:0040AF35
:0040AF37
:0040AF39
:0040AF3C
:0040AF3E
:0040AF3F
:0040AF46
:0040AF48
:0040AF4B
:0040AF4D
:0040AF4E
4C
6566744A
7573
7469
66790E
7461
52
696768744A7573
7469
667908
7461
43
65
dec esp
je 0040AF7F
jne 0040AFAA
je 0040AFA2
jns 0040AF4A
je 0040AF9F
push edx
imul esp, dword ptr [edi+68], 73754A74
je 0040AFB1
jns 0040AF53
je 0040AFAE
inc ebx
BYTE 065h
:0040AF4F
:0040AF50
:0040AF52
:0040AF54
:0040AF55
:0040AF56
:0040AF57
:0040AF59
:0040AF5D
:0040AF5E
:0040AF65
6E
7465
7290
58
AF
40
0003
09544269
44
694D6F64650100
000000
outsb
je 0040AFB7
jb 0040AEE4
pop eax
scasd
inc eax
or dword ptr [edx+2*eax+69], edx
inc esp
imul ecx, dword ptr [ebp+6F], 00016564
BYTE 3 DUP(0)
|:0040AFD6(C)
|
:0040AF68 0300
:0040AF6A 0000
:0040AF6C 54
:0040AF6D AF
:0040AF6E 40
:0040AF6F 000D62644C65
:0040AF75 667454
:0040AF78 6F
:0040AF79 52
:0040AF7A 696768740D6264
:0040AF81 52
:0040AF82 69676874546F4C
:0040AF89 65667414
:0040AF8D 62645269
:0040AF91 676874546F4C
:0040AF97 6566744E
:0040AF9B 6F
:0040AF9C 41
:0040AF9D 6C
:0040AF9E 69676E18626452
:0040AFA5 69676874546F4C
:0040AFAC 65667452
:0040AFB0 65
:0040AFB1 61
:0040AFB2 64696E674F6E6C79
:0040AFBA 8BC0
popad
imul ebp, dword ptr fs:[esi+67], 796C6E4F
mov eax, eax

push esp
scasd
inc eax
add byte ptr [654C6462], cl
je 0040AFCC
outsd
push edx
imul esp, dword ptr [edi+68], 64620D74
push edx
imul esp, dword ptr [edi+68], 4C6F5474
je 0040AFA1
bound esp, dword ptr [edx+2*edx+69]
push 4C6F5474
je 0040AFE9
outsd
inc ecx
insb
imul esp, dword ptr [edi+6E], 52646218
imul esp, dword ptr [edi+68], 4C6F5474
je 0040B002
BYTE 065h
:0040AFBC C0AF4000010C54
:0040AFC3 48
:0040AFC4 65
shr byte ptr [edi+0C010040], 54

dec eax
BYTE 065h
:0040AFC5
:0040AFC6
:0040AFC8
:0040AFC9
:0040AFCA
insb
jo 0040B00B
outsd
outsb
je 0040B031
6C
7043
6F
6E
7465
|:0040AF76(C)
|
:0040AFCC 7874
:0040AFCE 0401
:0040AFD0 0000
:0040AFD2 80FFFF
:0040AFD5 FF
:0040AFD6 7F90
:0040AFD8 DCAF40000109
:0040AFDE 54
:0040AFDF 53
:0040AFE0 686F727443
:0040AFE5 7574
:0040AFE7 0300

js 0040B042
add al, 01
cmp bh, FF
BYTE 0ffh
jg 0040AF68
fsubr qword ptr [edi+09010040]
push esp
push ebx
push 4374726F
jne 0040B05B

|:0040AF99(C)
|
:0040AFE9 000000
BYTE 3 DUP(0)
:0040AFEC FFFF
BYTE 2 DUP(0ffh)
:0040AFEE
:0040AFF0
:0040AFF1
:0040AFF2
:0040AFF3
:0040AFF5
:0040AFF7
:0040AFF8
:0040AFF9
:0040AFFB
:0040AFFE
:0040B000
:0040B001
0000
F4
AF
40
0008
0C54
4E
6F
7469
667945
7665
6E
7400

hlt
scasd
inc eax
add byte ptr [eax], cl
or al, 54
dec esi
outsd
je 0040B064
jns 0040B043
jbe 0040B065
outsb
je 0040B003

|:0040B001(C)
|
:0040B003 0108
add dword ptr [eax], ecx
:0040B005 06
push es
:0040B006 53
push ebx
:0040B007 65
BYTE 065h
:0040B008 6E
:0040B009 64
outsb
BYTE 064h
:0040B00A 65
BYTE 065h
|:0040AFC6(C)
|
:0040B00B 7207
:0040B00D 54
:0040B00E 4F
:0040B00F 626A65
:0040B012 637418B0
:0040B016 40
:0040B017 0008
:0040B019 0A544865
:0040B01D 6C
:0040B01E 7045
:0040B020 7665
:0040B022 6E
:0040B023 7401
:0040B025 0300
:0040B027 07
:0040B028 43
:0040B029 6F
:0040B02A 6D
:0040B02B 6D
:0040B02C 61
:0040B02D 6E
:0040B02E 64
:0040B02F 0457
add al, 57
jb 0040B014
push esp
dec edi
arpl dword ptr [eax+ebx-50], esi
inc eax
or dl, byte ptr [eax+2*ecx+65]
insb
jo 0040B065
jbe 0040B087
outsb
je 0040B026
pop es
inc ebx
outsd
insd
insd
popad
outsb
BYTE 064h

|:0040AFCA(C)
|
:0040B031 6F
outsd
:0040B032 7264
jb 0040B098
:0040B034 000444
add byte ptr [esp+2*eax], al
:0040B037 61
popad
:0040B038 7461
je 0040B09B
:0040B03A 07
pop es
:0040B03B 49
dec ecx
:0040B03C 6E
outsb
:0040B03D 7465
je 0040B0A4
:0040B03F 67
BYTE 067h
:0040B040 65
BYTE 065h
:0040B041 7201
jb 0040B044
|:0040AFFC(C), :0040B0B4(C)
|
:0040B043 084361
:0040B046 6C
:0040B047 6C
:0040B048 48
:0040B049 65

or byte ptr [ebx+61], al
insb
insb
dec eax
BYTE 065h
:0040B04A
:0040B04B
:0040B04D
:0040B04E
:0040B04F
:0040B050
:0040B051
6C
7007
42
6F
6F
6C
65
:0040B052 61
:0040B053 6E
insb
jo 0040B054
inc edx
outsd
outsd
insb
BYTE 065h
popad
outsb

|:0040B04B(C)
|
:0040B054 07
pop es
:0040B055 42
inc edx
:0040B056 6F
outsd
:0040B057 6F
outsd
:0040B058 6C
insb
:0040B059 65
BYTE 065h
:0040B05A 61
popad
|:0040AFE5(C)
|
:0040B05B 6E
:0040B05C A8B0
:0040B05E 40
:0040B05F 00000000000000000000
:0040B069 00000000000000000000
:0040B073 000000000000000000
:0040B07C
:0040B07E
:0040B07F
:0040B082
A8B0
40
000C00
0000
test al, B0
inc eax
:0040B084
:0040B088
:0040B08C
:0040B090
:0040B094
84694000
282E4000
342E4000
382E4000
3C2E4000
DWORD
DWORD
DWORD
DWORD
DWORD
|:0040B032(C)
|
:0040B098 302E4000
:0040B09C B42B4000
:0040B0A0 C82B4000
outsb
test al, B0
inc eax
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
00406984
00402E28
00402E34
00402E38
00402E3C

DWORD 00402E30
DWORD 00402BB4
DWORD 00402BC8

|:0040B03D(C)
|
:0040B0A4 102C4000
DWORD 00402C10
:0040B0A8
:0040B0AA
:0040B0AB
:0040B0AD
0C45
53
7472
65
or al, 45
push ebx
je 0040B11F
BYTE 065h
:0040B0AE
:0040B0AF
:0040B0B0
:0040B0B1
:0040B0B3
61
6D
45
7272
6F
popad
insd
inc ebp
jb 0040B125
outsd
:0040B0B4 728D4000
:0040B0B8 04B14000
DWORD 00408D72
DWORD 0040B104
:0040B0BC 00000000000000000000
:0040B0C6 00000000000000000000
:0040B0D0 0000000000000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
:0040B0D8
:0040B0DA
:0040B0DB
:0040B0DE
04B1
40
000C00
0000
add
inc
add
add
:0040B0E0
:0040B0E4
:0040B0E8
:0040B0EC
:0040B0F0
:0040B0F4
:0040B0F8
:0040B0FC
:0040B100
5CB04000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
al, B1
eax
byte ptr [eax], al
0040B05C
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:0040B104 0D45464372
:0040B109 65
or eax, 72434645
BYTE 065h
:0040B10A
:0040B10B
:0040B10D
:0040B10E
:0040B110
:0040B111
:0040B113
:0040B117
:0040B121
:0040B12B
61
7465
45
7272
6F
728B
C060B140
00000000000000000000
00000000000000000000
000000000000000000
popad
je 0040B172
inc ebp
jb 0040B182
outsd
jb 0040B09E
shl byte ptr [eax-4F], 40
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0040B134
:0040B135
:0040B137
:0040B13A
60
B140
000C00
0000
pushad
mov cl, 40
:0040B13C 5CB04000
:0040B140 282E4000
DWORD 0040B05C
DWORD 00402E28
:0040B144
:0040B148
:0040B14C
:0040B150
:0040B154
:0040B158
:0040B15C
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:0040B160
:0040B163
:0040B164
:0040B166
:0040B167
:0040B168
:0040B16A
:0040B16B
:0040B16D
:0040B16F
:0040B179
:0040B183
0B4546
4F
7065
6E
45
7272
6F
72B8
B140
00000000000000000000
00000000000000000000
000000000000000000

dec edi
jo 0040B1CB
outsb
inc ebp
jb 0040B1DC
outsd
jb 0040B125
mov cl, 40
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0040B18C B8B140000C
:0040B191 000000
mov eax, 0C0040B1

BYTE 3 DUP(0)
:0040B194
:0040B198
:0040B19C
:0040B1A0
:0040B1A4
:0040B1A8
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
5CB04000
282E4000
342E4000
382E4000
3C2E4000
302E4000
0040B05C
00402E28
00402E34
00402E38
00402E3C
00402E30
|:0040B21A(C)
|
:0040B1AC B42B4000
:0040B1B0 C82B4000
:0040B1B4 102C4000
:0040B1B8
:0040B1BB
:0040B1C3
:0040B1C5
:0040B1C7
:0040B1D1
:0040B1DB

imul ebp, dword ptr [ebp+72], 6F727245
jb 0040B1D5
mov dl, 40
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
0B4546
696C65724572726F
7210
B240
00000000000000000000
00000000000000000000
000000000000000000
DWORD 00402BB4
DWORD 00402BC8
DWORD 00402C10
:0040B1E4 10B240000C00
:0040B1EA 0000
adc byte ptr [edx+000C0040], dh

:0040B1EC
:0040B1F0
:0040B1F4
:0040B1F8
:0040B1FC
DWORD
DWORD
DWORD
DWORD
DWORD
6CB14000
282E4000
342E4000
382E4000
3C2E4000
0040B16C
00402E28
00402E34
00402E38
00402E3C
:0040B200
:0040B204
:0040B208
:0040B20C
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
00402E30
00402BB4
00402BC8
00402C10
:0040B210 0A4552
:0040B213 65

BYTE 065h
:0040B214 61
:0040B215 64
popad
BYTE 064h
:0040B216
:0040B217
:0040B219
:0040B21A
:0040B21C
:0040B221
:0040B22B
inc ebp
jb 0040B28B
outsd
jb 0040B1AC
push 000040B2
BYTE 10 DUP(0)
BYTE 10 DUP(0)
45
7272
6F
7290
68B2400000
00000000000000000000
00000000000000000000
|:0040B273(C)
|
:0040B235 00000000000000
:0040B23C 68B240000C
:0040B241 000000
:0040B244
:0040B248
:0040B24C
:0040B250
:0040B254
:0040B258
:0040B25C
:0040B260
:0040B264
6CB14000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040B268
:0040B26B
:0040B26D
:0040B26F
:0040B270
:0040B272
:0040B273
:0040B275
:0040B277
:0040B281
0B4557
7269
7465
45
7272
6F
72C0
B240
00000000000000000000
00000000000000000000

jb 0040B2D6
je 0040B2D4
inc ebp
jb 0040B2E4
outsd
jb 0040B235
mov dl, 40
BYTE 10 DUP(0)
BYTE 10 DUP(0)
|:0040B217(C)
|
:0040B28B 000000000000000000
:0040B294 C0
:0040B295 B240
:0040B297 000C00
BYTE 7 DUP(0)
push 0C0040B2
BYTE 3 DUP(0)
0040B16C
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10

BYTE 9 DUP(0)
BYTE 0d0h
mov dl, 40
:0040B29A 0000
:0040B29C
:0040B2A0
:0040B2A4
:0040B2A8
:0040B2AC
:0040B2B0
:0040B2B4
:0040B2B8
:0040B2BC
6CB14000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040B2C0
:0040B2C1
:0040B2C2
:0040B2C3
:0040B2C4
:0040B2C5
:0040B2C7
:0040B2C8
:0040B2C9
:0040B2CB
:0040B2CC
:0040B2CE
0E
45
43
6C
61
7373
4E
6F
7446
6F
756E
64
push cs
inc ebp
inc ebx
insb
popad
jnb 0040B33A
dec esi
outsd
je 0040B311
outsd
jne 0040B33C
BYTE 064h
:0040B2CF
:0040B2D0
:0040B2D2
:0040B2D3
:0040B2DD
:0040B2E7
90
1CB3
40
00000000000000000000
00000000000000000000
000000000000000000
nop
sbb al,
inc eax
BYTE 10
BYTE 10
BYTE 9
:0040B2F0
:0040B2F2
:0040B2F3
:0040B2F6
1CB3
40
000C00
0000
sbb
inc
add
add
:0040B2F8
:0040B2FC
:0040B300
:0040B304
:0040B308
:0040B30C
:0040B310
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
0040B16C
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
B3
DUP(0)
DUP(0)
DUP(0)
al, B3
eax
byte ptr [eax], al
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4

|:0040B382(C)
|
:0040B314 C82B4000
DWORD 00402BC8
:0040B318 102C4000
DWORD 00402C10
:0040B31C 0C45
:0040B31E 52
:0040B31F 65
or al, 45
push edx
BYTE 065h
:0040B320
:0040B322
:0040B323
:0040B325
:0040B326
734E
6F
7446
6F
756E
jnb 0040B370
outsd
je 0040B36B
outsd
jne 0040B396
:0040B328 648D4000
:0040B32C 78B34000
DWORD 00408D64
DWORD 0040B378
:0040B330 00000000000000000000
BYTE 10 DUP(0)

|:0040B2C5(C)
|
:0040B33A 00000000000000000000
BYTE 10 DUP(0)
:0040B344 0000000000000000
BYTE 8 DUP(0)
:0040B34C
:0040B34E
:0040B34F
:0040B352
78B3
40
000C00
0000
js 0040B301
inc eax
:0040B354
:0040B358
:0040B35C
:0040B360
:0040B364
:0040B368
:0040B36C
:0040B370
:0040B374
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040B378
:0040B37B
:0040B382
:0040B384
:0040B385
:0040B387
:0040B391
:0040B39B
0A454C
6973744572726F
7290
D0
B340
00000000000000000000
00000000000000000000
000000000000000000
or al, byte ptr [ebp+4C]

imul esi, dword ptr [ebx+74], 6F727245
jb 0040B314
BYTE 0d0h
mov bl, 40
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0040B3A4
:0040B3A5
:0040B3A7
:0040B3AA
D0
B340
000C00
0000
BYTE 0d0h
mov bl, 40
:0040B3AC
:0040B3B0
:0040B3B4
:0040B3B8
:0040B3BC
:0040B3C0
:0040B3C4
:0040B3C8
:0040B3CC
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:0040B3D0
:0040B3D3
:0040B3DB
:0040B3DC
:0040B3E3
:0040B3ED
:0040B3F7
0A4542
6974734572726F72
90
28B44000000000
00000000000000000000
00000000000000000000
0000000000

imul esi, dword ptr [ebx+2*esi+45], 726F7272
nop
sub byte ptr [eax+2*eax], dh
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 5 DUP(0)
:0040B3FC
:0040B403
:0040B40A
:0040B40B
:0040B40E
:0040B40F
:0040B411
28B440000C0000
0084694000282E
40
00342E
40
0038
2E
sub byte ptr

add byte ptr
inc eax
add byte ptr
inc eax
add byte ptr
BYTE 02eh
:0040B412
:0040B413
:0040B416
:0040B417
:0040B419
40
003C2E
40
0030
2E
inc eax
add byte ptr [esi+ebp], bh
inc eax
BYTE 02eh
:0040B41A
:0040B41B
:0040B422
:0040B423
:0040B425
:0040B427
:0040B429
:0040B42A
:0040B42B
:0040B42D
:0040B434
:0040B435
:0040B437
40
00B42B4000C82B
40
0010
2C40
0010
45
53
7472
696E674C697374
45
7272
6F
inc eax
add byte ptr [ebx+ebp+2BC80040], dh
inc eax
sub al, 40
inc ebp
push ebx
je 0040B49F
imul ebp, dword ptr [esi+67], 7473694C
inc ebp
jb 0040B4A9
outsd
[eax+2*eax+00000C00], dh
[ecx+2*ebp+2E280040], al
[esi+ebp], dh
[eax], bh
:0040B438 728D4000
:0040B43C 88B44000
DWORD 00408D72
DWORD 0040B488
:0040B440 00000000000000000000
:0040B44A 00000000000000000000
:0040B454 0000000000000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
:0040B45C
:0040B463
:0040B46A
:0040B46B
:0040B46E
:0040B46F
:0040B471
mov byte ptr

add byte ptr
inc eax
add byte ptr
inc eax
add byte ptr
BYTE 02eh
88B440000C0000
0084694000282E
40
00342E
40
0038
2E
:0040B472 40
:0040B473 003C2E
[eax+2*eax+00000C00], dh
[ecx+2*ebp+2E280040], al
[esi+ebp], dh
[eax], bh
inc eax
:0040B476 40
:0040B477 0030
:0040B479 2E
inc eax
BYTE 02eh
:0040B47A
:0040B47B
:0040B482
:0040B483
:0040B485
:0040B487
:0040B489
:0040B48A
:0040B48B
:0040B48C
:0040B48D
:0040B48F
:0040B490
40
00B42B4000C82B
40
0010
2C40
000F
45
43
6F
6D
706F
6E
65
inc eax
inc eax
sub al, 40
add byte ptr [edi], cl
inc ebp
inc ebx
outsd
insd
jo 0040B4FE
outsb
BYTE 065h
:0040B491
:0040B492
:0040B494
:0040B496
:0040B497
:0040B499
:0040B49B
:0040B4A5
:0040B4AF
6E
7445
7272
6F
72E4
B440
00000000000000000000
00000000000000000000
000000000000000000
outsb
je 0040B4D9
jb 0040B508
outsd
jb 0040B47D
mov ah, 40
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0040B4B8
:0040B4BA
:0040B4BB
:0040B4BD
E4B4
40
0010
000000
in al, B4
inc eax
BYTE 3 DUP(0)
:0040B4C0
:0040B4C4
:0040B4C8
:0040B4CC
:0040B4D0
:0040B4D4
:0040B4D8
:0040B4DC
:0040B4E0
9C6A4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
28894000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040B4E4
:0040B4E8
:0040B4EA
:0040B4EC
0F454F75
744F
6652
65
cmovne ecx, dword ptr [edi+75]

je 0040B539
push dx
BYTE 065h
:0040B4ED
:0040B4EF
:0040B4F1
:0040B4F4
:0040B4F5
736F
7572
636573
40
B540
jnb 0040B55E
jne 0040B563
inc eax
mov ch, 40
00406A9C
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00408928
00402C10
:0040B4F7 00000000000000000000
:0040B501 00000000000000000000
:0040B50B 000000000000000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0040B514
:0040B515
:0040B517
:0040B51A
40
B540
000C00
0000
inc
mov
add
add
:0040B51C
:0040B520
:0040B524
:0040B528
:0040B52C
:0040B530
:0040B534
:0040B538
:0040B53C
84694000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040B540
:0040B543
:0040B544
:0040B546
:0040B547
:0040B54F
:0040B556
:0040B557
:0040B561
:0040B56B
114549
6E
7661
6C
69644F7065726174
696F6E8BC0A0B5
40
00000000000000000000
00000000000000000000
0000000000
adc dword ptr [ebp+49], eax

outsb
jbe 0040B5A7
insb
imul esp, dword ptr [edi+2*ecx+70], 74617265
imul ebp, dword ptr [edi+6E], B5A0C08B
inc eax
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 5 DUP(0)
eax
ch, 40
byte ptr [eax], al
00406984
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:0040B570 A8B54000
:0040B574 B0B54000
DWORD 0040B5A8
DWORD 0040B5B0
:0040B578 1000
:0040B57A 0000

:0040B57C
:0040B580
:0040B584
:0040B588
:0040B58C
:0040B590
:0040B594
:0040B598
:0040B59C
:0040B5A0
:0040B5A4
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
34CA4000
DCCB4000
20CB4000
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
0040CA34
0040CBDC
0040CB20
:0040B5A8 0100
:0040B5AA FFFF

BYTE 2 DUP(0ffh)
:0040B5AC 84CA
:0040B5AE 40
test dl, cl
inc eax
:0040B5AF
:0040B5B5
:0040B5B7
:0040B5BB
:0040B5C5
:0040B5CF
0005544C6973
748B
C004B640
00000000000000000000
00000000000000000000
000000000000000000
add byte ptr [73694C54], al

je 0040B542
rol byte ptr [esi+4*esi], 40
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0040B5D8
:0040B5DA
:0040B5DB
:0040B5DD
04B6
40
0020
000000
add al, B6
inc eax
BYTE 3 DUP(0)
:0040B5E0
:0040B5E4
:0040B5E8
:0040B5EC
:0040B5F0
:0040B5F4
:0040B5F8
:0040B5FC
:0040B600
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
B8CE4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040B604
:0040B608
:0040B60A
:0040B60B
0B545468
7265
61
64
or edx, dword ptr [esp+2*edx+68]

jb 0040B66F
popad
BYTE 064h
:0040B60C
:0040B60D
:0040B614
:0040B61E
:0040B628
4C
6973745CB64000
00000000000000000000
00000000000000000000
0000000000000000
dec esp
imul esi, dword ptr [ebx+74], 0040B65C
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
:0040B630
:0040B631
:0040B633
:0040B636
5C
B640
000C00
0000
pop
mov
add
add
:0040B638
:0040B63C
:0040B640
:0040B644
:0040B648
:0040B64C
:0040B650
:0040B654
:0040B658
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
04D04000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040B65C
:0040B661
:0040B663
:0040B664
:0040B666
0554426974
738B
C0
B0B6
40
add eax, 74694254

jnb 0040B5EE
BYTE 0d0h
mov al, B6
inc eax
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
0040CEB8
esp
dh, 40
byte ptr [eax], al
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
0040D004
:0040B667 00000000000000000000
:0040B671 000000
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0040B674 DCB640000000
:0040B67A 000000000000
fdiv qword ptr [esi+00000040]

BYTE 6 DUP(0)
:0040B680 BCB64000
:0040B684 CAB64000
DWORD 0040B6BC
DWORD 0040B6CA
:0040B688 0400
:0040B68A 0000
add al, 00
:0040B68C
:0040B690
:0040B694
:0040B698
:0040B69C
:0040B6A0
:0040B6A4
:0040B6A8
:0040B6AC
:0040B6B0
:0040B6B4
:0040B6B8
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
DCD14000
0CD34000
14D34000
08D24000
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
0040D1DC
0040D30C
0040D314
0040D208
:0040B6BC 0200
:0040B6BE FFFF

BYTE 2 DUP(0ffh)
:0040B6C0
:0040B6C1
:0040B6C3
:0040B6C6
:0040B6C8
:0040B6C9
:0040B6CB
:0040B6CC
:0040B6CD
FE
FFC8
D34000
18D3
40
000B
54
50
65
BYTE 0feh
dec eax
rol dword ptr [eax+00], cl
sbb bl, dl
inc eax
add byte ptr [ebx], cl
push esp
push eax
BYTE 065h
:0040B6CE
:0040B6D0
:0040B6D7
:0040B6DA
:0040B6DB
:0040B6DD
:0040B6E1
:0040B6E3
:0040B6EA
:0040B6EC
:0040B6EE
:0040B6F1
:0040B6F3
:0040B6F4
:0040B6F5
7273
697374656E748B
C0DCB6
40
0007
0B545065
7273
697374656E74B0
B640
00DC
104000
0000
07
43
6C
jb 0040B743
imul esi, dword ptr [ebx+74], 8B746E65
rcr ah, B6
inc eax
or edx, dword ptr [eax+2*edx+65]
jb 0040B756
imul esi, dword ptr [ebx+74], B0746E65
mov dh, 40
add ah, bl
pop es
inc ebx
insb
:0040B6F6 61
:0040B6F7 7373
:0040B6F9 65
popad
jnb 0040B76C
BYTE 065h
:0040B6FA 7300
jnb 0040B6FC

|:0040B6FA(C)
|
:0040B6FC 008D4000
DWORD 00408D00
:0040B700 04B74000
DWORD 0040B704
:0040B704 0F
:0040B705 0F495374
:0040B709 7269
BYTE 0fh
cmovns edx, dword ptr [ebx+74]
jb 0040B774

|:0040B71D(C)
|
:0040B70B 6E
outsb
:0040B70C 677341
jnb 0040B750
:0040B70F 64
BYTE 064h
:0040B710 61
:0040B711 7074
:0040B713 65
popad
jo 0040B787
BYTE 065h
:0040B714
:0040B716
:0040B719
:0040B71C
:0040B71D
:0040B71F
:0040B720
:0040B722
:0040B723
:0040B724
:0040B726
:0040B727
:0040B72C
:0040B72D
:0040B72E
:0040B730
jb 0040B712
add dword ptr [edi+ebp], esi
pushfd
jnb 0040B70B
push edx
rcl byte ptr [ecx], 1
sahf
cmpsb
scasd
cmp eax, 4307DA82
insb
popad
jnb 0040B7A3
BYTE 065h
72FC
104000
01342F
9C
73EC
52
D011
9E
A6
0020
AF
3D82DA0743
6C
61
7373
65
:0040B731 7300
jnb 0040B733

|:0040B731(C)
|
:0040B733 0080B7400000
add byte ptr [eax+000040B7], al
:0040B739 00000000000000
BYTE 7 DUP(0)
:0040B740 F0B74000
:0040B744 10B84000
DWORD 0040B7F0
DWORD 0040B810
:0040B748 00000000000000000000
:0040B752 0000
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:0040B754 02B840000C00
:0040B75A 0000
add bh, byte ptr [eax+000C0040]

:0040B75C
:0040B760
:0040B764
:0040B768
DWORD
DWORD
DWORD
DWORD
64B64000
282E4000
342E4000
382E4000
0040B664
00402E28
00402E34
00402E38

|:0040B6F7(C)
|
:0040B76C 3C2E4000
DWORD 00402E3C
:0040B770 302E4000
DWORD 00402E30
|:0040B709(C)
|
:0040B774 B42B4000
:0040B778 C82B4000
:0040B77C 40D44000
:0040B780 0CD34000
:0040B784 50D64000
:0040B788 70D54000
:0040B78C F8274000
:0040B790 7CD84000
:0040B794 F8274000
:0040B798 84D84000
|:0040B80A(C)
|
:0040B79C DCD84000
:0040B7A0 24DC4000
:0040B7A4 54DC4000
:0040B7A8 BCDD4000
:0040B7AC 44DE4000
:0040B7B0 04DF4000
:0040B7B4 70D44000
:0040B7B8 94D44000
:0040B7BC B8D44000
:0040B7C0 F8274000
:0040B7C4 F8274000
:0040B7C8 94D74000
:0040B7CC 88D84000
:0040B7D0 C4D94000
:0040B7D4 F8274000
:0040B7D8 74DA4000
:0040B7DC C8DA4000
:0040B7E0 74DB4000
:0040B7E4 08DD4000
:0040B7E8 60DD4000
:0040B7EC F4DD4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402BB4
00402BC8
0040D440
0040D30C
0040D650
0040D570
004027F8
0040D87C
004027F8
0040D884
0040D8DC
0040DC24
0040DC54
0040DDBC
0040DE44
0040DF04
0040D470
0040D494
0040D4B8
004027F8
004027F8
0040D794
0040D888
0040D9C4
004027F8
0040DA74
0040DAC8
0040DB74
0040DD08
0040DD60
0040DDF4
:0040B7F0 0E
:0040B7F1 0000000000
push cs
BYTE 5 DUP(0)
:0040B7F6 0100
:0040B7F8 000000

BYTE 3 DUP(0)
:0040B7FB B740
:0040B7FD 0008
:0040B7FF 000000
mov bh, 40
BYTE 3 DUP(0)
:0040B802
:0040B806
:0040B808
:0040B809
:0040B80C
:0040B812
:0040B813
:0040B814
:0040B816
:0040B81D
:0040B81F
:0040B821
08545374
7269
6E
677390
10B840000708
54
53
7472
696E677380B740
00D8
B640
000000
or byte ptr [ebx+2*edx+74], dl

jb 0040B871
outsb
jnb 0040B79C
adc byte ptr [eax+08070040], bh
push esp
push ebx
je 0040B888
imul ebp, dword ptr [esi+67], 40B78073
add al, bl
mov dh, 40
BYTE 3 DUP(0)
:0040B824
:0040B825
:0040B826
:0040B827
:0040B828
:0040B82A
07
43
6C
61
7373
65
pop es
inc ebx
insb
popad
jnb 0040B89D
BYTE 065h
:0040B82B 7300
jnb 0040B82D
|:0040B82B(C)
|
:0040B82D 008BC034B840
:0040B833 000E
:0040B835 0B545374
:0040B839 7269
:0040B83B 6E
:0040B83C 6749
:0040B83E 7465
:0040B840 6D
:0040B841 0800
:0040B843 0000
:0040B845 0100
:0040B847 0000
:0040B849 7C10
:0040B84B 40
:0040B84C 0000000000
:0040B851 8D4000
add byte ptr [ebx+40B834C0], cl

add byte ptr [esi], cl
or edx, dword ptr [ebx+2*edx+74]
jb 0040B8A4
outsb
dec ecx
je 0040B8A5
insd
jl 0040B85B
inc eax
BYTE 5 DUP(0)
:0040B854 A0B8400000
:0040B859 00000000000000000000
mov al, byte ptr [000040B8]

BYTE 10 DUP(0)
:0040B863 00
BYTE 0
:0040B864 30B940000000
:0040B86A 00000000000000000000
xor byte ptr [ecx+00000040], bh

BYTE 10 DUP(0)
:0040B874 20B940002C00
:0040B87A 0000
and byte ptr [ecx+002C0040], bh

:0040B87C 34B74000
:0040B880 282E4000
:0040B884 342E4000
DWORD 0040B734
DWORD 00402E28
DWORD 00402E34
|:0040B814(C)
|
:0040B888 382E4000
:0040B88C 3C2E4000
:0040B890 302E4000
:0040B894 B42B4000
:0040B898 C82B4000
:0040B89C 8CDF4000
:0040B8A0 0CD34000
|:0040B839(C)
|
:0040B8A4 50D64000
:0040B8A8 70D54000
:0040B8AC B8E24000
:0040B8B0 28E34000
:0040B8B4 2CE34000
:0040B8B8 30E34000
:0040B8BC DCD84000
:0040B8C0 F8E44000
:0040B8C4 94E54000
:0040B8C8 C8E64000
:0040B8CC 44DE4000
:0040B8D0 00E74000
:0040B8D4 E8DF4000
:0040B8D8 94D44000
:0040B8DC B8D44000
:0040B8E0 B8E04000
:0040B8E4 F0E04000
:0040B8E8 90E14000
:0040B8EC 88D84000
:0040B8F0 CCE34000
:0040B8F4 04E44000
:0040B8F8 74DA4000
:0040B8FC C8DA4000
:0040B900 74DB4000
:0040B904 08DD4000
:0040B908 60DD4000
:0040B90C F4DD4000
:0040B910 80E04000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402E38
00402E3C
00402E30
00402BB4
00402BC8
0040DF8C
0040D30C
0040D650
0040D570
0040E2B8
0040E328
0040E32C
0040E330
0040D8DC
0040E4F8
0040E594
0040E6C8
0040DE44
0040E700
0040DFE8
0040D494
0040D4B8
0040E0B8
0040E0F0
0040E190
0040D888
0040E3CC
0040E404
0040DA74
0040DAC8
0040DB74
0040DD08
0040DD60
0040DDF4
0040E080
:0040B914 9CE04000
:0040B918 50E24000
:0040B91C 10E74000
DWORD 0040E09C
DWORD 0040E250
DWORD 0040E710
:0040B920
:0040B924
:0040B926
:0040B927
:0040B929
:0040B930
:0040B931
:0040B935
:0040B937
:0040B938
:0040B93A
:0040B941
:0040B943
:0040B944
0B545374
7269
6E
674C
69737430B94000
07
0B545374
7269
6E
674C
697374A0B84000
0CB8
40
000000

jb 0040B98F
outsb
dec esp
imul esi, dword ptr [ebx+74], 0040B930
pop es
jb 0040B9A0
outsb
dec esp
imul esi, dword ptr [ebx+74], 0040B8A0
or al, B8
inc eax
BYTE 3 DUP(0)
:0040B947
:0040B948
:0040B949
:0040B94A
:0040B94B
:0040B94D
07
43
6C
61
7373
65
pop es
inc ebx
insb
popad
jnb 0040B9C0
BYTE 065h
:0040B94E 7300
jnb 0040B950

|:0040B94E(C)
|
:0040B950 008D4000
DWORD 00408D00
:0040B954 A0B94000
DWORD 0040B9A0
:0040B958 00000000000000000000
:0040B962 00000000000000000000
:0040B96C 0000000000000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
:0040B974
:0040B976
:0040B977
:0040B97A
B0B9
40
000400
0000
mov
inc
add
add
:0040B97C
:0040B980
:0040B984
:0040B988
:0040B98C
:0040B990
:0040B994
:0040B998
:0040B99C
:0040B9A0
:0040B9A4
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
8CE74000
F8274000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
al, B9
eax
byte ptr [eax+eax], al
byte ptr [eax], al
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
0040E78C
004027F8

|:0040B934(C)
|
:0040B9A8 F8274000
DWORD 004027F8
:0040B9AC F8274000
DWORD 004027F8
:0040B9B0
:0040B9B1
:0040B9B2
:0040B9B3
:0040B9B5
07
54
53
7472
65
pop es
push esp
push ebx
je 0040BA27
BYTE 065h
:0040B9B6
:0040B9B7
:0040B9B8
:0040B9BA
:0040B9BB
:0040B9C5
:0040B9CF
61
6D
04BA
40
00000000000000000000
00000000000000000000
000000000000000000
popad
insd
add al,
inc eax
BYTE 10
BYTE 10
BYTE 9
:0040B9D8
:0040B9DA
:0040B9DB
:0040B9DD
14BA
40
0008
000000
adc al, BA
inc eax
BYTE 3 DUP(0)
BA
DUP(0)
DUP(0)
DUP(0)
|:0040BA24(C)
|
:0040B9E0 54B94000
:0040B9E4 282E4000
:0040B9E8 342E4000
:0040B9EC 382E4000
:0040B9F0 3C2E4000
:0040B9F4 302E4000
:0040B9F8 B42B4000
:0040B9FC C82B4000
:0040BA00 102C4000
:0040BA04 14E94000
:0040BA08 E8E84000
:0040BA0C F8E84000
:0040BA10 08E94000
:0040BA14 0D5448616E
:0040BA19 64
or eax, 6E614854
BYTE 064h
:0040BA1A 6C
:0040BA1B 65
insb
BYTE 065h
:0040BA1C 53
:0040BA1D 7472
push ebx
je 0040BA91
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
0040B954
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
0040E914
0040E8E8
0040E8F8
0040E908
:0040BA1F 65
BYTE 065h
:0040BA20
:0040BA21
:0040BA22
:0040BA24
:0040BA26
popad
insd
mov eax, eax
jo 0040B9E0
inc eax
61
6D
8BC0
70BA
40
|:0040B9B3(C)
|
:0040BA27 00000000000000000000
:0040BA31 00000000000000000000
:0040BA3B 000000000000000000
:0040BA44 80BA4000080000
:0040BA4B 00B8B9400028
:0040BA51 2E
cmp byte ptr [edx+00080040], 00

add byte ptr [eax+280040B9], bh
BYTE 02eh
:0040BA52
:0040BA53
:0040BA56
:0040BA57
:0040BA59
40
00342E
40
0038
2E
inc eax
add byte ptr [esi+ebp], dh
inc eax
BYTE 02eh
:0040BA5A
:0040BA5B
:0040BA5E
:0040BA5F
:0040BA61
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0040BA62
:0040BA63
:0040BA6A
:0040BA6B
:0040BA6D
40
00B42B4000C82B
40
0030
EA400014E94000
inc
add
inc
add
jmp
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
eax
byte ptr [ebx+ebp+2BC80040], dh
eax
byte ptr [eax], dh
0040:E9140040
:0040BA74 E8E84000
:0040BA78 F8E84000
:0040BA7C 08E94000
DWORD 0040E8E8
DWORD 0040E8F8
DWORD 0040E908
:0040BA80 0B544669
:0040BA84 6C
:0040BA85 65
or edx, dword ptr [esi+2*eax+69]

insb
BYTE 065h
:0040BA86 53
:0040BA87 7472
:0040BA89 65
push ebx
je 0040BAFB
BYTE 065h
:0040BA8A 61
:0040BA8B 6D
:0040BA8C D8BA40000000
popad
insd
fdivr dword ptr [edx+00000040]
:0040BA92 00000000000000000000
:0040BA9C 00000000000000000000
:0040BAA6 000000000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 6 DUP(0)
:0040BAAC E8BA400010
:0040BAB1 000000
call 1040FB6B
BYTE 3 DUP(0)
:0040BAB4
:0040BAB8
:0040BABC
:0040BAC0
:0040BAC4
:0040BAC8
:0040BACC
:0040BAD0
:0040BAD4
:0040BAD8
:0040BADC
:0040BAE0
:0040BAE4
54B94000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
8CE74000
60EA4000
F8274000
98EA4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040BAE8
:0040BAEC
:0040BAEE
:0040BAEF
:0040BAF0
:0040BAF1
13544375
7374
6F
6D
4D
65
adc edx, dword ptr [ebx+2*eax+75]

jnb 0040BB62
outsd
insd
dec ebp
BYTE 065h
:0040BAF2
:0040BAF3
:0040BAF4
:0040BAF6
:0040BAF7
:0040BAF9
6D
6F
7279
53
7472
65
insd
outsd
jb 0040BB6F
push ebx
je 0040BB6B
BYTE 065h
:0040BAFA
:0040BAFB
:0040BAFC
:0040BAFD
:0040BB02
:0040BB0C
:0040BB16
61
6D
48
BB40000000
00000000000000000000
00000000000000000000
000000000000
popad
insd
dec eax
mov ebx, 00000040
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 6 DUP(0)
0040B954
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
0040E78C
0040EA60
004027F8
0040EA98
:0040BB1C 5C
:0040BB1D BB40001400
:0040BB22 0000
pop esp
mov ebx, 00140040
:0040BB24
:0040BB28
:0040BB2C
:0040BB30
:0040BB34
:0040BB38
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
8CBA4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
0040BA8C
00402E28
00402E34
00402E38
00402E3C
00402E30
:0040BB3C
:0040BB40
:0040BB44
:0040BB48
:0040BB4C
:0040BB50
:0040BB54
:0040BB58
B42B4000
C82B4000
BCEA4000
28EB4000
60EA4000
14EC4000
98EA4000
54EB4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00402BB4
00402BC8
0040EABC
0040EB28
0040EA60
0040EC14
0040EA98
0040EB54
:0040BB5C
:0040BB61
:0040BB62
:0040BB64
:0040BB65
:0040BB67
0D544D656D
6F
7279
53
7472
65
or eax, 6D654D54
outsd
jb 0040BBDD
push ebx
je 0040BBD9
BYTE 065h
:0040BB68
:0040BB69
:0040BB6A
:0040BB6C
:0040BB71
:0040BB7B
:0040BB85
61
6D
8BC0
B8BB400000
00000000000000000000
00000000000000000000
00000000000000
popad
insd
mov eax, eax
mov eax, 000040BB
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 7 DUP(0)
:0040BB8C C8BB4000
:0040BB90 1800
:0040BB92 0000
enter 40BB, 00
sbb byte ptr [eax], al
:0040BB94
:0040BB98
:0040BB9C
:0040BBA0
:0040BBA4
:0040BBA8
:0040BBAC
:0040BBB0
:0040BBB4
:0040BBB8
:0040BBBC
:0040BBC0
:0040BBC4
8CBA4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
ACED4000
8CE74000
60EA4000
E4ED4000
98EA4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040BBC8
:0040BBC9
:0040BBCA
:0040BBCB
0F
54
52
65
BYTE
push
push
BYTE
:0040BBCC
:0040BBCE
:0040BBD0
:0040BBD3
:0040BBD5
736F
7572
636553
7472
65
jnb 0040BC3D
jne 0040BC42
je 0040BC47
BYTE 065h
:0040BBD6 61
0040BA8C
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
0040EDAC
0040E78C
0040EA60
0040EDE4
0040EA98
popad
0fh
esp
edx
065h
:0040BBD7 6D
:0040BBD8 CC
insd
int 03
|:0040BB65(C)
|
:0040BBD9 83442404EC
:0040BBDE 8B442404
:0040BBE2 8B00
:0040BBE4 FF20
:0040BBE6 83442404EC
:0040BBEB 8B442404
:0040BBEF 8B00
:0040BBF1 FF6004
:0040BBF4 83442404EC
:0040BBF9 8B442404
:0040BBFD 8B00
:0040BBFF FF6008
:0040BC02 83442404EC
:0040BC07 8B442404
:0040BC0B 8B00
:0040BC0D FF600C
:0040BC10 83442404EC
:0040BC15 8B442404
:0040BC19 8B00
:0040BC1B FF6010
:0040BC1E 83442404EC
:0040BC23 8B442404
:0040BC27 8B00
:0040BC29 FF6014
:0040BC2C 83442404EC
:0040BC31 8B442404
:0040BC35 8B00
:0040BC37 FF6018
:0040BC3A 83442404EC
:0040BC3F 8B442404
:0040BC43 8B00
:0040BC45 FF601C
:0040BC48 83442404EC
:0040BC4D 8B442404
:0040BC51 8B00
:0040BC53 FF6020
:0040BC56 83442404EC
:0040BC5B 8B442404
:0040BC5F 8B00
:0040BC61 FF6024
:0040BC64 83442404EC
:0040BC69 8B442404
:0040BC6D 8B00
:0040BC6F FF6028
:0040BC72 83442404EC
:0040BC77 E95092FFFF
:0040BC7C 83442404EC
:0040BC81 E96E92FFFF
:0040BC86 83442404EC
:0040BC8B E97892FFFF
:0040BC90 CC
:0040BC91 CC
:0040BC92 72BC4000
DWORD 0040BC72
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
mov
mov
jmp
add
jmp
add
jmp
add
jmp
int
int
dword ptr [esp+04], FFFFFFEC

dword ptr [eax]
[eax+04]
[eax+08]
[eax+0C]
[eax+10]
[eax+14]
[eax+18]
[eax+1C]
[eax+20]
[eax+24]
[eax+28]
00404ECC
00404EF4
00404F08
03
03
:0040BC96
:0040BC9A
:0040BC9E
:0040BCA2
:0040BCA6
:0040BCAA
:0040BCAE
:0040BCB2
:0040BCB6
:0040BCBA
:0040BCBE
:0040BCC2
:0040BCC6
7CBC4000
86BC4000
D9BB4000
E6BB4000
F4BB4000
02BC4000
10BC4000
1EBC4000
2CBC4000
3ABC4000
48BC4000
56BC4000
64BC4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
0040BC7C
0040BC86
0040BBD9
0040BBE6
0040BBF4
0040BC02
0040BC10
0040BC1E
0040BC2C
0040BC3A
0040BC48
0040BC56
0040BC64
:0040BCCA
:0040BCCC
:0040BCCE
:0040BCD0
0100
0000
0C00
000000000000

or al, 00
BYTE 6 DUP(0)
:0040BCD6 C00000
:0040BCD9 00000000

BYTE 4 DUP(0)
:0040BCDD
:0040BCDE
:0040BCDF
:0040BCE4
inc esi
xchg eax,edx
mov esp, 00140040
BYTE 6 DUP(0)
46
92
BC40001400
000000000000
:0040BCEA 8BC0
mov eax, eax
:0040BCEC 38BD4000
:0040BCF0 CABC4000
DWORD 0040BD38
DWORD 0040BCCA
:0040BCF4 00000000000000000000
:0040BCFE 00000000000000000000
:0040BD08 00000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 4 DUP(0)
:0040BD0C 64
BYTE 064h
:0040BD0D BD40001800
:0040BD12 0000
mov ebp, 00180040

:0040BD14
:0040BD18
:0040BD1C
:0040BD20
:0040BD24
:0040BD28
:0040BD2C
:0040BD30
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
78114000
282E4000
342E4000
BC4E4000
3C2E4000
302E4000
B42B4000
C82B4000
:0040BD34 801F41
:0040BD37 00B81F410020
00401178
00402E28
00402E34
00404EBC
00402E3C
00402E30
00402BB4
00402BC8
sbb byte ptr [edi], 41

add byte ptr [eax+2000411F], bh
:0040BD3D
:0040BD40
:0040BD42
:0040BD43
:0040BD45
:0040BD48
:0040BD4C
:0040BD51
:0040BD54
:0040BD57
:0040BD5E
:0040BD5F
:0040BD61
:0040BD64
:0040BD65
:0040BD66
:0040BD67
:0040BD69
204100
8820
41
0000
214100
64214100
6822410074
224100
802241
008C2241009822
41
0018
234100
0E
54
53
7472
65
and byte ptr [ecx+00], al

mov byte ptr [eax], ah
inc ecx
and dword ptr [ecx+00], eax
and dword ptr fs:[ecx+00], eax
push 74004122
and al, byte ptr [ecx+00]
and byte ptr [edx], 41
add byte ptr [edx+22980041], cl
inc ecx
and eax, dword ptr [ecx+00]
push cs
push esp
push ebx
je 0040BDDB
BYTE 065h
:0040BD6A
:0040BD6B
:0040BD6C
:0040BD6D
61
6D
41
64
popad
insd
inc ecx
BYTE 064h
:0040BD6E 61
:0040BD6F 7074
:0040BD71 65
popad
jo 0040BDE5
BYTE 065h
:0040BD72
:0040BD74
:0040BD7B
:0040BD85
:0040BD8F
jb 0040BD04
sar byte ptr [ebp+00000040], 00
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 5 DUP(0)
7290
C0BD4000000000
00000000000000000000
00000000000000000000
0000000000
:0040BD94 CC
:0040BD95 BD40002400
:0040BD9A 0000
int 03
mov ebp, 00240040
:0040BD9C
:0040BDA0
:0040BDA4
:0040BDA8
:0040BDAC
:0040BDB0
:0040BDB4
:0040BDB8
:0040BDBC
:0040BDC0
:0040BDC4
:0040BDC8
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
84EE4000
F8274000
F8274000
F8274000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040BDCC
:0040BDCD
:0040BDCE
:0040BDCF
06
54
46
696C65729020BE40
push es
push esp
inc esi
imul ebp, dword ptr [ebp+72], 40BE2090
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
0040EE84
004027F8
004027F8
004027F8
:0040BDD7 000000000000000000
BYTE 9 DUP(0)
:0040BDE0
:0040BDE1
:0040BDE6
:0040BDF0
inc esp
mov esi, 00000040
BYTE 10 DUP(0)
BYTE 4 DUP(0)
44
BE40000000
00000000000000000000
00000000
:0040BDF4 56
:0040BDF5 BE40006400
:0040BDFA 0000
push esi
mov esi, 00640040
:0040BDFC
:0040BE00
:0040BE04
:0040BE08
:0040BE0C
:0040BE10
:0040BE14
:0040BE18
:0040BE1C
:0040BE20
:0040BE24
:0040BE28
:0040BE2C
:0040BE30
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
74BD4000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
D8F34000
38F44000
6CF44000
E4F64000
5CF54000
7CF54000
0040BD74
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
0040F3D8
0040F438
0040F46C
0040F6E4
0040F55C
0040F57C
|:0040BE74(C)
|
:0040BE34 1013
:0040BE36 41
:0040BE37 00F8
:0040BE39 124100
:0040BE3C 3812
:0040BE3E 41
:0040BE3F 00740041
:0040BE43 000E
:0040BE45 0000000000
:0040BE4A
:0040BE4C
:0040BE4E
:0040BE50
:0040BE51
:0040BE54
:0040BE56
:0040BE57
:0040BE58
:0040BE59

jl 0040BE60
inc eax
add byte ptr [eax+00], ah
pop es
push esp
push edx
BYTE 065h
0100
0000
7C10
40
006000
0000
07
54
52
65
:0040BE5A 61
:0040BE5B 64
adc byte ptr [ebx], dl

inc ecx
add al, bh
adc al, byte ptr [ecx+00]
cmp byte ptr [edx], dl
inc ecx
add byte ptr [eax+eax+41], dh
BYTE 5 DUP(0)
popad
BYTE 064h
:0040BE5C 65
BYTE 065h
:0040BE5D
:0040BE5F
:0040BE64
:0040BE66
:0040BE67
:0040BE68
:0040BE69
:0040BE6A
:0040BE6C
:0040BE6D
728B
C064BE4000
0A0E
54
43
6F
6D
706F
6E
65
jb 0040BDEA
shl byte ptr [esi+4*edi+40], 00
or cl, byte ptr [esi]
push esp
inc ebx
outsd
insd
jo 0040BEDB
outsb
BYTE 065h
:0040BE6E
:0040BE6F
:0040BE71
:0040BE72
:0040BE73
6E
744E
61
6D
65
outsb
je 0040BEBF
popad
insd
BYTE 065h
:0040BE74
:0040BE76
:0040BE77
:0040BE79
:0040BE7E
:0040BE85
:0040BE87
:0040BE8A
:0040BE8D
:0040BE8F
:0040BE94
:0040BE96
:0040BE97
:0040BE99
:0040BE9D
:0040BEA2
:0040BEA4
78BE
40
000F
0F49446573
69676E65724E6F
7469
6679FC
104000
0107
E871B9A6E3
D111
AA
B100
C04FB16F
BC07436C61
7373
65
js 0040BE34
inc eax
cmovns eax, dword ptr [ebp+73]
imul esp, dword ptr [edi+6E], 6F4E7265
je 0040BEF0
jns 0040BE86
add dword ptr [edi], eax
call E3E77805
rcl dword ptr [ecx], 1
stosb
mov cl, 00
ror byte ptr [edi-4F], 6F
mov esp, 616C4307
jnb 0040BF17
BYTE 065h
:0040BEA5 7300
jnb 0040BEA7
|:0040BEA5(C)
|
:0040BEA7 00F4
:0040BEA9 BE40000000
:0040BEAE 000000000000
:0040BEB4 24BF4000
:0040BEB8 A4BF4000
DWORD 0040BF24
DWORD 0040BFA4
:0040BEBC 0000000000000000
BYTE 8 DUP(0)
add ah, dh
mov esi, 00000040
BYTE 6 DUP(0)
:0040BEC4 36BF4000
:0040BEC8 92BF4000
DWORD 0040BF36
DWORD 0040BF92
:0040BECC 2400
:0040BECE 0000
:0040BED0 64
and al, 00
BYTE 064h
:0040BED1
:0040BED3
:0040BED6
:0040BED7
:0040BEDA
mov
add
inc
add
inc
B640
00681C
41
00342E
40
dh, 40
byte ptr [eax+1C], ch
ecx
byte ptr [esi+ebp], dh
eax

|:0040BE6A(C)
|
:0040BEDB 0038
:0040BEDD 2E
BYTE 02eh
:0040BEDE
:0040BEDF
:0040BEE2
:0040BEE3
:0040BEE5
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0040BEE6
:0040BEE7
:0040BEEE
:0040BEEF
:0040BEF6
:0040BEF7
:0040BEF9
:0040BEFA
:0040BEFB
:0040BEFD
:0040BF00
:0040BF02
:0040BF03
:0040BF06
:0040BF07
:0040BF0E
:0040BF0F
:0040BF15
:0040BF18
:0040BF1D
:0040BF1F
:0040BF21
:0040BF23
:0040BF25
40
00B42B4000C82B
40
000C1541000CD3
40
00D4
17
41
0008
D24000
A818
41
006817
41
00B4184100E019
41
00801C4100C4
184100
BC18410088
1C41
00C0
1441
000E
0000000000
inc eax
inc eax
add byte ptr [edx+D30C0041], cl
inc eax
add ah, dl
pop ss
inc ecx
rol byte ptr [eax+00], cl
test al, 18
inc ecx
add byte ptr [eax+17], ch
inc ecx
add byte ptr [eax+ebx+19E00041], dh
inc ecx
add byte ptr [eax+C400411C], al
sbb byte ptr [ecx+00], al
mov esp, 88004118
sbb al, 41
add al, al
adc al, 41
BYTE 5 DUP(0)
:0040BF2A
:0040BF2C
:0040BF2E
:0040BF2F
:0040BF34
0100
0000
60
BE40000800
0000

pushad
mov esi, 00080040
:0040BF36
:0040BF37
:0040BF39
:0040BF3A
:0040BF3B
:0040BF3C
:0040BF3D
0F
00FD
FF
FC
FF
FB
FFFFFF
BYTE 0fh
add ch, bh
BYTE 0ffh
cld
BYTE 0ffh
sti
BYTE 3 DUP(0ffh)
:0040BF40
:0040BF41
:0040BF42
:0040BF43
:0040BF44
:0040BF45
:0040BF47
:0040BF49
:0040BF4B
:0040BF4D
:0040BF4F
:0040BF50
:0040BF51
:0040BF53
:0040BF55
:0040BF59
:0040BF5D
:0040BF60
:0040BF61
:0040BF67
:0040BF6A
:0040BF6C
:0040BF6D
:0040BF73
:0040BF76
:0040BF78
:0040BF79
:0040BF80
:0040BF81
:0040BF87
:0040BF8A
:0040BF8B
:0040BF8E
:0040BF8F
FA
FF
F9
FF
F8
FFF7
FFF6
FFF5
FFF4
FFF3
FF
FE
FFF2
FFF1
FF5C1841
00641841
006818
41
008018410084
184100
8C18
41
00901841009C
184100
7819
41
008C194100181C
41
00881841006C
184100
58
184100
40
1C41
cli
BYTE 0ffh
stc
BYTE 0ffh
clc
push edi
push esi
push ebp
push esp
push ebx
BYTE 0ffh
BYTE 0feh
push edx
push ecx
call far [eax+ebx+41]
add byte ptr [eax+ebx+41], ah
inc ecx
add byte ptr [eax+84004118], al
mov [eax], ds
inc ecx
add byte ptr [eax+9C004118], dl
js 0040BF91
inc ecx
add byte ptr [ecx+ebx+1C180041], cl
inc ecx
add byte ptr [eax+6C004118], cl
pop eax
inc eax
sbb al, 41

|:0040BF76(C)
|
:0040BF91 000A
add byte ptr [edx], cl
:0040BF93 54
push esp
:0040BF94 43
inc ebx
:0040BF95 6F
outsd
:0040BF96 6D
insd
:0040BF97 706F
jo 0040C008
:0040BF99 6E
outsb
:0040BF9A 65
BYTE 065h
:0040BF9B 6E
outsb
:0040BF9C 748D4000
DWORD 00408D74
:0040BFA0 A4BF4000
DWORD 0040BFA4
:0040BFA4 07
pop es
|:0040BFAF(C)
|
:0040BFA5 0A54436F
:0040BFA9 6D
:0040BFAA 706F
:0040BFAC 6E
:0040BFAD 65
:0040BFAE
:0040BFAF
:0040BFB1
:0040BFB6
:0040BFB7
:0040BFB9
:0040BFBB
:0040BFBC
:0040BFBD
:0040BFBE
:0040BFC0
6E
74F4
BE4000D8B6
40
0002
0007
43
6C
61
7373
65
outsb
je 0040BFA5
mov esi, B6D80040
inc eax
add byte ptr [edx], al
inc ebx
insb
popad
jnb 0040C033
BYTE 065h
:0040BFC1
:0040BFC3
:0040BFC6
:0040BFC7
:0040BFC9
:0040BFCB
:0040BFCD
:0040BFCF
:0040BFD1
7302
0060BE
40
0008
0000
FF18
0000
FE00
000000000000
jnb 0040BFC5
add byte ptr [eax-42], ah
inc eax
call far dword ptr [eax]
inc byte ptr [eax]
BYTE 6 DUP(0)
:0040BFD7
:0040BFDA
:0040BFE0
:0040BFE1
:0040BFE2
800000
00800000044E
61
6D
65
add byte ptr [eax], 00

add byte ptr [eax+4E040000], al
popad
insd
BYTE 065h
:0040BFE3
:0040BFE5
:0040BFE6
:0040BFE9
:0040BFEB
:0040BFED
:0040BFEF
:0040BFF1
3C10
40
000C00
00FF
0C00
00FF
0100
0000000000
cmp al, 10
inc eax
add bh, bh
or al, 00
add bh, bh
BYTE 5 DUP(0)
:0040BFF6
:0040BFF9
:0040BFFB
:0040BFFD
800000
0000
0100
03546167
add
add
add
add
or dl, byte ptr [ebx+2*eax+6F]

insd
jo 0040C01B
outsb
BYTE 065h
byte ptr [eax], 00

byte ptr [eax], al
edx, dword ptr [ecx+67]
:0040C001
:0040C004
:0040C005
:0040C009
:0040C013
:0040C01D
8D4000
50
C0400000
00000000000000000000
00000000000000000000
000000

push eax
rol byte ptr [eax+00], 00
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0040C020 6CC04000
:0040C024 74C04000
DWORD 0040C06C
DWORD 0040C074
:0040C028 1000
:0040C02A 0000

:0040C02C
:0040C030
:0040C034
:0040C038
:0040C03C
:0040C040
:0040C044
:0040C048
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0040C04C
:0040C052
:0040C053
:0040C057
:0040C05D
:0040C062
:0040C063
:0040C065
:0040C067
:0040C06E
101D41000C1D
41
00441D41
00981D41006C
1D41009C1D
41
00C8
1C41
00A41D41000100
FFFF
adc byte ptr [1D0C0041], bl

inc ecx
add byte ptr [ebp+ebx+41], al
add byte ptr [eax+6C00411D], bl
sbb eax, 1D9C0041
inc ecx
add al, cl
sbb al, 41
add byte ptr [ebp+ebx+00010041], ah
BYTE 2 DUP(0ffh)
:0040C070
:0040C071
:0040C076
:0040C077
:0040C078
:0040C07A
:0040C07D
:0040C07F
:0040C080
:0040C081
:0040C082
:0040C089
:0040C08D
5C
1D41001054
42
61
7369
634163
7469
6F
6E
4C
696E6B8D4000D4
C0400000
00000000000000000000
pop esp
sbb eax, 54100041
inc edx
popad
jnb 0040C0E3
arpl dword ptr [ecx+63], eax
je 0040C0E8
outsd
outsb
dec esp
imul ebp, dword ptr [esi+6B], D400408D
rol byte ptr [eax+00], 00
BYTE 10 DUP(0)
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
:0040C097 00
BYTE 0
:0040C098 38C1
:0040C09A 40
:0040C09B 000000000000000000
cmp cl, al
inc eax
BYTE 9 DUP(0)
:0040C0A4 1CC14000
:0040C0A8 24C14000
DWORD 0040C11C
DWORD 0040C124
:0040C0AC 40
:0040C0AD 000000
inc eax
BYTE 3 DUP(0)
:0040C0B0
:0040C0B2
:0040C0B3
:0040C0B6
:0040C0B7
:0040C0BA
:0040C0BB
:0040C0BD
A8BE
40
00681C
41
00342E
40
0038
2E
test al, BE
inc eax
inc ecx
inc eax
BYTE 02eh
:0040C0BE
:0040C0BF
:0040C0C2
:0040C0C3
:0040C0C5
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0040C0C6
:0040C0C7
:0040C0CE
:0040C0CF
:0040C0D1
:0040C0D6
:0040C0D7
:0040C0D9
:0040C0DA
:0040C0DB
:0040C0DD
:0040C0E0
:0040C0E2
40
00B42B4000C82B
40
00F4
1D41000CD3
40
00D4
17
41
0008
D24000
A818
41
inc eax
inc eax
add ah, dh
sbb eax, D30C0041
inc eax
add ah, dl
pop ss
inc ecx
test al, 18
inc ecx
|:0040C078(C)
|
:0040C0E3 006817
:0040C0E6 41
:0040C0E7 00B4184100E019
:0040C0EE 41
:0040C0EF 00801C4100C4
:0040C0F5 184100
:0040C0F8 BC18410088
:0040C0FD 1C41
:0040C0FF 00B01D4100D8
:0040C105 1E
:0040C106 41
:0040C107 00841E4100401E
:0040C10E 41
:0040C10F 00481E
:0040C112 41
:0040C113 00441E41

inc ecx
inc ecx
mov esp, 88004118
sbb al, 41
add byte ptr [eax+D800411D], dh
push ds
inc ecx
add byte ptr [esi+ebx+1E400041], al
inc ecx
add byte ptr [eax+1E], cl
inc ecx
add byte ptr [esi+ebx+41], al
:0040C117
:0040C11A
:0040C11B
:0040C11D
:0040C11F
:0040C123
:0040C126
:0040C127
:0040C128
:0040C12A
:0040C12D
:0040C12F
00681E
41
0001
00F0
FF4C1E41
000C54
42
61
7369
634163
7469
6F
add byte ptr [eax+1E], ch

inc ecx
add al, dh
dec [esi+ebx+41]
add byte ptr [esp+2*edx], cl
inc edx
popad
jnb 0040C193
je 0040C198
outsd
:0040C130 6E8D4000
:0040C134 38C14000
DWORD 00408D6E
DWORD 0040C138
:0040C138
:0040C139
:0040C13B
:0040C13C
:0040C13D
:0040C13F
:0040C142
:0040C144
:0040C145
pop es
or al, 54
inc edx
popad
jnb 0040C1A8
je 0040C1AD
outsd
outsb
07
0C54
42
61
7369
634163
7469
6F
6E
:0040C146 D4C04000
:0040C14A A0BF4000
DWORD 0040C0D4
DWORD 0040BFA0
:0040C14E
:0040C150
:0040C151
:0040C152
:0040C153
:0040C154
:0040C156

pop es
inc ebx
insb
popad
jnb 0040C1C9
BYTE 065h
0200
07
43
6C
61
7373
65
:0040C157 7300
jnb 0040C159
|:0040C157(C)
|
:0040C159 008BC060C140
:0040C15F 000E
:0040C161 0E
:0040C162 54
:0040C163 49
:0040C164 64
:0040C165 65
BYTE 065h
:0040C166
:0040C167
:0040C169
:0040C16A
outsb
je 0040C1B6
popad
jo 0040C1B1
6E
744D
61
7045
add byte ptr [ebx+40C160C0], cl

push cs
push esp
dec ecx
BYTE 064h
:0040C16C
:0040C16D
:0040C16F
:0040C171
6E
7472
7908
000000
outsb
je 0040C1E1
jns 0040C179
BYTE 3 DUP(0)
:0040C174
:0040C176
:0040C178
:0040C17A
:0040C17B
:0040C17E
0100
0000
7C10
40
000400
0000

jl 0040C18A
inc eax

|:004218D4 , :0042190D , :00422BE2 , :00422C24 , :00423D8D
|:00424CCC , :004268CC , :0042CA19 , :0042F195 , :00433E56
|:0043B4F4 , :0043B539
|
:0040C180 8901
:0040C182 895104
:0040C185 C3
ret
:0040C186 8BC0
mov eax, eax

|:0042771A , :00427D00
|
:0040C188 51
push ecx
:0040C189 66890424
mov word ptr [esp], ax
:0040C18D 6689542402
mov word ptr [esp+02], dx
:0040C192 8B0424
:0040C195 5A
pop edx
:0040C196 C3
ret
:0040C197 90
* Referenced
|:00414B09
|:00426F9E
|:0042BC38
|:0042EDF4
|
nop
by a CALL at
, :00418655
, :00426FEB
, :0042BC86
, :0042F52C
Addresses:
, :0041A906
, :00428F2B
, :0042BE51
, :0042F90A
,
,
,
,
:00423F80
:0042A231
:0042E796
:00440609
,
,
,
,
:00426E96
:0042A56E
:0042ECC9
:00440DFD

|:0040C12D(C)
|
:0040C198 55
push ebp
:0040C199 8BEC
mov ebp, esp
:0040C19B 53
push ebx
:0040C19C 8B5D08
:0040C19F 8903
:0040C1A1 895304
:0040C1A4 894B08
:0040C1A7 8B450C
:0040C1AA 89430C
|:0040C142(C)
|
:0040C1AD 5B
:0040C1AE 5D
:0040C1AF C20800
pop ebx
pop ebp
ret 0008
:0040C1B2 8BC0
mov eax, eax

|:00423DD9 , :00424D23 , :0042AEB7 , :0042B1E9 , :0042B2A9
|:0042BF5C , :0042F5BD , :0042F603 , :00437EC2 , :004405E4
|
:0040C1B4 55
push ebp
:0040C1B5 8BEC
mov ebp, esp
:0040C1B7 53
push ebx
:0040C1B8 8B5D08
:0040C1BB 8903
:0040C1BD 895304
:0040C1C0 03C8
add ecx, eax
:0040C1C2 894B08
:0040C1C5 03550C
add edx, dword ptr [ebp+0C]
:0040C1C8 89530C
:0040C1CB 5B
pop ebx
:0040C1CC 5D
pop ebp
:0040C1CD C20800
ret 0008

|:0040C35F
|
:0040C1D0 8B40C8
:0040C1D3 09C0
or eax, eax
:0040C1D5 7403
je 0040C1DA
:0040C1D7 8B4002
|:0040C1D5(C)
|
:0040C1DA C3
ret
:0040C1DB 90
nop
|:0040C323
|
:0040C1DC 55
push ebp
:0040C1DD 8BEC
mov ebp, esp
:0040C1DF 83C4F0
add esp, FFFFFFF0
:0040C1E2 53
push ebx
:0040C1E3 33D2
xor edx, edx
:0040C1E5 8955FC
:0040C1E8 8955F8
:0040C1EB 8BD8
mov ebx, eax
:0040C1ED 33C0
xor eax, eax
:0040C1EF 55
push ebp
:0040C1F0 6851C24000
push 0040C251
:0040C1F5 64FF30
:0040C1F8 648920
:0040C1FB 8D45FC
:0040C1FE 50
push eax
:0040C1FF
:0040C202
:0040C207
:0040C20C
:0040C20F
:0040C210
:0040C213
:0040C217
:0040C21A
:0040C21C
:0040C21D
:0040C222
:0040C225
:0040C227
:0040C22C
:0040C231
:0040C236
:0040C238
:0040C239
:0040C23A
:0040C23B
:0040C23E
8D55F8
A1D42C4400
E8188CFFFF
8B45F8
50
895DF0
C645F40B
8D55F0
33C9
58
E8E2BDFFFF
8B4DFC
B201
A174B24000
E83BC6FFFF
E87A70FFFF
33C0
5A
59
59
648910
6858C24000

mov eax, dword ptr [00442CD4]
call 00404E24
push eax
mov [ebp-0C], 0B
xor ecx, ecx
pop eax
call 00408004
mov dl, 01
call 0040886C
call 004032B0
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040C258
|:0040C256(U)
|
:0040C243 8D45F8
:0040C246 BA02000000
:0040C24B E88C75FFFF
:0040C250 C3
:0040C251
:0040C256
:0040C258
:0040C259
:0040C25B
:0040C25C
jmp
jmp
pop
mov
pop
ret
E92270FFFF
EBEB
5B
8BE5
5D
C3
:0040C25D 8D4000

mov edx, 00000002
call 004037DC
ret
00403278
0040C243
ebx
esp, ebp
ebp

|:0040C316 , :0040C45F
|
:0040C260 55
push ebp
:0040C261 8BEC
mov ebp, esp
:0040C263 83C4F8
add esp, FFFFFFF8
:0040C266 53
push ebx
:0040C267 56
push esi
:0040C268 57
push edi
:0040C269 8945FC
:0040C26C A11C364400
:0040C271 E81E0D0000
call 0040CF94
:0040C276 8BF8
mov edi, eax
:0040C278 33C0
xor eax, eax
:0040C27A 55
push ebp
:0040C27B 68FDC24000
push 0040C2FD
:0040C280 64FF30
:0040C283 648920
:0040C286
:0040C289
:0040C28A
:0040C28C
:0040C28E
:0040C28F
8B7708
4E
85F6
7C29
46
33DB
|:0040C2B5(C)
|
:0040C291 8BD3
:0040C293 8BC7
:0040C295 E8DE080000
:0040C29A 8945F8
:0040C29D 8B55FC
:0040C2A0 8B45F8
:0040C2A3 E8D868FFFF
:0040C2A8 84C0
:0040C2AA 7407
:0040C2AC E89F70FFFF
:0040C2B1 EB51

dec esi
test esi, esi
jl 0040C2B7
inc esi
xor ebx, ebx
mov edx, ebx
mov eax, edi
call 0040CB78
call 00402B80
test al, al
je 0040C2B3
call 00403350
jmp 0040C304

|:0040C2AA(C)
|
:0040C2B3 43
inc ebx
:0040C2B4 4E
dec esi
:0040C2B5 75DA
jne 0040C291
|:0040C28C(C)
|
:0040C2B7 8B55FC
:0040C2BA A120364400
:0040C2BF 8B08
:0040C2C1 FF5150
:0040C2C4 8BD8
:0040C2C6 85DB
:0040C2C8 7C16
:0040C2CA 8BD3
:0040C2CC A120364400
:0040C2D1 8B08
:0040C2D3 FF5118
:0040C2D6 8945F8
:0040C2D9 E87270FFFF
:0040C2DE EB24
|:0040C2C8(C)
|
:0040C2E0 33C0
:0040C2E2 8945F8
:0040C2E5 33C0
:0040C2E7 5A
:0040C2E8 59
:0040C2E9 59
:0040C2EA 648910
:0040C2ED 6804C34000

call [ecx+50]
mov ebx, eax
test ebx, ebx
jl 0040C2E0
mov edx, ebx
call [ecx+18]
call 00403350
jmp 0040C304
xor eax, eax

xor eax, eax
pop edx
pop ecx
pop ecx
push 0040C304
|:0040C302(U)
|
:0040C2F2 A11C364400
:0040C2F7 E8FC0C0000
:0040C2FC C3

call 0040CFF8
ret
:0040C2FD E9766FFFFF
:0040C302 EBEE
jmp 00403278
jmp 0040C2F2
|:0040C2B1(U), :0040C2DE(U)
|
:0040C304 8B45F8
:0040C307 5F
:0040C308 5E
:0040C309 5B
:0040C30A 59
:0040C30B 59
:0040C30C 5D
:0040C30D C3
:0040C30E 8BC0
mov eax, eax
mov
pop
pop
pop
pop
pop
pop
ret

edi
esi
ebx
ecx
ecx
ebp

|:0040C3CC , :00410AF2
|
:0040C310 53
push ebx
:0040C311 56
push esi
:0040C312 8BF0
mov esi, eax
:0040C314 8BC6
mov eax, esi
call 0040C260
:0040C31B 8BD8
mov ebx, eax
:0040C31D 85DB
test ebx, ebx
:0040C31F 7507
jne 0040C328
:0040C321 8BC6
mov eax, esi
:0040C323 E8B4FEFFFF
call 0040C1DC
|:0040C31F(C)
|
:0040C328 8BC3
mov eax, ebx
:0040C32A 5E
pop esi
:0040C32B 5B
pop ebx
:0040C32C C3
ret
:0040C32D 8D4000

|:0040FA1F , :0040FB0F
|
:0040C330 55
push ebp
:0040C331 8BEC
mov ebp, esp
:0040C333 81C4F0FEFFFF
add esp, FFFFFEF0
:0040C339 53
push ebx
:0040C33A 56
push esi
:0040C33B 57
push edi
:0040C33C 33C9
xor ecx, ecx
:0040C33E
:0040C341
:0040C344
:0040C346
:0040C347
:0040C34C
:0040C34F
:0040C352
:0040C357
:0040C35A
894DF0
8955FC
33D2
55
68E9C34000
64FF32
648922
E81168FFFF
8945F4
EB62
mov dword ptr [ebp-10],

xor edx, edx
push ebp
push 0040C3E9
mov dword ptr fs:[edx],
call 00402B68
mov dword ptr [ebp-0C],
jmp 0040C3BE
ecx
edx
esp
eax
|:0040C3C7(C)
|
:0040C35C 8B45F4
:0040C35F E86CFEFFFF
:0040C364 8BF0
:0040C366 85F6
:0040C368 7449
:0040C36A 0FBF1E
:0040C36D 4B
:0040C36E 85DB
:0040C370 7C41
:0040C372 43
:0040C373 C745F800000000
|:0040C3B1(C)
|
:0040C37A 8B45F8
:0040C37D 8B448602
:0040C381 8B38
:0040C383 8D95F0FEFFFF
:0040C389 8BC7
:0040C38B E8DC67FFFF
:0040C396 8D45F0
:0040C399 E83A76FFFF
:0040C39E 8B45F0
:0040C3A1 8B55FC
:0040C3A4 E843B1FFFF
:0040C3A9 85C0
:0040C3AB 7426
:0040C3AD FF45F8
:0040C3B0 4B
:0040C3B1 75C7
|:0040C368(C), :0040C370(C)
|
:0040C3B3 8B45F4
:0040C3B6 E8ED67FFFF
:0040C3BB 8945F4
|:0040C35A(U)
|
:0040C3BE 8B45F4
:0040C3C1 3B0564B64000
:0040C3C7 7593

call 0040C1D0
mov esi, eax
test esi, esi
je 0040C3B3
movsx ebx, word ptr [esi]
dec ebx
test ebx, ebx
jl 0040C3B3
inc ebx
mov [ebp-08], 00000000
mov eax, dword

mov eax, dword
mov edi, dword
lea edx, dword
mov eax, edi
call 00402B6C
lea edx, dword
lea eax, dword
call 004039D8
mov eax, dword
mov edx, dword
call 004074EC
test eax, eax
je 0040C3D3
inc [ebp-08]
dec ebx
jne 0040C37A
ptr
ptr
ptr
ptr
[ebp-08]
[esi+4*eax+02]
[eax]
[ebp+FFFFFEF0]
ptr [ebp+FFFFFEF0]
ptr [ebp-10]
ptr [ebp-10]
ptr [ebp-04]

call 00402BA8

cmp eax, dword ptr [0040B664]
jne 0040C35C
:0040C3C9 8B45FC
:0040C3CC E83FFFFFFF
:0040C3D1 8BF8

call 0040C310
mov edi, eax
|:0040C3AB(C)
|
:0040C3D3 33C0
:0040C3D5 5A
:0040C3D6 59
:0040C3D7 59
:0040C3D8 648910
:0040C3DB 68F0C34000
|:0040C3EE(U)
|
:0040C3E0 8D45F0
:0040C3E3 E8D073FFFF
:0040C3E8 C3
:0040C3E9
:0040C3EE
:0040C3F0
:0040C3F2
:0040C3F3
:0040C3F4
:0040C3F5
:0040C3F7
:0040C3F8
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
E98A6EFFFF
EBF0
8BC7
5F
5E
5B
8BE5
5D
C3
:0040C3F9 8D4000
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040C3F0

call 004037B8
ret
00403278
0040C3E0
eax, edi
edi
esi
ebx
esp, ebp
ebp

|:0040C53F
|
:0040C3FC 55
push ebp
:0040C3FD 8BEC
mov ebp, esp
:0040C3FF 81C4F0FEFFFF
add esp, FFFFFEF0
:0040C405 53
push ebx
:0040C406 56
push esi
:0040C407 33D2
xor edx, edx
:0040C409 8995F0FEFFFF
mov dword ptr [ebp+FFFFFEF0], edx
:0040C40F 8955FC
:0040C412 8BD8
mov ebx, eax
:0040C414 33C0
xor eax, eax
:0040C416 55
push ebp
:0040C417 6812C54000
push 0040C512
:0040C41C 64FF30
:0040C41F 648920
:0040C422 A11C364400
:0040C427 E8680B0000
call 0040CF94
:0040C42C 8BF0
mov esi, eax
:0040C42E 33C0
xor eax, eax
:0040C430 55
push ebp
:0040C431 68EAC44000
push 0040C4EA
:0040C436 64FF30
:0040C439 648920
:0040C43C E981000000
jmp 0040C4C2
|:0040C4CC(C)
|
:0040C441 8D95FCFEFFFF
:0040C447 8BC3
:0040C449 E81E67FFFF
:0040C44E 8D95FCFEFFFF
:0040C454 8D45FC
:0040C457 E87C75FFFF
:0040C45C 8B45FC
:0040C45F E8FCFDFFFF
:0040C464 85C0
:0040C466 7440
:0040C468 8B45FC
:0040C46B 8985F4FEFFFF
:0040C471 C685F8FEFFFF0B
:0040C47E 50
:0040C47F 6A00
:0040C487 A1402C4400
:0040C48C E89389FFFF
:0040C491 8B8DF0FEFFFF
:0040C497 B201
:0040C499 A16CB14000
:0040C4A3 E8086EFFFF
|:0040C466(C)
|
:0040C4A8 8BD3
:0040C4AA 8BC6
:0040C4AC E8AF050000
:0040C4B1 3B1D64B64000
:0040C4B7 7419
:0040C4B9 8BC3
:0040C4BB E8E866FFFF
:0040C4C0 8BD8
|:0040C43C(U)
|
:0040C4C2 8BD3
:0040C4C4 8BC6
:0040C4C6 E845070000
:0040C4CB 40
:0040C4CC 0F846FFFFFFF
|:0040C4B7(C)
|
:0040C4D2 33C0
:0040C4D4 5A
:0040C4D5 59
:0040C4D6 59
:0040C4D7 648910
:0040C4DA 68F1C44000
lea edx, dword ptr [ebp+FFFFFEFC]

mov eax, ebx
call 00402B6C
call 004039D8
call 0040C260
test eax, eax
je 0040C4A8
mov dword ptr [ebp+FFFFFEF4], eax
mov byte ptr [ebp+FFFFFEF8], 0B
push eax
push 00000000
lea edx, dword ptr [ebp+FFFFFEF0]
call 00404E24
mov ecx, dword ptr [ebp+FFFFFEF0]
mov dl, 01
call 004088A8
call 004032B0
mov edx, ebx

mov eax, esi
call 0040CA60
cmp ebx, dword ptr [0040B664]
je 0040C4D2
mov eax, ebx
call 00402BA8
mov ebx, eax
mov edx, ebx

mov eax, esi
call 0040CC10
inc eax
je 0040C441
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040C4F1
|:0040C4EF(U)
|
:0040C4DF A11C364400
:0040C4E4 E80F0B0000
:0040C4E9 C3
:0040C4EA
:0040C4EF
:0040C4F1
:0040C4F3
:0040C4F4
:0040C4F5
:0040C4F6
:0040C4F9
jmp 00403278
jmp 0040C4DF
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040C519
E9896DFFFF
EBEE
33C0
5A
59
59
648910
6819C54000

call 0040CFF8
ret
|:0040C517(U)
|
:0040C4FE 8D85F0FEFFFF
:0040C504 E8AF72FFFF
:0040C509 8D45FC
:0040C50C E8A772FFFF
:0040C511 C3
:0040C512
:0040C517
:0040C519
:0040C51A
:0040C51B
:0040C51D
:0040C51E
jmp
jmp
pop
pop
mov
pop
ret
E9616DFFFF
EBE5
5E
5B
8BE5
5D
C3
:0040C51F 90

call 004037B8
call 004037B8
ret
00403278
0040C4FE
esi
ebx
esp, ebp
ebp
nop

|:00433FEC
|
:0040C520 55
push ebp
:0040C521 8BEC
mov ebp, esp
:0040C523 53
push ebx
:0040C524 56
push esi
:0040C525 8BCA
mov ecx, edx
:0040C527 85C9
test ecx, ecx
:0040C529 7807
js 0040C532
|:0040C530(C)
|
:0040C52B 8B1C88
mov ebx, dword ptr [eax+4*ecx]
:0040C52E 49
dec ecx
:0040C52F 53
push ebx
:0040C530 79F9
jns 0040C52B
|:0040C529(C)
|
:0040C532
:0040C534
:0040C536
:0040C538
:0040C53A
:0040C53B
8BC4
8BF2
85F6
7C10
46
8BD8
|:0040C548(C)
|
:0040C53D 8B03
:0040C53F E8B8FEFFFF
:0040C544 83C304
:0040C547 4E
:0040C548 75F3
mov eax, esp

mov esi, edx
test esi, esi
jl 0040C54A
inc esi
mov ebx, eax
call 0040C3FC
add ebx, 00000004
dec esi
jne 0040C53D

|:0040C538(C)
|
:0040C54A 8B75F8
:0040C54D 8B5DFC
:0040C550 8BE5
mov esp, ebp
:0040C552 5D
pop ebp
:0040C553 C3
ret

|:0041239C , :004123C4
|
:0040C554 55
push ebp
:0040C555 8BEC
mov ebp, esp
:0040C557 83C4E4
add esp, FFFFFFE4
:0040C55A 53
push ebx
:0040C55B 56
push esi
:0040C55C 57
push edi
:0040C55D 8BF0
mov esi, eax
:0040C55F A11C364400
:0040C564 E82B0A0000
call 0040CF94
:0040C569 8BF8
mov edi, eax
:0040C56B 33C0
xor eax, eax
:0040C56D 55
push ebp
:0040C56E 680CC64000
push 0040C60C
:0040C573 64FF30
:0040C576 648920
:0040C579 8B5F08
:0040C57C 4B
dec ebx
:0040C57D 83FB00
cmp ebx, 00000000
:0040C580 7C2D
jl 0040C5AF
|:0040C5AD(C)
|
:0040C582 6A1C
:0040C584 8D45E4
:0040C587 50
:0040C588 8BD3
:0040C58A 8BC7
:0040C58C E8E7050000

push 0000001C
push eax
mov edx, ebx
mov eax, edi
call 0040CB78
:0040C591 50
push eax

|
:0040C592 E81998FFFF
Call 00405DB0
:0040C597 85F6
test esi, esi
:0040C599 7405
je 0040C5A0
:0040C59B 3B75E8
:0040C59E 7509
jne 0040C5A9
|:0040C599(C)
|
:0040C5A0 8BD3
:0040C5A2 8BC7
:0040C5A4 E8F3040000

mov edx, ebx
mov eax, edi
call 0040CA9C

|:0040C59E(C)
|
:0040C5A9 4B
dec ebx
:0040C5AA 83FBFF
cmp ebx, FFFFFFFF
:0040C5AD 75D3
jne 0040C582
|:0040C580(C)
|
:0040C5AF A120364400
:0040C5B4 8B10
:0040C5B6 FF5214
:0040C5B9 8BD8
:0040C5BB 4B
:0040C5BC 83FB00
:0040C5BF 7C33
|:0040C5F2(C)
|
:0040C5C1 6A1C
:0040C5C3 8D45E4
:0040C5C6 50
:0040C5C7 8BD3
:0040C5C9 A120364400
:0040C5CE 8B08
:0040C5D0 FF5118
:0040C5D3 50

call [edx+14]
mov ebx, eax
dec ebx
cmp ebx, 00000000
jl 0040C5F4
push 0000001C
push eax
mov edx, ebx
call [ecx+18]
push eax

|
:0040C5D4 E8D797FFFF
Call 00405DB0
:0040C5D9 85F6
test esi, esi
:0040C5DB 7405
je 0040C5E2
:0040C5DD 3B75E8
:0040C5E0 750C
jne 0040C5EE
|:0040C5DB(C)
|
:0040C5E2 8BD3
mov edx, ebx
:0040C5E4 A120364400
:0040C5E9 8B08
:0040C5EB FF5144

call [ecx+44]

|:0040C5E0(C)
|
:0040C5EE 4B
dec ebx
:0040C5EF 83FBFF
cmp ebx, FFFFFFFF
:0040C5F2 75CD
jne 0040C5C1
|:0040C5BF(C)
|
:0040C5F4 33C0
xor eax, eax
:0040C5F6 5A
pop edx
:0040C5F7 59
pop ecx
:0040C5F8 59
pop ecx
:0040C5F9 648910
|
:0040C5FC 6813C64000
push 0040C613
|:0040C611(U)
|
:0040C601 A11C364400
:0040C606 E8ED090000
:0040C60B C3
:0040C60C
:0040C611
:0040C613
:0040C614
:0040C615
:0040C616
:0040C618
:0040C619
E9676CFFFF
EBEE
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:0040C61A
:0040C61C
:0040C621
:0040C62B
:0040C635
8BC0
68C6400000
00000000000000000000
00000000000000000000
00000000000000
mov eax, eax

push 000040C6
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 7 DUP(0)

call 0040CFF8
ret
00403278
0040C601
edi
esi
ebx
esp, ebp
ebp
:0040C63C 68C6400010
:0040C641 000000
push 100040C6
BYTE 3 DUP(0)
:0040C644
:0040C648
:0040C64C
:0040C650
:0040C654
:0040C658
:0040C65C
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
:0040C660 C82B4000
:0040C664 102C4000
DWORD 00402BC8
DWORD 00402C10
:0040C668
:0040C66C
:0040C66E
:0040C66F
:0040C670
:0040C672
or dword ptr [ecx+2*ecx+6E], edx

je 0040C6B1
outsd
outsb
jnb 0040C6E6
mov eax, eax
0954496E
7443
6F
6E
7374
8BC0

|:0040C6C0
|
:0040C674 55
push ebp
:0040C675 8BEC
mov ebp, esp
:0040C677 84D2
test dl, dl
:0040C679 7408
je 0040C683
:0040C67B 83C4F0
add esp, FFFFFFF0
:0040C67E E88168FFFF
call 00402F04
|:0040C679(C)
|
:0040C683 894804
:0040C686 8B4D0C
:0040C689 894808
:0040C68C 8B4D08
:0040C68F 89480C
:0040C692 84D2
:0040C694 740F
:0040C696 E8C168FFFF
:0040C69B 648F0500000000
:0040C6A2 83C40C

test dl, dl
je 0040C6A5
call 00402F5C
add esp, 0000000C

|:0040C694(C)
|
:0040C6A5 5D
pop ebp
:0040C6A6 C20800
ret 0008
:0040C6A9 8D4000

|:0041ABED , :0041AC01 , :0042D554
|
:0040C6AC 53
push ebx
:0040C6AD 56
push esi
:0040C6AE 57
push edi
:0040C6AF 8BF9
mov edi, ecx
|:0040C66C(C)
|
:0040C6B1 8BF2
mov esi, edx
:0040C6B3 8BD8
mov ebx, eax
:0040C6B5 56
push esi
:0040C6B6 57
push edi
:0040C6B7 8BCB
mov ecx, ebx
:0040C6B9
:0040C6BB
:0040C6C0
:0040C6C5
:0040C6C7
:0040C6CC
:0040C6D1
:0040C6D2
:0040C6D3
:0040C6D4
B201
A11CC64000
E8AFFFFFFF
8BD0
A124364400
E863080000
5F
5E
5B
C3
:0040C6D5 8D4000
mov dl, 01
call 0040C674
mov edx, eax
call 0040CF34
pop edi
pop esi
pop ebx
ret

|:00413B2F , :00413D37 , :00420673
|
:0040C6D8 55
push ebp
:0040C6D9 8BEC
mov ebp, esp
:0040C6DB 51
push ecx
:0040C6DC 53
push ebx
:0040C6DD 56
push esi
:0040C6DE 57
push edi
:0040C6DF 8955FC
:0040C6E2 8BF8
mov edi, eax
:0040C6E4 8B7508
:0040C6E7 85F6
test esi, esi
:0040C6E9 7C23
jl 0040C70E
:0040C6EB 46
inc esi
:0040C6EC 8D5904
lea ebx, dword ptr [ecx+04]
|:0040C70C(C)
|
:0040C6EF 8BD7
:0040C6F1 8B03
:0040C6F3 E8F4ADFFFF
:0040C6F8 85C0
:0040C6FA 750C
:0040C6FC B001
:0040C6FE 8B55FC
:0040C701 8B4BFC
:0040C704 890A
:0040C706 EB08

mov edx, edi
call 004074EC
test eax, eax
jne 0040C708
mov al, 01
jmp 0040C710

|:0040C6FA(C)
|
:0040C708 83C308
add ebx, 00000008
:0040C70B 4E
dec esi
:0040C70C 75E1
jne 0040C6EF
|:0040C6E9(C)
|
:0040C70E 33C0
xor eax, eax
|:0040C706(U)
|
:0040C710
:0040C711
:0040C712
:0040C713
:0040C714
:0040C715
5F
5E
5B
59
5D
C20400
pop
pop
pop
pop
pop
ret
edi
esi
ebx
ecx
ebp
0004

|:00413B1F , :00413D27 , :00420663
|
:0040C718 55
push ebp
:0040C719 8BEC
mov ebp, esp
:0040C71B 83C4F8
add esp, FFFFFFF8
:0040C71E 53
push ebx
:0040C71F 56
push esi
:0040C720 57
push edi
:0040C721 894DFC
:0040C724 8BFA
mov edi, edx
:0040C726 8B7508
:0040C729 85F6
test esi, esi
:0040C72B 7C1E
jl 0040C74B
:0040C72D 46
inc esi
:0040C72E 8B5DFC
|:0040C749(C)
|
:0040C731 3B03
:0040C733 7510
:0040C735 C645FB01
:0040C739 8BC7
:0040C73B 8B5304
:0040C743 EB0A

cmp eax, dword ptr [ebx]
jne 0040C745
mov [ebp-05], 01
mov eax, edi
call 0040380C
jmp 0040C74F

|:0040C733(C)
|
:0040C745 83C308
add ebx, 00000008
:0040C748 4E
dec esi
:0040C749 75E6
jne 0040C731
|:0040C72B(C)
|
:0040C74B C645FB00
mov [ebp-05], 00
|:0040C743(U)
|
:0040C74F 8A45FB
mov al, byte ptr [ebp-05]
:0040C752 5F
pop edi
:0040C753 5E
pop esi
:0040C754 5B
pop ebx
:0040C755 59
pop ecx
:0040C756 59
pop ecx
:0040C757 5D
pop ebp
:0040C758 C20400
ret 0004
:0040C75B 90
nop

|:0040C975
|
:0040C75C 55
push ebp
:0040C75D 8BEC
mov ebp, esp
:0040C75F 51
push ecx
:0040C760 53
push ebx
:0040C761 56
push esi
:0040C762 57
push edi
:0040C763 8BF1
mov esi, ecx
:0040C765 8BDA
mov ebx, edx
:0040C767 8BF8
mov edi, eax
:0040C769 85DB
test ebx, ebx
:0040C76B 7508
jne 0040C775
:0040C76D 8B1DE02B4400
mov ebx, dword ptr [00442BE0]
:0040C773 8B1B
|:0040C76B(C)
|
:0040C775 6A0A
:0040C777 8BC7
:0040C779 E87A74FFFF
:0040C77E 50
:0040C77F 53

push 0000000A
mov eax, edi
call 00403BF8
push eax
push ebx

|
:0040C780 E8E394FFFF
Call 00405C68
:0040C785 85C0
test eax, eax
:0040C787 0F95C0
setne al
:0040C78A 84C0
test al, al
:0040C78C 744D
je 0040C7DB
:0040C78E 57
push edi
:0040C78F 6A0A
push 0000000A
:0040C791 8BCB
mov ecx, ebx
:0040C793 B201
mov dl, 01
:0040C795 A16CBB4000
mov eax, dword ptr [0040BB6C]
:0040C79A E8C5240000
call 0040EC64
:0040C79F 8945FC
:0040C7A2 33C0
xor eax, eax
:0040C7A4 55
push ebp
:0040C7A5 68D2C74000
push 0040C7D2
:0040C7AA 64FF30
:0040C7AD 648920
:0040C7B0 8B16
:0040C7B2 8B45FC
:0040C7B5 E8CE200000
call 0040E888
:0040C7BA 8906
:0040C7BC 33C0
xor eax, eax
:0040C7BE 5A
pop edx
:0040C7BF 59
pop ecx
:0040C7C0 59
pop ecx
:0040C7C1 648910
:0040C7C4 68D9C74000
push 0040C7D9
|:0040C7D7(U)
|
:0040C7C9 8B45FC
:0040C7CC E84F64FFFF
:0040C7D1 C3
:0040C7D2 E9A16AFFFF
:0040C7D7 EBF0
:0040C7D9 B001
jmp 00403278
jmp 0040C7C9
mov al, 01

call 00402C20
ret

|:0040C78C(C)
|
:0040C7DB 5F
pop edi
:0040C7DC 5E
pop esi
:0040C7DD 5B
pop ebx
:0040C7DE 59
pop ecx
:0040C7DF 5D
pop ebp
:0040C7E0 C3
ret
:0040C7E1 8D4000

|:0040C9C8
|
:0040C7E4 53
push ebx
:0040C7E5 E82A93FFFF
call 00405B14
:0040C7EA 83B80C00000000
cmp dword ptr [eax+0000000C], 00000000
:0040C7F1 7519
jne 0040C80C
:0040C7F3 B201
mov dl, 01
:0040C7F5 A154B54000
:0040C7FA E8F163FFFF
call 00402BF0
:0040C7FF 8BD8
mov ebx, eax
:0040C801 E80E93FFFF
call 00405B14
:0040C806 89980C000000
|:0040C7F1(C)
|
:0040C80C E80393FFFF
:0040C811 8B8008000000
:0040C817 50
:0040C818 E8F792FFFF
:0040C81D 8B800C000000
:0040C823 5A
:0040C824 E837020000
:0040C829 B201
:0040C82B A154B54000
:0040C830 E8BB63FFFF
:0040C835 8BD8
:0040C837 E8D892FFFF
:0040C83C 899808000000
:0040C842 5B
:0040C843 C3

call 00405B14
push eax
call 00405B14
pop edx
call 0040CA60
mov dl, 01
call 00402BF0
mov ebx, eax
call 00405B14
pop ebx
ret

|:0040C9ED
|
:0040C844 53
push ebx
:0040C845 56
push esi
:0040C846 E8C992FFFF
call 00405B14
:0040C84B 8B8008000000
:0040C851 8B5808
:0040C854 4B
dec ebx
:0040C855 85DB
test ebx, ebx
:0040C857 7C1E
jl 0040C877
:0040C859 43
inc ebx
:0040C85A 33F6
xor esi, esi
|:0040C875(C)
|
:0040C85C E8B392FFFF
:0040C861 8B8008000000
:0040C867 8BD6
:0040C869 E80A030000
:0040C86E 8B10
:0040C870 FF520C
:0040C873 46
:0040C874 4B
:0040C875 75E5

call 00405B14
mov edx, esi
call 0040CB78
call [edx+0C]
inc esi
dec ebx
jne 0040C85C

|:0040C857(C)
|
:0040C877 5E
pop esi
:0040C878 5B
pop ebx
:0040C879 C3
ret
:0040C87A 8BC0
mov eax, eax

|:0040C9FF
|
:0040C87C 53
push ebx
:0040C87D E89292FFFF
call 00405B14
:0040C882 8B8008000000
:0040C888 E89363FFFF
call 00402C20
:0040C88D E88292FFFF
call 00405B14
:0040C892 8B800C000000
:0040C898 E833040000
call 0040CCD0
:0040C89D 8BD8
mov ebx, eax
:0040C89F E87092FFFF
call 00405B14
:0040C8A4 899808000000
:0040C8AA E86592FFFF
call 00405B14
:0040C8AF 8B800C000000
:0040C8B5 8B4008
:0040C8B8 48
dec eax
:0040C8B9 50
push eax
:0040C8BA E85592FFFF
call 00405B14
:0040C8BF 8B800C000000
:0040C8C5 5A
pop edx
:0040C8C6 E8D1010000
call 0040CA9C
:0040C8CB E84492FFFF
call 00405B14
:0040C8D0
:0040C8D6
:0040C8DA
:0040C8DC
:0040C8E1
:0040C8E7
:0040C8EC
:0040C8F1
:0040C8F3
8B800C000000
83780800
751D
E83392FFFF
8B800C000000
E83463FFFF
E82392FFFF
33D2
89900C000000

jne 0040C8F9
call 00405B14
call 00402C20
call 00405B14
xor edx, edx

|:0040C8DA(C)
|
:0040C8F9 5B
pop ebx
:0040C8FA C3
ret
:0040C8FB 90
nop

|:0040C939 , :0040C9E4
|
:0040C8FC 55
push ebp
:0040C8FD 8BEC
mov ebp, esp
:0040C8FF 81C4FCFEFFFF
add esp, FFFFFEFC
:0040C905 53
push ebx
:0040C906 56
push esi
:0040C907 33D2
xor edx, edx
:0040C909 8955FC
:0040C90C 8BF0
mov esi, eax
:0040C90E 33C0
xor eax, eax
:0040C910 55
push ebp
:0040C911 6892C94000
push 0040C992
:0040C916 64FF30
:0040C919 648920
:0040C91C 33DB
xor ebx, ebx
:0040C91E 3B35A8BE4000
cmp esi, dword ptr [0040BEA8]
:0040C924 7456
je 0040C97C
:0040C926 8B4508
:0040C929 3B70F8
cmp esi, dword ptr [eax-08]
:0040C92C 744E
je 0040C97C
:0040C92E 8B4508
:0040C931 50
push eax
:0040C932 8BC6
mov eax, esi
:0040C934 E86F62FFFF
call 00402BA8
:0040C939 E8BEFFFFFF
call 0040C8FC
:0040C93E 59
pop ecx
:0040C93F 8BD8
mov ebx, eax
:0040C941 8D95FCFEFFFF
:0040C947 8BC6
mov eax, esi
:0040C949 E81E62FFFF
call 00402B6C
:0040C94E 8D95FCFEFFFF
:0040C954 8D45FC
:0040C957 E87C70FFFF
call 004039D8
:0040C95C 8B45FC
:0040C95F 50
push eax
:0040C960 8BC6
mov eax, esi
:0040C962 E83D81FFFF
call 00404AA4
:0040C967 E84081FFFF
call 00404AAC
:0040C96C 8BD0
mov edx, eax
:0040C96E
:0040C971
:0040C974
:0040C975
:0040C97A
8B4508
8D48FC
58
E8E2FDFFFF
0AD8

lea ecx, dword ptr [eax-04]
pop eax
call 0040C75C
or bl, al
|:0040C924(C), :0040C92C(C)
|
:0040C97C 33C0
:0040C97E 5A
:0040C97F 59
:0040C980 59
:0040C981 648910
:0040C984 6899C94000
|:0040C997(U)
|
:0040C989 8D45FC
:0040C98C E8276EFFFF
:0040C991 C3
:0040C992
:0040C997
:0040C999
:0040C99B
:0040C99C
:0040C99D
:0040C99F
:0040C9A0
jmp
jmp
mov
pop
pop
mov
pop
ret
E9E168FFFF
EBF0
8BC3
5E
5B
8BE5
5D
C3
:0040C9A1 8D4000
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040C999

call 004037B8
ret
00403278
0040C989
eax, ebx
esi
ebx
esp, ebp
ebp

|:00438125
|
:0040C9A4 55
push ebp
:0040C9A5 8BEC
mov ebp, esp
:0040C9A7 83C4F4
add esp, FFFFFFF4
:0040C9AA 8955F8
:0040C9AD 8945FC
:0040C9B0 A110364400
:0040C9B5 E85ACFFFFF
call 00409914
:0040C9BA 33C0
xor eax, eax
:0040C9BC 55
push ebp
:0040C9BD 6824CA4000
push 0040CA24
:0040C9C2 64FF30
:0040C9C5 648920
:0040C9C8 E817FEFFFF
call 0040C7E4
:0040C9CD 33C0
xor eax, eax
:0040C9CF 55
push ebp
:0040C9D0 6805CA4000
push 0040CA05
:0040C9D5 64FF30
:0040C9D8 648920
:0040C9DB 55
push ebp
:0040C9DC 8B45FC
:0040C9DF E88461FFFF
call 00402B68
:0040C9E4
:0040C9E9
:0040C9EA
:0040C9ED
:0040C9F2
:0040C9F4
:0040C9F5
:0040C9F6
:0040C9F7
:0040C9FA
E813FFFFFF
59
8845F7
E852FEFFFF
33C0
5A
59
59
648910
680CCA4000
call 0040C8FC
pop ecx
call 0040C844
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040CA0C

|:0040CA0A(U)
|
:0040C9FF E878FEFFFF
call 0040C87C
:0040CA04 C3
ret
:0040CA05
:0040CA0A
:0040CA0C
:0040CA0E
:0040CA0F
:0040CA10
:0040CA11
:0040CA14
E96E68FFFF
EBF3
33C0
5A
59
59
648910
682BCA4000
jmp 00403278
jmp 0040C9FF
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040CA2B
|:0040CA29(U)
|
:0040CA19 A110364400
:0040CA1E E83DCFFFFF
:0040CA23 C3
:0040CA24
:0040CA29
:0040CA2B
:0040CA2E
:0040CA30
:0040CA31
jmp
jmp
mov
mov
pop
ret
E94F68FFFF
EBEE
8A45F7
8BE5
5D
C3
:0040CA32 8BC0

call 00409960
ret
00403278
0040CA19
al, byte ptr [ebp-09]
esp, ebp
ebp
mov eax, eax

|:00416923
|
:0040CA34 53
push ebx
:0040CA35 56
push esi
:0040CA36 51
push ecx
:0040CA37 E82865FFFF
call 00402F64
:0040CA3C 881424
mov byte ptr [esp], dl
:0040CA3F 8BF0
mov esi, eax
:0040CA41 8BC6
mov eax, esi
:0040CA43 66BBFFFF
mov bx, FFFF
:0040CA47 E8A863FFFF
call 00402DF4
:0040CA4C 803C2400
cmp byte ptr [esp], 00
:0040CA50 7E07
jle 0040CA59
:0040CA52 8BC6
mov eax, esi
:0040CA54 E8FB64FFFF
call 00402F54

|:0040CA50(C)
|
:0040CA59 5A
pop edx
:0040CA5A 5E
pop esi
:0040CA5B 5B
pop ebx
:0040CA5C C3
ret
:0040CA5D 8D4000
|:0040C4AC , :0040C824
|:0040FC7B , :00410552
|:00411EF2 , :004169A0
|:00421175 , :00421CF9
|:00425C8C , :00425D6C
|:00433CC2 , :00437993
|:0043CED2 , :0043D5D1
|
:0040CA60 53
:0040CA61 56
:0040CA62 57
:0040CA63 8BFA
:0040CA65 8BD8
:0040CA67 8B7308
:0040CA6A 3B730C
:0040CA6D 7506
:0040CA6F 8BC3
:0040CA71 8B10
:0040CA73 FF12

Addresses:
, :0040CF6C
, :00410BB7
, :00416B7E
, :00421F50
, :004293EB
, :004385AA
, :0043DF31
,
,
,
,
,
,
,
:0040EFA8
:004115CA
:00416B9D
:00422A58
:0042DD73
:0043CB3F
:0043EC7D
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
mov esi, dword
cmp esi, dword
jne 0040CA75
mov eax, ebx
mov edx, dword
call dword ptr
,
,
,
,
,
,
:0040EFED
:0041163C
:0042089D
:0042591C
:0042F23C
:0043CEB7
ptr [ebx+08]
ptr [ebx+0C]
ptr [eax]
[edx]

|:0040CA6D(C)
|
:0040CA75 8B4304
:0040CA78 893CB0
mov dword ptr [eax+4*esi], edi
:0040CA7B FF4308
inc [ebx+08]
:0040CA7E 8BC6
mov eax, esi
:0040CA80 5F
pop edi
:0040CA81 5E
pop esi
:0040CA82 5B
pop ebx
:0040CA83 C3
ret

|:004208D5
|
:0040CA84 53
push ebx
:0040CA85 8BD8
mov ebx, eax
:0040CA87 33D2
xor edx, edx
:0040CA89 8BC3
mov eax, ebx
:0040CA8B E848030000
call 0040CDD8
:0040CA90 33D2
xor edx, edx
:0040CA92 8BC3
mov eax, ebx
:0040CA94 E8CB020000
call 0040CD64
:0040CA99 5B
pop ebx
:0040CA9A C3
ret
:0040CA9B 90
nop
|:0040C5A4 , :0040C8C6
|:0040F259 , :0040F2E1
|:00421188 , :00423437
|:0042DA67 , :0042F21E
|
:0040CA9C 55
:0040CA9D 8BEC
:0040CA9F 6A00
:0040CAA1 53
:0040CAA2 56
:0040CAA3 8BF2
:0040CAA5 8BD8
:0040CAA7 33C0
:0040CAA9 55
:0040CAAA 680ECB4000
:0040CAAF 64FF30
:0040CAB2 648920
:0040CAB5 85F6
:0040CAB7 7C05
:0040CAB9 3B7308
:0040CABC 7C17
Addresses:
, :0040CD5A
, :00411B75
, :00425DBB
, :0043234A
,
,
,
,
:0040EFCF
:00411F26
:00428BF8
:0043ECF2
, :0040F104
, :00416BBA
, :004290F5
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040CB0E
test esi, esi
jl 0040CABE
jl 0040CAD5
|:0040CAB7(C)
|
:0040CABE 8D55FC
:0040CAC1 A1882C4400
:0040CAC6 E85983FFFF
:0040CACB 8B55FC
:0040CACE 8BCE
:0040CAD0 8B03
:0040CAD2 FF5004
|:0040CABC(C)
|
:0040CAD5 FF4B08
:0040CAD8 8B4308
:0040CADB 3BF0
:0040CADD 7D19
:0040CADF 2BC6
:0040CAE1 8BC8
:0040CAE3 C1E102
:0040CAE6 8B4304
:0040CAE9 8D14B0
:0040CAEC 8B4304
:0040CAEF 8D44B004
:0040CAF3 E8B45CFFFF
lea edx, dword

mov eax, dword
call 00404E24
mov edx, dword
mov ecx, esi
mov eax, dword
call [eax+04]
dec [ebx+08]
mov eax, dword
cmp esi, eax
jge 0040CAF8
sub eax, esi
mov ecx, eax
shl ecx, 02
mov eax, dword
lea edx, dword
mov eax, dword
lea eax, dword
call 004027AC
ptr [ebp-04]
ptr [00442C88]
ptr [ebp-04]
ptr [ebx]
ptr [ebx+08]
ptr
ptr
ptr
ptr
[ebx+04]
[eax+4*esi]
[ebx+04]
[eax+4*esi+04]

|:0040CADD(C)
|
:0040CAF8 33C0
xor eax, eax
:0040CAFA 5A
pop edx
:0040CAFB 59
:0040CAFC 59
:0040CAFD 648910
pop ecx
pop ecx
* Possible StringData Ref from Code Obj ->"^[Y]"

|
:0040CB00 6815CB4000
push 0040CB15
|:0040CB13(U)
|
:0040CB05 8D45FC
:0040CB08 E8AB6CFFFF
:0040CB0D C3
:0040CB0E
:0040CB13
:0040CB15
:0040CB16
:0040CB17
:0040CB18
:0040CB19
jmp
jmp
pop
pop
pop
pop
ret
E96567FFFF
EBF0
5E
5B
59
5D
C3
:0040CB1A 8BC0

call 004037B8
ret
00403278
0040CB05
esi
ebx
ecx
ebp
mov eax, eax

|:0040CB29
|
:0040CB1C 8B4504
:0040CB1F C3
ret

|:00411AF6
|
:0040CB20 53
push ebx
:0040CB21 56
push esi
:0040CB22 83C4F8
add esp, FFFFFFF8
:0040CB25 8BF1
mov esi, ecx
:0040CB27 8BDA
mov ebx, edx
:0040CB29 E8EEFFFFFF
call 0040CB1C
:0040CB2E 50
push eax
:0040CB2F 89742404
:0040CB33 C644240800
mov [esp+08], 00
:0040CB38 8D442404
:0040CB3C 50
push eax
:0040CB3D 6A00
push 00000000
:0040CB3F 8BCB
mov ecx, ebx
:0040CB41 B201
mov dl, 01
:0040CB43 A12CB34000
:0040CB48 E85BBDFFFF
call 004088A8
:0040CB4D E95E67FFFF
jmp 004032B0
:0040CB52 59
pop ecx
:0040CB53 5A
pop edx
:0040CB54 5E
pop esi
:0040CB55 5B
pop ebx
:0040CB56 C3
ret
:0040CB57 90
nop

|:0043EC5B
|
:0040CB58 53
push ebx
:0040CB59 8BD8
mov ebx, eax
:0040CB5B 8B4308
:0040CB5E 3B430C
cmp eax, dword ptr [ebx+0C]
:0040CB61 7506
jne 0040CB69
:0040CB63 8BC3
mov eax, ebx
:0040CB65 8B10
:0040CB67 FF12
call dword ptr [edx]
|:0040CB61(C)
|
:0040CB69 8BC3
mov eax, ebx
:0040CB6B 5B
pop ebx
:0040CB6C C3
ret
:0040CB6D 8D4000

|:0043C14C
|
:0040CB70 33D2
xor edx, edx
:0040CB72 E801000000
call 0040CB78
:0040CB77 C3
ret
|:0040C295 , :0040C58C
|:0040F08F , :0040F156
|:0040F720 , :00410445
|:004117B8 , :004119B9
|:0041235F , :00413734
|:00417DDA , :00417E86
|:00421308 , :00421D91
|:004254C2 , :0042598F
|:0042606D , :0042607E
|:004268B5 , :00426D18
|:00428C41 , :00428C55
|:0042DDCB , :0042DE3F
|:0042E0C4 , :0042E10C
|:0042E1BC , :0042E1D5
|:0042E295 , :0042E2D5
|:0042F1C3 , :0042F20B
|:0043233E , :00433730
|:00433867 , :00433879
|:00433AD3 , :00433C21
|:0043CE07 , :0043CE37
|:0043D68A , :0043DFC4
|
:0040CB78 55
:0040CB79 8BEC
Addresses:
, :0040C869
, :0040F22B
, :00410C21
, :00411B00
, :00413788
, :004208C0
, :00421E46
, :004259DC
, :004265AA
, :00426E5D
, :004293E0
, :0042DE4F
, :0042E125
, :0042E21B
, :0042E2EE
, :004320A6
, :0043376F
, :0043389D
, :004379C1
, :0043CE53
, :0043E02B
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040CB72
:0040F2CE
:00411532
:00411EAD
:00416908
:004208F6
:00423578
:00425CBA
:0042665F
:00426F33
:004294A9
:0042DE65
:0042E164
:0042E234
:0042E330
:0043228C
:004337E4
:004338B8
:0043C511
:0043D21B
:0043E198
push ebp
mov ebp, esp
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0040CCD4
:0040F638
:00411756
:00411F13
:004169FD
:00421045
:00425490
:00425D96
:00426749
:00427871
:0042DC8F
:0042E0AB
:0042E17D
:0042E27C
:0042E349
:0043229F
:00433850
:00433962
:0043CD78
:0043D63D
:0043ECCC
:0040CB7B
:0040CB7D
:0040CB7E
:0040CB7F
:0040CB81
:0040CB83
:0040CB85
:0040CB86
:0040CB8B
:0040CB8E
:0040CB91
:0040CB93
:0040CB95
:0040CB98
6A00
53
56
8BF2
8BD8
33C0
55
68CDCB4000
64FF30
648920
85F6
7C05
3B7308
7C17
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040CBCD
test esi, esi
jl 0040CB9A
jl 0040CBB1
|:0040CB93(C)
|
:0040CB9A 8D55FC
:0040CB9D A1882C4400
:0040CBA2 E87D82FFFF
:0040CBA7 8B55FC
:0040CBAA 8BCE
:0040CBAC 8B03
:0040CBAE FF5004
|:0040CB98(C)
|
:0040CBB1 8B4304
:0040CBB4 8B1CB0
:0040CBB7 33C0
:0040CBB9 5A
:0040CBBA 59
:0040CBBB 59
:0040CBBC 648910
:0040CBBF 68D4CB4000
|:0040CBD2(U)
|
:0040CBC4 8D45FC
:0040CBC7 E8EC6BFFFF
:0040CBCC C3
:0040CBCD
:0040CBD2
:0040CBD4
:0040CBD6
:0040CBD7
:0040CBD8
:0040CBD9
:0040CBDA
E9A666FFFF
EBF0
8BC3
5E
5B
59
5D
C3
jmp
jmp
mov
pop
pop
pop
pop
ret
:0040CBDB
:0040CBDC
:0040CBDF
:0040CBE2
90
8B500C
83FA40
7E0E
nop
cmp edx, 00000040
jle 0040CBF2
lea edx, dword

mov eax, dword
call 00404E24
mov edx, dword
mov ecx, esi
mov eax, dword
call [eax+04]
ptr [ebp-04]
ptr [00442C88]
ptr [ebp-04]
ptr [ebx]

mov ebx, dword ptr [eax+4*esi]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040CBD4

call 004037B8
ret
00403278
0040CBC4
eax, ebx
esi
ebx
ecx
ebp
:0040CBE4
:0040CBE6
:0040CBE8
:0040CBEA
8BCA
85C9
7903
83C103
mov ecx, edx

test ecx, ecx
jns 0040CBED
add ecx, 00000003

|:0040CBE8(C)
|
:0040CBED C1F902
sar ecx, 02
:0040CBF0 EB11
jmp 0040CC03
|:0040CBE2(C)
|
:0040CBF2 83FA08
:0040CBF5 7E07
:0040CBF7 B910000000
:0040CBFC EB05

cmp
jle
mov
jmp
edx, 00000008
0040CBFE
ecx, 00000010
0040CC03

|:0040CBF5(C)
|
:0040CBFE B904000000
mov ecx, 00000004
|:0040CBF0(U), :0040CBFC(U)
|
:0040CC03 03CA
:0040CC05 8BD1
:0040CC07 E858010000
:0040CC0C C3
:0040CC0D 8D4000
|:0040C4C6 , :0040CD4A
|:0040EFBE , :0040EFDC
|:00421333 , :0042340E
|:00428BCC , :004290A7
|:004323ED
|
:0040CC10 53
:0040CC11 33C9
:0040CC13 EB01
add ecx, edx

mov edx, ecx
call 0040CD64
ret
Addresses:
, :0040CF5C
, :004115BC
, :00423568
, :0042945E
,
,
,
,
:0040EF86
:00411B4F
:0042658B
:0042D9D3
,
,
,
,
:0040EF97
:00421162
:00426E33
:0042DCBE
push ebx
xor ecx, ecx
jmp 0040CC16

|:0040CC21(C)
|
:0040CC15 41
inc ecx
|:0040CC13(U)
|
:0040CC16 3B4808
cmp ecx, dword ptr [eax+08]
:0040CC19 7D08
jge 0040CC23
:0040CC1B 8B5804
:0040CC1E 3B148B
cmp edx, dword ptr [ebx+4*ecx]
:0040CC21 75F2
jne 0040CC15

|:0040CC19(C)
|
:0040CC23 3B4808
:0040CC26 7503
jne 0040CC2B
:0040CC28 83C9FF
or ecx, FFFFFFFF
|:0040CC26(C)
|
:0040CC2B 8BC1
mov eax, ecx
:0040CC2D 5B
pop ebx
:0040CC2E C3
ret
:0040CC2F 90
nop

|:00411B84 , :00420892 , :00423449 , :004259AE , :00428C0A
|:00429107 , :0042DA76 , :004322C1 , :0043A70F , :0043A748
|:0043BFE9 , :0043D65C
|
:0040CC30 55
push ebp
:0040CC31 8BEC
mov ebp, esp
:0040CC33 83C4F8
add esp, FFFFFFF8
:0040CC36 53
push ebx
:0040CC37 56
push esi
:0040CC38 33DB
xor ebx, ebx
:0040CC3A 895DF8
:0040CC3D 894DFC
:0040CC40 8BF2
mov esi, edx
:0040CC42 8BD8
mov ebx, eax
:0040CC44 33C0
xor eax, eax
:0040CC46 55
push ebp
:0040CC47 68C2CC4000
push 0040CCC2
:0040CC4C 64FF30
:0040CC4F 648920
:0040CC52 85F6
test esi, esi
:0040CC54 7C05
jl 0040CC5B
:0040CC56 3B7308
:0040CC59 7E17
jle 0040CC72
|:0040CC54(C)
|
:0040CC5B 8D55F8
:0040CC5E A1882C4400
:0040CC63 E8BC81FFFF
:0040CC68 8B55F8
:0040CC6B 8BCE
:0040CC6D 8B03
:0040CC6F FF5004

lea edx, dword
mov eax, dword
call 00404E24
mov edx, dword
mov ecx, esi
mov eax, dword
call [eax+04]
ptr [ebp-08]
ptr [00442C88]
ptr [ebp-08]
ptr [ebx]

|:0040CC59(C)
|
:0040CC72 8B4308
:0040CC75 3B430C
:0040CC78 7506
jne 0040CC80
:0040CC7A 8BC3
mov eax, ebx
:0040CC7C 8B10
:0040CC7E FF12

|:0040CC78(C)
|
:0040CC80 8B4308
:0040CC83 3BF0
:0040CC85 7D19
:0040CC87 2BC6
:0040CC89 8BC8
:0040CC8B C1E102
:0040CC8E 8B4304
:0040CC91 8D54B004
:0040CC95 8B4304
:0040CC98 8D04B0
:0040CC9B E80C5BFFFF

mov eax, dword
cmp esi, eax
jge 0040CCA0
sub eax, esi
mov ecx, eax
shl ecx, 02
mov eax, dword
lea edx, dword
mov eax, dword
lea eax, dword
call 004027AC
ptr [ebx+08]
ptr
ptr
ptr
ptr
[ebx+04]
[eax+4*esi+04]
[ebx+04]
[eax+4*esi]

|:0040CC85(C)
|
:0040CCA0 8B4304
:0040CCA3 8B55FC
:0040CCA6 8914B0
mov dword ptr [eax+4*esi], edx
:0040CCA9 FF4308
inc [ebx+08]
:0040CCAC 33C0
xor eax, eax
:0040CCAE 5A
pop edx
:0040CCAF 59
pop ecx
:0040CCB0 59
pop ecx
:0040CCB1 648910
* Possible StringData Ref from Code Obj ->"^[YY]"
|
:0040CCB4 68C9CC4000
push 0040CCC9
|:0040CCC7(U)
|
:0040CCB9 8D45F8
:0040CCBC E8F76AFFFF
:0040CCC1 C3
:0040CCC2
:0040CCC7
:0040CCC9
:0040CCCA
:0040CCCB
:0040CCCC
:0040CCCD
:0040CCCE
jmp
jmp
pop
pop
pop
pop
pop
ret
E9B165FFFF
EBF0
5E
5B
59
59
5D
C3
:0040CCCF 90

call 004037B8
ret
00403278
0040CCB9
esi
ebx
ecx
ecx
ebp
nop

|:0040C898 , :0040D406 , :0041170C , :00411E10 , :0042DC30
|:0042E5FC
|
:0040CCD0 8B5008
:0040CCD3 4A
:0040CCD4 E89FFEFFFF
:0040CCD9 C3
dec edx
call 0040CB78
ret
:0040CCDA 8BC0
mov eax, eax

|:004254A9
|
:0040CCDC 55
push ebp
:0040CCDD 8BEC
mov ebp, esp
:0040CCDF 6A00
push 00000000
:0040CCE1 53
push ebx
:0040CCE2 56
push esi
:0040CCE3 57
push edi
:0040CCE4 8BF9
mov edi, ecx
:0040CCE6 8BF2
mov esi, edx
:0040CCE8 8BD8
mov ebx, eax
:0040CCEA 33C0
xor eax, eax
:0040CCEC 55
push ebp
:0040CCED 6834CD4000
push 0040CD34
:0040CCF2 64FF30
:0040CCF5 648920
:0040CCF8 85F6
test esi, esi
:0040CCFA 7C05
jl 0040CD01
:0040CCFC 3B7308
:0040CCFF 7C17
jl 0040CD18
|:0040CCFA(C)
|
:0040CD01 8D55FC
:0040CD04 A1882C4400
:0040CD09 E81681FFFF
:0040CD0E 8B55FC
:0040CD11 8BCE
:0040CD13 8B03
:0040CD15 FF5004

lea edx, dword
mov eax, dword
call 00404E24
mov edx, dword
mov ecx, esi
mov eax, dword
call [eax+04]
ptr [ebp-04]
ptr [00442C88]
ptr [ebp-04]
ptr [ebx]

|:0040CCFF(C)
|
:0040CD18 8B4304
:0040CD1B 893CB0
mov dword ptr [eax+4*esi], edi
:0040CD1E 33C0
xor eax, eax
:0040CD20 5A
pop edx
:0040CD21 59
pop ecx
:0040CD22 59
pop ecx
:0040CD23 648910
|
:0040CD26 683BCD4000
push 0040CD3B
|:0040CD39(U)
|
:0040CD2B 8D45FC
:0040CD2E E8856AFFFF
call 004037B8
:0040CD33 C3
ret
:0040CD34
:0040CD39
:0040CD3B
:0040CD3C
:0040CD3D
:0040CD3E
:0040CD3F
:0040CD40
jmp
jmp
pop
pop
pop
pop
pop
ret
E93F65FFFF
EBF0
5F
5E
5B
59
5D
C3
:0040CD41 8D4000
|:0040CFD0 , :00411653
|:0042DD93 , :00433CD1
|:0043A737 , :0043C165
|
:0040CD44 53
:0040CD45 56
:0040CD46 8BD8
:0040CD48 8BC3
:0040CD4A E8C1FEFFFF
:0040CD4F 8BF0
:0040CD51 83FEFF
:0040CD54 7409
:0040CD56 8BD6
:0040CD58 8BC3
:0040CD5A E83DFDFFFF
00403278
0040CD2B
edi
esi
ebx
ecx
ebp

Addresses:
, :00411789
, :0043836C
, :0043CEEF
, :00421D09
, :00438600
, :0043CEF9
, :00422A38
, :0043A6FE
push ebx
push esi
mov ebx, eax
mov eax, ebx
call 0040CC10
mov esi, eax
cmp esi, FFFFFFFF
je 0040CD5F
mov edx, esi
mov eax, ebx
call 0040CA9C

|:0040CD54(C)
|
:0040CD5F 8BC6
mov eax, esi
:0040CD61 5E
pop esi
:0040CD62 5B
pop ebx
:0040CD63 C3
ret

|:0040CA94 , :0040CC07 , :0040CE1D
|
:0040CD64 55
push ebp
:0040CD65 8BEC
mov ebp, esp
:0040CD67 6A00
push 00000000
:0040CD69 53
push ebx
:0040CD6A 56
push esi
:0040CD6B 8BF2
mov esi, edx
:0040CD6D 8BD8
mov ebx, eax
:0040CD6F 33C0
xor eax, eax
:0040CD71 55
push ebp
:0040CD72 68CCCD4000
push 0040CDCC
:0040CD77 64FF30
:0040CD7A 648920
:0040CD7D 3B7308
:0040CD80 7C08
jl 0040CD8A
:0040CD82 81FEFFFFFF07
cmp esi, 07FFFFFF
:0040CD88 7E17
jle 0040CDA1
|:0040CD80(C)
|
:0040CD8A 8D55FC
:0040CD8D A1F02B4400
:0040CD92 E88D80FFFF
:0040CD97 8B55FC
:0040CD9A 8BCE
:0040CD9C 8B03
:0040CD9E FF5004
|:0040CD88(C)
|
:0040CDA1 3B730C
:0040CDA4 7410
:0040CDA6 8BD6
:0040CDA8 C1E202
:0040CDAB 8D4304
:0040CDAE E81159FFFF
:0040CDB3 89730C
lea edx, dword

mov eax, dword
call 00404E24
mov edx, dword
mov ecx, esi
mov eax, dword
call [eax+04]
ptr [ebp-04]
ptr [00442BF0]
ptr [ebp-04]
ptr [ebx]
cmp esi, dword ptr [ebx+0C]

je 0040CDB6
mov edx, esi
shl edx, 02
call 004026C4

|:0040CDA4(C)
|
:0040CDB6 33C0
xor eax, eax
:0040CDB8 5A
pop edx
:0040CDB9 59
pop ecx
:0040CDBA 59
pop ecx
:0040CDBB 648910
|
:0040CDBE 68D3CD4000
push 0040CDD3
|:0040CDD1(U)
|
:0040CDC3 8D45FC
:0040CDC6 E8ED69FFFF
:0040CDCB C3
:0040CDCC
:0040CDD1
:0040CDD3
:0040CDD4
:0040CDD5
:0040CDD6
:0040CDD7
jmp
jmp
pop
pop
pop
pop
ret
E9A764FFFF
EBF0
5E
5B
59
5D
C3

call 004037B8
ret
00403278
0040CDC3
esi
ebx
ecx
ebp

|:0040CA8B , :00425475
|
:0040CDD8 55
push ebp
:0040CDD9 8BEC
mov ebp, esp
:0040CDDB
:0040CDDD
:0040CDDE
:0040CDDF
:0040CDE1
:0040CDE3
:0040CDE5
:0040CDE6
:0040CDEB
:0040CDEE
:0040CDF1
:0040CDF3
:0040CDF5
:0040CDFB
6A00
53
56
8BF2
8BD8
33C0
55
6859CE4000
64FF30
648920
85F6
7C08
81FEFFFFFF07
7E17
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040CE59
test esi, esi
jl 0040CDFD
cmp esi, 07FFFFFF
jle 0040CE14
|:0040CDF3(C)
|
:0040CDFD 8D55FC
:0040CE00 A17C2B4400
:0040CE05 E81A80FFFF
:0040CE0A 8B55FC
:0040CE0D 8BCE
:0040CE0F 8B03
:0040CE11 FF5004
|:0040CDFB(C)
|
:0040CE14 3B730C
:0040CE17 7E09
:0040CE19 8BD6
:0040CE1B 8BC3
:0040CE1D E842FFFFFF
|:0040CE17(C)
|
:0040CE22 8B4308
:0040CE25 3BF0
:0040CE27 7E17
:0040CE29 8B5304
:0040CE2C 8D1482
:0040CE2F 8BCE
:0040CE31 2BC8
:0040CE33 8BC1
:0040CE35 C1E002
:0040CE38 33C9
:0040CE3A 92
:0040CE3B E8F85AFFFF
lea edx, dword

mov eax, dword
call 00404E24
mov edx, dword
mov ecx, esi
mov eax, dword
call [eax+04]
ptr [ebp-04]
ptr [00442B7C]
ptr [ebp-04]
ptr [ebx]

jle 0040CE22
mov edx, esi
mov eax, ebx
call 0040CD64

cmp esi, eax
jle 0040CE40
lea edx, dword ptr [edx+4*eax]
mov ecx, esi
sub ecx, eax
mov eax, ecx
shl eax, 02
xor ecx, ecx
xchg eax,edx
call 00402938

|:0040CE27(C)
|
:0040CE40 897308
:0040CE43 33C0
xor eax, eax
:0040CE45 5A
pop edx
:0040CE46 59
pop ecx
:0040CE47 59
pop ecx
:0040CE48 648910

|
:0040CE4B 6860CE4000
push 0040CE60
|:0040CE5E(U)
|
:0040CE50 8D45FC
:0040CE53 E86069FFFF
:0040CE58 C3
:0040CE59
:0040CE5E
:0040CE60
:0040CE61
:0040CE62
:0040CE63
:0040CE64
jmp
jmp
pop
pop
pop
pop
ret
E91A64FFFF
EBF0
5E
5B
59
5D
C3
:0040CE65 8D4000

call 004037B8
ret
00403278
0040CE50
esi
ebx
ecx
ebp

|:0041247B , :0041249D , :004124AE , :0041ABC3
|:0042D4E6
|
:0040CE68 53
push ebx
:0040CE69 56
push esi
:0040CE6A 84D2
test dl, dl
:0040CE6C 7408
je 0040CE76
:0040CE6E 83C4F0
add esp, FFFFFFF0
:0040CE71 E88E60FFFF
call 00402F04
|:0040CE6C(C)
|
:0040CE76 8BDA
:0040CE78 8BF0
:0040CE7A 33D2
:0040CE7C 8BC6
:0040CE7E E86D5DFFFF
:0040CE83 8D4608
:0040CE86 50
, :0041ABD4

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 00402BF0
push eax

|
:0040CE87 E8AC8EFFFF
Call 00405D38
:0040CE8C B201
mov dl, 01
:0040CE8E A154B54000
:0040CE93 E8585DFFFF
call 00402BF0
:0040CE98 894604
:0040CE9B 8BC6
mov eax, esi
:0040CE9D 84DB
test bl, bl
:0040CE9F 740F
je 0040CEB0
:0040CEA1 E8B660FFFF
call 00402F5C
:0040CEA6 648F0500000000
:0040CEAD 83C40C
add esp, 0000000C

|:0040CE9F(C)
|
:0040CEB0 8BC6
mov eax, esi
:0040CEB2 5E
pop esi
:0040CEB3 5B
pop ebx
:0040CEB4 C3
ret
:0040CEB5
:0040CEB8
:0040CEB9
:0040CEBB
:0040CEBE
:0040CEC3
:0040CEC6
:0040CEC9
:0040CECC
:0040CED1
:0040CED3
:0040CED4
:0040CED9
:0040CEDC
:0040CEDF
:0040CEE2
:0040CEE5
:0040CEEA
:0040CEED
:0040CEF0
:0040CEF3
:0040CEF8
:0040CEFA
:0040CEFB
:0040CEFC
:0040CEFD
:0040CF00
8D4000
55
8BEC
83C4F8
E8A160FFFF
8855FB
8945FC
8B45FC
E8C3000000
33C0
55
681ACF4000
64FF30
648920
8B45FC
8B4004
E8365DFFFF
8A55FB
80E2FC
8B45FC
E8185DFFFF
33C0
5A
59
59
648910
6821CF4000
|:0040CF1F(U)
|
:0040CF05 8B45FC
:0040CF08 E8EB000000
:0040CF0D 8B45FC
:0040CF10 83C008
:0040CF13 50

push ebp
mov ebp, esp
add esp, FFFFFFF8
call 00402F64
mov byte ptr [ebp-05], dl
call 0040CF94
xor eax, eax
push ebp
push 0040CF1A
call 00402C20
mov dl, byte ptr [ebp-05]
and dl, FC
call 00402C10
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040CF21
call 0040CFF8
add eax, 00000008
push eax

|
:0040CF14 E8378DFFFF
Call 00405C50
:0040CF19 C3
ret
:0040CF1A
:0040CF1F
:0040CF21
:0040CF25
:0040CF27
:0040CF2A
E95963FFFF
EBE4
807DFB00
7E08
8B45FC
E82560FFFF
jmp 00403278
jmp 0040CF05
jle 0040CF2F
call 00402F54
|:0040CF25(C)
|
:0040CF2F 59
:0040CF30 59
:0040CF31 5D
:0040CF32 C3
pop ecx
pop ecx
pop ebp
ret
:0040CF33 90
nop

|:0040C6CC , :00410560 , :0041497A , :00418098
|
:0040CF34 55
push ebp
:0040CF35 8BEC
mov ebp, esp
:0040CF37 51
push ecx
:0040CF38 53
push ebx
:0040CF39 8BDA
mov ebx, edx
:0040CF3B 8945FC
:0040CF3E 8B45FC
:0040CF41 E84E000000
call 0040CF94
:0040CF46 33C0
xor eax, eax
:0040CF48 55
push ebp
:0040CF49 6887CF4000
push 0040CF87
:0040CF4E 64FF30
:0040CF51 648920
:0040CF54 8B45FC
:0040CF57 8B4004
:0040CF5A 8BD3
mov edx, ebx
:0040CF5C E8AFFCFFFF
call 0040CC10
:0040CF61 40
inc eax
:0040CF62 750D
jne 0040CF71
:0040CF64 8B45FC
:0040CF67 8B4004
:0040CF6A 8BD3
mov edx, ebx
:0040CF6C E8EFFAFFFF
call 0040CA60
|:0040CF62(C)
|
:0040CF71 33C0
xor eax, eax
:0040CF73 5A
pop edx
:0040CF74 59
pop ecx
:0040CF75 59
pop ecx
:0040CF76 648910
|
:0040CF79 688ECF4000
push 0040CF8E
|:0040CF8C(U)
|
:0040CF7E 8B45FC
:0040CF81 E872000000
:0040CF86 C3
:0040CF87 E9EC62FFFF
:0040CF8C EBF0
jmp 00403278
jmp 0040CF7E

call 0040CFF8
ret
:0040CF8E
:0040CF8F
:0040CF90
:0040CF91
5B
59
5D
C3
:0040CF92 8BC0
|:0040C271 , :0040C427
|:0040CFB5 , :0040F02B
|:0041233B , :00413716
|:00421E1B , :00421F14
|
:0040CF94 53
:0040CF95 8BD8
:0040CF97 8D4308
:0040CF9A 50
pop ebx
pop ecx
pop ebp
ret
mov eax, eax
Addresses:
, :0040C564
, :0040F209
, :00417DAF
, :0040CECC
, :0040F2AC
, :00417E64
, :0040CF41
, :0041041C
, :00421D5F
push ebx
mov ebx, eax
push eax

|
:0040CF9B E8B88CFFFF
Call 00405C58
:0040CFA0 8B4304
:0040CFA3 5B
pop ebx
:0040CFA4 C3
ret
:0040CFA5 8D4000

|:004149B2 , :00417FAD , :00421FA9
|
:0040CFA8 55
push ebp
:0040CFA9 8BEC
mov ebp, esp
:0040CFAB 51
push ecx
:0040CFAC 53
push ebx
:0040CFAD 8BDA
mov ebx, edx
:0040CFAF 8945FC
:0040CFB2 8B45FC
:0040CFB5 E8DAFFFFFF
call 0040CF94
:0040CFBA 33C0
xor eax, eax
:0040CFBC 55
push ebp
:0040CFBD 68EBCF4000
push 0040CFEB
:0040CFC2 64FF30
:0040CFC5 648920
:0040CFC8 8B45FC
:0040CFCB 8B4004
:0040CFCE 8BD3
mov edx, ebx
:0040CFD0 E86FFDFFFF
call 0040CD44
:0040CFD5 33C0
xor eax, eax
:0040CFD7 5A
pop edx
:0040CFD8 59
pop ecx
:0040CFD9 59
pop ecx
:0040CFDA 648910
|
:0040CFDD 68F2CF4000
push 0040CFF2
|:0040CFF0(U)
|
:0040CFE2 8B45FC
:0040CFE5 E80E000000
:0040CFEA C3

call 0040CFF8
ret
:0040CFEB
:0040CFF0
:0040CFF2
:0040CFF3
:0040CFF4
:0040CFF5
jmp
jmp
pop
pop
pop
ret
E98862FFFF
EBF0
5B
59
5D
C3
:0040CFF6 8BC0
|:0040C2F7 , :0040C4E4
|:0040CFE5 , :0040F1A5
|:0041237F , :0041379B
|:00421EA8 , :00421F67
|
:0040CFF8 83C008
:0040CFFB 50
00403278
0040CFE2
ebx
ecx
ebp
mov eax, eax

Addresses:
, :0040C606
, :0040F27D
, :00417E3C
, :0040CF08
, :0040F305
, :00417EBA
, :0040CF81
, :00410481
, :00421DFE
add eax, 00000008

push eax

|
:0040CFFC E83F8DFFFF
Call 00405D40
:0040D001 C3
ret
:0040D002
:0040D004
:0040D005
:0040D006
:0040D00B
:0040D00D
:0040D00F
:0040D011
:0040D013
:0040D018
:0040D01A
:0040D01D
:0040D01F
:0040D024
:0040D026
:0040D028
:0040D02A
8BC0
53
56
E8595FFFFF
8BDA
8BF0
33D2
8BC6
E87C000000
8BD3
80E2FC
8BC6
E8EC5BFFFF
84DB
7E07
8BC6
E8255FFFFF
mov eax, eax

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 0040D094
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 0040D02F
mov eax, esi
call 00402F54

|:0040D026(C)
|
:0040D02F 5E
pop esi
:0040D030 5B
pop ebx
:0040D031 C3
ret
:0040D032 8BC0
mov eax, eax

|:0040D0AC
|
|:0040D14F(C)
|
:0040D034 55
:0040D035 8BEC
:0040D037 6A00
:0040D039 33C0
:0040D03B 55
:0040D03C 687ED04000
:0040D041 64FF30
:0040D044 648920
:0040D047 8D55FC
:0040D04A A1BC2C4400
:0040D04F E8D07DFFFF
:0040D054 8B4DFC
:0040D057 B201
:0040D059 A184B34000
:0040D05E E809B8FFFF
:0040D063 E84862FFFF
:0040D068 33C0
:0040D06A 5A
:0040D06B 59
:0040D06C 59
:0040D06D 648910
:0040D070 6885D04000
|:0040D083(U)
|
:0040D075 8D45FC
:0040D078 E83B67FFFF
:0040D07D C3
:0040D07E
:0040D083
:0040D085
:0040D086
:0040D087
jmp
jmp
pop
pop
ret
E9F561FFFF
EBF0
59
5D
C3
push ebp
mov ebp, esp
push 00000000
xor eax, eax
push ebp
push 0040D07E
mov eax, dword ptr [00442CBC]
call 00404E24
mov dl, 01
call 0040886C
call 004032B0
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040D085

call 004037B8
ret
00403278
0040D075
ecx
ebp

|:0040D10B
|
:0040D088 8BC8
mov ecx, eax
:0040D08A 3BD0
cmp edx, eax
:0040D08C 7D02
jge 0040D090
:0040D08E 8BCA
mov ecx, edx
|:0040D08C(C)
|
:0040D090 8BC1
mov eax, ecx
:0040D092 C3
ret
:0040D093 90
nop

|:0040D013 , :0040D159
|
:0040D094 53
push ebx
:0040D095 56
push esi
:0040D096 57
push edi
:0040D097 55
push ebp
:0040D098 51
push ecx
:0040D099 8BF2
mov esi, edx
:0040D09B 8BD8
mov ebx, eax
:0040D09D 3B7304
:0040D0A0 0F848A000000
je 0040D130
:0040D0A6 85F6
test esi, esi
:0040D0A8 7D07
jge 0040D0B1
:0040D0AA 8BC3
mov eax, ebx
:0040D0AC E883FFFFFF
call 0040D034
|:0040D0A8(C)
|
:0040D0B1 8D4620
:0040D0B4 48
dec eax
:0040D0B5 85C0
test eax, eax
:0040D0B7 7903
jns 0040D0BC
:0040D0B9 83C01F
add eax, 0000001F
|:0040D0B7(C)
|
:0040D0BC C1F805
sar eax, 05
:0040D0BF 8BF8
mov edi, eax
:0040D0C1 C1E702
shl edi, 02
:0040D0C4 8B4304
:0040D0C7 83C020
add eax, 00000020
:0040D0CA 48
dec eax
:0040D0CB 85C0
test eax, eax
:0040D0CD 7903
jns 0040D0D2
:0040D0CF 83C01F
add eax, 0000001F
|:0040D0CD(C)
|
:0040D0D2 C1F805
:0040D0D5 8BE8
:0040D0D7 C1E502
:0040D0DA 3BEF
:0040D0DC 744F
:0040D0DE 33C0
:0040D0E0 890424
:0040D0E3 85FF
:0040D0E5 7416
:0040D0E7 8BC7
:0040D0E9 E8A655FFFF
:0040D0EE 890424
:0040D0F1 8B0424
:0040D0F4 33C9
:0040D0F6 8BD7

sar eax, 05
mov ebp, eax
shl ebp, 02
cmp ebp, edi
je 0040D12D
xor eax, eax
test edi, edi
je 0040D0FD
mov eax, edi
call 00402694
xor ecx, ecx
mov edx, edi
:0040D0F8 E83B58FFFF
call 00402938
|:0040D0E5(C)
|
:0040D0FD 85ED
:0040D0FF 7426
:0040D101 833C2400
:0040D105 7416
:0040D107 8BD7
:0040D109 8BC5
:0040D10B E878FFFFFF
:0040D110 8BC8
:0040D112 8B1424
:0040D115 8B4308
:0040D118 E88F56FFFF
|:0040D105(C)
|
:0040D11D 8BD5
:0040D11F 8B4308
:0040D122 E88555FFFF
test ebp, ebp

je 0040D127
je 0040D11D
mov edx, edi
mov eax, ebp
call 0040D088
mov ecx, eax
call 004027AC
mov edx, ebp

call 004026AC

|:0040D0FF(C)
|
:0040D127 8B0424
:0040D12A 894308
|:0040D0DC(C)
|
:0040D12D 897304
|:0040D0A0(C)
|
:0040D130 5A
pop edx
:0040D131 5D
pop ebp
:0040D132 5F
pop edi
:0040D133 5E
pop esi
:0040D134 5B
pop ebx
:0040D135 C3
ret
:0040D136 8BC0
mov eax, eax

|:00430A3F , :00430F6D
|
:0040D138 3B5004
:0040D13B 730F
jnb 0040D14C
|:0040D161(U)
|
:0040D13D 8B4008
:0040D140 08C9
or cl, cl
:0040D142 7404
je 0040D148
:0040D144 0FAB10
:0040D147 C3
bts dword ptr [eax], edx

ret

|:0040D142(C)
|
:0040D148 0FB310
btr dword ptr [eax], edx
:0040D14B C3
ret
|:0040D13B(C)
|
:0040D14C 83FA00
:0040D14F 0F8CDFFEFFFF
:0040D155 50
:0040D156 52
:0040D157 51
:0040D158 42
:0040D159 E836FFFFFF
:0040D15E 59
:0040D15F 5A
:0040D160 58
:0040D161 EBDA
:0040D163 C3

cmp edx, 00000000
jl 0040D034
push eax
push edx
push ecx
inc edx
call 0040D094
pop ecx
pop edx
pop eax
jmp 0040D13D
ret

|:00430A2E
|
:0040D164 53
push ebx
:0040D165 56
push esi
:0040D166 57
push edi
:0040D167 51
push ecx
:0040D168 8BD8
mov ebx, eax
:0040D16A 8B4304
:0040D16D 83C020
add eax, 00000020
:0040D170 48
dec eax
:0040D171 85C0
test eax, eax
:0040D173 7903
jns 0040D178
:0040D175 83C01F
add eax, 0000001F
|:0040D173(C)
|
:0040D178 C1F805
sar eax, 05
:0040D17B 48
dec eax
:0040D17C 85C0
test eax, eax
:0040D17E 7C4D
jl 0040D1CD
:0040D180 40
inc eax
:0040D181 890424
:0040D184 33F6
xor esi, esi
|:0040D1CB(C)
|
:0040D186
:0040D189
:0040D18F
:0040D192
:0040D194
:0040D197
:0040D19A
8B4308
8B15D8D14000
3B14B0
7433
8B4308
8B3CB0
33C0
mov eax, dword

mov edx, dword
cmp edx, dword
je 0040D1C7
mov eax, dword
mov edi, dword
xor eax, eax
ptr [ebx+08]
ptr [0040D1D8]
ptr [eax+4*esi]
ptr [ebx+08]
ptr [eax+4*esi]

|:0040D1C5(C)
|
:0040D19C 8BD0
mov edx, eax
:0040D19E 80FA1F
cmp dl, 1F
:0040D1A1 7706
ja 0040D1A9
:0040D1A3 83E27F
and edx, 0000007F
:0040D1A6 0FA3D7
bt edi, edx
|:0040D1A1(C)
|
:0040D1A9 7217
jb 0040D1C2
:0040D1AB 8BD6
mov edx, esi
:0040D1AD C1E205
shl edx, 05
:0040D1B0 83E07F
and eax, 0000007F
:0040D1B3 03D0
add edx, eax
:0040D1B5 8BC2
mov eax, edx
:0040D1B7 8B5304
:0040D1BA 3BC2
cmp eax, edx
:0040D1BC 7C12
jl 0040D1D0
:0040D1BE 8BC2
mov eax, edx
:0040D1C0 EB0E
jmp 0040D1D0
|:0040D1A9(C)
|
:0040D1C2 40
inc eax
:0040D1C3 3C20
cmp al, 20
:0040D1C5 75D5
jne 0040D19C
|:0040D192(C)
|
:0040D1C7 46
inc esi
:0040D1C8 FF0C24
dec dword ptr [esp]
:0040D1CB 75B9
jne 0040D186
|:0040D17E(C)
|
:0040D1CD 8B4304
|:0040D1BC(C), :0040D1C0(U)
|
:0040D1D0 5A
:0040D1D1 5F
:0040D1D2 5E
:0040D1D3 5B
:0040D1D4 C3

pop
pop
pop
pop
ret
edx
edi
esi
ebx
:0040D1D5 000000
BYTE 3 DUP(0)
:0040D1D8 FFFFFFFF
BYTE 4 DUP(0ffh)

|:0040D45B , :00411575 , :004149E8 , :00416C6A
|:00418BBD , :0041A166
|
:0040D1DC 53
push ebx
:0040D1DD 56
push esi
:0040D1DE E8815DFFFF
call 00402F64
:0040D1E3 8BDA
mov ebx, edx
:0040D1E5 8BF0
mov esi, eax
:0040D1E7 8BC6
mov eax, esi
:0040D1E9 E8A6200000
call 0040F294
:0040D1EE 8BD3
mov edx, ebx
:0040D1F0 80E2FC
and dl, FC
:0040D1F3 8BC6
mov eax, esi
:0040D1F5 E8165AFFFF
call 00402C10
:0040D1FA 84DB
test bl, bl
:0040D1FC 7E07
jle 0040D205
:0040D1FE 8BC6
mov eax, esi
:0040D200 E84F5DFFFF
call 00402F54
, :0041716A

|:0040D1FC(C)
|
:0040D205 5E
pop esi
:0040D206 5B
pop ebx
:0040D207 C3
ret

|:0040D5D5 , :00413F54 , :0041442C , :004146E5 , :00416E33
|:0041720A , :00418CB2 , :0041A1D0 , :0042F03D , :00436D8E
|
:0040D208 85D2
test edx, edx
:0040D20A 7406
je 0040D212
:0040D20C 92
xchg eax,edx
:0040D20D 8B08
:0040D20F FF11
:0040D211 C3
ret
|:0040D20A(C)
|
:0040D212 33D2
:0040D214 E803000000
:0040D219 C3
:0040D21A 8BC0
mov eax, eax
xor edx, edx

call 0040D21C
ret

|:0040D214
|
:0040D21C 55
push ebp
:0040D21D 8BEC
mov ebp, esp
:0040D21F 81C4E8FEFFFF
add esp, FFFFFEE8
:0040D225 53
push ebx
:0040D226 56
push esi
:0040D227 33C9
xor ecx, ecx
:0040D229 898DE8FEFFFF
mov dword ptr [ebp+FFFFFEE8], ecx
:0040D22F 894DFC
:0040D232 8BF2
mov esi, edx
:0040D234 8BD8
mov ebx, eax
:0040D236 33C0
xor eax, eax
:0040D238 55
push ebp
:0040D239 68F3D24000
push 0040D2F3
:0040D23E 64FF30
:0040D241 648920
:0040D244 85F6
test esi, esi
:0040D246 741D
je 0040D265
:0040D248 8D95FCFEFFFF
:0040D24E 8B06
:0040D250 E81759FFFF
call 00402B6C
:0040D25B 8D45FC
:0040D25E E87567FFFF
call 004039D8
:0040D263 EB0D
jmp 0040D272
|:0040D246(C)
|
:0040D265 8D45FC
* Possible StringData Ref from Code Obj ->"nil"
|
:0040D268 BA08D34000
mov edx, 0040D308
:0040D26D E8DE65FFFF
call 00403850
|:0040D263(U)
|
:0040D272 8B45FC
:0040D275 8985ECFEFFFF
:0040D27B C685F0FEFFFF0B
:0040D288 8B03
:0040D28A E8DD58FFFF
:0040D28F 8D85FCFEFFFF
:0040D295 8985F4FEFFFF
:0040D29B C685F8FEFFFF04
:0040D2A2 8D85ECFEFFFF
:0040D2A8 50
:0040D2A9 6A01
:0040D2AB 8D95E8FEFFFF
:0040D2B1 A1942B4400
:0040D2B6 E8697BFFFF
:0040D2BB 8B8DE8FEFFFF
:0040D2C1 B201
:0040D2C3 A1DC6F4000
:0040D2C8 E8DBB5FFFF

mov dword ptr [ebp+FFFFFEEC], eax
call 00402B6C
lea eax, dword ptr [ebp+FFFFFEFC]
mov byte ptr [ebp+FFFFFEF8], 04
lea eax, dword ptr [ebp+FFFFFEEC]
push eax
push 00000001
lea edx, dword ptr [ebp+FFFFFEE8]
call 00404E24
mov ecx, dword ptr [ebp+FFFFFEE8]
mov dl, 01
mov eax, dword ptr [00406FDC]
call 004088A8
:0040D2CD
:0040D2D2
:0040D2D4
:0040D2D5
:0040D2D6
:0040D2D7
:0040D2DA
E8DE5FFFFF
33C0
5A
59
59
648910
68FAD24000
call 004032B0
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040D2FA
|:0040D2F8(U)
|
:0040D2DF 8D85E8FEFFFF
:0040D2E5 E8CE64FFFF
:0040D2EA 8D45FC
:0040D2ED E8C664FFFF
:0040D2F2 C3
:0040D2F3
:0040D2F8
:0040D2FA
:0040D2FB
:0040D2FC
:0040D2FE
:0040D2FF
jmp
jmp
pop
pop
mov
pop
ret
E9805FFFFF
EBE5
5E
5B
8BE5
5D
C3

call 004037B8
call 004037B8
ret
00403278
0040D2DF
esi
ebx
esp, ebp
ebp
:0040D300 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040D304
:0040D306
:0040D308
:0040D309
:0040D30A
:0040D30B

outsb
BYTE 69h
BYTE 6ch
BYTE 00h
0300
0000
6E
69
6C
00

|:00416CAC , :0042208D , :00424FEA , :0042E079
|:00432941
|
:0040D30C 92
xchg eax,edx
:0040D30D E80AFFFFFF
call 0040D21C
:0040D312 C3
ret
, :0042F0F0
:0040D313 90
:0040D314 C3
nop
ret
:0040D315
:0040D318
:0040D319
:0040D31B
:0040D321
:0040D322
:0040D323
:0040D324
:0040D326

push ebp
mov ebp, esp
add esp, FFFFFEFC
push ebx
push esi
push edi
xor ecx, ecx
8D4000
55
8BEC
81C4FCFEFFFF
53
56
57
33C9
894DFC
:0040D329
:0040D32B
:0040D32D
:0040D32F
:0040D330
:0040D335
:0040D338
:0040D33B
:0040D341
:0040D343
:0040D348
:0040D34E
:0040D350
:0040D355
:0040D357
:0040D35B
:0040D360
:0040D362
:0040D364
:0040D366
:0040D36A
:0040D36F
:0040D372
:0040D376
:0040D37B
:0040D37F
:0040D381
:0040D384
:0040D389
:0040D38B
:0040D38D
:0040D392
8BFA
8BF0
33C0
55
68ADD34000
64FF30
648920
8D95FCFEFFFF
8B06
E82458FFFF
8D95FCFEFFFF
8BC7
E88366FFFF
8BC6
66BBFFFF
E8945AFFFF
85C0
7433
8BC6
66BBFFFF
E8855AFFFF
8D55FC
66BBFEFF
E8795AFFFF
837DFC00
7416
FF75FC
68C4D34000
FF37
8BC7
BA03000000
E85D67FFFF
|:0040D362(C), :0040D37F(C)
|
:0040D397 33C0
:0040D399 5A
:0040D39A 59
:0040D39B 59
:0040D39C 648910
mov edi, edx

mov esi, eax
xor eax, eax
push ebp
push 0040D3AD
call 00402B6C
mov eax, edi
call 004039D8
mov eax, esi
mov bx, FFFF
call 00402DF4
test eax, eax
je 0040D397
mov eax, esi
mov bx, FFFF
call 00402DF4
mov bx, FFFE
call 00402DF4
je 0040D397
push [ebp-04]
push 0040D3C4
push dword ptr [edi]
mov eax, edi
mov edx, 00000003
call 00403AF4
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0040D39F 68B4D34000
push 0040D3B4
|:0040D3B2(U)
|
:0040D3A4 8D45FC
:0040D3A7 E80C64FFFF
:0040D3AC C3
:0040D3AD
:0040D3B2
:0040D3B4
:0040D3B5
:0040D3B6
:0040D3B7
jmp
jmp
pop
pop
pop
mov
E9C65EFFFF
EBF0
5F
5E
5B
8BE5

call 004037B8
ret
00403278
0040D3A4
edi
esi
ebx
esp, ebp
:0040D3B9 5D
:0040D3BA C3
pop ebp
ret
:0040D3BB 00
BYTE 0
:0040D3BC FFFFFFFF
BYTE 4 DUP(0ffh)
:0040D3C0 0100
:0040D3C2 0000
:0040D3C4 2E

BYTE 02eh
:0040D3C5 000000
BYTE 3 DUP(0)
:0040D3C8 33C0
:0040D3CA C3
xor eax, eax

ret
:0040D3CB 90
nop

|:0040F91D
|
:0040D3CC 8BC8
mov ecx, eax
:0040D3CE B201
mov dl, 01
:0040D3D0 8B4004
:0040D3D3 FF5018
call [eax+18]
:0040D3D6 C3
ret
:0040D3D7 90
nop

|:0040F8FF
|
:0040D3D8 55
push ebp
:0040D3D9 8BEC
mov ebp, esp
:0040D3DB 51
push ecx
:0040D3DC 53
push ebx
:0040D3DD 8945FC
:0040D3E0 8B45FC
:0040D3E3 8B4008
:0040D3E6 83780800
:0040D3EA 7E4D
jle 0040D439
:0040D3EC 8B45FC
:0040D3EF 8B10
:0040D3F1 FF5214
call [edx+14]
:0040D3F4 33C0
xor eax, eax
:0040D3F6 55
push ebp
:0040D3F7 6832D44000
push 0040D432
:0040D3FC 64FF30
:0040D3FF 648920
:0040D402 EB0C
jmp 0040D410
|:0040D41A(C)
|
:0040D404 8BC3
:0040D406 E8C5F8FFFF
:0040D40B E81058FFFF
|:0040D402(U)
|
:0040D410 8B45FC
:0040D413 8B5808
:0040D416 837B0800
:0040D41A 7FE8
:0040D41C 33C0
:0040D41E 5A
:0040D41F 59
:0040D420 59
:0040D421 648910
mov eax, ebx

call 0040CCD0
call 00402C20
jg 0040D404
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040D424 6839D44000
push 0040D439
|:0040D437(U)
|
:0040D429 8B45FC
:0040D42C 8B10
:0040D42E FF5218
call [edx+18]
:0040D431 C3
ret
:0040D432 E9415EFFFF
:0040D437 EBF0
jmp 00403278
jmp 0040D429

|:0040D3EA(C)
|
:0040D439 5B
pop ebx
:0040D43A 59
pop ecx
:0040D43B 5D
pop ebp
:0040D43C C3
ret
:0040D43D 8D4000

|:0040DFAE
|
:0040D440 53
push ebx
:0040D441 56
push esi
:0040D442 E81D5BFFFF
call 00402F64
:0040D447 8BDA
mov ebx, edx
:0040D449 8BF0
mov esi, eax
:0040D44B 33D2
xor edx, edx
:0040D44D 8BC6
mov eax, esi
:0040D44F E86C090000
call 0040DDC0
:0040D454 8BD3
mov edx, ebx
:0040D456 80E2FC
and dl, FC
:0040D459 8BC6
mov eax, esi
:0040D45B E87CFDFFFF
call 0040D1DC
:0040D460
:0040D462
:0040D464
:0040D466
84DB
7E07
8BC6
E8E95AFFFF
test bl, bl
jle 0040D46B
mov eax, esi
call 00402F54

|:0040D462(C)
|
:0040D46B 5E
pop esi
:0040D46C 5B
pop ebx
:0040D46D C3
ret
:0040D46E
:0040D470
:0040D471
:0040D472
:0040D473
:0040D475
:0040D477
:0040D479
:0040D47B
:0040D47E
:0040D480
:0040D482
:0040D484
:0040D486
:0040D488
:0040D48B
:0040D48D
:0040D48E
:0040D48F
:0040D490
8BC0
53
56
57
8BFA
8BD8
8BC3
8B10
FF5214
8BF0
8BCF
8BD6
8BC3
8B18
FF5354
8BC6
5F
5E
5B
C3
mov eax, eax

push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
mov eax, ebx
call [edx+14]
mov esi, eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call [ebx+54]
mov eax, esi
pop edi
pop esi
pop ebx
ret
:0040D491
:0040D494
:0040D495
:0040D496
:0040D497
:0040D499
:0040D49B
:0040D49D
:0040D49F
:0040D4A2
:0040D4A4
:0040D4A6
:0040D4A8
:0040D4AA
:0040D4AC
:0040D4AF
:0040D4B1
:0040D4B2
:0040D4B3
:0040D4B4
8D4000
53
56
57
8BF9
8BD8
8BC3
8B08
FF5134
8BF0
8BCF
8BD6
8BC3
8B18
FF5324
8BC6
5F
5E
5B
C3

push ebx
push esi
push edi
mov edi, ecx
mov ebx, eax
mov eax, ebx
call [ecx+34]
mov esi, eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call [ebx+24]
mov eax, esi
pop edi
pop esi
pop ebx
ret
:0040D4B5 8D4000
:0040D4B8 55
:0040D4B9 8BEC

push ebp
mov ebp, esp
:0040D4BB
:0040D4BE
:0040D4BF
:0040D4C0
:0040D4C1
:0040D4C3
:0040D4C6
:0040D4C9
:0040D4CC
:0040D4CE
:0040D4CF
:0040D4D4
:0040D4D7
:0040D4DA
:0040D4DD
:0040D4E2
:0040D4E4
:0040D4E5
:0040D4EA
:0040D4ED
:0040D4F0
:0040D4F3
:0040D4F5
:0040D4F8
:0040D4FA
:0040D4FB
:0040D4FD
:0040D4FF
:0040D500
83C4F4
53
56
57
33C9
894DF4
8955F8
8945FC
33C0
55
685FD54000
64FF30
648920
8B45FC
E8FE000000
33C0
55
6842D54000
64FF30
648920
8B45F8
8B10
FF5214
8BF0
4E
85F6
7C2D
46
33DB
add esp, FFFFFFF4

push ebx
push esi
push edi
xor ecx, ecx
mov dword ptr [ebp-0C], ecx
xor eax, eax
push ebp
push 0040D55F
call 0040D5E0
xor eax, eax
push ebp
push 0040D542
call [edx+14]
mov esi, eax
dec esi
test esi, esi
jl 0040D52C
inc esi
xor ebx, ebx

|:0040D52A(C)
|
:0040D502 8D4DF4
lea ecx, dword ptr [ebp-0C]
:0040D505 8BD3
mov edx, ebx
:0040D507 8B45F8
:0040D50A 8B38
:0040D50C FF570C
call [edi+0C]
:0040D50F 8B45F4
:0040D512 50
push eax
:0040D513 8BD3
mov edx, ebx
:0040D515 8B45F8
:0040D518 8B08
:0040D51A FF5118
call [ecx+18]
:0040D51D 8BC8
mov ecx, eax
:0040D51F 8B45FC
:0040D522 5A
pop edx
:0040D523 8B38
:0040D525 FF5738
call [edi+38]
:0040D528 43
inc ebx
:0040D529 4E
dec esi
:0040D52A 75D6
jne 0040D502
|:0040D4FD(C)
|
:0040D52C 33C0
xor eax, eax
:0040D52E 5A
pop edx
:0040D52F 59
pop ecx
:0040D530 59
pop ecx
:0040D531 648910
:0040D534 6849D54000

push 0040D549
|:0040D547(U)
|
:0040D539 8B45FC
:0040D53C E85B010000
:0040D541 C3
:0040D542
:0040D547
:0040D549
:0040D54B
:0040D54C
:0040D54D
:0040D54E
jmp
jmp
xor
pop
pop
pop
mov
E9315DFFFF
EBF0
33C0
5A
59
59
648910

call 0040D69C
ret
00403278
0040D539
eax, eax
edx
ecx
ecx

|
:0040D551 6866D54000
push 0040D566
|:0040D564(U)
|
:0040D556 8D45F4
:0040D559 E85A62FFFF
:0040D55E C3
:0040D55F
:0040D564
:0040D566
:0040D567
:0040D568
:0040D569
:0040D56B
:0040D56C
E9145DFFFF
EBF0
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:0040D56D
:0040D570
:0040D571
:0040D573
:0040D574
:0040D575
:0040D577
:0040D57A
:0040D57C
:0040D582
:0040D587
:0040D589
:0040D58B
:0040D58E
:0040D593
:0040D595
:0040D596
:0040D59B
:0040D59E
8D4000
55
8BEC
51
53
8BDA
8945FC
8BC3
8B1534B74000
E80958FFFF
84C0
7445
8B45FC
E84D000000
33C0
55
68C9D54000
64FF30
648920

push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, edx
mov eax, ebx
call 00402D90
test al, al
je 0040D5D0
call 0040D5E0
xor eax, eax
push ebp
push 0040D5C9

call 004037B8
ret
00403278
0040D556
edi
esi
ebx
esp, ebp
ebp
:0040D5A1
:0040D5A4
:0040D5A6
:0040D5A9
:0040D5AB
:0040D5AE
:0040D5B0
:0040D5B3
:0040D5B5
:0040D5B6
:0040D5B7
:0040D5B8
8B45FC
8B10
FF5240
8BD3
8B45FC
8B08
FF513C
33C0
5A
59
59
648910

call [edx+40]
mov edx, ebx
call [ecx+3C]
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040D5BB 68DAD54000
push 0040D5DA
|:0040D5CE(U)
|
:0040D5C0 8B45FC
:0040D5C3 E8D4000000
:0040D5C8 C3
:0040D5C9 E9AA5CFFFF
:0040D5CE EBF0
jmp 00403278
jmp 0040D5C0
|:0040D589(C)
|
:0040D5D0 8BD3
:0040D5D2 8B45FC
:0040D5D5 E82EFCFFFF
:0040D5DA 5B
:0040D5DB 59
:0040D5DC 5D
:0040D5DD C3
:0040D5DE 8BC0
mov eax, eax

call 0040D69C
ret
mov edx, ebx

call 0040D208
pop ebx
pop ecx
pop ebp
ret

|:0040D4DD , :0040D58E , :0040D7BD , :0040DAEB , :0040DB9E
|:0040DC82 , :0040DE66
|
:0040D5E0 53
push ebx
:0040D5E1 8BD8
mov ebx, eax
:0040D5E3 837B0400
:0040D5E7 7509
jne 0040D5F2
:0040D5E9 B201
mov dl, 01
:0040D5EB 8BC3
mov eax, ebx
:0040D5ED 8B08
:0040D5EF FF5130
call [ecx+30]
|:0040D5E7(C)
|
:0040D5F2 FF4304
inc [ebx+04]
:0040D5F5 5B
pop ebx
:0040D5F6 C3
ret
:0040D5F7 90
nop

|:0040D670
|
:0040D5F8 55
push ebp
:0040D5F9 8BEC
mov ebp, esp
:0040D5FB 53
push ebx
:0040D5FC 56
push esi
:0040D5FD 8B4508
:0040D600 8B40FC
:0040D603 8B701C
mov esi, dword ptr [eax+1C]
:0040D606 85F6
test esi, esi
:0040D608 742D
je 0040D637
:0040D60A B301
mov bl, 01
:0040D60C 8B4508
:0040D60F 8BC6
mov eax, esi
:0040D611 8B1534B74000
:0040D617 E87457FFFF
call 00402D90
:0040D61C 84C0
test al, al
:0040D61E 7427
je 0040D647
:0040D620 8B4508
:0040D623 8BD6
mov edx, esi
:0040D625 8B4508
:0040D628 8B40F8
:0040D62B E880000000
call 0040D6B0
:0040D630 8BD8
mov ebx, eax
:0040D632 80F301
xor bl, 01
:0040D635 EB10
jmp 0040D647
|:0040D608(C)
|
:0040D637 8B4508
:0040D63A 8B40F8
:0040D63D 8B10
:0040D63F FF5214
call [edx+14]
:0040D642 85C0
test eax, eax
:0040D644 0F9FC3
setg bl
|:0040D61E(C), :0040D635(U)
|
:0040D647 8BC3
:0040D649 5E
:0040D64A 5B
:0040D64B 5D
:0040D64C C3
:0040D64D
:0040D650
:0040D651
:0040D653
:0040D656
:0040D657
:0040D65A

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
8D4000
55
8BEC
83C4F8
53
8955FC
8945F8
mov
pop
pop
pop
ret
eax, ebx
esi
ebx
ebp
:0040D65D
:0040D660
:0040D661
:0040D666
:0040D669
:0040D66A
:0040D66F
:0040D670
:0040D675
:0040D676
8B45F8
50
6858DC4000
8B45F8
50
6808DF4000
55
E883FFFFFF
59
8BC8

push eax
push 0040DC58
push eax
push 0040DF08
push ebp
call 0040D5F8
pop ecx
mov ecx, eax
* Possible StringData Ref from Code Obj ->"Strings"

|
:0040D678 BA94D64000
mov edx, 0040D694
:0040D67D 8B45FC
:0040D680 8B18
:0040D682 FF13
:0040D684 5B
pop ebx
:0040D685 59
pop ecx
:0040D686 59
pop ecx
:0040D687 5D
pop ebp
:0040D688 C3
ret
:0040D689 000000
BYTE 3 DUP(0)
:0040D68C FFFFFFFF
BYTE 4 DUP(0ffh)
:0040D690 07
:0040D691 000000
pop es
BYTE 3 DUP(0)
:0040D694
:0040D695
:0040D697
:0040D698
:0040D699
:0040D69A
:0040D69B
push ebx
je 0040D709
BYTE 69h
BYTE 6eh
BYTE 67h
BYTE 73h
BYTE 00h
53
7472
69
6E
67
73
00

|:0040D53C , :0040D5C3 , :0040D844 , :0040DB43 , :0040DBF2
|:0040DCD1 , :0040DED5
|
:0040D69C FF4804
dec [eax+04]
:0040D69F 83780400
:0040D6A3 7507
jne 0040D6AC
:0040D6A5 33D2
xor edx, edx
:0040D6A7 8B08
:0040D6A9 FF5130
call [ecx+30]
:0040D6AC C3
ret
:0040D6AD 8D4000
|:0040D62B
|
:0040D6B0
:0040D6B1
:0040D6B3
:0040D6B6
:0040D6B7
:0040D6B8
:0040D6B9
:0040D6BB
:0040D6BE
:0040D6C1
:0040D6C4
:0040D6C7
:0040D6C9
:0040D6CA
:0040D6CF
:0040D6D2
:0040D6D5
:0040D6D9
:0040D6DC
:0040D6DE
:0040D6E1
:0040D6E3
:0040D6E6
:0040D6E8
:0040D6EB
:0040D6ED
:0040D6EF
:0040D6F1
:0040D6F2
:0040D6F4
:0040D6F6
:0040D6F7
55
8BEC
83C4EC
53
56
57
33C9
894DF0
894DEC
8955F8
8945FC
33C0
55
6845D74000
64FF30
648920
C645F700
8B45FC
8B10
FF5214
8BD8
8B45F8
8B10
FF5214
3BD8
753B
8BF3
4E
85F6
7C30
46
33DB
push ebp
mov ebp, esp
add esp, FFFFFFEC
push ebx
push esi
push edi
xor ecx, ecx
xor eax, eax
push ebp
push 0040D745
mov [ebp-09], 00
call [edx+14]
mov ebx, eax
call [edx+14]
cmp ebx, eax
jne 0040D72A
mov esi, ebx
dec esi
test esi, esi
jl 0040D726
inc esi
xor ebx, ebx

|:0040D724(C)
|
:0040D6F9 8D4DF0
:0040D6FC 8BD3
mov edx, ebx
:0040D6FE 8B45FC
:0040D701 8B38
:0040D703 FF570C
call [edi+0C]
:0040D706 8B45F0
|:0040D695(C)
|
:0040D709 50
:0040D70A 8D4DEC
:0040D70D 8BD3
:0040D70F 8B45F8
:0040D712 8B38
:0040D714 FF570C
:0040D717 8B55EC
:0040D71A 58
:0040D71B E82464FFFF
:0040D720 7508
:0040D722 43
:0040D723 4E
:0040D724 75D3

push eax
lea ecx, dword
mov edx, ebx
mov eax, dword
mov edi, dword
call [edi+0C]
mov edx, dword
pop eax
call 00403B44
jne 0040D72A
inc ebx
dec esi
jne 0040D6F9
ptr [ebp-14]
ptr [ebp-08]
ptr [eax]
ptr [ebp-14]

|:0040D6F4(C)
|
:0040D726 C645F701
mov [ebp-09], 01
|:0040D6ED(C), :0040D720(C)
|
:0040D72A 33C0
:0040D72C 5A
:0040D72D 59
:0040D72E 59
:0040D72F 648910
:0040D732 684CD74000
|:0040D74A(U)
|
:0040D737 8D45EC
:0040D73A BA02000000
:0040D73F E89860FFFF
:0040D744 C3
:0040D745
:0040D74A
:0040D74C
:0040D74F
:0040D750
:0040D751
:0040D752
:0040D754
:0040D755
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
E92E5BFFFF
EBEB
8A45F7
5F
5E
5B
8BE5
5D
C3
:0040D756 8BC0
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040D74C

mov edx, 00000002
call 004037DC
ret
00403278
0040D737
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:0040D765
|
:0040D758 8B4504
:0040D75B C3
ret

|:0040E047 , :0040E126 , :0040E1C9 , :0040E1EB , :0040E2F1
|:0040E366 , :0040E43A , :0040E45C , :0040E52E , :0040E550
|:0040E5CD
|
:0040D75C 53
push ebx
:0040D75D 56
push esi
:0040D75E 83C4F8
add esp, FFFFFFF8
:0040D761 8BF1
mov esi, ecx
:0040D763 8BDA
mov ebx, edx
:0040D765 E8EEFFFFFF
call 0040D758
:0040D76A 50
push eax
:0040D76B 89742404
:0040D76F C644240800
mov [esp+08], 00
:0040D774
:0040D778
:0040D779
:0040D77B
:0040D77D
:0040D77F
:0040D784
:0040D789
:0040D78E
:0040D78F
:0040D790
:0040D791
:0040D792
8D442404
50
6A00
8BCB
B201
A1DCB34000
E81FB1FFFF
E9225BFFFF
59
5A
5E
5B
C3

push eax
push 00000000
mov ecx, ebx
mov dl, 01
mov eax, dword ptr [0040B3DC]
call 004088A8
jmp 004032B0
pop ecx
pop edx
pop esi
pop ebx
ret
:0040D793
:0040D794
:0040D795
:0040D797
:0040D79A
:0040D79B
:0040D79C
:0040D79D
:0040D79F
:0040D7A2
:0040D7A5
:0040D7A7
:0040D7A9
:0040D7AC
:0040D7AE
:0040D7AF
:0040D7B4
:0040D7B7
:0040D7BA
:0040D7BD
:0040D7C2
:0040D7C4
:0040D7C5
:0040D7CA
:0040D7CD
:0040D7D0
:0040D7D3
:0040D7D5
:0040D7D8
:0040D7DA
:0040D7DD
:0040D7DF
:0040D7E2
:0040D7E4
:0040D7E7
:0040D7EA
:0040D7ED
:0040D7EF
:0040D7F2
:0040D7F4
:0040D7F7
:0040D7FA
:0040D7FC
:0040D7FF
:0040D801
90
55
8BEC
83C4F0
53
56
57
33DB
895DF0
895DF4
8BF1
8BDA
8945FC
33C0
55
686CD84000
64FF30
648920
8B45FC
E81EFEFFFF
33C0
55
684AD84000
64FF30
648920
8D4DF4
8BD3
8B45FC
8B38
FF570C
8BD3
8B45FC
8B08
FF5118
8945F8
8D4DF0
8BD6
8B45FC
8B38
FF570C
8B4DF0
8BD3
8B45FC
8B38
FF5720
nop
push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi
xor ebx, ebx
mov esi, ecx
mov ebx, edx
xor eax, eax
push ebp
push 0040D86C
call 0040D5E0
xor eax, eax
push ebp
push 0040D84A
mov edx, ebx
call [edi+0C]
mov edx, ebx
call [ecx+18]
mov edx, esi
call [edi+0C]
mov edx, ebx
call [edi+20]
:0040D804
:0040D806
:0040D809
:0040D80B
:0040D80E
:0040D810
:0040D812
:0040D815
:0040D817
:0040D81A
:0040D81D
:0040D81F
:0040D822
:0040D824
:0040D827
:0040D82A
:0040D82C
:0040D82F
:0040D831
:0040D834
:0040D836
:0040D837
:0040D838
:0040D839
:0040D83C
8BD6
8B45FC
8B08
FF5118
8BC8
8BD3
8B45FC
8B18
FF5324
8B4DF4
8BD6
8B45FC
8B18
FF5320
8B4DF8
8BD6
8B45FC
8B18
FF5324
33C0
5A
59
59
648910
6851D84000
mov edx, esi

call [ecx+18]
mov ecx, eax
mov edx, ebx
call [ebx+24]
mov edx, esi
call [ebx+20]
mov edx, esi
call [ebx+24]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040D851
|:0040D84F(U)
|
:0040D841 8B45FC
:0040D849 C3
:0040D84A
:0040D84F
:0040D851
:0040D853
:0040D854
:0040D855
:0040D856
jmp
jmp
xor
pop
pop
pop
mov
E9295AFFFF
EBF0
33C0
5A
59
59
648910

call 0040D69C
ret
00403278
0040D841
eax, eax
edx
ecx
ecx

|
:0040D859 6873D84000
push 0040D873
|:0040D871(U)
|
:0040D85E 8D45F0
:0040D861 BA02000000
:0040D866 E8715FFFFF
:0040D86B C3
:0040D86C
:0040D871
:0040D873
:0040D874
:0040D875
jmp
jmp
pop
pop
pop
E9075AFFFF
EBEB
5F
5E
5B

mov edx, 00000002
call 004037DC
ret
00403278
0040D85E
edi
esi
ebx
:0040D876 8BE5
:0040D878 5D
:0040D879 C3
mov esp, ebp

pop ebp
ret
:0040D87A
:0040D87C
:0040D87E
:0040D881
mov eax, eax

call [edx+14]
ret
8BC0
8B10
FF5214
C3
:0040D882 8BC0
:0040D884 33C0
:0040D886 C3
mov eax, eax

xor eax, eax
ret
:0040D887
:0040D888
:0040D889
:0040D88B
:0040D88D
:0040D88E
:0040D890
:0040D892
:0040D893
:0040D898
:0040D89B
:0040D89E
:0040D8A1
:0040D8A3
:0040D8A5
:0040D8A8
:0040D8AB
:0040D8B0
:0040D8B5
:0040D8B7
:0040D8B9
:0040D8BA
:0040D8BB
:0040D8BC
:0040D8BF
nop
push ebp
mov ebp, esp
push 00000000
push ebx
mov ebx, eax
xor eax, eax
push ebp
push 0040D8CD
mov eax, ebx
call [ecx+1C]
call 00403BF8
call 00407AF0
mov ebx, eax
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040D8D4
90
55
8BEC
6A00
53
8BD8
33C0
55
68CDD84000
64FF30
648920
8D55FC
8BC3
8B08
FF511C
8B45FC
E84863FFFF
E83BA2FFFF
8BD8
33C0
5A
59
59
648910
68D4D84000
|:0040D8D2(U)
|
:0040D8C4 8D45FC
:0040D8C7 E8EC5EFFFF
:0040D8CC C3
:0040D8CD
:0040D8D2
:0040D8D4
:0040D8D6
:0040D8D7
:0040D8D8
:0040D8D9
jmp
jmp
mov
pop
pop
pop
ret
E9A659FFFF
EBF0
8BC3
5B
59
5D
C3
:0040D8DA 8BC0

call 004037B8
ret
00403278
0040D8C4
eax, ebx
ebx
ecx
ebp
mov eax, eax
:0040D8DC
:0040D8DD
:0040D8DF
:0040D8E2
:0040D8E3
:0040D8E4
:0040D8E5
:0040D8E7
:0040D8EA
:0040D8ED
:0040D8F0
:0040D8F3
:0040D8F5
:0040D8F6
:0040D8FB
:0040D8FE
:0040D901
:0040D904
:0040D906
:0040D909
:0040D90C
:0040D90E
:0040D911
:0040D912
:0040D914
:0040D916
:0040D917
55
8BEC
83C4E8
53
56
57
33C9
894DE8
894DEC
8955F8
8945FC
33C0
55
68B3D94000
64FF30
648920
8B45FC
8B10
FF5214
8945F0
33DB
8B75F0
4E
85F6
7C29
46
C745F400000000
push ebp
mov ebp, esp
add esp, FFFFFFE8
push ebx
push esi
push edi
xor ecx, ecx
xor eax, eax
push ebp
push 0040D9B3
call [edx+14]
xor ebx, ebx
dec esi
test esi, esi
jl 0040D93F
inc esi
mov [ebp-0C], 00000000
|:0040D93D(C)
|
:0040D91E 8D4DE8
:0040D921 8B55F4
:0040D924 8B45FC
:0040D927 8B38
:0040D929 FF570C
:0040D92C 8B45E8
:0040D92F E80061FFFF
:0040D934 83C002
:0040D937 03D8
:0040D939 FF45F4
:0040D93C 4E
:0040D93D 75DF
|:0040D914(C)
|
:0040D93F 8B45F8
:0040D942 8BCB
:0040D944 33D2
:0040D946 E8515FFFFF
:0040D94B 8B5DF8
:0040D94E 8B1B
:0040D950 8B75F0
:0040D953 4E
:0040D954 85F6
:0040D956 7C40
:0040D958 46
:0040D959 C745F400000000
lea ecx, dword ptr

mov edx, dword ptr
mov eax, dword ptr
mov edi, dword ptr
call [edi+0C]
mov eax, dword ptr
call 00403A34
add eax, 00000002
add ebx, eax
inc [ebp-0C]
dec esi
jne 0040D91E
[ebp-18]
[ebp-0C]
[ebp-04]
[eax]
[ebp-18]

mov ecx, ebx
xor edx, edx
call 0040389C
dec esi
test esi, esi
jl 0040D998
inc esi
mov [ebp-0C], 00000000
|:0040D996(C)
|
:0040D960 8D4DEC
:0040D963 8B55F4
:0040D966 8B45FC
:0040D969 8B38
:0040D96B FF570C
:0040D96E 8B45EC
:0040D971 E8BE60FFFF
:0040D976 8BF8
:0040D978 85FF
:0040D97A 740E
:0040D97C 8BD3
:0040D97E 8B45EC
:0040D981 8BCF
:0040D983 E8244EFFFF
:0040D988 03DF

lea ecx, dword
mov edx, dword
mov eax, dword
mov edi, dword
call [edi+0C]
mov eax, dword
call 00403A34
mov edi, eax
test edi, edi
je 0040D98A
mov edx, ebx
mov eax, dword
mov ecx, edi
call 004027AC
add ebx, edi
ptr
ptr
ptr
ptr
[ebp-14]
[ebp-0C]
[ebp-04]
[eax]
ptr [ebp-14]
ptr [ebp-14]

|:0040D97A(C)
|
:0040D98A C6030D
mov byte ptr [ebx], 0D
:0040D98D 43
inc ebx
:0040D98E C6030A
mov byte ptr [ebx], 0A
:0040D991 43
inc ebx
:0040D992 FF45F4
inc [ebp-0C]
:0040D995 4E
dec esi
:0040D996 75C8
jne 0040D960
|:0040D956(C)
|
:0040D998 33C0
xor eax, eax
:0040D99A 5A
pop edx
:0040D99B 59
pop ecx
:0040D99C 59
pop ecx
:0040D99D 648910
|
:0040D9A0 68BAD94000
push 0040D9BA
|:0040D9B8(U)
|
:0040D9A5 8D45E8
:0040D9A8 BA02000000
:0040D9AD E82A5EFFFF
:0040D9B2 C3
:0040D9B3
:0040D9B8
:0040D9BA
:0040D9BB
:0040D9BC
:0040D9BD
:0040D9BF
:0040D9C0
jmp
jmp
pop
pop
pop
mov
pop
ret
E9C058FFFF
EBEB
5F
5E
5B
8BE5
5D
C3

mov edx, 00000002
call 004037DC
ret
00403278
0040D9A5
edi
esi
ebx
esp, ebp
ebp
:0040D9C1 8D4000

|:0040E3DD
|
:0040D9C4 55
push ebp
:0040D9C5 8BEC
mov ebp, esp
:0040D9C7 83C4F4
add esp, FFFFFFF4
:0040D9CA 53
push ebx
:0040D9CB 56
push esi
:0040D9CC 57
push edi
:0040D9CD 33C9
xor ecx, ecx
:0040D9CF 894DF4
:0040D9D2 8955F8
:0040D9D5 8945FC
:0040D9D8 33C0
xor eax, eax
:0040D9DA 55
push ebp
:0040D9DB 6831DA4000
push 0040DA31
:0040D9E0 64FF30
:0040D9E3 648920
:0040D9E6 8B45FC
:0040D9E9 8B10
:0040D9EB FF5214
call [edx+14]
:0040D9EE 8BD8
mov ebx, eax
:0040D9F0 4B
dec ebx
:0040D9F1 85DB
test ebx, ebx
:0040D9F3 7C23
jl 0040DA18
:0040D9F5 43
inc ebx
:0040D9F6 33F6
xor esi, esi
|:0040DA16(C)
|
:0040D9F8 8D4DF4
:0040D9FB 8BD6
:0040D9FD 8B45FC
:0040DA00 8B38
:0040DA02 FF570C
:0040DA05 8B45F4
:0040DA08 8B55F8
:0040DA0B E8649BFFFF
:0040DA10 85C0
:0040DA12 7407
:0040DA14 46
:0040DA15 4B
:0040DA16 75E0

lea ecx, dword
mov edx, esi
mov eax, dword
mov edi, dword
call [edi+0C]
mov eax, dword
mov edx, dword
call 00407574
test eax, eax
je 0040DA1B
inc esi
dec ebx
jne 0040D9F8
ptr [ebp-0C]
ptr [ebp-04]
ptr [eax]
ptr [ebp-0C]
ptr [ebp-08]

|:0040D9F3(C)
|
:0040DA18 83CEFF
or esi, FFFFFFFF
|:0040DA12(C)
|
:0040DA1B 33C0
xor eax, eax
:0040DA1D 5A
pop edx
:0040DA1E 59
pop ecx
:0040DA1F 59
:0040DA20 648910
:0040DA23 6838DA4000
pop ecx
push 0040DA38
|:0040DA36(U)
|
:0040DA28 8D45F4
:0040DA2B E8885DFFFF
:0040DA30 C3
:0040DA31
:0040DA36
:0040DA38
:0040DA3A
:0040DA3B
:0040DA3C
:0040DA3D
:0040DA3F
:0040DA40
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
E94258FFFF
EBF0
8BC6
5F
5E
5B
8BE5
5D
C3
:0040DA41 8D4000

call 004037B8
ret
00403278
0040DA28
eax, esi
edi
esi
ebx
esp, ebp
ebp

|:0040DBDD , :0040DC49
|
:0040DA44 55
push ebp
:0040DA45 8BEC
mov ebp, esp
:0040DA47 51
push ecx
:0040DA48 53
push ebx
:0040DA49 56
push esi
:0040DA4A 57
push edi
:0040DA4B 894DFC
:0040DA4E 8BDA
mov ebx, edx
:0040DA50 8BF0
mov esi, eax
:0040DA52 8B4DFC
:0040DA55 8BD3
mov edx, ebx
:0040DA57 8BC6
mov eax, esi
:0040DA59 8B38
:0040DA5B FF5754
call [edi+54]
:0040DA5E 8B4D08
:0040DA61 8BD3
mov edx, ebx
:0040DA63 8BC6
mov eax, esi
:0040DA65 8B18
:0040DA67 FF5324
call [ebx+24]
:0040DA6A 5F
pop edi
:0040DA6B 5E
pop esi
:0040DA6C 5B
pop ebx
:0040DA6D 59
pop ecx
:0040DA6E 5D
pop ebp
:0040DA6F C20400
ret 0004
:0040DA72
:0040DA74
:0040DA75
:0040DA77
:0040DA78
8BC0
55
8BEC
51
56
mov eax, eax

push ebp
mov ebp, esp
push ecx
push esi
:0040DA79
:0040DA7B
:0040DA7D
:0040DA7F
:0040DA84
:0040DA86
:0040DA8B
:0040DA8E
:0040DA90
:0040DA91
:0040DA96
:0040DA99
:0040DA9C
:0040DA9F
:0040DAA1
:0040DAA3
:0040DAA6
:0040DAA8
:0040DAA9
:0040DAAA
:0040DAAB
8BF0
6A20
8BCA
A124BA4000
B201
E8A90E0000
8945FC
33C0
55
68BCDA4000
64FF30
648920
8B55FC
8BC6
8B08
FF515C
33C0
5A
59
59
648910
mov esi, eax

push 00000020
mov ecx, edx
mov dl, 01
call 0040E934
xor eax, eax
push ebp
push 0040DABC
mov eax, esi
call [ecx+5C]
xor eax, eax
pop edx
pop ecx
pop ecx
* Possible StringData Ref from Code Obj ->"^Y]"

|
:0040DAAE 68C3DA4000
push 0040DAC3
|:0040DAC1(U)
|
:0040DAB3 8B45FC
:0040DAB6 E86551FFFF
:0040DABB C3
:0040DABC
:0040DAC1
:0040DAC3
:0040DAC4
:0040DAC5
:0040DAC6
E9B757FFFF
EBF0
5E
59
5D
C3
jmp
jmp
pop
pop
pop
ret
:0040DAC7
:0040DAC8
:0040DAC9
:0040DACB
:0040DACE
:0040DACF
:0040DAD0
:0040DAD2
:0040DAD5
:0040DAD7
:0040DADA
:0040DADC
:0040DADD
:0040DAE2
:0040DAE5
:0040DAE8
:0040DAEB
:0040DAF0
90
55
8BEC
83C4F8
53
56
33C9
894DF8
8BDA
8945FC
33C0
55
6866DB4000
64FF30
648920
8B45FC
E8F0FAFFFF
33C0
nop
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
xor ecx, ecx
mov ebx, edx
xor eax, eax
push ebp
push 0040DB66
call 0040D5E0
xor eax, eax

call 00402C20
ret
00403278
0040DAB3
esi
ecx
ebp
:0040DAF2
:0040DAF3
:0040DAF8
:0040DAFB
:0040DAFE
:0040DB00
:0040DB05
:0040DB07
:0040DB09
:0040DB0E
:0040DB10
:0040DB13
:0040DB15
:0040DB17
:0040DB1C
:0040DB1F
:0040DB21
:0040DB23
:0040DB25
:0040DB28
:0040DB2B
:0040DB2E
:0040DB30
:0040DB33
:0040DB35
:0040DB36
:0040DB37
:0040DB38
:0040DB3B
55
6849DB4000
64FF30
648920
8BC3
E8530C0000
8BF0
8BC3
E82E0C0000
2BF0
8D45F8
8BCE
33D2
E8805DFFFF
8B55F8
8BCE
8BC3
8B18
FF5304
8B55F8
8B45FC
8B08
FF512C
33C0
5A
59
59
648910
6850DB4000
push ebp
push 0040DB49
mov eax, ebx
call 0040E758
mov esi, eax
mov eax, ebx
call 0040E73C
sub esi, eax
mov ecx, esi
xor edx, edx
call 0040389C
mov ecx, esi
mov eax, ebx
call [ebx+04]
call [ecx+2C]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040DB50
|:0040DB4E(U)
|
:0040DB40 8B45FC
:0040DB43 E854FBFFFF
:0040DB48 C3
:0040DB49
:0040DB4E
:0040DB50
:0040DB52
:0040DB53
:0040DB54
:0040DB55
jmp
jmp
xor
pop
pop
pop
mov
E92A57FFFF
EBF0
33C0
5A
59
59
648910

call 0040D69C
ret
00403278
0040DB40
eax, eax
edx
ecx
ecx

|
:0040DB58 686DDB4000
push 0040DB6D
|:0040DB6B(U)
|
:0040DB5D 8D45F8
:0040DB60 E8535CFFFF
:0040DB65 C3
:0040DB66 E90D57FFFF
:0040DB6B EBF0
jmp 00403278
jmp 0040DB5D

call 004037B8
ret
:0040DB6D
:0040DB6E
:0040DB6F
:0040DB70
:0040DB71
:0040DB72
5E
5B
59
59
5D
C3
pop
pop
pop
pop
pop
ret
esi
ebx
ecx
ecx
ebp
:0040DB73
:0040DB74
:0040DB75
:0040DB77
:0040DB7A
:0040DB7B
:0040DB7C
:0040DB7D
:0040DB7F
:0040DB82
:0040DB84
:0040DB86
:0040DB89
:0040DB8B
:0040DB8C
:0040DB91
:0040DB94
:0040DB97
:0040DB99
:0040DB9B
:0040DB9E
:0040DBA3
:0040DBA5
:0040DBA6
:0040DBAB
:0040DBAE
:0040DBB1
:0040DBB4
:0040DBB6
:0040DBB9
:0040DBBB
:0040DBBE
:0040DBC0
:0040DBC3
:0040DBC5
:0040DBC8
:0040DBCA
:0040DBCC
:0040DBCF
:0040DBD1
:0040DBD4
:0040DBD5
:0040DBD8
:0040DBDA
:0040DBDD
:0040DBE2
:0040DBE4
:0040DBE5
:0040DBE6
:0040DBE7
:0040DBEA
90
55
8BEC
83C4F8
53
56
57
33DB
895DF8
8BF1
8BDA
8945FC
33C0
55
6815DC4000
64FF30
648920
3BF3
7464
8B45FC
E83DFAFFFF
33C0
55
68F8DB4000
64FF30
648920
8D4DF8
8BD3
8B45FC
8B38
FF570C
8BD3
8B45FC
8B08
FF5118
8BF8
8BD3
8B45FC
8B08
FF5144
57
8B4DF8
8BD6
8B45FC
E862FEFFFF
33C0
5A
59
59
648910
68FFDB4000
nop
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
xor ebx, ebx
mov esi, ecx
mov ebx, edx
xor eax, eax
push ebp
push 0040DC15
cmp esi, ebx
je 0040DBFF
call 0040D5E0
xor eax, eax
push ebp
push 0040DBF8
mov edx, ebx
call [edi+0C]
mov edx, ebx
call [ecx+18]
mov edi, eax
mov edx, ebx
call [ecx+44]
push edi
mov edx, esi
call 0040DA44
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040DBFF
|:0040DBFD(U)
|
:0040DBEF 8B45FC
:0040DBF2 E8A5FAFFFF
:0040DBF7 C3
:0040DBF8 E97B56FFFF
:0040DBFD EBF0
jmp 00403278
jmp 0040DBEF

call 0040D69C
ret

|:0040DB99(C)
|
:0040DBFF 33C0
xor eax, eax
:0040DC01 5A
pop edx
:0040DC02 59
pop ecx
:0040DC03 59
pop ecx
:0040DC04 648910
* Possible StringData Ref from Code Obj ->"_^[YY]"
|
:0040DC07 681CDC4000
push 0040DC1C
|:0040DC1A(U)
|
:0040DC0C 8D45F8
:0040DC0F E8A45BFFFF
:0040DC14 C3
:0040DC15
:0040DC1A
:0040DC1C
:0040DC1D
:0040DC1E
:0040DC1F
:0040DC20
:0040DC21
:0040DC22
E95E56FFFF
EBF0
5F
5E
5B
59
59
5D
C3
jmp
jmp
pop
pop
pop
pop
pop
pop
ret
:0040DC23
:0040DC24
:0040DC25
:0040DC26
:0040DC27
:0040DC28
:0040DC2A
:0040DC2C
:0040DC2E
:0040DC30
:0040DC32
:0040DC34
:0040DC37
:0040DC39
:0040DC3B
:0040DC3D
:0040DC3F
90
53
56
57
55
8BE9
8BF2
8BD8
8BD6
8BC3
8B08
FF5118
8BF8
8BD6
8BC3
8B08
FF5144
nop
push ebx
push esi
push edi
push ebp
mov ebp, ecx
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call [ecx+18]
mov edi, eax
mov edx, esi
mov eax, ebx
call [ecx+44]

call 004037B8
ret
00403278
0040DC0C
edi
esi
ebx
ecx
ecx
ebp
:0040DC42
:0040DC43
:0040DC45
:0040DC47
:0040DC49
:0040DC4E
:0040DC4F
:0040DC50
:0040DC51
:0040DC52
57
8BCD
8BD6
8BC3
E8F6FDFFFF
5D
5F
5E
5B
C3
push edi
mov ecx, ebp
mov edx, esi
mov eax, ebx
call 0040DA44
pop ebp
pop edi
pop esi
pop ebx
ret
:0040DC53 90
:0040DC54 C3
nop
ret
:0040DC55
:0040DC58
:0040DC59
:0040DC5B
:0040DC5E
:0040DC60
:0040DC63
:0040DC66
:0040DC69
:0040DC6B
:0040DC6C
:0040DC71
:0040DC74
:0040DC77
:0040DC7A
:0040DC7F
:0040DC82
:0040DC87
:0040DC89
:0040DC8A
:0040DC8F
:0040DC92
:0040DC95
:0040DC98
:0040DC9A
:0040DC9D

push ebp
mov ebp, esp
add esp, FFFFFFF4
xor ecx, ecx
xor eax, eax
push ebp
push 0040DCFC
call 00410064
call 0040D5E0
xor eax, eax
push ebp
push 0040DCD7
call [edx+40]
jmp 0040DCB5
8D4000
55
8BEC
83C4F4
33C9
894DF4
8955F8
8945FC
33C0
55
68FCDC4000
64FF30
648920
8B45F8
E8E5230000
8B45FC
E859F9FFFF
33C0
55
68D7DC4000
64FF30
648920
8B45FC
8B10
FF5240
EB16
|:0040DCBF(C)
|
:0040DC9F 8D55F4
:0040DCA2 8B45F8
:0040DCA5 E89E310000
:0040DCAA 8B55F4
:0040DCAD 8B45FC
:0040DCB0 8B08
:0040DCB2 FF5134
|:0040DC9D(U)
|
:0040DCB5 8B45F8
:0040DCB8 E88B180000
:0040DCBD 84C0
lea edx, dword

mov eax, dword
call 00410E48
mov edx, dword
mov eax, dword
mov ecx, dword
call [ecx+34]
ptr [ebp-0C]
ptr [ebp-08]
ptr [ebp-0C]
ptr [ebp-04]
ptr [eax]

call 0040F548
test al, al
:0040DCBF
:0040DCC1
:0040DCC3
:0040DCC4
:0040DCC5
:0040DCC6
:0040DCC9
74DE
33C0
5A
59
59
648910
68DEDC4000
je 0040DC9F
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040DCDE
|:0040DCDC(U)
|
:0040DCCE 8B45FC
:0040DCD1 E8C6F9FFFF
:0040DCD6 C3
:0040DCD7
:0040DCDC
:0040DCDE
:0040DCE1
:0040DCE6
:0040DCE8
:0040DCE9
:0040DCEA
:0040DCEB
:0040DCEE
jmp 00403278
jmp 0040DCCE
call 0041006C
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040DD03
E99C55FFFF
EBF0
8B45F8
E886230000
33C0
5A
59
59
648910
6803DD4000

call 0040D69C
ret
|:0040DD01(U)
|
:0040DCF3 8D45F4
:0040DCF6 E8BD5AFFFF
:0040DCFB C3
:0040DCFC
:0040DD01
:0040DD03
:0040DD05
:0040DD06
E97755FFFF
EBF0
8BE5
5D
C3
jmp
jmp
mov
pop
ret
:0040DD07
:0040DD08
:0040DD09
:0040DD0B
:0040DD0C
:0040DD0D
90
55
8BEC
51
56
8BF0
nop
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax

call 004037B8
ret
00403278
0040DCF3
esp, ebp
ebp
* Possible Reference to String Resource ID=65535: "Floating point underflow"

|
:0040DD0F 68FFFF0000
push 0000FFFF
:0040DD14 8BCA
mov ecx, edx
:0040DD16 A124BA4000
:0040DD1B B201
mov dl, 01
:0040DD1D E8120C0000
call 0040E934
:0040DD22 8945FC
:0040DD25 33C0
xor eax, eax
:0040DD27 55
push ebp
:0040DD28 6853DD4000
push 0040DD53
:0040DD2D
:0040DD30
:0040DD33
:0040DD36
:0040DD38
:0040DD3A
:0040DD3D
:0040DD3F
:0040DD40
:0040DD41
:0040DD42
64FF30
648920
8B55FC
8BC6
8B08
FF5168
33C0
5A
59
59
648910

mov eax, esi
call [ecx+68]
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040DD45 685ADD4000
push 0040DD5A
|:0040DD58(U)
|
:0040DD4A 8B45FC
:0040DD4D E8CE4EFFFF
:0040DD52 C3
:0040DD53
:0040DD58
:0040DD5A
:0040DD5B
:0040DD5C
:0040DD5D
E92055FFFF
EBF0
5E
59
5D
C3
jmp
jmp
pop
pop
pop
ret
:0040DD5E
:0040DD60
:0040DD61
:0040DD63
:0040DD65
:0040DD66
:0040DD67
:0040DD69
:0040DD6B
:0040DD6D
:0040DD6E
:0040DD73
:0040DD76
:0040DD79
:0040DD7C
:0040DD7E
:0040DD80
:0040DD83
:0040DD86
:0040DD8B
:0040DD8D
:0040DD90
:0040DD92
:0040DD97
:0040DD99
:0040DD9A
:0040DD9B
:0040DD9C
8BC0
55
8BEC
6A00
53
56
8BF2
8BD8
33C0
55
68ADDD4000
64FF30
648920
8D55FC
8BC3
8B08
FF511C
8B45FC
E8A95CFFFF
8BC8
8B55FC
8BC6
E8750A0000
33C0
5A
59
59
648910
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040DDAD
mov eax, ebx
call [ecx+1C]
call 00403A34
mov ecx, eax
mov eax, esi
call 0040E80C
xor eax, eax
pop edx
pop ecx
pop ecx

call 00402C20
ret
00403278
0040DD4A
esi
ecx
ebp

|
:0040DD9F 68B4DD4000
push 0040DDB4
|:0040DDB2(U)
|
:0040DDA4 8D45FC
:0040DDA7 E80C5AFFFF
:0040DDAC C3
:0040DDAD
:0040DDB2
:0040DDB4
:0040DDB5
:0040DDB6
:0040DDB7
:0040DDB8
jmp
jmp
pop
pop
pop
pop
ret
E9C654FFFF
EBF0
5E
5B
59
5D
C3

call 004037B8
ret
00403278
0040DDA4
esi
ebx
ecx
ebp
:0040DDB9 8D4000
:0040DDBC C3

ret
:0040DDBD 8D4000

|:0040D44F
|
:0040DDC0 53
push ebx
:0040DDC1 56
push esi
:0040DDC2 8BF2
mov esi, edx
:0040DDC4 8BD8
mov ebx, eax
:0040DDC6 837B0800
:0040DDCA 7408
je 0040DDD4
:0040DDCC 8B4308
:0040DDCF 8B10
:0040DDD1 FF5210
call [edx+10]
|:0040DDCA(C)
|
:0040DDD4 8D4308
:0040DDD7 8BD6
:0040DDD9 E8B670FFFF
:0040DDDE 837B0800
:0040DDE2 740A
:0040DDE4 8BD3
:0040DDE6 8B4308
:0040DDE9 8B08
:0040DDEB FF510C

mov edx, esi
call 00404E94
je 0040DDEE
mov edx, ebx
call [ecx+0C]

|:0040DDE2(C)
|
:0040DDEE 5E
pop esi
:0040DDEF 5B
pop ebx
:0040DDF0 C3
ret
:0040DDF1
:0040DDF4
:0040DDF5
:0040DDF7
:0040DDF9
:0040DDFA
:0040DDFB
:0040DDFD
:0040DDFF
:0040DE01
:0040DE02
:0040DE07
:0040DE0A
:0040DE0D
:0040DE10
:0040DE12
:0040DE17
:0040DE1A
:0040DE1C
:0040DE1E
:0040DE21
:0040DE23
:0040DE24
:0040DE25
:0040DE26
8D4000
55
8BEC
6A00
53
56
8BF2
8BD8
33C0
55
6837DE4000
64FF30
648920
8D45FC
8BD6
E8555BFFFF
8B55FC
8BC3
8B08
FF512C
33C0
5A
59
59
648910

push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040DE37
mov edx, esi
call 0040396C
mov eax, ebx
call [ecx+2C]
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040DE29 683EDE4000
push 0040DE3E
|:0040DE3C(U)
|
:0040DE2E 8D45FC
:0040DE31 E88259FFFF
:0040DE36 C3
:0040DE37
:0040DE3C
:0040DE3E
:0040DE3F
:0040DE40
:0040DE41
:0040DE42
E93C54FFFF
EBF0
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
ret
:0040DE43
:0040DE44
:0040DE45
:0040DE47
:0040DE4A
:0040DE4B
:0040DE4D
:0040DE50
:0040DE52
:0040DE55
:0040DE57
90
55
8BEC
83C4F8
53
33C9
894DF8
8BDA
8945FC
33C0
55
nop
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
xor ecx, ecx
mov ebx, edx
xor eax, eax
push ebp

call 004037B8
ret
00403278
0040DE2E
esi
ebx
ecx
ebp
:0040DE58
:0040DE5D
:0040DE60
:0040DE63
:0040DE66
:0040DE6B
:0040DE6D
:0040DE6E
:0040DE73
:0040DE76
:0040DE79
:0040DE7C
:0040DE7E
:0040DE81
:0040DE83
:0040DE85
68F8DE4000
64FF30
648920
8B45FC
E875F7FFFF
33D2
55
68DBDE4000
64FF32
648922
8B45FC
8B10
FF5240
85DB
7440
EB39
push 0040DEF8
call 0040D5E0
xor edx, edx
push ebp
push 0040DEDB
call [edx+40]
test ebx, ebx
je 0040DEC5
jmp 0040DEC0

|:0040DEC3(C)
|
:0040DE87 8BC3
mov eax, ebx
:0040DE89 EB01
jmp 0040DE8C
|:0040DE9A(C)
|
:0040DE8B 43
inc ebx
|:0040DE89(U)
|
:0040DE8C 8A13
mov dl, byte ptr [ebx]
:0040DE8E 84D2
test dl, dl
:0040DE90 740A
je 0040DE9C
:0040DE92 80EA0A
sub dl, 0A
:0040DE95 7405
je 0040DE9C
:0040DE97 80EA03
sub dl, 03
:0040DE9A 75EF
jne 0040DE8B
|:0040DE90(C), :0040DE95(C)
|
:0040DE9C 8BCB
:0040DE9E 2BC8
:0040DEA0 8D55F8
:0040DEA3 92
:0040DEA4 E8F359FFFF
:0040DEA9 8B55F8
:0040DEAC 8B45FC
:0040DEAF 8B08
:0040DEB1 FF5134
:0040DEB4 803B0D
:0040DEB7 7501
:0040DEB9 43

mov ecx, ebx
sub ecx, eax
xchg eax,edx
call 0040389C
call [ecx+34]
cmp byte ptr [ebx], 0D
jne 0040DEBA
inc ebx

|:0040DEB7(C)
|
:0040DEBA 803B0A
cmp byte ptr [ebx], 0A
:0040DEBD 7501
jne 0040DEC0
:0040DEBF 43
inc ebx

|:0040DE85(U), :0040DEBD(C)
|
:0040DEC0 803B00
cmp byte ptr [ebx], 00
:0040DEC3 75C2
jne 0040DE87
|:0040DE83(C)
|
:0040DEC5 33C0
:0040DEC7 5A
:0040DEC8 59
:0040DEC9 59
:0040DECA 648910
:0040DECD 68E2DE4000
|:0040DEE0(U)
|
:0040DED2 8B45FC
:0040DED5 E8C2F7FFFF
:0040DEDA C3
:0040DEDB
:0040DEE0
:0040DEE2
:0040DEE4
:0040DEE5
:0040DEE6
:0040DEE7
jmp
jmp
xor
pop
pop
pop
mov
E99853FFFF
EBF0
33C0
5A
59
59
648910
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040DEE2

call 0040D69C
ret
00403278
0040DED2
eax, eax
edx
ecx
ecx
* Possible StringData Ref from Code Obj ->"[YY]"

|
:0040DEEA 68FFDE4000
push 0040DEFF
|:0040DEFD(U)
|
:0040DEEF 8D45F8
:0040DEF2 E8C158FFFF
:0040DEF7 C3
:0040DEF8
:0040DEFD
:0040DEFF
:0040DF00
:0040DF01
:0040DF02
:0040DF03
jmp
jmp
pop
pop
pop
pop
ret
E97B53FFFF
EBF0
5B
59
59
5D
C3

call 004037B8
ret
00403278
0040DEEF
ebx
ecx
ecx
ebp
:0040DF04 C3
ret
:0040DF05 8D4000
:0040DF08 55

push ebp
:0040DF09
:0040DF0B
:0040DF0E
:0040DF0F
:0040DF10
:0040DF11
:0040DF13
:0040DF16
:0040DF19
:0040DF1C
:0040DF1E
:0040DF1F
:0040DF24
:0040DF27
:0040DF2A
:0040DF2D
:0040DF32
:0040DF35
:0040DF37
:0040DF3A
:0040DF3C
:0040DF3D
:0040DF3F
:0040DF41
:0040DF42
8BEC
83C4F4
53
56
57
33C9
894DF4
8955F8
8945FC
33C0
55
687EDF4000
64FF30
648920
8B45F8
E8F2340000
8B45FC
8B10
FF5214
8BD8
4B
85DB
7C1F
43
33F6
mov ebp, esp

add esp, FFFFFFF4
push ebx
push esi
push edi
xor ecx, ecx
xor eax, eax
push ebp
push 0040DF7E
call 00411424
call [edx+14]
mov ebx, eax
dec ebx
test ebx, ebx
jl 0040DF60
inc ebx
xor esi, esi
|:0040DF5E(C)
|
:0040DF44 8D4DF4
:0040DF47 8BD6
:0040DF49 8B45FC
:0040DF4C 8B38
:0040DF4E FF570C
:0040DF51 8B55F4
:0040DF54 8B45F8
:0040DF57 E8D8340000
:0040DF5C 46
:0040DF5D 4B
:0040DF5E 75E4
|:0040DF3F(C)
|
:0040DF60 8B45F8
:0040DF63 E8C4340000
:0040DF68 33C0
:0040DF6A 5A
:0040DF6B 59
:0040DF6C 59
:0040DF6D 648910
lea ecx, dword

mov edx, esi
mov eax, dword
mov edi, dword
call [edi+0C]
mov edx, dword
mov eax, dword
call 00411434
inc esi
dec ebx
jne 0040DF44
ptr [ebp-0C]
ptr [ebp-04]
ptr [eax]
ptr [ebp-0C]
ptr [ebp-08]

call 0041142C
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040DF70 6885DF4000
push 0040DF85
|:0040DF83(U)
|
:0040DF75 8D45F4
:0040DF78 E83B58FFFF
:0040DF7D C3
call 004037B8
ret
:0040DF7E
:0040DF83
:0040DF85
:0040DF86
:0040DF87
:0040DF88
:0040DF8A
:0040DF8B
E9F552FFFF
EBF0
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:0040DF8C
:0040DF8D
:0040DF8E
:0040DF93
:0040DF95
:0040DF97
:0040DF99
:0040DF9C
:0040DF9F
:0040DFA1
:0040DFA4
:0040DFA7
:0040DFA9
:0040DFAC
:0040DFAE
:0040DFB3
:0040DFB6
:0040DFB8
:0040DFBA
:0040DFBD
:0040DFBF
:0040DFC4
:0040DFC5
53
56
E8D14FFFFF
8BDA
8BF0
33C0
89461C
894620
33C0
894624
894628
8BD3
80E2FC
8BC6
E88DF4FFFF
8B4610
85C0
7410
8B560C
8BC8
A130B84000
92
E83260FFFF
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
xor eax, eax
xor eax, eax
mov edx, ebx
and dl, FC
mov eax, esi
call 0040D440
test eax, eax
je 0040DFCA
mov edx, dword ptr [esi+0C]
mov ecx, eax
xchg eax,edx
call 00403FFC
|:0040DFB8(C)
|
:0040DFCA 33C0
:0040DFCC 894610
:0040DFCF 33D2
:0040DFD1 8BC6
:0040DFD3 8B08
:0040DFD5 FF5128
:0040DFD8 84DB
:0040DFDA 7E07
:0040DFDC 8BC6
:0040DFDE E8714FFFFF
00403278
0040DF75
edi
esi
ebx
esp, ebp
ebp

xor eax, eax
xor edx, edx
mov eax, esi
call [ecx+28]
test bl, bl
jle 0040DFE3
mov eax, esi
call 00402F54

|:0040DFDA(C)
|
:0040DFE3 5E
pop esi
:0040DFE4 5B
pop ebx
:0040DFE5 C3
ret
:0040DFE6
:0040DFE8
:0040DFE9
:0040DFEB
:0040DFEE
:0040DFEF
:0040DFF0
:0040DFF1
:0040DFF3
:0040DFF6
:0040DFF8
:0040DFFA
:0040DFFC
:0040DFFD
:0040E002
:0040E005
:0040E008
:0040E00C
:0040E00E
:0040E011
:0040E014
8BC0
55
8BEC
83C4F8
53
56
57
33C9
894DF8
8BF2
8BD8
33C0
55
686EE04000
64FF30
648920
807B1800
7508
8B4310
8945FC
EB36
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
xor ecx, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040E06E
jne 0040E016
jmp 0040E04C

|:0040E00C(C)
|
:0040E016 8D4DFC
:0040E019 8BD6
mov edx, esi
:0040E01B 8BC3
mov eax, ebx
:0040E01D 8B38
:0040E01F FF5778
call [edi+78]
:0040E022 84C0
test al, al
:0040E024 7426
je 0040E04C
:0040E026 8A4319
mov al, byte ptr [ebx+19]
:0040E029 2C01
sub al, 01
:0040E02B 722B
jb 0040E058
:0040E02D FEC8
dec al
:0040E02F 7402
je 0040E033
:0040E031 EB19
jmp 0040E04C
|:0040E02F(C)
|
:0040E033 8D55F8
:0040E036 A1D82A4400
:0040E03B E8E46DFFFF
:0040E040 8B55F8
:0040E043 33C9
:0040E045 8BC3
:0040E047 E810F7FFFF

call 00404E24
xor ecx, ecx
mov eax, ebx
call 0040D75C

|:0040E014(U), :0040E024(C), :0040E031(U)
|
:0040E04C 8BCE
mov ecx, esi
:0040E04E 8B55FC
:0040E051 8BC3
mov eax, ebx
:0040E053 E838040000
call 0040E490
|:0040E02B(C)
|
:0040E058
:0040E05A
:0040E05B
:0040E05C
:0040E05D
:0040E060
33C0
5A
59
59
648910
6875E04000
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040E075
|:0040E073(U)
|
:0040E065 8D45F8
:0040E068 E84B57FFFF
:0040E06D C3
:0040E06E
:0040E073
:0040E075
:0040E078
:0040E079
:0040E07A
:0040E07B
:0040E07C
:0040E07D
:0040E07E
E90552FFFF
EBF0
8B45FC
5F
5E
5B
59
59
5D
C3
jmp
jmp
mov
pop
pop
pop
pop
pop
pop
ret
:0040E07F
:0040E080
:0040E081
:0040E085
:0040E087
:0040E08C
:0040E08E
:0040E090
:0040E092
:0040E095
90
53
83780400
7511
6683781E00
740A
8BD8
8BD0
8B4320
FF531C
nop
push ebx
jne 0040E098
cmp word ptr [eax+1E], 0000
je 0040E098
mov ebx, eax
mov edx, eax
call [ebx+1C]

call 004037B8
ret
00403278
0040E065
edi
esi
ebx
ecx
ecx
ebp

|:0040E085(C), :0040E08C(C)
|
:0040E098 5B
pop ebx
:0040E099 C3
ret
:0040E09A
:0040E09C
:0040E09D
:0040E0A1
:0040E0A3
:0040E0A8
:0040E0AA
:0040E0AC
:0040E0AE
:0040E0B1
8BC0
53
83780400
7511
6683782600
740A
8BD8
8BD0
8B4328
FF5324
mov eax, eax

push ebx
jne 0040E0B4
cmp word ptr [eax+26], 0000
je 0040E0B4
mov ebx, eax
mov edx, eax
call [ebx+24]

|:0040E0A1(C), :0040E0A8(C)
|
:0040E0B4 5B
:0040E0B5 C3
pop ebx
ret
:0040E0B6
:0040E0B8
:0040E0B9
:0040E0BB
:0040E0BF
:0040E0C1
:0040E0C3
:0040E0C5
:0040E0C8
:0040E0CB
:0040E0CE
:0040E0D4
:0040E0D9
:0040E0DB
:0040E0DE
:0040E0E0
:0040E0E2
:0040E0E4
:0040E0E7
:0040E0E9
:0040E0EB
mov eax, eax

push ebx
mov ebx, eax
je 0040E0EE
mov eax, ebx
call [edx+74]
mov ecx, dword ptr [ebx+10]
call 00403FFC
xor eax, eax
xor edx, edx
mov eax, ebx
call [ecx+28]
mov eax, ebx
call [edx+70]
8BC0
53
8BD8
837B1000
742D
8BC3
8B10
FF5274
8B430C
8B4B10
8B1530B84000
E8235FFFFF
33C0
894310
33D2
8BC3
8B08
FF5128
8BC3
8B10
FF5270

|:0040E0BF(C)
|
:0040E0EE 5B
pop ebx
:0040E0EF C3
ret
:0040E0F0
:0040E0F1
:0040E0F3
:0040E0F5
:0040E0F6
:0040E0F7
:0040E0F9
:0040E0FB
:0040E0FD
:0040E0FE
:0040E103
:0040E106
:0040E109
:0040E10B
:0040E10D
:0040E110
55
8BEC
6A00
53
56
8BF2
8BD8
33C0
55
6883E14000
64FF30
648920
85F6
7C05
3B7310
7C19
|:0040E10B(C)
|
:0040E112 8D55FC
:0040E115 A1882C4400
:0040E11A E8056DFFFF
:0040E11F 8B55FC
:0040E122 8BCE
:0040E124 8BC3
:0040E126 E831F6FFFF
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040E183
test esi, esi
jl 0040E112
jl 0040E12B
call 00404E24
mov ecx, esi
mov eax, ebx
call 0040D75C
|:0040E110(C)
|
:0040E12B 8BC3
:0040E12D 8B10
:0040E12F FF5274
:0040E132 8B430C
:0040E135 8D04F0
:0040E138 8B1530B84000
:0040E13E E8995FFFFF
:0040E143 FF4B10
:0040E146 8B4310
:0040E149 3BF0
:0040E14B 7D19
:0040E14D 2BC6
:0040E14F 8BC8
:0040E151 C1E103
:0040E154 8B430C
:0040E157 8D14F0
:0040E15A 8B430C
:0040E15D 8D44F008
:0040E161 E84646FFFF

mov eax, ebx
mov edx, dword
call [edx+74]
mov eax, dword
lea eax, dword
mov edx, dword
call 004040DC
dec [ebx+10]
mov eax, dword
cmp esi, eax
jge 0040E166
sub eax, esi
mov ecx, eax
shl ecx, 03
mov eax, dword
lea edx, dword
mov eax, dword
lea eax, dword
call 004027AC
ptr [eax]
ptr [ebx+0C]
ptr [eax+8*esi]
ptr [0040B830]
ptr [ebx+10]
ptr
ptr
ptr
ptr
[ebx+0C]
[eax+8*esi]
[ebx+0C]
[eax+8*esi+08]

|:0040E14B(C)
|
:0040E166 8BC3
mov eax, ebx
:0040E168 8B10
:0040E16A FF5270
call [edx+70]
:0040E16D 33C0
xor eax, eax
:0040E16F 5A
pop edx
:0040E170 59
pop ecx
:0040E171 59
pop ecx
:0040E172 648910
|
:0040E175 688AE14000
push 0040E18A
|:0040E188(U)
|
:0040E17A 8D45FC
:0040E17D E83656FFFF
:0040E182 C3
:0040E183
:0040E188
:0040E18A
:0040E18B
:0040E18C
:0040E18D
:0040E18E
jmp
jmp
pop
pop
pop
pop
ret
E9F050FFFF
EBF0
5E
5B
59
5D
C3
:0040E18F 90
:0040E190 55
:0040E191 8BEC

call 004037B8
ret
00403278
0040E17A
esi
ebx
ecx
ebp
nop
push ebp
mov ebp, esp
:0040E193
:0040E195
:0040E196
:0040E197
:0040E198
:0040E19A
:0040E19C
:0040E19E
:0040E1A0
:0040E1A1
:0040E1A6
:0040E1A9
:0040E1AC
:0040E1AE
:0040E1B0
:0040E1B3
6A00
53
56
57
8BF9
8BF2
8BD8
33C0
55
681FE24000
64FF30
648920
85F6
7C05
3B7310
7C19
|:0040E1AE(C)
|
:0040E1B5 8D55FC
:0040E1B8 A1882C4400
:0040E1BD E8626CFFFF
:0040E1C2 8B55FC
:0040E1C5 8BCE
:0040E1C7 8BC3
:0040E1C9 E88EF5FFFF
push 00000000
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040E21F
test esi, esi
jl 0040E1B5
jl 0040E1CE
call 00404E24
mov ecx, esi
mov eax, ebx
call 0040D75C

|:0040E1B3(C)
|
:0040E1CE 85FF
test edi, edi
:0040E1D0 7C05
jl 0040E1D7
:0040E1D2 3B7B10
cmp edi, dword ptr [ebx+10]
:0040E1D5 7C19
jl 0040E1F0
|:0040E1D0(C)
|
:0040E1D7 8D55FC
:0040E1DA A1882C4400
:0040E1DF E8406CFFFF
:0040E1E4 8B55FC
:0040E1E7 8BCF
:0040E1E9 8BC3
:0040E1EB E86CF5FFFF
|:0040E1D5(C)
|
:0040E1F0 8BC3
:0040E1F2 8B10
:0040E1F4 FF5274
:0040E1F7 8BCF
:0040E1F9 8BD6
:0040E1FB 8BC3
:0040E1FD E82A000000
:0040E202 8BC3
:0040E204 8B10
:0040E206 FF5270

call 00404E24
mov ecx, edi
mov eax, ebx
call 0040D75C
mov eax, ebx

call [edx+74]
mov ecx, edi
mov edx, esi
mov eax, ebx
call 0040E22C
mov eax, ebx
call [edx+70]
:0040E209
:0040E20B
:0040E20C
:0040E20D
:0040E20E
33C0
5A
59
59
648910
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0040E211 6826E24000
push 0040E226
|:0040E224(U)
|
:0040E216 8D45FC
:0040E219 E89A55FFFF
:0040E21E C3
:0040E21F
:0040E224
:0040E226
:0040E227
:0040E228
:0040E229
:0040E22A
:0040E22B
jmp
jmp
pop
pop
pop
pop
pop
ret
E95450FFFF
EBF0
5F
5E
5B
59
5D
C3

call 004037B8
ret
00403278
0040E216
edi
esi
ebx
ecx
ebp

|:0040E1FD , :0040E680
|
:0040E22C 53
push ebx
:0040E22D 8B580C
mov ebx, dword ptr [eax+0C]
:0040E230 8D14D3
lea edx, dword ptr [ebx+8*edx]
:0040E233 8B400C
:0040E236 8D04C8
lea eax, dword ptr [eax+8*ecx]
:0040E239 8B0A
:0040E23B 8B18
:0040E23D 891A
mov dword ptr [edx], ebx
:0040E23F 8908
:0040E241 8B4A04
:0040E244 8B5804
:0040E247 895A04
mov dword ptr [edx+04], ebx
:0040E24A 894804
:0040E24D 5B
pop ebx
:0040E24E C3
ret
:0040E24F
:0040E250
:0040E251
:0040E252
:0040E253
:0040E254
:0040E257
:0040E25B
:0040E25E
:0040E260
:0040E265
90
53
56
57
55
83C4F4
894C2404
891424
8BE8
C644240800
33F6
nop
push ebx
push esi
push edi
push ebp
add esp, FFFFFFF4
mov ebp, eax
mov [esp+08], 00
xor esi, esi
:0040E267
:0040E26A
:0040E26B
:0040E26D
8B7D10
4F
3BFE
7C34

dec edi
cmp edi, esi
jl 0040E2A3
|:0040E2A1(C)
|
:0040E26F 8D1C37
:0040E272 D1EB
:0040E274 8B450C
:0040E277 8B04D8
:0040E27A 8B1424
:0040E27D E8F292FFFF
:0040E282 85C0
:0040E284 7D05
:0040E286 8D7301
:0040E289 EB14
|:0040E284(C)
|
:0040E28B 8BFB
:0040E28D 4F
:0040E28E 85C0
:0040E290 750D
:0040E292 C644240801
:0040E297 807D1901
:0040E29B 7402
:0040E29D 8BF3
lea ebx, dword

shr ebx, 1
mov eax, dword
mov eax, dword
mov edx, dword
call 00407574
test eax, eax
jge 0040E28B
lea esi, dword
jmp 0040E29F
ptr [edi+esi]
ptr [ebp+0C]
ptr [eax+8*ebx]
ptr [esp]
ptr [ebx+01]
mov edi, ebx

dec edi
test eax, eax
jne 0040E29F
mov [esp+08], 01
je 0040E29F
mov esi, ebx

|:0040E289(U), :0040E290(C), :0040E29B(C)
|
:0040E29F 3BFE
cmp edi, esi
:0040E2A1 7DCC
jge 0040E26F
|:0040E26D(C)
|
:0040E2A3 8B442404
:0040E2A7 8930
:0040E2A9 8A442408
:0040E2AD 83C40C
:0040E2B0 5D
:0040E2B1 5F
:0040E2B2 5E
:0040E2B3 5B
:0040E2B4 C3
:0040E2B5
:0040E2B8
:0040E2B9
:0040E2BB
:0040E2BD
:0040E2BE
:0040E2BF
:0040E2C0
:0040E2C2

push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
8D4000
55
8BEC
6A00
53
56
57
8BF9
8BF2
mov
mov
mov
add
pop
pop
pop
pop
ret

dword ptr [eax], esi
al, byte ptr [esp+08]
esp, 0000000C
ebp
edi
esi
ebx
:0040E2C4
:0040E2C6
:0040E2C8
:0040E2C9
:0040E2CE
:0040E2D1
:0040E2D4
:0040E2D6
:0040E2D8
:0040E2DB
8BD8
33C0
55
6819E34000
64FF30
648920
85F6
7C05
3B7310
7C19
mov ebx, eax

xor eax, eax
push ebp
push 0040E319
test esi, esi
jl 0040E2DD
jl 0040E2F6
|:0040E2D6(C)
|
:0040E2DD 8D55FC
:0040E2E0 A1882C4400
:0040E2E5 E83A6BFFFF
:0040E2EA 8B55FC
:0040E2ED 8BCE
:0040E2EF 8BC3
:0040E2F1 E866F4FFFF
|:0040E2DB(C)
|
:0040E2F6 8BC7
:0040E2F8 8B530C
:0040E2FB 8B14F2
:0040E2FE E84D55FFFF
:0040E303 33C0
:0040E305 5A
:0040E306 59
:0040E307 59
:0040E308 648910

call 00404E24
mov ecx, esi
mov eax, ebx
call 0040D75C
mov eax, edi

mov edx, dword ptr [edx+8*esi]
call 00403850
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040E30B 6820E34000
push 0040E320
|:0040E31E(U)
|
:0040E310 8D45FC
:0040E313 E8A054FFFF
:0040E318 C3
:0040E319
:0040E31E
:0040E320
:0040E321
:0040E322
:0040E323
:0040E324
:0040E325
jmp
jmp
pop
pop
pop
pop
pop
ret
E95A4FFFFF
EBF0
5F
5E
5B
59
5D
C3
:0040E326 8BC0
:0040E328 8B4014
:0040E32B C3

call 004037B8
ret
00403278
0040E310
edi
esi
ebx
ecx
ebp
mov eax, eax

ret
:0040E32C 8B4010
:0040E32F C3

ret
:0040E330
:0040E331
:0040E333
:0040E335
:0040E336
:0040E337
:0040E339
:0040E33B
:0040E33D
:0040E33E
:0040E343
:0040E346
:0040E349
:0040E34B
:0040E34D
:0040E350
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040E388
test esi, esi
jl 0040E352
jl 0040E36B
55
8BEC
6A00
53
56
8BF2
8BD8
33C0
55
6888E34000
64FF30
648920
85F6
7C05
3B7310
7C19
|:0040E34B(C)
|
:0040E352 8D55FC
:0040E355 A1882C4400
:0040E35A E8C56AFFFF
:0040E35F 8B55FC
:0040E362 8BCE
:0040E364 8BC3
:0040E366 E8F1F3FFFF
|:0040E350(C)
|
:0040E36B 8B430C
:0040E36E 8B5CF004
:0040E372 33C0
:0040E374 5A
:0040E375 59
:0040E376 59
:0040E377 648910
:0040E37A 688FE34000
|:0040E38D(U)
|
:0040E37F 8D45FC
:0040E382 E83154FFFF
:0040E387 C3
:0040E388
:0040E38D
:0040E38F
:0040E391
:0040E392
:0040E393
jmp
jmp
mov
pop
pop
pop
E9EB4EFFFF
EBF0
8BC3
5E
5B
59

call 00404E24
mov ecx, esi
mov eax, ebx
call 0040D75C

mov ebx, dword ptr [eax+8*esi+04]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040E38F

call 004037B8
ret
00403278
0040E37F
eax, ebx
esi
ebx
ecx
:0040E394 5D
:0040E395 C3
pop ebp
ret
:0040E396 8BC0
mov eax, eax

|:0040E4AA
|
:0040E398 56
push esi
:0040E399 8B5014
:0040E39C 83FA40
cmp edx, 00000040
:0040E39F 7E0E
jle 0040E3AF
:0040E3A1 8BF2
mov esi, edx
:0040E3A3 85F6
test esi, esi
:0040E3A5 7903
jns 0040E3AA
:0040E3A7 83C603
add esi, 00000003
|:0040E3A5(C)
|
:0040E3AA C1FE02
sar esi, 02
:0040E3AD EB11
jmp 0040E3C0
|:0040E39F(C)
|
:0040E3AF 83FA08
:0040E3B2 7E07
:0040E3B4 BE10000000
:0040E3B9 EB05

cmp
jle
mov
jmp
edx, 00000008
0040E3BB
esi, 00000010
0040E3C0

|:0040E3B2(C)
|
:0040E3BB BE04000000
mov esi, 00000004
|:0040E3AD(U), :0040E3B9(U)
|
:0040E3C0 03F2
:0040E3C2 8BD6
:0040E3C4 8B08
:0040E3C6 FF5128
:0040E3C9 5E
:0040E3CA C3
:0040E3CB
:0040E3CC
:0040E3CD
:0040E3CE
:0040E3CF
:0040E3D1
:0040E3D3
:0040E3D7
:0040E3D9
:0040E3DB
:0040E3DD
:0040E3E2
nop
push ebx
push esi
push ecx
mov esi, edx
mov ebx, eax
jne 0040E3E7
mov edx, esi
mov eax, ebx
call 0040D9C4
90
53
56
51
8BF2
8BD8
807B1800
750E
8BD6
8BC3
E8E2F5FFFF
890424
add esi, edx

mov edx, esi
call [ecx+28]
pop esi
ret
:0040E3E5 EB16
jmp 0040E3FD
|:0040E3D7(C)
|
:0040E3E7 8BCC
:0040E3E9 8BD6
:0040E3EB 8BC3
:0040E3ED 8B18
:0040E3EF FF5378
:0040E3F2 84C0
:0040E3F4 7507
:0040E3F6 C70424FFFFFFFF
|:0040E3E5(U), :0040E3F4(C)
|
:0040E3FD 8B0424
:0040E400 5A
:0040E401 5E
:0040E402 5B
:0040E403 C3
:0040E404
:0040E405
:0040E407
:0040E409
:0040E40A
:0040E40B
:0040E40C
:0040E40E
:0040E410
:0040E412
:0040E414
:0040E415
:0040E41A
:0040E41D
:0040E420
:0040E424
:0040E426
:0040E429
:0040E42E
:0040E433
:0040E436
:0040E438
:0040E43A
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040E482
je 0040E43F
call 00404E24
xor ecx, ecx
mov eax, ebx
call 0040D75C
55
8BEC
6A00
53
56
57
8BF9
8BF2
8BD8
33C0
55
6882E44000
64FF30
648920
807B1800
7419
8D55FC
A1782B4400
E8F169FFFF
8B55FC
33C9
8BC3
E81DF3FFFF
mov ecx, esp

mov edx, esi
mov eax, ebx
call [ebx+78]
test al, al
jne 0040E3FD
mov
pop
pop
pop
ret
eax, dword ptr [esp]

edx
esi
ebx

|:0040E424(C)
|
:0040E43F 85F6
test esi, esi
:0040E441 7C05
jl 0040E448
:0040E443 3B7310
:0040E446 7E19
jle 0040E461
|:0040E441(C)
|
:0040E448 8D55FC
:0040E44B
:0040E450
:0040E455
:0040E458
:0040E45A
:0040E45C
A1882C4400
E8CF69FFFF
8B55FC
8BCE
8BC3
E8FBF2FFFF
|:0040E446(C)
|
:0040E461 8BCF
:0040E463 8BD6
:0040E465 8BC3
:0040E467 E824000000
:0040E46C 33C0
:0040E46E 5A
:0040E46F 59
:0040E470 59
:0040E471 648910

call 00404E24
mov ecx, esi
mov eax, ebx
call 0040D75C
mov ecx, edi
mov edx, esi
mov eax, ebx
call 0040E490
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040E474 6889E44000
push 0040E489
|:0040E487(U)
|
:0040E479 8D45FC
:0040E47C E83753FFFF
:0040E481 C3
:0040E482
:0040E487
:0040E489
:0040E48A
:0040E48B
:0040E48C
:0040E48D
:0040E48E
jmp
jmp
pop
pop
pop
pop
pop
ret
E9F14DFFFF
EBF0
5F
5E
5B
59
5D
C3
:0040E48F 90

call 004037B8
ret
00403278
0040E479
edi
esi
ebx
ecx
ebp
nop

|:0040E053 , :0040E467
|
:0040E490 53
push ebx
:0040E491 56
push esi
:0040E492 57
push edi
:0040E493 8BF9
mov edi, ecx
:0040E495 8BF2
mov esi, edx
:0040E497 8BD8
mov ebx, eax
:0040E499 8BC3
mov eax, ebx
:0040E49B 8B10
:0040E49D FF5274
call [edx+74]
:0040E4A0 8B4310
:0040E4A3 3B4314
cmp eax, dword ptr [ebx+14]
:0040E4A6 7507
jne 0040E4AF
:0040E4A8 8BC3
mov eax, ebx
:0040E4AA E8E9FEFFFF
call 0040E398
|:0040E4A6(C)
|
:0040E4AF 8B4310
:0040E4B2 3BF0
:0040E4B4 7D18
:0040E4B6 8B530C
:0040E4B9 8D54F208
:0040E4BD 8B4B0C
:0040E4C0 8D0CF1
:0040E4C3 2BC6
:0040E4C5 C1E003
:0040E4C8 91
:0040E4C9 E8DE42FFFF
|:0040E4B4(C)
|
:0040E4CE 8B430C
:0040E4D1 8D04F0
:0040E4D4 8BF0
:0040E4D6 33C0
:0040E4D8 8906
:0040E4DA 33C0
:0040E4DC 894604
:0040E4DF 8BC6
:0040E4E1 8BD7
:0040E4E3 E82453FFFF
:0040E4E8 FF4310
:0040E4EB 8BC3
:0040E4ED 8B10
:0040E4EF FF5270
:0040E4F2 5F
:0040E4F3 5E
:0040E4F4 5B
:0040E4F5 C3
:0040E4F6
:0040E4F8
:0040E4F9
:0040E4FB
:0040E4FD
:0040E4FE
:0040E4FF
:0040E500
:0040E502
:0040E504
:0040E506
:0040E508
:0040E509
:0040E50E
:0040E511
:0040E514
:0040E518
:0040E51A
:0040E51D
:0040E522
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040E586
je 0040E533
call 00404E24
8BC0
55
8BEC
6A00
53
56
57
8BF9
8BF2
8BD8
33C0
55
6886E54000
64FF30
648920
807B1800
7419
8D55FC
A1782B4400
E8FD68FFFF
mov eax, dword

cmp esi, eax
jge 0040E4CE
mov edx, dword
lea edx, dword
mov ecx, dword
lea ecx, dword
sub eax, esi
shl eax, 03
xchg eax,ecx
call 004027AC
ptr [ebx+10]
ptr
ptr
ptr
ptr
[ebx+0C]
[edx+8*esi+08]
[ebx+0C]
[ecx+8*esi]

lea eax, dword ptr [eax+8*esi]
mov esi, eax
xor eax, eax
xor eax, eax
mov eax, esi
mov edx, edi
call 0040380C
inc [ebx+10]
mov eax, ebx
call [edx+70]
pop edi
pop esi
pop ebx
ret
:0040E527
:0040E52A
:0040E52C
:0040E52E
8B55FC
33C9
8BC3
E829F2FFFF

xor ecx, ecx
mov eax, ebx
call 0040D75C

|:0040E518(C)
|
:0040E533 85F6
test esi, esi
:0040E535 7C05
jl 0040E53C
:0040E537 3B7310
:0040E53A 7C19
jl 0040E555
|:0040E535(C)
|
:0040E53C 8D55FC
:0040E53F A1882C4400
:0040E544 E8DB68FFFF
:0040E549 8B55FC
:0040E54C 8BCE
:0040E54E 8BC3
:0040E550 E807F2FFFF
|:0040E53A(C)
|
:0040E555 8BC3
:0040E557 8B10
:0040E559 FF5274
:0040E55C 8B430C
:0040E55F 8D04F0
:0040E562 8BD7
:0040E564 E8A352FFFF
:0040E569 8BC3
:0040E56B 8B10
:0040E56D FF5270
:0040E570 33C0
:0040E572 5A
:0040E573 59
:0040E574 59
:0040E575 648910

call 00404E24
mov ecx, esi
mov eax, ebx
call 0040D75C
mov eax, ebx

call [edx+74]
lea eax, dword ptr [eax+8*esi]
mov edx, edi
call 0040380C
mov eax, ebx
call [edx+70]
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040E578 688DE54000
push 0040E58D
|:0040E58B(U)
|
:0040E57D 8D45FC
:0040E580 E83352FFFF
:0040E585 C3
:0040E586
:0040E58B
:0040E58D
:0040E58E
:0040E58F
jmp
jmp
pop
pop
pop
E9ED4CFFFF
EBF0
5F
5E
5B

call 004037B8
ret
00403278
0040E57D
edi
esi
ebx
:0040E590 59
:0040E591 5D
:0040E592 C3
pop ecx
pop ebp
ret
:0040E593
:0040E594
:0040E595
:0040E597
:0040E599
:0040E59A
:0040E59B
:0040E59C
:0040E59E
:0040E5A0
:0040E5A2
:0040E5A4
:0040E5A5
:0040E5AA
:0040E5AD
:0040E5B0
:0040E5B2
:0040E5B4
:0040E5B7
nop
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0040E5FD
test esi, esi
jl 0040E5B9
jl 0040E5D2
90
55
8BEC
6A00
53
56
57
8BF9
8BF2
8BD8
33C0
55
68FDE54000
64FF30
648920
85F6
7C05
3B7310
7C19
|:0040E5B2(C)
|
:0040E5B9 8D55FC
:0040E5BC A1882C4400
:0040E5C1 E85E68FFFF
:0040E5C6 8B55FC
:0040E5C9 8BCE
:0040E5CB 8BC3
:0040E5CD E88AF1FFFF
|:0040E5B7(C)
|
:0040E5D2 8BC3
:0040E5D4 8B10
:0040E5D6 FF5274
:0040E5D9 8B430C
:0040E5DC 897CF004
:0040E5E0 8BC3
:0040E5E2 8B10
:0040E5E4 FF5270
:0040E5E7 33C0
:0040E5E9 5A
:0040E5EA 59
:0040E5EB 59
:0040E5EC 648910

call 00404E24
mov ecx, esi
mov eax, ebx
call 0040D75C
mov eax, ebx

call [edx+74]
mov dword ptr [eax+8*esi+04], edi
mov eax, ebx
call [edx+70]
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040E5EF 6804E64000
push 0040E604
|:0040E602(U)
|
:0040E5F4 8D45FC
:0040E5F7 E8BC51FFFF
:0040E5FC C3

call 004037B8
ret
:0040E5FD
:0040E602
:0040E604
:0040E605
:0040E606
:0040E607
:0040E608
:0040E609
jmp
jmp
pop
pop
pop
pop
pop
ret
E9764CFFFF
EBF0
5F
5E
5B
59
5D
C3
:0040E60A 8BC0
00403278
0040E5F4
edi
esi
ebx
ecx
ebp
mov eax, eax

|:0040E697 , :0040E72E
|
:0040E60C 55
push ebp
:0040E60D 8BEC
mov ebp, esp
:0040E60F 83C4F4
add esp, FFFFFFF4
:0040E612 53
push ebx
:0040E613 56
push esi
:0040E614 57
push edi
:0040E615 33DB
xor ebx, ebx
:0040E617 895DF4
:0040E61A 894DF8
:0040E61D 8955FC
:0040E620 8BF8
mov edi, eax
:0040E622 33C0
xor eax, eax
:0040E624 55
push ebp
:0040E625 68BAE64000
push 0040E6BA
:0040E62A 64FF30
:0040E62D 648920
mov dword ptr fs:[eax],
|:0040E6A2(C)
|
:0040E630 8B5DFC
:0040E633 8B75F8
:0040E636 8D45F4
:0040E639 8B55FC
:0040E63C 0355F8
:0040E63F D1EA
:0040E641 8B4F0C
:0040E644 8B14D1
:0040E647 E80452FFFF
:0040E64C EB01
ebx
ecx
edx
esp

mov ebx, dword
mov esi, dword
lea eax, dword
mov edx, dword
add edx, dword
shr edx, 1
mov ecx, dword
mov edx, dword
call 00403850
jmp 0040E64F
ptr
ptr
ptr
ptr
ptr
[ebp-04]
[ebp-08]
[ebp-0C]
[ebp-04]
[ebp-08]
ptr [edi+0C]
ptr [ecx+8*edx]

|:0040E65F(C)
|
:0040E64E 43
inc ebx
|:0040E64C(U), :0040E689(C)
|
:0040E64F 8B470C
mov eax, dword ptr [edi+0C]
:0040E652
:0040E655
:0040E658
:0040E65D
:0040E65F
:0040E661
8B04D8
8B55F4
E8178FFFFF
85C0
7CED
EB01
mov eax, dword ptr [eax+8*ebx]

call 00407574
test eax, eax
jl 0040E64E
jmp 0040E664

|:0040E674(C)
|
:0040E663 4E
dec esi
|:0040E661(U)
|
:0040E664 8B470C
:0040E667 8B04F0
:0040E66A 8B55F4
:0040E66D E8028FFFFF
:0040E672 85C0
:0040E674 7FED
:0040E676 3BF3
:0040E678 7C0D
:0040E67A 8BCE
:0040E67C 8BD3
:0040E67E 8BC7
:0040E680 E8A7FBFFFF
:0040E685 43
:0040E686 4E
|:0040E678(C)
|
:0040E687 3BF3
:0040E689 7DC4
:0040E68B 3B75FC
:0040E68E 7E0C
:0040E690 8BCE
:0040E692 8B55FC
:0040E695 8BC7

mov eax, dword ptr [eax+8*esi]
call 00407574
test eax, eax
jg 0040E663
cmp esi, ebx
jl 0040E687
mov ecx, esi
mov edx, ebx
mov eax, edi
call 0040E22C
inc ebx
dec esi
cmp esi, ebx

jge 0040E64F
jle 0040E69C
mov ecx, esi
mov eax, edi
call 0040E60C

|:0040E68E(C)
|
:0040E69C 895DFC
:0040E69F 3B5DF8
cmp ebx, dword ptr [ebp-08]
:0040E6A2 7C8C
jl 0040E630
:0040E6A4 33C0
xor eax, eax
:0040E6A6 5A
pop edx
:0040E6A7 59
pop ecx
:0040E6A8 59
pop ecx
:0040E6A9 648910
|
:0040E6AC 68C1E64000
push 0040E6C1
|:0040E6BF(U)
|
:0040E6B1 8D45F4
:0040E6B4 E8FF50FFFF
:0040E6B9 C3

call 004037B8
ret
:0040E6BA
:0040E6BF
:0040E6C1
:0040E6C2
:0040E6C3
:0040E6C4
:0040E6C6
:0040E6C7
E9B94BFFFF
EBF0
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:0040E6C8
:0040E6C9
:0040E6CA
:0040E6CC
:0040E6CE
:0040E6D0
:0040E6D3
:0040E6D6
:0040E6DB
:0040E6DE
:0040E6DF
:0040E6E0
53
56
8BF2
8BD8
8BD6
C1E203
8D430C
E8E93FFFFF
897314
5E
5B
C3
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
shl edx, 03
lea eax, dword ptr [ebx+0C]
call 004026C4
pop esi
pop ebx
ret
:0040E6E1 8D4000
00403278
0040E6B1
edi
esi
ebx
esp, ebp
ebp

|:0043CC70 , :0043D18F
|
:0040E6E4 53
push ebx
:0040E6E5 56
push esi
:0040E6E6 8BDA
mov ebx, edx
:0040E6E8 8BF0
mov esi, eax
:0040E6EA 3A5E18
cmp bl, byte ptr [esi+18]
:0040E6ED 740E
je 0040E6FD
:0040E6EF 84DB
test bl, bl
:0040E6F1 7407
je 0040E6FA
:0040E6F3 8BC6
mov eax, esi
:0040E6F5 8B10
:0040E6F7 FF527C
call [edx+7C]
|:0040E6F1(C)
|
:0040E6FA 885E18
|:0040E6ED(C)
|
:0040E6FD 5E
pop esi
:0040E6FE 5B
pop ebx
:0040E6FF C3
ret
:0040E700
:0040E702
:0040E704
:0040E706
:0040E709
84D2
7406
8B10
FF5274
C3
test dl, dl
je 0040E70A
call [edx+74]
ret

|:0040E702(C)
|
:0040E70A 8B10
:0040E70C FF5270
call [edx+70]
:0040E70F C3
ret
:0040E710
:0040E711
:0040E713
:0040E717
:0040E719
:0040E71D
:0040E71F
:0040E721
:0040E723
:0040E726
:0040E729
:0040E72A
:0040E72C
:0040E72E
:0040E733
:0040E735
:0040E737
53
8BD8
807B1800
7521
837B1001
7E1B
8BC3
8B10
FF5274
8B4B10
49
33D2
8BC3
E8D9FEFFFF
8BC3
8B10
FF5270
push ebx
mov ebx, eax
jne 0040E73A
jle 0040E73A
mov eax, ebx
call [edx+74]
dec ecx
xor edx, edx
mov eax, ebx
call 0040E60C
mov eax, ebx
call [edx+70]

|:0040E717(C), :0040E71D(C)
|
:0040E73A 5B
pop ebx
:0040E73B C3
ret

|:0040DB09 , :0040F746 , :0041742C , :004178F3 , :004179E7
|:00419414 , :0041A3A4 , :0042F473 , :0042F78F
|
:0040E73C 53
push ebx
:0040E73D 66B90100
mov cx, 0001
:0040E741 33D2
xor edx, edx
:0040E743 8B18
:0040E745 FF530C
call [ebx+0C]
:0040E748 5B
pop ebx
:0040E749 C3
ret
:0040E74A 8BC0
mov eax, eax

|:0040F6F3 , :0041A266 , :0042F48B
|
, :0042F7CE
:0040E74C
:0040E74D
:0040E74F
:0040E751
:0040E754
:0040E755
53
33C9
8B18
FF530C
5B
C3
:0040E756 8BC0
|:0040DB00 , :00412126
|:004165BD , :00417424
|:0041A39C , :0041A3B6
|:0042F261 , :0042FA02
|
:0040E758 53
:0040E759 56
:0040E75A 57
:0040E75B 8BD8
:0040E75D 66B90100
:0040E761 33D2
:0040E763 8BC3
:0040E765 8B30
:0040E767 FF560C
:0040E76A 8BF0
:0040E76C 66B90200
:0040E770 33D2
:0040E772 8BC3
:0040E774 8B38
:0040E776 FF570C
:0040E779 8BF8
:0040E77B 33C9
:0040E77D 8BD6
:0040E77F 8BC3
:0040E781 8B18
:0040E783 FF530C
:0040E786 8BC7
:0040E788 5F
:0040E789 5E
:0040E78A 5B
:0040E78B C3
push ebx
xor ecx, ecx
call [ebx+0C]
pop ebx
ret
mov eax, eax
Addresses:
, :004122C2
, :004178EA
, :0041A55D
, :0042FA45
, :004165A7
, :00417A1A
, :0042F24D
, :004165B1
, :0041940C
, :0042F256
push ebx
push esi
push edi
mov ebx, eax
mov cx, 0001
xor edx, edx
mov eax, ebx
call [esi+0C]
mov esi, eax
mov cx, 0002
xor edx, edx
mov eax, ebx
call [edi+0C]
mov edi, eax
xor ecx, ecx
mov edx, esi
mov eax, ebx
call [ebx+0C]
mov eax, edi
pop edi
pop esi
pop ebx
ret
:0040E78C C3
ret
:0040E78D 8D4000

|:004174FA , :00417547 , :0041964B , :00419681
|:00419887 , :004199C0 , :0041A275 , :0041A3C5
|:0042F440 , :0042F44F
|
:0040E790 55
push ebp
:0040E791 8BEC
mov ebp, esp
:0040E793 83C4F8
add esp, FFFFFFF8
:0040E796 53
push ebx
:0040E797 56
push esi
:0040E798 33DB
xor ebx, ebx
, :00419732
, :0041A3D5
:0040E79A
:0040E79D
:0040E79F
:0040E7A2
:0040E7A4
:0040E7A6
:0040E7A7
:0040E7AC
:0040E7AF
:0040E7B2
:0040E7B4
:0040E7B6
:0040E7B9
:0040E7BB
:0040E7BD
:0040E7BF
:0040E7C2
:0040E7C4
:0040E7C6
:0040E7C9
:0040E7CE
:0040E7D3
:0040E7D6
:0040E7D8
:0040E7DD
:0040E7E2
895DF8
8BD9
8955FC
8BF0
33C0
55
68FDE74000
64FF30
648920
85DB
7431
8B55FC
8BCB
8BC6
8B30
FF5604
3BD8
7421
8D55F8
A1E42C4400
E85166FFFF
8B4DF8
B201
A1C4B14000
E88AA0FFFF
E8C94AFFFF
|:0040E7B4(C), :0040E7C4(C)
|
:0040E7E7 33C0
:0040E7E9 5A
:0040E7EA 59
:0040E7EB 59
:0040E7EC 648910

mov ebx, ecx
mov esi, eax
xor eax, eax
push ebp
push 0040E7FD
test ebx, ebx
je 0040E7E7
mov ecx, ebx
mov eax, esi
call [esi+04]
cmp ebx, eax
je 0040E7E7
call 00404E24
mov dl, 01
mov eax, dword ptr [0040B1C4]
call 0040886C
call 004032B0
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0040E7EF 6804E84000
push 0040E804
|:0040E802(U)
|
:0040E7F4 8D45F8
:0040E7F7 E8BC4FFFFF
:0040E7FC C3
:0040E7FD
:0040E802
:0040E804
:0040E805
:0040E806
:0040E807
:0040E808
:0040E809
jmp
jmp
pop
pop
pop
pop
pop
ret
E9764AFFFF
EBF0
5E
5B
59
59
5D
C3
:0040E80A 8BC0

call 004037B8
ret
00403278
0040E7F4
esi
ebx
ecx
ecx
ebp
mov eax, eax
|:0040DD92 , :00411390
|:00419E54 , :00419F7A
|:00419FC7 , :00419FE4
|:0042FA23 , :0042FA3D
|
:0040E80C 55
:0040E80D 8BEC
:0040E80F 83C4F8
:0040E812 53
:0040E813 56
:0040E814 33DB
:0040E816 895DF8
:0040E819 8BD9
:0040E81B 8955FC
:0040E81E 8BF0
:0040E820 33C0
:0040E822 55
:0040E823 6879E84000
:0040E828 64FF30
:0040E82B 648920
:0040E82E 85DB
:0040E830 7431
:0040E832 8B55FC
:0040E835 8BCB
:0040E837 8BC6
:0040E839 8B30
:0040E83B FF5608
:0040E83E 3BD8
:0040E840 7421
:0040E842 8D55F8
:0040E845 A1CC2B4400
:0040E84A E8D565FFFF
:0040E84F 8B4DF8
:0040E852 B201
:0040E854 A11CB24000
:0040E859 E80EA0FFFF
:0040E85E E84D4AFFFF
Addresses:
, :00417AA0
, :00419F8A
, :00419FF1
, :0042FA54
|:0040E830(C), :0040E840(C)
|
:0040E863 33C0
:0040E865 5A
:0040E866 59
:0040E867 59
:0040E868 648910
, :00417BBC
, :00419F9C
, :0041A325
, :00417BC9
, :00419FAB
, :0041A569
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
xor ebx, ebx
mov ebx, ecx
mov esi, eax
xor eax, eax
push ebp
push 0040E879
test ebx, ebx
je 0040E863
mov ecx, ebx
mov eax, esi
call [esi+08]
cmp ebx, eax
je 0040E863
mov eax, dword ptr [00442BCC]
call 00404E24
mov dl, 01
call 0040886C
call 004032B0
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0040E86B 6880E84000
push 0040E880
|:0040E87E(U)
|
:0040E870 8D45F8
:0040E873 E8404FFFFF
:0040E878 C3

call 004037B8
ret
:0040E879
:0040E87E
:0040E880
:0040E881
:0040E882
:0040E883
:0040E884
:0040E885
E9FA49FFFF
EBF0
5E
5B
59
59
5D
C3
:0040E886 8BC0
jmp
jmp
pop
pop
pop
pop
pop
ret
00403278
0040E870
esi
ebx
ecx
ecx
ebp
mov eax, eax

|:0040C7B5
|
:0040E888 55
push ebp
:0040E889 8BEC
mov ebp, esp
:0040E88B 83C4F8
add esp, FFFFFFF8
:0040E88E 53
push ebx
:0040E88F 8BDA
mov ebx, edx
:0040E891 6800100000
push 00001000
:0040E896 8BC8
mov ecx, eax
:0040E898 B201
mov dl, 01
:0040E89A A1D4BD4000
mov eax, dword ptr [0040BDD4]
:0040E89F E898050000
call 0040EE3C
:0040E8A4 8945F8
:0040E8A7 33C0
xor eax, eax
:0040E8A9 55
push ebp
:0040E8AA 68D8E84000
push 0040E8D8
:0040E8AF 64FF30
:0040E8B2 648920
:0040E8B5 8BD3
mov edx, ebx
:0040E8B7 8B45F8
:0040E8BA E8B9210000
call 00410A78
:0040E8BF 8945FC
:0040E8C2 33C0
xor eax, eax
:0040E8C4 5A
pop edx
:0040E8C5 59
pop ecx
:0040E8C6 59
pop ecx
:0040E8C7 648910
:0040E8CA 68DFE84000
push 0040E8DF
|:0040E8DD(U)
|
:0040E8CF 8B45F8
:0040E8D2 E84943FFFF
:0040E8D7 C3
:0040E8D8
:0040E8DD
:0040E8DF
:0040E8E2
:0040E8E3
:0040E8E4
:0040E8E5
:0040E8E6
jmp
jmp
mov
pop
pop
pop
pop
ret
E99B49FFFF
EBF0
8B45FC
5B
59
59
5D
C3

call 00402C20
ret
00403278
0040E8CF
ebx
ecx
ecx
ebp
:0040E8E7
:0040E8E8
:0040E8EB
:0040E8F0
:0040E8F3
:0040E8F5
90
8B4004
E8EC8DFFFF
83F8FF
7502
33C0
nop
call 004076DC
cmp eax, FFFFFFFF
jne 0040E8F7
xor eax, eax
|:0040E8F3(C)
|
:0040E8F7 C3
:0040E8F8 8B4004
:0040E8FB E8088EFFFF
:0040E900 83F8FF
:0040E903 7502
:0040E905 33C0
|:0040E903(C)
|
:0040E907 C3
:0040E908 0FB7C9
:0040E90B 8B4004
:0040E90E E8218EFFFF
:0040E913 C3
:0040E914
:0040E915
:0040E916
:0040E918
:0040E91A
:0040E91C
:0040E91E
:0040E921
:0040E924
push ebx
push esi
mov ebx, eax
xor ecx, ecx
mov eax, ebx
call [esi+0C]
push eax
53
56
8BD8
33C9
8BC3
8B30
FF560C
8B4304
50
ret
call 00407708
cmp eax, FFFFFFFF
jne 0040E907
xor eax, eax
ret
movzx ecx, cx
call 00407734
ret

|
:0040E925 E84674FFFF
Call 00405D70
:0040E92A E859AEFFFF
call 00409788
:0040E92F 5E
pop esi
:0040E930 5B
pop ebx
:0040E931 C3
ret
:0040E932 8BC0
mov eax, eax

|:0040DA86 , :0040DD1D , :00416642 , :004166CD
|
:0040E934 55
push ebp
:0040E935 8BEC
mov ebp, esp
:0040E937 83C4F0
add esp, FFFFFFF0
:0040E93A 53
push ebx
:0040E93B 56
push esi
:0040E93C 57
push edi
:0040E93D 33DB
xor ebx, ebx
:0040E93F 895DF0
:0040E942 84D2
test dl, dl
:0040E944 7408
:0040E946 83C4F0
:0040E949 E8B645FFFF
je 0040E94E
add esp, FFFFFFF0
call 00402F04
|:0040E944(C)
|
:0040E94E 8BF1
:0040E950 8855FF
:0040E953 8BD8
:0040E955 8B7D08
:0040E958 33C0
:0040E95A 55
:0040E95B 6804EA4000
:0040E960 64FF30
:0040E963 648920
:0040E966 6681FFFFFF
:0040E96B 7540
:0040E96D 8BC6
:0040E96F E8448DFFFF
:0040E974 8BF8
:0040E976 897B04
:0040E979 85FF
:0040E97B 7D71
:0040E97D 8975F4
:0040E980 C645F80B
:0040E984 8D45F4
:0040E987 50
:0040E988 6A00
:0040E98A 8D55F0
:0040E98D A1902C4400
:0040E992 E88D64FFFF
:0040E997 8B4DF0
:0040E99A B201
:0040E99C A1B8B04000
:0040E9A1 E8029FFFFF
:0040E9A6 E80549FFFF
:0040E9AB EB41
|:0040E96B(C)
|
:0040E9AD 0FB7D7
:0040E9B0 8BC6
:0040E9B2 E8C18CFFFF
:0040E9B7 894304
:0040E9BA 837B0400
:0040E9BE 7D2E
:0040E9C0 8975F4
:0040E9C3 C645F80B
:0040E9C7 8D45F4
:0040E9CA 50
:0040E9CB 6A00
:0040E9CD 8D55F0
:0040E9D0 A1A42C4400
:0040E9D5 E84A64FFFF
:0040E9DA 8B4DF0
:0040E9DD B201
:0040E9DF A114B14000
:0040E9E4 E8BF9EFFFF
mov esi, ecx

mov ebx, eax
xor eax, eax
push ebp
push 0040EA04
cmp di, FFFF
jne 0040E9AD
mov eax, esi
call 004076B8
mov edi, eax
mov dword ptr [ebx+04], edi
test edi, edi
jge 0040E9EE
mov dword ptr [ebp-0C], esi
mov [ebp-08], 0B
push eax
push 00000000
call 00404E24
mov dl, 01
mov eax, dword ptr [0040B0B8]
call 004088A8
call 004032B0
jmp 0040E9EE
movzx edx, di
mov eax, esi
call 00407678
jge 0040E9EE
mov [ebp-08], 0B
push eax
push 00000000
mov eax, dword ptr [00442CA4]
call 00404E24
mov dl, 01
call 004088A8
:0040E9E9 E8C248FFFF
call 004032B0

|:0040E97B(C), :0040E9AB(U), :0040E9BE(C)
|
:0040E9EE 33C0
xor eax, eax
:0040E9F0 5A
pop edx
:0040E9F1 59
pop ecx
:0040E9F2 59
pop ecx
:0040E9F3 648910
:0040E9F6 680BEA4000
push 0040EA0B
|:0040EA09(U)
|
:0040E9FB 8D45F0
:0040E9FE E8B54DFFFF
:0040EA03 C3
:0040EA04
:0040EA09
:0040EA0B
:0040EA0D
:0040EA11
:0040EA13
:0040EA18
:0040EA1F
jmp 00403278
jmp 0040E9FB
mov eax, ebx
je 0040EA22
call 00402F5C
add esp, 0000000C
E96F48FFFF
EBF0
8BC3
807DFF00
740F
E84445FFFF
648F0500000000
83C40C

call 004037B8
ret

|:0040EA11(C)
|
:0040EA22 8BC3
mov eax, ebx
:0040EA24 5F
pop edi
:0040EA25 5E
pop esi
:0040EA26 5B
pop ebx
:0040EA27 8BE5
mov esp, ebp
:0040EA29 5D
pop ebp
:0040EA2A C20400
ret 0004
:0040EA2D
:0040EA30
:0040EA31
:0040EA32
:0040EA37
:0040EA39
:0040EA3B
:0040EA3E
:0040EA40
:0040EA42
8D4000
53
56
E82D45FFFF
8BDA
8BF0
8B4604
85C0
7C05
E8F98CFFFF
|:0040EA40(C)
|
:0040EA47 84DB
:0040EA49 7E07
:0040EA4B 8BC6
:0040EA4D E80245FFFF

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
test eax, eax
jl 0040EA47
call 00407740
test bl, bl
jle 0040EA52
mov eax, esi
call 00402F54

|:0040EA49(C)
|
:0040EA52 5E
pop esi
:0040EA53 5B
pop ebx
:0040EA54 C3
ret
:0040EA55 8D4000

|:0040EB17 , :0040ED9F
|
:0040EA58 895004
:0040EA5B 894808
:0040EA5E C3
ret
:0040EA5F
:0040EA60
:0040EA61
:0040EA62
:0040EA63
:0040EA65
:0040EA68
:0040EA6A
:0040EA6C
:0040EA6E
:0040EA70
:0040EA73
:0040EA75
:0040EA77
:0040EA79
:0040EA7B
:0040EA7D
90
53
56
57
8BD8
8B7B0C
85FF
7C24
85C9
7C20
8B7308
2BF7
85F6
7E17
3BCE
7D02
8BF1
|:0040EA7B(C)
|
:0040EA7F 8B4304
:0040EA82 03C7
:0040EA84 8BCE
:0040EA86 E8213DFFFF
:0040EA8B 01730C
:0040EA8E EB02
nop
push ebx
push esi
push edi
mov ebx, eax
mov edi, dword ptr [ebx+0C]
test edi, edi
jl 0040EA90
test ecx, ecx
jl 0040EA90
sub esi, edi
test esi, esi
jle 0040EA90
cmp ecx, esi
jge 0040EA7F
mov esi, ecx
add eax, edi
mov ecx, esi
call 004027AC
add dword ptr [ebx+0C], esi
jmp 0040EA92

|:0040EA6A(C), :0040EA6E(C), :0040EA77(C)
|
:0040EA90 33F6
xor esi, esi
|:0040EA8E(U)
|
:0040EA92 8BC6
mov eax, esi
:0040EA94 5F
pop edi
:0040EA95 5E
pop esi
:0040EA96 5B
pop ebx
:0040EA97 C3
ret
:0040EA98
:0040EA9C
:0040EA9E
:0040EAA0
:0040EAA3
:0040EAA5
6683E901
7209
740C
66FFC9
740C
EB10
sub cx, 0001

jb 0040EAA7
je 0040EAAC
dec cx
je 0040EAB1
jmp 0040EAB7

|:0040EA9C(C)
|
:0040EAA7 89500C
:0040EAAA EB0B
jmp 0040EAB7
|:0040EA9E(C)
|
:0040EAAC 01500C
add dword ptr [eax+0C], edx
:0040EAAF EB06
jmp 0040EAB7
|:0040EAA3(C)
|
:0040EAB1 035008
add edx, dword ptr [eax+08]
:0040EAB4 89500C
|:0040EAA5(U), :0040EAAA(U), :0040EAAF(U)
|
:0040EAB7 8B400C
:0040EABA C3
ret
:0040EABB
:0040EABC
:0040EABD
:0040EABE
:0040EAC3
:0040EAC5
:0040EAC7
:0040EAC9
:0040EACE
:0040EAD0
:0040EAD3
:0040EAD5
:0040EADA
:0040EADC
:0040EADE
:0040EAE0
90
53
56
E8A144FFFF
8BDA
8BF0
8BC6
E81A000000
8BD3
80E2FC
8BC6
E83641FFFF
84DB
7E07
8BC6
E86F44FFFF
nop
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
mov eax, esi
call 0040EAE8
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 0040EAE5
mov eax, esi
call 00402F54

|:0040EADC(C)
|
:0040EAE5 5E
pop esi
:0040EAE6 5B
pop ebx
:0040EAE7 C3
ret
|:0040EAC9
|
:0040EAE8 53
:0040EAE9 8BD8
:0040EAEB 33D2
:0040EAED 8BC3
:0040EAEF E80C000000
:0040EAF4 33C0
:0040EAF6 894308
:0040EAF9 33C0
:0040EAFB 89430C
:0040EAFE 5B
:0040EAFF C3
push ebx
mov ebx, eax
xor edx, edx
mov eax, ebx
call 0040EB00
xor eax, eax
xor eax, eax
pop ebx
ret

|:0040EAEF , :0040EB36 , :0040EC3F
|
:0040EB00 53
push ebx
:0040EB01 51
push ecx
:0040EB02 891424
:0040EB05 8BD8
mov ebx, eax
:0040EB07 8BD4
mov edx, esp
:0040EB09 8BC3
mov eax, ebx
:0040EB0B 8B08
:0040EB0D FF5110
call [ecx+10]
:0040EB10 8BD0
mov edx, eax
:0040EB12 8B4B08
:0040EB15 8BC3
mov eax, ebx
:0040EB17 E83CFFFFFF
call 0040EA58
:0040EB1C 8B0424
:0040EB1F 894310
:0040EB22 5A
pop edx
:0040EB23 5B
pop ebx
:0040EB24 C3
ret
:0040EB25
:0040EB28
:0040EB29
:0040EB2A
:0040EB2B
:0040EB2D
:0040EB2F
:0040EB32
:0040EB34
:0040EB36
:0040EB3B
:0040EB3E
:0040EB40
:0040EB42
:0040EB46
:0040EB48
:0040EB4A
:0040EB4C
8D4000
53
56
57
8BF2
8BD8
8B7B0C
8BD6
8BC3
E8C5FFFFFF
897308
3BF7
7D0D
66B90200
33D2
8BC3
8B18
FF530C

push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 0040EB00
cmp esi, edi
jge 0040EB4F
mov cx, 0002
xor edx, edx
mov eax, ebx
call [ebx+0C]

|:0040EB40(C)
|
:0040EB4F
:0040EB50
:0040EB51
:0040EB52
5F
5E
5B
C3
pop edi
pop esi
pop ebx
ret
:0040EB53
:0040EB54
:0040EB55
:0040EB57
:0040EB59
:0040EB5A
:0040EB5B
:0040EB5C
:0040EB5E
:0040EB5F
:0040EB64
:0040EB67
:0040EB6A
:0040EB6D
:0040EB6F
:0040EB71
:0040EB77
:0040EB7D
90
55
8BEC
6A00
53
56
57
33C9
55
6803EC4000
64FF31
648921
833A00
7E10
8B0A
81C1FF1F0000
81E100E0FFFF
890A
nop
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
xor ecx, ecx
push ebp
push 0040EC03
cmp dword ptr [edx], 00000000
jle 0040EB7F
add ecx, 00001FFF
and ecx, FFFFE000
|:0040EB6D(C)
|
:0040EB7F 8B7004
:0040EB82 8BDE
:0040EB84 8B3A
:0040EB86 8B4810
:0040EB89 3BF9
:0040EB8B 7460
:0040EB8D 833A00
:0040EB90 750B
:0040EB92 8BC6
:0040EB94 E84B79FFFF
:0040EB99 33DB
:0040EB9B EB50
|:0040EB90(C)
|
:0040EB9D 85C9
:0040EB9F 7513
:0040EBA1 A1942C4400
:0040EBA6 0FB700
:0040EBA9 8B12
:0040EBAB E80879FFFF
:0040EBB0 8BD8
:0040EBB2 EB14
|:0040EB9F(C)
|
:0040EBB4 8B0D942C4400
:0040EBBA 0FB709
:0040EBBD 8B12
:0040EBBF 8BC6

mov ebx, esi
mov edi, dword ptr [edx]
cmp edi, ecx
je 0040EBED
cmp dword ptr [edx], 00000000
jne 0040EB9D
mov eax, esi
call 004064E4
xor ebx, ebx
jmp 0040EBED
test ecx, ecx

jne 0040EBB4
movzx eax, word ptr [eax]
call 004064B8
mov ebx, eax
jmp 0040EBC8
mov ecx, dword ptr [00442C94]

movzx ecx, word ptr [ecx]
mov eax, esi
:0040EBC1 E80279FFFF
:0040EBC6 8BD8
call 004064C8
mov ebx, eax
|:0040EBB2(U)
|
:0040EBC8 85DB
:0040EBCA 7521
:0040EBCC 8D55FC
:0040EBCF A1082D4400
:0040EBD4 E84B62FFFF
:0040EBD9 8B4DFC
:0040EBDC B201
:0040EBDE A15CB04000
:0040EBE3 E8849CFFFF
:0040EBE8 E8C346FFFF

test ebx, ebx
jne 0040EBED
lea edx, dword
mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-04]
ptr [00442D08]
ptr [ebp-04]
ptr [0040B05C]

|:0040EB8B(C), :0040EB9B(U), :0040EBCA(C)
|
:0040EBED 33C0
xor eax, eax
:0040EBEF 5A
pop edx
:0040EBF0 59
pop ecx
:0040EBF1 59
pop ecx
:0040EBF2 648910
:0040EBF5 680AEC4000
push 0040EC0A
|:0040EC08(U)
|
:0040EBFA 8D45FC
:0040EBFD E8B64BFFFF
:0040EC02 C3
:0040EC03
:0040EC08
:0040EC0A
:0040EC0C
:0040EC0D
:0040EC0E
:0040EC0F
:0040EC10
:0040EC11
E97046FFFF
EBF0
8BC3
5F
5E
5B
59
5D
C3
jmp
jmp
mov
pop
pop
pop
pop
pop
ret
:0040EC12
:0040EC14
:0040EC15
:0040EC16
:0040EC17
:0040EC18
:0040EC1A
:0040EC1C
:0040EC1E
:0040EC21
:0040EC23
:0040EC25
:0040EC27
:0040EC29
8BC0
53
56
57
55
8BF1
8BEA
8BD8
8B430C
85C0
7C38
85F6
7C34
8BF8
mov eax, eax

push ebx
push esi
push edi
push ebp
mov esi, ecx
mov ebp, edx
mov ebx, eax
test eax, eax
jl 0040EC5D
test esi, esi
jl 0040EC5D
mov edi, eax

call 004037B8
ret
00403278
0040EBFA
eax, ebx
edi
esi
ebx
ecx
ebp
:0040EC2B
:0040EC2D
:0040EC2F
:0040EC31
:0040EC34
:0040EC36
:0040EC39
:0040EC3B
:0040EC3D
:0040EC3F
03FE
85FF
7E2C
3B7B08
7E11
3B7B10
7E09
8BD7
8BC3
E8BCFEFFFF
add edi, esi

test edi, edi
jle 0040EC5D
jle 0040EC47
jle 0040EC44
mov edx, edi
mov eax, ebx
call 0040EB00

|:0040EC39(C)
|
:0040EC44 897B08
|:0040EC34(C)
|
:0040EC47 8B5304
:0040EC4A 03530C
:0040EC4D 8BC5
:0040EC4F 8BCE
:0040EC51 E8563BFFFF
:0040EC56 897B0C
:0040EC59 8BC6
:0040EC5B EB02

mov eax, ebp
mov ecx, esi
call 004027AC
mov dword ptr [ebx+0C], edi
mov eax, esi
jmp 0040EC5F

|:0040EC23(C), :0040EC27(C), :0040EC2F(C)
|
:0040EC5D 33C0
xor eax, eax
|:0040EC5B(U)
|
:0040EC5F 5D
pop ebp
:0040EC60 5F
pop edi
:0040EC61 5E
pop esi
:0040EC62 5B
pop ebx
:0040EC63 C3
ret

|:0040C79A
|
:0040EC64 55
push ebp
:0040EC65 8BEC
mov ebp, esp
:0040EC67 53
push ebx
:0040EC68 56
push esi
:0040EC69 57
push edi
:0040EC6A 84D2
test dl, dl
:0040EC6C 7408
je 0040EC76
:0040EC6E 83C4F0
add esp, FFFFFFF0
:0040EC71 E88E42FFFF
call 00402F04
|:0040EC6C(C)
|
:0040EC76
:0040EC78
:0040EC7A
:0040EC7C
:0040EC7E
:0040EC80
:0040EC85
:0040EC88
:0040EC89
:0040EC8C
:0040EC91
:0040EC93
:0040EC95
:0040EC97
:0040EC9C
:0040EC9E
:0040ECA0
:0040ECA2
:0040ECA7
:0040ECAE
8BF1
8BDA
8BF8
33D2
8BC7
E86B3FFFFF
8B4508
50
8B450C
E8674FFFFF
8BC8
8BD6
8BC7
E8A4000000
8BC7
84DB
740F
E8B542FFFF
648F0500000000
83C40C
mov esi, ecx

mov ebx, edx
mov edi, eax
xor edx, edx
mov eax, edi
call 00402BF0
push eax
call 00403BF8
mov ecx, eax
mov edx, esi
mov eax, edi
call 0040ED40
mov eax, edi
test bl, bl
je 0040ECB1
call 00402F5C
add esp, 0000000C

|:0040ECA0(C)
|
:0040ECB1 8BC7
mov eax, edi
:0040ECB3 5F
pop edi
:0040ECB4 5E
pop esi
:0040ECB5 5B
pop ebx
:0040ECB6 5D
pop ebp
:0040ECB7 C20800
ret 0008
:0040ECBA 8BC0
mov eax, eax

|:0040ED66 , :0040ED80
|
:0040ECBC 55
push ebp
:0040ECBD 8BEC
mov ebp, esp
:0040ECBF 83C4F0
add esp, FFFFFFF0
:0040ECC2 33C0
xor eax, eax
:0040ECC4 8945FC
:0040ECC7 8945F8
:0040ECCA 33C0
xor eax, eax
:0040ECCC 55
push ebp
:0040ECCD 6832ED4000
push 0040ED32
:0040ECD2 64FF30
:0040ECD5 648920
:0040ECD8 8D45FC
:0040ECDB 50
push eax
:0040ECDC 8D55F8
:0040ECDF A1A02B4400
:0040ECE4 E83B61FFFF
call 00404E24
:0040ECE9 8B45F8
:0040ECEC 8B5508
:0040ECEF 8B52FC
:0040ECF2 8955F0
:0040ECF5 C645F406
mov [ebp-0C], 06
:0040ECF9 8D55F0
:0040ECFC 33C9
xor ecx, ecx
:0040ECFE
:0040ED03
:0040ED06
:0040ED08
:0040ED0D
:0040ED12
:0040ED17
:0040ED19
:0040ED1A
:0040ED1B
:0040ED1C
:0040ED1F
E80193FFFF
8B4DFC
B201
A1D0B24000
E85A9BFFFF
E89945FFFF
33C0
5A
59
59
648910
6839ED4000
call 00408004
mov dl, 01
mov eax, dword ptr [0040B2D0]
call 0040886C
call 004032B0
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040ED39
|:0040ED37(U)
|
:0040ED24 8D45F8
:0040ED27 BA02000000
:0040ED2C E8AB4AFFFF
:0040ED31 C3
:0040ED32
:0040ED37
:0040ED39
:0040ED3B
:0040ED3C
jmp
jmp
mov
pop
ret
E94145FFFF
EBEB
8BE5
5D
C3
:0040ED3D 8D4000

mov edx, 00000002
call 004037DC
ret
00403278
0040ED24
esp, ebp
ebp

|:0040EC97
|
:0040ED40 55
push ebp
:0040ED41 8BEC
mov ebp, esp
:0040ED43 51
push ecx
:0040ED44 53
push ebx
:0040ED45 56
push esi
:0040ED46 57
push edi
:0040ED47 894DFC
:0040ED4A 8BF2
mov esi, edx
:0040ED4C 8BD8
mov ebx, eax
:0040ED4E 8B4508
:0040ED51 50
push eax
:0040ED52 8B45FC
:0040ED55 50
push eax
:0040ED56 56
push esi
|
:0040ED57 E80C6FFFFF
Call 00405C68
:0040ED5C 8BF8
mov edi, eax
:0040ED5E 897B10
:0040ED61 85FF
test edi, edi
:0040ED63 7507
jne 0040ED6C
:0040ED65 55
push ebp
:0040ED66 E851FFFFFF
call 0040ECBC
:0040ED6B 59
pop ecx

|:0040ED63(C)
|
:0040ED6C 8B4310
:0040ED6F 50
push eax
:0040ED70 56
push esi
* Reference To: kernel32.LoadResource, Ord:0000h
|
:0040ED71 E8DA6FFFFF
Call 00405D50
:0040ED76 8BF8
mov edi, eax
:0040ED78 897B14
:0040ED7B 85FF
test edi, edi
:0040ED7D 7507
jne 0040ED86
:0040ED7F 55
push ebp
:0040ED80 E837FFFFFF
call 0040ECBC
:0040ED85 59
pop ecx
|:0040ED7D(C)
|
:0040ED86 8B4310
:0040ED89 50
push eax
:0040ED8A 56
push esi
* Reference To: kernel32.SizeofResource, Ord:0000h
|
:0040ED8B E80870FFFF
Call 00405D98
:0040ED90 50
push eax
:0040ED91 8B4314
:0040ED94 50
push eax
* Reference To: kernel32.LockResource, Ord:0000h
|
:0040ED95 E8BE6FFFFF
Call 00405D58
:0040ED9A 8BD0
mov edx, eax
:0040ED9C 8BC3
mov eax, ebx
:0040ED9E 59
pop ecx
:0040ED9F E8B4FCFFFF
call 0040EA58
:0040EDA4 5F
pop edi
:0040EDA5 5E
pop esi
:0040EDA6 5B
pop ebx
:0040EDA7 59
pop ecx
:0040EDA8 5D
pop ebp
:0040EDA9 C20400
ret 0004
:0040EDAC
:0040EDAD
:0040EDAE
:0040EDB3
:0040EDB5
:0040EDB7
:0040EDBA
:0040EDBF
:0040EDC2
53
56
E8B141FFFF
8BDA
8BF0
8B4614
E8F576FFFF
8B4614
50
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 004064B4
push eax
* Reference To: kernel32.FreeResource, Ord:0000h

|
:0040EDC3 E8B86EFFFF
Call 00405C80
:0040EDC8
:0040EDCA
:0040EDCD
:0040EDCF
:0040EDD4
:0040EDD6
:0040EDD8
:0040EDDA
8BD3
80E2FC
8BC6
E83C3EFFFF
84DB
7E07
8BC6
E87541FFFF
mov edx, ebx

and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 0040EDDF
mov eax, esi
call 00402F54

|:0040EDD6(C)
|
:0040EDDF 5E
pop esi
:0040EDE0 5B
pop ebx
:0040EDE1 C3
ret
:0040EDE2
:0040EDE4
:0040EDE5
:0040EDE7
:0040EDE9
:0040EDEA
:0040EDEC
:0040EDED
:0040EDF2
:0040EDF5
:0040EDF8
:0040EDFB
:0040EE00
:0040EE05
:0040EE08
:0040EE0A
:0040EE0F
:0040EE14
:0040EE19
:0040EE1B
:0040EE1C
:0040EE1D
:0040EE1E
:0040EE21
8BC0
55
8BEC
6A00
53
33C0
55
682FEE4000
64FF30
648920
8D55FC
A1C02B4400
E81F60FFFF
8B4DFC
B201
A15CB04000
E8589AFFFF
E89744FFFF
33C0
5A
59
59
648910
6836EE4000
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push ebx
xor eax, eax
push ebp
push 0040EE2F
mov eax, dword ptr [00442BC0]
call 00404E24
mov dl, 01
call 0040886C
call 004032B0
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040EE36
|:0040EE34(U)
|
:0040EE26 8D45FC
:0040EE29 E88A49FFFF
:0040EE2E C3
:0040EE2F
:0040EE34
:0040EE36
:0040EE38
:0040EE39
:0040EE3A
:0040EE3B
jmp
jmp
mov
pop
pop
pop
ret
E94444FFFF
EBF0
8BC3
5B
59
5D
C3

call 004037B8
ret
00403278
0040EE26
eax, ebx
ebx
ecx
ebp

|:0040E89F
|
:0040EE3C 55
push ebp
:0040EE3D 8BEC
mov ebp, esp
:0040EE3F 53
push ebx
:0040EE40 56
push esi
:0040EE41 57
push edi
:0040EE42 84D2
test dl, dl
:0040EE44 7408
je 0040EE4E
:0040EE46 83C4F0
add esp, FFFFFFF0
:0040EE49 E8B640FFFF
call 00402F04
|:0040EE44(C)
|
:0040EE4E 8BDA
:0040EE50 8BF8
:0040EE52 8B7508
:0040EE55 894F04
:0040EE58 8BC6
:0040EE5A E83538FFFF
:0040EE5F 894708
:0040EE62 89770C
:0040EE65 8BC7
:0040EE67 84DB
:0040EE69 740F
:0040EE6B E8EC40FFFF
:0040EE70 648F0500000000
:0040EE77 83C40C

mov ebx, edx
mov edi, eax
mov dword ptr [edi+04], ecx
mov eax, esi
call 00402694
mov dword ptr [edi+08], eax
mov dword ptr [edi+0C], esi
mov eax, edi
test bl, bl
je 0040EE7A
call 00402F5C
add esp, 0000000C

|:0040EE69(C)
|
:0040EE7A 8BC7
mov eax, edi
:0040EE7C 5F
pop edi
:0040EE7D 5E
pop esi
:0040EE7E 5B
pop ebx
:0040EE7F 5D
pop ebp
:0040EE80 C20400
ret 0004
:0040EE83 90
nop

|:0040F3FD
|
:0040EE84 53
push ebx
:0040EE85 56
push esi
:0040EE86 E8D940FFFF
call 00402F64
:0040EE8B 8BDA
mov ebx, edx
:0040EE8D 8BF0
mov esi, eax
:0040EE8F 8B4608
:0040EE92 85C0
test eax, eax
:0040EE94 7408
je 0040EE9E
:0040EE96 8B560C
:0040EE99 E80E38FFFF
call 004026AC
|:0040EE94(C)
|
:0040EE9E
:0040EEA0
:0040EEA2
:0040EEA4
84DB
7E07
8BC6
E8AB40FFFF
test bl, bl
jle 0040EEA9
mov eax, esi
call 00402F54

|:0040EEA0(C)
|
:0040EEA9 5E
pop esi
:0040EEAA 5B
pop ebx
:0040EEAB C3
ret
:0040EEAC
:0040EEAD
:0040EEAE
:0040EEAF
F8
EE
40
000000000000000000
clc
out dx, al
inc eax
BYTE 9 DUP(0)
:0040EEB8
:0040EEB9
:0040EEBA
:0040EEBB
:0040EEC5
F8
EE
40
00000000000000000000
00000000000000
clc
out dx, al
inc eax
BYTE 10 DUP(0)
BYTE 7 DUP(0)
:0040EECC
:0040EECE
:0040EECF
:0040EED1
12EF
40
0018
000000
adc ch, bh
inc eax
BYTE 3 DUP(0)
:0040EED4
:0040EED8
:0040EEDC
:0040EEE0
:0040EEE4
:0040EEE8
:0040EEEC
:0040EEF0
:0040EEF4
88104000
282E4000
342E4000
382E4000
3C2E4000
302E4000
B42B4000
C82B4000
102C4000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00401088
00402E28
00402E34
00402E38
00402E3C
00402E30
00402BB4
00402BC8
00402C10
:0040EEF8 0E
:0040EEF9 0000000000
push cs
BYTE 5 DUP(0)
:0040EEFE
:0040EF00
:0040EF02
:0040EF04
:0040EF05
:0040EF07

jl 0040EF14
inc eax
BYTE 3 DUP(0)
0200
0000
7C10
40
0010
000000
:0040EF0A 7C10
:0040EF0C 40
:0040EF0D 001400
jl 0040EF1C
inc eax
add byte ptr [eax+eax], dl
:0040EF10
:0040EF12
:0040EF16
:0040EF17
:0040EF19
0000
0A545072
6F
7046
697875708D4000

or dl, byte ptr [eax+2*edx+72]
outsd
jo 0040EF5F
imul edi, dword ptr [eax+75], 00408D70

|:0041053A
|
:0040EF20 55
push ebp
:0040EF21 8BEC
mov ebp, esp
:0040EF23 53
push ebx
:0040EF24 56
push esi
:0040EF25 84D2
test dl, dl
:0040EF27 7408
je 0040EF31
:0040EF29 83C4F0
add esp, FFFFFFF0
:0040EF2C E8D33FFFFF
call 00402F04
|:0040EF27(C)
|
:0040EF31 8BDA
:0040EF33 8BF0
:0040EF35 894E04
:0040EF38 8B4514
:0040EF3B 894608
:0040EF3E 8B4510
:0040EF41 89460C
:0040EF44 8D4610
:0040EF47 8B550C
:0040EF4A E8BD48FFFF
:0040EF4F 8D4614
:0040EF52 8B5508
:0040EF55 E8B248FFFF
:0040EF5A 8BC6
:0040EF5C 84DB
:0040EF5E 740F
:0040EF60 E8F73FFFFF
:0040EF65 648F0500000000
:0040EF6C 83C40C

mov ebx, edx
mov esi, eax
mov dword ptr [esi+04], ecx
call 0040380C
call 0040380C
mov eax, esi
test bl, bl
je 0040EF6F
call 00402F5C
add esp, 0000000C

|:0040EF5E(C)
|
:0040EF6F 8BC6
mov eax, esi
:0040EF71 5E
pop esi
:0040EF72 5B
pop ebx
:0040EF73 5D
pop ebp
:0040EF74 C21000
ret 0010
:0040EF77 90
nop

|:0040F0FA
|
:0040EF78 55
push ebp
:0040EF79 8BEC
mov ebp, esp
:0040EF7B 53
push ebx
:0040EF7C 8BD8
mov ebx, eax
:0040EF7E
:0040EF81
:0040EF84
:0040EF86
:0040EF8B
:0040EF8D
:0040EF8F
:0040EF92
:0040EF95
:0040EF97
:0040EF9C
:0040EF9E
:0040EFA0
:0040EFA3
:0040EFA6
:0040EFA8
8B4508
8B40FC
8BD3
E885DCFFFF
85C0
7D1E
8B4508
8B40F8
8BD3
E874DCFFFF
85C0
7C0D
8B4508
8B40FC
8BD3
E8B3DAFFFF
|:0040EF8D(C), :0040EF9E(C)
|
:0040EFAD 5B
:0040EFAE 5D
:0040EFAF C3
mov eax, dword

mov eax, dword
mov edx, ebx
call 0040CC10
test eax, eax
jge 0040EFAD
mov eax, dword
mov eax, dword
mov edx, ebx
call 0040CC10
test eax, eax
jl 0040EFAD
mov eax, dword
mov eax, dword
mov edx, ebx
call 0040CA60
ptr [ebp+08]
ptr [eax-04]
ptr [ebp+08]
ptr [eax-08]
ptr [ebp+08]
ptr [eax-04]

pop ebx
pop ebp
ret

|:0040F116
|
:0040EFB0 55
push ebp
:0040EFB1 8BEC
mov ebp, esp
:0040EFB3 53
push ebx
:0040EFB4 8BD8
mov ebx, eax
:0040EFB6 8B4508
mov eax, dword ptr
:0040EFB9 8B40FC
mov eax, dword ptr
:0040EFBC 8BD3
mov edx, ebx
:0040EFBE E84DDCFFFF
call 0040CC10
:0040EFC3 83F8FF
cmp eax, FFFFFFFF
:0040EFC6 740C
je 0040EFD4
:0040EFC8 8B5508
mov edx, dword ptr
:0040EFCB 8B52FC
mov edx, dword ptr
:0040EFCE 92
xchg eax,edx
:0040EFCF E8C8DAFFFF
call 0040CA9C
|:0040EFC6(C)
|
:0040EFD4 8B4508
:0040EFD7 8B40F8
:0040EFDA 8BD3
:0040EFDC E82FDCFFFF
:0040EFE1 85C0
:0040EFE3 7D0D
:0040EFE5 8B4508
:0040EFE8 8B40F8
:0040EFEB 8BD3
:0040EFED E86EDAFFFF
[ebp+08]
[eax-04]
[ebp+08]
[edx-04]

mov eax, dword
mov eax, dword
mov edx, ebx
call 0040CC10
test eax, eax
jge 0040EFF2
mov eax, dword
mov eax, dword
mov edx, ebx
call 0040CA60
ptr [ebp+08]
ptr [eax-08]
ptr [ebp+08]
ptr [eax-08]

|:0040EFE3(C)
|
:0040EFF2 5B
:0040EFF3 5D
:0040EFF4 C3
pop ebx
pop ebp
ret
:0040EFF5 8D4000

|:00410C67
|
:0040EFF8 55
push ebp
:0040EFF9 8BEC
mov ebp, esp
:0040EFFB 83C4F0
add esp, FFFFFFF0
:0040EFFE 53
push ebx
:0040EFFF 56
push esi
:0040F000 57
push edi
:0040F001 833D1436440000
cmp dword ptr [00443614], 00000000
:0040F008 0F84C3010000
je 0040F1D1
:0040F00E A110364400
:0040F013 E8FCA8FFFF
call 00409914
:0040F018 33C0
xor eax, eax
:0040F01A 55
push ebp
:0040F01B 68CAF14000
push 0040F1CA
:0040F020 64FF30
:0040F023 648920
:0040F026 A128364400
:0040F02B E864DFFFFF
call 0040CF94
:0040F030 8BF8
mov edi, eax
:0040F032 33C0
xor eax, eax
:0040F034 55
push ebp
:0040F035 68ABF14000
push 0040F1AB
:0040F03A 64FF30
:0040F03D 648920
:0040F040 837F0800
cmp dword ptr [edi+08], 00000000
:0040F044 0F8E49010000
jle 0040F193
:0040F04A B201
mov dl, 01
:0040F04C A154B54000
:0040F051 E89A3BFFFF
call 00402BF0
:0040F056 8945FC
:0040F059 33C0
xor eax, eax
:0040F05B 55
push ebp
:0040F05C 688CF14000
push 0040F18C
:0040F061 64FF30
:0040F064 648920
:0040F067 B201
mov dl, 01
:0040F069 A154B54000
:0040F06E E87D3BFFFF
call 00402BF0
:0040F073 8945F8
:0040F076 33C0
xor eax, eax
:0040F078 55
push ebp
:0040F079 683CF14000
push 0040F13C
:0040F07E 64FF30
:0040F081 648920
:0040F084 33F6
xor esi, esi
:0040F086 E992000000
jmp 0040F11D
|:0040F120(C)
|
:0040F08B
:0040F08D
:0040F08F
:0040F094
:0040F096
:0040F099
:0040F09F
:0040F0A2
:0040F0A6
:0040F0A8
:0040F0AB
:0040F0AE
:0040F0B3
:0040F0B5
8BD6
8BC7
E8E4DAFFFF
8BD8
8B4310
FF1514364400
8945F4
837DF400
750F
8B530C
8B4304
E85DBAFFFF
85C0
745B
mov edx, esi

mov eax, edi
call 0040CB78
mov ebx, eax
jne 0040F0B7
call 0040AB10
test eax, eax
je 0040F112
|:0040F0A6(C)
|
:0040F0B7 837DF400
:0040F0BB 7439
:0040F0BD 8B5314
:0040F0C0 8B45F4
:0040F0C3 E8C8280000
:0040F0C8 8945F0
:0040F0CB 837DF000
:0040F0CF 7517
:0040F0D1 8B4314

je 0040F0F6
call 00411990
jne 0040F0E8
* Possible StringData Ref from Code Obj ->"OWNER"

|
:0040F0D4 BAE0F14000
mov edx, 0040F1E0
:0040F0D9 E80E84FFFF
call 004074EC
:0040F0DE 85C0
test eax, eax
:0040F0E0 7506
jne 0040F0E8
:0040F0E2 8B45F4
:0040F0E5 8945F0
|:0040F0CF(C), :0040F0E0(C)
|
:0040F0E8 8B530C
:0040F0EB 8B4304
:0040F0EE 8B4DF0
:0040F0F1 E88EBAFFFF
|:0040F0BB(C)
|
:0040F0F6 55
:0040F0F7 8B4304
:0040F0FA E879FEFFFF
:0040F0FF 59
:0040F100 8BD6
:0040F102 8BC7
:0040F104 E893D9FFFF
:0040F109 8BC3
:0040F10B E8103BFFFF
:0040F110 EB0B

call 0040AB84
push ebp
call 0040EF78
pop ecx
mov edx, esi
mov eax, edi
call 0040CA9C
mov eax, ebx
call 00402C20
jmp 0040F11D
|:0040F0B5(C)
|
:0040F112 55
:0040F113 8B4304
:0040F116 E895FEFFFF
:0040F11B 59
:0040F11C 46
push ebp
call 0040EFB0
pop ecx
inc esi
|:0040F086(U), :0040F110(U)
|
:0040F11D 3B7708
:0040F120 0F8C65FFFFFF
:0040F126 33C0
:0040F128 5A
:0040F129 59
:0040F12A 59
:0040F12B 648910
:0040F12E 6843F14000
|:0040F141(U)
|
:0040F133 8B45F8
:0040F136 E8E53AFFFF
:0040F13B C3
:0040F13C
:0040F141
:0040F143
:0040F146
:0040F149
:0040F14A
:0040F14C
:0040F14E
:0040F14F
jmp 00403278
jmp 0040F133
dec ebx
test ebx, ebx
jl 0040F176
inc ebx
xor esi, esi
E93741FFFF
EBF0
8B45FC
8B5808
4B
85DB
7C28
43
33F6
|:0040F174(C)
|
:0040F151 8BD6
:0040F153 8B45FC
:0040F156 E81DDAFFFF
:0040F15B 8BF8
:0040F15D 8BC7
:0040F15F 8B15A8BE4000
:0040F165 E8263CFFFF
:0040F16A 84C0
:0040F16C 7404
:0040F16E 8067207F
cmp esi, dword ptr [edi+08]

jl 0040F08B
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040F143

call 00402C20
ret

mov edx, esi
call 0040CB78
mov edi, eax
mov eax, edi
mov edx, dword ptr [0040BEA8]
call 00402D90
test al, al
je 0040F172
and byte ptr [edi+20], 7F

|:0040F16C(C)
|
:0040F172 46
inc esi
:0040F173 4B
dec ebx
:0040F174 75DB
jne 0040F151
|:0040F14C(C)
|
:0040F176 33C0
:0040F178 5A
:0040F179 59
:0040F17A 59
:0040F17B 648910
:0040F17E 6893F14000
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040F193
|:0040F191(U)
|
:0040F183 8B45FC
:0040F186 E8953AFFFF
:0040F18B C3
:0040F18C E9E740FFFF
:0040F191 EBF0
jmp 00403278
jmp 0040F183
|:0040F044(C)
|
:0040F193 33C0
:0040F195 5A
:0040F196 59
:0040F197 59
:0040F198 648910
:0040F19B 68B2F14000
|:0040F1B0(U)
|
:0040F1A0 A128364400
:0040F1A5 E84EDEFFFF
:0040F1AA C3
:0040F1AB
:0040F1B0
:0040F1B2
:0040F1B4
:0040F1B5
:0040F1B6
:0040F1B7
jmp
jmp
xor
pop
pop
pop
mov
E9C840FFFF
EBEE
33C0
5A
59
59
648910

call 00402C20
ret
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040F1B2

call 0040CFF8
ret
00403278
0040F1A0
eax, eax
edx
ecx
ecx

|
:0040F1BA 68D1F14000
push 0040F1D1
|:0040F1CF(U)
|
:0040F1BF A110364400
:0040F1C4 E897A7FFFF
:0040F1C9 C3
:0040F1CA E9A940FFFF
:0040F1CF EBEE
jmp 00403278
jmp 0040F1BF

call 00409960
ret

|:0040F008(C)
|
:0040F1D1 5F
pop edi
:0040F1D2 5E
pop esi
:0040F1D3 5B
pop ebx
:0040F1D4 8BE5
mov esp, ebp
:0040F1D6 5D
pop ebp
:0040F1D7 C3
ret
:0040F1D8 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040F1DC
:0040F1E1
:0040F1E2
:0040F1E3
:0040F1E4
:0040F1E5
add eax, 4F000000

push edi
dec esi
inc ebp
push edx
BYTE 3 DUP(0)
050000004F
57
4E
45
52
000000

|:00410C80 , :004123F0 , :00438375
|
:0040F1E8 55
push ebp
:0040F1E9 8BEC
mov ebp, esp
:0040F1EB 83C4F8
add esp, FFFFFFF8
:0040F1EE 53
push ebx
:0040F1EF 56
push esi
:0040F1F0 57
push edi
:0040F1F1 8955F8
:0040F1F4 8945FC
:0040F1F7 833D2836440000
cmp dword ptr [00443628], 00000000
:0040F1FE 0F8486000000
je 0040F28A
:0040F204 A128364400
:0040F209 E886DDFFFF
call 0040CF94
:0040F20E 8BF8
mov edi, eax
:0040F210 33C0
xor eax, eax
:0040F212 55
push ebp
:0040F213 6883F24000
push 0040F283
:0040F218 64FF30
:0040F21B 648920
:0040F21E 8B5F08
:0040F221 4B
dec ebx
:0040F222 83FB00
cmp ebx, 00000000
:0040F225 7C44
jl 0040F26B
|:0040F269(C)
|
:0040F227 8BD3
:0040F229 8BC7
:0040F22B E848D9FFFF
:0040F230 8BF0
:0040F232 837DFC00
:0040F236 7408
:0040F238 8B4608

mov edx, ebx
mov eax, edi
call 0040CB78
mov esi, eax
je 0040F240
:0040F23B 3B45FC
:0040F23E 7525

jne 0040F265
|:0040F236(C)
|
:0040F240 837DF800
:0040F244 740F
:0040F246 8B5610
:0040F249 8B45F8
:0040F24C E89B82FFFF
:0040F251 85C0
:0040F253 7510
|:0040F244(C)
|
:0040F255 8BD3
:0040F257 8BC7
:0040F259 E83ED8FFFF
:0040F25E 8BC6
:0040F260 E8BB39FFFF
|:0040F23E(C), :0040F253(C)
|
:0040F265 4B
:0040F266 83FBFF
:0040F269 75BC

je 0040F255
call 004074EC
test eax, eax
jne 0040F265
mov edx, ebx

mov eax, edi
call 0040CA9C
mov eax, esi
call 00402C20
dec ebx
cmp ebx, FFFFFFFF
jne 0040F227

|:0040F225(C)
|
:0040F26B 33C0
xor eax, eax
:0040F26D 5A
pop edx
:0040F26E 59
pop ecx
:0040F26F 59
pop ecx
:0040F270 648910
|
:0040F273 688AF24000
push 0040F28A
|:0040F288(U)
|
:0040F278 A128364400
:0040F27D E876DDFFFF
:0040F282 C3
:0040F283 E9F03FFFFF
:0040F288 EBEE
jmp 00403278
jmp 0040F278

call 0040CFF8
ret

|:0040F1FE(C)
|
:0040F28A 5F
pop edi
:0040F28B 5E
pop esi
:0040F28C 5B
pop ebx
:0040F28D
:0040F28E
:0040F28F
:0040F290
59
59
5D
C3
:0040F291 8D4000
pop ecx
pop ecx
pop ebp
ret

|:0040D1E9
|
:0040F294 55
push ebp
:0040F295 8BEC
mov ebp, esp
:0040F297 51
push ecx
:0040F298 53
push ebx
:0040F299 56
push esi
:0040F29A 57
push edi
:0040F29B 8945FC
:0040F29E 833D2836440000
cmp dword ptr [00443628], 00000000
:0040F2A5 746B
je 0040F312
:0040F2A7 A128364400
:0040F2AC E8E3DCFFFF
call 0040CF94
:0040F2B1 8BF8
mov edi, eax
:0040F2B3 33C0
xor eax, eax
:0040F2B5 55
push ebp
:0040F2B6 680BF34000
push 0040F30B
:0040F2BB 64FF30
:0040F2BE 648920
:0040F2C1 8B5F08
:0040F2C4 4B
dec ebx
:0040F2C5 83FB00
cmp ebx, 00000000
:0040F2C8 7C29
jl 0040F2F3
|:0040F2F1(C)
|
:0040F2CA 8BD3
:0040F2CC 8BC7
:0040F2CE E8A5D8FFFF
:0040F2D3 8BF0
:0040F2D5 8B4604
:0040F2D8 3B45FC
:0040F2DB 7510
:0040F2DD 8BD3
:0040F2DF 8BC7
:0040F2E1 E8B6D7FFFF
:0040F2E6 8BC6
:0040F2E8 E83339FFFF

mov edx, ebx
mov eax, edi
call 0040CB78
mov esi, eax
jne 0040F2ED
mov edx, ebx
mov eax, edi
call 0040CA9C
mov eax, esi
call 00402C20

|:0040F2DB(C)
|
:0040F2ED 4B
dec ebx
:0040F2EE 83FBFF
cmp ebx, FFFFFFFF
:0040F2F1 75D7
jne 0040F2CA
|:0040F2C8(C)
|
:0040F2F3 33C0
xor eax, eax
:0040F2F5
:0040F2F6
:0040F2F7
:0040F2F8
5A
59
59
648910
pop
pop
pop
mov
edx
ecx
ecx

|
:0040F2FB 6812F34000
push 0040F312
|:0040F310(U)
|
:0040F300 A128364400
:0040F305 E8EEDCFFFF
:0040F30A C3
:0040F30B E9683FFFFF
:0040F310 EBEE
jmp 00403278
jmp 0040F300

call 0040CFF8
ret

|:0040F2A5(C)
|
:0040F312 5F
pop edi
:0040F313 5E
pop esi
:0040F314 5B
pop ebx
:0040F315 59
pop ecx
:0040F316 5D
pop ebp
:0040F317 C3
ret

|:0040F353 , :0040F39B , :00410202 , :004107DC , :00410DE5
|
:0040F318 53
push ebx
:0040F319 8BD8
mov ebx, eax
:0040F31B 8BCB
mov ecx, ebx
:0040F31D B201
mov dl, 01
:0040F31F A1C4B14000
:0040F324 E84395FFFF
call 0040886C
:0040F329 E8823FFFFF
call 004032B0
:0040F32E 5B
pop ebx
:0040F32F C3
ret

|:0040F3CD , :0040F42F , :0040F4B9 , :0040F5D0 , :0040F894
|:0040FFC1 , :00410057 , :004104A4 , :00410D23 , :00410E85
|:00410EBF
|
:0040F330 55
push ebp
:0040F331 8BEC
mov ebp, esp
:0040F333 6A00
push 00000000
:0040F335 33C0
xor eax, eax
:0040F337 55
push ebp
:0040F338 686EF34000
push 0040F36E
:0040F33D 64FF30
:0040F340 648920
:0040F343
:0040F346
:0040F34B
:0040F350
:0040F353
:0040F358
:0040F35A
:0040F35B
:0040F35C
:0040F35D
:0040F360
8D55FC
A1202C4400
E8D45AFFFF
8B45FC
E8C0FFFFFF
33C0
5A
59
59
648910
6875F34000

call 00404E24
call 0040F318
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040F375
|:0040F373(U)
|
:0040F365 8D45FC
:0040F368 E84B44FFFF
:0040F36D C3
:0040F36E
:0040F373
:0040F375
:0040F376
:0040F377
jmp
jmp
pop
pop
ret
E9053FFFFF
EBF0
59
5D
C3

call 004037B8
ret
00403278
0040F365
ecx
ebp

|:0040F76D
|
:0040F378 55
push ebp
:0040F379 8BEC
mov ebp, esp
:0040F37B 6A00
push 00000000
:0040F37D 33C0
xor eax, eax
:0040F37F 55
push ebp
:0040F380 68B6F34000
push 0040F3B6
:0040F385 64FF30
:0040F388 648920
:0040F38B 8D55FC
:0040F38E A1A02A4400
mov eax, dword ptr [00442AA0]
:0040F393 E88C5AFFFF
call 00404E24
:0040F398 8B45FC
:0040F39B E878FFFFFF
call 0040F318
:0040F3A0 33C0
xor eax, eax
:0040F3A2 5A
pop edx
:0040F3A3 59
pop ecx
:0040F3A4 59
pop ecx
:0040F3A5 648910
:0040F3A8 68BDF34000
push 0040F3BD
|:0040F3BB(U)
|
:0040F3AD 8D45FC
:0040F3B0 E80344FFFF
:0040F3B5 C3
:0040F3B6 E9BD3EFFFF
jmp 00403278

call 004037B8
ret
:0040F3BB
:0040F3BD
:0040F3BE
:0040F3BF
EBF0
59
5D
C3
jmp 0040F3AD
pop ecx
pop ebp
ret

|:004108A0 , :00410D4C
|
:0040F3C0 53
push ebx
:0040F3C1 E892B6FFFF
call 0040AA58
:0040F3C6 8BD8
mov ebx, eax
:0040F3C8 83FBFF
cmp ebx, FFFFFFFF
:0040F3CB 7505
jne 0040F3D2
:0040F3CD E85EFFFFFF
call 0040F330
|:0040F3CB(C)
|
:0040F3D2 8BC3
mov eax, ebx
:0040F3D4 5B
pop ebx
:0040F3D5 C3
ret
:0040F3D6
:0040F3D8
:0040F3D9
:0040F3DA
:0040F3DB
:0040F3E0
:0040F3E2
:0040F3E4
:0040F3E7
:0040F3EA
:0040F3EE
:0040F3F1
:0040F3F3
:0040F3F6
:0040F3F8
:0040F3FB
:0040F3FD
:0040F402
:0040F404
:0040F406
:0040F408
8BC0
53
56
57
E8843BFFFF
8BDA
8BF0
8B5610
2B5614
66B90100
8B4604
8B38
FF570C
8BD3
80E2FC
8BC6
E882FAFFFF
84DB
7E07
8BC6
E8473BFFFF
mov eax, eax

push ebx
push esi
push edi
call 00402F64
mov ebx, edx
mov esi, eax
mov edx, dword
sub edx, dword
mov cx, 0001
mov eax, dword
mov edi, dword
call [edi+0C]
mov edx, ebx
and dl, FC
mov eax, esi
call 0040EE84
test bl, bl
jle 0040F40D
mov eax, esi
call 00402F54
ptr [esi+10]
ptr [esi+14]
ptr [esi+04]
ptr [eax]

|:0040F404(C)
|
:0040F40D 5F
pop edi
:0040F40E 5E
pop esi
:0040F40F 5B
pop ebx
:0040F410 C3
ret
:0040F411 8D4000

|:0040F86C , :00410066 , :0041006E
|
:0040F414
:0040F415
:0040F416
:0040F418
:0040F41A
:0040F41C
:0040F421
:0040F423
:0040F425
:0040F428
:0040F42A
:0040F42F
53
56
8BDA
8BF0
8BC6
E8CF1A0000
3AD8
740F
FF4E10
8BC6
E8211C0000
E8FCFEFFFF
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, esi
call 00410EF0
cmp bl, al
je 0040F434
dec [esi+10]
mov eax, esi
call 00411050
call 0040F330

|:0040F423(C)
|
:0040F434 5E
pop esi
:0040F435 5B
pop ebx
:0040F436 C3
ret
:0040F437
:0040F438
:0040F439
:0040F43B
:0040F43C
:0040F43D
:0040F43F
:0040F441
:0040F444
:0040F446
:0040F44B
:0040F44D
:0040F44F
:0040F454
:0040F456
:0040F458
:0040F45B
:0040F45E
:0040F461
90
55
8BEC
53
56
8BF2
8BD8
8B5360
8BC6
E8A180FFFF
85C0
7517
66837D1200
7410
8BD3
8B4514
FF5510
8D4360
E85243FFFF
nop
push ebp
mov ebp, esp
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 004074EC
test eax, eax
jne 0040F466
cmp word ptr [ebp+12], 0000
je 0040F466
mov edx, ebx
call [ebp+10]
call 004037B8
|:0040F44D(C), :0040F454(C)
|
:0040F466 5E
:0040F467 5B
:0040F468 5D
:0040F469 C21000
:0040F46C
:0040F46D
:0040F46F
:0040F472
:0040F473
:0040F475
:0040F478
:0040F47B
:0040F47E
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
mov ebx, edx
mov eax, ebx
55
8BEC
83C4F4
53
8BDA
8945FC
8B45FC
8B5060
8BC3
pop
pop
pop
ret
esi
ebx
ebp
0010
:0040F480
:0040F485
:0040F487
:0040F48D
:0040F492
:0040F498
:0040F49B
:0040F4A0
:0040F4A2
:0040F4A4
:0040F4A7
:0040F4AA
:0040F4AD
:0040F4B2
:0040F4B5
:0040F4B9
E86780FFFF
85C0
0F85B1000000
66837D1200
0F84A6000000
8B45FC
E8501A0000
3C0A
741A
8B45FC
FF4810
8B45FC
E89E1B0000
8B45FC
C6405C01
E872FEFFFF
call 004074EC
test eax, eax
jne 0040F53E
cmp word ptr [ebp+12], 0000
je 0040F53E
call 00410EF0
cmp al, 0A
je 0040F4BE
dec [eax+10]
call 00411050
mov [eax+5C], 01
call 0040F330
|:0040F4A2(C)
|
:0040F4BE B201
:0040F4C0 A1FCBA4000
:0040F4C5 E82637FFFF
:0040F4CA 8945F8
:0040F4CD 33C0
:0040F4CF 55
:0040F4D0 682CF54000
:0040F4D5 64FF30
:0040F4D8 648920
:0040F4DB 8D55F4
:0040F4DE B904000000
:0040F4E3 8B45FC
:0040F4E6 E889020000
:0040F4EB 8B55F4
:0040F4EE 8B45F8
:0040F4F1 8B08
:0040F4F3 FF11
:0040F4F5 8B45F8
:0040F4F8 8B5004
:0040F4FB 8B4DF4
:0040F4FE 8B45FC
:0040F501 E86E020000
:0040F506 8B45FC
:0040F509 C6405C01
:0040F50D 8B55F8
:0040F510 8B4514
:0040F513 FF5510
:0040F516 33C0
:0040F518 5A
:0040F519 59
:0040F51A 59
:0040F51B 648910
:0040F51E 6833F54000
|:0040F531(U)
|
:0040F523 8B45F8
:0040F526 E8F536FFFF
:0040F52B C3
mov dl, 01
mov eax, dword ptr [0040BAFC]
call 00402BF0
xor eax, eax
push ebp
push 0040F52C
mov ecx, 00000004
call 0040F774
call 0040F774
mov [eax+5C], 01
call [ebp+10]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040F533

call 00402C20
ret
:0040F52C
:0040F531
:0040F533
:0040F536
:0040F539
E9473DFFFF
EBF0
8B45FC
83C060
E87A42FFFF
jmp 00403278
jmp 0040F523
add eax, 00000060
call 004037B8
|:0040F487(C), :0040F492(C)
|
:0040F53E 5B
:0040F53F 8BE5
:0040F541 5D
:0040F542 C21000
:0040F545 8D4000
pop
mov
pop
ret
ebx
esp, ebp
ebp
0010

|:0040DCB8 , :0040F8F3 , :0040F938 , :0040F94A
|:0040FDF9 , :00410F61 , :0041102A , :0041103C
|:00411202
|
:0040F548 53
push ebx
:0040F549 8BD8
mov ebx, eax
:0040F54B 8BC3
mov eax, ebx
:0040F54D E89E190000
call 00410EF0
:0040F552 84C0
test al, al
:0040F554 0F94C0
sete al
:0040F557 FF4B10
dec [ebx+10]
:0040F55A 5B
pop ebx
:0040F55B C3
ret
:0040F55C
:0040F55D
:0040F55E
:0040F562
:0040F567
:0040F569
:0040F56A
:0040F56C
:0040F56E
:0040F570
:0040F573
53
51
C6042400
6683785600
740D
54
8BD8
8BCA
8BD0
8B4358
FF5354
, :0040FD85
, :004111E5
push ebx
push ecx
mov byte ptr [esp], 00
je 0040F576
push esp
mov ebx, eax
mov ecx, edx
mov edx, eax
call [ebx+54]

|:0040F567(C)
|
:0040F576 8A0424
:0040F579 5A
pop edx
:0040F57A 5B
pop ebx
:0040F57B C3
ret
:0040F57C
:0040F57D
:0040F57E
:0040F57F
53
56
57
81C4F8FEFFFF
push ebx
push esi
push edi
add esp, FFFFFEF8
:0040F585
:0040F587
:0040F589
:0040F58B
:0040F58F
:0040F591
:0040F596
:0040F59B
:0040F59F
:0040F5A1
:0040F5A6
:0040F5A9
:0040F5AD
:0040F5B2
:0040F5B7
:0040F5B9
:0040F5BA
:0040F5BE
:0040F5BF
:0040F5C1
:0040F5C3
:0040F5C6
8BF1
8BFA
8BD8
8D442408
8BD6
B9FF000000
E87544FFFF
8D542408
8B07
E8BE38FFFF
890424
833C2400
0F94442404
66837B3600
7410
54
8D442408
50
8BCE
8BD3
8B4338
FF5334
mov esi, ecx

mov edi, edx
mov ebx, eax
mov edx, esi
mov ecx, 000000FF
call 00403A10
call 00402E64
sete byte ptr [esp+04]
cmp word ptr [ebx+36], 0000
je 0040F5C9
push esp
push eax
mov ecx, esi
mov edx, ebx
call [ebx+34]
|:0040F5B7(C)
|
:0040F5C9 807C240400
:0040F5CE 7405
:0040F5D0 E85BFDFFFF
|:0040F5CE(C)
|
:0040F5D5 8B0424
:0040F5D8 81C408010000
:0040F5DE 5F
:0040F5DF 5E
:0040F5E0 5B
:0040F5E1 C3
:0040F5E2 8BC0
mov eax, eax

je 0040F5D5
call 0040F330
mov
add
pop
pop
pop
ret

esp, 00000108
edi
esi
ebx

|:0040FD38
|
:0040F5E4 55
push ebp
:0040F5E5 8BEC
mov ebp, esp
:0040F5E7 83C4F4
add esp, FFFFFFF4
:0040F5EA 53
push ebx
:0040F5EB 56
push esi
:0040F5EC 57
push edi
:0040F5ED 33D2
xor edx, edx
:0040F5EF 8955F4
:0040F5F2 8945FC
:0040F5F5 33C0
xor eax, eax
:0040F5F7 55
push ebp
:0040F5F8 68C6F64000
push 0040F6C6
:0040F5FD 64FF30
:0040F600 648920
:0040F603
:0040F606
:0040F609
:0040F60B
:0040F611
:0040F613
:0040F614
:0040F619
:0040F61C
:0040F61F
:0040F622
:0040F623
:0040F625
:0040F627
:0040F628
8B45FC
8B402C
85C0
0F849F000000
33D2
55
68A9F64000
64FF32
648922
8B7808
4F
85FF
7C6C
47
C745F800000000
|:0040F691(C)
|
:0040F62F 8B45FC
:0040F632 8B402C
:0040F635 8B55F8
:0040F638 E83BD5FFFF
:0040F63D 8BD8
:0040F63F 8D45F4
:0040F642 8B5314
:0040F645 E80642FFFF
:0040F64A 8D55F4
:0040F64D 8B45FC
:0040F650 8B08
:0040F652 FF5118
:0040F655 8B45FC
:0040F658 8B4018
:0040F65B 8B55F4
:0040F65E E82D230000
:0040F663 8BF0
:0040F665 85F6
:0040F667 7517

test eax, eax
je 0040F6B0
xor edx, edx
push ebp
push 0040F6A9
dec edi
test edi, edi
jl 0040F693
inc edi
mov [ebp-08], 00000000
mov eax, dword
mov eax, dword
mov edx, dword
call 0040CB78
mov ebx, eax
lea eax, dword
mov edx, dword
call 00403850
lea edx, dword
mov eax, dword
mov ecx, dword
call [ecx+18]
mov eax, dword
mov eax, dword
mov edx, dword
call 00411990
mov esi, eax
test esi, esi
jne 0040F680
ptr [ebp-04]
ptr [eax+2C]
ptr [ebp-08]
ptr [ebp-0C]
ptr [ebx+14]
ptr [ebp-0C]
ptr [ebp-04]
ptr [eax]
ptr [ebp-04]
ptr [eax+18]
ptr [ebp-0C]
* Possible StringData Ref from Code Obj ->"OWNER"

|
:0040F669 BADCF64000
mov edx, 0040F6DC
:0040F66E 8B45F4
:0040F671 E8767EFFFF
call 004074EC
:0040F676 85C0
test eax, eax
:0040F678 7506
jne 0040F680
:0040F67A 8B45FC
:0040F67D 8B7018
|:0040F667(C), :0040F678(C)
|
:0040F680 8B530C
:0040F683 8B4304
:0040F686 8BCE
:0040F688 E8F7B4FFFF
:0040F68D FF45F8
:0040F690 4F
:0040F691 759C

mov ecx, esi
call 0040AB84
inc [ebp-08]
dec edi
jne 0040F62F
|:0040F625(C)
|
:0040F693 33C0
:0040F695 5A
:0040F696 59
:0040F697 59
:0040F698 648910
:0040F69B 68B0F64000
|:0040F6AE(U)
|
:0040F6A0 8B45FC
:0040F6A3 E85C000000
:0040F6A8 C3
:0040F6A9 E9CA3BFFFF
:0040F6AE EBF0
jmp 00403278
jmp 0040F6A0
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040F6B0

call 0040F704
ret

|:0040F60B(C)
|
:0040F6B0 33C0
xor eax, eax
:0040F6B2 5A
pop edx
:0040F6B3 59
pop ecx
:0040F6B4 59
pop ecx
:0040F6B5 648910
|
:0040F6B8 68CDF64000
push 0040F6CD
|:0040F6CB(U)
|
:0040F6BD 8D45F4
:0040F6C0 E8F340FFFF
:0040F6C5 C3
:0040F6C6
:0040F6CB
:0040F6CD
:0040F6CE
:0040F6CF
:0040F6D0
:0040F6D2
:0040F6D3
jmp
jmp
pop
pop
pop
mov
pop
ret
E9AD3BFFFF
EBF0
5F
5E
5B
8BE5
5D
C3

call 004037B8
ret
00403278
0040F6BD
edi
esi
ebx
esp, ebp
ebp
:0040F6D4 FFFFFFFF
BYTE 4 DUP(0ffh)
:0040F6D8
:0040F6DD
:0040F6DE
:0040F6DF
:0040F6E0
add eax, 4F000000

push edi
dec esi
inc ebp
push edx
050000004F
57
4E
45
52
:0040F6E1 000000
BYTE 3 DUP(0)
:0040F6E4
:0040F6E5
:0040F6E7
:0040F6E9
:0040F6EE
:0040F6F0
:0040F6F3
:0040F6F8
:0040F6FA
:0040F6FD
:0040F6FF
:0040F702
:0040F703
push ebx
mov ebx, eax
mov eax, ebx
call 0040F740
mov edx, eax
call 0040E74C
xor eax, eax
xor eax, eax
pop ebx
ret
53
8BD8
8BC3
E852000000
8BD0
8B4304
E854F0FFFF
33C0
894310
33C0
894314
5B
C3

|:0040F6A3 , :0040FD4D
|
:0040F704 53
push ebx
:0040F705 56
push esi
:0040F706 57
push edi
:0040F707 8BD8
mov ebx, eax
:0040F709 8B432C
:0040F70C 85C0
test eax, eax
:0040F70E 742B
je 0040F73B
:0040F710 8B7008
:0040F713 4E
dec esi
:0040F714 85F6
test esi, esi
:0040F716 7C16
jl 0040F72E
:0040F718 46
inc esi
:0040F719 33FF
xor edi, edi
|:0040F72C(C)
|
:0040F71B 8BD7
:0040F71D 8B432C
:0040F720 E853D4FFFF
:0040F725 E8F634FFFF
:0040F72A 47
:0040F72B 4E
:0040F72C 75ED
|:0040F716(C)
|
:0040F72E 8B432C
:0040F731 E8EA34FFFF
:0040F736 33C0
:0040F738 89432C
mov edx, edi

call 0040CB78
call 00402C20
inc edi
dec esi
jne 0040F71B

call 00402C20
xor eax, eax

|:0040F70E(C)
|
:0040F73B 5F
pop edi
:0040F73C 5E
pop esi
:0040F73D 5B
:0040F73E C3
pop ebx
ret
:0040F73F 90
nop

|:0040F6E9
|
:0040F740 53
push ebx
:0040F741 8BD8
mov ebx, eax
:0040F743 8B4304
:0040F746 E8F1EFFFFF
call 0040E73C
:0040F74B 8B5314
:0040F74E 2B5310
sub edx, dword ptr [ebx+10]
:0040F751 2BC2
sub eax, edx
:0040F753 5B
pop ebx
:0040F754 C3
ret
:0040F755 8D4000

|:0040F908 , :00410086 , :004105BC , :00410833
|:0041097E , :00410FFE
|
:0040F758 53
push ebx
:0040F759 8BD8
mov ebx, eax
:0040F75B 8BC3
mov eax, ebx
:0040F75D E88E170000
call 00410EF0
:0040F762 FF4B10
dec [ebx+10]
:0040F765 5B
pop ebx
:0040F766 C3
ret
:0040F767 90
, :00410913
nop

|:004102D7 , :0041036B
|
:0040F768 E8E3180000
call 00411050
:0040F76D E806FCFFFF
call 0040F378
:0040F772 C3
ret
:0040F773 90
|:0040F4E6 , :0040F501
|:0040FE92 , :0040FED2
|:0041001E , :00410038
|:00410E3F , :00410E6E
|:00410EE5 , :00410EF8
|
:0040F774 56
:0040F775 57
:0040F776 53
:0040F777 89D7
:0040F779 89CB
:0040F77B 89C6
nop
Addresses:
, :0040F87B
, :0040FF1E
, :00410050
, :00410E7E
, :00410F9D
,
,
,
,
,
:0040F8A3
:0040FF6D
:00410DC5
:00410E9D
:00410FB8
push esi
push edi
push ebx
mov edi, edx
mov ebx, ecx
mov esi, eax
,
,
,
,
,
:0040FE52
:0040FF90
:00410E1C
:00410ECD
:00410FDA
:0040F77D EB36
jmp 0040F7B5
|:0040F7B7(C)
|
:0040F77F 8B4E14
:0040F782 2B4E10
:0040F785 770A
:0040F787 89F0
:0040F789 E832000000
:0040F78E 8B4E14

sub ecx, dword ptr [esi+10]
ja 0040F791
mov eax, esi
call 0040F7C0

|:0040F785(C)
|
:0040F791 39D9
cmp ecx, ebx
:0040F793 7202
jb 0040F797
:0040F795 89D9
mov ecx, ebx
|:0040F793(C)
|
:0040F797 56
push esi
:0040F798 29CB
sub ebx, ecx
:0040F79A 8B4608
:0040F79D 034610
add eax, dword ptr [esi+10]
:0040F7A0 014E10
add dword ptr [esi+10], ecx
:0040F7A3 89C6
mov esi, eax
:0040F7A5 89CA
mov edx, ecx
:0040F7A7 C1E902
shr ecx, 02
:0040F7AA FC
cld
:0040F7AB F3
repz
:0040F7AC A5
movsd
:0040F7AD 89D1
mov ecx, edx
:0040F7AF 83E103
and ecx, 00000003
:0040F7B2 F3
repz
:0040F7B3 A4
movsb
:0040F7B4 5E
pop esi
|:0040F77D(U)
|
:0040F7B5 09DB
or ebx, ebx
:0040F7B7 75C6
jne 0040F77F
:0040F7B9 5B
pop ebx
:0040F7BA 5F
pop edi
:0040F7BB 5E
pop esi
:0040F7BC C3
ret
:0040F7BD 8D4000

|:0040F789
|
:0040F7C0 55
push ebp
:0040F7C1 8BEC
mov ebp, esp
:0040F7C3 6A00
push 00000000
:0040F7C5 53
push ebx
:0040F7C6 56
push esi
:0040F7C7
:0040F7C9
:0040F7CB
:0040F7CC
:0040F7D1
:0040F7D4
:0040F7D7
:0040F7DA
:0040F7DD
:0040F7E0
:0040F7E2
:0040F7E5
:0040F7E7
:0040F7EA
:0040F7EC
:0040F7EE
:0040F7F1
:0040F7F6
:0040F7FB
:0040F7FE
:0040F800
:0040F805
:0040F80A
8BD8
33C0
55
682AF84000
64FF30
648920
8B5308
8B4B0C
8B4304
8B30
FF5604
8BF0
897314
85F6
7521
8D55FC
A1E42C4400
E82956FFFF
8B4DFC
B201
A1C4B14000
E86290FFFF
E8A13AFFFF
mov ebx, eax

xor eax, eax
push ebp
push 0040F82A
mov ecx, dword ptr [ebx+0C]
call [esi+04]
mov esi, eax
test esi, esi
jne 0040F80F
call 00404E24
mov dl, 01
call 0040886C
call 004032B0

|:0040F7EC(C)
|
:0040F80F 33C0
xor eax, eax
:0040F811 894310
:0040F814 33C0
xor eax, eax
:0040F816 5A
pop edx
:0040F817 59
pop ecx
:0040F818 59
pop ecx
:0040F819 648910
|
:0040F81C 6831F84000
push 0040F831
|:0040F82F(U)
|
:0040F821 8D45FC
:0040F824 E88F3FFFFF
:0040F829 C3
:0040F82A
:0040F82F
:0040F831
:0040F832
:0040F833
:0040F834
:0040F835
jmp
jmp
pop
pop
pop
pop
ret
E9493AFFFF
EBF0
5E
5B
59
5D
C3
:0040F836 8BC0

call 004037B8
ret
00403278
0040F821
esi
ebx
ecx
ebp
mov eax, eax

|:00424420 , :00438910
|
:0040F838
:0040F839
:0040F83B
:0040F83D
:0040F842
:0040F844
:0040F847
:0040F848
53
8BD8
8BC3
E8AE160000
3C09
0F94C0
5B
C3
:0040F849 8D4000
push ebx
mov ebx, eax
mov eax, ebx
call 00410EF0
cmp al, 09
sete al
pop ebx
ret

|:00410877
|
:0040F84C 55
push ebp
:0040F84D 8BEC
mov ebp, esp
:0040F84F 83C4F8
add esp, FFFFFFF8
:0040F852 53
push ebx
:0040F853 33D2
xor edx, edx
:0040F855 8955F8
:0040F858 8BD8
mov ebx, eax
:0040F85A 33C0
xor eax, eax
:0040F85C 55
push ebp
:0040F85D 68BEF84000
push 0040F8BE
:0040F862 64FF30
:0040F865 648920
:0040F868 B206
mov dl, 06
:0040F86A 8BC3
mov eax, ebx
:0040F86C E8A3FBFFFF
call 0040F414
:0040F871 8D55FF
:0040F874 B901000000
mov ecx, 00000001
:0040F879 8BC3
mov eax, ebx
:0040F87B E8F4FEFFFF
call 0040F774
:0040F880 8A45FF
:0040F883 3C01
cmp al, 01
:0040F885 7412
je 0040F899
:0040F887 FF4B10
dec [ebx+10]
:0040F88A 8D55F8
:0040F88D 8BC3
mov eax, ebx
:0040F88F E878150000
call 00410E0C
:0040F894 E897FAFFFF
call 0040F330
|:0040F885(C)
|
:0040F899 8D55FF
:0040F89C B901000000
:0040F8A1 8BC3
:0040F8A3 E8CCFEFFFF
:0040F8A8 33C0
:0040F8AA 5A
:0040F8AB 59
:0040F8AC 59
:0040F8AD 648910
:0040F8B0 68C5F84000

mov ecx, 00000001
mov eax, ebx
call 0040F774
xor eax, eax
pop edx
pop ecx
pop ecx
push 0040F8C5

|:0040F8C3(U)
|
:0040F8B5 8D45F8
:0040F8B8 E8FB3EFFFF
:0040F8BD C3

call 004037B8
ret
:0040F8BE
:0040F8C3
:0040F8C5
:0040F8C8
:0040F8C9
:0040F8CA
:0040F8CB
:0040F8CC
jmp
jmp
mov
pop
pop
pop
pop
ret
E9B539FFFF
EBF0
8A45FF
5B
59
59
5D
C3
:0040F8CD 8D4000
00403278
0040F8B5
ebx
ecx
ecx
ebp

|:00410954
|
:0040F8D0 55
push ebp
:0040F8D1 8BEC
mov ebp, esp
:0040F8D3 51
push ecx
:0040F8D4 53
push ebx
:0040F8D5 56
push esi
:0040F8D6 8955FC
:0040F8D9 8BD8
mov ebx, eax
:0040F8DB 8B45FC
:0040F8DE 8B10
:0040F8E0 FF5214
call [edx+14]
:0040F8E3 33C0
xor eax, eax
:0040F8E5 55
push ebp
:0040F8E6 6870F94000
push 0040F970
:0040F8EB 64FF30
:0040F8EE 648920
:0040F8F1 8BC3
mov eax, ebx
:0040F8F3 E850FCFFFF
call 0040F548
:0040F8F8 84C0
test al, al
:0040F8FA 754C
jne 0040F948
:0040F8FC 8B45FC
:0040F8FF E8D4DAFFFF
call 0040D3D8
:0040F904 EB42
jmp 0040F948
|:0040F951(C)
|
:0040F906 8BC3
:0040F908 E84BFEFFFF
:0040F90D 04FE
:0040F90F 2C03
:0040F911 7307
:0040F913 8BC3
:0040F915 E8DE060000

mov eax, ebx
call 0040F758
add al, FE
sub al, 03
jnb 0040F91A
mov eax, ebx
call 0040FFF8

|:0040F911(C)
|
:0040F91A 8B45FC
:0040F91D E8AADAFFFF
call 0040D3CC
:0040F922
:0040F924
:0040F926
:0040F92B
8BF0
8BC3
E839070000
EB09
mov esi, eax

mov eax, ebx
call 00410064
jmp 0040F936
|:0040F93F(C)
|
:0040F92D 8BD6
:0040F92F 8BC3
:0040F931 E8F2080000
|:0040F92B(U)
|
:0040F936 8BC3
:0040F938 E80BFCFFFF
:0040F93D 84C0
:0040F93F 74EC
:0040F941 8BC3
:0040F943 E824070000
|:0040F8FA(C), :0040F904(U)
|
:0040F948 8BC3
:0040F94A E8F9FBFFFF
:0040F94F 84C0
:0040F951 74B3
:0040F953 8BC3
:0040F955 E812070000
:0040F95A 33C0
:0040F95C 5A
:0040F95D 59
:0040F95E 59
:0040F95F 648910
mov edx, esi

mov eax, ebx
call 00410228
mov eax, ebx

call 0040F548
test al, al
je 0040F92D
mov eax, ebx
call 0041006C
mov eax, ebx

call 0040F548
test al, al
je 0040F906
mov eax, ebx
call 0041006C
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040F962 6877F94000
push 0040F977
|:0040F975(U)
|
:0040F967 8B45FC
:0040F96A 8B10
:0040F96C FF5218
call [edx+18]
:0040F96F C3
ret
:0040F970
:0040F975
:0040F977
:0040F978
:0040F979
:0040F97A
:0040F97B
E90339FFFF
EBF0
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
ret
00403278
0040F967
esi
ebx
ecx
ebp

|:0040F9BD , :0040FC90
|
:0040F97C 55
push ebp
:0040F97D 8BEC
mov ebp, esp
:0040F97F 8B4508
:0040F982 F640FF01
test [eax-01], 01
:0040F986 7509
jne 0040F991
:0040F988 8B4508
:0040F98B 8378F800
:0040F98F 7404
je 0040F995
|:0040F986(C)
|
:0040F991 33C0
xor eax, eax
:0040F993 5D
pop ebp
:0040F994 C3
ret

|:0040F98F(C)
|
:0040F995 B001
mov al, 01
:0040F997 5D
pop ebp
:0040F998 C3
ret
:0040F999 8D4000

|:0040FA5B , :0040FAD0 , :0040FB5E
|
:0040F99C 55
push ebp
:0040F99D 8BEC
mov ebp, esp
:0040F99F 53
push ebx
:0040F9A0 56
push esi
:0040F9A1 8BF0
mov esi, eax
:0040F9A3 33DB
xor ebx, ebx
:0040F9A5 E8828CFFFF
call 0040862C
:0040F9AA 8B1584694000
:0040F9B0 E8DB33FFFF
call 00402D90
:0040F9B5 84C0
test al, al
:0040F9B7 743B
je 0040F9F4
:0040F9B9 8B4508
:0040F9BC 50
push eax
:0040F9BD E8BAFFFFFF
call 0040F97C
:0040F9C2 59
pop ecx
:0040F9C3 84C0
test al, al
:0040F9C5 7407
je 0040F9CE
:0040F9C7 8B06
:0040F9C9 E85232FFFF
call 00402C20
|:0040F9C5(C)
|
:0040F9CE 33C0
xor eax, eax
:0040F9D0 8906
:0040F9D2 8B4508
:0040F9D5
:0040F9D8
:0040F9DA
:0040F9DF
:0040F9E4
:0040F9E7
:0040F9EA
:0040F9ED
:0040F9EF
:0040F9F2
8B40F4
33D2
E8B9170000
E8488CFFFF
8B5004
8B4508
8B40F4
8B08
FF510C
8BD8
mov eax, dword

xor edx, edx
call 00411198
call 0040862C
mov edx, dword
mov eax, dword
mov eax, dword
mov ecx, dword
call [ecx+0C]
mov ebx, eax
ptr [eax-0C]
ptr
ptr
ptr
ptr
[eax+04]
[ebp+08]
[eax-0C]
[eax]

|:0040F9B7(C)
|
:0040F9F4 8BC3
mov eax, ebx
:0040F9F6 5E
pop esi
:0040F9F7 5B
pop ebx
:0040F9F8 5D
pop ebp
:0040F9F9 C3
ret
:0040F9FA 8BC0
mov eax, eax

|:0040FBF4
|
:0040F9FC 55
push ebp
:0040F9FD 8BEC
mov ebp, esp
:0040F9FF 53
push ebx
:0040FA00 56
push esi
:0040FA01 57
push edi
:0040FA02 33C0
xor eax, eax
:0040FA04 55
push ebp
:0040FA05 684CFA4000
push 0040FA4C
:0040FA0A 64FF30
:0040FA0D 648920
:0040FA10 8B4508
:0040FA13 8B50EC
:0040FA16 8B4508
:0040FA19 8B40F4
:0040FA1C 8B4018
:0040FA1F E80CC9FFFF
call 0040C330
:0040FA24 8B5508
:0040FA27 8B52F4
mov edx, dword ptr [edx-0C]
:0040FA2A 8B4A24
:0040FA2D B201
mov dl, 01
:0040FA2F FF502C
call [eax+2C]
:0040FA32 8B5508
:0040FA35 8942F0
mov dword ptr [edx-10], eax
:0040FA38 8B4508
:0040FA3B 8B40F0
:0040FA3E 80482001
or byte ptr [eax+20], 01
:0040FA42 33C0
xor eax, eax
:0040FA44 5A
pop edx
:0040FA45 59
pop ecx
:0040FA46 59
pop ecx
:0040FA47 648910
:0040FA4A EB23
jmp 0040FA6F
:0040FA4C E91F36FFFF
jmp 00403070
:0040FA51 8B4508
:0040FA54
:0040FA55
:0040FA58
:0040FA5B
:0040FA60
:0040FA61
:0040FA63
:0040FA65
50
8B4508
83C0F0
E83CFFFFFF
59
84C0
7505
E86238FFFF
push eax
add eax, FFFFFFF0
call 0040F99C
pop ecx
test al, al
jne 0040FA6A
call 004032CC

|:0040FA63(C)
|
:0040FA6A E8B138FFFF
call 00403320
|:0040FA4A(U)
|
:0040FA6F 5F
pop edi
:0040FA70 5E
pop esi
:0040FA71 5B
pop ebx
:0040FA72 5D
pop ebp
:0040FA73 C3
ret

|:0040FC20
|
:0040FA74 55
push ebp
:0040FA75 8BEC
mov ebp, esp
:0040FA77 53
push ebx
:0040FA78 56
push esi
:0040FA79 57
push edi
:0040FA7A 33C0
xor eax, eax
:0040FA7C 55
push ebp
:0040FA7D 68C1FA4000
push 0040FAC1
:0040FA82 64FF30
:0040FA85 648920
:0040FA88 8B4508
:0040FA8B 8B40F4
:0040FA8E 8B5028
:0040FA91 8B4508
:0040FA94 8B40F0
:0040FA97 66BBF9FF
mov bx, FFF9
:0040FA9B E85433FFFF
call 00402DF4
:0040FAA0 8B4508
:0040FAA3 8D48E8
lea ecx, dword ptr [eax-18]
:0040FAA6 8B4508
:0040FAA9 8B50F0
:0040FAAC 8B4508
:0040FAAF 8B40F4
:0040FAB2 8B18
:0040FAB4 FF5314
call [ebx+14]
:0040FAB7 33C0
xor eax, eax
:0040FAB9 5A
pop edx
:0040FABA 59
pop ecx
:0040FABB 59
pop ecx
:0040FABC 648910
:0040FABF EB23
jmp 0040FAE4
:0040FAC1 E9AA35FFFF
jmp 00403070
:0040FAC6
:0040FAC9
:0040FACA
:0040FACD
:0040FAD0
:0040FAD5
:0040FAD6
:0040FAD8
:0040FADA
8B4508
50
8B4508
83C0F0
E8C7FEFFFF
59
84C0
7505
E8ED37FFFF

push eax
add eax, FFFFFFF0
call 0040F99C
pop ecx
test al, al
jne 0040FADF
call 004032CC

|:0040FAD8(C)
|
:0040FADF E83C38FFFF
call 00403320
|:0040FABF(U)
|
:0040FAE4 5F
pop edi
:0040FAE5 5E
pop esi
:0040FAE6 5B
pop ebx
:0040FAE7 5D
pop ebp
:0040FAE8 C3
ret
:0040FAE9 8D4000

|:0040FBEB
|
:0040FAEC 55
push ebp
:0040FAED 8BEC
mov ebp, esp
:0040FAEF 53
push ebx
:0040FAF0 56
push esi
:0040FAF1 57
push edi
:0040FAF2 33C0
xor eax, eax
:0040FAF4 55
push ebp
:0040FAF5 684FFB4000
push 0040FB4F
:0040FAFA 64FF30
:0040FAFD 648920
:0040FB00 8B4508
:0040FB03 8B50EC
:0040FB06 8B4508
:0040FB09 8B40F4
:0040FB0C 8B4018
:0040FB0F E81CC8FFFF
call 0040C330
:0040FB14 8BC8
mov ecx, eax
:0040FB16 8B4508
:0040FB19 8B50E8
:0040FB1C 8B4508
:0040FB1F 8B40F4
:0040FB22 8B18
:0040FB24 FF531C
call [ebx+1C]
:0040FB27 8B5508
:0040FB2A 8942F0
:0040FB2D 8B4508
:0040FB30 8B40F0
:0040FB33 66BBF3FF
mov bx, FFF3
:0040FB37 E8B832FFFF
call 00402DF4
:0040FB3C 8B5508
:0040FB3F
:0040FB42
:0040FB45
:0040FB47
:0040FB48
:0040FB49
:0040FB4A
:0040FB4D
:0040FB4F
:0040FB54
:0040FB57
:0040FB58
:0040FB5B
:0040FB5E
:0040FB63
:0040FB64
:0040FB66
:0040FB68
8B52F4
894228
33C0
5A
59
59
648910
EB23
E91C35FFFF
8B4508
50
8B4508
83C0F0
E839FEFFFF
59
84C0
7505
E85F37FFFF
mov edx, dword ptr [edx-0C]

xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0040FB72
jmp 00403070
push eax
add eax, FFFFFFF0
call 0040F99C
pop ecx
test al, al
jne 0040FB6D
call 004032CC

|:0040FB66(C)
|
:0040FB6D E8AE37FFFF
call 00403320
|:0040FB4D(U)
|
:0040FB72 5F
pop edi
:0040FB73 5E
pop esi
:0040FB74 5B
pop ebx
:0040FB75 5D
pop ebp
:0040FB76 C3
ret
:0040FB77 90
nop

|:0040FDF1
|
:0040FB78 55
push ebp
:0040FB79 8BEC
mov ebp, esp
:0040FB7B 83C4E0
add esp, FFFFFFE0
:0040FB7E 53
push ebx
:0040FB7F 56
push esi
:0040FB80 57
push edi
:0040FB81 33C9
xor ecx, ecx
:0040FB83 894DEC
:0040FB86 894DE8
:0040FB89 8955F8
:0040FB8C 8945F4
:0040FB8F 33C0
xor eax, eax
:0040FB91 55
push ebp
:0040FB92 68E5FC4000
push 0040FCE5
:0040FB97 64FF30
:0040FB9A 648920
:0040FB9D 8D4DE4
:0040FBA0 8D55FF
:0040FBA3 8B45F4
:0040FBA6 8B18
:0040FBA8 FF5320
call [ebx+20]
:0040FBAB
:0040FBAE
:0040FBB1
:0040FBB6
:0040FBB9
:0040FBBC
:0040FBC1
:0040FBC4
:0040FBC7
:0040FBCA
:0040FBCC
:0040FBCD
:0040FBD2
:0040FBD5
:0040FBD8
:0040FBDB
:0040FBDE
:0040FBE2
:0040FBE4
:0040FBE8
:0040FBEA
:0040FBEB
:0040FBF0
:0040FBF1
8D55EC
8B45F4
E856120000
8D55E8
8B45F4
E84B120000
8B45F4
8B4028
8945E0
33C0
55
68C3FC4000
64FF30
648920
8B45F8
8945F0
837DF000
7516
F645FF01
7409
55
E8FCFEFFFF
59
EB07

call 00410E0C
call 00410E0C
xor eax, eax
push ebp
push 0040FCC3
jne 0040FBFA
test [ebp-01], 01
je 0040FBF3
push ebp
call 0040FAEC
pop ecx
jmp 0040FBFA
|:0040FBE8(C)
|
:0040FBF3 55
:0040FBF4 E803FEFFFF
:0040FBF9 59
|:0040FBE2(C), :0040FBF1(U)
|
:0040FBFA 837DF000
:0040FBFE 0F84A8000000
:0040FC04 33C0
:0040FC06 55
:0040FC07 688AFC4000
:0040FC0C 64FF30
:0040FC0F 648920
:0040FC12 8B45F0
:0040FC15 80482001
:0040FC19 F645FF01
:0040FC1D 7507
:0040FC1F 55
:0040FC20 E84FFEFFFF
:0040FC25 59
|:0040FC1D(C)
|
:0040FC26 837DF000
:0040FC2A 7512
:0040FC2C 33C0
:0040FC2E 5A
:0040FC2F 59
:0040FC30 59
:0040FC31 648910
push ebp
call 0040F9FC
pop ecx

je 0040FCAC
xor eax, eax
push ebp
push 0040FC8A
test [ebp-01], 01
jne 0040FC26
push ebp
call 0040FA74
pop ecx
cmp
jne
xor
pop
pop
pop
mov
dword ptr [ebp-10], 00000000

0040FC3E
eax, eax
edx
ecx
ecx
:0040FC34 E81737FFFF
:0040FC39 E98C000000
call 00403350
jmp 0040FCCA
|:0040FC2A(C)
|
:0040FC3E 8B45F0
:0040FC41 80482002
:0040FC45 8B55F4
:0040FC48 8B45F0
:0040FC4B 8B08
:0040FC4D FF5114
:0040FC50 8B45F0
:0040FC53 806020FD
:0040FC57 F645FF02
:0040FC5B 7415
:0040FC5D 8B45F4
:0040FC60 8B4028
:0040FC63 8B4DE4
:0040FC66 8B55F0
:0040FC69 66BBFAFF
:0040FC6D E88231FFFF
|:0040FC5B(C)
|
:0040FC72 8B45F4
:0040FC75 8B4030
:0040FC78 8B55F0
:0040FC7B E8E0CDFFFF
:0040FC80 33C0
:0040FC82 5A
:0040FC83 59
:0040FC84 59
:0040FC85 648910
:0040FC88 EB22
:0040FC8A E9E133FFFF
:0040FC8F 55
:0040FC90 E8E7FCFFFF
:0040FC95 59
:0040FC96 84C0
:0040FC98 7408
:0040FC9A 8B45F0
:0040FC9D E87E2FFFFF

call [ecx+14]
and byte ptr [eax+20], FD
test [ebp-01], 02
je 0040FC72
mov bx, FFFA
call 00402DF4

call 0040CA60
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0040FCAC
jmp 00403070
push ebp
call 0040F97C
pop ecx
test al, al
je 0040FCA2
call 00402C20

|:0040FC98(C)
|
:0040FCA2 E82536FFFF
call 004032CC
:0040FCA7 E87436FFFF
call 00403320
|:0040FBFE(C), :0040FC88(U)
|
:0040FCAC 33C0
:0040FCAE 5A
:0040FCAF 59
:0040FCB0 59
:0040FCB1 648910
:0040FCB4 68CAFC4000

xor eax, eax
pop edx
pop ecx
pop ecx
push 0040FCCA

|:0040FCC8(U)
|
:0040FCB9 8B45F4
:0040FCBC 8B55E0
:0040FCBF 895028
:0040FCC2 C3
ret
:0040FCC3 E9B035FFFF
:0040FCC8 EBEF
jmp 00403278
jmp 0040FCB9
|:0040FC39(U)
|
:0040FCCA 33C0
:0040FCCC 5A
:0040FCCD 59
:0040FCCE 59
:0040FCCF 648910
:0040FCD2 68ECFC4000
|:0040FCEA(U)
|
:0040FCD7 8D45E8
:0040FCDA BA02000000
:0040FCDF E8F83AFFFF
:0040FCE4 C3
:0040FCE5
:0040FCEA
:0040FCEC
:0040FCEF
:0040FCF0
:0040FCF1
:0040FCF2
:0040FCF4
:0040FCF5
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
E98E35FFFF
EBEB
8B45F0
5F
5E
5B
8BE5
5D
C3
:0040FCF6 8BC0
xor eax, eax

pop edx
pop ecx
pop ecx
push 0040FCEC

mov edx, 00000002
call 004037DC
ret
00403278
0040FCD7
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:004118B5
|
:0040FCF8 55
push ebp
:0040FCF9 8BEC
mov ebp, esp
:0040FCFB 51
push ecx
:0040FCFC 53
push ebx
:0040FCFD 8BDA
mov ebx, edx
:0040FCFF 8945FC
:0040FD02 8B45FC
:0040FD05 83782C00
:0040FD09 754F
jne 0040FD5A
:0040FD0B B201
mov dl, 01
:0040FD0D A154B54000
:0040FD12 E8D92EFFFF
call 00402BF0
:0040FD17
:0040FD1A
:0040FD1D
:0040FD1F
:0040FD20
:0040FD25
:0040FD28
:0040FD2B
:0040FD2D
:0040FD30
:0040FD35
:0040FD38
:0040FD3D
:0040FD3F
:0040FD40
:0040FD41
:0040FD42
8B55FC
89422C
33C0
55
6853FD4000
64FF30
648920
8BD3
8B45FC
E833000000
8B45FC
E8A7F8FFFF
33C0
5A
59
59
648910

mov dword ptr [edx+2C], eax
xor eax, eax
push ebp
push 0040FD53
mov edx, ebx
call 0040FD68
call 0040F5E4
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040FD45 6864FD4000
push 0040FD64
|:0040FD58(U)
|
:0040FD4A 8B45FC
:0040FD4D E8B2F9FFFF
:0040FD52 C3
:0040FD53 E92035FFFF
:0040FD58 EBF0
jmp 00403278
jmp 0040FD4A
|:0040FD09(C)
|
:0040FD5A 8BD3
:0040FD5C 8B45FC
:0040FD5F E804000000
:0040FD64 5B
:0040FD65 59
:0040FD66 5D
:0040FD67 C3

call 0040F704
ret
mov edx, ebx

call 0040FD68
pop ebx
pop ecx
pop ebp
ret

|:0040FD30 , :0040FD5F
|
:0040FD68 55
push ebp
:0040FD69 8BEC
mov ebp, esp
:0040FD6B 83C4F4
add esp, FFFFFFF4
:0040FD6E 53
push ebx
:0040FD6F 56
push esi
:0040FD70 57
push edi
:0040FD71 8BF2
mov esi, edx
:0040FD73 8945FC
:0040FD76 EB0A
jmp 0040FD82
|:0040FD8C(C)
|
:0040FD78 8BD6
:0040FD7A 8B45FC
:0040FD7D E8A6040000
mov edx, esi

call 00410228
|:0040FD76(U)
|
:0040FD82 8B45FC
:0040FD85 E8BEF7FFFF
:0040FD8A 84C0
:0040FD8C 74EA
:0040FD8E 8B45FC
:0040FD91 E8D6020000
:0040FD96 8B45FC
:0040FD99 8B4028
:0040FD9C 8945F8
:0040FD9F 8B45FC
:0040FDA2 8B4024
:0040FDA5 8945F4
:0040FDA8 8BC6
:0040FDAA 66BBFBFF
:0040FDAE E84130FFFF
:0040FDB3 8B55FC
:0040FDB6 894228
:0040FDB9 33C0
:0040FDBB 55
:0040FDBC 682AFE4000
:0040FDC1 64FF30
:0040FDC4 648920
:0040FDC7 8BC6
:0040FDC9 66BBFCFF
:0040FDCD E82230FFFF
:0040FDD2 8BF8
:0040FDD4 8B45FC
:0040FDD7 897824
:0040FDDA 85FF
:0040FDDC 7518
:0040FDDE 8B45FC
:0040FDE1 8B4018
:0040FDE4 8B55FC
:0040FDE7 894224
:0040FDEA EB0A
|:0040FE00(C)
|
:0040FDEC 33D2
:0040FDEE 8B45FC
:0040FDF1 E882FDFFFF
|:0040FDDC(C), :0040FDEA(U)
|
:0040FDF6 8B45FC
:0040FDF9 E84AF7FFFF
:0040FDFE 84C0
:0040FE00 74EA
:0040FE02 8B45FC

call 0040F548
test al, al
je 0040FD78
call 0041006C
mov eax, esi
mov bx, FFFB
call 00402DF4
xor eax, eax
push ebp
push 0040FE2A
mov eax, esi
mov bx, FFFC
call 00402DF4
mov edi, eax
mov dword ptr [eax+24], edi
test edi, edi
jne 0040FDF6
jmp 0040FDF6
xor edx, edx

call 0040FB78

call 0040F548
test al, al
je 0040FDEC
:0040FE05
:0040FE0A
:0040FE0C
:0040FE0D
:0040FE0E
:0040FE0F
E862020000
33C0
5A
59
59
648910
call 0041006C
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0040FE12 6831FE4000
push 0040FE31
|:0040FE2F(U)
|
:0040FE17 8B45FC
:0040FE1A 8B55F8
:0040FE1D 895028
:0040FE20 8B45FC
:0040FE23 8B55F4
:0040FE26 895024
:0040FE29 C3
ret
:0040FE2A
:0040FE2F
:0040FE31
:0040FE32
:0040FE33
:0040FE34
:0040FE36
:0040FE37
E94934FFFF
EBE6
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
00403278
0040FE17
edi
esi
ebx
esp, ebp
ebp

|:00410692 , :004108BA
|
:0040FE38 53
push ebx
:0040FE39 83C4F0
add esp, FFFFFFF0
:0040FE3C 8BD8
mov ebx, eax
:0040FE3E 8BC3
mov eax, ebx
:0040FE40 E8AB100000
call 00410EF0
:0040FE45 3C05
cmp al, 05
:0040FE47 7510
jne 0040FE59
:0040FE49 8BD4
mov edx, esp
:0040FE4B B90A000000
mov ecx, 0000000A
:0040FE50 8BC3
mov eax, ebx
:0040FE52 E81DF9FFFF
call 0040F774
:0040FE57 EB16
jmp 0040FE6F
|:0040FE47(C)
|
:0040FE59 FF4B10
:0040FE5C 8BC3
:0040FE5E E895010000
:0040FE63 8944240C
:0040FE67 DB44240C
:0040FE6B DB3C24
:0040FE6E 9B

dec [ebx+10]
mov eax, ebx
call 0040FFF8
mov dword ptr [esp+0C], eax
fild dword ptr [esp+0C]
fstp tbyte ptr [esp]
wait

|:0040FE57(U)
|
:0040FE6F DB2C24
fld tbyte ptr [esp]
:0040FE72 83C410
add esp, 00000010
:0040FE75 5B
pop ebx
:0040FE76 C3
ret
:0040FE77 90
nop

|:004106A6
|
:0040FE78 53
push ebx
:0040FE79 83C4F8
add esp, FFFFFFF8
:0040FE7C 8BD8
mov ebx, eax
:0040FE7E 8BC3
mov eax, ebx
:0040FE80 E86B100000
call 00410EF0
:0040FE85 3C0F
cmp al, 0F
:0040FE87 7510
jne 0040FE99
:0040FE89 8BD4
mov edx, esp
:0040FE8B B904000000
mov ecx, 00000004
:0040FE90 8BC3
mov eax, ebx
:0040FE92 E8DDF8FFFF
call 0040F774
:0040FE97 EB16
jmp 0040FEAF
|:0040FE87(C)
|
:0040FE99 FF4B10
:0040FE9C 8BC3
:0040FE9E E855010000
:0040FEA3 89442404
:0040FEA7 DB442404
:0040FEAB D91C24
:0040FEAE 9B

dec [ebx+10]
mov eax, ebx
call 0040FFF8
fild dword ptr [esp+04]
fstp dword ptr [esp]
wait

|:0040FE97(U)
|
:0040FEAF D90424
fld dword ptr [esp]
:0040FEB2 59
pop ecx
:0040FEB3 5A
pop edx
:0040FEB4 5B
pop ebx
:0040FEB5 C3
ret
:0040FEB6 8BC0
mov eax, eax

|:004106BA
|
:0040FEB8 53
push ebx
:0040FEB9 83C4F4
add esp, FFFFFFF4
:0040FEBC 8BD8
mov ebx, eax
:0040FEBE 8BC3
mov eax, ebx
:0040FEC0 E82B100000
call 00410EF0
:0040FEC5 3C10
cmp al, 10
:0040FEC7
:0040FEC9
:0040FECB
:0040FED0
:0040FED2
:0040FED7
7510
8BD4
B908000000
8BC3
E89DF8FFFF
EB1C
|:0040FEC7(C)
|
:0040FED9 FF4B10
:0040FEDC 8BC3
:0040FEDE E815010000
:0040FEE3 89442408
:0040FEE7 DB442408
:0040FEEB D80D00FF4000
:0040FEF1 DF3C24
:0040FEF4 9B
jne 0040FED9
mov edx, esp
mov ecx, 00000008
mov eax, ebx
call 0040F774
jmp 0040FEF5
dec [ebx+10]
mov eax, ebx
call 0040FFF8
fmul dword ptr [0040FF00]
fistp qword ptr [esp]
wait

|:0040FED7(U)
|
:0040FEF5 DF2C24
fild qword ptr [esp]
:0040FEF8 83C40C
add esp, 0000000C
:0040FEFB 5B
pop ebx
:0040FEFC C3
ret
:0040FEFD 00000000
BYTE 4 DUP(0)
:0040FF01 40
:0040FF02 1C46
inc eax
sbb al, 46

|:004106CE
|
:0040FF04 53
push ebx
:0040FF05 83C4F4
add esp, FFFFFFF4
:0040FF08 8BD8
mov ebx, eax
:0040FF0A 8BC3
mov eax, ebx
:0040FF0C E8DF0F0000
call 00410EF0
:0040FF11 3C11
cmp al, 11
:0040FF13 7510
jne 0040FF25
:0040FF15 8BD4
mov edx, esp
:0040FF17 B908000000
mov ecx, 00000008
:0040FF1C 8BC3
mov eax, ebx
:0040FF1E E851F8FFFF
call 0040F774
:0040FF23 EB16
jmp 0040FF3B
|:0040FF13(C)
|
:0040FF25 FF4B10
:0040FF28 8BC3
:0040FF2A E8C9000000
:0040FF2F 89442408
:0040FF33 DB442408
:0040FF37 DD1C24
:0040FF3A 9B

dec [ebx+10]
mov eax, ebx
call 0040FFF8
fstp qword ptr [esp]
wait

|:0040FF23(U)
|
:0040FF3B DD0424
fld qword ptr [esp]
:0040FF3E 83C40C
add esp, 0000000C
:0040FF41 5B
pop ebx
:0040FF42 C3
ret
:0040FF43 90
nop

|:00410842 , :00410896 , :00410965 , :004109A7
|
:0040FF44 53
push ebx
:0040FF45 56
push esi
:0040FF46 51
push ecx
:0040FF47 8BF2
mov esi, edx
:0040FF49 8BD8
mov ebx, eax
:0040FF4B 8BC3
mov eax, ebx
:0040FF4D E89E0F0000
call 00410EF0
:0040FF52 2C07
sub al, 07
:0040FF54 740E
je 0040FF64
:0040FF56 FEC8
dec al
:0040FF58 743D
je 0040FF97
:0040FF5A FEC8
dec al
:0040FF5C 7447
je 0040FFA5
:0040FF5E 2C04
sub al, 04
:0040FF60 7451
je 0040FFB3
:0040FF62 EB5D
jmp 0040FFC1
|:0040FF54(C)
|
:0040FF64 8BD4
:0040FF66 B901000000
:0040FF6B 8BC3
:0040FF6D E802F8FFFF
:0040FF72 33C9
:0040FF74 8A0C24
:0040FF77 8BC6
:0040FF79 33D2
:0040FF7B E81C39FFFF
:0040FF80 8BC6
:0040FF82 E87D3CFFFF
:0040FF87 8BD0
:0040FF89 33C9
:0040FF8B 8A0C24
:0040FF8E 8BC3
:0040FF90 E8DFF7FFFF
:0040FF95 EB2F

mov edx, esp
mov ecx, 00000001
mov eax, ebx
call 0040F774
xor ecx, ecx
mov cl, byte ptr [esp]
mov eax, esi
xor edx, edx
call 0040389C
mov eax, esi
call 00403C04
mov edx, eax
xor ecx, ecx
mov eax, ebx
call 0040F774
jmp 0040FFC6

|:0040FF58(C)
|
:0040FF97 8BC6
mov eax, esi
* Possible StringData Ref from Code Obj ->"False"
|
:0040FF99 BAD4FF4000
:0040FF9E E8AD38FFFF
:0040FFA3 EB21
mov edx, 0040FFD4

call 00403850
jmp 0040FFC6

|:0040FF5C(C)
|
:0040FFA5 8BC6
mov eax, esi
* Possible StringData Ref from Code Obj ->"True"
|
:0040FFA7 BAE4FF4000
mov edx, 0040FFE4
:0040FFAC E89F38FFFF
call 00403850
:0040FFB1 EB13
jmp 0040FFC6
|:0040FF60(C)
|
:0040FFB3 8BC6
mov eax, esi
* Possible StringData Ref from Code Obj ->"nil"
|
:0040FFB5 BAF4FF4000
mov edx, 0040FFF4
:0040FFBA E89138FFFF
call 00403850
:0040FFBF EB05
jmp 0040FFC6
|:0040FF62(U)
|
:0040FFC1 E86AF3FFFF
call 0040F330
|:0040FF95(U), :0040FFA3(U), :0040FFB1(U), :0040FFBF(U)
|
:0040FFC6 5A
pop edx
:0040FFC7 5E
pop esi
:0040FFC8 5B
pop ebx
:0040FFC9 C3
ret
:0040FFCA 0000
BYTE 2 DUP(0)
:0040FFCC FFFFFFFF
BYTE 4 DUP(0ffh)
:0040FFD0
:0040FFD5
:0040FFD6
:0040FFD7
:0040FFD9
add eax, 46000000

popad
insb
jnb 0041003E
BYTE 3 DUP(0)
0500000046
61
6C
7365
000000
:0040FFDC FFFFFFFF
BYTE 4 DUP(0ffh)
:0040FFE0
:0040FFE2
:0040FFE4
:0040FFE5
add al, 00
push esp
jb 0041005C
0400
0000
54
7275
:0040FFE7 65
BYTE 065h
:0040FFE8 00000000
BYTE 4 DUP(0)
:0040FFEC FFFFFFFF
BYTE 4 DUP(0ffh)
:0040FFF0
:0040FFF2
:0040FFF4
:0040FFF5
:0040FFF6
:0040FFF7

outsb
BYTE 69h
BYTE 6ch
BYTE 00h
0300
0000
6E
69
6C
00
|:0040F915 , :0040FE5E
|:004100A3 , :00410658
|:004115E4 , :004115F8
|
:0040FFF8 53
:0040FFF9 83C4F8
:0040FFFC 8BD8
:0040FFFE 8BC3
:00410000 E8EB0E0000
:00410005 2C02
:00410007 740A
:00410009 FEC8
:0041000B 7420
:0041000D FEC8
:0041000F 7436
:00410011 EB44
Addresses:
, :0040FE9E
, :0041066B
, :00438930
, :0040FEDE
, :0041067F
, :0040FF2A
, :0041085D
push ebx
add esp, FFFFFFF8
mov ebx, eax
mov eax, ebx
call 00410EF0
sub al, 02
je 00410013
dec al
je 0041002D
dec al
je 00410047
jmp 00410057
|:00410007(C)
|
:00410013 8D542404
:00410017 B901000000
:0041001C 8BC3
:0041001E E851F7FFFF
:00410023 0FBE442404
:00410028 890424
:0041002B EB2F
|:0041000B(C)
|
:0041002D 8D542406
:00410031 B902000000
:00410036 8BC3
:00410038 E837F7FFFF
:0041003D 0FBF442406
:00410042 890424
:00410045 EB15

mov ecx, 00000001
mov eax, ebx
call 0040F774
movsx eax, byte ptr [esp+04]
jmp 0041005C

mov ecx, 00000002
mov eax, ebx
call 0040F774
movsx eax, word ptr [esp+06]
jmp 0041005C

|:0041000F(C)
|
:00410047
:00410049
:0041004E
:00410050
:00410055
8BD4
B904000000
8BC3
E81FF7FFFF
EB05
mov edx, esp

mov ecx, 00000004
mov eax, ebx
call 0040F774
jmp 0041005C

|:00410011(U)
|
:00410057 E8D4F2FFFF
call 0040F330
|:0040FFE5(C), :0041002B(U), :00410045(U), :00410055(U)
|
:0041005C 8B0424
:0041005F 59
pop ecx
:00410060 5A
pop edx
:00410061 5B
pop ebx
:00410062 C3
ret
:00410063 90
nop

|:0040DC7A , :0040F926
|
:00410064 B201
mov dl, 01
:00410066 E8A9F3FFFF
call 0040F414
:0041006B C3
ret

|:0040DCE1 , :0040F943 , :0040F955 , :0040FD91
|:00410F6C , :00411035 , :00411047 , :004111F0
|
:0041006C 33D2
xor edx, edx
:0041006E E8A1F3FFFF
call 0040F414
:00410073 C3
ret
:00410074
:00410075
:00410076
:00410077
:00410079
:0041007B
:0041007D
:00410082
:00410084
:00410086
:0041008B
:0041008D
:0041008F
:00410091
:00410093
:00410098
:0041009A
:0041009C
:0041009F
53
56
57
8BF9
8BF2
8BD8
A0B0004100
8806
8BC3
E8CDF6FFFF
24F0
3CF0
7519
8BC3
E8580E0000
240F
8806
F60602
7409
, :0040FE05
, :0041120D
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov eax, ebx
call 0040F758
and al, F0
cmp al, F0
jne 004100AA
mov eax, ebx
call 00410EF0
and al, 0F
test byte ptr [esi], 02
je 004100AA
:004100A1 8BC3
:004100A3 E850FFFFFF
:004100A8 8907
mov eax, ebx

call 0040FFF8
|:0041008F(C), :0041009F(C)
|
:004100AA 5F
:004100AB 5E
:004100AC 5B
:004100AD C3
:004100AE 000000000000
BYTE 6 DUP(0)
pop edi
pop esi
pop ebx
ret

|:0041038C
|
:004100B4 55
push ebp
:004100B5 8BEC
mov ebp, esp
:004100B7 81C4D8FEFFFF
add esp, FFFFFED8
:004100BD 53
push ebx
:004100BE 33D2
xor edx, edx
:004100C0 8995D8FEFFFF
mov dword ptr [ebp+FFFFFED8], edx
:004100C6 8955FC
:004100C9 8BD8
mov ebx, eax
:004100CB 33C0
xor eax, eax
:004100CD 55
push ebp
:004100CE 68C6014100
push 004101C6
:004100D3 64FF30
:004100D6 648920
:004100D9 8D45FC
:004100DC E8D736FFFF
call 004037B8
:004100E1 8B4508
:004100E4 8B40FC
:004100E7 8B15A8BE4000
mov edx, dword ptr [0040BEA8]
:004100ED E89E2CFFFF
call 00402D90
:004100F2 84C0
test al, al
:004100F4 7411
je 00410107
:004100F6 8D45FC
:004100F9 8B5508
:004100FC 8B52FC
:004100FF 8B5208
:00410102 E84937FFFF
call 00403850
|:004100F4(C)
|
:00410107 837DFC00
:0041010B 7521
:0041010D 8D95FCFEFFFF
:00410113 8B4508
:00410116 8B40FC
:00410119 8B00
:0041011B E84C2AFFFF
:00410120 8D95FCFEFFFF
:00410126 8D45FC
:00410129 E8AA38FFFF

jne 0041012E
call 00402B6C
call 004039D8
|:0041010B(C)
|
:0041012E 8B45FC
:00410131 8985DCFEFFFF
:00410137 C685E0FEFFFF0B

mov dword ptr [ebp+FFFFFEDC], eax
mov byte ptr [ebp+FFFFFEE0], 0B
* Possible StringData Ref from Data Obj ->"H"

|
:0041013E A1402B4400
:00410143 8B00
:00410145 8985E4FEFFFF
mov dword ptr [ebp+FFFFFEE4], eax
:0041014B C685E8FEFFFF0B
mov byte ptr [ebp+FFFFFEE8], 0B
:00410152 8B4508
:00410155 8B40F8
:00410158 8985ECFEFFFF
mov dword ptr [ebp+FFFFFEEC], eax
:0041015E C685F0FEFFFF0B
:00410165 8B4304
:00410168 8985F4FEFFFF
:0041016E C685F8FEFFFF0B
:00410175 8D85DCFEFFFF
lea eax, dword ptr [ebp+FFFFFEDC]
:0041017B 50
push eax
:0041017C 6A03
push 00000003
:0041017E 8D95D8FEFFFF
lea edx, dword ptr [ebp+FFFFFED8]
:00410184 A1F02C4400
mov eax, dword ptr [00442CF0]
:00410189 E8964CFFFF
call 00404E24
:0041018E 8B8DD8FEFFFF
mov ecx, dword ptr [ebp+FFFFFED8]
:00410194 B201
mov dl, 01
:00410196 A1C4B14000
:0041019B E80887FFFF
call 004088A8
:004101A0 E80B31FFFF
call 004032B0
:004101A5 33C0
xor eax, eax
:004101A7 5A
pop edx
:004101A8 59
pop ecx
:004101A9 59
pop ecx
:004101AA 648910
:004101AD 68CD014100
push 004101CD
|:004101CB(U)
|
:004101B2 8D85D8FEFFFF
:004101B8 E8FB35FFFF
:004101BD 8D45FC
:004101C0 E8F335FFFF
:004101C5 C3
:004101C6
:004101CB
:004101CD
:004101CE
:004101D0
:004101D1
jmp
jmp
pop
mov
pop
ret
E9AD30FFFF
EBE5
5B
8BE5
5D
C3
lea eax, dword ptr [ebp+FFFFFED8]

call 004037B8
call 004037B8
ret
:004101D2 8BC0
00403278
004101B2
ebx
esp, ebp
ebp
mov eax, eax
|:0041030A
|
:004101D4 55
:004101D5 8BEC
:004101D7 6A00
:004101D9 33C0
:004101DB 55
:004101DC 681D024100
:004101E1 64FF30
:004101E4 648920
:004101E7 8B4508
:004101EA 8B40F4
:004101ED E85E0E0000
:004101F2 8D55FC
:004101F5 A1C02C4400
:004101FA E8254CFFFF
:004101FF 8B45FC
:00410202 E811F1FFFF
:00410207 33C0
:00410209 5A
:0041020A 59
:0041020B 59
:0041020C 648910
:0041020F 6824024100
push ebp
mov ebp, esp
push 00000000
xor eax, eax
push ebp
push 0041021D
call 00411050
mov eax, dword ptr [00442CC0]
call 00404E24
call 0040F318
xor eax, eax
pop edx
pop ecx
pop ecx
push 00410224
|:00410222(U)
|
:00410214 8D45FC
:00410217 E89C35FFFF
:0041021C C3
:0041021D
:00410222
:00410224
:00410225
:00410226
jmp
jmp
pop
pop
ret
E95630FFFF
EBF0
59
5D
C3
:00410227 90

call 004037B8
ret
00403278
00410214
ecx
ebp
nop

|:0040F931 , :0040FD7D
|
:00410228 55
push ebp
:00410229 8BEC
mov ebp, esp
:0041022B 83C4EC
add esp, FFFFFFEC
:0041022E 53
push ebx
:0041022F 56
push esi
:00410230 57
push edi
:00410231 33C9
xor ecx, ecx
:00410233 894DF8
:00410236 8955FC
:00410239 8945F4
:0041023C 33C0
xor eax, eax
:0041023E 55
push ebp
:0041023F 68EC034100
push 004103EC
:00410244 64FF30
:00410247 648920
mov dword ptr fs:[eax],
ecx
edx
eax
esp
:0041024A
:0041024C
:0041024D
:00410252
:00410255
:00410258
:0041025B
:0041025E
:00410263
:00410265
:00410266
:0041026B
:0041026E
:00410271
:00410276
:00410279
:0041027E
:00410280
:00410283
:00410286
:00410289
33D2
55
68A1034100
64FF32
648922
8D55F8
8B45F4
E8A90B0000
33D2
55
687A034100
64FF32
648922
BB01000000
8B45F8
E8B637FFFF
8BF0
8B45FC
8945F0
8B45F4
C6405C01
xor edx, edx

push ebp
push 004103A1
call 00410E0C
xor edx, edx
push ebp
push 0041037A
mov ebx, 00000001
call 00403A34
mov esi, eax
mov [eax+5C], 01

|:00410317(U)
|
:0041028D 8BFB
mov edi, ebx
:0041028F EB01
jmp 00410292
|:0041029E(C)
|
:00410291 43
inc ebx
|:0041028F(U)
|
:00410292 3BF3
:00410294 7C0A
:00410296 8B45F8
:00410299 807C18FF2E
:0041029E 75F1
|:00410294(C)
|
:004102A0 8B45F4
:004102A3 83C060
:004102A6 50
:004102A7 8BCB
:004102A9 2BCF
:004102AB 8BD7
:004102AD 8B45F8
:004102B0 E88339FFFF
:004102B5 3BF3
:004102B7 7C63
:004102B9 8B45F0
:004102BC 8B00
:004102BE E8612BFFFF
:004102C3 8B55F4
:004102C6 8B5260
cmp esi, ebx

jl 004102A0
cmp byte ptr [eax+ebx-01], 2E
jne 00410291
mov eax, dword ptr

add eax, 00000060
push eax
mov ecx, ebx
sub ecx, edi
mov edx, edi
mov eax, dword ptr
call 00403C38
cmp esi, ebx
jl 0041031C
mov eax, dword ptr
mov eax, dword ptr
call 00402E24
mov edx, dword ptr
mov edx, dword ptr
[ebp-0C]
[ebp-08]
[ebp-10]
[eax]
[ebp-0C]
[edx+60]
:004102C9
:004102CE
:004102D0
:004102D2
:004102D4
:004102D7
E8D6A7FFFF
8BF8
85FF
7508
8B45F4
E88CF4FFFF
call 0040AAA4
mov edi, eax
test edi, edi
jne 004102DC
call 0040F768
|:004102D2(C)
|
:004102DC 33C0
:004102DE 8945EC
:004102E1 8B07
:004102E3 8B00
:004102E5 803807
:004102E8 750D
:004102EA 8BD7
:004102EC 8B45F0
:004102EF E81CA8FFFF
:004102F4 8945EC
|:004102E8(C)
|
:004102F7 8B45EC
:004102FA 8B1564B64000
:00410300 E88B2AFFFF
:00410305 84C0
:00410307 7507
:00410309 55
:0041030A E8C5FEFFFF
:0041030F 59
|:00410307(C)
|
:00410310 8B45EC
:00410313 8945F0
:00410316 43
:00410317 E971FFFFFF
|:004102B7(C)
|
:0041031C 8B45F0
:0041031F 8B00
:00410321 E8FE2AFFFF
:00410326 8B55F4
:00410329 8B5260
:0041032C E873A7FFFF
:00410331 8BF8
:00410333 85FF
:00410335 740F
:00410337 8BCF
:00410339 8B55F0
:0041033C 8B45F4
:0041033F E85C040000
:00410344 EB2A
xor eax, eax

jne 004102F7
mov edx, edi
call 0040AB10

call 00402D90
test al, al
jne 00410310
push ebp
call 004101D4
pop ecx
mov
mov
inc
jmp

ebx
0041028D
mov eax, dword

mov eax, dword
call 00402E24
mov edx, dword
mov edx, dword
call 0040AAA4
mov edi, eax
test edi, edi
je 00410346
mov ecx, edi
mov edx, dword
mov eax, dword
call 004107A0
jmp 00410370
ptr [ebp-10]
ptr [eax]
ptr [ebp-0C]
ptr [edx+60]
ptr [ebp-10]
ptr [ebp-0C]
|:00410335(C)
|
:00410346 8B45F4
:00410349 C6405C00
:0041034D 8B55F4
:00410350 8B45F0
:00410353 8B08
:00410355 FF5104
:00410358 8B45F4
:0041035B C6405C01
:0041035F 8B45F4
:00410362 83786000
:00410366 7408
:00410368 8B45F4
:0041036B E8F8F3FFFF

mov [eax+5C], 00
call [ecx+04]
mov [eax+5C], 01
je 00410370
call 0040F768
|:00410344(U), :00410366(C)
|
:00410370 33C0
:00410372 5A
:00410373 59
:00410374 59
:00410375 648910
:00410378 EB1D
:0041037A E9C12DFFFF
:0041037F 0100
:00410381 0000
:00410383 846940
:00410386 008B03410055
:0041038C E823FDFFFF
:00410391 59
:00410392 E8892FFFFF
|:00410378(U)
|
:00410397 33C0
:00410399 5A
:0041039A 59
:0041039B 59
:0041039C 648910
:0041039F EB35
:004103A1 E99A2DFFFF
:004103A6 0100
:004103A8 0000
:004103AA 846940
:004103AD 00B203410089
:004103B3 C3
:004103B4
:004103B7
:004103BB
:004103BD
:004103C0
:004103C3
:004103C5
:004103C8
:004103CA

je 004103CC
call [ecx+0C]
test al, al
jne 004103D1
8B45F4
80785C00
740F
8B5304
8B45F4
8B08
FF510C
84C0
7505
xor eax, eax

pop edx
pop ecx
pop ecx
jmp 00410397
jmp 00403140
test byte ptr [ecx+40], ch
add byte ptr [ebx+55004103], cl
call 004100B4
pop ecx
call 00403320
xor eax, eax

pop edx
pop ecx
pop ecx
jmp 004103D6
jmp 00403140
add byte ptr [edx+89004103], dh
ret

|:004103BB(C)
|
:004103CC E8FB2EFFFF
call 004032CC
|:004103CA(C)
|
:004103D1 E84A2FFFFF
call 00403320
|:0041039F(U)
|
:004103D6 33C0
xor eax, eax
:004103D8 5A
pop edx
:004103D9 59
pop ecx
:004103DA 59
pop ecx
:004103DB 648910
|
:004103DE 68F3034100
push 004103F3
|:004103F1(U)
|
:004103E3 8D45F8
:004103E6 E8CD33FFFF
:004103EB C3
:004103EC
:004103F1
:004103F3
:004103F4
:004103F5
:004103F6
:004103F8
:004103F9
jmp
jmp
pop
pop
pop
mov
pop
ret
E9872EFFFF
EBF0
5F
5E
5B
8BE5
5D
C3
:004103FA 8BC0

call 004037B8
ret
00403278
004103E3
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:00410850
|
:004103FC 55
push ebp
:004103FD 8BEC
mov ebp, esp
:004103FF 83C4E8
add esp, FFFFFFE8
:00410402 53
push ebx
:00410403 56
push esi
:00410404 57
push edi
:00410405 894DF4
:00410408 8955F8
:0041040B 8945FC
:0041040E C645EF00
mov [ebp-11], 00
:00410412 33C0
xor eax, eax
:00410414 8945F0
:00410417 A124364400
:0041041C
:00410421
:00410424
:00410426
:00410427
:0041042C
:0041042F
:00410432
:00410435
:00410438
:00410439
:0041043B
:0041043D
:0041043E
E873CBFFFF
8945E8
33C0
55
6887044100
64FF30
648920
8B45E8
8B7008
4E
85F6
7C32
46
33FF
call 0040CF94
xor eax, eax
push ebp
push 00410487
dec esi
test esi, esi
jl 0041046F
inc esi
xor edi, edi
|:0041046D(C)
|
:00410440 8BD7
:00410442 8B45E8
:00410445 E82EC7FFFF
:0041044A 8BD8
:0041044C 8B45F8
:0041044F 8B00
:00410451 8B00
:00410453 3B4304
:00410456 7513
:00410458 8D55F0
:0041045B 8B45F4
:0041045E FF5308
:00410461 84C0
:00410463 7406
:00410465 C645EF01
:00410469 EB04
|:00410456(C), :00410463(C)
|
:0041046B 47
:0041046C 4E
:0041046D 75D1
|:0041043B(C), :00410469(U)
|
:0041046F 33C0
:00410471 5A
:00410472 59
:00410473 59
:00410474 648910
:00410477 688E044100
|:0041048C(U)
|
:0041047C A124364400
:00410481 E872CBFFFF
:00410486 C3
mov edx, edi

mov eax, dword ptr
call 0040CB78
mov ebx, eax
mov eax, dword ptr
mov eax, dword ptr
mov eax, dword ptr
cmp eax, dword ptr
jne 0041046B
lea edx, dword ptr
mov eax, dword ptr
call [ebx+08]
test al, al
je 0041046B
mov [ebp-11], 01
jmp 0041046F
[ebp-18]
[ebp-08]
[eax]
[eax]
[ebx+04]
[ebp-10]
[ebp-0C]
inc edi
dec esi
jne 00410440
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041048E

call 0040CFF8
ret
:00410487
:0041048C
:0041048E
:00410492
:00410494
:00410497
:0041049A
:0041049D
:004104A2
E9EC2DFFFF
EBEE
807DEF00
7410
8B4DF0
8B55F8
8B45FC
E8E2A6FFFF
EB05
jmp 00403278
jmp 0041047C
je 004104A4
call 0040AB84
jmp 004104A9

|:00410492(C)
|
:004104A4 E887EEFFFF
call 0040F330
|:004104A2(U)
|
:004104A9 5F
pop edi
:004104AA 5E
pop esi
:004104AB 5B
pop ebx
:004104AC 8BE5
mov esp, ebp
:004104AE 5D
pop ebp
:004104AF C3
ret

|:00410973
|
:004104B0 55
push ebp
:004104B1 8BEC
mov ebp, esp
:004104B3 6A00
push 00000000
:004104B5 6A00
push 00000000
:004104B7 6A00
push 00000000
:004104B9 53
push ebx
:004104BA 56
push esi
:004104BB 57
push edi
:004104BC 8BD9
mov ebx, ecx
:004104BE 8955FC
:004104C1 8BF8
mov edi, eax
:004104C3 33C0
xor eax, eax
:004104C5 55
push ebp
:004104C6 6880054100
push 00410580
:004104CB 64FF30
:004104CE 648920
:004104D1 8D45F8
:004104D4 E8DF32FFFF
call 004037B8
:004104D9 8D45F4
:004104DC 8BD3
mov edx, ebx
:004104DE E86D33FFFF
call 00403850
:004104E3 8BD3
mov edx, ebx
:004104E5 B898054100
mov eax, 00410598
:004104EA E8D137FFFF
call 00403CC0
:004104EF 8BF0
mov esi, eax
:004104F1 85F6
test esi, esi
:004104F3 7426
je 0041051B
:004104F5 8D45F8
:004104F8 50
push eax
:004104F9 8BCE
mov ecx, esi
:004104FB
:004104FC
:00410501
:00410503
:00410508
:0041050B
:0041050C
:0041050F
:00410514
:00410516
49
BA01000000
8BC3
E83037FFFF
8D45F4
50
8D5601
B9FFFFFF7F
8BC3
E81D37FFFF
dec ecx
mov edx, 00000001
mov eax, ebx
call 00403C38
push eax
mov ecx, 7FFFFFFF
mov eax, ebx
call 00403C38
|:004104F3(C)
|
:0041051B 8B4508
:0041051E 8B40FC
:00410521 8B4018
:00410524 50
:00410525 8B45FC
:00410528 50
:00410529 8B45F8
:0041052C 50
:0041052D 8B45F4
:00410530 50
:00410531 8BCF
:00410533 B201
:00410535 A1ACEE4000
:0041053A E8E1E9FFFF
:0041053F 8BD8
:00410541 837DF800
:00410545 7512
:00410547 8B4508
:0041054A 8B40FC
:0041054D 8B402C
:00410550 8BD3
:00410552 E809C5FFFF
:00410557 EB0C
|:00410545(C)
|
:00410559 8BD3
:0041055B A128364400
:00410560 E8CFC9FFFF

push eax
push eax
push eax
push eax
mov ecx, edi
mov dl, 01
mov eax, dword ptr [0040EEAC]
call 0040EF20
mov ebx, eax
jne 00410559
mov edx, ebx
call 0040CA60
jmp 00410565
mov edx, ebx

call 0040CF34

|:00410557(U)
|
:00410565 33C0
xor eax, eax
:00410567 5A
pop edx
:00410568 59
pop ecx
:00410569 59
pop ecx
:0041056A 648910
|
:0041056D 6887054100
push 00410587
|:00410585(U)
|
:00410572
:00410575
:0041057A
:0041057F
8D45F4
BA02000000
E85D32FFFF
C3

mov edx, 00000002
call 004037DC
ret
:00410580
:00410585
:00410587
:00410588
:00410589
:0041058A
:0041058C
:0041058D
E9F32CFFFF
EBEB
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
00403278
00410572
edi
esi
ebx
esp, ebp
ebp
:0041058E 0000
BYTE 2 DUP(0)
:00410590 FFFFFFFF
BYTE 4 DUP(0ffh)
:00410594 0100
:00410596 0000
:00410598 2E

BYTE 02eh
:00410599 000000
BYTE 3 DUP(0)

|:004109E0
|
:0041059C 55
push ebp
:0041059D 8BEC
mov ebp, esp
:0041059F 33C9
xor ecx, ecx
:004105A1 51
push ecx
:004105A2 51
push ecx
:004105A3 51
push ecx
:004105A4 51
push ecx
:004105A5 51
push ecx
:004105A6 51
push ecx
:004105A7 53
push ebx
:004105A8 33C0
xor eax, eax
:004105AA 55
push ebp
:004105AB 6894074100
push 00410794
:004105B0 64FF30
:004105B3 648920
:004105B6 8B4508
:004105B9 8B40FC
:004105BC E897F1FFFF
call 0040F758
:004105C1 8BD8
mov ebx, eax
:004105C3 33C0
xor eax, eax
:004105C5 8AC3
mov al, bl
:004105C7 83F812
cmp eax, 00000012
:004105CA 0F8759010000
ja 00410729
:004105D0 FF2485D7054100
jmp dword ptr [4*eax+004105D7]
:004105D7
:004105DB
:004105DF
:004105E3
:004105E7
:004105EB
:004105EF
:004105F3
:004105F7
:004105FB
:004105FF
:00410603
:00410607
:0041060B
:0041060F
:00410613
:00410617
:0041061B
:0041061F
23064100
29074100
52064100
65064100
79064100
8C064100
D9064100
29074100
0F074100
0F074100
29074100
29074100
D9064100
23064100
29074100
A0064100
B4064100
C8064100
F4064100
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00410623
:00410626
:00410629
:0041062E
:00410630
:00410632
:00410635
:0041063A
8B4508
8B40FC
E8C2080000
3C0D
750D
8D45F0
E8263EFFFF
E90B010000

call 00410EF0
cmp al, 0D
jne 0041063F
call 00404460
jmp 0041074A
|:00410630(C)
|
:0041063F 8D45F0
:00410642 8B15542A4400
:00410648 E8573EFFFF
:0041064D E9F8000000
:00410652 8B4508
:00410655 8B40FC
:00410658 E89BF9FFFF
:0041065D 8845F8
:00410660 E9E5000000
:00410665 8B4508
:00410668 8B40FC
:0041066B E888F9FFFF
:00410670 668945F8
:00410674 E9D1000000
:00410679 8B4508
:0041067C 8B40FC
:0041067F E874F9FFFF
:00410684 8945F8
:00410687 E9BE000000
:0041068C 8B4508
:0041068F 8B40FC
:00410692 E8A1F7FFFF
:00410697 DD5DF8
:0041069A 9B
:0041069B E9AA000000
:004106A0 8B4508
:004106A3 8B40FC
00410623
00410729
00410652
00410665
00410679
0041068C
004106D9
00410729
0041070F
0041070F
00410729
00410729
004106D9
00410623
00410729
004106A0
004106B4
004106C8
004106F4

mov edx, dword ptr [00442A54]
call 004044A4
jmp 0041074A
call 0040FFF8
jmp 0041074A
call 0040FFF8
mov word ptr [ebp-08], ax
jmp 0041074A
call 0040FFF8
jmp 0041074A
call 0040FE38
fstp qword ptr [ebp-08]
wait
jmp 0041074A
:004106A6
:004106AB
:004106AE
:004106AF
:004106B4
:004106B7
:004106BA
:004106BF
:004106C2
:004106C3
:004106C8
:004106CB
:004106CE
:004106D3
:004106D6
:004106D7
:004106D9
:004106DC
:004106DF
:004106E2
:004106E7
:004106EA
:004106ED
:004106F2
:004106F4
:004106F7
:004106FA
:004106FD
:00410702
:00410705
:00410708
:0041070D
:0041070F
:00410712
:00410715
:0041071A
:0041071C
:0041071F
:00410721
:00410723
:00410727
E8CDF7FFFF
D95DF8
9B
E996000000
8B4508
8B40FC
E8F9F7FFFF
DF7DF8
9B
E982000000
8B4508
8B40FC
E831F8FFFF
DD5DF8
9B
EB71
8D55EC
8B4508
8B40FC
E861070000
8B55EC
8D45F0
E8BE40FFFF
EB56
8D55E8
8B4508
8B40FC
E8A6070000
8B55E8
8D45F0
E8E340FFFF
EB3B
8B4508
8B40FC
E8D6070000
3C09
0F94C0
F6D8
1BC0
668945F8
EB21
|:004105CA(C)
|
:00410729 8D55EC
:0041072C A1E42C4400
:00410731 E8EE46FFFF
:00410736 8B4DEC
:00410739 B201
:0041073B A1C4B14000
:00410740 E82781FFFF
:00410745 E8662BFFFF
call 0040FE78
fstp dword ptr [ebp-08]
wait
jmp 0041074A
call 0040FEB8
fistp qword ptr [ebp-08]
wait
jmp 0041074A
call 0040FF04
fstp qword ptr [ebp-08]
wait
jmp 0041074A
call 00410E48
call 004047B0
jmp 0041074A
call 00410EA8
call 004047F0
jmp 0041074A
call 00410EF0
cmp al, 09
sete al
neg al
sbb eax, eax
jmp 0041074A
lea edx, dword
mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-14]
ptr [00442CE4]
ptr [ebp-14]
ptr [0040B1C4]

|:0041063A(U), :0041064D(U), :00410660(U), :00410674(U), :00410687(U)
|:0041069B(U), :004106AF(U), :004106C3(U), :004106D7(U), :004106F2(U)
|:0041070D(U), :00410727(U)
|
:0041074A 33C0
xor eax, eax
:0041074C
:0041074E
:00410756
:0041075A
:0041075D
:00410760
:00410763
:00410766
:00410769
:0041076E
:00410770
:00410771
:00410772
:00410773
:00410776
8AC3
668B0485B8224400
668945F0
8D4DF0
8B4508
8B50F4
8B4508
8B40F8
E8D2A6FFFF
33C0
5A
59
59
648910
689B074100
mov al, bl
mov ax, word ptr [4*eax+004422B8]
mov edx, dword ptr [eax-0C]
call 0040AE40
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041079B
|:00410799(U)
|
:0041077B 8D45E8
:0041077E E80136FFFF
:00410783 8D45EC
:00410786 E82D30FFFF
:0041078B 8D45F0
:0041078E E89140FFFF
:00410793 C3
:00410794
:00410799
:0041079B
:0041079C
:0041079E
:0041079F
jmp
jmp
pop
mov
pop
ret
E9DF2AFFFF
EBE0
5B
8BE5
5D
C3

call 00403D84
call 004037B8
call 00404824
ret
00403278
0041077B
ebx
esp, ebp
ebp

|:0041033F
|
:004107A0 55
push ebp
:004107A1 8BEC
mov ebp, esp
:004107A3 83C4E8
add esp, FFFFFFE8
:004107A6 53
push ebx
:004107A7 33DB
xor ebx, ebx
:004107A9 895DE8
:004107AC 894DF4
:004107AF 8955F8
:004107B2 8945FC
:004107B5 33C0
xor eax, eax
:004107B7 55
push ebp
:004107B8 68FC094100
push 004109FC
:004107BD 64FF30
:004107C0 648920
:004107C3 8B45F4
:004107C6 83780800
:004107CA 7515
jne 004107E1
:004107CC 8D55E8
:004107CF A1602C4400
:004107D4 E84B46FFFF
call 00404E24
:004107D9 8B45E8
:004107DC E837EBFFFF

call 0040F318
|:004107CA(C)
|
:004107E1 8B45F4
:004107E4 8B00
:004107E6 8B18
:004107E8 33C0
:004107EA 8A03
:004107EC 83F80C
:004107EF 0F87F1010000
:004107F5 FF2485FC074100
:004107FC
:00410800
:00410804
:00410808
:0041080C
:00410810
:00410814
:00410818
:0041081C
:00410820
:00410824
:00410828
:0041082C
E6094100
30084100
74084100
90084100
B7084100
D6084100
F4084100
10094100
7B094100
E6094100
D6084100
D6084100
DF094100
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00410830
:00410833
:00410838
:0041083A
:0041083C
:0041083F
:00410842
:00410847
:0041084A
:0041084D
:00410850
:00410855
8B45FC
E820EFFFFF
3C07
751E
8D55E8
8B45FC
E8FDF6FFFF
8B4DE8
8B55F4
8B45F8
E8A7FBFFFF
E98C010000
mov eax, dword

call 0040F758
cmp al, 07
jne 0041085A
lea edx, dword
mov eax, dword
call 0040FF44
mov ecx, dword
mov edx, dword
mov eax, dword
call 004103FC
jmp 004109E6
|:0041083A(C)
|
:0041085A 8B45FC
:0041085D E896F7FFFF
:00410862 8BC8
:00410864 8B55F4
:00410867 8B45F8
:0041086A E815A3FFFF
:0041086F E972010000
:00410874 8B45FC
:00410877 E8D0EFFFFF
:0041087C 33C9
:0041087E 8AC8
:00410880 8B55F4
:00410883 8B45F8
:00410886 E8F9A2FFFF

xor eax, eax
cmp eax, 0000000C
ja 004109E6
jmp dword ptr [4*eax+004107FC]
004109E6
00410830
00410874
00410890
004108B7
004108D6
004108F4
00410910
0041097B
004109E6
004108D6
004108D6
004109DF
ptr [ebp-04]
ptr [ebp-18]
ptr [ebp-04]
ptr [ebp-18]
ptr [ebp-0C]
ptr [ebp-08]

mov eax, dword
call 0040FFF8
mov ecx, eax
mov edx, dword
mov eax, dword
call 0040AB84
jmp 004109E6
mov eax, dword
call 0040F84C
xor ecx, ecx
mov cl, al
mov edx, dword
mov eax, dword
call 0040AB84
ptr [ebp-04]
ptr [ebp-0C]
ptr [ebp-08]
ptr [ebp-04]
ptr [ebp-0C]
ptr [ebp-08]
:0041088B
:00410890
:00410893
:00410896
:0041089B
:0041089E
:004108A0
:004108A5
:004108A7
:004108AA
:004108AD
:004108B2
:004108B7
:004108BA
:004108BF
:004108C2
:004108C5
:004108C6
:004108C9
:004108CC
:004108D1
:004108D6
:004108D9
:004108DC
:004108E1
:004108E4
:004108E7
:004108EA
:004108EF
:004108F4
:004108F6
:004108F9
:004108FE
:00410900
:00410903
:00410906
:0041090B
:00410910
:00410913
:00410918
:0041091A
:0041091C
:0041091E
:00410920
E956010000
8D55E8
8B45FC
E8A9F6FFFF
8B55E8
8BC3
E81BEBFFFF
8BC8
8B55F4
8B45F8
E8D2A2FFFF
E92F010000
8B45FC
E879F5FFFF
83C4F4
DB3C24
9B
8B55F4
8B45F8
E8C3A4FFFF
E910010000
8D55E8
8B45FC
E867050000
8B4DE8
8B55F4
8B45F8
E879A4FFFF
E9F2000000
8BD3
8B45FC
E8EA030000
8BC8
8B55F4
8B45F8
E879A2FFFF
E9D6000000
8B45FC
E840EEFFFF
2C0D
7406
FEC8
741C
EB3C
|:0041091A(C)
|
:00410922 8B45FC
:00410925 E8C6050000
:0041092A 33C9
:0041092C 8B55F4
:0041092F 8B45F8
:00410932 E84DA2FFFF
:00410937 E9AA000000
jmp 004109E6
call 0040FF44
mov eax, ebx
call 0040F3C0
mov ecx, eax
call 0040AB84
jmp 004109E6
call 0040FE38
add esp, FFFFFFF4
fstp tbyte ptr [esp]
wait
call 0040AD94
jmp 004109E6
call 00410E48
call 0040AD68
jmp 004109E6
mov edx, ebx
call 00410CE8
mov ecx, eax
call 0040AB84
jmp 004109E6
call 0040F758
sub al, 0D
je 00410922
dec al
je 0041093C
jmp 0041095E
call 00410EF0
xor ecx, ecx
call 0040AB84
jmp 004109E6

|:0041091E(C)
|
:0041093C 8B45FC
:0041093F
:00410944
:00410947
:0041094A
:0041094F
:00410951
:00410954
:00410959
E8AC050000
8B55F4
8B45F8
E8C1A1FFFF
8BD0
8B45FC
E877EFFFFF
E988000000
call 00410EF0
call 0040AB10
mov edx, eax
call 0040F8D0
jmp 004109E6
|:00410920(U)
|
:0041095E 55
:0041095F 8D55E8
:00410962 8B45FC
:00410965 E8DAF5FFFF
:0041096A 8B4DE8
:0041096D 8B55F4
:00410970 8B45F8
:00410973 E838FBFFFF
:00410978 59
:00410979 EB6B
:0041097B 8B45FC
:0041097E E8D5EDFFFF
:00410983 3C0D
:00410985 751A
:00410987 8B45FC
:0041098A E861050000
:0041098F B9B0224400
:00410994 8B55F4
:00410997 8B45F8
:0041099A E8E1A4FFFF
:0041099F EB45
|:00410985(C)
|
:004109A1 8D55E8
:004109A4 8B45FC
:004109A7 E898F5FFFF
:004109AC 8B4DE8
:004109AF 8B45FC
:004109B2 8B5018
:004109B5 8B45FC
:004109B8 8B18
:004109BA FF5310
:004109BD 8945EC
:004109C0 8B45FC
:004109C3 8B4018
:004109C6 8945F0
:004109C9 837DEC00
:004109CD 7417
:004109CF 8D4DEC
:004109D2 8B55F4
:004109D5 8B45F8
:004109D8 E8A3A4FFFF
:004109DD EB07
:004109DF 55
:004109E0 E8B7FBFFFF
:004109E5 59
push ebp
lea edx, dword ptr
mov eax, dword ptr
call 0040FF44
mov ecx, dword ptr
mov edx, dword ptr
mov eax, dword ptr
call 004104B0
pop ecx
jmp 004109E6
mov eax, dword ptr
call 0040F758
cmp al, 0D
jne 004109A1
mov eax, dword ptr
call 00410EF0
mov ecx, 004422B0
mov edx, dword ptr
mov eax, dword ptr
call 0040AE80
jmp 004109E6
[ebp-18]
[ebp-04]
[ebp-18]
[ebp-0C]
[ebp-08]
[ebp-04]
[ebp-04]
[ebp-0C]
[ebp-08]

call 0040FF44
call [ebx+10]
je 004109E6
call 0040AE80
jmp 004109E6
push ebp
call 0041059C
pop ecx

|:004107EF(C), :00410855(U), :0041086F(U), :0041088B(U), :004108B2(U)
|:004108D1(U), :004108EF(U), :0041090B(U), :00410937(U), :00410959(U)
|:00410979(U), :0041099F(U), :004109CD(C), :004109DD(U)
|
:004109E6 33C0
xor eax, eax
:004109E8 5A
pop edx
:004109E9 59
pop ecx
:004109EA 59
pop ecx
:004109EB 648910
:004109EE 68030A4100
push 00410A03
|:00410A01(U)
|
:004109F3 8D45E8
:004109F6 E8BD2DFFFF
:004109FB C3
:004109FC
:00410A01
:00410A03
:00410A04
:00410A06
:00410A07
jmp
jmp
pop
mov
pop
ret
E97728FFFF
EBF0
5B
8BE5
5D
C3

call 004037B8
ret
00403278
004109F3
ebx
esp, ebp
ebp

|:00410B51
|
:00410A08 55
push ebp
:00410A09 8BEC
mov ebp, esp
:00410A0B 83C4F0
add esp, FFFFFFF0
:00410A0E 53
push ebx
:00410A0F 56
push esi
:00410A10 57
push edi
:00410A11 8BDA
mov ebx, edx
:00410A13 8BF8
mov edi, eax
:00410A15 33F6
xor esi, esi
:00410A17 8BC3
mov eax, ebx
:00410A19 E89A2DFFFF
call 004037B8
:00410A1E 833D1436440000
cmp dword ptr [00443614], 00000000
:00410A25 7439
je 00410A60
:00410A27 8BC3
mov eax, ebx
:00410A29 8BD7
mov edx, edi
:00410A2B E8202EFFFF
call 00403850
:00410A30 EB22
jmp 00410A54
|:00410A5E(C)
|
:00410A32 46
:00410A33 53
:00410A34 897DF0
:00410A37 C645F40B
:00410A3B 8975F8
:00410A3E C645FC00

inc esi
push ebx
mov dword ptr
mov [ebp-0C],
mov dword ptr
mov [ebp-04],
[ebp-10], edi
0B
[ebp-08], esi
00
:00410A42 8D55F0
:00410A45 B901000000

mov ecx, 00000001
* Possible StringData Ref from Code Obj ->"%s_%d"

|
:00410A4A B8700A4100
mov eax, 00410A70
:00410A4F E8B075FFFF
call 00408004
|:00410A30(U)
|
:00410A54 8B03
:00410A56 FF1514364400
:00410A5C 85C0
:00410A5E 75D2

test eax, eax
jne 00410A32

|:00410A25(C)
|
:00410A60 5F
pop edi
:00410A61 5E
pop esi
:00410A62 5B
pop ebx
:00410A63 8BE5
mov esp, ebp
:00410A65 5D
pop ebp
:00410A66 C3
ret
:00410A67 00
BYTE 0
:00410A68 FFFFFFFF
BYTE 4 DUP(0ffh)
:00410A6C 0500000025
:00410A71 735F
:00410A73 2564000000
add eax, 25000000

jnb 00410AD2
and eax, 00000064

|:0040E8BA
|
:00410A78 55
push ebp
:00410A79 8BEC
mov ebp, esp
:00410A7B 83C4E4
add esp, FFFFFFE4
:00410A7E 53
push ebx
:00410A7F 56
push esi
:00410A80 57
push edi
:00410A81 33C9
xor ecx, ecx
:00410A83 894DE8
:00410A86 894DE4
:00410A89 8955F8
:00410A8C 8945FC
:00410A8F 33C0
xor eax, eax
:00410A91 55
push ebp
:00410A92 68D70C4100
push 00410CD7
:00410A97 64FF30
:00410A9A 648920
:00410A9D 8B45FC
:00410AA0 E8FF020000
call 00410DA4
:00410AA5 33C0
xor eax, eax
:00410AA7 8945F4
:00410AAA
:00410AAF
:00410AB4
:00410AB6
:00410AB7
:00410ABC
:00410ABF
:00410AC2
:00410AC4
:00410AC5
:00410ACA
:00410ACD
:00410AD0
:00410AD3
:00410AD6
:00410AD9
:00410ADB
:00410ADE
:00410AE2
:00410AE4
:00410AE7
:00410AEA
:00410AEF
:00410AF2
:00410AF7
:00410AF9
:00410AFB
:00410AFE
:00410B01
:00410B04
:00410B07
:00410B0C
:00410B0F
:00410B12
:00410B14
:00410B17
A110364400
E8608EFFFF
33C0
55
68B50C4100
64FF30
648920
33C0
55
68760C4100
64FF30
648920
8D4DF0
8D55EF
8B45FC
8B18
FF5320
837DF800
7535
8D55E8
8B45FC
E81D030000
8B45E8
E819B8FFFF
33C9
B201
FF502C
8945F4
8D55E8
8B45FC
E800030000
8B55E8
8B45F4
8B08
FF5118
EB48

call 00409914
xor eax, eax
push ebp
push 00410CB5
xor eax, eax
push ebp
push 00410C76
call [ebx+20]
jne 00410B19
call 00410E0C
call 0040C310
xor ecx, ecx
mov dl, 01
call [eax+2C]
call 00410E0C
call [ecx+18]
jmp 00410B61
|:00410AE2(C)
|
:00410B19 8B45F8
:00410B1C 8945F4
:00410B1F 8D55E8
:00410B22 8B45FC
:00410B25 E8E2020000
:00410B2A 8B45F4
:00410B2D F6402010
:00410B31 740D
:00410B33 8D55E8
:00410B36 8B45FC
:00410B39 E8CE020000
:00410B3E EB21
|:00410B31(C)
|
:00410B40 8D55E4
:00410B43 8B45FC
:00410B46 E8C1020000
:00410B4B 8B45E4

call 00410E0C
test [eax+20], 10
je 00410B40
call 00410E0C
jmp 00410B61

call 00410E0C
:00410B4E
:00410B51
:00410B56
:00410B59
:00410B5C
:00410B5E
8D55E8
E8B2FEFFFF
8B55E8
8B45F4
8B08
FF5118
lea edx, dword

call 00410A08
mov edx, dword
mov eax, dword
mov ecx, dword
call [ecx+18]
ptr [ebp-18]
ptr [ebp-18]
ptr [ebp-0C]
ptr [eax]
|:00410B17(U), :00410B3E(U)
|
:00410B61 8B45FC
:00410B64 8B55F4
:00410B67 895018
:00410B6A E8A54FFFFF
:00410B6F 83B80800000000
:00410B76 7413
:00410B78 E8974FFFFF
:00410B7D 8B8008000000
:00410B83 8B55FC
:00410B86 894230
:00410B89 EB12
|:00410B76(C)
|
:00410B8B B201
:00410B8D A154B54000
:00410B92 E85920FFFF
:00410B97 8B55FC
:00410B9A 894230
|:00410B89(U)
|
:00410B9D 33C0
:00410B9F 55
:00410BA0 68600C4100
:00410BA5 64FF30
:00410BA8 648920
:00410BAB 8B45FC
:00410BAE 8B5018
:00410BB1 8B45FC
:00410BB4 8B4030
:00410BB7 E8A4BEFFFF
:00410BBC 8B45FC
:00410BBF 8B4018
:00410BC2 8B55FC
:00410BC5 894224
:00410BC8 8B45FC
:00410BCB 8B4018
:00410BCE 80482001
:00410BD2 8B45FC
:00410BD5 8B4018
:00410BD8 80482002
:00410BDC 8B45FC
:00410BDF 8B4018
:00410BE2 8B55FC
:00410BE5 8B08
:00410BE7 FF5114
:00410BEA 8B45FC

call 00405B14
cmp dword ptr [eax+00000008], 00000000
je 00410B8B
call 00405B14
jmp 00410B9D
mov dl, 01
call 00402BF0
xor eax, eax

push ebp
push 00410C60
call 0040CA60
call [ecx+14]
:00410BED
:00410BF0
:00410BF4
:00410BF9
:00410C00
:00410C02
:00410C05
:00410C08
:00410C0B
:00410C0C
:00410C0E
:00410C10
:00410C11
8B4018
806020FD
E81B4FFFFF
83B80800000000
752F
8B45FC
8B4030
8B5808
4B
85DB
7C21
43
C745F000000000

and byte ptr [eax+20], FD
call 00405B14
cmp dword ptr [eax+00000008], 00000000
jne 00410C31
dec ebx
test ebx, ebx
jl 00410C31
inc ebx
mov [ebp-10], 00000000
|:00410C2F(C)
|
:00410C18 8B45FC
:00410C1B 8B4030
:00410C1E 8B55F0
:00410C21 E852BFFFFF
:00410C26 8B10
:00410C28 FF520C
:00410C2B FF45F0
:00410C2E 4B
:00410C2F 75E7
|:00410C00(C), :00410C0E(C)
|
:00410C31 33C0
:00410C33 5A
:00410C34 59
:00410C35 59
:00410C36 648910
:00410C39 68670C4100
|:00410C65(U)
|
:00410C3E E8D14EFFFF
:00410C43 83B80800000000
:00410C4A 750B
:00410C4C 8B45FC
:00410C4F 8B4030
:00410C52 E8C91FFFFF
mov eax, dword

mov eax, dword
mov edx, dword
call 0040CB78
mov edx, dword
call [edx+0C]
inc [ebp-10]
dec ebx
jne 00410C18
ptr [ebp-04]
ptr [eax+30]
ptr [ebp-10]
ptr [eax]
xor eax, eax

pop edx
pop ecx
pop ecx
push 00410C67
call 00405B14
cmp dword ptr [eax+00000008], 00000000
jne 00410C57
call 00402C20

|:00410C4A(C)
|
:00410C57 8B45FC
:00410C5A 33D2
xor edx, edx
:00410C5C 895030
:00410C5F C3
ret
:00410C60
:00410C65
:00410C67
:00410C6C
E91326FFFF
EBD7
E88CE3FFFF
33C0
jmp 00403278
jmp 00410C3E
call 0040EFF8
xor eax, eax
:00410C6E
:00410C6F
:00410C70
:00410C71
:00410C74
:00410C76
:00410C7B
:00410C7D
:00410C80
:00410C85
:00410C89
:00410C8B
:00410C8E
5A
59
59
648910
EB27
E9F523FFFF
33D2
8B45F8
E863E5FFFF
837DF800
7508
8B45F4
E88D1FFFFF
pop edx
pop ecx
pop ecx
jmp 00410C9D
jmp 00403070
xor edx, edx
call 0040F1E8
jne 00410C93
call 00402C20

|:00410C89(C)
|
:00410C93 E83426FFFF
call 004032CC
:00410C98 E88326FFFF
call 00403320
|:00410C74(U)
|
:00410C9D 33C0
:00410C9F 5A
:00410CA0 59
:00410CA1 59
:00410CA2 648910
:00410CA5 68BC0C4100
|:00410CBA(U)
|
:00410CAA A110364400
:00410CAF E8AC8CFFFF
:00410CB4 C3
:00410CB5
:00410CBA
:00410CBC
:00410CBE
:00410CBF
:00410CC0
:00410CC1
:00410CC4
jmp 00403278
jmp 00410CAA
xor eax, eax
pop edx
pop ecx
pop ecx
push 00410CDE
E9BE25FFFF
EBEE
33C0
5A
59
59
648910
68DE0C4100
xor eax, eax

pop edx
pop ecx
pop ecx
push 00410CBC

call 00409960
ret
|:00410CDC(U)
|
:00410CC9 8D45E4
:00410CCC BA02000000
:00410CD1 E8062BFFFF
:00410CD6 C3
:00410CD7
:00410CDC
:00410CDE
:00410CE1
jmp
jmp
mov
pop
E99C25FFFF
EBEB
8B45F4
5F

mov edx, 00000002
call 004037DC
ret
00403278
00410CC9
eax, dword ptr [ebp-0C]
edi
:00410CE2
:00410CE3
:00410CE4
:00410CE6
:00410CE7
5E
5B
8BE5
5D
C3
pop
pop
mov
pop
ret
esi
ebx
esp, ebp
ebp

|:004108F9
|
:00410CE8 55
push ebp
:00410CE9 8BEC
mov ebp, esp
:00410CEB 83C4F8
add esp, FFFFFFF8
:00410CEE 53
push ebx
:00410CEF 56
push esi
:00410CF0 57
push edi
:00410CF1 33C9
xor ecx, ecx
:00410CF3 894DF8
:00410CF6 8BDA
mov ebx, edx
:00410CF8 8945FC
:00410CFB 33C0
xor eax, eax
:00410CFD 55
push ebp
:00410CFE 68920D4100
push 00410D92
:00410D03 64FF30
:00410D06 648920
:00410D09 33C0
xor eax, eax
:00410D0B 55
push ebp
:00410D0C 68650D4100
push 00410D65
:00410D11 64FF30
:00410D14 648920
:00410D17 8B45FC
:00410D1A E8D1010000
call 00410EF0
:00410D1F 3C0B
cmp al, 0B
:00410D21 7405
je 00410D28
:00410D23 E808E6FFFF
call 0040F330
|:00410D21(C)
|
:00410D28 8BC3
:00410D2A E81D9DFFFF
:00410D2F 8B4001
:00410D32 8B30
:00410D34 33DB
|:00410D54(C), :00410D59(U)
|
:00410D36 8D55F8
:00410D39 8B45FC
:00410D3C E8CB000000
:00410D41 837DF800
:00410D45 7414
:00410D47 8B55F8
:00410D4A 8BC6
:00410D4C E86FE6FFFF
:00410D51 83F81F
:00410D54 77E0
:00410D56 0FABC3
mov eax, ebx

call 0040AA4C
xor ebx, ebx

call 00410E0C
je 00410D5B
mov eax, esi
call 0040F3C0
cmp eax, 0000001F
ja 00410D36
bts ebx, eax
:00410D59 EBDB
jmp 00410D36
|:00410D45(C)
|
:00410D5B 33C0
:00410D5D 5A
:00410D5E 59
:00410D5F 59
:00410D60 648910
:00410D63 EB17
:00410D65 E90623FFFF
:00410D6A 8B45FC
:00410D6D E892010000
:00410D72 E85525FFFF
:00410D77 E8A425FFFF
|:00410D63(U)
|
:00410D7C 33C0
:00410D7E 5A
:00410D7F 59
:00410D80 59
:00410D81 648910
:00410D84 68990D4100
|:00410D97(U)
|
:00410D89 8D45F8
:00410D8C E8272AFFFF
:00410D91 C3
:00410D92
:00410D97
:00410D99
:00410D9B
:00410D9C
:00410D9D
:00410D9E
:00410D9F
:00410DA0
:00410DA1
jmp
jmp
mov
pop
pop
pop
pop
pop
pop
ret
E9E124FFFF
EBF0
8BC3
5F
5E
5B
59
59
5D
C3
:00410DA2 8BC0
xor eax, eax

pop edx
pop ecx
pop ecx
jmp 00410D7C
jmp 00403070
call 00410F04
call 004032CC
call 00403320
xor eax, eax

pop edx
pop ecx
pop ecx
push 00410D99

call 004037B8
ret
00403278
00410D89
eax, ebx
edi
esi
ebx
ecx
ecx
ebp
mov eax, eax

|:00410AA0
|
:00410DA4 55
push ebp
:00410DA5 8BEC
mov ebp, esp
:00410DA7 83C4F8
add esp, FFFFFFF8
:00410DAA 33D2
xor edx, edx
:00410DAC 8955F8
:00410DAF 33D2
xor edx, edx
:00410DB1 55
push ebp
:00410DB2 68000E4100
push 00410E00
:00410DB7
:00410DBA
:00410DBD
:00410DC0
:00410DC5
:00410DCA
:00410DCD
:00410DD3
:00410DD5
:00410DD8
:00410DDD
:00410DE2
:00410DE5
64FF32
648922
8D55FC
B904000000
E8AAE9FFFF
8B45FC
3B05AC224400
7415
8D55F8
A1882B4400
E84240FFFF
8B45F8
E82EE5FFFF

mov ecx, 00000004
call 0040F774
cmp eax, dword ptr [004422AC]
je 00410DEA
call 00404E24
call 0040F318

|:00410DD3(C)
|
:00410DEA 33C0
xor eax, eax
:00410DEC 5A
pop edx
:00410DED 59
pop ecx
:00410DEE 59
pop ecx
:00410DEF 648910
* Possible StringData Ref from Code Obj ->"YY]"
|
:00410DF2 68070E4100
push 00410E07
|:00410E05(U)
|
:00410DF7 8D45F8
:00410DFA E8B929FFFF
:00410DFF C3
:00410E00
:00410E05
:00410E07
:00410E08
:00410E09
:00410E0A
jmp
jmp
pop
pop
pop
ret
E97324FFFF
EBF0
59
59
5D
C3
:00410E0B 90
|:0040F88F , :0040FBB1
|:00410B07 , :00410B25
|:00410F1F , :0041110C
|
:00410E0C 53
:00410E0D 56
:00410E0E 51
:00410E0F 8BF2
:00410E11 8BD8
:00410E13 8BD4
:00410E15 B901000000
:00410E1A 8BC3
:00410E1C E853E9FFFF
:00410E21 33C9

call 004037B8
ret
00403278
00410DF7
ecx
ecx
ebp
nop
Addresses:
, :0040FBBC
, :00410B39
, :0041116B
, :0041025E
, :00410B46
, :004111CB
push ebx
push esi
push ecx
mov esi, edx
mov ebx, eax
mov edx, esp
mov ecx, 00000001
mov eax, ebx
call 0040F774
xor ecx, ecx
, :00410AEA
, :00410D3C
, :004111D5
:00410E23
:00410E26
:00410E28
:00410E2A
:00410E2F
:00410E31
:00410E36
:00410E38
:00410E3A
:00410E3D
:00410E3F
:00410E44
:00410E45
:00410E46
:00410E47
8A0C24
8BC6
33D2
E86D2AFFFF
8BC6
E8CE2DFFFF
8BD0
33C9
8A0C24
8BC3
E830E9FFFF
5A
5E
5B
C3

mov eax, esi
xor edx, edx
call 0040389C
mov eax, esi
call 00403C04
mov edx, eax
xor ecx, ecx
mov eax, ebx
call 0040F774
pop edx
pop esi
pop ebx
ret

|:0040DCA5 , :004106E2 , :004108DC , :0043128E
|
:00410E48 53
push ebx
:00410E49 56
push esi
:00410E4A 51
push ecx
:00410E4B 8BF2
mov esi, edx
:00410E4D 8BD8
mov ebx, eax
:00410E4F 33C0
xor eax, eax
:00410E51 890424
:00410E54 8BC3
mov eax, ebx
:00410E56 E895000000
call 00410EF0
:00410E5B 2C06
sub al, 06
:00410E5D 7406
je 00410E65
:00410E5F 2C06
sub al, 06
:00410E61 7412
je 00410E75
:00410E63 EB20
jmp 00410E85
|:00410E5D(C)
|
:00410E65 8BD4
:00410E67 B901000000
:00410E6C 8BC3
:00410E6E E801E9FFFF
:00410E73 EB15
|:00410E61(C)
|
:00410E75 8BD4
:00410E77 B904000000
:00410E7C 8BC3
:00410E7E E8F1E8FFFF
:00410E83 EB05
mov edx, esp

mov ecx, 00000001
mov eax, ebx
call 0040F774
jmp 00410E8A
mov edx, esp

mov ecx, 00000004
mov eax, ebx
call 0040F774
jmp 00410E8A

|:00410E63(U)
|
:00410E85 E8A6E4FFFF
call 0040F330
|:00410E73(U), :00410E83(U)
|
:00410E8A 8BC6
:00410E8C 8B0C24
:00410E8F 33D2
:00410E91 E8062AFFFF
:00410E96 8B16
:00410E98 8B0C24
:00410E9B 8BC3
:00410E9D E8D2E8FFFF
:00410EA2 5A
:00410EA3 5E
:00410EA4 5B
:00410EA5 C3
mov eax, esi

xor edx, edx
call 0040389C
mov eax, ebx
call 0040F774
pop edx
pop esi
pop ebx
ret
:00410EA6 8BC0
mov eax, eax

|:004106FD
|
:00410EA8 53
push ebx
:00410EA9 56
push esi
:00410EAA 51
push ecx
:00410EAB 8BF2
mov esi, edx
:00410EAD 8BD8
mov ebx, eax
:00410EAF 33C0
xor eax, eax
:00410EB1 890424
:00410EB4 8BC3
mov eax, ebx
:00410EB6 E835000000
call 00410EF0
:00410EBB 3C12
cmp al, 12
:00410EBD 7405
je 00410EC4
:00410EBF E86CE4FFFF
call 0040F330
|:00410EBD(C)
|
:00410EC4 8BD4
:00410EC6 B904000000
:00410ECB 8BC3
:00410ECD E8A2E8FFFF
:00410ED2 8BC6
:00410ED4 8B1424
:00410ED7 E8E42FFFFF
:00410EDC 8B0C24
:00410EDF 03C9
:00410EE1 8B16
:00410EE3 8BC3
:00410EE5 E88AE8FFFF
:00410EEA 5A
:00410EEB 5E
:00410EEC 5B
:00410EED C3
:00410EEE 8BC0
mov eax, eax
mov edx, esp

mov ecx, 00000004
mov eax, ebx
call 0040F774
mov eax, esi
call 00403EC0
add ecx, ecx
mov eax, ebx
call 0040F774
pop edx
pop esi
pop ebx
ret

|:0040F41C , :0040F49B , :0040F54D
|:0040FE40 , :0040FE80 , :0040FEC0
, :0040F75D
, :0040FF0C
, :0040F83D
, :0040FF4D
|:00410093 , :00410629
|:0041098A , :00410D1A
|
:00410EF0 51
:00410EF1 8BD4
:00410EF3 B901000000
:00410EF8 E877E8FFFF
:00410EFD 8A0424
:00410F00 5A
:00410F01 C3
, :00410715
, :00410E56
:00410F02 8BC0
, :00410925
, :00410EB6
, :0041093F
, :0041106F
push ecx
mov edx, esp
mov ecx, 00000001
call 0040F774
pop edx
ret
mov eax, eax

|:00410D6D , :0041111F
|
:00410F04 55
push ebp
:00410F05 8BEC
mov ebp, esp
:00410F07 6A00
push 00000000
:00410F09 53
push ebx
:00410F0A 8BD8
mov ebx, eax
:00410F0C 33C0
xor eax, eax
:00410F0E 55
push ebp
:00410F0F 68400F4100
push 00410F40
:00410F14 64FF30
:00410F17 648920
|:00410F28(C)
|
:00410F1A 8D55FC
:00410F1D 8BC3
:00410F1F E8E8FEFFFF
:00410F24 837DFC00
:00410F28 75F0
:00410F2A 33C0
:00410F2C 5A
:00410F2D 59
:00410F2E 59
:00410F2F 648910

mov eax, ebx
call 00410E0C
jne 00410F1A
xor eax, eax
pop edx
pop ecx
pop ecx

|
:00410F32 68470F4100
push 00410F47
|:00410F45(U)
|
:00410F37 8D45FC
:00410F3A E87928FFFF
:00410F3F C3
:00410F40
:00410F45
:00410F47
:00410F48
:00410F49
:00410F4A
jmp
jmp
pop
pop
pop
ret
E93323FFFF
EBF0
5B
59
5D
C3

call 004037B8
ret
00403278
00410F37
ebx
ecx
ebp
:00410F4B 90
nop

|:004110C6
|
:00410F4C 55
push ebp
:00410F4D 8BEC
mov ebp, esp
:00410F4F 53
push ebx
:00410F50 8B5D08
:00410F53 83C3FC
add ebx, FFFFFFFC
:00410F56 EB07
jmp 00410F5F
|:00410F68(C)
|
:00410F58 8B03
:00410F5A E8F1000000
call 00411050
|:00410F56(U)
|
:00410F5F 8B03
:00410F61 E8E2E5FFFF
:00410F66 84C0
:00410F68 74EE
:00410F6A 8B03
:00410F6C E8FBF0FFFF
:00410F71 5B
:00410F72 5D
:00410F73 C3

call 0040F548
test al, al
je 00410F58
call 0041006C
pop ebx
pop ebp
ret

|:00410FE6 , :00411019 , :004110D4 , :004110E2
|:004110FE
|
:00410F74 55
push ebp
:00410F75 8BEC
mov ebp, esp
:00410F77 81C400FFFFFF
add esp, FFFFFF00
:00410F7D 53
push ebx
:00410F7E 8BD8
mov ebx, eax
:00410F80 85DB
test ebx, ebx
:00410F82 7E3F
jle 00410FC3
|:00410FC1(C)
|
:00410F84 81FB00010000
:00410F8A 7E1E
:00410F8C 8D9500FFFFFF
:00410F92 8B4508
:00410F95 8B40FC
:00410F98 B900010000
:00410F9D E8D2E7FFFF
:00410FA2 81EB00010000
:00410FA8 EB15
, :004110F0

cmp ebx, 00000100
jle 00410FAA
mov ecx, 00000100
call 0040F774
sub ebx, 00000100
jmp 00410FBF
|:00410F8A(C)
|
:00410FAA 8D9500FFFFFF
:00410FB0 8B4508
:00410FB3 8B40FC
:00410FB6 8BCB
:00410FB8 E8B7E7FFFF
:00410FBD 33DB

mov ecx, ebx
call 0040F774
xor ebx, ebx

|:00410FA8(U)
|
:00410FBF 85DB
test ebx, ebx
:00410FC1 7FC1
jg 00410F84
|:00410F82(C)
|
:00410FC3 5B
pop ebx
:00410FC4 8BE5
mov esp, ebp
:00410FC6 5D
pop ebp
:00410FC7 C3
ret

|:00411114
|
:00410FC8 55
push ebp
:00410FC9 8BEC
mov ebp, esp
:00410FCB 51
push ecx
:00410FCC 8D55FC
:00410FCF 8B4508
:00410FD2 8B40FC
:00410FD5 B904000000
mov ecx, 00000004
:00410FDA E895E7FFFF
call 0040F774
:00410FDF 8B4508
:00410FE2 50
push eax
:00410FE3 8B45FC
:00410FE6 E889FFFFFF
call 00410F74
:00410FEB 59
pop ecx
:00410FEC 59
pop ecx
:00410FED 5D
pop ebp
:00410FEE C3
ret
:00410FEF 90
nop

|:00411127
|
:00410FF0 55
push ebp
:00410FF1 8BEC
mov ebp, esp
:00410FF3 53
push ebx
:00410FF4 8B5D08
:00410FF7 83C3FC
add ebx, FFFFFFFC
:00410FFA EB3E
jmp 0041103A
|:00411043(C)
|
:00410FFC 8B03
:00410FFE E855E7FFFF
:00411003 04FE
:00411005 2C03
:00411007 7307
:00411009 8B03
:0041100B E840000000
|:00411007(C)
|
:00411010 8B4508
:00411013 50
:00411014 B801000000
:00411019 E856FFFFFF
:0041101E 59
:0041101F EB07

call 0040F758
add al, FE
sub al, 03
jnb 00411010
call 00411050
push eax
mov eax, 00000001
call 00410F74
pop ecx
jmp 00411028

|:00411031(C)
|
:00411021 8B03
:00411023 E828010000
call 00411150
|:0041101F(U)
|
:00411028 8B03
:0041102A E819E5FFFF
:0041102F 84C0
:00411031 74EE
:00411033 8B03
:00411035 E832F0FFFF
|:00410FFA(U)
|
:0041103A 8B03
:0041103C E807E5FFFF
:00411041 84C0
:00411043 74B7
:00411045 8B03
:00411047 E820F0FFFF
:0041104C 5B
:0041104D 5D
:0041104E C3
:0041104F 90
nop

call 0040F548
test al, al
je 00411021
call 0041006C

call 0040F548
test al, al
je 00410FFC
call 0041006C
pop ebx
pop ebp
ret

|:0040F42A , :0040F4AD , :0040F768 , :004101ED
|:0041100B , :00411172
|
:00411050 55
push ebp
:00411051 8BEC
mov ebp, esp
:00411053 83C4F8
add esp, FFFFFFF8
:00411056 33D2
xor edx, edx
, :00410F5A
:00411058
:0041105B
:0041105E
:00411060
:00411061
:00411066
:00411069
:0041106C
:0041106F
:00411074
:00411077
:0041107A
:00411080
8955F8
8945FC
33C0
55
6843114100
64FF30
648920
8B45FC
E87CFEFFFF
83E07F
83F80E
0F87AD000000
FF248587104100

xor eax, eax
push ebp
push 00411143
call 00410EF0
and eax, 0000007F
cmp eax, 0000000E
ja 0041112D
jmp dword ptr [4*eax+00411087]
:00411087
:0041108B
:0041108F
:00411093
:00411097
:0041109B
:0041109F
:004110A3
:004110A7
:004110AB
:004110AF
:004110B3
:004110B7
:004110BB
:004110BF
2D114100
C5104100
CE104100
DC104100
EA104100
F8104100
06114100
06114100
2D114100
2D114100
13114100
1C114100
2D114100
2D114100
26114100
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:004110C3
:004110C5
:004110C6
:004110CB
:004110CC
:004110CE
:004110CF
:004110D4
:004110D9
:004110DA
:004110DC
:004110DD
:004110E2
:004110E7
:004110E8
:004110EA
:004110EB
:004110F0
:004110F5
:004110F6
:004110F8
:004110F9
:004110FE
:00411103
:00411104
:00411106
:00411109
:0041110C
:00411111
EB68
55
E881FEFFFF
59
EB5F
55
B801000000
E89BFEFFFF
59
EB51
55
B802000000
E88DFEFFFF
59
EB43
55
B804000000
E87FFEFFFF
59
EB35
55
B80A000000
E871FEFFFF
59
EB27
8D55F8
8B45FC
E8FBFCFFFF
EB1A
jmp 0041112D
push ebp
call 00410F4C
pop ecx
jmp 0041112D
push ebp
mov eax, 00000001
call 00410F74
pop ecx
jmp 0041112D
push ebp
mov eax, 00000002
call 00410F74
pop ecx
jmp 0041112D
push ebp
mov eax, 00000004
call 00410F74
pop ecx
jmp 0041112D
push ebp
mov eax, 0000000A
call 00410F74
pop ecx
jmp 0041112D
call 00410E0C
jmp 0041112D
0041112D
004110C5
004110CE
004110DC
004110EA
004110F8
00411106
00411106
0041112D
0041112D
00411113
0041111C
0041112D
0041112D
00411126
:00411113
:00411114
:00411119
:0041111A
:0041111C
:0041111F
:00411124
:00411126
:00411127
:0041112C
55
E8AFFEFFFF
59
EB11
8B45FC
E8E0FDFFFF
EB07
55
E8C4FEFFFF
59
push ebp
call 00410FC8
pop ecx
jmp 0041112D
call 00410F04
jmp 0041112D
push ebp
call 00410FF0
pop ecx

|:0041107A(C), :004110C3(U), :004110CC(U), :004110DA(U), :004110E8(U)
|:004110F6(U), :00411104(U), :00411111(U), :0041111A(U), :00411124(U)
|
:0041112D 33C0
xor eax, eax
:0041112F 5A
pop edx
:00411130 59
pop ecx
:00411131 59
pop ecx
:00411132 648910
|
:00411135 684A114100
push 0041114A
|:00411148(U)
|
:0041113A 8D45F8
:0041113D E87626FFFF
:00411142 C3
:00411143
:00411148
:0041114A
:0041114B
:0041114C
:0041114D
jmp
jmp
pop
pop
pop
ret
E93021FFFF
EBF0
59
59
5D
C3
:0041114E 8BC0

call 004037B8
ret
00403278
0041113A
ecx
ecx
ebp
mov eax, eax

|:00411023 , :004111DE
|
:00411150 55
push ebp
:00411151 8BEC
mov ebp, esp
:00411153 6A00
push 00000000
:00411155 53
push ebx
:00411156 8BD8
mov ebx, eax
:00411158 33C0
xor eax, eax
:0041115A 55
push ebp
:0041115B 688D114100
push 0041118D
:00411160 64FF30
:00411163 648920
:00411166 8D55FC
:00411169 8BC3
mov eax, ebx
:0041116B E89CFCFFFF
call 00410E0C
:00411170 8BC3
mov eax, ebx
:00411172
:00411177
:00411179
:0041117A
:0041117B
:0041117C
E8D9FEFFFF
33C0
5A
59
59
648910
call 00411050
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0041117F 6894114100
push 00411194
|:00411192(U)
|
:00411184 8D45FC
:00411187 E82C26FFFF
:0041118C C3
:0041118D
:00411192
:00411194
:00411195
:00411196
:00411197
jmp
jmp
pop
pop
pop
ret
E9E620FFFF
EBF0
5B
59
5D
C3

call 004037B8
ret
00403278
00411184
ebx
ecx
ebp

|:0040F9DA , :004111FB
|
:00411198 55
push ebp
:00411199 8BEC
mov ebp, esp
:0041119B 83C4F4
add esp, FFFFFFF4
:0041119E 53
push ebx
:0041119F 56
push esi
:004111A0 33C9
xor ecx, ecx
:004111A2 894DF4
:004111A5 8BF0
mov esi, eax
:004111A7 33C0
xor eax, eax
:004111A9 55
push ebp
:004111AA 6828124100
push 00411228
:004111AF 64FF30
:004111B2 648920
:004111B5 84D2
test dl, dl
:004111B7 742A
je 004111E3
:004111B9 8D4DF8
:004111BC 8D55FF
:004111BF 8BC6
mov eax, esi
:004111C1 8B18
:004111C3 FF5320
call [ebx+20]
:004111C6 8D55F4
:004111C9 8BC6
mov eax, esi
:004111CB E83CFCFFFF
call 00410E0C
:004111D0 8D55F4
:004111D3 8BC6
mov eax, esi
:004111D5 E832FCFFFF
call 00410E0C
:004111DA EB07
jmp 004111E3
|:004111EC(C)
|
:004111DC 8BC6
:004111DE E86DFFFFFF
mov eax, esi

call 00411150
|:004111B7(C), :004111DA(U)
|
:004111E3 8BC6
:004111E5 E85EE3FFFF
:004111EA 84C0
:004111EC 74EE
:004111EE 8BC6
:004111F0 E877EEFFFF
:004111F5 EB09
|:00411209(C)
|
:004111F7 B201
:004111F9 8BC6
:004111FB E898FFFFFF
|:004111F5(U)
|
:00411200 8BC6
:00411202 E841E3FFFF
:00411207 84C0
:00411209 74EC
:0041120B 8BC6
:0041120D E85AEEFFFF
:00411212 33C0
:00411214 5A
:00411215 59
:00411216 59
:00411217 648910
:0041121A 682F124100
|:0041122D(U)
|
:0041121F 8D45F4
:00411222 E89125FFFF
:00411227 C3
:00411228
:0041122D
:0041122F
:00411230
:00411231
:00411233
:00411234
E94B20FFFF
EBF0
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
mov
pop
ret
:00411235
:00411238
:00411239
:0041123B
8D4000
55
8BEC
83C4EC

push ebp
mov ebp, esp
add esp, FFFFFFEC
mov eax, esi

call 0040F548
test al, al
je 004111DC
mov eax, esi
call 0041006C
jmp 00411200
mov dl, 01
mov eax, esi
call 00411198
mov eax, esi

call 0040F548
test al, al
je 004111F7
mov eax, esi
call 0041006C
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041122F

call 004037B8
ret
00403278
0041121F
esi
ebx
esp, ebp
ebp
:0041123E
:0041123F
:00411240
:00411241
:00411243
:00411246
:00411249
:0041124B
:0041124D
:0041124F
:00411251
:00411252
:00411257
:0041125A
:0041125D
:00411260
:00411262
:00411267
:0041126A
:0041126D
:00411272
:00411275
:00411279
:0041127B
:00411280
:00411282
:00411283
:00411286
:00411287
:0041128A
:0041128C
:0041128F
53
56
57
33DB
895DEC
895DF8
8BF9
8BF2
8BD8
33C0
55
68E7124100
64FF30
648920
8D45F8
8BD6
E8E925FFFF
8B55F8
8B4318
E81E070000
8945FC
837DFC00
754E
66837B4E00
7410
57
8D45FC
50
8B4DF8
8BD3
8B4350
FF534C
push ebx
push esi
push edi
xor ebx, ebx
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 004112E7
mov edx, esi
call 00403850
call 00411990
jne 004112C9
cmp word ptr [ebx+4E], 0000
je 00411292
push edi
push eax
mov edx, ebx
call [ebx+4C]
|:00411280(C)
|
:00411292 837DFC00
:00411296 7531
:00411298 8B45F8
:0041129B 8945F0
:0041129E C645F40B
:004112A2 8D45F0
:004112A5 50
:004112A6 6A00
:004112A8 8D55EC
:004112AB A11C2B4400
:004112B0 E86F3BFFFF
:004112B5 8B4DEC
:004112B8 B201
:004112BA A1C4B14000
:004112BF E8E475FFFF
:004112C4 E8E71FFFFF
|:00411279(C), :00411296(C)
|
:004112C9 33C0
:004112CB 5A
:004112CC 59
:004112CD 59

jne 004112C9
mov [ebp-0C], 0B
push eax
push 00000000
call 00404E24
mov dl, 01
call 004088A8
call 004032B0
xor
pop
pop
pop
eax, eax
edx
ecx
ecx
:004112CE 648910
:004112D1 68EE124100

push 004112EE
|:004112EC(U)
|
:004112D6 8D45EC
:004112D9 E8DA24FFFF
:004112DE 8D45F8
:004112E1 E8D224FFFF
:004112E6 C3
:004112E7
:004112EC
:004112EE
:004112F1
:004112F2
:004112F3
:004112F4
:004112F6
:004112F7
E98C1FFFFF
EBE8
8B45FC
5F
5E
5B
8BE5
5D
C3
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
:004112F8
:004112F9
:004112FE
:00411300
:00411302
:00411304
:00411306
:00411309
53
6683784600
740C
8BCA
8BD8
8BD0
8B4348
FF5344
push ebx
je 0041130C
mov ecx, edx
mov ebx, eax
mov edx, eax
call [ebx+44]

call 004037B8
call 004037B8
ret
00403278
004112D6
edi
esi
ebx
esp, ebp
ebp

|:004112FE(C)
|
:0041130C 5B
pop ebx
:0041130D C3
ret
:0041130E
:00411310
:00411311
:00411312
:00411313
:00411315
:00411317
:0041131C
:0041131E
:0041131F
:00411321
:00411323
:00411325
:00411328
8BC0
53
56
57
8BF1
8BDA
6683783E00
740D
56
8BF8
8BCB
8BD0
8B4740
FF573C
mov eax, eax

push ebx
push esi
push edi
mov esi, ecx
mov ebx, edx
je 0041132B
push esi
mov edi, eax
mov ecx, ebx
mov edx, eax
call [edi+3C]

|:0041131C(C)
|
:0041132B 8B16
:0041132D 8BC3
mov eax, ebx
:0041132F
:00411331
:00411334
:00411335
:00411336
:00411337
8B08
FF5118
5F
5E
5B
C3

call [ecx+18]
pop edi
pop esi
pop ebx
ret

|:004113D5 , :00411401 , :0041141A , :00411460
|:00411485 , :0041149B
|
:00411338 56
push esi
:00411339 57
push edi
:0041133A 53
push ebx
:0041133B 89D6
mov esi, edx
:0041133D 89CB
mov ebx, ecx
:0041133F 89C7
mov edi, eax
:00411341 EB36
jmp 00411379
|:0041137B(C)
|
:00411343 8B4F0C
:00411346 2B4F10
:00411349 770A
:0041134B 89F8
:0041134D E832000000
:00411352 8B4F0C
, :00411479

mov ecx, dword ptr [edi+0C]
sub ecx, dword ptr [edi+10]
ja 00411355
mov eax, edi
call 00411384
mov ecx, dword ptr [edi+0C]

|:00411349(C)
|
:00411355 39D9
cmp ecx, ebx
:00411357 7202
jb 0041135B
:00411359 89D9
mov ecx, ebx
|:00411357(C)
|
:0041135B 29CB
sub ebx, ecx
:0041135D 57
push edi
:0041135E 8B4708
:00411361 034710
:00411364 014F10
add dword ptr [edi+10], ecx
:00411367 89C7
mov edi, eax
:00411369 89CA
mov edx, ecx
:0041136B C1E902
shr ecx, 02
:0041136E FC
cld
:0041136F F3
repz
:00411370 A5
movsd
:00411371 89D1
mov ecx, edx
:00411373 83E103
and ecx, 00000003
:00411376 F3
repz
:00411377 A4
movsb
:00411378 5F
pop edi
|:00411341(U)
|
:00411379
:0041137B
:0041137D
:0041137E
:0041137F
:00411380
09DB
75C6
5B
5F
5E
C3
:00411381 8D4000
or ebx, ebx
jne 00411343
pop ebx
pop edi
pop esi
ret

|:0041134D
|
:00411384 53
push ebx
:00411385 8BD8
mov ebx, eax
:00411387 8B5308
:0041138A 8B4B10
:0041138D 8B4304
:00411390 E877D4FFFF
call 0040E80C
:00411395 33C0
xor eax, eax
:00411397 894310
:0041139A 5B
pop ebx
:0041139B C3
ret

|:00424430
|
:0041139C 84D2
test dl, dl
:0041139E 7408
je 004113A8
:004113A0 B209
mov dl, 09
:004113A2 E8E9000000
call 00411490
:004113A7 C3
ret
|:0041139E(C)
|
:004113A8 B208
:004113AA E8E1000000
:004113AF C3

mov dl, 08
call 00411490
ret

|:00411609 , :00411615 , :00438951 , :0043896D
|
:004113B0 53
push ebx
:004113B1 51
push ecx
:004113B2 891424
:004113B5 8BD8
mov ebx, eax
:004113B7 833C2480
cmp dword ptr [esp], FFFFFF80
:004113BB 7C20
jl 004113DD
:004113BD 833C247F
cmp dword ptr [esp], 0000007F
:004113C1 7F1A
jg 004113DD
:004113C3 B202
mov dl, 02
:004113C5 8BC3
mov eax, ebx
:004113C7
:004113CC
:004113CE
:004113D3
:004113D5
:004113DA
:004113DB
:004113DC
E8C4000000
8BD4
B901000000
8BC3
E85EFFFFFF
5A
5B
C3
call 00411490
mov edx, esp
mov ecx, 00000001
mov eax, ebx
call 00411338
pop edx
pop ebx
ret
|:004113BB(C), :004113C1(C)
|
:004113DD 813C240080FFFF
:004113E4 7C22
:004113E6 813C24FF7F0000
:004113ED 7F19
:004113EF B203
:004113F1 8BC3
:004113F3 E898000000
:004113F8 8BD4
:004113FA B902000000
:004113FF 8BC3
:00411401 E832FFFFFF
:00411406 EB17
|:004113E4(C), :004113ED(C)
|
:00411408 B204
:0041140A 8BC3
:0041140C E87F000000
:00411411 8BD4
:00411413 B904000000
:00411418 8BC3
cmp dword ptr [esp], FFFF8000

jl 00411408
cmp dword ptr [esp], 00007FFF
jg 00411408
mov dl, 03
mov eax, ebx
call 00411490
mov edx, esp
mov ecx, 00000002
mov eax, ebx
call 00411338
jmp 0041141F
mov dl, 04
mov eax, ebx
call 00411490
mov edx, esp
mov ecx, 00000004
mov eax, ebx
call 00411338

|:00411406(U)
|
:0041141F 5A
pop edx
:00411420 5B
pop ebx
:00411421 C3
ret
:00411422 8BC0
mov eax, eax

|:0040DF2D
|
:00411424 B201
mov dl, 01
:00411426 E865000000
call 00411490
:0041142B C3
ret

|:0040DF63
|
:0041142C 33D2
:0041142E E85D000000
:00411433 C3
xor edx, edx

call 00411490
ret

|:0040DF57
|
:00411434 53
push ebx
:00411435 56
push esi
:00411436 51
push ecx
:00411437 8BF2
mov esi, edx
:00411439 8BD8
mov ebx, eax
:0041143B 8BC6
mov eax, esi
:0041143D E8F225FFFF
call 00403A34
:00411442 890424
:00411445 813C24FF000000
cmp dword ptr [esp], 000000FF
:0041144C 7F19
jg 00411467
:0041144E B206
mov dl, 06
:00411450 8BC3
mov eax, ebx
:00411452 E839000000
call 00411490
:00411457 8BD4
mov edx, esp
:00411459 B901000000
mov ecx, 00000001
:0041145E 8BC3
mov eax, ebx
:00411460 E8D3FEFFFF
call 00411338
:00411465 EB17
jmp 0041147E
|:0041144C(C)
|
:00411467 B20C
:00411469 8BC3
:0041146B E820000000
:00411470 8BD4
:00411472 B904000000
:00411477 8BC3
:00411479 E8BAFEFFFF
|:00411465(U)
|
:0041147E 8BD6
:00411480 8B0C24
:00411483 8BC3
:00411485 E8AEFEFFFF
:0041148A 5A
:0041148B 5E
:0041148C 5B
:0041148D C3
:0041148E 8BC0
mov eax, eax
mov dl, 0C
mov eax, ebx
call 00411490
mov edx, esp
mov ecx, 00000004
mov eax, ebx
call 00411338
mov edx, esi

mov eax, ebx
call 00411338
pop edx
pop esi
pop ebx
ret

|:004113A2 , :004113AA , :004113C7 , :004113F3 , :0041140C
|:00411426 , :0041142E , :00411452 , :0041146B
|
:00411490 51
push ecx
:00411491 881424
:00411494
:00411496
:0041149B
:004114A0
:004114A1
8BD4
B901000000
E898FEFFFF
5A
C3
:004114A2 8BC0
mov edx, esp

mov ecx, 00000001
call 00411338
pop edx
ret
mov eax, eax

|:00412416
|
:004114A4 833D2C36440000
cmp dword ptr [0044362C], 00000000
:004114AB 7412
je 004114BF
:004114AD A12C364400
:004114B2 50
push eax
|
:004114B3 E8D04BFFFF
Call 00406088
:004114B8 33C0
xor eax, eax
:004114BA A32C364400
|:004114AB(C)
|
:004114BF C3
ret
|:00411DC6 , :00422453 , :0042DBCB , :0042E5B6
|:004329E0 , :0043CB69 , :0043DA98
|
:004114C0 53
push ebx
:004114C1 56
push esi
:004114C2 57
push edi
:004114C3 84D2
test dl, dl
:004114C5 7408
je 004114CF
:004114C7 83C4F0
add esp, FFFFFFF0
:004114CA E8351AFFFF
call 00402F04
|:004114C5(C)
|
:004114CF 8BF1
:004114D1 8BDA
:004114D3 8BF8
:004114D5 A008154100
:004114DA 884721
:004114DD 85F6
:004114DF 7409
:004114E1 8BD7
:004114E3 8BC6
:004114E5 E886010000
, :00430EBA

mov esi, ecx
mov ebx, edx
mov edi, eax
mov byte ptr [edi+21], al
test esi, esi
je 004114EA
mov edx, edi
mov eax, esi
call 00411670

|:004114DF(C)
|
:004114EA 8BC7
mov eax, edi
:004114EC 84DB
test bl, bl
:004114EE 740F
je 004114FF
:004114F0 E8671AFFFF
:004114F5 648F0500000000
:004114FC 83C40C
call 00402F5C
add esp, 0000000C

|:004114EE(C)
|
:004114FF 8BC7
mov eax, edi
:00411501 5F
pop edi
:00411502 5E
pop esi
:00411503 5B
pop ebx
:00411504 C3
ret
:00411505 000000
BYTE 3 DUP(0)
:00411508 0100
:0041150A 0000


|:00411E07 , :0042259D , :0042DC52 , :0042E642 , :00430F85
|:00432A2E , :0043CD9C , :0043DC69
|
:0041150C 53
push ebx
:0041150D 56
push esi
:0041150E 57
push edi
:0041150F 55
push ebp
:00411510 51
push ecx
:00411511 E84E1AFFFF
call 00402F64
:00411516 881424
:00411519 8BD8
mov ebx, eax
:0041151B 8B4314
:0041151E 85C0
test eax, eax
:00411520 742F
je 00411551
:00411522 8B7008
:00411525 4E
dec esi
:00411526 85F6
test esi, esi
:00411528 7C1A
jl 00411544
:0041152A 46
inc esi
:0041152B 33FF
xor edi, edi
|:00411542(C)
|
:0041152D 8BD7
:0041152F 8B4314
:00411532 E841B6FFFF
:00411537 B101
:00411539 8BD3
:0041153B 8B28
:0041153D FF5510
:00411540 47
:00411541 4E
:00411542 75E9

mov edx, edi
call 0040CB78
mov cl, 01
mov edx, ebx
mov ebp, dword ptr [eax]
call [ebp+10]
inc edi
dec esi
jne 0041152D

|:00411528(C)
|
:00411544 8B4314
:00411547 E8D416FFFF
:0041154C 33C0
:0041154E 894314
call 00402C20
xor eax, eax
|:00411520(C)
|
:00411551 8BC3
:00411553 E8D8010000
:00411558 8BC3
:0041155A E8A5010000
:0041155F 8B4304
:00411562 85C0
:00411564 7407
:00411566 8BD3
:00411568 E857010000
|:00411564(C)
|
:0041156D 8A1424
:00411570 80E2FC
:00411573 8BC3
:00411575 E862BCFFFF
:0041157A 803C2400
:0041157E 7E07
:00411580 8BC3
:00411582 E8CD19FFFF
mov eax, ebx

call 00411730
mov eax, ebx
call 00411704
test eax, eax
je 0041156D
mov edx, ebx
call 004116C4
mov dl, byte ptr [esp]

and dl, FC
mov eax, ebx
call 0040D1DC
jle 00411587
mov eax, ebx
call 00402F54

|:0041157E(C)
|
:00411587 5A
pop edx
:00411588 5D
pop ebp
:00411589 5F
pop edi
:0041158A 5E
pop esi
:0041158B 5B
pop ebx
:0041158C C3
ret
:0041158D 8D4000

|:004115D3 , :0041D713 , :004226F2 , :00423176 , :0042DD0B
|:0042DD7F , :004325A4 , :00433137 , :00439A61 , :00439B23
|
:00411590 53
push ebx
:00411591 56
push esi
:00411592 8BF2
mov esi, edx
:00411594 8BD8
mov ebx, eax
:00411596 8B4304
:00411599 85C0
test eax, eax
:0041159B 7405
je 004115A2
:0041159D 3B4604
cmp eax, dword ptr [esi+04]
:004115A0 7436
je 004115D8
|:0041159B(C)
|
:004115A2 837B1400
:004115A6
:004115A8
:004115AA
:004115AF
:004115B4
750F
B201
A154B54000
E83C16FFFF
894314
jne 004115B7
mov dl, 01
call 00402BF0
|:004115A6(C)
|
:004115B7 8BD6
:004115B9 8B4314
:004115BC E84FB6FFFF
:004115C1 85C0
:004115C3 7D13
:004115C5 8BD6
:004115C7 8B4314
:004115CA E891B4FFFF
:004115CF 8BD3
:004115D1 8BC6
:004115D3 E8B8FFFFFF
|:004115A0(C), :004115C3(C)
|
:004115D8 5E
:004115D9 5B
:004115DA C3
:004115DB
:004115DC
:004115DD
:004115DE
:004115E0
:004115E2
:004115E4
:004115E9
:004115ED
:004115EE
:004115EF
90
53
56
8BF2
8BD8
8BC6
E80FEAFFFF
66894318
5E
5B
C3
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 0040FFF8
mov word ptr [ebx+18], ax
pop esi
pop ebx
ret
:004115F0
:004115F1
:004115F2
:004115F4
:004115F6
:004115F8
:004115FD
:00411601
:00411602
:00411603
53
56
8BF2
8BD8
8BC6
E8FBE9FFFF
6689431A
5E
5B
C3
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 0040FFF8
mov word ptr [ebx+1A], ax
pop esi
pop ebx
ret
:00411604
:00411608
:00411609
:0041160E
0FB74018
92
E8A2FDFFFF
C3
movzx eax, word ptr [eax+18]

xchg eax,edx
call 004113B0
ret
mov edx, esi

call 0040CC10
test eax, eax
jge 004115D8
mov edx, esi
call 0040CA60
mov edx, ebx
mov eax, esi
call 00411590
pop esi
pop ebx
ret
:0041160F
:00411610
:00411614
:00411615
:0041161A
90
0FB7401A
92
E896FDFFFF
C3
:0041161B 90
nop
movzx eax, word ptr [eax+1A]
xchg eax,edx
call 004113B0
ret
nop

|:00411697
|
:0041161C 53
push ebx
:0041161D 56
push esi
:0041161E 8BF2
mov esi, edx
:00411620 8BD8
mov ebx, eax
:00411622 837B1000
:00411626 750F
jne 00411637
:00411628 B201
mov dl, 01
:0041162A A154B54000
:0041162F E8BC15FFFF
call 00402BF0
:00411634 894310
|:00411626(C)
|
:00411637 8BD6
:00411639 8B4310
:0041163C E81FB4FFFF
:00411641 895E04
:00411644 5E
:00411645 5B
:00411646 C3
:00411647 90
nop
mov edx, esi

call 0040CA60
pop esi
pop ebx
ret

|:004116E3 , :00411717
|
:00411648 53
push ebx
:00411649 8BD8
mov ebx, eax
:0041164B 33C0
xor eax, eax
:0041164D 894204
:00411650 8B4310
:00411653 E8ECB6FFFF
call 0040CD44
:00411658 8B4310
:0041165B 83780800
:0041165F 750A
jne 0041166B
:00411661 E8BA15FFFF
call 00402C20
:00411666 33C0
xor eax, eax
:00411668 894310
|:0041165F(C)
|
:0041166B 5B
pop ebx
:0041166C C3
ret
:0041166D 8D4000

|:004114E5
|
:00411670 53
push ebx
:00411671 56
push esi
:00411672 57
push edi
:00411673 8BF2
mov esi, edx
:00411675 8BF8
mov edi, eax
:00411677 8BD7
mov edx, edi
:00411679 8BC6
mov eax, esi
:0041167B 66BBF6FF
mov bx, FFF6
:0041167F E87017FFFF
call 00402DF4
:00411684 8B4608
:00411687 50
push eax
:00411688 33C9
xor ecx, ecx
:0041168A 8BD6
mov edx, esi
:0041168C 8BC7
mov eax, edi
:0041168E 8B18
:00411690 FF5320
call [ebx+20]
:00411693 8BD6
mov edx, esi
:00411695 8BC7
mov eax, edi
:00411697 E880FFFFFF
call 0041161C
:0041169C B201
mov dl, 01
:0041169E 8BC6
mov eax, esi
:004116A0 E82B050000
call 00411BD0
:004116A5 F6472010
test [edi+20], 10
:004116A9 7409
je 004116B4
:004116AB B201
mov dl, 01
:004116AD 8BC6
mov eax, esi
:004116AF E8DC040000
call 00411B90
|:004116A9(C)
|
:004116B4 33C9
xor ecx, ecx
:004116B6 8BD6
mov edx, esi
:004116B8 8BC7
mov eax, edi
:004116BA 8B18
:004116BC FF5310
call [ebx+10]
:004116BF 5F
pop edi
:004116C0 5E
pop esi
:004116C1 5B
pop ebx
:004116C2 C3
ret
:004116C3 90
nop

|:00411568
|
:004116C4 53
push ebx
:004116C5 56
push esi
:004116C6 57
push edi
:004116C7 8BDA
mov ebx, edx
:004116C9 8BF0
mov esi, eax
:004116CB B101
mov cl, 01
:004116CD 8BD3
mov edx, ebx
:004116CF 8BC6
mov eax, esi
:004116D1
:004116D3
:004116D6
:004116D8
:004116DA
:004116DF
:004116E1
:004116E3
:004116E8
:004116EA
:004116EC
:004116F1
:004116F3
:004116F6
:004116F8
:004116FA
:004116FC
:004116FF
:00411700
:00411701
:00411702
8B38
FF5710
33D2
8BC3
E8F1040000
8BD3
8BC6
E860FFFFFF
33D2
8BC3
E89F040000
6A00
8B4B08
8BD3
8BC6
8B18
FF5320
5F
5E
5B
C3
:00411703 90

call [edi+10]
xor edx, edx
mov eax, ebx
call 00411BD0
mov edx, ebx
mov eax, esi
call 00411648
xor edx, edx
mov eax, ebx
call 00411B90
push 00000000
mov edx, ebx
mov eax, esi
call [ebx+20]
pop edi
pop esi
pop ebx
ret
nop

|:0041155A , :004363AF
|
:00411704 53
push ebx
:00411705 56
push esi
:00411706 8BD8
mov ebx, eax
:00411708 EB1B
jmp 00411725
|:0041172A(C)
|
:0041170A 8BC6
:0041170C E8BFB5FFFF
:00411711 8BF0
:00411713 8BD6
:00411715 8BC3
:00411717 E82CFFFFFF
:0041171C B201
:0041171E 8BC6
:00411720 8B08
:00411722 FF51FC

mov eax, esi
call 0040CCD0
mov esi, eax
mov edx, esi
mov eax, ebx
call 00411648
mov dl, 01
mov eax, esi
call [ecx-04]

|:00411708(U)
|
:00411725 8B7310
:00411728 85F6
test esi, esi
:0041172A 75DE
jne 0041170A
:0041172C 5E
pop esi
:0041172D 5B
pop ebx
:0041172E C3
ret
:0041172F 90
nop

|:00411553 , :0041175B , :00425363 , :004363A5 , :0043835D
|
:00411730 53
push ebx
:00411731 56
push esi
:00411732 57
push edi
:00411733 8BD8
mov ebx, eax
:00411735 F6432008
test [ebx+20], 08
:00411739 7529
jne 00411764
:0041173B 804B2008
or byte ptr [ebx+20], 08
:0041173F 8B4310
:00411742 85C0
test eax, eax
:00411744 741E
je 00411764
:00411746 8B7008
:00411749 4E
dec esi
:0041174A 85F6
test esi, esi
:0041174C 7C16
jl 00411764
:0041174E 46
inc esi
:0041174F 33FF
xor edi, edi
|:00411762(C)
|
:00411751 8BD7
:00411753 8B4310
:00411756 E81DB4FFFF
:0041175B E8D0FFFFFF
:00411760 47
:00411761 4E
:00411762 75ED

mov edx, edi
call 0040CB78
call 00411730
inc edi
dec esi
jne 00411751

|:00411739(C), :00411744(C), :0041174C(C)
|
:00411764 5F
pop edi
:00411765 5E
pop esi
:00411766 5B
pop ebx
:00411767 C3
ret

|:004227EB , :0042DD2F , :0043295B , :00433157
|
:00411768 53
push ebx
:00411769 56
push esi
:0041176A 57
push edi
:0041176B 55
push ebp
:0041176C 83C4F8
add esp, FFFFFFF8
:0041176F 884C2404
mov byte ptr [esp+04], cl
:00411773 891424
:00411776 8BD8
mov ebx, eax
:00411778 8B4314
:0041177B 85C0
test eax, eax
:0041177D 7422
je 004117A1
:0041177F 807C240401
:00411784 751B
jne 004117A1
:00411786 8B1424
:00411789 E8B6B5FFFF
call 0040CD44
:0041178E 8B4314
:00411791
:00411795
:00411797
:0041179C
:0041179E
83780800
750A
E88414FFFF
33C0
894314

jne 004117A1
call 00402C20
xor eax, eax

|:0041177D(C), :00411784(C), :00411795(C)
|
:004117A1 8B4310
:004117A4 85C0
test eax, eax
:004117A6 7425
je 004117CD
:004117A8 8B7008
:004117AB 4E
dec esi
:004117AC 85F6
test esi, esi
:004117AE 7C1D
jl 004117CD
:004117B0 46
inc esi
:004117B1 33FF
xor edi, edi
|:004117CB(C)
|
:004117B3 8BD7
:004117B5 8B4310
:004117B8 E8BBB3FFFF
:004117BD 8A4C2404
:004117C1 8B1424
:004117C4 8B28
:004117C6 FF5510
:004117C9 47
:004117CA 4E
:004117CB 75E6
|:004117A6(C), :004117AE(C)
|
:004117CD 59
:004117CE 5A
:004117CF 5D
:004117D0 5F
:004117D1 5E
:004117D2 5B
:004117D3 C3
mov edx, edi

call 0040CB78
mov cl, byte ptr [esp+04]
call [ebp+10]
inc edi
dec esi
jne 004117B3
pop
pop
pop
pop
pop
pop
ret
ecx
edx
ebp
edi
esi
ebx

|:0042F3E3 , :004314D2
|
:004117D4 55
push ebp
:004117D5 8BEC
mov ebp, esp
:004117D7 51
push ecx
:004117D8 53
push ebx
:004117D9 56
push esi
:004117DA 57
push edi
:004117DB 8BF2
mov esi, edx
:004117DD 8BD8
mov ebx, eax
:004117DF 33C0
xor eax, eax
:004117E1 8945FC
:004117E4 8B461C
:004117E7
:004117E9
:004117EB
:004117EE
85C0
7406
8B4018
8945FC
|:004117E9(C)
|
:004117F1 53
:004117F2 68DC154100
:004117F7 53
:004117F8 6804164100
:004117FD 668B4318
:00411801 663B45FC
:00411805 0F95C1
test eax, eax

je 004117F1
push ebx
push 004115DC
push ebx
push 00411604
mov ax, word ptr [ebx+18]
cmp ax, word ptr [ebp-04]
setne cl
* Possible StringData Ref from Code Obj ->"Left"

|
:00411808 BA44184100
mov edx, 00411844
:0041180D 8BC6
mov eax, esi
:0041180F 8B38
:00411811 FF17
:00411813 53
push ebx
:00411814 68F0154100
push 004115F0
:00411819 53
push ebx
:0041181A 6810164100
push 00411610
:0041181F 668B45FE
:00411823 663B431A
cmp ax, word ptr [ebx+1A]
:00411827 0F95C1
setne cl
* Possible StringData Ref from Code Obj ->"Top"
|
:0041182A BA54184100
mov edx, 00411854
:0041182F 8BC6
mov eax, esi
:00411831 8B18
:00411833 FF13
:00411835 5F
pop edi
:00411836 5E
pop esi
:00411837 5B
pop ebx
:00411838 59
pop ecx
:00411839 5D
pop ebp
:0041183A C3
ret
:0041183B 00
BYTE 0
:0041183C FFFFFFFF
BYTE 4 DUP(0ffh)
:00411840
:00411842
:00411844
:00411845
add al, 00
dec esp
je 00411849
0400
0000
4C
65667400

|:00411847(C)
|
:00411849 000000
BYTE 3 DUP(0)
:0041184C FFFFFFFF
BYTE 4 DUP(0ffh)
:00411850
:00411852
:00411854
:00411855
:00411856
0300
0000
54
6F
7000

push esp
outsd
jo 00411858

|:0042D9FD
|
|:00411856(C)
|
:00411858 33C0
xor eax, eax
:0041185A C3
ret
:0041185B
:0041185C
:0041185D
:0041185F
:00411860
90
55
8BEC
5D
C20800
nop
push ebp
mov ebp, esp
pop ebp
ret 0008
:00411863 90
:00411864 33C0
:00411866 C3
nop
xor eax, eax
ret
:00411867 90
:00411868 C3
nop
ret
:00411869
:0041186C
:0041186D
:0041186E
:00411870
:00411872
:00411874
:00411877
:0041187C
:0041187D
:0041187E

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 00403850
pop esi
pop ebx
ret
8D4000
53
56
8BF2
8BD8
8BC6
8B5308
E8D41FFFFF
5E
5B
C3
:0041187F 90
:00411880 8B4004
:00411883 C3
nop
ret
:00411884 C3
ret
:00411885 8D4000

|:0042D9EE
|
:00411888 33C0
:0041188A C3
xor eax, eax

ret
:0041188B 90
:0041188C C3
nop
ret
:0041188D
:00411890
:00411891
:00411893
:00411897
:00411898
8D4000
53
8BD8
804B2040
5B
C3

push ebx
mov ebx, eax
pop ebx
ret
:00411899
:0041189C
:0041189D
:0041189F
:004118A3
:004118A4
8D4000
53
8BD8
806320BF
5B
C3

push ebx
mov ebx, eax
and byte ptr [ebx+20], BF
pop ebx
ret
:004118A5 8D4000

|:00424F41 , :004312F2 , :004330B5
|
:004118A8 53
push ebx
:004118A9 8BD8
mov ebx, eax
:004118AB 806320FE
and byte ptr [ebx+20], FE
:004118AF 5B
pop ebx
:004118B0 C3
ret
:004118B1 8D4000

|:00422775 , :0042DA0F
|
:004118B4 92
xchg eax,edx
:004118B5 E83EE4FFFF
call 0040FCF8
:004118BA C3
ret
:004118BB
:004118BC
:004118BD
:004118BF
:004118C2
90
92
8B08
FF510C
C3
:004118C3 90
nop
xchg eax,edx
call [ecx+0C]
ret
nop

|:00438E7E
|
:004118C4 55
push ebp
:004118C5
:004118C7
:004118CA
:004118CB
:004118CC
:004118CD
:004118CF
:004118D2
:004118D5
:004118D7
:004118D9
:004118DC
:004118DE
:004118DF
:004118E4
:004118E7
:004118EA
:004118EC
:004118EE
:004118F0
:004118F3
:004118F8
:004118FA
:004118FC
:004118FE
:00411900
:00411905
:00411907
:00411909
:0041190C
:00411910
:00411913
:00411914
:00411916
:00411919
:0041191E
:00411923
:00411926
:00411928
:0041192D
:00411932
8BEC
83C4F0
53
56
57
33DB
895DF0
894DFC
8BFA
8BD8
8B7508
33C0
55
6867194100
64FF30
648920
85FF
7449
8BD6
8B45FC
E8F45BFFFF
85C0
743B
8BD6
8BC3
E88B000000
85C0
742E
8975F4
C645F80B
8D45F4
50
6A00
8D55F0
A1082C4400
E80135FFFF
8B4DF0
B201
A13CB44000
E8766FFFFF
E87919FFFF
mov ebp, esp

add esp, FFFFFFF0
push ebx
push esi
push edi
xor ebx, ebx
mov edi, edx
mov ebx, eax
xor eax, eax
push ebp
push 00411967
test edi, edi
je 00411937
mov edx, esi
call 004074EC
test eax, eax
je 00411937
mov edx, esi
mov eax, ebx
call 00411990
test eax, eax
je 00411937
mov [ebp-08], 0B
push eax
push 00000000
call 00404E24
mov dl, 01
call 004088A8
call 004032B0

|:004118EC(C), :004118FA(C), :00411907(C)
|
:00411937 F6432010
test [ebx+20], 10
:0041193B 7414
je 00411951
:0041193D 837B0400
:00411941 740E
je 00411951
:00411943 56
push esi
:00411944 8B4DFC
:00411947 8BD7
mov edx, edi
:00411949 8B4304
:0041194C 8B18
:0041194E FF5320
call [ebx+20]
|:0041193B(C), :00411941(C)
|
:00411951 33C0
xor eax, eax
:00411953
:00411954
:00411955
:00411956
5A
59
59
648910
pop
pop
pop
mov
edx
ecx
ecx

|
:00411959 686E194100
push 0041196E
|:0041196C(U)
|
:0041195E 8D45F0
:00411961 E8521EFFFF
:00411966 C3
:00411967
:0041196C
:0041196E
:0041196F
:00411970
:00411971
:00411973
:00411974
E90C19FFFF
EBF0
5F
5E
5B
8BE5
5D
C20400
jmp
jmp
pop
pop
pop
mov
pop
ret
:00411977
:00411978
:00411979
:0041197A
:0041197C
:0041197E
:00411980
:00411984
:00411989
:0041198A
:0041198B
90
53
56
8BF0
8BC2
8BD6
66BBF5FF
E86B14FFFF
5E
5B
C3
nop
push ebx
push esi
mov esi, eax
mov eax, edx
mov edx, esi
mov bx, FFF5
call 00402DF4
pop esi
pop ebx
ret

call 004037B8
ret
00403278
0041195E
edi
esi
ebx
esp, ebp
ebp
0004
:0041198C C3
ret
:0041198D 8D4000

|:0040F0C3 , :0040F65E , :0041126D , :00411900 , :00427832
|
:00411990 53
push ebx
:00411991 56
push esi
:00411992 57
push edi
:00411993 55
push ebp
:00411994 51
push ecx
:00411995 891424
:00411998 8BF8
mov edi, eax
:0041199A 833C2400
:0041199E 7433
je 004119D3
:004119A0 837F1000
:004119A4 742D
je 004119D3
:004119A6 8B4710
:004119A9
:004119AC
:004119AD
:004119AF
:004119B1
:004119B2
8B5808
4B
85DB
7C22
43
33ED
|:004119D1(C)
|
:004119B4 8B4710
:004119B7 8BD5
:004119B9 E8BAB1FFFF
:004119BE 8BF0
:004119C0 8B1424
:004119C3 8B4608
:004119C6 E8215BFFFF
:004119CB 85C0
:004119CD 7406
:004119CF 45
:004119D0 4B
:004119D1 75E1

dec ebx
test ebx, ebx
jl 004119D3
inc ebx
xor ebp, ebp
mov edx, ebp
call 0040CB78
mov esi, eax
call 004074EC
test eax, eax
je 004119D5
inc ebp
dec ebx
jne 004119B4

|:0041199E(C), :004119A4(C), :004119AF(C)
|
:004119D3 33F6
xor esi, esi
|:004119CD(C)
|
:004119D5 8BC6
mov eax, esi
:004119D7 5A
pop edx
:004119D8 5D
pop ebp
:004119D9 5F
pop edi
:004119DA 5E
pop esi
:004119DB 5B
pop ebx
:004119DC C3
ret
:004119DD 8D4000

|:00422F8F , :0042E395
|
:004119E0 55
push ebp
:004119E1 8BEC
mov ebp, esp
:004119E3 83C4F4
add esp, FFFFFFF4
:004119E6 53
push ebx
:004119E7 56
push esi
:004119E8 57
push edi
:004119E9 33C9
xor ecx, ecx
:004119EB 894DF4
:004119EE 8BF2
mov esi, edx
:004119F0 8BD8
mov ebx, eax
:004119F2 33C0
xor eax, eax
:004119F4 55
push ebp
:004119F5 689B1A4100
push 00411A9B
:004119FA 64FF30
:004119FD 648920
:00411A00
:00411A03
:00411A05
:00411A0A
:00411A0C
:00411A0E
:00411A10
:00411A12
:00411A17
:00411A19
:00411A1B
:00411A1E
:00411A22
:00411A25
:00411A26
:00411A28
:00411A2B
:00411A30
:00411A35
:00411A38
:00411A3A
:00411A3F
:00411A44
8B4308
8BD6
E83A21FFFF
7479
85F6
7439
8BC6
E8B55BFFFF
84C0
752E
8975F8
C645FC0B
8D45F8
50
6A00
8D55F4
A1B42B4400
E8EF33FFFF
8B4DF4
B201
A13CB44000
E8646EFFFF
E86718FFFF
|:00411A0E(C), :00411A19(C)
|
:00411A49 8B4304
:00411A4C 85C0
:00411A4E 740D
:00411A50 56
:00411A51 8B4B08
:00411A54 8BD3
:00411A56 8B38
:00411A58 FF5720
:00411A5B EB0D

mov edx, esi
call 00403B44
je 00411A85
test esi, esi
je 00411A49
mov eax, esi
call 004075CC
test al, al
jne 00411A49
mov [ebp-04], 0B
push eax
push 00000000
mov eax, dword ptr [00442BB4]
call 00404E24
mov dl, 01
call 004088A8
call 004032B0
test eax, eax
je 00411A5D
push esi
mov edx, ebx
call [edi+20]
jmp 00411A6A

|:00411A4E(C)
|
:00411A5D 56
push esi
:00411A5E 8B4B08
:00411A61 33D2
xor edx, edx
:00411A63 8BC3
mov eax, ebx
:00411A65 8B38
:00411A67 FF5720
call [edi+20]
|:00411A5B(U)
|
:00411A6A 33D2
:00411A6C 8BC3
:00411A6E E85D010000
:00411A73 8BD6
:00411A75 8BC3
:00411A77 E830000000
:00411A7C B201
:00411A7E 8BC3
:00411A80 E84B010000

xor edx, edx
mov eax, ebx
call 00411BD0
mov edx, esi
mov eax, ebx
call 00411AAC
mov dl, 01
mov eax, ebx
call 00411BD0

|:00411A0A(C)
|
:00411A85 33C0
xor eax, eax
:00411A87 5A
pop edx
:00411A88 59
pop ecx
:00411A89 59
pop ecx
:00411A8A 648910
|
:00411A8D 68A21A4100
push 00411AA2
|:00411AA0(U)
|
:00411A92 8D45F4
:00411A95 E81E1DFFFF
:00411A9A C3
:00411A9B
:00411AA0
:00411AA2
:00411AA3
:00411AA4
:00411AA5
:00411AA7
:00411AA8
jmp
jmp
pop
pop
pop
mov
pop
ret
E9D817FFFF
EBF0
5F
5E
5B
8BE5
5D
C3
:00411AA9 8D4000

call 004037B8
ret
00403278
00411A92
edi
esi
ebx
esp, ebp
ebp

|:00411A77
|
:00411AAC 53
push ebx
:00411AAD 56
push esi
:00411AAE 8BF2
mov esi, edx
:00411AB0 8BD8
mov ebx, eax
:00411AB2 8D4308
:00411AB5 8BD6
mov edx, esi
:00411AB7 E8501DFFFF
call 0040380C
:00411ABC 5E
pop esi
:00411ABD 5B
pop ebx
:00411ABE C3
ret
:00411ABF 90
nop

|:00411BBB , :00438C0C , :00438CC2 , :0043960E
|
:00411AC0 55
push ebp
:00411AC1 8BEC
mov ebp, esp
:00411AC3 6A00
push 00000000
:00411AC5 53
push ebx
:00411AC6 56
push esi
:00411AC7 8BF2
mov esi, edx
:00411AC9 8BD8
mov ebx, eax
, :00439626
:00411ACB
:00411ACD
:00411ACE
:00411AD3
:00411AD6
:00411AD9
:00411ADD
:00411ADF
:00411AE2
:00411AE7
:00411AEC
:00411AEF
:00411AF1
:00411AF6
33C0
55
681D1B4100
64FF30
648920
837B1000
751C
8D55FC
A1882C4400
E83833FFFF
8B55FC
8BCE
A154B54000
E825B0FFFF
xor eax, eax

push ebp
push 00411B1D
jne 00411AFB
call 00404E24
mov ecx, esi
call 0040CB20
|:00411ADD(C)
|
:00411AFB 8BD6
:00411AFD 8B4310
:00411B00 E873B0FFFF
:00411B05 8BD8
:00411B07 33C0
:00411B09 5A
:00411B0A 59
:00411B0B 59
:00411B0C 648910
:00411B0F 68241B4100
|:00411B22(U)
|
:00411B14 8D45FC
:00411B17 E89C1CFFFF
:00411B1C C3
:00411B1D
:00411B22
:00411B24
:00411B26
:00411B27
:00411B28
:00411B29
:00411B2A
jmp
jmp
mov
pop
pop
pop
pop
ret
E95617FFFF
EBF0
8BC3
5E
5B
59
5D
C3
:00411B2B 90
mov edx, esi

call 0040CB78
mov ebx, eax
xor eax, eax
pop edx
pop ecx
pop ecx
push 00411B24

call 004037B8
ret
00403278
00411B14
eax, ebx
esi
ebx
ecx
ebp
nop

|:00411BA8 , :00438BF2 , :00438CAF , :004395FB
|
:00411B2C 8B5010
:00411B2F 85D2
test edx, edx
:00411B31 7404
je 00411B37
:00411B33 8B4208
:00411B36 C3
ret

|:00411B31(C)
|
:00411B37 33C0
xor eax, eax
:00411B39 C3
ret
:00411B3A 8BC0
mov eax, eax

|:00438CE7
|
:00411B3C 53
push ebx
:00411B3D 56
push esi
:00411B3E 57
push edi
:00411B3F 8BF2
mov esi, edx
:00411B41 8BD8
mov ebx, eax
:00411B43 8B4304
mov eax, dword
:00411B46 85C0
test eax, eax
:00411B48 743F
je 00411B89
:00411B4A 8B4010
mov eax, dword
:00411B4D 8BD3
mov edx, ebx
:00411B4F E8BCB0FFFF
call 0040CC10
:00411B54 85C0
test eax, eax
:00411B56 7C31
jl 00411B89
:00411B58 8B5304
mov edx, dword
:00411B5B 8B7A10
mov edi, dword
:00411B5E 8B5708
mov edx, dword
:00411B61 85F6
test esi, esi
:00411B63 7D02
jge 00411B67
:00411B65 33F6
xor esi, esi
ptr [ebx+04]
ptr [eax+10]
ptr [ebx+04]
ptr [edx+10]
ptr [edi+08]

|:00411B63(C)
|
:00411B67 3BD6
cmp edx, esi
:00411B69 7F03
jg 00411B6E
:00411B6B 8BF2
mov esi, edx
:00411B6D 4E
dec esi
|:00411B69(C)
|
:00411B6E 3BC6
:00411B70 7417
:00411B72 8BD7
:00411B74 92
:00411B75 E822AFFFFF
:00411B7A 8B4304
:00411B7D 8B4010
:00411B80 8BCB
:00411B82 8BD6
:00411B84 E8A7B0FFFF

cmp eax, esi
je 00411B89
mov edx, edi
xchg eax,edx
call 0040CA9C
mov ecx, ebx
mov edx, esi
call 0040CC30

|:00411B48(C), :00411B56(C), :00411B70(C)
|
:00411B89 5F
pop edi
:00411B8A 5E
pop esi
:00411B8B 5B
pop ebx
:00411B8C C3
ret
:00411B8D 8D4000

|:004116AF , :004116EC , :00411BC2
|
:00411B90 53
push ebx
:00411B91 56
push esi
:00411B92 57
push edi
:00411B93 55
push ebp
:00411B94 8BDA
mov ebx, edx
:00411B96 8BF8
mov edi, eax
:00411B98 84DB
test bl, bl
:00411B9A 7406
je 00411BA2
:00411B9C 804F2010
or byte ptr [edi+20], 10
:00411BA0 EB04
jmp 00411BA6
|:00411B9A(C)
|
:00411BA2 806720EF
and byte ptr [edi+20], EF
|:00411BA0(U)
|
:00411BA6 8BC7
:00411BA8 E87FFFFFFF
:00411BAD 8BE8
:00411BAF 4D
:00411BB0 85ED
:00411BB2 7C17
:00411BB4 45
:00411BB5 33F6
|:00411BC9(C)
|
:00411BB7 8BD6
:00411BB9 8BC7
:00411BBB E800FFFFFF
:00411BC0 8BD3
:00411BC2 E8C9FFFFFF
:00411BC7 46
:00411BC8 4D
:00411BC9 75EC
mov eax, edi

call 00411B2C
mov ebp, eax
dec ebp
test ebp, ebp
jl 00411BCB
inc ebp
xor esi, esi
mov edx, esi

mov eax, edi
call 00411AC0
mov edx, ebx
call 00411B90
inc esi
dec ebp
jne 00411BB7

|:00411BB2(C)
|
:00411BCB 5D
pop ebp
:00411BCC 5F
pop edi
:00411BCD 5E
pop esi
:00411BCE 5B
pop ebx
:00411BCF C3
ret
|:004116A0 , :004116DA
|
:00411BD0 53
:00411BD1 56
:00411BD2 57
:00411BD3 81C400FFFFFF
:00411BD9 8BDA
:00411BDB 8BF8
:00411BDD 8B7704
:00411BE0 85F6
:00411BE2 7428
:00411BE4 8BC4
:00411BE6 8B5708
:00411BE9 B9FF000000
:00411BEE E81D1EFFFF
:00411BF3 8BD4
:00411BF5 8BC6
:00411BF7 E8B812FFFF
:00411BFC 85C0
:00411BFE 740C
:00411C00 84DB
:00411C02 7404
:00411C04 8938
:00411C06 EB04
, :00411A6E
, :00411A80
push ebx
push esi
push edi
add esp, FFFFFF00
mov ebx, edx
mov edi, eax
test esi, esi
je 00411C0C
mov eax, esp
mov edx, dword ptr [edi+08]
mov ecx, 000000FF
call 00403A10
mov edx, esp
mov eax, esi
call 00402EB4
test eax, eax
je 00411C0C
test bl, bl
je 00411C08
mov dword ptr [eax], edi
jmp 00411C0C

|:00411C02(C)
|
:00411C08 33D2
xor edx, edx
:00411C0A 8910
|:00411BE2(C), :00411BFE(C), :00411C06(U)
|
:00411C0C 81C400010000
add esp, 00000100
:00411C12 5F
pop edi
:00411C13 5E
pop esi
:00411C14 5B
pop ebx
:00411C15 C3
ret
:00411C16
:00411C18
:00411C19
:00411C1A
:00411C1C
:00411C1E
:00411C20
:00411C22
:00411C24
:00411C27
:00411C29
:00411C2B
:00411C2D
:00411C2F
:00411C31
:00411C34
:00411C36
:00411C37
:00411C38
8BC0
53
56
8BF2
8BD8
8BD3
8BC6
8B08
FF5138
84C0
740E
8BD3
8BC6
8B08
FF5140
B001
5E
5B
C3
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, ebx
mov eax, esi
call [ecx+38]
test al, al
je 00411C39
mov edx, ebx
mov eax, esi
call [ecx+40]
mov al, 01
pop esi
pop ebx
ret

|:00411C29(C)
|
:00411C39 33C0
xor eax, eax
:00411C3B 5E
pop esi
:00411C3C 5B
pop ebx
:00411C3D C3
ret
:00411C3E
:00411C40
:00411C41
:00411C42
:00411C44
:00411C46
:00411C48
:00411C4A
:00411C4C
:00411C4F
:00411C51
:00411C53
:00411C55
:00411C57
:00411C59
:00411C5C
:00411C5E
:00411C5F
:00411C60
8BC0
53
56
8BF2
8BD8
8BD3
8BC6
8B08
FF5138
84C0
740E
8BD3
8BC6
8B08
FF513C
B001
5E
5B
C3
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, ebx
mov eax, esi
call [ecx+38]
test al, al
je 00411C61
mov edx, ebx
mov eax, esi
call [ecx+3C]
mov al, 01
pop esi
pop ebx
ret

|:00411C51(C)
|
:00411C61 33C0
xor eax, eax
:00411C63 5E
pop esi
:00411C64 5B
pop ebx
:00411C65 C3
ret
:00411C66
:00411C68
:00411C69
:00411C6D
:00411C6F
:00411C72
:00411C74
:00411C77
:00411C78
8BC0
53
83781C00
740A
8B401C
8B18
FF531C
5B
C3
mov eax, eax

push ebx
je 00411C79
call [ebx+1C]
pop ebx
ret

|:00411C6D(C)
|
:00411C79 E8AA11FFFF
call 00402E28
:00411C7E 5B
pop ebx
:00411C7F C3
ret
:00411C80
:00411C81
:00411C83
:00411C84
push ebp
mov ebp, esp
pop ebp
ret 0004
55
8BEC
5D
C20400
:00411C87 90
nop

|:0043C5F1
|
:00411C88 55
push ebp
:00411C89 8BEC
mov ebp, esp
:00411C8B 53
push ebx
:00411C8C 56
push esi
:00411C8D 57
push edi
:00411C8E 8B7D10
:00411C91 8B750C
:00411C94 8B5D08
:00411C97 837B1C00
:00411C9B 751A
jne 00411CB7
:00411C9D 8BCF
mov ecx, edi
:00411C9F 8BD6
mov edx, esi
:00411CA1 8BC3
mov eax, ebx
:00411CA3 E80C10FFFF
call 00402CB4
:00411CA8 84C0
test al, al
:00411CAA 7404
je 00411CB0
:00411CAC 33C0
xor eax, eax
:00411CAE EB11
jmp 00411CC1
|:00411CAA(C)
|
:00411CB0 B802400080
mov eax, 80004002
:00411CB5 EB0A
jmp 00411CC1
|:00411C9B(C)
|
:00411CB7 57
push edi
:00411CB8 56
push esi
:00411CB9 8B431C
:00411CBC 50
push eax
:00411CBD 8B00
:00411CBF FF10
call dword ptr [eax]
|:00411CAE(U), :00411CB5(U)
|
:00411CC1 5F
:00411CC2 5E
:00411CC3 5B
:00411CC4 5D
:00411CC5 C20C00
:00411CC8 53
push ebx
pop
pop
pop
pop
ret
edi
esi
ebx
ebp
000C
:00411CC9
:00411CCA
:00411CCB
:00411CCD
:00411CCF
:00411CD2
56
57
84D2
7408
83C4F0
E82D12FFFF
|:00411CCD(C)
|
:00411CD7 8BF1
:00411CD9 8BDA
:00411CDB 8BF8
:00411CDD 33D2
:00411CDF 8BC7
:00411CE1 E80A0FFFFF
:00411CE6 8BD6
:00411CE8 8BC7
:00411CEA 8B08
:00411CEC FF11
:00411CEE 8BC7
:00411CF0 84DB
:00411CF2 740F
:00411CF4 E86312FFFF
:00411CF9 648F0500000000
:00411D00 83C40C
push esi
push edi
test dl, dl
je 00411CD7
add esp, FFFFFFF0
call 00402F04
mov esi, ecx
mov ebx, edx
mov edi, eax
xor edx, edx
mov eax, edi
call 00402BF0
mov edx, esi
mov eax, edi
mov eax, edi
test bl, bl
je 00411D03
call 00402F5C
add esp, 0000000C

|:00411CF2(C)
|
:00411D03 8BC7
mov eax, edi
:00411D05 5F
pop edi
:00411D06 5E
pop esi
:00411D07 5B
pop ebx
:00411D08 C3
ret
:00411D09 8D4000
:00411D0C C3

ret
:00411D0D
:00411D10
:00411D11
:00411D12
:00411D17
:00411D19
:00411D1B
:00411D1E
:00411D20
:00411D22
:00411D24

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
test eax, eax
je 00411D29
mov edx, esi
call 00411EF8
8D4000
53
56
E84D12FFFF
8BDA
8BF0
8B460C
85C0
7407
8BD6
E8CF010000
|:00411D20(C)
|
:00411D29 8BD3
:00411D2B 80E2FC
:00411D2E 8BC6
:00411D30 E8DB0EFFFF

mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
:00411D35
:00411D37
:00411D39
:00411D3B
84DB
7E07
8BC6
E81412FFFF
test bl, bl
jle 00411D40
mov eax, esi
call 00402F54

|:00411D37(C)
|
:00411D40 5E
pop esi
:00411D41 5B
pop ebx
:00411D42 C3
ret
:00411D43
:00411D44
:00411D45
:00411D4A
:00411D4C
:00411D4E
:00411D51
:00411D54
90
53
6683780600
740B
8BD8
8B500C
8B4308
FF5304
nop
push ebx
je 00411D57
mov ebx, eax
call [ebx+04]

|:00411D4A(C)
|
:00411D57 5B
pop ebx
:00411D58 C3
ret
:00411D59
:00411D5C
:00411D5D
:00411D60
:00411D64
:00411D69
:00411D6A
8D4000
53
8B400C
66BBF0FF
E88B10FFFF
5B
C3

push ebx
mov bx, FFF0
call 00402DF4
pop ebx
ret
:00411D6B
:00411D6C
:00411D6D
:00411D6E
:00411D70
:00411D72
:00411D75
:00411D77
:00411D79
:00411D7B
:00411D7D
:00411D7F
90
53
56
8BF2
8BD8
8B430C
3BF0
741B
85C0
7407
8BD3
E874010000
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
cmp esi, eax
je 00411D94
test eax, eax
je 00411D84
mov edx, ebx
call 00411EF8
|:00411D7B(C)
|
:00411D84 89730C
:00411D87 85F6
:00411D89 7409
:00411D8B 8BD3
:00411D8D 8BC6
:00411D8F E858010000

test esi, esi
je 00411D94
mov edx, ebx
mov eax, esi
call 00411EEC
|:00411D77(C), :00411D89(C)
|
:00411D94 5E
:00411D95 5B
:00411D96 C3
:00411D97 90
nop
pop esi
pop ebx
ret

|:00422365 , :00430D5D
|
:00411D98 B001
mov al, 01
:00411D9A C3
ret
:00411D9B
:00411D9C
:00411D9D
:00411D9F
:00411DA0
90
55
8BEC
5D
C20800
nop
push ebp
mov ebp, esp
pop ebp
ret 0008
:00411DA3
:00411DA4
:00411DA7
:00411DA9
:00411DAC
90
8B400C
8B10
FF5244
C3
nop
call [edx+44]
ret
:00411DAD 8D4000

|:0042DF9E
|
:00411DB0 53
push ebx
:00411DB1 56
push esi
:00411DB2 84D2
test dl, dl
:00411DB4 7408
je 00411DBE
:00411DB6 83C4F0
add esp, FFFFFFF0
:00411DB9 E84611FFFF
call 00402F04
|:00411DB4(C)
|
:00411DBE 8BDA
:00411DC0 8BF0
:00411DC2 33D2
:00411DC4 8BC6
:00411DC6 E8F5F6FFFF
:00411DCB B201
:00411DCD A154B54000
:00411DD2 E8190EFFFF
:00411DD7 89463C
:00411DDA 8BC6
:00411DDC 84DB
:00411DDE 740F
:00411DE0 E87711FFFF

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 004114C0
mov dl, 01
call 00402BF0
mov eax, esi
test bl, bl
je 00411DEF
call 00402F5C
:00411DE5 648F0500000000
:00411DEC 83C40C

add esp, 0000000C

|:00411DDE(C)
|
:00411DEF 8BC6
mov eax, esi
:00411DF1 5E
pop esi
:00411DF2 5B
pop ebx
:00411DF3 C3
ret

|:0042D9B4
|
:00411DF4 53
push ebx
:00411DF5 56
push esi
:00411DF6 57
push edi
:00411DF7 E86811FFFF
call 00402F64
:00411DFC 8BDA
mov ebx, edx
:00411DFE 8BF8
mov edi, eax
:00411E00 8BD3
mov edx, ebx
:00411E02 80E2FC
and dl, FC
:00411E05 8BC7
mov eax, edi
:00411E07 E800F7FFFF
call 0041150C
:00411E0C EB10
jmp 00411E1E
|:00411E25(C)
|
:00411E0E 8BC6
:00411E10 E8BBAEFFFF
:00411E15 8BD0
:00411E17 8BC7
:00411E19 E8DA000000
|:00411E0C(U)
|
:00411E1E 8B773C
:00411E21 837E0800
:00411E25 7FE7
:00411E27 8B473C
:00411E2A E8F10DFFFF
:00411E2F 84DB
:00411E31 7E07
:00411E33 8BC7
:00411E35 E81A11FFFF
mov eax, esi

call 0040CCD0
mov edx, eax
mov eax, edi
call 00411EF8
mov esi, dword ptr [edi+3C]

cmp dword ptr [esi+08], 00000000
jg 00411E0E
call 00402C20
test bl, bl
jle 00411E3A
mov eax, edi
call 00402F54

|:00411E31(C)
|
:00411E3A 5F
pop edi
:00411E3B 5E
pop esi
:00411E3C 5B
pop ebx
:00411E3D C3
ret
:00411E3E 8BC0
mov eax, eax
:00411E40 33C0
:00411E42 C3
xor eax, eax

ret
:00411E43 90
:00411E44 C3
nop
ret
:00411E45 8D4000
:00411E48 C3

ret
:00411E49 8D4000

|:0042DB31
|
:00411E4C 53
push ebx
:00411E4D 6683782E00
:00411E52 740E
je 00411E62
:00411E54 8BD8
mov ebx, eax
:00411E56 8BD0
mov edx, eax
:00411E58 8B4330
:00411E5B FF532C
call [ebx+2C]
:00411E5E B001
mov al, 01
:00411E60 5B
pop ebx
:00411E61 C3
ret

|:00411E52(C)
|
:00411E62 33C0
xor eax, eax
:00411E64 5B
pop ebx
:00411E65 C3
ret
:00411E66 8BC0
mov eax, eax

|:0042DB89
|
:00411E68 53
push ebx
:00411E69 6683783600
:00411E6E 740E
je 00411E7E
:00411E70 8BD8
mov ebx, eax
:00411E72 8BD0
mov edx, eax
:00411E74 8B4338
:00411E77 FF5334
call [ebx+34]
:00411E7A B001
mov al, 01
:00411E7C 5B
pop ebx
:00411E7D C3
ret

|:00411E6E(C)
|
:00411E7E 33C0
xor eax, eax
:00411E80 5B
:00411E81 C3
pop ebx
ret
:00411E82
:00411E84
:00411E85
:00411E87
:00411E88
:00411E89
:00411E8A
:00411E8C
:00411E8F
:00411E92
:00411E94
:00411E97
:00411E9A
:00411E9B
:00411E9D
:00411E9F
:00411EA0
mov eax, eax

push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, eax
mov eax, dword
cmp eax, dword
je 00411ECE
mov eax, dword
mov esi, dword
dec esi
test esi, esi
jl 00411EBB
inc esi
xor edi, edi
8BC0
55
8BEC
53
56
57
8BD8
8B4508
3B432C
743A
8B433C
8B7008
4E
85F6
7C1C
46
33FF
|:00411EB9(C)
|
:00411EA2 FF750C
:00411EA5 FF7508
:00411EA8 8BD7
:00411EAA 8B433C
:00411EAD E8C6ACFFFF
:00411EB2 8B10
:00411EB4 FF5210
:00411EB7 47
:00411EB8 4E
:00411EB9 75E7
ptr [ebp+08]
ptr [ebx+2C]
ptr [ebx+3C]
ptr [eax+08]

push [ebp+0C]
push [ebp+08]
mov edx, edi
call 0040CB78
call [edx+10]
inc edi
dec esi
jne 00411EA2

|:00411E9D(C)
|
:00411EBB 8B4508
:00411EBE 89432C
:00411EC1 8B450C
:00411EC4 894330
:00411EC7 8BC3
mov eax, ebx
:00411EC9 8B10
:00411ECB FF5230
call [edx+30]
|:00411E92(C)
|
:00411ECE 5F
pop edi
:00411ECF 5E
pop esi
:00411ED0 5B
pop ebx
:00411ED1 5D
pop ebp
:00411ED2 C20800
ret 0008
:00411ED5 8D4000
:00411ED8 53
:00411ED9 6683782600

push ebx
:00411EDE
:00411EE0
:00411EE2
:00411EE4
:00411EE7
740A
8BD8
8BD0
8B4328
FF5324
je 00411EEA
mov ebx, eax
mov edx, eax
call [ebx+24]

|:00411EDE(C)
|
:00411EEA 5B
pop ebx
:00411EEB C3
ret

|:00411D8F
|
:00411EEC 89420C
:00411EEF 8B403C
:00411EF2 E869ABFFFF
call 0040CA60
:00411EF7 C3
ret

|:00411D24 , :00411D7F , :00411E19
|
:00411EF8 53
push ebx
:00411EF9 56
push esi
:00411EFA 57
push edi
:00411EFB 55
push ebp
:00411EFC 8BEA
mov ebp, edx
:00411EFE 8BF8
mov edi, eax
:00411F00 8B473C
:00411F03 8B7008
:00411F06 4E
dec esi
:00411F07 85F6
test esi, esi
:00411F09 7C26
jl 00411F31
:00411F0B 46
inc esi
:00411F0C 33DB
xor ebx, ebx
|:00411F2F(C)
|
:00411F0E 8B473C
:00411F11 8BD3
:00411F13 E860ACFFFF
:00411F18 3BE8
:00411F1A 7511
:00411F1C 33C0
:00411F1E 89450C
:00411F21 8B473C
:00411F24 8BD3
:00411F26 E871ABFFFF
:00411F2B EB04

mov edx, ebx
call 0040CB78
cmp ebp, eax
jne 00411F2D
xor eax, eax
mov dword ptr [ebp+0C], eax
mov edx, ebx
call 0040CA9C
jmp 00411F31

|:00411F1A(C)
|
:00411F2D 43
inc ebx
:00411F2E 4E
:00411F2F 75DD
dec esi
jne 00411F0E
|:00411F09(C), :00411F2B(U)
|
:00411F31 5D
:00411F32 5F
:00411F33 5E
:00411F34 5B
:00411F35 C3
:00411F36 8BC0
mov eax, eax
pop
pop
pop
pop
ret
ebp
edi
esi
ebx

|:0042F6DF
|
:00411F38 55
push ebp
:00411F39 8BEC
mov ebp, esp
:00411F3B 53
push ebx
:00411F3C 56
push esi
:00411F3D 57
push edi
:00411F3E 84D2
test dl, dl
:00411F40 7408
je 00411F4A
:00411F42 83C4F0
add esp, FFFFFFF0
:00411F45 E8BA0FFFFF
call 00402F04
|:00411F40(C)
|
:00411F4A 8BF1
:00411F4C 8BDA
:00411F4E 8BF8
:00411F50 33D2
:00411F52 8BC7
:00411F54 E8970CFFFF
:00411F59 89770C
:00411F5C 8A4508
:00411F5F 884710
:00411F62 8BC7
:00411F64 84DB
:00411F66 740F
:00411F68 E8EF0FFFFF
:00411F6D 648F0500000000
:00411F74 83C40C

mov esi, ecx
mov ebx, edx
mov edi, eax
xor edx, edx
mov eax, edi
call 00402BF0
mov al, byte ptr [ebp+08]
mov eax, edi
test bl, bl
je 00411F77
call 00402F5C
add esp, 0000000C

|:00411F66(C)
|
:00411F77 8BC7
mov eax, edi
:00411F79 5F
pop edi
:00411F7A 5E
pop esi
:00411F7B 5B
pop ebx
:00411F7C 5D
pop ebp
:00411F7D C20400
ret 0004
:00411F80 53
:00411F81 56
push ebx
push esi
:00411F82
:00411F87
:00411F89
:00411F8B
:00411F8F
:00411F91
:00411F94
:00411F99
:00411F9B
E8DD0FFFFF
8BDA
8BF0
807E1001
750D
8B460C
E8870CFFFF
33C0
89460C
|:00411F8F(C)
|
:00411F9E 8BD3
:00411FA0 80E2FC
:00411FA3 8BC6
:00411FA5 E8660CFFFF
:00411FAA 84DB
:00411FAC 7E07
:00411FAE 8BC6
:00411FB0 E89F0FFFFF
call 00402F64
mov ebx, edx
mov esi, eax
jne 00411F9E
call 00402C20
xor eax, eax
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 00411FB5
mov eax, esi
call 00402F54

|:00411FAC(C)
|
:00411FB5 5E
pop esi
:00411FB6 5B
pop ebx
:00411FB7 C3
ret
:00411FB8
:00411FB9
:00411FBB
:00411FBC
:00411FBD
:00411FBE
:00411FC1
:00411FC4
:00411FC6
:00411FC7
:00411FCC
:00411FCF
:00411FD2
:00411FD4
:00411FD6
:00411FDB
:00411FDD
:00411FDE
:00411FDF
:00411FE0
:00411FE3
55
8BEC
53
56
57
8B550C
8B4508
33C9
55
6807204100
64FF31
648921
85D2
750F
BB09000380
33C0
5A
59
59
648910
EB31
|:00411FD4(C)
|
:00411FE5 8B400C
:00411FE8 8B4D10
:00411FEB 8B18
:00411FED FF5304
:00411FF0 837D1400
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor ecx, ecx
push ebp
push 00412007
test edx, edx
jne 00411FE5
mov ebx, 80030009
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00412016
call [ebx+04]
cmp dword ptr [ebp+14], 00000000
:00411FF4 7405
:00411FF6 8B5514
:00411FF9 8902
je 00411FFB
|:00411FF4(C)
|
:00411FFB 33DB
:00411FFD 33C0
:00411FFF 5A
:00412000 59
:00412001 59
:00412002 648910
:00412005 EB0F
:00412007 E96410FFFF
:0041200C BB01000000
:00412011 E80A13FFFF
|:00411FE3(U), :00412005(U)
|
:00412016 8BC3
:00412018 5F
:00412019 5E
:0041201A 5B
:0041201B 5D
:0041201C C21000
:0041201F
:00412020
:00412021
:00412023
:00412024
:00412025
:00412026
:00412029
:0041202C
:0041202E
:0041202F
:00412034
:00412037
:0041203A
:0041203C
:0041203E
:00412043
:00412045
:00412046
:00412047
:00412048
:0041204B
nop
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor ecx, ecx
push ebp
push 0041206F
test edx, edx
jne 0041204D
mov ebx, 80030009
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0041207E
90
55
8BEC
53
56
57
8B550C
8B4508
33C9
55
686F204100
64FF31
648921
85D2
750F
BB09000380
33C0
5A
59
59
648910
EB31
|:0041203C(C)
|
:0041204D 8B400C
:00412050 8B4D10
:00412053 8B18
:00412055 FF5308
:00412058 837D1400
xor ebx, ebx

xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00412016
jmp 00403070
mov ebx, 00000001
call 00403320
mov
pop
pop
pop
pop
ret
eax, ebx
edi
esi
ebx
ebp
0010

call [ebx+08]
:0041205C 7405
:0041205E 8B5514
:00412061 8902
je 00412063
|:0041205C(C)
|
:00412063 33DB
:00412065 33C0
:00412067 5A
:00412068 59
:00412069 59
:0041206A 648910
:0041206D EB0F
:0041206F E9FC0FFFFF
:00412074 BB03010380
:00412079 E8A212FFFF
|:0041204B(U), :0041206D(U)
|
:0041207E 8BC3
:00412080 5F
:00412081 5E
:00412082 5B
:00412083 5D
:00412084 C21000
:00412087
:00412088
:00412089
:0041208B
:0041208C
:0041208D
:0041208E
:00412091
:00412094
:00412096
:00412097
:0041209C
:0041209F
:004120A2
:004120A4
:004120A6
:004120A9
nop
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor eax, eax
push ebp
push 004120E7
test ecx, ecx
jl 004120AB
cmp ecx, 00000002
jle 004120BA
90
55
8BEC
53
56
57
8B4D14
8B5D08
33C0
55
68E7204100
64FF30
648920
85C9
7C05
83F902
7E0F
|:004120A4(C)
|
:004120AB BB01000380
:004120B0 33C0
:004120B2 5A
:004120B3 59
:004120B4 59
:004120B5 648910
:004120B8 EB3C
xor ebx, ebx

xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0041207E
jmp 00403070
mov ebx, 80030103
call 00403320
mov
pop
pop
pop
pop
ret
eax, ebx
edi
esi
ebx
ebp
0010

mov
xor
pop
pop
pop
mov
jmp
ebx, 80030001
eax, eax
edx
ecx
ecx
004120F6

|:004120A9(C)
|
:004120BA
:004120BD
:004120BF
:004120C2
:004120C4
:004120C7
:004120C9
:004120CC
:004120CE
:004120D0
:004120D2
:004120D3
:004120D6
:004120D8
8B450C
8BD0
8B430C
8B18
FF530C
8BC8
8B4518
85C0
740B
8BC1
99
8B4D18
8901
895104

mov edx, eax
call [ebx+0C]
mov ecx, eax
test eax, eax
je 004120DB
mov eax, ecx
cdq
|:004120CE(C)
|
:004120DB 33DB
:004120DD 33C0
:004120DF 5A
:004120E0 59
:004120E1 59
:004120E2 648910
:004120E5 EB0F
:004120E7 E9840FFFFF
:004120EC BB09000380
:004120F1 E82A12FFFF
|:004120B8(U), :004120E5(U)
|
:004120F6 8BC3
:004120F8 5F
:004120F9 5E
:004120FA 5B
:004120FB 5D
:004120FC C21400
:004120FF
:00412100
:00412101
:00412103
:00412104
:00412105
:00412106
:00412109
:0041210B
:0041210C
:00412111
:00412114
:00412117
:0041211A
:0041211C
:0041211F
:00412121
:00412123
:00412126
nop
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor eax, eax
push ebp
push 00412149
mov edx, eax
call 0040E758
90
55
8BEC
53
56
57
8B5D08
33C0
55
6849214100
64FF30
648920
8B450C
8BD0
8B430C
8B08
FF11
8B430C
E82DC6FFFF
xor ebx, ebx

xor eax, eax
pop edx
pop ecx
pop ecx
jmp 004120F6
jmp 00403070
mov ebx, 80030009
call 00403320
mov
pop
pop
pop
pop
ret
eax, ebx
edi
esi
ebx
ebp
0014
:0041212B
:0041212C
:0041212F
:00412131
99
3B5510
7503
3B450C
|:0041212F(C)
|
:00412134 7407
:00412136 BB05400080
:0041213B EB02
cdq
cmp edx, dword ptr [ebp+10]
jne 00412134
je 0041213D
mov ebx, 80004005
jmp 0041213F

|:00412134(C)
|
:0041213D 33DB
xor ebx, ebx
|:0041213B(U)
|
:0041213F 33C0
:00412141 5A
:00412142 59
:00412143 59
:00412144 648910
:00412147 EB0F
:00412149 E9220FFFFF
:0041214E BBFFFF0080
:00412153 E8C811FFFF

xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00412158
jmp 00403070
mov ebx, 8000FFFF
call 00403320

|:00412147(U)
|
:00412158 8BC3
mov eax, ebx
:0041215A 5F
pop edi
:0041215B 5E
pop esi
:0041215C 5B
pop ebx
:0041215D 5D
pop ebp
:0041215E C20C00
ret 000C
:00412161
:00412164
:00412165
:00412167
:0041216A
:0041216B
:0041216C
:0041216D
:00412170
:00412173
:00412176
:0041217B
:0041217D
:0041217E
:00412183
:00412186
:00412189
:0041218B
:0041218C
8D4000
55
8BEC
83C4F0
53
56
57
8B5D18
8B7508
8B450C
E8352DFFFF
33C0
55
6854224100
64FF30
648920
33C0
55
682D224100

push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi
call 00404EB0
xor eax, eax
push ebp
push 00412254
xor eax, eax
push ebp
push 0041222D
:00412191
:00412194
:00412197
:0041219A
:0041219D
:004121A0
:004121A5
:004121A8
:004121AA
:004121AB
:004121B0
:004121B3
:004121B6
:004121B9
:004121BC
:004121BF
:004121C1
:004121C4
:004121C6
:004121C8
:004121CA
:004121CC
:004121CD
:004121CF
64FF30
648920
8B4510
8945F4
8B45F4
E8EF04FFFF
8945F8
33C0
55
6803224100
64FF30
648920
8B55F8
8B460C
8B4DF4
8B30
FF5604
8BC8
85DB
7408
8BC1
99
8903
895304

call 00402694
xor eax, eax
push ebp
push 00412203
call [esi+04]
mov ecx, eax
test ebx, ebx
je 004121D2
mov eax, ecx
cdq
|:004121C8(C)
|
:004121D2 8D45F0
:004121D5 50
:004121D6 8B45F4
:004121D9 50
:004121DA 8B45F8
:004121DD 50
:004121DE 8B450C
:004121E1 50
:004121E2 8B00
:004121E4 FF5010
:004121E7 8945FC
:004121EA 33C0
:004121EC 5A
:004121ED 59
:004121EE 59
:004121EF 648910
:004121F2 680A224100
|:00412208(U)
|
:004121F7 8B55F4
:004121FA 8B45F8
:004121FD E8AA04FFFF
:00412202 C3
:00412203
:00412208
:0041220A
:0041220E
:00412210
jmp
jmp
cmp
jne
mov
E97010FFFF
EBED
837DFC00
7513
8B451C

push eax
push eax
push eax
push eax
call [eax+10]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041220A

call 004026AC
ret
00403278
004121F7
dword ptr [ebp-04], 00000000
00412223
eax, dword ptr [ebp+1C]
:00412213
:00412215
:00412217
:0041221A
:0041221B
:0041221E
:00412220
85C0
740C
8B45F0
99
8B4D1C
8901
895104
test eax, eax

je 00412223
cdq
|:0041220E(C), :00412215(C)
|
:00412223 33C0
:00412225 5A
:00412226 59
:00412227 59
:00412228 648910
:0041222B EB11
:0041222D E93E0EFFFF
:00412232 C745FCFFFF0080
:00412239 E8E210FFFF
|:0041222B(U)
|
:0041223E 33C0
:00412240 5A
:00412241 59
:00412242 59
:00412243 648910
:00412246 685B224100
|:00412259(U)
|
:0041224B 8D450C
:0041224E E8292CFFFF
:00412253 C3
:00412254
:00412259
:0041225B
:0041225E
:0041225F
:00412260
:00412261
:00412263
:00412264
E91F10FFFF
EBF0
8B45FC
5F
5E
5B
8BE5
5D
C21800
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
:00412267
:00412268
:00412269
:0041226B
:0041226D
:0041226E
90
55
8BEC
33C0
5D
C20800
nop
push ebp
mov ebp, esp
xor eax, eax
pop ebp
ret 0008
:00412271 8D4000
:00412274 55
xor eax, eax

pop edx
pop ecx
pop ecx
jmp 0041223E
jmp 00403070
mov [ebp-04], 8000FFFF
call 00403320
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041225B
lea eax, dword ptr [ebp+0C]

call 00404E7C
ret
00403278
0041224B
edi
esi
ebx
esp, ebp
ebp
0018

push ebp
:00412275
:00412277
:0041227C
:0041227D
8BEC
B802010380
5D
C20400
mov
mov
pop
ret
ebp, esp
eax, 80030102
ebp
0004
:00412280
:00412281
:00412283
:00412288
:00412289
55
8BEC
B801000380
5D
C21800
push ebp
mov ebp, esp
mov eax, 80030001
pop ebp
ret 0018
:0041228C
:0041228D
:0041228F
:00412294
:00412295
55
8BEC
B801000380
5D
C21800
push ebp
mov ebp, esp
mov eax, 80030001
pop ebp
ret 0018
:00412298
:00412299
:0041229B
:0041229C
:0041229D
:0041229E
:004122A1
:004122A4
:004122A6
:004122A8
:004122A9
:004122AE
:004122B1
:004122B4
:004122B6
:004122B8
:004122BF
:004122C2
:004122C7
:004122C8
:004122CB
:004122CE
:004122D0
:004122D3
:004122D5
:004122D8
:004122DA
:004122DD
:004122DF
:004122E2
:004122E4
:004122E7
:004122E9
:004122EC
55
8BEC
53
56
57
8B5D0C
8B7D08
33F6
33C0
55
68FD224100
64FF30
648920
85DB
743B
C7430402000000
8B470C
E891C4FFFF
99
894308
89530C
33C0
894310
33C0
894314
33C0
894318
33C0
89431C
33C0
894320
33C0
894324
C7432C01000000
push ebp
mov ebp, esp
push ebx
push esi
push edi
xor esi, esi
xor eax, eax
push ebp
push 004122FD
test ebx, ebx
je 004122F3
mov [ebx+04], 00000002
call 0040E758
cdq
xor eax, eax
xor eax, eax
xor eax, eax
xor eax, eax
xor eax, eax
xor eax, eax
mov [ebx+2C], 00000001

|:004122B6(C)
|
:004122F3 33C0
xor eax, eax
:004122F5 5A
pop edx
:004122F6
:004122F7
:004122F8
:004122FB
:004122FD
:00412302
:00412307
59
59
648910
EB0F
E96E0DFFFF
BEFFFF0080
E81410FFFF
pop ecx
pop ecx
jmp 0041230C
jmp 00403070
mov esi, 8000FFFF
call 00403320

|:004122FB(U)
|
:0041230C 8BC6
mov eax, esi
:0041230E 5F
pop edi
:0041230F 5E
pop esi
:00412310 5B
pop ebx
:00412311 5D
pop ebp
:00412312 C20C00
ret 000C
:00412315
:00412318
:00412319
:0041231B
:0041231E
:00412320
:00412322
:00412324
8D4000
55
8BEC
8B450C
85C0
7404
33D2
8910

push ebp
mov ebp, esp
test eax, eax
je 00412326
xor edx, edx
|:00412320(C)
|
:00412326 B801400080
:0041232B 5D
:0041232C C20800
:0041232F 90
nop
mov eax, 80004001

pop ebp
ret 0008

|:004123D3
|
:00412330 55
push ebp
:00412331 8BEC
mov ebp, esp
:00412333 53
push ebx
:00412334 56
push esi
:00412335 57
push edi
:00412336 A124364400
:0041233B E854ACFFFF
call 0040CF94
:00412340 8BF8
mov edi, eax
:00412342 33C0
xor eax, eax
:00412344 55
push ebp
:00412345 6885234100
push 00412385
:0041234A 64FF30
:0041234D 648920
:00412350 8B5F08
:00412353 4B
dec ebx
:00412354 85DB
test ebx, ebx
:00412356 7C15
jl 0041236D
:00412358 43
inc ebx
:00412359 33F6
xor esi, esi
|:0041236B(C)
|
:0041235B 8BD6
:0041235D 8BC7
:0041235F E814A8FFFF
:00412364 E8B708FFFF
:00412369 46
:0041236A 4B
:0041236B 75EE
|:00412356(C)
|
:0041236D 33C0
:0041236F 5A
:00412370 59
:00412371 59
:00412372 648910
:00412375 688C234100
|:0041238A(U)
|
:0041237A A124364400
:0041237F E874ACFFFF
:00412384 C3
:00412385
:0041238A
:0041238C
:00412391
:00412396
:00412397
:00412398
:00412399
:0041239A
jmp 00403278
jmp 0041237A
call 00402C20
pop edi
pop esi
pop ebx
pop ebp
ret
E9EE0EFFFF
EBEE
A124364400
E88A08FFFF
5F
5E
5B
5D
C3
mov edx, esi

mov eax, edi
call 0040CB78
call 00402C20
inc esi
dec ebx
jne 0041235B
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041238C

call 0040CFF8
ret
:0041239B 90
:0041239C E8B3A1FFFF
:004123A1 C3
nop
call 0040C554
ret
:004123A2
:004123A4
:004123A5
:004123A7
:004123A9
:004123AA
:004123AF
:004123B2
:004123B5
:004123BB
:004123BD
:004123C2
:004123C4
:004123C9
mov eax, eax

push ebp
mov ebp, esp
xor eax, eax
push ebp
push 00412444
jne 00412436
call 0040C554
8BC0
55
8BEC
33C0
55
6844244100
64FF30
648920
FF0518364400
7579
A1E02B4400
8B00
E88BA1FFFF
A110364400
:004123CE
:004123D3
:004123D8
:004123DD
:004123E2
:004123E7
:004123EC
:004123EE
:004123F0
:004123F5
:004123FA
:004123FF
:00412401
:00412406
:0041240B
:00412411
:00412416
:0041241B
:00412420
:00412425
:00412427
:0041242C
:00412431
E84175FFFF
E858FFFFFF
A11C364400
E83E08FFFF
A120364400
E83408FFFF
33D2
33C0
E8F3CDFFFF
A128364400
E82108FFFF
33C0
A328364400
E80937FFFF
8B800C000000
E80A08FFFF
E889F0FFFF
A110364400
E8FB07FFFF
33C0
A310364400
B89C234100
E8B228FFFF
call 00409914
call 00412330
call 00402C20
call 00402C20
xor edx, edx
xor eax, eax
call 0040F1E8
call 00402C20
xor eax, eax
call 00405B14
call 00402C20
call 004114A4
call 00402C20
xor eax, eax
mov eax, 0041239C
call 00404CE8
|:004123BB(C)
|
:00412436 33C0
:00412438 5A
:00412439 59
:0041243A 59
:0041243B 648910
:0041243E 684B244100
|:00412449(U)
|
:00412443 C3
:00412444 E92F0EFFFF
:00412449 EBF8
:0041244B 5D
:0041244C C3
:0041244D
:00412450
:00412457
:00412459
:0041245E
:00412463
:00412465
:0041246A
:0041246F
:00412474
:00412476
:0041247B
:00412480
:00412485
:00412487
:0041248C

sub dword ptr [00443618], 00000001
jnb 004124B8
mov eax, 0041239C
call 00404CC8
mov dl, 01
call 00409830
mov dl, 01
call 0040CE68
mov dl, 01
call 00402BF0
8D4000
832D1836440001
735F
B89C234100
E86528FFFF
B201
A1A0734000
E8C173FFFF
A310364400
B201
A1B8B54000
E8E8A9FFFF
A31C364400
B201
A154B84000
E85F07FFFF
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041244B
ret
jmp 00403278
jmp 00412443
pop ebp
ret
:00412491
:00412496
:00412498
:0041249D
:004124A2
:004124A7
:004124A9
:004124AE
:004124B3
A320364400
B201
A1B8B54000
E8C6A9FFFF
A324364400
B201
A1B8B54000
E8B5A9FFFF
A328364400

mov dl, 01
call 0040CE68
mov dl, 01
call 0040CE68
|:00412457(C)
|
:004124B8 C3
:004124B9 8D4000
:004124BC C0244100
:004124C0 0106
:004124C2 54
:004124C3 43
:004124C4 6F
:004124C5 6C
:004124C6 6F
:004124C7 7204
:004124C9 000000
:004124CC
:004124CF
:004124D0
:004124D2
:004124D3
:004124D5
:004124DA
:004124E4
:004124EE
80FFFF
FF
7F8D
40
0020
2541000000
00000000000000000000
00000000000000000000
000000000000
cmp bh, FF
BYTE 0ffh
jg 0041245F
inc eax
and eax, 00000041
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 6 DUP(0)
:004124F4
:004124FA
:004124FC
:004124FF
:00412501
202541000C00
0000
846940
0028
2E
and byte ptr [000C0041], ah

BYTE 02eh
:00412502
:00412503
:00412506
:00412507
:00412509
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0041250A
:0041250B
:0041250E
:0041250F
:00412511
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00412512 40
:00412513 00B42B4000C82B
ret
shl byte ptr [ecx+2*eax], 00
add dword ptr [esi], eax
push esp
inc ebx
outsd
insb
outsd
jb 004124CD
BYTE 3 DUP(0)
inc eax
:0041251A
:0041251B
:0041251D
:0041251F
:00412521
:00412522
:00412523
:00412524
:00412526
:00412527
:0041252F
:00412533
:0041253D
:00412547
40
0010
2C40
000F
45
49
6E
7661
6C
6964477261706869
637C2541
00000000000000000000
00000000000000000000
000000000000000000
inc eax
sub al, 40
inc ebp
dec ecx
outsb
jbe 00412587
insb
imul esp, dword ptr [edi+2*eax+72], 69687061
arpl dword ptr [ebp+41], edi
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00412550
:00412552
:00412553
:00412556
:00412558
:0041255B
:0041255D
7C25
41
000C00
0000
846940
0028
2E
jl 00412577
inc ecx
BYTE 02eh
:0041255E
:0041255F
:00412562
:00412563
:00412565
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00412566
:00412567
:0041256A
:0041256B
:0041256D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041256E 40
:0041256F 00B42B4000C82B
:00412576 40
inc eax
inc eax
|:00412550(C)
|
:00412577 0010
:00412579 2C40
:0041257B 0018
:0041257D 45
:0041257E 49
:0041257F 6E
:00412580 7661
:00412582 6C
:00412583 6964477261706869
:0041258B 634F70
:0041258E 65
:0041258F 7261
jb 004125F2

sub al, 40
inc ebp
dec ecx
outsb
jbe 004125E3
insb
imul esp, dword ptr [edi+2*eax+72], 69687061
arpl dword ptr [edi+70], ecx
BYTE 065h
:00412591
:00412593
:00412594
:00412595
:00412598
:00412599
:0041259E
:0041259F
:004125A0
:004125A1
:004125A2
:004125A4
:004125AC
:004125AE
7469
6F
6E
8D4000
9C
254100030A
54
46
6F
6E
7450
6974636801000000
0002
000000
je 004125FC
outsd
outsb
pushfd
and eax, 0A030041
push esp
inc esi
outsd
outsb
je 004125F4
imul esi, dword ptr [ebx+68], 00000001
BYTE 3 DUP(0)
:004125B1
:004125B2
:004125B7
:004125B9
:004125BC
:004125BE
:004125C0
:004125C3
:004125C4
:004125C6
:004125C7
:004125CB
:004125CE
:004125D5
:004125DA
:004125DB
:004125DC
:004125DD
:004125DE
:004125E0
:004125E1
:004125E2
98
2541000966
7044
656661
756C
740A
667056
61
7269
61
626C6507
667046
697865648BC0D8
2541000A09
54
46
6F
6E
744E
61
6D
65
cwde
and eax, 66090041
jo 004125FD
popa
jne 0041262A
je 004125CA
jo 00412619
popad
jb 0041262F
popad
bound ebp, dword ptr [ebp+07]
jo 00412614
imul edi, dword ptr [eax+65], D8C08B64
and eax, 090A0041
push esp
inc esi
outsd
outsb
je 0041262E
popad
insd
BYTE 065h
|:00412580(C)
|
:004125E3 90
:004125E4 E825410001
:004125E9 0C54
:004125EB 46
:004125EC 6F
:004125ED 6E
:004125EE 7443
:004125F0 6861727365
:004125F5 7401
:004125F7 00000000
:004125FB FF00
inc dword ptr [eax]
nop
call 0141670E
or al, 54
inc esi
outsd
outsb
je 00412633
push 65737261
je 004125F8
BYTE 4 DUP(0)

|:004125B7(C)
|
:004125FD
:004125FF
:00412600
:00412602
:00412603
:00412605
:00412609
:0041260A
:0041260C
:0041260E
:0041260F
:00412612
0000
90
0426
41
0003
0A54466F
6E
7453
7479
6C
650100
000000

nop
add al, 26
inc ecx
or dl, byte ptr [esi+2*eax+6F]
outsb
je 0041265F
je 00412687
insb
BYTE 3 DUP(0)
:00412615 0300
:00412617 000000

BYTE 3 DUP(0)
:0041261A 26
BYTE 026h
:0041261B
:0041261C
:0041261E
:00412621
:00412622
:00412623
:00412627
:00412628
inc ecx
add byte ptr [esi], al
jnb 00412663
outsd
insb
or byte ptr fs:[esi+73], ah
dec ecx
je 0041268B
41
0006
667342
6F
6C
64086673
49
7461
|:004125BC(C)
|
:0041262A 6C
:0041262B 69630B6673556E
:00412632 64
|:004125EE(C)
|
:00412633 65
:00412634 726C
:00412636 696E650B667353
:0041263D 7472
:0041263F 696B654F75748D
:00412646 40
:00412647 004C2641
:0041264B 0006
:0041264D 0B54466F
:00412651 6E
:00412652 7453
:00412654 7479
:00412656 6C
:00412657 65
:00412658 7301
jnb 0041265B
insb
imul esp, dword ptr [ebx+0B], 6E557366
BYTE 064h
BYTE 065h
jb 004126A2
imul ebp, dword ptr [esi+65], 5373660B
je 004126B1
imul ebp, dword ptr [ebx+65], 8D74754F
inc eax
add byte ptr [esi+41], cl
or edx, dword ptr [esi+2*eax+6F]
outsb
je 004126A7
je 004126CF
insb
BYTE 065h
:0041265A 0026
:0041265C 41
:0041265D 008BC0642641
add byte ptr [esi], ah

inc ecx
add byte ptr [ebx+412664C0], cl
|:0041261F(C)
|
:00412663 0003
:00412665 09545065
:00412669 6E
:0041266A 53
:0041266B 7479
:0041266D 6C
:0041266E 650100
:00412671 000000
:00412674 06
:00412675 000000
push es
BYTE 3 DUP(0)
:00412678 60
:00412679 26
pushad
BYTE 026h
:0041267A
:0041267B
:0041267D
:0041267F
:00412680
:00412681
:00412682
:0041268A
:0041268F
:00412690
:00412692
:00412694
:00412695
:00412696
:00412698
:00412699
:0041269A
:0041269C
:0041269E
:0041269F
:004126A0
inc ecx
jo 004126F2
push ebx
outsd
insb
imul esp, dword ptr [esi+eax+70], 73614473
push 44737005
outsd
je 0041269B
jo 00412707
inc esp
popad
jnb 00412700
inc esp
outsd
je 004126A8
jo 00412711
inc esp
popad
jnb 0041270A
41
0007
7073
53
6F
6C
6964067073446173
6805707344
6F
7409
7073
44
61
7368
44
6F
740C
7073
44
61
7368

or dword ptr [eax+2*edx+65], edx
outsb
push ebx
je 004126E6
insb
BYTE 3 DUP(0)

|:00412634(C)
|
:004126A2 44
inc esp
:004126A3 6F
outsd
:004126A4 7444
je 004126EA
:004126A6 6F
outsd
|:00412652(C)
|
:004126A7 7407
je 004126B0
:004126A9 7073
jo 0041271E
:004126AB 43
:004126AC 6C
:004126AD 65
inc ebx
insb
BYTE 065h
:004126AE 61
:004126AF 720D
popad
jb 004126BE

|:0041263D(C)
|
:004126B1 7073
jo 00412726
:004126B3 49
dec ecx
:004126B4 6E
outsb
:004126B5 7369
jnb 00412720
:004126B7 64
BYTE 064h
:004126B8 65
BYTE 065h
:004126B9
:004126BA
:004126BC
:004126BD
:004126C0
:004126C2
:004126C3
:004126C5
:004126C9
:004126CA
:004126CB
:004126CC
inc esi
jb 0041271D
insd
mov eax, eax
les esp, dword ptr [esi]
inc ecx
or byte ptr [eax+2*edx+65], dl
outsb
dec ebp
outsd
BYTE 064h
46
7261
6D
658BC0
C426
41
0003
08545065
6E
4D
6F
64
:004126CD 650100
:004126D0 000000

BYTE 3 DUP(0)
:004126D3 0F0000
:004126D6 00C0
:004126D8 26
sldt dword ptr [eax]

add al, al
BYTE 026h
:004126D9
:004126DA
:004126DC
:004126DE
:004126DF
:004126E0
:004126E1
:004126E4
inc ecx
jo 0041274B
inc edx
insb
popad
arpl dword ptr [ebx+07], ebp
jo 00412753
41
0007
706D
42
6C
61
636B07
706D
|:0041266B(C)
|
:004126E6 57
:004126E7 6869746505
:004126EC 706D
:004126EE 4E

push edi
push 05657469
jo 0041275B
dec esi
:004126EF 6F
:004126F0 7005
outsd
jo 004126F7

|:0041267D(C)
|
:004126F2 706D
jo 00412761
:004126F4 4E
dec esi
:004126F5 6F
outsd
:004126F6 7406
je 004126FE
:004126F8 706D
jo 00412767
:004126FA 43
inc ebx
:004126FB 6F
outsd
:004126FC 7079
jo 00412777
|:004126F6(C)
|
:004126FE 09706D
:00412701 4E
:00412702 6F
:00412703 7443
:00412705 6F
:00412706 7079
:00412708 0D706D4D65
:0041270D 7267
:0041270F 65
:00412710 50
push eax
or dword ptr [eax+6D], esi

dec esi
outsd
je 00412748
outsd
jo 00412781
or eax, 654D6D70
jb 00412776
BYTE 065h

|:0041269C(C)
|
:00412711 65
BYTE 065h
:00412712 6E
outsb
:00412713 4E
dec esi
:00412714 6F
outsd
:00412715 740C
je 00412723
:00412717 706D
jo 00412786
:00412719 4D
dec ebp
:0041271A 61
popad
:0041271B 736B
jnb 00412788
|:004126BA(C)
|
:0041271D 50
push eax
|:004126A9(C)
|
:0041271E 65
BYTE 065h
:0041271F 6E
outsb
|:004126B5(C)
|
:00412720 4E
dec esi
:00412721 6F
outsd
:00412722 740D
:00412724 706D
je 00412731
jo 00412793

|:004126B1(C)
|
:00412726 4D
dec ebp
:00412727 65
BYTE 065h
:00412728 7267
:0041272A 65
jb 00412791
BYTE 065h
:0041272B
:0041272C
:0041272D
:0041272F
dec esi
outsd
je 0041277F
BYTE 065h
4E
6F
7450
65
:00412730 6E
outsb

|:00412722(C)
|
:00412731 0C70
or al, 70
:00412733 6D
insd
:00412734 4D
dec ebp
:00412735 61
popad
:00412736 736B
jnb 004127A3
:00412738 4E
dec esi
:00412739 6F
outsd
:0041273A 7450
je 0041278C
:0041273C 65
BYTE 065h
:0041273D
:0041273E
:0041273F
:00412741
:00412742
6E
07
706D
4D
65
outsb
pop es
jo 004127AE
dec ebp
BYTE 065h
:00412743
:00412745
:00412749
:0041274A
7267
650A706D
4E
6F
jb 004127AC
or dh, byte ptr gs:[eax+6D]
dec esi
outsd

|:004126DC(C)
|
:0041274B 744D
je 0041279A
:0041274D 65
BYTE 065h
:0041274E 7267
:00412750 65
jb 004127B7
BYTE 065h
:00412751 06
push es
:00412752
:00412754
:00412755
:00412756
:00412758
706D
4D
61
736B
09706D
|:004126EC(C)
|
:0041275B 4E
:0041275C 6F
:0041275D 744D
:0041275F 61
:00412760 736B
:00412762 05706D586F
jo 004127C1
dec ebp
popad
jnb 004127C3
or dword ptr [eax+6D], esi
dec esi
outsd
je 004127AC
popad
jnb 004127CD
add eax, 6F586D70

|:004126F8(C)
|
:00412767 7208
jb 00412771
:00412769 706D
jo 004127D8
:0041276B 4E
dec esi
:0041276C 6F
outsd
:0041276D 7458
je 004127C7
:0041276F 6F
outsd
:00412770 728D
jb 004126FF
|:004127E5(C)
|
:00412772 40
inc eax
:00412773 007827
add byte ptr [eax+27], bh
|:0041270D(C)
|
:00412776 41
inc ecx
|:004126FC(C)
|
:00412777 0003
:00412779 0B544272
:0041277D 7573
|:0041272D(C)
|
:0041277F 685374796C
:00412784 650100
:00412787 000000
:0041278A 07
:0041278B 000000
pop es
BYTE 3 DUP(0)
:0041278E 7427
:00412790 41
je 004127B7
inc ecx

or edx, dword ptr [edx+2*eax+72]
jne 004127F2
push 6C797453
BYTE 3 DUP(0)

|:00412728(C)
|
:00412791 0007
|:00412724(C)
|
:00412793 627353
:00412796 6F
:00412797 6C
:00412798 6964076273436C65
:004127A0 61
:004127A1 720C

outsd
insb
imul esp, dword ptr [edi+eax+62], 656C4373
popad
jb 004127AF

|:00412736(C)
|
:004127A3 627348
:004127A6 6F
outsd
:004127A7 7269
jb 00412812
:004127A9 7A6F
jpe 0041281A
:004127AB 6E
outsb
|:00412743(C), :0041275D(C)
|
:004127AC 7461
je 0041280F
|:0041273F(C)
|
:004127AE 6C
insb
|:004127A1(C)
|
:004127AF 0A6273
or ah, byte ptr [edx+73]
:004127B2 56
push esi
:004127B3 65
BYTE 065h
:004127B4
:004127B6
:004127BD
:004127BE
:004127BF
:004127C6
:004127C9
:004127CA
:004127CB
:004127D2
:004127D3
:004127D6
7274
6963616C0B6273
46
44
6961676F6E616C
0B6273
42
44
6961676F6E616C
07
627343
726F
jb 0041282A
imul esp, dword ptr [ebx+61], 73620B6C
inc esi
inc esp
imul esp, dword ptr [ecx+67], 6C616E6F
or esp, dword ptr [edx+73]
inc edx
inc esp
imul esp, dword ptr [ecx+67], 6C616E6F
pop es
jb 00412847

|:00412769(C)
|
:004127D8 7373
jnb 0041284D
:004127DA 0B6273
or esp, dword ptr [edx+73]
:004127DD
:004127DE
:004127E5
:004127E7
:004127E8
:004127EA
:004127EB
:004127F5
44
69616743726F73
738B
C0
3428
41
00000000000000000000
000000
inc esp
imul esp, dword ptr [ecx+67], 736F7243
jnb 00412772
BYTE 0d0h
xor al, 28
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:004127F8 5C
:004127F9 284100
:004127FC 0000000000000000
pop esp
sub byte ptr [ecx+00], al
BYTE 8 DUP(0)
:00412804 40284100
:00412808 48284100
DWORD 00412840
DWORD 00412848
:0041280C 1400
:0041280E 0000
:00412810 64
adc al, 00
BYTE 064h
:00412811 B640
:00412813 0028
:00412815 2E
mov dh, 40
BYTE 02eh
:00412816 40
:00412817 00342E
inc eax

|:004127A9(C)
|
:0041281A 40
inc eax
:0041281B 0038
:0041281D 2E
BYTE 02eh
:0041281E
:0041281F
:00412822
:00412823
:00412825
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00412826
:00412827
:0041282E
:0041282F
:00412831
:00412834
:00412836
:00412837
:0041283A
:0041283B
:0041283D
:00412840
40
00B42B4000C82B
40
00DC
D14000
0CD3
40
0014D3
40
0008
D24000
0100
inc eax
inc eax
add ah, bl
rol dword ptr [eax+00], 1
or al, D3
inc eax
add byte ptr [ebx+8*edx], dl
inc eax
:00412842
:00412843
:00412844
:00412846
FD
FF
383B
41
std
BYTE 0ffh
cmp byte ptr [ebx], bh
inc ecx

|:004127D6(C)
|
:00412847 000F
:00412849 54
push esp
:0041284A 47
inc edi
:0041284B 7261
jb 004128AE
|:004127D8(C)
|
:0041284D 7068
:0041284F 6963734F626A65
:00412856 63745C28
:0041285A 41
:0041285B 0007
:0041285D 0F
:0041285E 54
:0041285F 47
:00412860 7261
:00412862 7068
:00412864 6963734F626A65
:0041286B 63743428
:0041286F 41
:00412870 00D8
:00412872 B640
:00412874 000000
:00412877
:0041287A
:0041287B
:0041287D
:00412884
:00412886
:00412887
:00412889
:0041288D
:0041288E
:0041288F
:00412890
084772
61
7068
69637300008BC0
8828
41
000F
0F494368
61
6E
67
65
or byte ptr [edi+72], al

popad
jo 004128E5
imul esp, dword ptr [ebx+73], C08B0000
inc ecx
cmovns eax, dword ptr [ebx+68]
popad
outsb
BYTE 067h
BYTE 065h
:00412891
:00412892
:00412893
:00412895
:0041289B
:0041289C
:0041289E
:004128A0
:004128A2
:004128A3
:004128A4
:004128A6
4E
6F
7469
66696572FC10
40
0001
2123
B61F
A7
44
D011
9E
dec esi
outsd
je 004128FE
imul sp, word ptr [ebp+72], 10FC
inc eax
and dword ptr [ebx], esp
mov dh, 1F
cmpsd
inc esp
sahf
jo 004128B7
imul esp, dword ptr [ebx+73], 656A624F
arpl dword ptr [esp+2*ebx+28], esi
inc ecx
BYTE 0fh
push esp
inc edi
jb 004128C3
jo 004128CC
imul esp, dword ptr [ebx+73], 656A624F
arpl dword ptr [esp+esi+28], esi
inc ecx
add al, bl
mov dh, 40
BYTE 3 DUP(0)
:004128A7
:004128A8
:004128AA
:004128AB
:004128B0
:004128B2
:004128B4
:004128BB
:004128BD
:004128C0
93
0020
AF
3D82DA0847
7261
7068
69637300008D40
0008
294100
0000000000000000
:004128C8 14294100
xchg eax,ebx
scasd
cmp eax, 4708DA82
jb 00412913
jo 0041291C
imul esp, dword ptr [ebx+73], 408D0000
sub dword ptr [ecx+00], eax
BYTE 8 DUP(0)
DWORD 00412914

|:00412862(C)
|
:004128CC 38294100
DWORD 00412938
:004128D0 0000000000000000
BYTE 8 DUP(0)
:004128D8 26294100
:004128DC 2E294100
DWORD 00412926
DWORD 0041292E
:004128E0
:004128E2
:004128E4
:004128E9
2000
0000
E827410028
2E

call 28416A10
BYTE 02eh
:004128EA
:004128EB
:004128EE
:004128EF
:004128F1
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:004128F2
:004128F3
:004128F6
:004128F7
:004128F9
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:004128FA
:004128FB
:00412902
:00412903
:00412906
:00412907
:0041290A
:0041290B
:0041290E
:0041290F
:00412916
40
00B42B4000C82B
40
00483E
41
000CD3
40
0014D3
40
008C3E41000E00
00000000
inc eax
inc eax
inc ecx
add byte ptr [ebx+8*edx], cl
inc eax
inc eax
add byte ptr [esi+edi+000E0041], cl
BYTE 4 DUP(0)
:0041291A 0100
|:004128B2(C)
|
:0041291C 0000
:0041291E 8428
:00412920 41
:00412921 001C00
:00412924 0000
:00412926 0100
:00412928 FD
:00412929 FF703E
:0041292C 41
:0041292D 000554466F6E
|:00412975(C)
|
:00412933 7438
:00412935 294100
:00412938 07
:00412939 0554466F6E
:0041293E 7408
:00412940 294100
:00412943 58
:00412944 284100
:00412947 07
|:0041293E(C)
|
:00412948 0008
:0041294A 47
:0041294B 7261
:0041294D 7068
:0041294F 6963730700E425
:00412956 41
:00412957 00E4
:00412959 42
:0041295A 41
:0041295B 00EC
:0041295D 42
:0041295E 41
:0041295F 0001
:00412961 000000000000
:00412967
:0041296A
:00412970
:00412975
:00412977
:00412979
:0041297C
:0041297E
:00412982
:00412984

push 65737261
je 00412933
and al, 41
add bh, bh
enter 413F, 00
BYTE 5 DUP(0)
800000
008000000743
6861727365
74BC
2441
001400
00FF
C83F4100
0100
0000000000

test byte ptr [eax], ch
inc ecx
add byte ptr [eax+eax], bl
std
push [eax+3E]
inc ecx
add byte ptr [6E6F4654], al
je 0041296D
pop es
add eax, 6E6F4654
je 00412948
pop eax
sub byte ptr [ecx+00], al
pop es

inc edi
jb 004129AE
jo 004129B7
imul esp, dword ptr [ebx+73], 25E40007
inc ecx
add ah, ah
inc edx
inc ecx
add ah, ch
inc edx
inc ecx
BYTE 6 DUP(0)
:00412989
:0041298C
:00412992
:00412993
:00412994
:00412995
:00412997
800000
008001000543
6F
6C
6F
723C
104000

outsd
insb
outsd
jb 004129D3
:0041299A 9C414100
:0041299E A4414100
DWORD 0041419C
DWORD 004141A4
:004129A2 0100
:004129A4 0000000000

BYTE 5 DUP(0)
:004129A9
:004129AC
:004129B2
:004129BA
:004129BC
:004129BD
:004129BE
:004129C0
:004129C1
:004129C2
:004129C4

imul esp, dword ptr gs:[edi+68], 4125D474
add ah, cl
inc ecx
inc ecx
add ah, ah
inc ecx
inc ecx
BYTE 6 DUP(0)
800000
008002000648
6569676874D42541
00CC
41
41
00E4
41
41
0001
000000000000
:004129CA 800000
:004129CD 00800300044E


|:00412995(C)
|
:004129D3 61
popad
:004129D4 6D
insd
:004129D5 65
BYTE 065h
:004129D6 98254100
:004129DA B4424100
:004129DE BC424100
DWORD 00412598
DWORD 004142B4
DWORD 004142BC
:004129E2 0100
:004129E4 0000000000

BYTE 5 DUP(0)
:004129E9
:004129EC
:004129EE
:004129F0
:004129F5

add al, 00
add eax, 63746950
push 0040103C
800000
0000
0400
0550697463
683C104000
:004129FA 40424100
:004129FE 5C424100
DWORD 00414240
DWORD 0041425C
:00412A02 00000000000000
BYTE 7 DUP(0)
:00412A09 800000
:00412A0C 008005000453
:00412A12 697A6548264100

imul edi, dword ptr [edx+65], 00412648
:00412A19 7C424100
:00412A1D 88424100
DWORD 0041427C
DWORD 00414288
:00412A21 0100
:00412A23 0000000000

BYTE 5 DUP(0)
:00412A28
:00412A2B
:00412A31
:00412A33
:00412A34
:00412A38
:00412A3A
:00412A3B
:00412A45
800000
008006000553
7479
6C
658D4000
842A
41
00000000000000000000
000000

je 00412AAC
insb
lea eax, dword ptr gs:[eax+00]
test byte ptr [edx], ch
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00412A48
:00412A49
:00412A4C
:00412A56
9C
2A4100
00000000000000000000
0000
pushfd
sub al, byte ptr [ecx+00]
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:00412A58
:00412A59
:00412A5C
:00412A5E
:00412A60
:00412A65
90
2A4100
1800
0000
E827410028
2E
nop
call 28416B8C
BYTE 02eh
:00412A66
:00412A67
:00412A6A
:00412A6B
:00412A6D
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00412A6E
:00412A6F
:00412A72
:00412A73
:00412A75
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00412A76
:00412A77
:00412A7E
:00412A7F
:00412A82
:00412A83
40
00B42B4000C82B
40
005843
41
000CD3
inc
add
inc
add
inc
add
eax
eax
byte ptr [eax+43], bl
ecx
byte ptr [ebx+8*edx], cl
:00412A86
:00412A87
:00412A8A
:00412A8B
:00412A91
:00412A92
:00412A93
40
0014D3
40
008043410004
54
50
65
:00412A94 6E
:00412A95 8D4000
inc eax
inc eax
push esp
push eax
BYTE 065h
outsb

|:00412AD6(C)
|
:00412A98 9C
pushfd
:00412A99 2A4100
:00412A9C 07
pop es
:00412A9D 0454
add al, 54
:00412A9F 50
push eax
:00412AA0 65
BYTE 065h
:00412AA1 6E
outsb
:00412AA2 842A4100
:00412AA6 58284100
DWORD 00412A84
DWORD 00412858
:00412AAA 0400
add al, 00
|:00412A31(C)
|
:00412AAC 084772
:00412AAF 61
:00412AB0 7068
:00412AB2 6963730400BC24
:00412AB9 41
:00412ABA 00A0444100A8
:00412AC0 44
:00412AC1 41
:00412AC2 0001
:00412AC4 000000000000
:00412ACA 800000
:00412ACD 00000000

BYTE 4 DUP(0)
:00412AD1 05436F6C6F
:00412AD6 72C0
:00412AD8 26
add eax, 6F6C6F43

jb 00412A98
BYTE 026h
:00412AD9
:00412ADA
:00412ADD
:00412ADF
:00412AE4
inc ecx
add bh, bh
push 01004145
BYTE 6 DUP(0)
41
001400
00FF
6845410001
000000000000

popad
jo 00412B1A
imul esp, dword ptr [ebx+73], 24BC0004
inc ecx
add byte ptr [eax+A8004144], ah
inc esp
inc ecx
BYTE 6 DUP(0)
:00412AEA
:00412AEE
:00412AF0
:00412AF7
80040000
0001
00044D6F646560
26
add byte ptr [eax+eax], 00

add byte ptr [2*ecx+6065646F], al
BYTE 026h
:00412AF8
:00412AF9
:00412AFD
:00412B04
41
007C4541
00844541000100
0000000000
inc ecx
add byte ptr [ebp+2*eax+41], bh
add byte ptr [ebp+2*eax+00010041], al
BYTE 5 DUP(0)
:00412B09
:00412B0C
:00412B0E
:00412B10
:00412B15
800000
0000
0200
055374796C
65

add eax, 6C797453
BYTE 065h
:00412B16
:00412B18
:00412B19
:00412B20
:00412B21
:00412B23
3C10
40
00AC454100B445
41
0001
000000000000
cmp al, 10
inc eax
add byte ptr [ebp+2*eax+45B40041], ch
inc ecx
BYTE 6 DUP(0)
:00412B29
:00412B2C
:00412B2E
:00412B30
:00412B35
:00412B3A
:00412B3B
:00412B45
800100
0000
0300
0557696474
688BC0842B
41
00000000000000000000
000000
add byte ptr [ecx], 00

add eax, 74646957
push 2B84C08B
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00412B48
:00412B49
:00412B4C
:00412B56
9C
2B4100
00000000000000000000
0000
pushfd
sub eax, dword ptr [ecx+00]
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:00412B58
:00412B59
:00412B5C
:00412B5E
:00412B60
:00412B65
90
2B4100
1400
0000
E827410028
2E
nop
adc al, 00
call 28416C8C
BYTE 02eh
:00412B66
:00412B67
:00412B6A
:00412B6B
:00412B6D
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00412B6E
:00412B6F
:00412B72
:00412B73
:00412B75
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00412B76
:00412B77
:00412B7E
:00412B7F
:00412B81
:00412B82
:00412B83
:00412B86
:00412B87
:00412B8A
:00412B8B
:00412B8E
:00412B8F
:00412B91
:00412B92
:00412B93
:00412B95
:00412B97
:00412B98
:00412B99
:00412B9C
:00412B9D
:00412B9E
:00412B9F
:00412BA0
:00412BA2
40
00B42B4000C82B
40
0020
46
41
000CD3
40
0014D3
40
004846
41
0006
54
42
7275
7368
90
9C
2B4100
07
06
54
42
7275
7368
inc eax
inc eax
inc esi
inc ecx
inc eax
inc eax
add byte ptr [eax+46], cl
inc ecx
push esp
inc edx
jb 00412C0A
jnb 00412BFF
nop
pushfd
pop es
push es
push esp
inc edx
jb 00412C17
jnb 00412C0C
:00412BA4 842B4100
:00412BA8 58284100
DWORD 00412B84
DWORD 00412858
:00412BAC
:00412BAE
:00412BB1
:00412BB2
:00412BB4
:00412BBB
:00412BBC
:00412BC3
:00412BC4
:00412BC6
0200
084772
61
7068
6963730200BC24
41
00844741008C47
41
0001
000000000000

popad
jo 00412C1C
imul esp, dword ptr [ebx+73], 24BC0002
inc ecx
add byte ptr [edi+2*eax+478C0041], al
inc ecx
BYTE 6 DUP(0)
:00412BCC
:00412BCF
:00412BD1
:00412BD3
:00412BD8
:00412BDA
:00412BDB
:00412BDC
:00412BE2
:00412BE3
80FFFF
FF00
0000
05436F6C6F
7274
27
41
00A0484100A8
48
41
cmp bh, FF
inc dword ptr [eax]
add eax, 6F6C6F43
jb 00412C4E
daa
inc ecx
dec eax
inc ecx
:00412BE4 0001
:00412BE6 000000000000

BYTE 6 DUP(0)
:00412BEC
:00412BEF
:00412BF1
:00412BF3
:00412BF8
:00412BFC
:00412BFD
add
add
add
add
lea
dec
sub
800000
0000
0100
055374796C
658D4000
48
2C41
byte ptr [eax], 00

byte ptr [eax], al
eax, 6C797453
eax, dword ptr gs:[eax+00]
eax
al, 41

|:00412B95(C)
|
:00412BFF 00000000000000000000
BYTE 10 DUP(0)
:00412C09 000000
BYTE 3 DUP(0)
|:00412BA2(C)
|
:00412C0C 6C
:00412C0D 2C41
:00412C0F 00000000000000000000
:00412C19 000000
|:00412BB2(C)
|
:00412C1C 60
:00412C1D 2C41
:00412C1F 00540000
:00412C23 0064B640
:00412C27 0028
:00412C29 2E
:00412C2A
:00412C2B
:00412C2E
:00412C2F
:00412C31
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00412C32
:00412C33
:00412C36
:00412C37
:00412C39
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00412C3A
:00412C3B
:00412C42
:00412C43
:00412C49
40
00B42B4000C82B
40
00A04941000C
D34000
inc
add
inc
add
rol
insb
sub al, 41
BYTE 10 DUP(0)
BYTE 3 DUP(0)
pushad
sub al, 41
add byte ptr [esi+4*esi+40], ah
BYTE 02eh
eax
eax
byte ptr [eax+0C004149], ah
dword ptr [eax+00], cl
:00412C4C 14D3
adc al, D3

|:00412BD8(C)
|
:00412C4E 40
inc eax
:00412C4F 0008
:00412C51 D24000
:00412C54 10504100
:00412C58 FC4F4100
:00412C5C DC4E4100
DWORD 00415010
DWORD 00414FFC
DWORD 00414EDC
:00412C60
:00412C61
:00412C62
:00412C63
:00412C64
:00412C65
:00412C67
:00412C69
:00412C6B
:00412C6D
:00412C6E
:00412C6F
:00412C70
:00412C71
:00412C72
:00412C74
:00412C76
:00412C78
:00412C7A
:00412C7C
:00412C7F
:00412C82
:00412C83
pop es
push esp
inc ebx
popad
outsb
jbe 00412CC8
jnb 00412CD5
sub al, 41
pop es
push esp
inc ebx
popad
outsb
jbe 00412CD5
jnb 00412CBE
sub al, 41
add al, bl
mov dh, 40
popad
jo 00412CED
07
54
43
61
6E
7661
736C
2C41
0007
07
54
43
61
6E
7661
7348
2C41
00D8
B640
000400
084772
61
7068
|:00412CEB(C)
|
:00412C85 6963730400982B
:00412C8C 41
:00412C8D 001400
:00412C90 00FF
:00412C92 9C
:00412C93 4D
:00412C94 41
:00412C95 0001
:00412C97 000000000000
:00412C9D
:00412CA0
:00412CA6
:00412CA8
:00412CAA
:00412CAC
:00412CAD
:00412CAF
add byte ptr

add byte ptr
jb 00412D1D
jnb 00412D12
cmp al, 10
inc eax
add byte ptr
add byte ptr
800000
008000000542
7275
7368
3C10
40
0020
0000
imul esp, dword ptr [ebx+73], 2B980004

inc ecx
add bh, bh
pushfd
dec ebp
inc ecx
BYTE 6 DUP(0)
[eax], 00
[eax+42050000], al
[eax], ah
[eax], al
:00412CB1
:00412CB3
:00412CB5
:00412CB7
FF20
0000
FF01
000000000000
jmp dword ptr [eax]

inc dword ptr [ecx]
BYTE 6 DUP(0)
:00412CBD
:00412CC0
:00412CC1
:00412CC3
:00412CC5
:00412CC6
:00412CC7
:00412CC9
:00412CCA
:00412CCB
802000
CC
0001
0008
43
6F
7079
4D
6F
64
and byte ptr [eax], 00

int 03
inc ebx
outsd
jo 00412D42
dec ebp
outsd
BYTE 064h
:00412CCC 65
BYTE 065h
:00412CCD
:00412CCF
:00412CD0
:00412CD3
xor
inc
add
add
3429
41
000C00
00FF
al, 29
ecx
bh, bh
|:00412C67(C), :00412C72(C)
|
:00412CD5 804D4100
:00412CD9 0100
:00412CDB 0000000000
:00412CE0
:00412CE3
:00412CE9
:00412CEA
:00412CEB

outsd
outsb
je 00412C85
800000
008002000446
6F
6E
7498
or byte ptr [ebp+41], 00

BYTE 5 DUP(0)
|:00412C83(C)
|
:00412CED 2A4100
:00412CF0 1000
:00412CF2 00FF
:00412CF4 90
:00412CF5 4D
:00412CF6 41
:00412CF7 0001
:00412CF9 000000000000
:00412CFF 800000
:00412D02 008003000350
:00412D08 65

BYTE 065h
:00412D09 6E
:00412D0A 8BC0
outsb
mov eax, eax

add bh, bh
nop
dec ebp
inc ecx
BYTE 6 DUP(0)
:00412D0C 102D4100080E
adc byte ptr [0E080041], ch

|:00412CA8(C)
|
:00412D12 54
push esp
:00412D13 50
push eax
:00412D14 726F
jb 00412D85
:00412D16 677265
jb 00412D7E
:00412D19 7373
jnb 00412D8E
:00412D1B 45
inc ebp
:00412D1C 7665
jbe 00412D83
:00412D1E 6E
outsb
:00412D1F 7400
je 00412D21
|:00412D1F(C)
|
:00412D21 06
push es
:00412D22 0806
or byte ptr [esi], al
:00412D24 53
push ebx
:00412D25 65
BYTE 065h
:00412D26 6E
:00412D27 64
outsb
BYTE 064h
:00412D28 65
BYTE 065h
:00412D29
:00412D2B
:00412D2C
:00412D2D
:00412D30
:00412D34
:00412D35
:00412D37
:00412D38
7207
54
4F
626A65
63740005
53
7461
67
65
jb 00412D32
push esp
dec edi
arpl dword ptr [eax+eax+05], esi
push ebx
je 00412D98
BYTE 067h
BYTE 065h
:00412D39
:00412D3A
:00412D3B
:00412D3C
:00412D3E
:00412D41
:00412D43
:00412D44
:00412D46
:00412D4A
:00412D4B
0E
54
50
726F
677265
7373
53
7461
6765000B
50
65
push cs
push esp
push eax
jb 00412DAD
jb 00412DA6
jnb 00412DB6
push ebx
je 00412DA7
add gs:[bp+di], cl
push eax
BYTE 065h
:00412D4C 7263
:00412D4E 65
jb 00412DB1
BYTE 065h
:00412D4F 6E
outsb
:00412D50
:00412D52
:00412D53
:00412D54
7444
6F
6E
65
je 00412D96
outsd
outsb
BYTE 065h
:00412D55
:00412D57
:00412D59
:00412D5C
:00412D5D
0442
7974
650009
52
65
add al, 42
jns 00412DCD
add byte ptr gs:[ecx], cl
push edx
BYTE 065h
:00412D5E 64
BYTE 064h
:00412D5F
:00412D61
:00412D63
:00412D64
:00412D66
:00412D67
:00412D68
:00412D69
:00412D6A
jb 00412DC2
ja 00412DB1
outsd
ja 00412D6D
inc edx
outsd
outsd
insb
BYTE 065h
7261
774E
6F
7707
42
6F
6F
6C
65
:00412D6B 61
:00412D6C 6E
popad
outsb
|:00412D64(C)
|
:00412D6D 1201
:00412D6F 52
:00412D70 0554526563
:00412D75 7402
:00412D77 034D73
:00412D7A 6706
:00412D7C 53
:00412D7D 7472
:00412D7F 696E678BC0D02D
:00412D86 41
:00412D87 00000000000000000000
:00412D91 000000
:00412D94 48
:00412D95 2E
dec eax
BYTE 02eh
adc al, byte ptr [ecx]

push edx
add eax, 63655254
je 00412D79
add ecx, dword ptr [ebp+73]
push es
push ebx
je 00412DF1
imul ebp, dword ptr [esi+67], 2DD0C08B
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)

|:00412D50(C)
|
:00412D96 41
inc ecx
:00412D97 000000000000000000
BYTE 9 DUP(0)
:00412DA0 302E4100
:00412DA4 382E4100
DWORD 00412E30
DWORD 00412E38
:00412DA8 1800
:00412DAA 0000
:00412DAC 64

BYTE 064h

|:00412D3C(C)
|
:00412DAD B640
mov dh, 40
:00412DAF 0028
|:00412D4C(C), :00412D61(C)
|
:00412DB1 2E
:00412DB2 40
:00412DB3 00342E

BYTE 02eh
inc eax

|:00412D41(C)
|
:00412DB6 40
inc eax
:00412DB7 0038
:00412DB9 2E
BYTE 02eh
:00412DBA
:00412DBB
:00412DBE
:00412DBF
:00412DC1
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
|:00412D5F(C)
|
:00412DC2 40
:00412DC3 00B42B4000C82B
:00412DCA 40
:00412DCB 00DC
|:00412D57(C)
|
:00412DCD D14000
:00412DD0 0CD3
:00412DD2 40
:00412DD3 009864410008
:00412DD9 D24000
:00412DDC F0634100
:00412DE0 28644100
DWORD 004163F0
DWORD 00416428
inc
add
inc
add
eax
eax
ah, bl
rol dword ptr [eax+00], 1

or al, D3
inc eax
add byte ptr [eax+08004164], bl
:00412DE4
:00412DE5
:00412DE6
:00412DE7
:00412DE9
F8
27
40
00E4
64
clc
daa
inc eax
add ah, ah
BYTE 064h
:00412DEA
:00412DEB
:00412DED
:00412DEE
:00412DEF
41
00F8
27
40
00F8
inc
add
daa
inc
add
|:00412D7D(C)
|
:00412DF1 27
:00412DF2 40
:00412DF3 0028
:00412DF5 6641
:00412DF7 002C66
:00412DFA 41
:00412DFB 00F8
:00412DFD 27
:00412DFE 40
:00412DFF 00AC664100F827
:00412E06 40
:00412E07 0010
:00412E09 6741
:00412E0B 001467
:00412E0E 41
:00412E0F 00F8
:00412E11 27
:00412E12 40
:00412E13 002467
:00412E16 41
:00412E17 0030
:00412E19 6641
:00412E1B 00B8664100F8
:00412E21 27
:00412E22 40
:00412E23 00F8
:00412E25 27
:00412E26 40
:00412E27 00F8
:00412E29 27
:00412E2A 40
:00412E2B 00F8
:00412E2D 27
:00412E2E 40
:00412E2F 0001
:00412E31 00FD
:00412E33 FF846641000854
:00412E3A 47
:00412E3B 7261
:00412E3D 7068
:00412E3F 69638D4000482E
:00412E46 41
:00412E47 0007
:00412E49 08544772
ecx
al, bh
eax
al, bh

daa
inc eax
inc cx
add byte ptr [esi], ch
inc ecx
add al, bh
daa
inc eax
add byte ptr [esi+27F80041], ch
inc eax
inc ecx
add byte ptr [edi], dl
inc ecx
add al, bh
daa
inc eax
add byte ptr [edi], ah
inc ecx
inc cx
add byte ptr [eax+F8004166], bh
daa
inc eax
add al, bh
daa
inc eax
add al, bh
daa
inc eax
add al, bh
daa
inc eax
add ch, bh
inc dword ptr [esi+54080041]
inc edi
jb 00412E9E
jo 00412EA7
imul esp, dword ptr [ebx-73], 2E480040
inc ecx
or byte ptr [edi+2*eax+72], dl
:00412E4D
:00412E4E
:00412E50
:00412E57
:00412E59
61
7068
6963D02D4100D8
B640
000000
popad
jo 00412EB8
imul esp, dword ptr [ebx-30], D800412D
mov dh, 40
BYTE 3 DUP(0)
:00412E5C
:00412E5F
:00412E60
:00412E62
:00412E69
084772
61
7068
696373000090B4
2E

popad
jo 00412ECA
imul esp, dword ptr [ebx+73], B4900000
BYTE 02eh
:00412E6A 41
:00412E6B 000000000000000000
inc ecx
BYTE 9 DUP(0)
:00412E74 C02E4100
:00412E78 F02E4100
DWORD 00412EC0
DWORD 00412EF0
:00412E7C 0000000000000000
BYTE 8 DUP(0)
:00412E84 D22E4100
:00412E88 E02E4100
DWORD 00412ED2
DWORD 00412EE0
:00412E8C 1C00
:00412E8E 0000
:00412E90 64
sbb al, 00
BYTE 064h
:00412E91 B640
:00412E93 0028
:00412E95 2E
mov dh, 40
BYTE 02eh
:00412E96
:00412E97
:00412E9A
:00412E9B
:00412E9D
inc eax
inc eax
BYTE 02eh
40
00342E
40
0038
2E

|:00412E3B(C)
|
:00412E9E 40
inc eax
:00412E9F 003C2E
:00412EA2 40
inc eax
:00412EA3 0030
:00412EA5 2E
BYTE 02eh
:00412EA6 40
inc eax
|:00412E3D(C)
|
:00412EA7 00B42B4000C82B
:00412EAE 40
:00412EAF 00506C
:00412EB2 41
:00412EB3 00806C41004C
:00412EB9 7041
:00412EBB 00E0
:00412EBD 6D
:00412EBE 41
:00412EBF 000E
:00412EC1 0000000000
:00412EC6 0100
:00412EC8 0000


inc eax
add byte ptr [eax+6C], dl
inc ecx
add byte ptr [eax+4C00416C], al
jo 00412EFC
add al, ah
insd
inc ecx
BYTE 5 DUP(0)

|:00412E60(C)
|
:00412ECA 8428
test byte ptr [eax], ch
:00412ECC 41
inc ecx
:00412ECD 0010
:00412ECF 000000
BYTE 3 DUP(0)
:00412ED2
:00412ED4
:00412ED5
:00412ED6
:00412ED7
0200
FD
FF
FC
FF

std
BYTE 0ffh
cld
BYTE 0ffh
:00412ED8 3C6E4100
:00412EDC 606E4100
DWORD 00416E3C
DWORD 00416E60
:00412EE0
:00412EE4
:00412EE8
:00412EEC
:00412EED
08545069
63747572
658D4000
F0
2E

arpl dword ptr [ebp+2*esi+72], esi
lea eax, dword ptr gs:[eax+00]
lock
BYTE 02eh
:00412EEE
:00412EEF
:00412EF1
:00412EF5
:00412EF9
41
0007
08545069
63747572
65
inc ecx
arpl dword ptr [ebp+2*esi+72], esi
BYTE 065h
:00412EFA B42E
mov ah, 2E

|:00412EB9(C)
|
:00412EFC 41
inc ecx
:00412EFD 00D8
add al, bl
:00412EFF B640
:00412F01 000000
mov dh, 40
BYTE 3 DUP(0)
:00412F04
:00412F07
:00412F08
:00412F0A
:00412F11
:00412F12
:00412F13
:00412F1D
:00412F27
084772
61
7068
6963730000905C
2F
41
00000000000000000000
00000000000000000000
000000000000000000

popad
jo 00412F72
imul esp, dword ptr [ebx+73], 5C900000
das
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00412F30
:00412F31
:00412F32
:00412F33
:00412F35
60
2F
41
0008
000000
pushad
das
inc ecx
BYTE 3 DUP(0)
:00412F38
:00412F3A
:00412F3B
:00412F3D
8810
40
0028
2E
mov byte ptr [eax], dl

inc eax
BYTE 02eh
:00412F3E
:00412F3F
:00412F42
:00412F43
:00412F45
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00412F46
:00412F47
:00412F4A
:00412F4B
:00412F4D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00412F4E
:00412F4F
:00412F56
:00412F57
:00412F59
:00412F5B
:00412F5D
:00412F5E
:00412F5F
:00412F62
:00412F63
:00412F68
:00412F69
:00412F6A
:00412F6B
:00412F70
:00412F75
:00412F7F
40
00B42B4000C82B
40
0010
2C40
00F8
27
40
000C54
53
6861726564
49
6D
61
67658D4000
BC2F410000
00000000000000000000
00000000000000000000
inc eax
inc eax
sub al, 40
add al, bh
daa
inc eax
push ebx
push 64657261
dec ecx
insd
popad
lea eax, gs:[bx+si+00]
mov esp, 0000412F
BYTE 10 DUP(0)
BYTE 10 DUP(0)
:00412F89 00000000000000
BYTE 7 DUP(0)
:00412F90
:00412F93
:00412F96
:00412F98
:00412F9A
:00412F9B
:00412F9D
C02F41
002400
0000
102F
41
0028
2E
shr byte ptr

add byte ptr
add byte ptr
adc byte ptr
inc ecx
add byte ptr
BYTE 02eh
:00412F9E
:00412F9F
:00412FA2
:00412FA3
:00412FA5
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00412FA6
:00412FA7
:00412FAA
:00412FAB
:00412FAD
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00412FAE
:00412FAF
:00412FB6
:00412FB7
:00412FB9
:00412FBB
:00412FBE
:00412FBF
:00412FC1
:00412FC2
:00412FC3
40
00B42B4000C82B
40
00C8
7041
000471
41
000E
54
4D
65
inc eax
inc eax
add al, cl
jo 00412FFC
add byte ptr [ecx+2*esi], al
inc ecx
push esp
dec ebp
BYTE 065h
:00412FC4
:00412FC6
:00412FCD
:00412FCE
7461
66696C65496D61
67
65
je 00413027
imul bp, word ptr [ebp+49], 616D
BYTE 067h
BYTE 065h
:00412FCF
:00412FD0
:00412FD2
:00412FD3
:00412FDD
90
1C30
41
00000000000000000000
000000
nop
sbb al, 30
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00412FE0
:00412FE2
:00412FE3
:00412FED
8C30
41
00000000000000000000
000000
mov [eax], xx
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00412FF0 7C30
:00412FF2 41
jl 00413022
inc ecx
[edi], 41
[eax+eax], ah
[eax], al
[edi], ch
[eax], ch
:00412FF3 0020
:00412FF5 000000

BYTE 3 DUP(0)
:00412FF8
:00412FFE
:00412FFF
:00413002
:00413003
:00413005
842D4100282E
40
00342E
40
0038
2E
test byte ptr [2E280041], ch

inc eax
inc eax
BYTE 02eh
:00413006
:00413007
:0041300A
:0041300B
:0041300D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041300E
:0041300F
:00413016
:00413017
:0041301A
:0041301B
:0041301E
:0041301F
:00413025
40
00B42B4000C82B
40
005071
41
000CD3
40
009864410080
7141
inc
add
inc
add
inc
add
inc
add
jno
eax
byte ptr
eax
byte ptr
ecx
byte ptr
eax
byte ptr
00413068
[ebx+ebp+2BC80040], dh
[eax+71], dl
[ebx+8*edx], cl
[eax+80004164], bl

|:00412FC4(C)
|
:00413027 0008
:00413029 7141
jno 0041306C
:0041302B 0028
:0041302D 64
BYTE 064h
:0041302E
:0041302F
:00413032
:00413033
:00413035
41
001472
41
00E4
64
inc ecx
add byte ptr [edx+2*esi], dl
inc ecx
add ah, ah
BYTE 064h
:00413036
:00413037
:0041303D
:0041303F
:00413042
:00413043
:00413046
:00413047
:0041304D
:0041304F
:00413053
:00413055
:00413057
:0041305A
:0041305B
41
00A8724100B0
7241
001473
41
002C66
41
00A073410080
7441
007C7741
0010
6741
006878
41
006C7841
inc ecx
add byte ptr
jb 00413080
add byte ptr
inc ecx
add byte ptr
inc ecx
add byte ptr
je 00413090
add byte ptr
add byte ptr
inc ecx
add byte ptr
inc ecx
add byte ptr
[eax+B0004172], ch
[ebx+2*esi], dl
[esi], ch
[eax+80004173], ah
[edi+2*esi+41], bh
[eax], dl
[eax+78], ch
[eax+2*edi+41], ch
:0041305F
:00413061
:00413063
:00413065
:00413067
:00413069
:0041306B
:0041306E
:0041306F
:00413072
:00413073
:00413076
:00413077
:00413079
:0041307B
:0041307D
:0041307E
:0041307F
00C4
7941
0030
6641
00D4
7641
000474
41
006077
41
00147C
41
00D4
7C41
0009
54
4D
65
add ah, al
jns 004130A4
add byte ptr
inc cx
add ah, dl
jbe 004130AC
add byte ptr
inc ecx
add byte ptr
inc ecx
add byte ptr
inc ecx
add ah, dl
jl 004130BC
add byte ptr
push esp
dec ebp
BYTE 065h
[eax], dh
[esp+2*esi], al
[eax+77], ah
[esp+2*edi], dl
[ecx], cl
|:0041303D(C)
|
:00413080 7461
:00413082 66696C658BC08C
:00413089 304100
:0041308C 07
:0041308D 09544D65
:00413091 7461
:00413093 66696C651C3041
:0041309A 00442E41
:0041309E 000000
:004130A1 084772
|:00413061(C)
|
:004130A4 61
:004130A5 7068
:004130A7 6963730000F830
:004130AE 41
:004130AF 00000000000000000000
:004130B9 00000000000000000000
:004130C3 000000000000000000
:004130CC FC
:004130CD 304100
:004130D0 7000
cld
xor byte ptr [ecx+00], al
jo 004130D2
je 004130E3
imul bp, word ptr [ebp-75], 8CC0
xor byte ptr [ecx+00], al
pop es
or dword ptr [ebp+2*ecx+65], edx
je 004130F4
imul bp, word ptr [ebp+1C], 4130
add byte ptr [esi+ebp+41], al
BYTE 3 DUP(0)
popad
jo 0041310F
imul esp, dword ptr [ebx+73], 30F80000
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)

|:004130D0(C)
|
:004130D2 0000
:004130D4 102F
adc byte ptr [edi], ch
:004130D6 41
inc ecx
:004130D7 0028
:004130D9 2E
BYTE 02eh
:004130DA
:004130DB
:004130DE
:004130DF
:004130E1
inc eax
inc eax
BYTE 02eh
40
00342E
40
0038
2E
:004130E2 40
inc eax

|:00413080(C)
|
:004130E3 003C2E
:004130E6 40
inc eax
:004130E7 0030
:004130E9 2E
BYTE 02eh
:004130EA
:004130EB
:004130F2
:004130F3
:004130F5
:004130F9
:00413100
:00413102
:00413103
:00413105
:00413106
:00413107
:0041310C
:0041310D
:00413110
:0041311A
40
00B42B4000C82B
40
00E4
80410038
8141000C544269
746D
61
7049
6D
61
67658D4000
58
314100
00000000000000000000
0000
inc eax
inc eax
add ah, ah
add byte ptr [ecx+00], 38
add dword ptr [ecx+00], 6942540C
je 0041316F
popad
jo 0041314E
insd
popad
pop eax
xor dword ptr [ecx+00], eax
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:0041311C
:0041311D
:00413120
:0041312A
D0
314100
00000000000000000000
0000
BYTE 0d0h
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:0041312C
:0041312E
:0041312F
:00413132
:00413134
:0041313A
:0041313B
:0041313E
:0041313F
:00413141
C431
41
002C00
0000
842D4100282E
40
00342E
40
0038
2E
les esi, dword ptr [ecx]

inc ecx
add byte ptr [eax+eax], ch
inc eax
inc eax
BYTE 02eh
:00413142 40
:00413143 003C2E
:00413146 40
inc eax
inc eax
:00413147 0030
:00413149 2E

BYTE 02eh
:0041314A
:0041314B
:00413152
:00413153
:0041315A
:0041315B
:00413161
40
00B42B4000C82B
40
00948B41000CD3
40
0098644100D0
8B4100
inc
add
inc
add
inc
add
mov
:00413164
:00413168
:0041316C
:00413170
:00413174
:00413178
:0041317C
:00413180
:00413184
:00413188
:0041318C
:00413190
:00413194
:00413198
:0041319C
:004131A0
:004131A4
:004131A8
:004131AC
:004131B0
:004131B4
:004131B8
:004131BC
:004131C0
2C8B4100
848D4100
AC8D4100
E4644100
4C904100
F4904100
34914100
2C664100
90914100
14954100
DC9B4100
B09C4100
14674100
849D4100
D89D4100
30664100
B8664100
04944100
08A04100
44934100
10A04100
A4904100
04914100
A89A4100
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:004131C4
:004131C5
:004131C6
:004131C7
:004131CF
:004131D1
:004131D2
:004131D3
:004131D4
:004131DC
:004131E0
07
54
42
69746D6170D03141
0007
07
54
42
69746D6170583141
00442E41
000000
pop es
push esp
inc edx
imul esi, dword ptr [ebp+2*ebp+61], 4131D070
pop es
push esp
inc edx
imul esi, dword ptr [ebp+2*ebp+61], 41315870
add byte ptr [esi+ebp+41], al
BYTE 3 DUP(0)
:004131E3
:004131E6
:004131E7
:004131E9
:004131F0
:004131F2
:004131F3
:004131FD
:00413207
084772
61
7068
69637300008BC0
3C32
41
00000000000000000000
00000000000000000000
000000000000000000

popad
jo 00413251
imul esp, dword ptr [ebx+73], C08B0000
cmp al, 32
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
eax
byte
eax
byte
eax
byte
eax,
ptr [ebx+ebp+2BC80040], dh
ptr [ebx+4*ecx-2CF3FFBF], dl
ptr [eax+D0004164], bl
dword ptr [ecx+00]
00418B2C
00418D84
00418DAC
004164E4
0041904C
004190F4
00419134
0041662C
00419190
00419514
00419BDC
00419CB0
00416714
00419D84
00419DD8
00416630
004166B8
00419404
0041A008
00419344
0041A010
004190A4
00419104
00419AA8
:00413210
:00413211
:00413214
:00413216
:00413218
:0041321A
:0041321B
:0041321D
40
324100
1000
0000
102F
41
0028
2E
inc eax
xor al, byte
adc byte ptr
add byte ptr
adc byte ptr
inc ecx
add byte ptr
BYTE 02eh
:0041321E
:0041321F
:00413222
:00413223
:00413225
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00413226
:00413227
:0041322A
:0041322B
:0041322D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041322E
:0041322F
:00413236
:00413237
:0041323D
:00413242
:00413243
:00413246
:00413247
:00413248
:00413249
:0041324A
40
00B42B4000C82B
40
00B0A04100E0
A041000A54
49
636F6E
49
6D
61
67
65
inc eax
inc eax
add byte ptr [eax+E00041A0], dh
mov al, byte ptr [540A0041]
dec ecx
arpl dword ptr [edi+6E], ebp
dec ecx
insd
popad
BYTE 067h
BYTE 065h
:0041324B
:0041324C
:0041324D
:00413250
:0041325A
90
98
324100
00000000000000000000
0000
nop
cwde
xor al, byte ptr [ecx+00]
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:0041325C
:0041325E
:0041325F
:00413269
0433
41
00000000000000000000
000000
add al, 33
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041326C
:0041326D
:00413270
:00413272
:00413274
:0041327A
:0041327B
F8
324100
1C00
0000
842D4100282E
40
00342E
clc
xor al, byte ptr [ecx+00]
sbb al, 00
inc eax
ptr [ecx+00]
[eax], al
[eax], al
[edi], ch
[eax], ch
:0041327E 40
:0041327F 0038
:00413281 2E
inc eax
BYTE 02eh
:00413282
:00413283
:00413286
:00413287
:00413289
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041328A
:0041328B
:00413292
:00413293
:00413297
:0041329A
:0041329B
:004132A1
:004132A6
:004132A7
:004132A9
40
00B42B4000C82B
40
004CA141
000CD3
40
00986441007C
A14100F8A0
41
0028
64
inc eax
inc eax
add byte ptr [ecx+41], cl
inc eax
add byte ptr [eax+7C004164], bl
mov eax, dword ptr [A0F80041]
inc ecx
BYTE 064h
:004132AA
:004132AB
:004132AD
:004132B2
:004132B3
:004132B6
:004132B7
:004132BA
:004132BB
:004132BD
:004132BF
:004132C2
:004132C3
:004132C6
:004132C7
:004132CE
:004132CF
:004132D1
:004132D3
:004132D5
:004132D6
:004132D7
:004132D9
:004132DA
:004132DB
:004132DE
:004132DF
:004132E1
:004132E3
:004132E9
:004132EE
:004132EF
:004132F3
:004132F5
:004132F6
41
00DC
A14100E464
41
0014A2
41
0040A2
41
0028
6641
002C66
41
0048A2
41
00AC664100B4A4
41
0010
6741
00FC
A4
41
0000
A5
41
002467
41
0030
6641
00B866410070
A3410048A5
41
0074A541
00C0
A5
41
inc ecx
add ah, bl
inc ecx
add byte ptr [edx], dl
inc ecx
add byte ptr [eax-5E], al
inc ecx
inc cx
inc ecx
add byte ptr [eax-5E], cl
inc ecx
add byte ptr [esi-5B4BFFBF], ch
inc ecx
inc ecx
add ah, bh
movsb
inc ecx
movsd
inc ecx
add byte ptr [edi], ah
inc ecx
inc cx
mov dword ptr [A5480041], eax
inc ecx
add byte ptr [ebp+41], dh
add al, al
movsd
inc ecx
:004132F7
:004132FD
:004132FE
:00413300
:00413302
:00413303
:00413305
:0041330A
00055449636F
6E
8BC0
0433
41
0007
055449636F
6E
add byte ptr [6F634954], al

outsb
mov eax, eax
add al, 33
inc ecx
add eax, 6F634954
outsb
:0041330B 98324100
:0041330F 442E4100
DWORD 00413298
DWORD 00412E44
:00413313
:00413315
:00413318
:00413319
:0041331B
:0041331C
:0041331D
:0041331E
:0041331F

popad
jo 00413383
BYTE 69h
BYTE 63h
BYTE 73h
BYTE 00h
BYTE 00h
0000
084772
61
7068
69
63
73
00
00

|:004170E3 , :0041735B , :00418172 , :00418D55 , :00419A89
|:00419CD8
|
:00413320 85C0
test eax, eax
:00413322 740E
je 00413332
:00413324 3B0530364400
:0041332A 7406
je 00413332
:0041332C 50
push eax
|
:0041332D E81E2BFFFF
Call 00405E50
|:00413322(C), :0041332A(C)
|
:00413332 C3
:00413333 90
:00413334 803341
:00413337 00000000000000000000
:00413341 00000000000000000000
:0041334B 000000000000000000
:00413354
:00413357
:0041335A
:0041335C
:0041335E
:0041335F
:00413361
xor byte ptr

add byte ptr
add byte ptr
mov byte ptr
inc eax
add byte ptr
BYTE 02eh
803341
002400
0000
8810
40
0028
2E
:00413362 40
:00413363 00342E
ret
nop
xor byte ptr [ebx], 41
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
[ebx], 41
[eax+eax], ah
[eax], al
[eax], dl
[eax], ch
inc eax
:00413366 40
:00413367 0038
:00413369 2E
inc eax
BYTE 02eh
:0041336A
:0041336B
:0041336E
:0041336F
:00413371
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00413372
:00413373
:0041337A
:0041337B
:0041337D
:00413380
:00413384
:00413386
:00413388
:0041338B
:0041338C
:0041338D
:0041338E
:0041338F
40
00B42B4000C82B
40
00E4
334100
10545265
736F
7572
63654D
61
6E
61
67
65
inc eax
inc eax
add ah, ah
xor eax, dword ptr [ecx+00]
adc byte ptr [edx+2*edx+65], dl
jnb 004133F5
jne 004133FA
arpl dword ptr [ebp+4D], esp
popad
outsb
popad
BYTE 067h
BYTE 065h
:00413390 728D
:00413392 40
:00413393 00
jb 0041331F
inc eax
BYTE 00h

|:00413436
|
:00413394 89D1
mov ecx, edx
:00413396 89C2
mov edx, eax
:00413398 31C0
xor eax, eax
|:004133A2(C)
|
:0041339A 66C1C005
:0041339E 3202
:004133A0 42
:004133A1 49
:004133A2 75F6
:004133A4 C3
:004133A5 8D4000
rol
xor
inc
dec
jne
ret
ax, 05
al, byte ptr [edx]
edx
ecx
0041339A

|:0041AB77 , :0041AB8C , :0041ABA1
|
:004133A8 53
push ebx
:004133A9 56
push esi
:004133AA 84D2
test dl, dl
:004133AC 7408
je 004133B6
:004133AE 83C4F0
:004133B1 E84EFBFEFF
add esp, FFFFFFF0

call 00402F04
|:004133AC(C)
|
:004133B6 8BDA
:004133B8 8BF0
:004133BA 66894E20
:004133BE 8D4608
:004133C1 50

mov ebx,
mov esi,
mov word
lea eax,
push eax
edx
eax
ptr [esi+20], cx
dword ptr [esi+08]

|
:004133C2 E87129FFFF
Call 00405D38
:004133C7 8BC6
mov eax, esi
:004133C9 84DB
test bl, bl
:004133CB 740F
je 004133DC
:004133CD E88AFBFEFF
call 00402F5C
:004133D2 648F0500000000
:004133D9 83C40C
add esp, 0000000C
|:004133CB(C)
|
:004133DC 8BC6
mov eax, esi
:004133DE 5E
pop esi
:004133DF 5B
pop ebx
:004133E0 C3
ret
:004133E1
:004133E4
:004133E5
:004133E6
:004133EB
:004133ED
:004133EF
:004133F2
8D4000
53
56
E879FBFEFF
8BDA
8BF0
8D4608
50

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
push eax

|
:004133F3 E85828FFFF
Call 00405C50
:004133F8 84DB
test bl, bl
|:00413386(C)
|
:004133FA 7E07
:004133FC 8BC6
:004133FE E851FBFEFF

jle 00413403
mov eax, esi
call 00402F54

|:004133FA(C)
|
:00413403 5E
pop esi
:00413404 5B
pop ebx
:00413405 C3
ret
:00413406 8BC0
mov eax, eax

|:00413440 , :00413523 , :004135C8 , :0041363D
|:00414010 , :004144EA , :004147DE
|
:00413408 83C008
add eax, 00000008
:0041340B 50
push eax
, :004136A4

|
:0041340C E84728FFFF
Call 00405C58
:00413411 C3
ret
:00413412 8BC0
mov eax, eax

|:004134EE , :00413585 , :00413617 , :00413682
|:00414131 , :00414550 , :00414887
|
:00413414 83C008
add eax, 00000008
:00413417 50
push eax
, :004136F1

|
:00413418 E82329FFFF
Call 00405D40
:0041341D C3
ret
:0041341E 8BC0
mov eax, eax

|:004135E4 , :00413E17 , :00414330 , :004145FC
|
:00413420 55
push ebp
:00413421 8BEC
mov ebp, esp
:00413423 83C4F8
add esp, FFFFFFF8
:00413426 53
push ebx
:00413427 56
push esi
:00413428 8BDA
mov ebx, edx
:0041342A 8945FC
:0041342D 8B45FC
:00413430 0FB75020
movzx edx, word ptr [eax+20]
:00413434 8BC3
mov eax, ebx
:00413436 E859FFFFFF
call 00413394
:0041343B 8BF0
mov esi, eax
:0041343D 8B45FC
:00413440 E8C3FFFFFF
call 00413408
:00413445 33D2
xor edx, edx
:00413447 55
push ebp
:00413448 68F4344100
push 004134F4
:0041344D 64FF32
:00413450 648922
:00413453 8B45FC
:00413456 8B4004
:00413459 8945F8
:0041345C EB08
jmp 00413466
|:00413473(C), :0041348B(C)
|
:0041345E 8B45F8
:00413461 8B00
:00413463 8945F8

|:0041345C(U)
|
:00413466 837DF800
:0041346A 7421
:0041346C 8B45F8
:0041346F 663B700C
:00413473 75E9
:00413475 8B45FC
:00413478 0FB74820
:0041347C 8BD3
:0041347E 8B45F8
:00413481 83C010
:00413484 E84340FFFF
:00413489 84C0
:0041348B 74D1
|:0041346A(C)
|
:0041348D 837DF800
:00413491 7545
:00413493 8B45FC
:00413496 0FB74020
:0041349A 83C010
:0041349D E8F2F1FEFF
:004134A2 8945F8
:004134A5 8B45F8
:004134A8 8B55FC
:004134AB 8B5204
:004134AE 8910
:004134B0 33D2
:004134B2 895004
:004134B5 8B13
:004134B7 895008
:004134BA 6689700C
:004134BE 8B55FC
:004134C1 0FB74A20
:004134C5 8D5010
:004134C8 8BC3
:004134CA E8DDF2FEFF
:004134CF 8B45FC
:004134D2 8B55F8
:004134D5 895004

je 0041348D
cmp si, word ptr [eax+0C]
jne 0041345E
movzx ecx, word ptr [eax+20]
mov edx, ebx
add eax, 00000010
call 004074CC
test al, al
je 0041345E

jne 004134D8
add eax, 00000010
call 00402694
xor edx, edx
mov word ptr [eax+0C], si
movzx ecx, word ptr [edx+20]
mov eax, ebx
call 004027AC

|:00413491(C)
|
:004134D8 8B45F8
:004134DB FF4004
inc [eax+04]
:004134DE 33C0
xor eax, eax
:004134E0 5A
pop edx
:004134E1 59
pop ecx
:004134E2 59
pop ecx
:004134E3 648910
:004134E6 68FB344100

push 004134FB
|:004134F9(U)
|
:004134EB 8B45FC
:004134EE E821FFFFFF
:004134F3 C3
:004134F4
:004134F9
:004134FB
:004134FE
:004134FF
:00413500
:00413501
:00413502
:00413503
jmp
jmp
mov
pop
pop
pop
pop
pop
ret
E97FFDFEFF
EBF0
8B45F8
5E
5B
59
59
5D
C3

call 00413414
ret
00403278
004134EB
esi
ebx
ecx
ecx
ebp

|:00413602 , :0041366D , :00413E5B , :0041436B , :00414633
|
:00413504 55
push ebp
:00413505 8BEC
mov ebp, esp
:00413507 83C4F0
add esp, FFFFFFF0
:0041350A 8955F8
:0041350D 8945FC
:00413510 837DF800
:00413514 0F8496000000
je 004135B0
:0041351A 8B45F8
:0041351D 8945F0
:00413520 8B45FC
call 00413408
:00413528 33C9
xor ecx, ecx
:0041352A 55
push ebp
:0041352B 688B354100
push 0041358B
:00413530 64FF31
:00413533 648921
:00413536 8B45F0
:00413539 FF4804
dec [eax+04]
:0041353C 8B45F0
:0041353F 83780400
:00413543 0F9445F7
sete byte ptr [ebp-09]
:00413547 807DF700
:0041354B 7428
je 00413575
:0041354D 8B45FC
:00413550 8B4004
:00413553 3B45F8
:00413556 750F
jne 00413567
:00413558 8B45F8
:0041355B 8B00
:0041355D 8B55FC
:00413560 894204
:00413563 EB10
jmp 00413575
|:0041356C(C)
|
:00413565 8BC2
mov eax, edx

|:00413556(C)
|
:00413567 8B10
:00413569 3B55F8
:0041356C 75F7
jne 00413565
:0041356E 8B55F8
:00413571 8B12
:00413573 8910
|:0041354B(C), :00413563(U)
|
:00413575 33C0
:00413577 5A
:00413578 59
:00413579 59
:0041357A 648910
:0041357D 6892354100
|:00413590(U)
|
:00413582 8B45FC
:00413585 E88AFEFFFF
:0041358A C3
:0041358B
:00413590
:00413592
:00413596
:00413598
:0041359B
:0041359E
:004135A0
:004135A2
jmp 00403278
jmp 00413582
je 004135B0
test eax, eax
je 004135A8
push eax
E9E8FCFEFF
EBF0
807DF700
7418
8B45F0
8B4008
85C0
7406
50
xor eax, eax

pop edx
pop ecx
pop ecx
push 00413592

call 00413414
ret

|
:004135A3 E8A828FFFF
Call 00405E50
|:004135A0(C)
|
:004135A8 8B45F8
:004135AB E8FCF0FEFF
call 004026AC
|:00413514(C), :00413596(C)
|
:004135B0 8BE5
:004135B2 5D
:004135B3 C3

mov esp, ebp
pop ebp
ret

|:00413FA2 , :0041447A , :0041473A
|
:004135B4 55
push ebp
:004135B5 8BEC
mov ebp, esp
:004135B7 83C4F8
add esp, FFFFFFF8
:004135BA 53
push ebx
:004135BB 56
push esi
:004135BC 57
push edi
:004135BD 894DF8
:004135C0 8BDA
mov ebx, edx
:004135C2 8945FC
:004135C5 8B45FC
:004135C8 E83BFEFFFF
call 00413408
:004135CD 33C0
xor eax, eax
:004135CF 55
push ebp
:004135D0 681D364100
push 0041361D
:004135D5 64FF30
:004135D8 648920
:004135DB 8B730C
mov esi, dword ptr [ebx+0C]
:004135DE 8B55F8
:004135E1 8B45FC
:004135E4 E837FEFFFF
call 00413420
:004135E9 8BF8
mov edi, eax
:004135EB 897B0C
:004135EE 3BF7
cmp esi, edi
:004135F0 740B
je 004135FD
:004135F2 8BC3
mov eax, ebx
:004135F4 66BBFDFF
mov bx, FFFD
:004135F8 E8F7F7FEFF
call 00402DF4
|:004135F0(C)
|
:004135FD 8BD6
:004135FF 8B45FC
:00413602 E8FDFEFFFF
:00413607 33C0
:00413609 5A
:0041360A 59
:0041360B 59
:0041360C 648910

mov edx, esi
call 00413504
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0041360F 6824364100
push 00413624
|:00413622(U)
|
:00413614 8B45FC
:00413617 E8F8FDFFFF
:0041361C C3
:0041361D
:00413622
:00413624
:00413625
jmp
jmp
pop
pop
E956FCFEFF
EBF0
5F
5E

call 00413414
ret
00403278
00413614
edi
esi
:00413626
:00413627
:00413628
:00413629
:0041362A
5B
59
59
5D
C3
pop
pop
pop
pop
ret
:0041362B 90
nop
ebx
ecx
ecx
ebp

|:00413EE8 , :004143DC , :004146A0
|
:0041362C 55
push ebp
:0041362D 8BEC
mov ebp, esp
:0041362F 51
push ecx
:00413630 53
push ebx
:00413631 56
push esi
:00413632 57
push edi
:00413633 8BF9
mov edi, ecx
:00413635 8BDA
mov ebx, edx
:00413637 8945FC
:0041363A 8B45FC
:0041363D E8C6FDFFFF
call 00413408
:00413642 33C0
xor eax, eax
:00413644 55
push ebp
:00413645 6888364100
push 00413688
:0041364A 64FF30
:0041364D 648920
:00413650 8B730C
:00413653 3BFE
cmp edi, esi
:00413655 741B
je 00413672
:00413657 FF4704
inc [edi+04]
:0041365A 897B0C
:0041365D 8BC3
mov eax, ebx
:0041365F 66BBFDFF
mov bx, FFFD
:00413663 E88CF7FEFF
call 00402DF4
:00413668 8BD6
mov edx, esi
:0041366A 8B45FC
:0041366D E892FEFFFF
call 00413504
|:00413655(C)
|
:00413672 33C0
xor eax, eax
:00413674 5A
pop edx
:00413675 59
pop ecx
:00413676 59
pop ecx
:00413677 648910
|
:0041367A 688F364100
push 0041368F
|:0041368D(U)
|
:0041367F 8B45FC
:00413682 E88DFDFFFF
:00413687 C3

call 00413414
ret
:00413688
:0041368D
:0041368F
:00413690
:00413691
:00413692
:00413693
:00413694
E9EBFBFEFF
EBF0
5F
5E
5B
59
5D
C3
:00413695 8D4000
jmp
jmp
pop
pop
pop
pop
pop
ret
00403278
0041367F
edi
esi
ebx
ecx
ebp

|:0041375C , :00413766
|
:00413698 55
push ebp
:00413699 8BEC
mov ebp, esp
:0041369B 51
push ecx
:0041369C 53
push ebx
:0041369D 56
push esi
:0041369E 8945FC
:004136A1 8B45FC
:004136A4 E85FFDFFFF
call 00413408
:004136A9 33D2
xor edx, edx
:004136AB 55
push ebp
:004136AC 68F7364100
push 004136F7
:004136B1 64FF32
:004136B4 648922
:004136B7 8B45FC
:004136BA 8B5804
:004136BD 85DB
test ebx, ebx
:004136BF 7420
je 004136E1
|:004136DF(C)
|
:004136C1 8BF3
:004136C3 8B4608
:004136C6 85C0
:004136C8 7411
:004136CA 837E1400
:004136CE 7D0B
:004136D0 50

mov esi, ebx
test eax, eax
je 004136DB
jge 004136DB
push eax

|
:004136D1 E87A27FFFF
Call 00405E50
:004136D6 33C0
xor eax, eax
:004136D8 894608
|:004136C8(C), :004136CE(C)
|
:004136DB 8B1B
:004136DD 85DB
:004136DF 75E0

test ebx, ebx
jne 004136C1

|:004136BF(C)
|
:004136E1
:004136E3
:004136E4
:004136E5
:004136E6
33C0
5A
59
59
648910
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:004136E9 68FE364100
push 004136FE
|:004136FC(U)
|
:004136EE 8B45FC
:004136F1 E81EFDFFFF
:004136F6 C3
:004136F7
:004136FC
:004136FE
:004136FF
:00413700
:00413701
:00413702
jmp
jmp
pop
pop
pop
pop
ret
E97CFBFEFF
EBF0
5E
5B
59
5D
C3
:00413703 90

call 00413414
ret
00403278
004136EE
esi
ebx
ecx
ebp
nop

|:004271BF
|
:00413704 55
push ebp
:00413705 8BEC
mov ebp, esp
:00413707 83C4F8
add esp, FFFFFFF8
:0041370A 53
push ebx
:0041370B 56
push esi
:0041370C 33C0
xor eax, eax
:0041370E 8945FC
:00413711 A188364400
:00413716 E87998FFFF
call 0040CF94
:0041371B 8945F8
:0041371E 33C0
xor eax, eax
:00413720 55
push ebp
:00413721 68A1374100
push 004137A1
:00413726 64FF30
:00413729 648920
:0041372C EB1E
jmp 0041374C
|:00413755(C)
|
:0041372E 8B55FC
:00413731 8B45F8
:00413734 E83F94FFFF
:00413739 8BD8
:0041373B 8BC3
:0041373D E862140000
:00413742 FF45FC

call 0040CB78
mov ebx, eax
mov eax, ebx
call 00414BA4
inc [ebp-04]
:00413745 8BC3
:00413747 E834170000
mov eax, ebx

call 00414E80
|:0041372C(U)
|
:0041374C 8B45F8
:0041374F 8B4008
:00413752 3B45FC
:00413755 7FD7
:00413757 A180364400
:00413761 A184364400
:00413766 E82DFFFFFF
:0041376B 33C0
:0041376D 5A
:0041376E 59
:0041376F 59
:00413770 648910

jg 0041372E
call 00413698
call 00413698
xor eax, eax
pop edx
pop ecx
pop ecx

|
:00413773 68A8374100
push 004137A8
|:004137A6(U)
|
:00413778 8B5DFC
:0041377B 4B
dec ebx
:0041377C 85DB
test ebx, ebx
:0041377E 7C16
jl 00413796
:00413780 43
inc ebx
:00413781 33F6
xor esi, esi
|:00413794(C)
|
:00413783 8BD6
:00413785 8B45F8
:00413788 E8EB93FFFF
:0041378D E8C6150000
:00413792 46
:00413793 4B
:00413794 75ED
|:0041377E(C)
|
:00413796 A188364400
:0041379B E85898FFFF
:004137A0 C3
:004137A1
:004137A6
:004137A8
:004137A9
:004137AA
:004137AB
:004137AC
jmp
jmp
pop
pop
pop
pop
pop
E9D2FAFEFF
EBD0
5E
5B
59
59
5D
mov edx, esi

call 0040CB78
call 00414D58
inc esi
dec ebx
jne 00413783

call 0040CFF8
ret
00403278
00413778
esi
ebx
ecx
ecx
ebp
:004137AD C3
ret
:004137AE 8BC0
:004137B0 FFFFFFFF
mov eax, eax

BYTE 4 DUP(0ffh)
:004137B4 07
:004137B5 000000
pop es
BYTE 3 DUP(0)
:004137B8
:004137BC
:004137BD
:004137C0
636C426C
61
636B00
FFFFFFFF
arpl dword ptr [edx+2*eax+6C], ebp

popad
BYTE 4 DUP(0ffh)
:004137C4
:004137C6
:004137C8
:004137CC
:004137CE
:004137CF
:004137D0
0800
0000
636C4D61
726F
6F
6E
00000000

arpl dword ptr [ebp+2*ecx+61], ebp
jb 0041383D
outsd
outsb
BYTE 4 DUP(0)
:004137D4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004137D8 07
:004137D9 000000
pop es
BYTE 3 DUP(0)
:004137DC 636C4772
:004137E0 65
arpl dword ptr [edi+2*eax+72], ebp

BYTE 065h
:004137E1 65
BYTE 065h
:004137E2 6E
:004137E3 00FF
:004137E5 FFFFFF
outsb
add bh, bh
BYTE 3 DUP(0ffh)
:004137E8 07
:004137E9 000000
pop es
BYTE 3 DUP(0)
:004137EC
:004137F0
:004137F7
:004137F9
636C4F6C
69766500FFFFFF
FF06
000000
arpl dword ptr [edi+2*ecx+6C], ebp

imul esi, dword ptr [esi+65], FFFFFF00
inc dword ptr [esi]
BYTE 3 DUP(0)
:004137FC
:00413800
:00413802
:00413804
636C4E61
7679
0000
FFFFFFFF
arpl dword ptr [esi+2*ecx+61], ebp

jbe 0041387B
BYTE 4 DUP(0ffh)
:00413808
:0041380A
:0041380C
:00413810
:00413812
:00413813
0800
0000
636C5075
7270
6C
65

arpl dword ptr [eax+2*edx+75], ebp
jb 00413882
insb
BYTE 065h
:00413814 00000000
BYTE 4 DUP(0)
:00413818 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041381C 06
:0041381D 000000
push es
BYTE 3 DUP(0)
:00413820
:00413824
:00413825
:00413826
:00413828
arpl dword ptr [esp+2*edx+65], ebp

popad
insb
BYTE 4 DUP(0ffh)
636C5465
61
6C
0000
FFFFFFFF
:0041382C 06
:0041382D 000000
push es
BYTE 3 DUP(0)
:00413830 636C4772
:00413834 61
:00413835 7900

popad
jns 00413837

|:00413835(C)
|
:00413837 00FF
add bh, bh
:00413839 FFFFFF
BYTE 3 DUP(0ffh)
:0041383C
:0041383E
:00413840
:00413844
:00413845
:00413847
0800
0000
636C5369
6C
7665
7200

arpl dword ptr [ebx+2*edx+69], ebp
insb
jbe 004138AC
jb 00413849

|:00413847(C)
|
:00413849 000000
BYTE 3 DUP(0)
:0041384C FFFFFFFF
BYTE 4 DUP(0ffh)
:00413850
:00413855
:00413856
:00413857
0500000063
6C
52
65
add eax, 63000000

insb
push edx
BYTE 065h
:00413858 64
BYTE 064h
:00413859 000000
BYTE 3 DUP(0)
:0041385C FFFFFFFF
BYTE 4 DUP(0ffh)
:00413860 06
:00413861 000000
push es
BYTE 3 DUP(0)
:00413864 636C4C69
:00413868 6D
:00413869 65
arpl dword ptr [esp+2*ecx+69], ebp

insd
BYTE 065h
:0041386A 0000
:0041386C FFFFFFFF

BYTE 4 DUP(0ffh)
:00413870
:00413872
:00413874
:00413878
:00413879
:0041387A

arpl dword ptr [ecx+2*ebx+65], ebp
insb
insb
outsd
0800
0000
636C5965
6C
6C
6F

|:00413800(C)
|
:0041387B 7700
ja 0041387D
|:0041387B(C)
|
:0041387D 000000
BYTE 3 DUP(0)
:00413880 FFFFFFFF
BYTE 4 DUP(0ffh)
:00413884 06
:00413885 000000
push es
BYTE 3 DUP(0)
:00413888
:0041388C
:0041388E
:00413890
636C426C
7565
0000
FFFFFFFF
arpl dword ptr [edx+2*eax+6C], ebp

jne 004138F3
BYTE 4 DUP(0ffh)
:00413894
:00413896
:00413898
:0041389C
:0041389F
:004138A6
0900
0000
636C4675
636873
6961000000FFFF
FFFF
or dword ptr [eax], eax

arpl dword ptr [esi+2*eax+75], ebp
imul esp, dword ptr [ecx+00], FFFF0000
BYTE 2 DUP(0ffh)
:004138A8 06
:004138A9 000000
push es
BYTE 3 DUP(0)
|:00413845(C)
|
:004138AC 636C4171
:004138B0 7561
:004138B2 0000
:004138B4 FFFFFFFF
:004138B8 07
:004138B9 000000
pop es
BYTE 3 DUP(0)
:004138BC
:004138C0
:004138C8
:004138CA
:004138CC
:004138D0
:004138D2
:004138D3
:004138D4
:004138D5
:004138D6
arpl dword ptr [edi+2*edx+68], ebp

imul esi, dword ptr [ebp], FFFFFFFF
or eax, dword ptr [eax]
arpl dword ptr [ebx+2*edx+63], ebp
jb 00413941
insb
insb
inc edx
popad
jb 004138D8
636C5768
69746500FFFFFFFF
0B00
0000
636C5363
726F
6C
6C
42
61
7200
arpl dword ptr [ecx+2*eax+71], ebp

jne 00413913
BYTE 4 DUP(0ffh)
|:004138D6(C)
|
:004138D8 FFFFFFFF
:004138DC 0C00
:004138DE 0000
:004138E0 636C4261
:004138E4 636B67
:004138E7 726F
:004138E9 756E
:004138EB 64
:004138EC 00000000
BYTE 4 DUP(0)
:004138F0 FFFFFFFF
BYTE 4 DUP(0ffh)
:004138F4
:004138F7
:004138FA
:004138FB
:004138FF
0F0000
00636C
41
63746976
65

add byte ptr [ebx+6C], ah
inc ecx
BYTE 065h
:00413900
:00413901
:00413902
:00413904
43
61
7074
696F6E00FFFFFF
inc ebx
popad
jo 00413978
imul ebp, dword ptr [edi+6E], FFFFFF00
BYTE 4 DUP(0ffh)
or al, 00
arpl dword ptr [edx+2*eax+61], ebp
jb 00413958
jne 00413959
BYTE 064h
:0041390B FF11
:0041390D 000000

BYTE 3 DUP(0)
:00413910
:00413914
:00413915
:00413919
636C496E
61
63746976
65
arpl dword ptr [ecx+2*ecx+6E], ebp

popad
BYTE 065h
:0041391A
:0041391B
:0041391C
:0041391E
:00413925
43
61
7074
696F6E000000FF
FFFFFF
inc ebx
popad
jo 00413992
imul ebp, dword ptr [edi+6E], FF000000
BYTE 3 DUP(0ffh)
:00413928 06
:00413929 000000
push es
BYTE 3 DUP(0)
:0041392C 636C4D65
:00413930 6E
:00413931 7500

outsb
jne 00413933

|:00413931(C)
|
:00413933 00FF
add bh, bh
:00413935 FFFFFF
BYTE 3 DUP(0ffh)
:00413938
:0041393A
:0041393C
:00413940
0800
0000
636C5769
6E

outsb

|:004138D0(C)
|
:00413941 64
BYTE 064h
:00413942 6F
outsd
:00413943 7700
ja 00413945
|:00413943(C)
|
:00413945 000000
BYTE 3 DUP(0)
:00413948 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041394C
:00413951
:00413952
:00413953
:0041395A
:0041395B
:0041395C
0D00000063
6C
57
696E646F774672
61
6D
65
or eax, 63000000
insb
push edi
imul ebp, dword ptr [esi+64], 7246776F
popad
insd
BYTE 065h
:0041395D 000000
BYTE 3 DUP(0)
:00413960 FFFFFFFF
BYTE 4 DUP(0ffh)
:00413964
:00413966
:00413968
:0041396C
:0041396D
:0041396F

outsb
jne 004139C3
BYTE 065h
0A00
0000
636C4D65
6E
7554
65
:00413970 7874
:00413972 0000
:00413974 FFFFFFFF
js 004139E6
BYTE 4 DUP(0ffh)
|:00413902(C)
|
:00413978 0C00
:0041397A 0000
:0041397C 636C5769
:00413980 6E
:00413981 64
:00413982 6F
:00413983 7754
:00413985 65
outsd
ja 004139D9
BYTE 065h
:00413986 7874
:00413988 00000000
js 004139FC
BYTE 4 DUP(0)
:0041398C FFFFFFFF
BYTE 4 DUP(0ffh)
:00413990
:00413995
:00413996
:00413997
:00413998
:0041399A
:004139A1
or eax, 63000000
insb
inc ebx
popad
jo 00413A0E
imul ebp, dword ptr [edi+6E], 74786554
BYTE 3 DUP(0)
0D00000063
6C
43
61
7074
696F6E54657874
000000
or al, 00
outsb
BYTE 064h
:004139A4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004139A8 0E
:004139A9 000000
push cs
BYTE 3 DUP(0)
:004139AC 636C4163
:004139B0 7469

je 00413A1B
:004139B2
:004139B4
:004139B5
:004139B6
:004139B8
7665
42
6F
7264
65
:004139B9 7200
jbe 00413A19
inc edx
outsd
jb 00413A1C
BYTE 065h
jb 004139BB

|:004139B9(C)
|
:004139BB 00FF
add bh, bh
:004139BD FFFFFF
BYTE 3 DUP(0ffh)
:004139C0
:004139C2
:004139C4
:004139C8
:004139C9
:004139CD
1000
0000
636C496E
61
63746976
65

popad
BYTE 065h
:004139CE
:004139CF
:004139D0
:004139D2
42
6F
7264
65
inc edx
outsd
jb 00413A36
BYTE 065h
:004139D3 7200
jb 004139D5

|:004139D3(C)
|
:004139D5 000000
BYTE 3 DUP(0)
:004139D8 FFFFFFFF
BYTE 4 DUP(0ffh)
:004139DC 0E
:004139DD 000000
push cs
BYTE 3 DUP(0)
:004139E0 636C4170
:004139E4 7057

jo 00413A3D

|:00413970(C)
|
:004139E6 6F
outsd
:004139E7 726B
jb 00413A54
:004139E9 53
push ebx
:004139EA 7061
jo 00413A4D
:004139EC 636500
:004139EF 00FF
add bh, bh
:004139F1 FFFFFF
BYTE 3 DUP(0ffh)
:004139F4 0B00
:004139F6 0000

:004139F8 636C4869
arpl dword ptr [eax+2*ecx+69], ebp

|:00413986(C)
|
:004139FC 67686C696768
push 6867696C
:00413A02 7400
je 00413A04
|:00413A02(C)
|
:00413A04 FFFFFFFF
:00413A08 0F0000
:00413A0B 00636C
|:00413998(C)
|
:00413A0E 48
:00413A0F 6967686C696768
:00413A16 7454
:00413A18 65
BYTE 4 DUP(0ffh)
add byte ptr [ebx+6C], ah
dec eax
imul esp, dword ptr [edi+68], 6867696C
je 00413A6C
BYTE 065h

|:004139B2(C)
|
:00413A19 7874
js 00413A8F
|:004139B0(C)
|
:00413A1B 00FF
add bh, bh
:00413A1D FFFFFF
BYTE 3 DUP(0ffh)
:00413A20
:00413A22
:00413A24
:00413A28
:00413A29
:00413A2A
:00413A2B
:00413A2E
:00413A30
0900
0000
636C4274
6E
46
61
636500
0000
FFFFFFFF

outsb
inc esi
popad
BYTE 4 DUP(0ffh)
:00413A34 0B00
|:004139D0(C)
|
:00413A36 0000
:00413A38 636C4274
:00413A3C 6E

outsb

|:004139E4(C)
|
:00413A3D
:00413A3E
:00413A43
:00413A45
53
6861646F77
00FF
FFFFFF
push ebx
push 776F6461
add bh, bh
BYTE 3 DUP(0ffh)
:00413A48
:00413A4A
:00413A4C
:00413A50
:00413A51
:00413A53
0A00
0000
636C4772
61
7954
65

popad
jns 00413AA7
BYTE 065h
|:004139E7(C)
|
:00413A54 7874
:00413A56 0000
:00413A58 FFFFFFFF
:00413A5C
:00413A5E
:00413A60
:00413A64
:00413A65
:00413A66

outsb
push esp
BYTE 065h
0900
0000
636C4274
6E
54
65
js 00413ACA
BYTE 4 DUP(0ffh)
:00413A67 7874
:00413A69 000000
js 00413ADD
BYTE 3 DUP(0)
|:00413A16(C)
|
:00413A6C FFFFFFFF
:00413A70 1500000063
:00413A75 6C
:00413A76 49
:00413A77 6E
:00413A78 61
:00413A79 63746976
:00413A7D 65
:00413A7E
:00413A7F
:00413A80
:00413A82
:00413A89
inc ebx
popad
jo 00413AF6
BYTE 3 DUP(0)
43
61
7074
696F6E54657874
000000
BYTE 4 DUP(0ffh)
adc eax, 63000000
insb
dec ecx
outsb
popad
BYTE 065h
:00413A8C FFFFFFFF
BYTE 4 DUP(0ffh)
:00413A90 0E
push cs
:00413A91 000000
BYTE 3 DUP(0)
:00413A94
:00413A98
:00413A99
:00413A9A
:00413AA1

outsb
dec eax
imul esp, dword ptr [edi+68], 6867696C
je 00413AA3
636C4274
6E
48
6967686C696768
7400

|:00413AA1(C)
|
:00413AA3 00FF
add bh, bh
:00413AA5 FFFFFF
BYTE 3 DUP(0ffh)
:00413AA8
:00413AAA
:00413AAC
:00413AB0
:00413AB1
:00413AB5
0C00
0000
636C3344
44
6B536861
64
:00413AB6 6F
:00413AB7 7700
or al, 00
arpl dword ptr [ebx+esi+44], ebp
inc esp
imul edx, dword ptr [ebx+68], 00000061
BYTE 064h
outsd
ja 00413AB9

|:00413AB7(C)
|
:00413AB9 000000
BYTE 3 DUP(0)
:00413ABC FFFFFFFF
BYTE 4 DUP(0ffh)
:00413AC0
:00413AC2
:00413AC4
:00413AC8
:00413AC9
:00413AD0
0900
0000
636C3344
4C
69676874000000
FFFFFFFF

arpl dword ptr [ebx+esi+44], ebp
dec esp
imul esp, dword ptr [edi+68], 00000074
BYTE 4 DUP(0ffh)
:00413AD4
:00413AD6
:00413AD8
:00413ADC
:00413ADE
:00413ADF
0A00
0000
636C496E
666F
54
65

outsw
push esp
BYTE 065h
:00413AE0 7874
:00413AE2 0000
:00413AE4 FFFFFFFF
js 00413B56
BYTE 4 DUP(0ffh)
:00413AE8
:00413AEA
:00413AEC
:00413AF0
:00413AF2

outsw
inc edx
0800
0000
636C496E
666F
42
:00413AF3 6B0000
imul eax, dword ptr [eax], 00000000

|:00413A80(C)
|
:00413AF6 0000
:00413AF8 FFFFFFFF
BYTE 4 DUP(0ffh)
:00413AFC 06
:00413AFD 000000
push es
BYTE 3 DUP(0)
:00413B00 636C4E6F
:00413B04 6E
:00413B05 65
arpl dword ptr [esi+2*ecx+6F], ebp

outsb
BYTE 065h
:00413B06 0000
|:00414527 , :0041485E
|:0041503F , :004150B7
|:004186B8 , :004186CB
|:0041AA11 , :0041AA19
|:00426FBD , :0042E560
|
:00413B08 85C0
:00413B0A 7D0B
:00413B0C 25FF000000
:00413B11 50
Addresses:
, :00414AC6
, :004150DB
, :00418772
, :00426BE0
, :00437693
,
,
,
,
:00414ADB
:00418673
:0041878C
:00426BFA
,
,
,
,
:00414E3B
:0041868D
:00419181
:00426F70
test eax, eax

jge 00413B17
and eax, 000000FF
push eax
* Reference To: user32.GetSysColor, Ord:0000h

|
:00413B12 E8F926FFFF
Call 00406210
|:00413B0A(C)
|
:00413B17 C3
:00413B18 6A29
:00413B1A B934234400
:00413B1F E8F48BFFFF
:00413B24 C3
:00413B25
:00413B28
:00413B2A
:00413B2F
:00413B34

push 00000029
mov ecx, 00442334
call 0040C6D8
ret
8D4000
6A29
B934234400
E8A48BFFFF
C3
:00413B35 8D4000
ret
push 00000029
mov ecx, 00442334
call 0040C718
ret

|:00413E75
|
:00413B38 53
push ebx
:00413B39 6683780600
:00413B3E
:00413B40
:00413B42
:00413B44
:00413B47
740A
8BD8
8BD0
8B4308
FF5304
je 00413B4A
mov ebx, eax
mov edx, eax
call [ebx+04]

|:00413B3E(C)
|
:00413B4A 5B
pop ebx
:00413B4B C3
ret

|:00413EB2 , :00413ECA , :00413F85 , :004143A6 , :004143BE
|:0041445D , :0041466A , :00414682 , :0041471D
|
:00413B4C 8B5010
:00413B4F 85D2
test edx, edx
:00413B51 7406
je 00413B59
:00413B53 52
push edx
|
:00413B54 E8FF20FFFF
Call 00405C58
|:00413B51(C)
|
:00413B59 C3
ret
:00413B5A 8BC0
mov eax, eax
|:00413F24 , :00413F41 , :00413FB7 , :004143FC , :00414419
|:0041448F , :004146B5 , :004146D2 , :0041474F
|
:00413B5C 8B5010
:00413B5F 85D2
test edx, edx
:00413B61 7406
je 00413B69
:00413B63 52
push edx
|
:00413B64 E8D721FFFF
Call 00405D40
|:00413B61(C)
|
:00413B69 C3
:00413B6A 8BC0
:00413B6C FFFFFFFF
:00413B70
:00413B72
:00413B74
:00413B75
:00413B76
:00413B77
or al, 00
inc ecx
dec esi
push ebx
dec ecx
0C00
0000
41
4E
53
49
ret
mov eax, eax
BYTE 4 DUP(0ffh)
:00413B78
:00413B79
:00413B7A
:00413B7B
:00413B7C
:00413B7D
:00413B7E
:00413B7F
:00413B80
5F
43
48
41
52
53
45
54
00000000
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0)
:00413B84 FFFFFFFF
BYTE 4 DUP(0ffh)
:00413B88
:00413B8B
:00413B8F
:00413B90
:00413B91
:00413B92
:00413B93
:00413B94
:00413B95
:00413B96
:00413B97
:00413B98
:00413B99
:00413B9A
:00413B9B
:00413B9D

add byte ptr [ebp+2*eax+46], al
inc ecx
push ebp
dec esp
push esp
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
add bh, bh
BYTE 3 DUP(0ffh)
0F0000
00444546
41
55
4C
54
5F
43
48
41
52
53
45
54
00FF
FFFFFF
:00413BA0 0E
:00413BA1 000000
push cs
BYTE 3 DUP(0)
:00413BA4
:00413BA5
:00413BA6
:00413BA7
:00413BA8
:00413BA9
:00413BAA
:00413BAB
:00413BAC
:00413BAD
:00413BAE
:00413BAF
:00413BB0
:00413BB1
:00413BB2
:00413BB4
53
59
4D
42
4F
4C
5F
43
48
41
52
53
45
54
0000
FFFFFFFF
push ebx
pop ecx
dec ebp
inc edx
dec edi
dec esp
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0ffh)
:00413BB8
:00413BBA
:00413BBC
:00413BBD
:00413BBE
:00413BBF
0B00
0000
4D
41
43
5F

dec ebp
inc ecx
inc ebx
pop edi
:00413BC0
:00413BC1
:00413BC2
:00413BC3
:00413BC4
:00413BC5
:00413BC6
:00413BC7
:00413BC9
43
48
41
52
53
45
54
00FF
FFFFFF
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
add bh, bh
BYTE 3 DUP(0ffh)
:00413BCC
:00413BCE
:00413BD0
:00413BD1
:00413BD2
:00413BD3
:00413BD4
:00413BD5
:00413BD6
:00413BD7
:00413BD8
:00413BD9
:00413BDA
:00413BDB
:00413BDC
:00413BDD
:00413BDE
:00413BDF
:00413BE0
1000
0000
53
48
49
46
54
4A
49
53
5F
43
48
41
52
53
45
54
00000000

push ebx
dec eax
dec ecx
inc esi
push esp
dec edx
dec ecx
push ebx
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0)
:00413BE4 FFFFFFFF
BYTE 4 DUP(0ffh)
:00413BE8
:00413BEB
:00413BEE
:00413BEF
:00413BF0
:00413BF1
:00413BF2
:00413BF3
:00413BF4
:00413BF5
:00413BF6
:00413BF7
:00413BF8
:00413BF9
:00413BFA
:00413BFB
:00413BFD
0F0000
004841
4E
47
45
55
4C
5F
43
48
41
52
53
45
54
00FF
FFFFFF

dec esi
inc edi
inc ebp
push ebp
dec esp
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
add bh, bh
BYTE 3 DUP(0ffh)
:00413C00
:00413C05
:00413C06
:00413C07
:00413C08
:00413C09
0D0000004A
4F
48
41
42
5F
or eax, 4A000000
dec edi
dec eax
inc ecx
inc edx
pop edi
:00413C0A
:00413C0B
:00413C0C
:00413C0D
:00413C0E
:00413C0F
:00413C10
:00413C11
43
48
41
52
53
45
54
000000
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 3 DUP(0)
:00413C14 FFFFFFFF
BYTE 4 DUP(0ffh)
:00413C18 0E
:00413C19 000000
push cs
BYTE 3 DUP(0)
:00413C1C
:00413C1D
:00413C1E
:00413C20
:00413C22
:00413C23
:00413C24
:00413C25
:00413C26
:00413C27
:00413C28
:00413C29
:00413C2A
:00413C2C
47
42
3233
3132
5F
43
48
41
52
53
45
54
0000
FFFFFFFF
inc edi
inc edx
xor dh, byte ptr [ebx]
xor dword ptr [edx], esi
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0ffh)
:00413C30
:00413C32
:00413C34
:00413C35
:00413C36
:00413C37
:00413C38
:00413C39
:00413C3A
:00413C3B
:00413C3C
:00413C3D
:00413C3E
:00413C43
:00413C44
:00413C45
:00413C46
:00413C47
:00413C49
1300
0000
43
48
49
4E
45
53
45
42
49
47
355F434841
52
53
45
54
00FF
FFFFFF
adc eax, dword ptr [eax]

inc ebx
dec eax
dec ecx
dec esi
inc ebp
push ebx
inc ebp
inc edx
dec ecx
inc edi
xor eax, 4148435F
push edx
push ebx
inc ebp
push esp
add bh, bh
BYTE 3 DUP(0ffh)
:00413C4C
:00413C51
:00413C52
:00413C53
:00413C54
:00413C55
0D00000047
52
45
45
4B
5F
or eax, 47000000
push edx
inc ebp
inc ebp
dec ebx
pop edi
:00413C56
:00413C57
:00413C58
:00413C59
:00413C5A
:00413C5B
:00413C5C
:00413C5D
43
48
41
52
53
45
54
000000
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 3 DUP(0)
:00413C60 FFFFFFFF
BYTE 4 DUP(0ffh)
:00413C64
:00413C67
:00413C6B
:00413C6C
:00413C6D
:00413C6E
:00413C6F
:00413C70
:00413C71
:00413C72
:00413C73
:00413C74
:00413C75
:00413C76
:00413C77
:00413C79

add byte ptr [ebp+2*edx+52], dl
dec ebx
dec ecx
push ebx
dec eax
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
add bh, bh
BYTE 3 DUP(0ffh)
0F0000
00545552
4B
49
53
48
5F
43
48
41
52
53
45
54
00FF
FFFFFF
:00413C7C 0E
:00413C7D 000000
push cs
BYTE 3 DUP(0)
:00413C80
:00413C81
:00413C82
:00413C83
:00413C84
:00413C85
:00413C86
:00413C87
:00413C88
:00413C89
:00413C8A
:00413C8B
:00413C8C
:00413C8D
:00413C8E
:00413C90
dec eax
inc ebp
inc edx
push edx
inc ebp
push edi
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0ffh)
48
45
42
52
45
57
5F
43
48
41
52
53
45
54
0000
FFFFFFFF
:00413C94 0E
:00413C95 000000
push cs
BYTE 3 DUP(0)
:00413C98 41
:00413C99 52
:00413C9A 41
inc ecx
push edx
inc ecx
:00413C9B
:00413C9C
:00413C9D
:00413C9E
:00413C9F
:00413CA0
:00413CA1
:00413CA2
:00413CA3
:00413CA4
:00413CA5
:00413CA6
:00413CA8
42
49
43
5F
43
48
41
52
53
45
54
0000
FFFFFFFF
inc edx
dec ecx
inc ebx
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0ffh)
:00413CAC 0E
:00413CAD 000000
push cs
BYTE 3 DUP(0)
:00413CB0
:00413CB1
:00413CB2
:00413CB3
:00413CB4
:00413CB5
:00413CB6
:00413CB7
:00413CB8
:00413CB9
:00413CBA
:00413CBB
:00413CBC
:00413CBD
:00413CBE
:00413CC0
42
41
4C
54
49
43
5F
43
48
41
52
53
45
54
0000
FFFFFFFF
inc edx
inc ecx
dec esp
push esp
dec ecx
inc ebx
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0ffh)
:00413CC4
:00413CC7
:00413CCA
:00413CCB
:00413CCC
:00413CCD
:00413CCE
:00413CCF
:00413CD0
:00413CD1
:00413CD2
:00413CD3
:00413CD4
:00413CD5
:00413CD6
:00413CD7
:00413CD9
0F0000
005255
53
53
49
41
4E
5F
43
48
41
52
53
45
54
00FF
FFFFFF

add byte ptr [edx+55], dl
push ebx
push ebx
dec ecx
inc ecx
dec esi
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
add bh, bh
BYTE 3 DUP(0ffh)
:00413CDC
:00413CDE
:00413CE0
:00413CE1
0C00
0000
54
48
or al, 00
push esp
dec eax
:00413CE2
:00413CE3
:00413CE4
:00413CE5
:00413CE6
:00413CE7
:00413CE8
:00413CE9
:00413CEA
:00413CEB
:00413CEC
41
49
5F
43
48
41
52
53
45
54
00000000
inc ecx
dec ecx
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0)
:00413CF0 FFFFFFFF
BYTE 4 DUP(0ffh)
:00413CF4
:00413CF6
:00413CF8
:00413CF9
:00413CFA
:00413CFB
:00413CFC
:00413CFD
:00413CFE
:00413CFF
:00413D00
:00413D01
:00413D02
:00413D03
:00413D04
:00413D05
:00413D06
:00413D07
:00413D08
:00413D09
:00413D0A
:00413D0C
1200
0000
45
41
53
54
45
55
52
4F
50
45
5F
43
48
41
52
53
45
54
0000
FFFFFFFF
adc al, byte ptr [eax]

inc ebp
inc ecx
push ebx
push esp
inc ebp
push ebp
push edx
dec edi
push eax
inc ebp
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
BYTE 4 DUP(0ffh)
:00413D10
:00413D12
:00413D14
:00413D15
:00413D16
:00413D17
:00413D18
:00413D19
:00413D1A
:00413D1B
:00413D1C
:00413D1D
:00413D1E
:00413D1F
:00413D22
:00413D27
:00413D2C
0B00
0000
4F
45
4D
5F
43
48
41
52
53
45
54
006A11
B984244400
E8EC89FFFF
C3

dec edi
inc ebp
dec ebp
pop edi
inc ebx
dec eax
inc ecx
push edx
push ebx
inc ebp
push esp
add byte ptr [edx+11], ch
mov ecx, 00442484
call 0040C718
ret
:00413D2D 8D4000
:00413D30
:00413D32
:00413D37
:00413D3C
6A11
B984244400
E89C89FFFF
C3
:00413D3D 8D4000
push 00000011
mov ecx, 00442484
call 0040C6D8
ret

|:00414185
|
:00413D40 53
push ebx
:00413D41 56
push esi
:00413D42 57
push edi
:00413D43 83C4A0
add esp, FFFFFFA0
:00413D46 8BDA
mov ebx, edx
:00413D48 8BF0
mov esi, eax
:00413D4A 56
push esi
:00413D4B 8BFB
mov edi, ebx
:00413D4D BE04234400
mov esi, 00442304
:00413D52 B90B000000
mov ecx, 0000000B
:00413D57 F3
repz
:00413D58 A5
movsd
:00413D59 5E
pop esi
:00413D5A 85F6
test esi, esi
:00413D5C 0F8489000000
je 00413DEB
:00413D62 54
push esp
:00413D63 6A3C
push 0000003C
:00413D65 56
push esi
|
:00413D66 E85D21FFFF
Call 00405EC8
:00413D6B 85C0
test eax, eax
:00413D6D 747C
je 00413DEB
:00413D6F 8B0424
:00413D72 894304
:00413D75 817C2410BC020000
cmp dword ptr [esp+10], 000002BC
:00413D7D 7C04
jl 00413D83
:00413D7F 804B0901
|:00413D7D(C)
|
:00413D83 807C241401
:00413D88 7504
:00413D8A 804B0902
|:00413D88(C)
|
:00413D8E 807C241501
:00413D93 7504
:00413D95 804B0904

jne 00413D8E

jne 00413D99

|:00413D93(C)
|
:00413D99 807C241601
:00413D9E 7504
jne 00413DA4
:00413DA0 804B0908
|:00413D9E(C)
|
:00413DA4 8A442417
:00413DA8 88430A
:00413DAB 8D44243C
:00413DAF 8D54241C
:00413DB3 B920000000
:00413DB8 E87FECFEFF
:00413DBD 8D54243C
:00413DC1 8D430B
:00413DC4 B11F
:00413DC6 E849EAFEFF
:00413DCB 8A44241B
:00413DCF 240F
:00413DD1 FEC8
:00413DD3 740A
:00413DD5 FEC8
:00413DD7 750C
:00413DD9 C6430801
:00413DDD EB0A

mov al, byte ptr [esp+17]
mov byte ptr [ebx+0A], al
lea edx, dword ptr [esp+1C]
mov ecx, 00000020
call 00402A3C
lea eax, dword ptr [ebx+0B]
mov cl, 1F
call 00402814
mov al, byte ptr [esp+1B]
and al, 0F
dec al
je 00413DDF
dec al
jne 00413DE5
mov [ebx+08], 01
jmp 00413DE9

|:00413DD3(C)
|
:00413DDF C6430802
mov [ebx+08], 02
:00413DE3 EB04
jmp 00413DE9
|:00413DD7(C)
|
:00413DE5 C6430800
mov [ebx+08], 00
|:00413DDD(U), :00413DE3(U)
|
:00413DE9 8933
mov dword ptr [ebx], esi
|:00413D5C(C), :00413D6D(C)
|
:00413DEB 83C460
:00413DEE 5F
:00413DEF 5E
:00413DF0 5B
:00413DF1 C3
:00413DF2 8BC0
mov eax, eax
add
pop
pop
pop
ret
esp, 00000060
edi
esi
ebx

|:00414908 , :00422472 , :0043BC7B , :0043CCC7
|
:00413DF4 53
push ebx
:00413DF5 56
push esi
:00413DF6 84D2
test dl, dl
:00413DF8 7408
je 00413E02
:00413DFA 83C4F0
add esp, FFFFFFF0
:00413DFD E802F1FEFF
call 00402F04
|:00413DF8(C)
|
:00413E02 8BDA
:00413E04 8BF0
:00413E06 33C0
:00413E08 A304234400
:00413E0D BA04234400
:00413E12 A17C364400
:00413E17 E804F6FFFF
:00413E1C 89460C
:00413E1F C7461408000080
:00413E26 A138364400
:00413E2B 894618
:00413E2E 8BC6
:00413E30 84DB
:00413E32 740F
:00413E34 E823F1FEFF
:00413E39 648F0500000000
:00413E40 83C40C

mov ebx, edx
mov esi, eax
xor eax, eax
mov edx, 00442304
call 00413420
mov [esi+14], 80000008
mov eax, esi
test bl, bl
je 00413E43
call 00402F5C
add esp, 0000000C

|:00413E32(C)
|
:00413E43 8BC6
mov eax, esi
:00413E45 5E
pop esi
:00413E46 5B
pop ebx
:00413E47 C3
ret
:00413E48
:00413E49
:00413E4A
:00413E4F
:00413E51
:00413E53
:00413E56
:00413E5B
:00413E60
:00413E62
:00413E64
:00413E66
53
56
E815F1FEFF
8BDA
8BF0
8B560C
A17C364400
E8A4F6FFFF
84DB
7E07
8BC6
E8E9F0FEFF
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00413504
test bl, bl
jle 00413E6B
mov eax, esi
call 00402F54

|:00413E62(C)
|
:00413E6B 5E
pop esi
:00413E6C 5B
pop ebx
:00413E6D C3
ret
:00413E6E
:00413E70
:00413E71
:00413E73
:00413E75
:00413E7A
:00413E7E
8BC0
53
8BD8
8BC3
E8BEFCFFFF
837B1C00
7408
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 00413B38
je 00413E88
:00413E80 8B431C
:00413E83 8B10
:00413E85 FF520C

call [edx+0C]

|:00413E7E(C)
|
:00413E88 5B
pop ebx
:00413E89 C3
ret
:00413E8A
:00413E8C
:00413E8D
:00413E8F
:00413E92
:00413E93
:00413E96
:00413E99
:00413E9C
:00413EA2
:00413EA7
:00413EA9
:00413EAF
:00413EB2
:00413EB7
:00413EB9
:00413EBA
:00413EBF
:00413EC2
:00413EC5
:00413EC8
:00413ECA
:00413ECF
:00413ED1
:00413ED2
:00413ED7
:00413EDA
:00413EDD
:00413EE0
:00413EE3
:00413EE8
:00413EED
:00413EF0
:00413EF3
:00413EF8
:00413EFB
:00413EFE
:00413F01
:00413F03
:00413F05
:00413F0A
:00413F0C
:00413F0F
8BC0
55
8BEC
83C4F8
53
8955F8
8945FC
8B45F8
8B15BC284100
E8E9EEFEFF
84C0
0F849F000000
8B45FC
E895FCFFFF
33C0
55
68473F4100
64FF30
648920
8B5DF8
8BC3
E87DFCFFFF
33C0
55
682A3F4100
64FF30
648920
8B4B0C
8B55FC
A17C364400
E83FF7FFFF
8B5314
8B45FC
E8D0000000
8B45FC
8B4018
3B4318
7411
8BC3
E836030000
8BD0
8B45FC
E848030000
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
mov edx, dword ptr [004128BC]
call 00402D90
test al, al
je 00413F4E
call 00413B4C
xor eax, eax
push ebp
push 00413F47
mov eax, ebx
call 00413B4C
xor eax, eax
push ebp
push 00413F2A
call 0041362C
call 00413FC8
je 00413F14
mov eax, ebx
call 00414240
mov edx, eax
call 0041425C

|:00413F01(C)
|
:00413F14 33C0
xor eax, eax
:00413F16 5A
pop edx
:00413F17
:00413F18
:00413F19
:00413F1C
59
59
648910
68313F4100
pop ecx
pop ecx
push 00413F31
|:00413F2F(U)
|
:00413F21 8B45F8
:00413F29 C3
:00413F2A
:00413F2F
:00413F31
:00413F33
:00413F34
:00413F35
:00413F36
jmp
jmp
xor
pop
pop
pop
mov
E949F3FEFF
EBF0
33C0
5A
59
59
648910

call 00413B5C
ret
00403278
00413F21
eax, eax
edx
ecx
ecx

|
:00413F39 68593F4100
push 00413F59
|:00413F4C(U)
|
:00413F3E 8B45FC
:00413F46 C3
:00413F47 E92CF3FEFF
:00413F4C EBF0
jmp 00403278
jmp 00413F3E
|:00413EA9(C)
|
:00413F4E 8B55F8
:00413F51 8B45FC
:00413F59 5B
:00413F5A 59
:00413F5B 59
:00413F5C 5D
:00413F5D C3
:00413F5E 8BC0
mov eax, eax

call 00413B5C
ret

call 0040D208
pop ebx
pop ecx
pop ecx
pop ebp
ret

|:004141B1 , :004141F8 , :00414297 , :004142C9 , :004142F9
|
:00413F60 56
push esi
:00413F61 57
push edi
:00413F62 8B400C
:00413F65 8D7010
:00413F68 8BFA
mov edi, edx
:00413F6A B90B000000
mov ecx, 0000000B
:00413F6F
:00413F70
:00413F71
:00413F73
:00413F75
:00413F76
:00413F77
F3
A5
33C0
8902
5F
5E
C3
repz
movsd
xor eax, eax
pop edi
pop esi
ret

|:0041418E , :004141BE , :00414230 , :004142A9 , :004142D6
|:00414306
|
:00413F78 55
push ebp
:00413F79 8BEC
mov ebp, esp
:00413F7B 51
push ecx
:00413F7C 53
push ebx
:00413F7D 8BDA
mov ebx, edx
:00413F7F 8945FC
:00413F82 8B45FC
:00413F85 E8C2FBFFFF
call 00413B4C
:00413F8A 33C0
xor eax, eax
:00413F8C 55
push ebp
:00413F8D 68BD3F4100
push 00413FBD
:00413F92 64FF30
:00413F95 648920
:00413F98 8BCB
mov ecx, ebx
:00413F9A 8B55FC
:00413F9D A17C364400
:00413FA2 E80DF6FFFF
call 004135B4
:00413FA7 33C0
xor eax, eax
:00413FA9 5A
pop edx
:00413FAA 59
pop ecx
:00413FAB 59
pop ecx
:00413FAC 648910
|
:00413FAF 68C43F4100
push 00413FC4
|:00413FC2(U)
|
:00413FB4 8B45FC
:00413FB7 E8A0FBFFFF
:00413FBC C3
:00413FBD
:00413FC2
:00413FC4
:00413FC5
:00413FC6
:00413FC7
jmp
jmp
pop
pop
pop
ret
E9B6F2FEFF
EBF0
5B
59
5D
C3

call 00413B5C
ret

|:00413EF3 , :0041D41D , :0041D45F
00403278
00413FB4
ebx
ecx
ebp
, :0042A2B0
, :0043163B
|:0043167D , :00431993
|:0043923E , :00439260
|
:00413FC8 53
:00413FC9 3B5014
:00413FCC 740C
:00413FCE 895014
:00413FD1 66BBFDFF
:00413FD5 E81AEEFEFF
, :004319E6
, :00433A07
, :00433A29
push ebx
je 00413FDA
mov bx, FFFD
call 00402DF4

|:00413FCC(C)
|
:00413FDA 5B
pop ebx
:00413FDB C3
ret

|:0041502A , :0041DFCF , :0042643B , :004284C6
|
:00413FDC 55
push ebp
:00413FDD 8BEC
mov ebp, esp
:00413FDF 83C4BC
add esp, FFFFFFBC
:00413FE2 53
push ebx
:00413FE3 33D2
xor edx, edx
:00413FE5 8955BC
:00413FE8 8BD8
mov ebx, eax
:00413FEA 33C0
xor eax, eax
:00413FEC 55
push ebp
:00413FED 685A414100
push 0041415A
:00413FF2 64FF30
:00413FF5 648920
:00413FF8 8B430C
:00413FFB 8945FC
:00413FFE 8B45FC
:00414001 83780800
:00414005 0F8533010000
jne 0041413E
:0041400B A17C364400
:00414010 E8F3F3FFFF
call 00413408
:00414015 33C0
xor eax, eax
:00414017 55
push ebp
:00414018 6837414100
push 00414137
:0041401D 64FF30
:00414020 648920
:00414023 8B45FC
:00414026 83780800
:0041402A 0F85EF000000
jne 0041411F
:00414030 8B45FC
:00414033 8B4014
:00414036 8945C0
:00414039 33C0
xor eax, eax
:0041403B 8945C4
:0041403E 33C0
xor eax, eax
:00414040 8945C8
:00414043 33C0
xor eax, eax
:00414045 8945CC
:00414048 8B45FC
:0041404B F6401901
test [eax+19], 01
:0041404F 7409
je 0041405A
:00414051 C745D0BC020000
:00414058 EB07
mov [ebp-30], 000002BC

jmp 00414061

|:0041404F(C)
|
:0041405A C745D090010000
mov [ebp-30], 00000190
|:00414058(U)
|
:00414061 8B45FC
:00414064 F6401902
:00414068 0F95C0
:0041406B 8845D4
:0041406E 8B45FC
:00414071 F6401904
:00414075 0F95C0
:00414078 8845D5
:0041407B 8B45FC
:0041407E F6401908
:00414082 0F95C0
:00414085 8845D6
:00414088 8B45FC
:0041408B 8A401A
:0041408E 8845D7
:00414091 8D45BC
:00414094 8B55FC
:00414097 83C21B
:0041409A E839F9FEFF
:0041409F 8B45BC

test [eax+19], 02
setne al
mov byte ptr [ebp-2C], al
test [eax+19], 04
setne al
mov byte ptr [ebp-2B], al
test [eax+19], 08
setne al
mov byte ptr [ebp-2A], al
mov al, byte ptr [eax+1A]
add edx, 0000001B
call 004039D8
* Possible StringData Ref from Code Obj ->"Default"

|
:004140A2 BA70414100
mov edx, 00414170
:004140A7 E8C834FFFF
call 00407574
:004140AC 85C0
test eax, eax
:004140AE 751A
jne 004140CA
:004140B0 8D45BC
:004140B3 BA0F234400
mov edx, 0044230F
:004140B8 E81BF9FEFF
call 004039D8
:004140BD 8B55BC
:004140C0 8D45DC
:004140C3 E8E438FFFF
call 004079AC
:004140C8 EB19
jmp 004140E3
|:004140AE(C)
|
:004140CA 8D45BC
:004140CD 8B55FC
:004140D0 83C21B
:004140D3 E800F9FEFF
:004140D8 8B55BC
:004140DB 8D45DC
:004140DE E8C938FFFF

lea eax, dword ptr
mov edx, dword ptr
add edx, 0000001B
call 004039D8
mov edx, dword ptr
lea eax, dword ptr
call 004079AC
[ebp-44]
[ebp-04]
[ebp-44]
[ebp-24]

|:004140C8(U)
|
:004140E3
:004140E7
:004140EB
:004140EF
:004140F1
:004140F6
:004140F8
:004140FA
:004140FC
:004140FE
C645DA00
C645D800
C645D900
8BC3
E8BE010000
FEC8
7406
FEC8
7408
EB0C
mov [ebp-26], 00
mov [ebp-28], 00
mov [ebp-27], 00
mov eax, ebx
call 004142B4
dec al
je 00414100
dec al
je 00414106
jmp 0041410C

|:004140F8(C)
|
:00414100 C645DB02
mov [ebp-25], 02
:00414104 EB0A
jmp 00414110
|:004140FC(C)
|
:00414106 C645DB01
mov [ebp-25], 01
:0041410A EB04
jmp 00414110
|:004140FE(U)
|
:0041410C C645DB00
mov [ebp-25], 00
|:00414104(U), :0041410A(U)
|
:00414110 8D45C0
:00414113 50
push eax
|
:00414114 E8F71CFFFF
Call 00405E10
:00414119 8B55FC
:0041411C 894208
|:0041402A(C)
|
:0041411F 33C0
:00414121 5A
:00414122 59
:00414123 59
:00414124 648910
:00414127 683E414100
|:0041413C(U)
|
:0041412C A17C364400
:00414131 E8DEF2FFFF
:00414136 C3
:00414137 E93CF1FEFF
:0041413C EBEE
jmp 00403278
jmp 0041412C
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041413E

call 00413414
ret
|:00414005(C)
|
:0041413E 8B45FC
:00414141 8B5808
:00414144 33C0
:00414146 5A
:00414147 59
:00414148 59
:00414149 648910
:0041414C 6861414100
|:0041415F(U)
|
:00414151 8D45BC
:00414154 E85FF6FEFF
:00414159 C3
:0041415A
:0041415F
:00414161
:00414163
:00414164
:00414166
:00414167
jmp
jmp
mov
pop
mov
pop
ret
E919F1FEFF
EBF0
8BC3
5B
8BE5
5D
C3

xor eax, eax
pop edx
pop ecx
pop ecx
push 00414161

call 004037B8
ret
00403278
00414151
eax, ebx
ebx
esp, ebp
ebp
:00414168 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041416C 07
:0041416D 000000
pop es
BYTE 3 DUP(0)
:00414170
:00414171
:00414174
:00414176
inc esp
popa
jne 004141E2
je 00414178
44
656661
756C
7400

|:0042A168 , :004339DE , :00433B66
|:0043D309 , :0043D31C , :00440C2C
|
|:00414176(C)
|
:00414178 53
:00414179 56
:0041417A 83C4D4
:0041417D 8BF2
:0041417F 8BD8
:00414181 8BD4
:00414183 8BC6
:00414185 E8B6FBFFFF
:0041418A 8BD4
:0041418C 8BC3
, :00439215
, :00439373

push ebx
push esi
add esp, FFFFFFD4
mov esi, edx
mov ebx, eax
mov edx, esp
mov eax, esi
call 00413D40
mov edx, esp
mov eax, ebx
:0041418E
:00414193
:00414196
:00414197
:00414198
E8E5FDFFFF
83C42C
5E
5B
C3
:00414199 8D4000
call 00413F78
add esp, 0000002C
pop esi
pop ebx
ret

|:0041424B , :00423262 , :00423276 , :00438703
|
:0041419C 8B400C
:0041419F 8B4014
:004141A2 C3
ret
:004141A3 90
nop

|:00414274 , :00438712
|
:004141A4 53
push ebx
:004141A5 56
push esi
:004141A6 83C4D4
add esp, FFFFFFD4
:004141A9 8BF2
mov esi, edx
:004141AB 8BD8
mov ebx, eax
:004141AD 8BD4
mov edx, esp
:004141AF 8BC3
mov eax, ebx
:004141B1 E8AAFDFFFF
call 00413F60
:004141B6 89742404
:004141BA 8BD4
mov edx, esp
:004141BC 8BC3
mov eax, ebx
:004141BE E8B5FDFFFF
call 00413F78
:004141C3 83C42C
add esp, 0000002C
:004141C6 5E
pop esi
:004141C7 5B
pop ebx
:004141C8 C3
ret
:004141C9
:004141CC
:004141CD
:004141CE
:004141D0
:004141D2
:004141D4
:004141D7
:004141DA
:004141DF
:004141E0
:004141E1
8D4000
53
56
8BF2
8BD8
8BC6
8B530C
83C21B
E8F9F7FEFF
5E
5B
C3

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
add edx, 0000001B
call 004039D8
pop esi
pop ebx
ret

|:00414174(C)
|
:004141E2 8BC0
mov eax, eax
:004141E4 53
push ebx
:004141E5
:004141E6
:004141EC
:004141EE
:004141F0
:004141F2
:004141F4
:004141F6
:004141F8
:004141FD
:00414201
:00414203
:00414208
:0041420D
:00414211
:00414213
:00414218
:0041421D
:00414221
:00414225
:00414227
:0041422C
:0041422E
:00414230
56
81C4D4FEFFFF
8BF2
8BD8
85F6
7441
8BD4
8BC3
E863FDFFFF
8D44240B
33C9
BA20000000
E82BE7FEFF
8D44242C
8BD6
B9FF000000
E8F3F7FEFF
8D54242C
8D44240B
B11F
E8E8E5FEFF
8BD4
8BC3
E843FDFFFF
push esi
add esp, FFFFFED4
mov esi, edx
mov ebx, eax
test esi, esi
je 00414235
mov edx, esp
mov eax, ebx
call 00413F60
lea eax, dword ptr
xor ecx, ecx
mov edx, 00000020
call 00402938
lea eax, dword ptr
mov edx, esi
mov ecx, 000000FF
call 00403A10
lea edx, dword ptr
lea eax, dword ptr
mov cl, 1F
call 00402814
mov edx, esp
mov eax, ebx
call 00413F78
[esp+0B]
[esp+2C]
[esp+2C]
[esp+0B]
|:004141F2(C)
|
:00414235 81C42C010000
:0041423B 5E
:0041423C 5B
:0041423D C3
:0041423E 8BC0
mov eax, eax
add esp, 0000012C

pop esi
pop ebx
ret

|:00413F05 , :00422EE0 , :00438A04
|
:00414240 53
push ebx
:00414241 8BD8
mov ebx, eax
:00414243 8B4318
:00414246 50
push eax
:00414247 6A48
push 00000048
:00414249 8BC3
mov eax, ebx
:0041424B E84CFFFFFF
call 0041419C
:00414250 50
push eax
|
:00414251 E80A1BFFFF
Call 00405D60
:00414256 F7D8
neg eax
:00414258 5B
pop ebx
:00414259 C3
ret
:0041425A 8BC0
mov eax, eax

|:00413F0F , :00422EEF , :0042A17D
, :00438A13
|
:0041425C
:0041425D
:0041425E
:00414260
:00414262
:00414264
:00414267
:00414268
53
56
8BF2
8BD8
6A48
8B4318
50
56
push ebx
push esi
mov esi, edx
mov ebx, eax
push 00000048
push eax
push esi

|
:00414269 E8F21AFFFF
Call 00405D60
:0041426E 8BD0
mov edx, eax
:00414270 F7DA
neg edx
:00414272 8BC3
mov eax, ebx
:00414274 E82BFFFFFF
call 004141A4
:00414279 5E
pop esi
:0041427A 5B
pop ebx
:0041427B C3
ret

|:00431603
|
:0041427C 8B400C
:0041427F 8A5019
:00414282 8BC2
mov eax, edx
:00414284 C3
ret
:00414285 8D4000

|:00431612
|
:00414288 53
push ebx
:00414289 83C4D0
add esp, FFFFFFD0
:0041428C 881424
:0041428F 8BD8
mov ebx, eax
:00414291 8D542404
:00414295 8BC3
mov eax, ebx
:00414297 E8C4FCFFFF
call 00413F60
:0041429C 8A0424
:0041429F 8844240D
mov byte ptr [esp+0D], al
:004142A3 8D542404
:004142A7 8BC3
mov eax, ebx
:004142A9 E8CAFCFFFF
call 00413F78
:004142AE 83C430
add esp, 00000030
:004142B1 5B
pop ebx
:004142B2 C3
ret
:004142B3 90
nop

|:004140F1
|
:004142B4 8B400C
:004142B7 8A4018
:004142BA C3

ret
:004142BB
:004142BC
:004142BD
:004142BE
:004142C1
:004142C3
:004142C5
:004142C7
:004142C9
:004142CE
:004142D2
:004142D4
:004142D6
:004142DB
:004142DE
:004142DF
:004142E0
90
53
56
83C4D4
8BDA
8BF0
8BD4
8BC6
E892FCFFFF
885C2408
8BD4
8BC6
E89DFCFFFF
83C42C
5E
5B
C3
nop
push ebx
push esi
add esp, FFFFFFD4
mov ebx, edx
mov esi, eax
mov edx, esp
mov eax, esi
call 00413F60
mov byte ptr [esp+08], bl
mov edx, esp
mov eax, esi
call 00413F78
add esp, 0000002C
pop esi
pop ebx
ret
:004142E1
:004142E4
:004142E7
:004142EA
8D4000
8B400C
8A401A
C3

ret
:004142EB
:004142EC
:004142ED
:004142EE
:004142F1
:004142F3
:004142F5
:004142F7
:004142F9
:004142FE
:00414302
:00414304
:00414306
:0041430B
:0041430E
:0041430F
:00414310
90
53
56
83C4D4
8BDA
8BF0
8BD4
8BC6
E862FCFFFF
885C240A
8BD4
8BC6
E86DFCFFFF
83C42C
5E
5B
C3
nop
push ebx
push esi
add esp, FFFFFFD4
mov ebx, edx
mov esi, eax
mov edx, esp
mov eax, esi
call 00413F60
mov byte ptr [esp+0A], bl
mov edx, esp
mov eax, esi
call 00413F78
add esp, 0000002C
pop esi
pop ebx
ret
:00414311 8D4000

|:00414929
|
:00414314 53
push ebx
:00414315 56
push esi
:00414316 84D2
test dl, dl
:00414318 7408
je 00414322
:0041431A 83C4F0
add esp, FFFFFFF0
:0041431D E8E2EBFEFF
call 00402F04
|:00414318(C)
|
:00414322 8BDA
:00414324 8BF0
:00414326 BA14254400
:0041432B A180364400
:00414330 E8EBF0FFFF
:00414335 89460C
:00414338 C6461404
:0041433C 8BC6
:0041433E 84DB
:00414340 740F
:00414342 E815ECFEFF
:00414347 648F0500000000
:0041434E 83C40C

mov ebx, edx
mov esi, eax
mov edx, 00442514
call 00413420
mov [esi+14], 04
mov eax, esi
test bl, bl
je 00414351
call 00402F5C
add esp, 0000000C

|:00414340(C)
|
:00414351 8BC6
mov eax, esi
:00414353 5E
pop esi
:00414354 5B
pop ebx
:00414355 C3
ret
:00414356
:00414358
:00414359
:0041435A
:0041435F
:00414361
:00414363
:00414366
:0041436B
:00414370
:00414372
:00414374
:00414376
8BC0
53
56
E805ECFEFF
8BDA
8BF0
8B560C
A180364400
E894F1FFFF
84DB
7E07
8BC6
E8D9EBFEFF
mov eax, eax

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00413504
test bl, bl
jle 0041437B
mov eax, esi
call 00402F54

|:00414372(C)
|
:0041437B 5E
pop esi
:0041437C 5B
pop ebx
:0041437D C3
ret
:0041437E
:00414380
:00414381
:00414383
:00414386
:00414387
:0041438A
:0041438D
:00414390
:00414396
:0041439B
:0041439D
8BC0
55
8BEC
83C4F8
53
8955F8
8945FC
8B45F8
8B15382A4100
E8F5E9FEFF
84C0
0F8483000000
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
call 00402D90
test al, al
je 00414426
:004143A3
:004143A6
:004143AB
:004143AD
:004143AE
:004143B3
:004143B6
:004143B9
:004143BC
:004143BE
:004143C3
:004143C5
:004143C6
:004143CB
:004143CE
:004143D1
:004143D4
:004143D7
:004143DC
:004143E1
:004143E4
:004143E7
:004143EC
:004143EE
:004143EF
:004143F0
:004143F1
:004143F4
8B45FC
E8A1F7FFFF
33C0
55
681F444100
64FF30
648920
8B5DF8
8BC3
E889F7FFFF
33C0
55
6802444100
64FF30
648920
8B4B0C
8B55FC
A180364400
E84BF2FFFF
8A5314
8B45FC
E87C010000
33C0
5A
59
59
648910
6809444100

call 00413B4C
xor eax, eax
push ebp
push 0041441F
mov eax, ebx
call 00413B4C
xor eax, eax
push ebp
push 00414402
call 0041362C
mov dl, byte ptr [ebx+14]
call 00414568
xor eax, eax
pop edx
pop ecx
pop ecx
push 00414409
|:00414407(U)
|
:004143F9 8B45F8
:004143FC E85BF7FFFF
:00414401 C3
:00414402
:00414407
:00414409
:0041440B
:0041440C
:0041440D
:0041440E
jmp
jmp
xor
pop
pop
pop
mov
E971EEFEFF
EBF0
33C0
5A
59
59
648910

call 00413B5C
ret
00403278
004143F9
eax, eax
edx
ecx
ecx

|
:00414411 6831444100
push 00414431
|:00414424(U)
|
:00414416 8B45FC
:00414419 E83EF7FFFF
:0041441E C3
:0041441F E954EEFEFF
:00414424 EBF0
jmp 00403278
jmp 00414416

call 00413B5C
ret
|:0041439D(C)
|
:00414426 8B55F8
:00414429 8B45FC
:0041442C E8D78DFFFF
:00414431 5B
:00414432 59
:00414433 59
:00414434 5D
:00414435 C3
:00414436 8BC0
mov eax, eax

call 0040D208
pop ebx
pop ecx
pop ecx
pop ebp
ret

|:004144B5 , :00414591 , :004145C5
|
:00414438 56
push esi
:00414439 57
push edi
:0041443A 8B400C
:0041443D 8D7010
:00414440 8BFA
mov edi, edx
:00414442 B904000000
mov ecx, 00000004
:00414447 F3
repz
:00414448 A5
movsd
:00414449 33C0
xor eax, eax
:0041444B 8902
:0041444D 5F
pop edi
:0041444E 5E
pop esi
:0041444F C3
ret

|:004144C2 , :0041459E , :004145D2
|
:00414450 55
push ebp
:00414451 8BEC
mov ebp, esp
:00414453 51
push ecx
:00414454 53
push ebx
:00414455 8BDA
mov ebx, edx
:00414457 8945FC
:0041445A 8B45FC
:0041445D E8EAF6FFFF
call 00413B4C
:00414462 33C0
xor eax, eax
:00414464 55
push ebp
:00414465 6895444100
push 00414495
:0041446A 64FF30
:0041446D 648920
:00414470 8BCB
mov ecx, ebx
:00414472 8B55FC
:00414475 A180364400
:0041447A E835F1FFFF
call 004135B4
:0041447F 33C0
xor eax, eax
:00414481 5A
pop edx
:00414482 59
pop ecx
:00414483 59
pop ecx
:00414484 648910

|
:00414487 689C444100
push 0041449C
|:0041449A(U)
|
:0041448C 8B45FC
:0041448F E8C8F6FFFF
:00414494 C3
:00414495
:0041449A
:0041449C
:0041449D
:0041449E
:0041449F
jmp
jmp
pop
pop
pop
ret
E9DEEDFEFF
EBF0
5B
59
5D
C3

call 00413B5C
ret
00403278
0041448C
ebx
ecx
ebp
:004144A0 8B400C
:004144A3 8B4014
:004144A6 C3

ret
:004144A7 90
nop

|:0042BAE2 , :0042BB1D , :0042BB7D
|
:004144A8 53
push ebx
:004144A9 56
push esi
:004144AA 83C4F0
add esp, FFFFFFF0
:004144AD 8BF2
mov esi, edx
:004144AF 8BD8
mov ebx, eax
:004144B1 8BD4
mov edx, esp
:004144B3 8BC3
mov eax, ebx
:004144B5 E87EFFFFFF
call 00414438
:004144BA 89742404
:004144BE 8BD4
mov edx, esp
:004144C0 8BC3
mov eax, ebx
call 00414450
:004144C7 83C410
add esp, 00000010
:004144CA 5E
pop esi
:004144CB 5B
pop ebx
:004144CC C3
ret
:004144CD 8D4000

|:00415056
|
:004144D0 55
push ebp
:004144D1 8BEC
mov ebp, esp
:004144D3 83C4EC
add esp, FFFFFFEC
:004144D6 8B400C
:004144D9 8945FC
:004144DC 8B45FC
:004144DF 83780800
:004144E3
:004144E5
:004144EA
:004144EF
:004144F1
:004144F2
:004144F7
:004144FA
:004144FD
:00414500
:00414504
:00414506
:00414509
:0041450D
:00414515
:00414518
:0041451B
:0041451E
:00414521
:00414524
:00414527
:0041452C
:0041452F
:00414532
7578
A180364400
E819EFFFFF
33C0
55
6856454100
64FF30
648920
8B45FC
83780800
7538
8B45FC
0FB6401C
0FB7044524254400
8945EC
8B45FC
8B4018
8945F0
8B45FC
8B4014
E8DCF5FFFF
8945F8
8D45EC
50
jne 0041455D
call 00413408
xor eax, eax
push ebp
push 00414556
jne 0041453E
movzx eax, byte ptr [eax+1C]
movzx eax, word ptr [2*eax+00442524]
call 00413B08
push eax
* Reference To: gdi32.CreatePenIndirect, Ord:0000h

|
:00414533 E8F018FFFF
Call 00405E28
:00414538 8B55FC
:0041453B 894208
|:00414504(C)
|
:0041453E 33C0
:00414540 5A
:00414541 59
:00414542 59
:00414543 648910
:00414546 685D454100
|:0041455B(U)
|
:0041454B A180364400
:00414550 E8BFEEFFFF
:00414555 C3
:00414556 E91DEDFEFF
:0041455B EBEE
jmp 00403278
jmp 0041454B
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041455D

call 00413414
ret

|:004144E3(C)
|
:0041455D 8B45FC
:00414560 8B4008
:00414563 8BE5
mov esp, ebp
:00414565 5D
pop ebp
:00414566 C3
ret
:00414567 90
nop

|:004143E7
|
:00414568 53
push ebx
:00414569 3A5014
cmp dl, byte ptr [eax+14]
:0041456C 740C
je 0041457A
:0041456E 885014
mov byte ptr [eax+14], dl
:00414571 66BBFDFF
mov bx, FFFD
:00414575 E87AE8FEFF
call 00402DF4
|:0041456C(C)
|
:0041457A 5B
pop ebx
:0041457B C3
ret

|:00414FD3
|
:0041457C 8B400C
:0041457F 8A401C
mov al, byte ptr [eax+1C]
:00414582 C3
ret
:00414583 90
nop

|:00440635
|
:00414584 53
push ebx
:00414585 56
push esi
:00414586 83C4F0
add esp, FFFFFFF0
:00414589 8BDA
mov ebx, edx
:0041458B 8BF0
mov esi, eax
:0041458D 8BD4
mov edx, esp
:0041458F 8BC6
mov eax, esi
:00414591 E8A2FEFFFF
call 00414438
:00414596 885C240C
mov byte ptr [esp+0C], bl
:0041459A 8BD4
mov edx, esp
:0041459C 8BC6
mov eax, esi
:0041459E E8ADFEFFFF
call 00414450
:004145A3 83C410
add esp, 00000010
:004145A6 5E
pop esi
:004145A7 5B
pop ebx
:004145A8 C3
ret
:004145A9
:004145AC
:004145AF
:004145B2
8D4000
8B400C
8B4018
C3
:004145B3 90

ret
nop
:004145B4
:004145B5
:004145B6
:004145B9
:004145BB
:004145BD
:004145BF
:004145C1
:004145C3
:004145C5
:004145CA
:004145CE
:004145D0
:004145D2
53
56
83C4F0
8BF2
8BD8
85F6
7C16
8BD4
8BC3
E86EFEFFFF
89742408
8BD4
8BC3
E879FEFFFF
push ebx
push esi
add esp, FFFFFFF0
mov esi, edx
mov ebx, eax
test esi, esi
jl 004145D7
mov edx, esp
mov eax, ebx
call 00414438
mov edx, esp
mov eax, ebx
call 00414450

|:004145BF(C)
|
:004145D7 83C410
add esp, 00000010
:004145DA 5E
pop esi
:004145DB 5B
pop ebx
:004145DC C3
ret
:004145DD 8D4000

|:0041494A , :00420C1B , :004252A8 , :0042AF5F
|
:004145E0 53
push ebx
:004145E1 56
push esi
:004145E2 84D2
test dl, dl
:004145E4 7408
je 004145EE
:004145E6 83C4F0
add esp, FFFFFFF0
:004145E9 E816E9FEFF
call 00402F04
|:004145E4(C)
|
:004145EE 8BDA
:004145F0 8BF0
:004145F2 BA34254400
:004145F7 A184364400
:004145FC E81FEEFFFF
:00414601 89460C
:00414604 8BC6
:00414606 84DB
:00414608 740F
:0041460A E84DE9FEFF
:0041460F 648F0500000000
:00414616 83C40C

mov ebx, edx
mov esi, eax
mov edx, 00442534
call 00413420
mov eax, esi
test bl, bl
je 00414619
call 00402F5C
add esp, 0000000C

|:00414608(C)
|
:00414619 8BC6
mov eax, esi
:0041461B 5E
pop esi
:0041461C 5B
pop ebx
:0041461D C3
ret
:0041461E
:00414620
:00414621
:00414622
:00414627
:00414629
:0041462B
:0041462E
:00414633
:00414638
:0041463A
:0041463C
:0041463E
8BC0
53
56
E83DE9FEFF
8BDA
8BF0
8B560C
A184364400
E8CCEEFFFF
84DB
7E07
8BC6
E811E9FEFF
mov eax, eax

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00413504
test bl, bl
jle 00414643
mov eax, esi
call 00402F54

|:0041463A(C)
|
:00414643 5E
pop esi
:00414644 5B
pop ebx
:00414645 C3
ret
:00414646
:00414648
:00414649
:0041464B
:0041464E
:0041464F
:00414652
:00414655
:00414658
:0041465E
:00414663
:00414665
:00414667
:0041466A
:0041466F
:00414671
:00414672
:00414677
:0041467A
:0041467D
:00414680
:00414682
:00414687
:00414689
:0041468A
:0041468F
:00414692
:00414695
:00414698
:0041469B
:004146A0
:004146A5
:004146A7
:004146A8
:004146A9
:004146AA
:004146AD
8BC0
55
8BEC
83C4F8
53
8955F8
8945FC
8B45F8
8B15382B4100
E82DE7FEFF
84C0
7478
8B45FC
E8DDF4FFFF
33C0
55
68D8464100
64FF30
648920
8B5DF8
8BC3
E8C5F4FFFF
33C0
55
68BB464100
64FF30
648920
8B4B0C
8B55FC
A184364400
E887EFFFFF
33C0
5A
59
59
648910
68C2464100
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
call 00402D90
test al, al
je 004146DF
call 00413B4C
xor eax, eax
push ebp
push 004146D8
mov eax, ebx
call 00413B4C
xor eax, eax
push ebp
push 004146BB
call 0041362C
xor eax, eax
pop edx
pop ecx
pop ecx
push 004146C2
|:004146C0(U)
|
:004146B2 8B45F8
:004146BA C3
:004146BB
:004146C0
:004146C2
:004146C4
:004146C5
:004146C6
:004146C7
jmp
jmp
xor
pop
pop
pop
mov
E9B8EBFEFF
EBF0
33C0
5A
59
59
648910

call 00413B5C
ret
00403278
004146B2
eax, eax
edx
ecx
ecx

|
:004146CA 68EA464100
push 004146EA
|:004146DD(U)
|
:004146CF 8B45FC
:004146D2 E885F4FFFF
:004146D7 C3
:004146D8 E99BEBFEFF
:004146DD EBF0
jmp 00403278
jmp 004146CF
|:00414665(C)
|
:004146DF 8B55F8
:004146E2 8B45FC
:004146E5 E81E8BFFFF
:004146EA 5B
:004146EB 59
:004146EC 59
:004146ED 5D
:004146EE C3
:004146EF 90
nop

call 00413B5C
ret

call 0040D208
pop ebx
pop ecx
pop ecx
pop ebp
ret

|:00414799 , :004148B5
|
:004146F0 56
push esi
:004146F1 57
push edi
:004146F2 8B400C
:004146F5 8D7010
:004146F8 8BFA
mov edi, edx
:004146FA B904000000
mov ecx, 00000004
:004146FF F3
repz
:00414700 A5
movsd
:00414701 33C0
xor eax, eax
:00414703 8902
:00414705
:00414707
:0041470A
:0041470B
:0041470C
33C0
894208
5F
5E
C3
:0041470D 8D4000
xor
mov
pop
pop
ret
eax, eax
edi
esi

|:00414779 , :004147B2 , :004148D0
|
:00414710 55
push ebp
:00414711 8BEC
mov ebp, esp
:00414713 51
push ecx
:00414714 53
push ebx
:00414715 8BDA
mov ebx, edx
:00414717 8945FC
:0041471A 8B45FC
:0041471D E82AF4FFFF
call 00413B4C
:00414722 33C0
xor eax, eax
:00414724 55
push ebp
:00414725 6855474100
push 00414755
:0041472A 64FF30
:0041472D 648920
:00414730 8BCB
mov ecx, ebx
:00414732 8B55FC
:00414735 A184364400
:0041473A E875EEFFFF
call 004135B4
:0041473F 33C0
xor eax, eax
:00414741 5A
pop edx
:00414742 59
pop ecx
:00414743 59
pop ecx
:00414744 648910
|
:00414747 685C474100
push 0041475C
|:0041475A(U)
|
:0041474C 8B45FC
:0041474F E808F4FFFF
:00414754 C3
:00414755
:0041475A
:0041475C
:0041475D
:0041475E
:0041475F
jmp
jmp
pop
pop
pop
ret
E91EEBFEFF
EBF0
5B
59
5D
C3

call 00413B5C
ret
00403278
0041474C
ebx
ecx
ebp

|:00420C35 , :0042AF7C , :004318C6
|
:00414760 56
push esi
:00414761
:00414762
:00414765
:0041476A
:0041476C
:00414771
:00414772
:00414773
:00414777
:00414779
:0041477E
:00414781
:00414782
:00414783
57
83C4F0
BE34254400
8BFC
B904000000
F3
A5
89542408
8BD4
E892FFFFFF
83C410
5F
5E
C3
push edi
add esp, FFFFFFF0
mov esi, 00442534
mov edi, esp
mov ecx, 00000004
repz
movsd
mov dword ptr [esp+08], edx
mov edx, esp
call 00414710
add esp, 00000010
pop edi
pop esi
ret

|:00414AC1 , :004150B2 , :004150D6 , :00418688 , :004186C6
|:00418787 , :00426BF5 , :00431895 , :004318A8
|
:00414784 8B400C
:00414787 8B4014
:0041478A C3
ret
:0041478B 90
|:0041A8E6 , :0041D4FF
|:0042ECE6 , :0042ED34
|:004339F7 , :00433A19
|
:0041478C 53
:0041478D 56
:0041478E 83C4F0
:00414791 8BF2
:00414793 8BD8
:00414795 8BD4
:00414797 8BC3
:00414799 E852FFFFFF
:0041479E 89742404
:004147A2 807C240C01
:004147A7 7505
:004147A9 C644240C00
nop
Addresses:
, :004252BA
, :004318E3
, :0043922E
, :00428497
, :004318FB
, :00439250
, :0042E778
, :00431B60
, :00439CEE
push ebx
push esi
add esp, FFFFFFF0
mov esi, edx
mov ebx, eax
mov edx, esp
mov eax, ebx
call 004146F0
cmp byte ptr [esp+0C], 01
jne 004147AE
mov [esp+0C], 00
|:004147A7(C)
|
:004147AE 8BD4
:004147B0 8BC3
:004147B2 E859FFFFFF
:004147B7 83C410
:004147BA 5E
:004147BB 5B
:004147BC C3
:004147BD 8D4000
mov edx, esp

mov eax, ebx
call 00414710
add esp, 00000010
pop esi
pop ebx
ret

|:00414B4D , :00415086 , :00415094 , :00418637 , :00423B49
|:00426C0F , :004272FC , :00429F80 , :0042C876 , :004394ED
|:0043ADDB
|
:004147C0 55
push ebp
:004147C1 8BEC
mov ebp, esp
:004147C3 83C4F0
add esp, FFFFFFF0
:004147C6 8B400C
:004147C9 8945FC
:004147CC 8B45FC
:004147CF 83780800
:004147D3 0F85BB000000
jne 00414894
:004147D9 A184364400
:004147DE E825ECFFFF
call 00413408
:004147E3 33D2
xor edx, edx
:004147E5 55
push ebp
:004147E6 688D484100
push 0041488D
:004147EB 64FF32
:004147EE 648922
:004147F1 8B45FC
:004147F4 83780800
:004147F8 757B
jne 00414875
:004147FA 8B45FC
:004147FD 8B4018
:00414800 85C0
test eax, eax
:00414802 741E
je 00414822
:00414804 C745F003000000
mov [ebp-10], 00000003
:0041480B B201
mov dl, 01
:0041480D 8B08
:0041480F FF5168
call [ecx+68]
:00414812 8B45FC
:00414815 8B4018
:00414818 8B10
:0041481A FF5260
call [edx+60]
:0041481D 8945F8
:00414820 EB36
jmp 00414858
|:00414802(C)
|
:00414822 33C0
xor eax, eax
:00414824 8945F8
:00414827 8B45FC
:0041482A 8A401C
:0041482D 8BD0
mov edx, eax
:0041482F 80EA01
sub dl, 01
:00414832 7204
jb 00414838
:00414834 7409
je 0041483F
:00414836 EB10
jmp 00414848
|:00414832(C)
|
:00414838 33C0
xor eax, eax
:0041483A 8945F0
:0041483D EB19
jmp 00414858
|:00414834(C)
|
:0041483F C745F001000000
:00414846 EB10
|:00414836(U)
|
:00414848 C745F002000000
:0041484F 83E07F
:00414852 83E802
:00414855 8945F8
mov [ebp-10], 00000001

jmp 00414858
mov
and
sub
mov
[ebp-10], 00000002
eax, 0000007F
eax, 00000002

|:00414820(U), :0041483D(U), :00414846(U)
|
:00414858 8B45FC
:0041485B 8B4014
:0041485E E8A5F2FFFF
call 00413B08
:00414863 8945F4
:00414866 8D45F0
:00414869 50
push eax
* Reference To: gdi32.CreateBrushIndirect, Ord:0000h
|
:0041486A E87915FFFF
Call 00405DE8
:0041486F 8B55FC
:00414872 894208
|:004147F8(C)
|
:00414875 33C0
:00414877 5A
:00414878 59
:00414879 59
:0041487A 648910
:0041487D 6894484100
|:00414892(U)
|
:00414882 A184364400
:00414887 E888EBFFFF
:0041488C C3
:0041488D E9E6E9FEFF
:00414892 EBEE
jmp 00403278
jmp 00414882
xor eax, eax

pop edx
pop ecx
pop ecx
push 00414894

call 00413414
ret

|:004147D3(C)
|
:00414894 8B45FC
:00414897 8B4008
:0041489A 8BE5
mov esp, ebp
:0041489C 5D
pop ebp
:0041489D C3
ret
:0041489E 8BC0
mov eax, eax

|:004150A6
|
:004148A0 8B400C
:004148A3 8A401C
:004148A6 C3
ret
:004148A7 90
nop

|:0041A8DC , :0041D509 , :0041D529 , :0042A18D , :004315F0
|:0044063F
|
:004148A8 53
push ebx
:004148A9 56
push esi
:004148AA 83C4F0
add esp, FFFFFFF0
:004148AD 8BDA
mov ebx, edx
:004148AF 8BF0
mov esi, eax
:004148B1 8BD4
mov edx, esp
:004148B3 8BC6
mov eax, esi
call 004146F0
:004148BA 8BC3
mov eax, ebx
:004148BC 8844240C
mov byte ptr [esp+0C], al
:004148C0 3C01
cmp al, 01
:004148C2 7508
jne 004148CC
:004148C4 C7442404FFFFFF00
mov [esp+04], 00FFFFFF
|:004148C2(C)
|
:004148CC 8BD4
:004148CE 8BC6
:004148D0 E83BFEFFFF
:004148D5 83C410
:004148D8 5E
:004148D9 5B
:004148DA C3
:004148DB 90
nop
mov edx, esp

mov eax, esi
call 00414710
add esp, 00000010
pop esi
pop ebx
ret

|:00417EE5 , :00429FF3 , :0042A8E7 , :0042BCD4
|:00433B16 , :004382DE , :004391C7 , :0043932B
|
:004148DC 53
push ebx
:004148DD 56
push esi
:004148DE 57
push edi
:004148DF 84D2
test dl, dl
:004148E1 7408
je 004148EB
:004148E3 83C4F0
add esp, FFFFFFF0
:004148E6 E819E6FEFF
call 00402F04
, :00433988

|:004148E1(C)
|
:004148EB 8BDA
mov ebx, edx
:004148ED 8BF8
mov edi, eax
:004148EF
:004148F1
:004148F3
:004148F8
:004148FB
33D2
8BC7
E8F8E2FEFF
8D4734
50
xor edx, edx

mov eax, edi
call 00402BF0
push eax

|
:004148FC E83714FFFF
Call 00405D38
:00414901 B201
mov dl, 01
:00414903 A1BC284100
mov eax, dword ptr [004128BC]
:00414908 E8E7F4FFFF
call 00413DF4
:0041490D 8BF0
mov esi, eax
:0041490F 89770C
:00414912 897E08
mov dword ptr [esi+08], edi
:00414915 C74604FC504100
mov [esi+04], 004150FC
:0041491C 8D4734
:0041491F 894610
:00414922 B201
mov dl, 01
:00414924 A1382A4100
:00414929 E8E6F9FFFF
call 00414314
:0041492E 8BF0
mov esi, eax
:00414930 897710
mov dword ptr [edi+10], esi
:00414933 897E08
:00414936 C746041C514100
mov [esi+04], 0041511C
:0041493D 8D4734
:00414940 894610
:00414943 B201
mov dl, 01
:00414945 A1382B4100
:0041494A E891FCFFFF
call 004145E0
:0041494F 8BF0
mov esi, eax
:00414951 897714
:00414954 897E08
:00414957 C746043C514100
mov [esi+04], 0041513C
:0041495E 8D4734
:00414961 894610
:00414964 C747202000CC00
mov [edi+20], 00CC0020
:0041496B A09C494100
mov al, byte ptr [0041499C]
:00414970 884708
:00414973 8BD7
mov edx, edi
:00414975 A188364400
:0041497A E8B585FFFF
call 0040CF34
:0041497F 8BC7
mov eax, edi
:00414981 84DB
test bl, bl
:00414983 740F
je 00414994
:00414985 E8D2E5FEFF
call 00402F5C
:0041498A 648F0500000000
:00414991 83C40C
add esp, 0000000C
|:00414983(C)
|
:00414994 8BC7
mov eax, edi
:00414996 5F
pop edi
:00414997 5E
pop esi
:00414998 5B
pop ebx
:00414999 C3
ret
:0041499A 000000000000
BYTE 6 DUP(0)

|:00417F21 , :00421ED5
|
:004149A0 53
push ebx
:004149A1 56
push esi
:004149A2 E8BDE5FEFF
call 00402F64
:004149A7 8BDA
mov ebx, edx
:004149A9 8BF0
mov esi, eax
:004149AB 8BD6
mov edx, esi
:004149AD A188364400
mov eax, dword
:004149B2 E8F185FFFF
call 0040CFA8
:004149B7 33D2
xor edx, edx
:004149B9 8BC6
mov eax, esi
:004149BB E820050000
call 00414EE0
:004149C0 8B460C
mov eax, dword
:004149C3 E858E2FEFF
call 00402C20
:004149C8 8B4610
mov eax, dword
:004149CB E850E2FEFF
call 00402C20
:004149D0 8B4614
mov eax, dword
:004149D3 E848E2FEFF
call 00402C20
:004149D8 8D4634
lea eax, dword
:004149DB 50
push eax
ptr [00443688]
ptr [esi+0C]
ptr [esi+10]
ptr [esi+14]
ptr [esi+34]

|
:004149DC E86F12FFFF
Call 00405C50
:004149E1 8BD3
mov edx, ebx
:004149E3 80E2FC
and dl, FC
:004149E6 8BC6
mov eax, esi
:004149E8 E8EF87FFFF
call 0040D1DC
:004149ED 84DB
test bl, bl
:004149EF 7E07
jle 004149F8
:004149F1 8BC6
mov eax, esi
:004149F3 E85CE5FEFF
call 00402F54
|:004149EF(C)
|
:004149F8 5E
pop esi
:004149F9 5B
pop ebx
:004149FA C3
ret
:004149FB 90
nop

|:0042F5DB , :0042F621 , :0042F955
|
:004149FC 55
push ebp
:004149FD 8BEC
mov ebp, esp
:004149FF 51
push ecx
:00414A00 53
push ebx
:00414A01 56
push esi
:00414A02 57
push edi
:00414A03 894DFC
:00414A06 8BF2
mov esi, edx
:00414A08 8BD8
mov ebx, eax
:00414A0A
:00414A0D
:00414A0F
:00414A11
:00414A14
:00414A1A
:00414A1C
:00414A21
:00414A27
:00414A2A
:00414A2F
:00414A32
:00414A33
:00414A36
:00414A39
:00414A3A
:00414A3D
:00414A3F
:00414A40
:00414A43
:00414A44
:00414A46
:00414A47
:00414A4A
:00414A4D
:00414A4E
:00414A51
:00414A54
:00414A55
:00414A58
:00414A5A
:00414A5C
:00414A5D
:00414A60
:00414A61
:00414A62
:00414A65
8B7D08
8BC3
8B10
FF5210
8A157C4A4100
8BC3
E867050000
8A15804A4100
8B45FC
E859050000
8B5320
52
8B570C
2B5704
52
8B5708
2B17
52
8B5704
52
8B17
52
8B55FC
8B5204
52
8B560C
2B5604
52
8B5608
8B06
2BD0
52
8B5604
52
50
8B4304
50

mov eax, ebx
call [edx+10]
mov dl, byte ptr [00414A7C]
mov eax, ebx
call 00414F88
mov dl, byte ptr [00414A80]
call 00414F88
push edx
mov edx, dword ptr [edi+0C]
sub edx, dword ptr [edi+04]
push edx
sub edx, dword ptr [edi]
push edx
push edx
push edx
push edx
sub edx, dword ptr [esi+04]
push edx
sub edx, eax
push edx
push edx
push eax
push eax

|
:00414A66 E86D15FFFF
Call 00405FD8
:00414A6B 8BC3
mov eax, ebx
:00414A6D 8B10
:00414A6F FF520C
call [edx+0C]
:00414A72 5F
pop edi
:00414A73 5E
pop esi
:00414A74 5B
pop ebx
:00414A75 59
pop ecx
:00414A76 5D
pop ebp
:00414A77 C20400
ret 0004
:00414A7A 0000
BYTE 2 DUP(0)
:00414A7C
:00414A7E
:00414A80
:00414A82

0B00
0000
0900
0000

|:004319D9
|
:00414A84 55
push ebp
:00414A85 8BEC
mov ebp, esp
:00414A87 83C4EC
add esp, FFFFFFEC
:00414A8A 53
push ebx
:00414A8B 56
push esi
:00414A8C 57
push edi
:00414A8D 894DFC
:00414A90 8BFA
mov edi, edx
:00414A92 8BD8
mov ebx, eax
:00414A94 8B7508
:00414A97 85F6
test esi, esi
:00414A99 0F8482000000
je 00414B21
:00414A9F 8BC6
mov eax, esi
:00414AA1 8B10
:00414AA3 FF521C
call [edx+1C]
:00414AA6 84C0
test al, al
:00414AA8 7577
jne 00414B21
:00414AAA 8BC3
mov eax, ebx
:00414AAC 8B10
:00414AAE FF5210
call [edx+10]
:00414AB1 8A152C4B4100
mov dl, byte ptr [00414B2C]
:00414AB7 8BC3
mov eax, ebx
:00414AB9 E8CA040000
call 00414F88
:00414ABE 8B4314
:00414AC1 E8BEFCFFFF
call 00414784
:00414AC6 E83DF0FFFF
call 00413B08
:00414ACB 50
push eax
:00414ACC 8B4304
:00414ACF 50
push eax
|
:00414AD0 E8A314FFFF
Call 00405F78
:00414AD5 8B430C
:00414AD8 8B4014
:00414ADB E828F0FFFF
call 00413B08
:00414AE0 50
push eax
:00414AE1 8B4304
:00414AE4 50
push eax
|
:00414AE5 E8CE14FFFF
Call 00405FB8
:00414AEA 8BC6
mov eax, esi
:00414AEC 8B10
mov edx, dword
:00414AEE FF5220
call [edx+20]
:00414AF1 0345FC
add eax, dword
:00414AF4 50
push eax
:00414AF5 8D45EC
lea eax, dword
:00414AF8 50
push eax
:00414AF9 8BC6
mov eax, esi
:00414AFB 8B10
mov edx, dword
:00414AFD FF522C
call [edx+2C]
:00414B00 8BC8
mov ecx, eax
:00414B02 03CF
add ecx, edi
:00414B04 8B55FC
mov edx, dword
:00414B07 8BC7
mov eax, edi
ptr [eax]
ptr [ebp-04]
ptr [ebp-14]
ptr [eax]
ptr [ebp-04]
:00414B09
:00414B0E
:00414B11
:00414B13
:00414B15
:00414B17
:00414B1A
:00414B1C
:00414B1E
E88A76FFFF
8D4DEC
8BD3
8BC6
8B30
FF5614
8BC3
8B10
FF520C
call 0040C198
mov edx, ebx
mov eax, esi
call [esi+14]
mov eax, ebx
call [edx+0C]
|:00414A99(C), :00414AA8(C)
|
:00414B21 5F
:00414B22 5E
:00414B23 5B
:00414B24 8BE5
:00414B26 5D
:00414B27 C20400
:00414B2A 0000
BYTE 2 DUP(0)
:00414B2C 0100
:00414B2E 0000

pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp
0004

|:0041A910 , :0041D51F , :0042E7A7 , :0042EEAD , :0042EED9
|:00431785 , :004317D7 , :004318D1 , :004318EE , :00431B6B
|
:00414B30 53
push ebx
:00414B31 56
push esi
:00414B32 8BF2
mov esi, edx
:00414B34 8BD8
mov ebx, eax
:00414B36 8BC3
mov eax, ebx
:00414B38 8B10
:00414B3A FF5210
call [edx+10]
:00414B3D 8A15684B4100
mov dl, byte ptr [00414B68]
:00414B43 8BC3
mov eax, ebx
:00414B45 E83E040000
call 00414F88
:00414B4A 8B4314
:00414B4D E86EFCFFFF
call 004147C0
:00414B52 50
push eax
:00414B53 56
push esi
:00414B54 8B4304
:00414B57 50
push eax
|
:00414B58 E89B15FFFF
Call 004060F8
:00414B5D 8BC3
mov eax, ebx
:00414B5F 8B10
:00414B61 FF520C
call [edx+0C]
:00414B64 5E
pop esi
:00414B65 5B
pop ebx
:00414B66 C3
ret
:00414B67 00
BYTE 0
:00414B68 0900
:00414B6A 0000


|:0042BB01 , :0042BB0E , :0042BB37 , :0042BB43 , :0042BB60
|:0042BB6E , :0042BB96 , :0042BBA3
|
:00414B6C 53
push ebx
:00414B6D 56
push esi
:00414B6E 57
push edi
:00414B6F 8BF9
mov edi, ecx
:00414B71 8BF2
mov esi, edx
:00414B73 8BD8
mov ebx, eax
:00414B75 8BC3
mov eax, ebx
:00414B77 8B10
:00414B79 FF5210
call [edx+10]
:00414B7C 8A15A04B4100
mov dl, byte ptr [00414BA0]
:00414B82 8BC3
mov eax, ebx
:00414B84 E8FF030000
call 00414F88
:00414B89 57
push edi
:00414B8A 56
push esi
:00414B8B 8B4304
:00414B8E 50
push eax
* Reference To: gdi32.LineTo, Ord:0000h
|
:00414B8F E88413FFFF
Call 00405F18
:00414B94 8BC3
mov eax, ebx
:00414B96 8B10
:00414B98 FF520C
call [edx+0C]
:00414B9B 5F
pop edi
:00414B9C 5E
pop esi
:00414B9D 5B
pop ebx
:00414B9E C3
ret
:00414B9F 00
BYTE 0
:00414BA0
:00414BA1
:00414BA2
:00414BA3
BYTE
BYTE
BYTE
BYTE
05
00
00
00
05h
00h
00h
00h

|:0041373D , :00414D2B , :00417F4C , :00417FED
|:0042A97F , :0042BCF8 , :0043ABDB
|
:00414BA4 53
push ebx
:00414BA5 8BD8
mov ebx, eax
:00414BA7 6864364400
push 00443664
, :0042A075

|
:00414BAC E8A710FFFF
Call 00405C58
:00414BB1 FF434C
inc [ebx+4C]
:00414BB4 6864364400
push 00443664

|
:00414BB9 E88211FFFF
Call 00405D40
:00414BBE 8D4334
:00414BC1 50
push eax
|
:00414BC2 E89110FFFF
Call 00405C58
:00414BC7 5B
pop ebx
:00414BC8 C3
ret
:00414BC9 8D4000

|:00414DDF , :0042BAF5 , :0042BB2A , :0042BB54 , :0042BB89
|
:00414BCC 53
push ebx
:00414BCD 56
push esi
:00414BCE 57
push edi
:00414BCF 8BF9
mov edi, ecx
:00414BD1 8BF2
mov esi, edx
:00414BD3 8BD8
mov ebx, eax
:00414BD5 8A15F44B4100
mov dl, byte ptr [00414BF4]
:00414BDB 8BC3
mov eax, ebx
:00414BDD E8A6030000
call 00414F88
:00414BE2 6A00
push 00000000
:00414BE4 57
push edi
:00414BE5 56
push esi
:00414BE6 8B4304
:00414BE9 50
push eax
* Reference To: gdi32.MoveToEx, Ord:0000h
|
:00414BEA E83913FFFF
Call 00405F28
:00414BEF 5F
pop edi
:00414BF0 5E
pop esi
:00414BF1 5B
pop ebx
:00414BF2 C3
ret
:00414BF3 00
BYTE 0
:00414BF4 0100
:00414BF6 0000


|:00440658
|
:00414BF8 55
push ebp
:00414BF9 8BEC
mov ebp, esp
:00414BFB 53
push ebx
:00414BFC 56
push esi
:00414BFD 57
push edi
:00414BFE 8BF9
mov edi, ecx
:00414C00 8BF2
mov esi, edx
:00414C02 8BD8
mov ebx, eax
:00414C04
:00414C06
:00414C08
:00414C0B
:00414C11
:00414C13
:00414C18
:00414C1B
:00414C1C
:00414C1F
:00414C20
:00414C21
:00414C22
:00414C25
8BC3
8B10
FF5210
8A153C4C4100
8BC3
E870030000
8B4508
50
8B450C
50
57
56
8B4304
50
mov eax, ebx

call [edx+10]
mov dl, byte ptr [00414C3C]
mov eax, ebx
call 00414F88
push eax
push eax
push edi
push esi
push eax
* Reference To: gdi32.Rectangle, Ord:0000h

|
:00414C26 E82513FFFF
Call 00405F50
:00414C2B 8BC3
mov eax, ebx
:00414C2D 8B10
:00414C2F FF520C
call [edx+0C]
:00414C32 5F
pop edi
:00414C33 5E
pop esi
:00414C34 5B
pop ebx
:00414C35 5D
pop ebp
:00414C36 C20800
ret 0008
:00414C39 000000
BYTE 3 DUP(0)
:00414C3C
:00414C3D
:00414C3E
:00414C3F
BYTE
BYTE
BYTE
BYTE
0D
00
00
00
0dh
00h
00h
00h

|:00431AAF , :004406A6
|
:00414C40 53
push ebx
:00414C41 56
push esi
:00414C42 57
push edi
:00414C43 8BF1
mov esi, ecx
:00414C45 8BFA
mov edi, edx
:00414C47 8BD8
mov ebx, eax
:00414C49 85F6
test esi, esi
:00414C4B 7426
je 00414C73
:00414C4D 8BC3
mov eax, ebx
:00414C4F 8B10
:00414C51 FF5210
call [edx+10]
:00414C54 8A15784C4100
mov dl, byte ptr [00414C78]
:00414C5A 8BC3
mov eax, ebx
:00414C5C E827030000
call 00414F88
:00414C61 8BCF
mov ecx, edi
:00414C63 8BD3
mov edx, ebx
:00414C65 8BC6
mov eax, esi
:00414C67 8B30
:00414C69 FF5614
call [esi+14]
:00414C6C 8BC3
mov eax, ebx
:00414C6E 8B10
:00414C70 FF520C

call [edx+0C]

|:00414C4B(C)
|
:00414C73 5F
pop edi
:00414C74 5E
pop esi
:00414C75 5B
pop ebx
:00414C76 C3
ret
:00414C77 00
BYTE 0
:00414C78 0F0000
:00414C7B 00

BYTE 00h

|:00414CCF , :00414CEB
|
:00414C7C 53
push ebx
:00414C7D 56
push esi
:00414C7E 57
push edi
:00414C7F 8BF1
mov esi, ecx
:00414C81 8BFA
mov edi, edx
:00414C83 8BD8
mov ebx, eax
:00414C85 8A15BC4C4100
mov dl, byte ptr [00414CBC]
:00414C8B 8BC3
mov eax, ebx
:00414C8D E8F6020000
call 00414F88
:00414C92 33C0
xor eax, eax
:00414C94 8906
:00414C96 33C0
xor eax, eax
:00414C98 894604
:00414C9B 56
push esi
:00414C9C 8BC7
mov eax, edi
:00414C9E E891EDFEFF
call 00403A34
:00414CA3 50
push eax
:00414CA4 8BC7
mov eax, edi
:00414CA6 E84DEFFEFF
call 00403BF8
:00414CAB 50
push eax
:00414CAC 8B4304
:00414CAF 50
push eax
|
:00414CB0 E83B12FFFF
Call 00405EF0
:00414CB5 5F
pop edi
:00414CB6 5E
pop esi
:00414CB7 5B
pop ebx
:00414CB8 C3
ret
:00414CB9 000000
BYTE 3 DUP(0)
:00414CBC 0300
:00414CBE 0000


|:0042A3B5 , :0043FCB3 , :0043FCCC
|
:00414CC0 53
push ebx
:00414CC1 56
push esi
:00414CC2 83C4F8
add esp, FFFFFFF8
:00414CC5 8BF2
mov esi, edx
:00414CC7 8BD8
mov ebx, eax
:00414CC9 8BCC
mov ecx, esp
:00414CCB 8BD6
mov edx, esi
:00414CCD 8BC3
mov eax, ebx
:00414CCF E8A8FFFFFF
call 00414C7C
:00414CD4 8B0424
:00414CD7 59
pop ecx
:00414CD8 5A
pop edx
:00414CD9 5E
pop esi
:00414CDA 5B
pop ebx
:00414CDB C3
ret

|:0042A3D9 , :00438987
|
:00414CDC 53
push ebx
:00414CDD 56
push esi
:00414CDE 83C4F8
add esp, FFFFFFF8
:00414CE1 8BF2
mov esi, edx
:00414CE3 8BD8
mov ebx, eax
:00414CE5 8BCC
mov ecx, esp
:00414CE7 8BD6
mov edx, esi
:00414CE9 8BC3
mov eax, ebx
:00414CEB E88CFFFFFF
call 00414C7C
:00414CF0 8B442404
:00414CF4 59
pop ecx
:00414CF5 5A
pop edx
:00414CF6 5E
pop esi
:00414CF7 5B
pop ebx
:00414CF8 C3
ret
:00414CF9 8D4000

|:00417DE5 , :00421D9C , :00421E51
|
:00414CFC 55
push ebp
:00414CFD 8BEC
mov ebp, esp
:00414CFF 51
push ecx
:00414D00 53
push ebx
:00414D01 8BD8
mov ebx, eax
:00414D03 6864364400
push 00443664
|
:00414D08 E84B0FFFFF
Call 00405C58
:00414D0D 33C0
xor eax, eax
:00414D0F 55
push ebp
:00414D10 68484D4100
push 00414D48
:00414D15 64FF30
:00414D18
:00414D1B
:00414D1F
:00414D23
:00414D27
:00414D29
:00414D2B
648920
837B4C00
0F9445FF
807DFF00
7407
8BC3
E874FEFFFF
|:00414D27(C)
|
:00414D30 33C0
:00414D32 5A
:00414D33 59
:00414D34 59
:00414D35 648910
:00414D38 684F4D4100

je 00414D30
mov eax, ebx
call 00414BA4
xor eax, eax
pop edx
pop ecx
pop ecx
push 00414D4F

|:00414D4D(U)
|
:00414D3D 6864364400
push 00443664
|
:00414D42 E8F90FFFFF
Call 00405D40
:00414D47 C3
ret
:00414D48
:00414D4D
:00414D4F
:00414D52
:00414D53
:00414D54
:00414D55
E92BE5FEFF
EBEE
8A45FF
5B
59
5D
C3
:00414D56 8BC0
jmp
jmp
mov
pop
pop
pop
ret
00403278
00414D3D
ebx
ecx
ebp
mov eax, eax

|:0041378D , :00417E14 , :00417FC2 , :004180AD , :00421DD7
|:00421E80 , :0042A0ED , :0042AA04 , :0042BDE4 , :0043AC6F
|
:00414D58 53
push ebx
:00414D59 8BD8
mov ebx, eax
:00414D5B 8D4334
:00414D5E 50
push eax
|
:00414D5F E8DC0FFFFF
Call 00405D40
:00414D64 6864364400
push 00443664
|
:00414D69 E8EA0EFFFF
Call 00405C58
:00414D6E FF4B4C
dec [ebx+4C]
:00414D71 6864364400
push 00443664

|
:00414D76 E8C50FFFFF
Call 00405D40
:00414D7B 5B
pop ebx
:00414D7C C3
ret
:00414D7D 8D4000

|:0041D3F1 , :00439D6F , :00440D73
|
:00414D80 56
push esi
:00414D81 8BF0
mov esi, eax
:00414D83 8B460C
:00414D86 8B08
:00414D88 FF5108
call [ecx+08]
:00414D8B 5E
pop esi
:00414D8C C3
ret
:00414D8D
:00414D90
:00414D93
:00414D95
:00414D98
8D4000
8B4010
8B08
FF5108
C3

call [ecx+08]
ret
:00414D99
:00414D9C
:00414D9F
:00414DA1
:00414DA4
8D4000
8B4014
8B08
FF5108
C3

call [ecx+08]
ret
:00414DA5 8D4000

|:00414EFF
|
:00414DA8 53
push ebx
:00414DA9 56
push esi
:00414DAA 8BF2
mov esi, edx
:00414DAC 8BD8
mov ebx, eax
:00414DAE 8A15C84D4100
mov dl, byte ptr [00414DC8]
:00414DB4 8BC3
mov eax, ebx
:00414DB6 E8CD010000
call 00414F88
:00414DBB 56
push esi
:00414DBC 8B4304
:00414DBF 50
push eax
* Reference To: gdi32.GetCurrentPositionEx, Ord:0000h
|
:00414DC0 E8C310FFFF
Call 00405E88
:00414DC5 5E
pop esi
:00414DC6 5B
pop ebx
:00414DC7 C3
ret
:00414DC8 0100
:00414DCA 0000

|:00414F2A
|
:00414DCC 56
push esi
:00414DCD 57
push edi
:00414DCE 83C4F8
add esp, FFFFFFF8
:00414DD1 8BF2
mov esi, edx
:00414DD3 8D3C24
:00414DD6 A5
movsd
:00414DD7 A5
movsd
:00414DD8 8B4C2404
:00414DDC 8B1424
:00414DDF E8E8FDFFFF
call 00414BCC
:00414DE4 59
pop ecx
:00414DE5 5A
pop edx
:00414DE6 5F
pop edi
:00414DE7 5E
pop esi
:00414DE8 C3
ret
:00414DE9 8D4000

|:0041917A
|
:00414DEC 53
push ebx
:00414DED 56
push esi
:00414DEE 57
push edi
:00414DEF 8BF9
mov edi, ecx
:00414DF1 8BF2
mov esi, edx
:00414DF3 8BD8
mov ebx, eax
:00414DF5 8A15144E4100
mov dl, byte ptr [00414E14]
:00414DFB 8BC3
mov eax, ebx
:00414DFD E886010000
call 00414F88
:00414E02 57
push edi
:00414E03 56
push esi
:00414E04 8B4304
:00414E07 50
push eax
* Reference To: gdi32.GetPixel, Ord:0000h
|
:00414E08 E8CB10FFFF
Call 00405ED8
:00414E0D 5F
pop edi
:00414E0E 5E
pop esi
:00414E0F 5B
pop ebx
:00414E10 C3
ret
:00414E11 000000
BYTE 3 DUP(0)
:00414E14 0100
:00414E16 0000


|:0041A944
|
:00414E18 55
push ebp
:00414E19
:00414E1B
:00414E1C
:00414E1D
:00414E1E
:00414E20
:00414E22
:00414E24
:00414E26
:00414E28
:00414E2B
:00414E31
:00414E33
:00414E38
:00414E3B
:00414E40
:00414E41
:00414E42
:00414E43
:00414E46
8BEC
53
56
57
8BF9
8BF2
8BD8
8BC3
8B10
FF5210
8A155C4E4100
8BC3
E850010000
8B4508
E8C8ECFFFF
50
57
56
8B4304
50
mov ebp, esp

push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+10]
mov dl, byte ptr [00414E5C]
mov eax, ebx
call 00414F88
call 00413B08
push eax
push edi
push esi
push eax
* Reference To: gdi32.SetPixel, Ord:0000h

|
:00414E47 E85411FFFF
Call 00405FA0
:00414E4C 8BC3
mov eax, ebx
:00414E4E 8B10
:00414E50 FF520C
call [edx+0C]
:00414E53 5F
pop edi
:00414E54 5E
pop esi
:00414E55 5B
pop ebx
:00414E56 5D
pop ebp
:00414E57 C20400
ret 0004
:00414E5A 0000
BYTE 2 DUP(0)
:00414E5C
:00414E5D
:00414E5E
:00414E5F
BYTE
BYTE
BYTE
BYTE
05h
00h
00h
00h
Addresses:
, :00417280
, :0041D4A5
, :0042EC9B
, :0042EEE6
, :00440A61
,
,
,
,
,
05
00
00
00
|:0041723C , :0041724B
|:0041D43C , :0041D47E
|:0042BBF3 , :0042EC35
|:0042ED3B , :0042EEBA
|:0043169C , :00431B37
|
:00414E60 53
:00414E61 8BD8
:00414E63 8BC3
:00414E65 8B10
:00414E67 FF5210
:00414E6A 8A157C4E4100
:00414E70 8BC3
:00414E72 E811010000
:00414E77 8B4304
:00414E7A 5B
:00417294
:0042A2E1
:0042ECD6
:004315D8
:00440E34
,
,
,
,
,
:00418E8F
:0042A592
:0042ECED
:0043165A
:00440ED4
push ebx
mov ebx, eax
mov eax, ebx
call [edx+10]
mov dl, byte ptr [00414E7C]
mov eax, ebx
call 00414F88
pop ebx
:00414E7B C3
ret
:00414E7C 0F0000
:00414E7F 00

BYTE 00h

|:00413747 , :00414EF6
|
:00414E80 53
push ebx
:00414E81 56
push esi
:00414E82 8BD8
mov ebx, eax
:00414E84 8B7304
:00414E87 85F6
test esi, esi
:00414E89 7448
je 00414ED3
:00414E8B A0D84E4100
mov al, byte ptr [00414ED8]
:00414E90 F7D0
not eax
:00414E92 224308
and al, byte ptr [ebx+08]
:00414E95 8A5308
:00414E98 3AD0
cmp dl, al
:00414E9A 7437
je 00414ED3
:00414E9C A13C364400
:00414EA1 50
push eax
:00414EA2 56
push esi
|
:00414EA3 E8C010FFFF
Call 00405F68
:00414EA8 A140364400
:00414EAD 50
push eax
:00414EAE 8B4304
:00414EB1 50
push eax
|
:00414EB2 E8B110FFFF
Call 00405F68
:00414EB7 A144364400
:00414EBC 50
push eax
:00414EBD 8B4304
:00414EC0 50
push eax
|
:00414EC1 E8A210FFFF
Call 00405F68
:00414EC6 A0D84E4100
mov al, byte ptr [00414ED8]
:00414ECB F7D0
not eax
:00414ECD 224308
:00414ED0 884308
|:00414E89(C), :00414E9A(C)
|
:00414ED3 5E
:00414ED4 5B
:00414ED5 C3
:00414ED6 0000
BYTE 2 DUP(0)
pop esi
pop ebx
ret
:00414ED8 0E
:00414ED9 000000
push cs
BYTE 3 DUP(0)

|:00421EFC
|
:00414EDC C3
ret
:00414EDD 8D4000
|:004149BB , :00417F9A
|:00421F7D , :00421F9D
|:0042A9E1 , :0042BD10
|:00433B54 , :00433B95
|:0043939B , :0043ABF9
|
:00414EE0 53
:00414EE1 56
:00414EE2 83C4F8
:00414EE5 8BF2
:00414EE7 8BD8
:00414EE9 8B4304
:00414EEC 3BF0
:00414EEE 743F
:00414EF0 85C0
:00414EF2 7426
:00414EF4 8BC3
:00414EF6 E885FFFFFF
:00414EFB 8BD4
:00414EFD 8BC3
:00414EFF E8A4FEFFFF
:00414F04 8B0424
:00414F07 894318
:00414F0A 8B442404
:00414F0E 89431C
:00414F11 33C0
:00414F13 894304
:00414F16 806308FE
Addresses:
, :0041808B
, :0042A094
, :0042BDC7
, :00439203
, :0043AC4C
,
,
,
,
:0041D637
:0042A0CA
:004339CC
:00439292
,
,
,
,
:0041D66B
:0042A99D
:00433A5C
:00439361
push ebx
push esi
add esp, FFFFFFF8
mov esi, edx
mov ebx, eax
cmp esi, eax
je 00414F2F
test eax, eax
je 00414F1A
mov eax, ebx
call 00414E80
mov edx, esp
mov eax, ebx
call 00414DA8
xor eax, eax
and byte ptr [ebx+08], FE
|:00414EF2(C)
|
:00414F1A 85F6
:00414F1C 7411
:00414F1E 804B0801
:00414F22 897304
:00414F25 8D5318
:00414F28 8BC3
:00414F2A E89DFEFFFF
|:00414EEE(C), :00414F1C(C)
|
:00414F2F 59
:00414F30 5A
:00414F31 5E
:00414F32 5B
test esi, esi

je 00414F2F
lea edx, dword ptr [ebx+18]
mov eax, ebx
call 00414DCC
pop
pop
pop
pop
ecx
edx
esi
ebx
:00414F33 C3
ret

|:00414FB3
|
:00414F34 55
push ebp
:00414F35 8BEC
mov ebp, esp
:00414F37 6A00
push 00000000
:00414F39 33C0
xor eax, eax
:00414F3B 55
push ebp
:00414F3C 687E4F4100
push 00414F7E
:00414F41 64FF30
:00414F44 648920
:00414F47 8D55FC
:00414F4A A1442B4400
:00414F4F E8D0FEFEFF
call 00404E24
:00414F54 8B4DFC
:00414F57 B201
mov dl, 01
:00414F59 A1F4B44000
mov eax, dword ptr [0040B4F4]
:00414F5E E80939FFFF
call 0040886C
:00414F63 E848E3FEFF
call 004032B0
:00414F68 33C0
xor eax, eax
:00414F6A 5A
pop edx
:00414F6B 59
pop ecx
:00414F6C 59
pop ecx
:00414F6D 648910
:00414F70 68854F4100
push 00414F85
|:00414F83(U)
|
:00414F75 8D45FC
:00414F78 E83BE8FEFF
:00414F7D C3
:00414F7E
:00414F83
:00414F85
:00414F86
:00414F87
jmp
jmp
pop
pop
ret
E9F5E2FEFF
EBF0
59
5D
C3
|:00414A1C , :00414A2A
|:00414BDD , :00414C13
|:00414DFD , :00414E33
|:00419E99 , :0041A1ED
|
:00414F88 53
:00414F89 56
:00414F8A 51
:00414F8B 881424
:00414F8E 8BF0
:00414F90 8A5E08
:00414F93 F7D3
:00414F95 221C24

call 004037B8
ret
Addresses:
, :00414AB9
, :00414C5C
, :00414E72
00403278
00414F75
ecx
ebp
, :00414B45
, :00414C8D
, :00418DC8
, :00414B84
, :00414DB6
, :00418EC7
push ebx
push esi
push ecx
mov esi, eax
not ebx
and bl, byte ptr [esp]
:00414F98
:00414F9D
:00414F9F
:00414FA1
:00414FA4
:00414FA6
:00414FA8
:00414FAA
:00414FAD
:00414FB1
:00414FB3
A0F84F4100
3AC3
7451
F6C301
7412
8BC6
8B10
FF5214
837E0400
7505
E87CFFFFFF
mov al, byte ptr [00414FF8]

cmp al, bl
je 00414FF2
test bl, 01
je 00414FB8
mov eax, esi
call [edx+14]
jne 00414FB8
call 00414F34
|:00414FA4(C), :00414FB1(C)
|
:00414FB8 F6C302
:00414FBB 7407
:00414FBD 8BC6
:00414FBF E860000000
|:00414FBB(C)
|
:00414FC4 F6C304
:00414FC7 7417
:00414FC9 8BC6
:00414FCB E880000000
:00414FD0 8B4610
:00414FD3 E8A4F5FFFF
:00414FD8 48
:00414FD9 2C04
:00414FDB 7303
:00414FDD 80CB08
|:00414FC7(C), :00414FDB(C)
|
:00414FE0 F6C308
:00414FE3 7407
:00414FE5 8BC6
:00414FE7 E894000000
test bl, 02
je 00414FC4
mov eax, esi
call 00415024
test bl, 04
je 00414FE0
mov eax, esi
call 00415050
call 0041457C
dec eax
sub al, 04
jnb 00414FE0
or bl, 08
test bl, 08
je 00414FEC
mov eax, esi
call 00415080

|:00414FE3(C)
|
:00414FEC 0A5E08
or bl, byte ptr [esi+08]
:00414FEF 885E08
|:00414F9F(C)
|
:00414FF2 5A
pop edx
:00414FF3 5E
pop esi
:00414FF4 5B
pop ebx
:00414FF5 C3
ret
:00414FF6 000000000000
BYTE 6 DUP(0)
:00414FFC
:00414FFD
:00415002
:00415004
:00415006
:00415008
:0041500B
53
6683782E00
740A
8BD8
8BD0
8B4330
FF532C
push ebx
je 0041500E
mov ebx, eax
mov edx, eax
call [ebx+2C]

|:00415002(C)
|
:0041500E 5B
pop ebx
:0041500F C3
ret
:00415010
:00415011
:00415016
:00415018
:0041501A
:0041501C
:0041501F
53
6683782600
740A
8BD8
8BD0
8B4328
FF5324
push ebx
je 00415022
mov ebx, eax
mov edx, eax
call [ebx+24]

|:00415016(C)
|
:00415022 5B
pop ebx
:00415023 C3
ret

|:00414FBF
|
:00415024 53
push ebx
:00415025 8BD8
mov ebx, eax
:00415027 8B430C
:0041502A E8ADEFFFFF
call 00413FDC
:0041502F 50
push eax
:00415030 8B4304
:00415033 50
push eax
|
:00415034 E82F0FFFFF
Call 00405F68
:00415039 8B430C
:0041503C 8B4014
:0041503F E8C4EAFFFF
call 00413B08
:00415044 50
push eax
:00415045 8B4304
:00415048 50
push eax
|
:00415049 E86A0FFFFF
Call 00405FB8
:0041504E 5B
pop ebx
:0041504F C3
ret

|:00414FCB
|
:00415050 53
push ebx
:00415051 8BD8
mov ebx, eax
:00415053 8B4310
:00415056 E875F4FFFF
call 004144D0
:0041505B 50
push eax
:0041505C 8B4304
:0041505F 50
push eax
|
:00415060 E8030FFFFF
Call 00405F68
:00415065 8B4310
:00415068 0FB64014
movzx eax, byte ptr [eax+14]
:0041506C 0FB7044544254400
movzx eax, word ptr [2*eax+00442544]
:00415074 50
push eax
:00415075 8B4304
:00415078 50
push eax
* Reference To: gdi32.SetROP2, Ord:0000h
|
:00415079 E82A0FFFFF
Call 00405FA8
:0041507E 5B
pop ebx
:0041507F C3
ret

|:00414FE7
|
:00415080 53
push ebx
:00415081 8BD8
mov ebx, eax
:00415083 8B4314
:00415086 E835F7FFFF
call 004147C0
:0041508B 50
push eax
* Reference To: gdi32.UnrealizeObject, Ord:0000h
|
:0041508C E84F0FFFFF
Call 00405FE0
:00415091 8B4314
:00415094 E827F7FFFF
call 004147C0
:00415099 50
push eax
:0041509A 8B4304
:0041509D 50
push eax
|
:0041509E E8C50EFFFF
Call 00405F68
:004150A3 8B4314
:004150A6 E8F5F7FFFF
call 004148A0
:004150AB 84C0
test al, al
:004150AD 7524
jne 004150D3
:004150AF 8B4314
:004150B2 E8CDF6FFFF
call 00414784
:004150B7 E84CEAFFFF
call 00413B08
:004150BC 50
push eax
:004150BD 8B4304
:004150C0 50
push eax

|
:004150C1 E8B20EFFFF
Call 00405F78
:004150C6 6A02
push 00000002
:004150C8 8B4304
:004150CB 50
push eax
|
:004150CC E8AF0EFFFF
Call 00405F80
:004150D1 5B
pop ebx
:004150D2 C3
ret
|:004150AD(C)
|
:004150D3 8B4314
:004150D6 E8A9F6FFFF
:004150DB E828EAFFFF
:004150E0 F7D0
:004150E2 50
:004150E3 8B4304
:004150E6 50

call 00414784
call 00413B08
not eax
push eax
push eax

|
:004150E7 E88C0EFFFF
Call 00405F78
:004150EC 6A01
push 00000001
:004150EE 8B4304
:004150F1 50
push eax
|
:004150F2 E8890EFFFF
Call 00405F80
:004150F7 5B
pop ebx
:004150F8 C3
ret
:004150F9
:004150FC
:004150FD
:004150FF
:00415103
:00415105
:00415109
:0041510E
:0041510F
:00415112
8D4000
53
8BD8
F6430802
7413
806308FD
A144364400
50
8B4304
50

push ebx
mov ebx, eax
test [ebx+08], 02
je 00415118
and byte ptr [ebx+08], FD
push eax
push eax

|
:00415113 E8500EFFFF
Call 00405F68
|:00415103(C)
|
:00415118 5B
pop ebx
:00415119 C3
ret
:0041511A
:0041511C
:0041511D
:0041511F
:00415123
:00415125
:00415129
:0041512E
:0041512F
:00415132
mov eax, eax

push ebx
mov ebx, eax
test [ebx+08], 04
je 00415138
and byte ptr [ebx+08], FB
push eax
push eax
8BC0
53
8BD8
F6430804
7413
806308FB
A13C364400
50
8B4304
50

|
:00415133 E8300EFFFF
Call 00405F68
|:00415123(C)
|
:00415138 5B
pop ebx
:00415139 C3
ret
:0041513A
:0041513C
:0041513D
:0041513F
:00415143
:00415145
:00415149
:0041514E
:0041514F
:00415152
8BC0
53
8BD8
F6430808
7413
806308F7
A140364400
50
8B4304
50
mov eax, eax

push ebx
mov ebx, eax
test [ebx+08], 08
je 00415158
and byte ptr [ebx+08], F7
push eax
push eax

|
:00415153 E8100EFFFF
Call 00405F68
|:00415143(C)
|
:00415158 5B
pop ebx
:00415159 C3
ret
:0041515A 8BC0
mov eax, eax

|:0041A4D7 , :0041A523 , :0041A598 , :0041A5E4
|
:0041515C 53
push ebx
:0041515D 8BD8
mov ebx, eax
:0041515F 8BCB
mov ecx, ebx
:00415161 B201
mov dl, 01
:00415163 A130254100
:00415168 E8FF36FFFF
call 0040886C
:0041516D E83EE1FEFF
call 004032B0
:00415172 5B
pop ebx
:00415173 C3
ret

|:004151AF , :004151F7 , :0041523F , :00417C4F , :0041937D
|
:00415174 53
push ebx
:00415175 8BD8
mov ebx, eax
:00415177 8BCB
mov ecx, ebx
:00415179 B201
mov dl, 01
:0041517B A1D4244100
:00415180 E8E736FFFF
call 0040886C
:00415185 E826E1FEFF
call 004032B0
:0041518A 5B
pop ebx
:0041518B C3
ret

|:0041600D , :00418316 , :0041961F , :004197D4 , :00419865
|:004199CD
|
:0041518C 55
push ebp
:0041518D 8BEC
mov ebp, esp
:0041518F 6A00
push 00000000
:00415191 33C0
xor eax, eax
:00415193 55
push ebp
:00415194 68CA514100
push 004151CA
:00415199 64FF30
:0041519C 648920
:0041519F 8D55FC
:004151A2 A10C2B4400
:004151A7 E878FCFEFF
call 00404E24
:004151AC 8B45FC
:004151AF E8C0FFFFFF
call 00415174
:004151B4 33C0
xor eax, eax
:004151B6 5A
pop edx
:004151B7 59
pop ecx
:004151B8 59
pop ecx
:004151B9 648910
:004151BC 68D1514100
push 004151D1
|:004151CF(U)
|
:004151C1 8D45FC
:004151C4 E8EFE5FEFF
:004151C9 C3
:004151CA
:004151CF
:004151D1
:004151D2
:004151D3
jmp
jmp
pop
pop
ret
E9A9E0FEFF
EBF0
59
5D
C3

call 004037B8
ret
00403278
004151C1
ecx
ebp
|:0041A2A9 , :0041A2DA
|
:004151D4 55
:004151D5 8BEC
:004151D7 6A00
:004151D9 33C0
:004151DB 55
:004151DC 6812524100
:004151E1 64FF30
:004151E4 648920
:004151E7 8D55FC
:004151EA A1202B4400
:004151EF E830FCFEFF
:004151F4 8B45FC
:004151F7 E878FFFFFF
:004151FC 33C0
:004151FE 5A
:004151FF 59
:00415200 59
:00415201 648910
:00415204 6819524100
, :0041A3E4
push ebp
mov ebp, esp
push 00000000
xor eax, eax
push ebp
push 00415212
call 00404E24
call 00415174
xor eax, eax
pop edx
pop ecx
pop ecx
push 00415219
|:00415217(U)
|
:00415209 8D45FC
:0041520C E8A7E5FEFF
:00415211 C3
:00415212
:00415217
:00415219
:0041521A
:0041521B
jmp
jmp
pop
pop
ret
E961E0FEFF
EBF0
59
5D
C3

call 004037B8
ret
00403278
00415209
ecx
ebp

|:00417508 , :00417562 , :004175EB , :004176A2
|
:0041521C 55
push ebp
:0041521D 8BEC
mov ebp, esp
:0041521F 6A00
push 00000000
:00415221 33C0
xor eax, eax
:00415223 55
push ebp
:00415224 685A524100
push 0041525A
:00415229 64FF30
:0041522C 648920
:0041522F 8D55FC
:00415232 A1482C4400
:00415237 E8E8FBFEFF
call 00404E24
:0041523C 8B45FC
call 00415174
:00415244 33C0
xor eax, eax
:00415246 5A
pop edx
:00415247 59
pop ecx
:00415248 59
pop ecx
:00415249 648910
:0041524C 6861524100
push 00415261
|:0041525F(U)
|
:00415251 8D45FC
:00415254 E85FE5FEFF
:00415259 C3
:0041525A
:0041525F
:00415261
:00415262
:00415263
jmp
jmp
pop
pop
ret
E919E0FEFF
EBF0
59
5D
C3

call 004037B8
ret
00403278
00415251
ecx
ebp

|:00415336 , :00415BB4 , :00415D84
|
:00415264 55
push ebp
:00415265 8BEC
mov ebp, esp
:00415267 6A00
push 00000000
:00415269 33C0
xor eax, eax
:0041526B 55
push ebp
:0041526C 68AE524100
push 004152AE
:00415271 64FF30
:00415274 648920
:00415277 8D55FC
:0041527A A1802A4400
:0041527F E8A0FBFEFF
call 00404E24
:00415284 8B4DFC
:00415287 B201
mov dl, 01
:00415289 A198B44000
:0041528E E8D935FFFF
call 0040886C
:00415293 E818E0FEFF
call 004032B0
:00415298 33C0
xor eax, eax
:0041529A 5A
pop edx
:0041529B 59
pop ecx
:0041529C 59
pop ecx
:0041529D 648910
:004152A0 68B5524100
push 004152B5
|:004152B3(U)
|
:004152A5 8D45FC
:004152A8 E80BE5FEFF
:004152AD C3
:004152AE
:004152B3
:004152B5
:004152B6
:004152B7
jmp
jmp
pop
pop
ret
E9C5DFFEFF
EBF0
59
5D
C3

call 004037B8
ret
00403278
004152A5
ecx
ebp
|:00415367 , :004153E2
|:00418539 , :0041903A
|
:004152B8 55
:004152B9 8BEC
:004152BB 81C4FCFEFFFF
:004152C1 53
:004152C2 33C0
:004152C4 8985FCFEFFFF
:004152CA 33C0
:004152CC 55
:004152CD 6854534100
:004152D2 64FF30
:004152D5 648920
, :0041540F
, :00415F67
, :00417BAD
push ebp
mov ebp, esp
add esp, FFFFFEFC
push ebx
xor eax, eax
mov dword ptr [ebp+FFFFFEFC], eax
xor eax, eax
push ebp
push 00415354

|
:004152D8 E8CB09FFFF
Call 00405CA8
:004152DD 8BD8
mov ebx, eax
:004152DF 85DB
test ebx, ebx
:004152E1 7453
je 00415336
:004152E3 6A00
push 00000000
:004152E5 6800010000
push 00000100
:004152EA 8D8500FFFFFF
lea eax, dword ptr [ebp+FFFFFF00]
:004152F0 50
push eax
:004152F1 6800040000
push 00000400
:004152F6 53
push ebx
:004152F7 6A00
push 00000000
:004152F9 6800100000
push 00001000
|
:004152FE E86D09FFFF
Call 00405C70
:00415303 85C0
test eax, eax
:00415305 742F
je 00415336
lea eax, dword ptr
:0041530D 8D9500FFFFFF
lea edx, dword ptr
:00415313 B900010000
mov ecx, 00000100
:00415318 E8C7E6FEFF
call 004039E4
:0041531D 8B8DFCFEFFFF
mov ecx, dword ptr
:00415323 B201
mov dl, 01
:00415325 A198B44000
mov eax, dword ptr
:0041532A E83D35FFFF
call 0040886C
:0041532F E87CDFFEFF
call 004032B0
:00415334 EB05
jmp 0041533B
[ebp+FFFFFEFC]
[ebp+FFFFFF00]
[ebp+FFFFFEFC]
[0040B498]

|:004152E1(C), :00415305(C)
|
:00415336 E829FFFFFF
call 00415264
|:00415334(U)
|
:0041533B 33C0
:0041533D 5A
:0041533E 59
:0041533F 59
:00415340 648910
:00415343 685B534100

xor eax, eax
pop edx
pop ecx
pop ecx
push 0041535B
|:00415359(U)
|
:0041534E E865E4FEFF
:00415353 C3
:00415354
:00415359
:0041535B
:0041535C
:0041535E
:0041535F
jmp
jmp
pop
mov
pop
ret
E91FDFFEFF
EBED
5B
8BE5
5D
C3
|:0041554C , :004155EA
|:00418322 , :00418333
|:004185BB , :004185CD
|:00418976 , :00418987
|:004196DA , :00419740
|
:00415360 53
:00415361 8BD8
:00415363 85DB
:00415365 7505
:00415367 E84CFFFFFF

call 004037B8
ret
Addresses:
, :0041560B
, :0041837F
, :00418719
, :004189EC
, :00419EAE
00403278
00415348
ebx
esp, ebp
ebp
,
,
,
,
:00415BF2
:004183A3
:0041873C
:00418EFA
,
,
,
,
:00415CA9
:0041852B
:004187DF
:004192E7
push ebx
mov ebx, eax
test ebx, ebx
jne 0041536C
call 004152B8

|:00415365(C)
|
:0041536C 8BC3
mov eax, ebx
:0041536E 5B
pop ebx
:0041536F C3
ret

|:00415C10 , :00415CC7
|
:00415370 55
push ebp
:00415371 8BEC
mov ebp, esp
:00415373 83C4CC
add esp, FFFFFFCC
:00415376 53
push ebx
:00415377 56
push esi
:00415378 57
push edi
:00415379 8BF2
mov esi, edx
:0041537B 8D7DF4
lea edi, dword ptr [ebp-0C]
:0041537E A5
movsd
:0041537F A5
movsd
:00415380 8BD9
mov ebx, ecx
:00415382 8945FC
:00415385 6A00
push 00000000
|
:00415387 E86C0AFFFF
Call 00405DF8
:0041538C 8945E8
:0041538F 6A00

push 00000000

|
:00415391 E8620AFFFF
Call 00405DF8
:00415396 8945E4
:00415399 33C0
xor eax, eax
:0041539B 55
push ebp
:0041539C 68BE544100
push 004154BE
:004153A1 64FF30
:004153A4 648920
:004153A7 8D45CC
:004153AA 50
push eax
:004153AB 6A18
push 00000018
:004153AD 8B45FC
:004153B0 50
push eax
|
:004153B1 E8120BFFFF
Call 00405EC8
:004153B6 84DB
test bl, bl
:004153B8 7418
je 004153D2
:004153BA 6A00
push 00000000
:004153BC 6A01
push 00000001
:004153BE 6A01
push 00000001
:004153C0 8B45F8
:004153C3 50
push eax
:004153C4 8B45F4
:004153C7 50
push eax
|
:004153C8 E8130AFFFF
Call 00405DE0
:004153CD 8945F0
:004153D0 EB62
jmp 00415434
|:004153B8(C)
|
:004153D2 6A00
push 00000000
|
:004153D4 E86F0DFFFF
Call 00406148
:004153D9 8945EC
:004153DC 837DEC00
:004153E0 7505
jne 004153E7
:004153E2 E8D1FEFFFF
call 004152B8
|:004153E0(C)
|
:004153E7 33C0
:004153E9 55
:004153EA 682D544100
:004153EF 64FF30
:004153F2 648920
:004153F5 8B45F8
:004153F8 50

xor eax, eax
push ebp
push 0041542D
push eax
:004153F9
:004153FC
:004153FD
:00415400
8B45F4
50
8B45EC
50

push eax
push eax

|
:00415401 E8EA09FFFF
Call 00405DF0
:00415406 8945F0
:00415409 837DF000
:0041540D 7505
jne 00415414
:0041540F E8A4FEFFFF
call 004152B8
|:0041540D(C)
|
:00415414 33C0
:00415416 5A
:00415417 59
:00415418 59
:00415419 648910
:0041541C 6834544100

xor eax, eax
pop edx
pop ecx
pop ecx
push 00415434

|:00415432(U)
|
:00415421 8B45EC
:00415424 50
push eax
:00415425 6A00
push 00000000
|
:00415427 E8340FFFFF
Call 00406360
:0041542C C3
ret
:0041542D E946DEFEFF
:00415432 EBED
jmp 00403278
jmp 00415421
|:004153D0(U)
|
:00415434 837DF000
:00415438 7464
:0041543A 8B45FC
:0041543D 50
:0041543E 8B45E8
:00415441 50

je 0041549E
push eax
push eax

|
:00415442 E8210BFFFF
Call 00405F68
:00415447 8BD8
mov ebx, eax
:00415449 8B45F0
:0041544C 50
push eax
:0041544D 8B45E4
:00415450 50
push eax
|
:00415451
:00415456
:00415458
:0041545D
:00415460
:00415461
:00415464
:00415465
:00415467
:00415469
:0041546C
:0041546D
:00415470
:00415471
:00415474
:00415475
:00415477
:00415479
:0041547C
E8120BFFFF
8BF0
682000CC00
8B45D4
50
8B45D0
50
6A00
6A00
8B45E8
50
8B45F8
50
8B45F4
50
6A00
6A00
8B45E4
50
Call 00405F68
mov esi, eax
push 00CC0020
mov eax, dword
push eax
mov eax, dword
push eax
push 00000000
push 00000000
mov eax, dword
push eax
mov eax, dword
push eax
mov eax, dword
push eax
push 00000000
push 00000000
mov eax, dword
push eax
ptr [ebp-2C]
ptr [ebp-30]
ptr [ebp-18]
ptr [ebp-08]
ptr [ebp-0C]
ptr [ebp-1C]

|
:0041547D E8560BFFFF
Call 00405FD8
:00415482 85DB
test ebx, ebx
:00415484 740A
je 00415490
:00415486 53
push ebx
:00415487 8B45E8
:0041548A 50
push eax
|
:0041548B E8D80AFFFF
Call 00405F68
|:00415484(C)
|
:00415490 85F6
test esi, esi
:00415492 740A
je 0041549E
:00415494 56
push esi
:00415495 8B45E4
:00415498 50
push eax
|
:00415499 E8CA0AFFFF
Call 00405F68
|:00415438(C), :00415492(C)
|
:0041549E 33C0
:004154A0 5A
:004154A1 59
:004154A2 59
:004154A3 648910
:004154A6 68C5544100

xor eax, eax
pop edx
pop ecx
pop ecx
push 004154C5

|:004154C3(U)
|
:004154AB 8B45E8
:004154AE 50
push eax

|
:004154AF E88C09FFFF
Call 00405E40
:004154B4 8B45E4
:004154B7 50
push eax
|
:004154B8 E88309FFFF
Call 00405E40
:004154BD C3
ret
:004154BE
:004154C3
:004154C5
:004154C8
:004154C9
:004154CA
:004154CB
:004154CD
:004154CE
E9B5DDFEFF
EBE6
8B45F0
5F
5E
5B
8BE5
5D
C3
:004154CF 90
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
00403278
004154AB
edi
esi
ebx
esp, ebp
ebp
nop

|:00415B9D , :00419661
|
:004154D0 8BD0
mov edx, eax
:004154D2 66FFCA
dec dx
:004154D5 740C
je 004154E3
:004154D7 6683EA03
sub dx, 0003
:004154DB 7406
je 004154E3
:004154DD 6683EA04
sub dx, 0004
:004154E1 750A
jne 004154ED
|:004154D5(C), :004154DB(C)
|
:004154E3 8BC8
:004154E5 B801000000
:004154EA D3E0
:004154EC C3

mov ecx, eax
mov eax, 00000001
shl eax, cl
ret

|:004154E1(C)
|
:004154ED 33C0
xor eax, eax
:004154EF C3
ret

|:00415B85 , :00415C5A , :004160A9 , :004196A7
|
:004154F0 49
dec ecx
:004154F1
:004154F3
:004154F5
:004154F7
:004154F9
:004154FB
:004154FD
F7EA
03C1
F7D1
23C1
85C0
7903
83C007
imul edx
add eax, ecx
not ecx
and eax, ecx
test eax, eax
jns 00415500
add eax, 00000007

|:004154FB(C)
|
:00415500 C1F803
sar eax, 03
:00415503 C3
ret

|:00418F49
|
:00415504 55
push ebp
:00415505 8BEC
mov ebp, esp
:00415507 83C4DC
add esp, FFFFFFDC
:0041550A 53
push ebx
:0041550B 56
push esi
:0041550C 57
push edi
:0041550D 894DF8
:00415510 8955FC
:00415513 8BF8
mov edi, eax
:00415515 8B7514
:00415518 8B5D18
:0041551B C645F701
mov [ebp-09], 01
:0041551F A14C2D4400
:00415524 833802
:00415527 0F85B1000000
jne 004155DE
:0041552D 3B5D2C
cmp ebx, dword ptr [ebp+2C]
:00415530 0F85A8000000
jne 004155DE
:00415536 3B7528
:00415539 0F859F000000
jne 004155DE
:0041553F 6A01
push 00000001
:00415541 6A01
push 00000001
:00415543 8B4524
:00415546 50
push eax
|
:00415547 E8A408FFFF
Call 00405DF0
:0041554C E80FFEFFFF
call 00415360
:00415551 8945EC
:00415554 8B45EC
:00415557 50
push eax
:00415558 8B4510
:0041555B 50
push eax
|
:0041555C E8070AFFFF
Call 00405F68
:00415561 8945EC
:00415564 33C0
xor eax, eax
:00415566 55
push ebp
:00415567 68D7554100
push 004155D7
:0041556C
:0041556F
:00415572
:00415577
:0041557C
:00415581
:00415582
:00415585
:00415586
:00415589
:0041558A
:0041558D
:0041558E
:00415591
:00415592
:00415595
:00415596
:00415599
:0041559A
:0041559D
:0041559E
:004155A1
:004155A2
:004155A5
:004155A6
:004155A9
:004155AA
64FF30
648920
BA2000CC00
B82900AA00
E8770FFFFF
50
8B4508
50
8B450C
50
8B45EC
50
8B451C
50
8B4520
50
8B4524
50
8B4528
50
8B452C
50
8B45F8
50
8B45FC
50
57

mov edx, 00CC0020
mov eax, 00AA0029
call 004064F8
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push eax
push edi
* Reference To: gdi32.MaskBlt, Ord:0000h

|
:004155AB E87009FFFF
Call 00405F20
:004155B0 33C0
xor eax, eax
:004155B2 5A
pop edx
:004155B3 59
pop ecx
:004155B4 59
pop ecx
:004155B5 648910
:004155B8 688B574100
push 0041578B
|:004155DC(U)
|
:004155BD 8B45EC
:004155C0 50
push eax
:004155C1 8B4510
:004155C4 50
push eax
|
:004155C5 E89E09FFFF
Call 00405F68
:004155CA 8945EC
:004155CD 8B45EC
:004155D0 50
push eax
|
:004155D1 E87A08FFFF
Call 00405E50
:004155D6 C3
ret
:004155D7 E99CDCFEFF
jmp 00403278
:004155DC EBDF
jmp 004155BD

|:00415527(C), :00415530(C), :00415539(C)
|
:004155DE 33C0
xor eax, eax
:004155E0 8945DC
:004155E3 6A00
push 00000000
|
:004155E5 E80E08FFFF
Call 00405DF8
:004155EA E871FDFFFF
call 00415360
:004155EF 8945F0
:004155F2 33C0
xor eax, eax
:004155F4 55
push ebp
:004155F5 6884574100
push 00415784
:004155FA 64FF30
:004155FD 648920
:00415600 56
push esi
:00415601 53
push ebx
:00415602 8B4524
:00415605 50
push eax
|
:00415606 E8E507FFFF
Call 00405DF0
call 00415360
:00415610 8945EC
:00415613 8B45EC
:00415616 50
push eax
:00415617 8B45F0
:0041561A 50
push eax
|
:0041561B E84809FFFF
Call 00405F68
:00415620 8945E8
:00415623 6A00
push 00000000
:00415625 A130364400
:0041562A 50
push eax
:0041562B 8B4524
:0041562E 50
push eax
|
:0041562F E83C09FFFF
Call 00405F70
:00415634 8945DC
:00415637 6A00
push 00000000
:00415639 8B45DC
:0041563C 50
push eax
:0041563D 8B4524
:00415640 50
push eax
|
:00415641 E82A09FFFF
Call 00405F70
:00415646 837DDC00
:0041564A 7414
je 00415660
:0041564C 6AFF
push FFFFFFFF
:0041564E
:00415651
:00415652
:00415655
8B45DC
50
8B45F0
50

push eax
push eax

|
:00415656 E81509FFFF
Call 00405F70
:0041565B 8945DC
:0041565E EB14
jmp 00415674
|:0041564A(C)
|
:00415660 6AFF
:00415662 A130364400
:00415667 50
:00415668 8B45F0
:0041566B 50

push FFFFFFFF
push eax
push eax

|
:0041566C E8FF08FFFF
Call 00405F70
:00415671 8945DC
|:0041565E(U)
|
:00415674 8B45F0
:00415677 50
push eax
|
:00415678 E8C308FFFF
Call 00405F40
:0041567D 682000CC00
push 00CC0020
:00415682 56
push esi
:00415683 53
push ebx
:00415684 8B4508
mov eax, dword
:00415687 50
push eax
:00415688 8B450C
mov eax, dword
:0041568B 50
push eax
:0041568C 8B4510
mov eax, dword
:0041568F 50
push eax
:00415690 56
push esi
:00415691 53
push ebx
:00415692 6A00
push 00000000
:00415694 6A00
push 00000000
:00415696 8B45F0
mov eax, dword
:00415699 50
push eax
ptr [ebp+08]
ptr [ebp+0C]
ptr [ebp+10]
ptr [ebp-10]

|
:0041569A E83909FFFF
Call 00405FD8
:0041569F 6828034400
push 00440328
:004156A4 56
push esi
:004156A5 53
push ebx
:004156A6 8B451C
:004156A9 50
push eax
:004156AA 8B4520
:004156AD 50
push eax
:004156AE
:004156B1
:004156B2
:004156B3
:004156B4
:004156B6
:004156B8
:004156BB
8B4524
50
56
53
6A00
6A00
8B45F0
50

push eax
push esi
push ebx
push 00000000
push 00000000
push eax

|
:004156BC E81709FFFF
Call 00405FD8
:004156C1 6A00
push 00000000
:004156C3 57
push edi
|
:004156C4 E8EF08FFFF
Call 00405FB8
:004156C9 8945E4
:004156CC 68FFFFFF00
push 00FFFFFF
:004156D1 57
push edi
|
:004156D2 E8A108FFFF
Call 00405F78
:004156D7 8945E0
:004156DA 68C6008800
push 008800C6
:004156DF 56
push esi
:004156E0 53
push ebx
:004156E1 8B4508
:004156E4 50
push eax
:004156E5 8B450C
:004156E8 50
push eax
:004156E9 8B4510
:004156EC 50
push eax
:004156ED 8B4528
:004156F0 50
push eax
:004156F1 8B452C
:004156F4 50
push eax
:004156F5 8B45F8
:004156F8 50
push eax
:004156F9 8B45FC
:004156FC 50
push eax
:004156FD 57
push edi
|
:004156FE E8D508FFFF
Call 00405FD8
:00415703 6846006600
push 00660046
:00415708 56
push esi
:00415709 53
push ebx
:0041570A 6A00
push 00000000
:0041570C 6A00
push 00000000
:0041570E 8B45F0
mov eax, dword
:00415711 50
push eax
:00415712 8B4528
mov eax, dword
:00415715 50
push eax
:00415716 8B452C
mov eax, dword
:00415719 50
push eax
:0041571A 8B45F8
mov eax, dword
ptr [ebp-10]
ptr [ebp+28]
ptr [ebp+2C]
ptr [ebp-08]
:0041571D
:0041571E
:00415721
:00415722
50
8B45FC
50
57
push eax
push eax
push edi

|
:00415723 E8B008FFFF
Call 00405FD8
:00415728 8B45E4
:0041572B 50
push eax
:0041572C 57
push edi
|
:0041572D E88608FFFF
Call 00405FB8
:00415732 8B45E0
:00415735 50
push eax
:00415736 57
push edi
|
:00415737 E83C08FFFF
Call 00405F78
:0041573C 837DE800
:00415740 740D
je 0041574F
:00415742 8B45E8
:00415745 50
push eax
:00415746 8B45F0
:00415749 50
push eax
|
:0041574A E81908FFFF
Call 00405F68
|:00415740(C)
|
:0041574F 8B45EC
:00415752 50
push eax
|
:00415753 E8F806FFFF
Call 00405E50
:00415758 33C0
xor eax, eax
:0041575A 5A
pop edx
:0041575B 59
pop ecx
:0041575C 59
pop ecx
:0041575D 648910
:00415760 688B574100
push 0041578B
|:00415789(U)
|
:00415765 837DDC00
:00415769 740F
:0041576B 6A00
:0041576D 8B45DC
:00415770 50
:00415771 8B45F0
:00415774 50

je 0041577A
push 00000000
push eax
push eax

|
:00415775 E8F607FFFF
Call 00405F70
|:00415769(C)
|
:0041577A 8B45F0
:0041577D 50
push eax
|
:0041577E E8BD06FFFF
Call 00405E40
:00415783 C3
ret
:00415784
:00415789
:0041578B
:0041578E
:0041578F
:00415790
:00415791
:00415793
:00415794
E9EFDAFEFF
EBDA
8A45F7
5F
5E
5B
8BE5
5D
C22800
:00415797 90
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
00403278
00415765
edi
esi
ebx
esp, ebp
ebp
0028
nop

|:004196CE
|
:00415798 53
push ebx
:00415799 56
push esi
:0041579A 57
push edi
:0041579B 8BF0
mov esi, eax
:0041579D 8BFE
mov edi, esi
:0041579F BAFF000000
mov edx, 000000FF
|:004157C4(C)
|
:004157A4 8D0497
:004157A7 8D0C52
:004157AA 8D0C0E
:004157AD 8A5902
:004157B0 885802
:004157B3 8A5901
:004157B6 885801
:004157B9 8A09
:004157BB 8808
:004157BD C6400300
:004157C1 4A
:004157C2 85D2
:004157C4 75DE
:004157C6 C6470300
:004157CA 5F
:004157CB 5E
:004157CC 5B
:004157CD C3

lea eax, dword ptr [edi+4*edx]
lea ecx, dword ptr [edx+2*edx]
lea ecx, dword ptr [esi+ecx]
mov byte ptr [eax+02], bl
mov byte ptr [eax+01], bl
mov cl, byte ptr [ecx]
mov [eax+03], 00
dec edx
test edx, edx
jne 004157A4
mov [edi+03], 00
pop edi
pop esi
pop ebx
ret
:004157CE 8BC0
mov eax, eax

|:00419F37
|
:004157D0 53
push ebx
:004157D1 56
push esi
:004157D2 57
push edi
:004157D3 83C4F8
add esp, FFFFFFF8
:004157D6 891424
:004157D9 8BF0
mov esi, eax
:004157DB 89742404
:004157DF 8B3C24
mov edi, dword ptr [esp]
:004157E2 8B3F
:004157E4 4F
dec edi
:004157E5 85FF
test edi, edi
:004157E7 7E26
jle 0041580F
:004157E9 B901000000
mov ecx, 00000001
|:0041580D(C)
|
:004157EE 8B442404
:004157F2 8D0488
:004157F5 8D1449
:004157F8 8D1416
:004157FB 8A5802
:004157FE 885A02
:00415801 8A5801
:00415804 885A01
:00415807 8A00
:00415809 8802
:0041580B 41
:0041580C 4F
:0041580D 75DF
|:004157E7(C)
|
:0041580F 8B0424
:00415812 813800010000
:00415818 7D28
:0041581A 8B0424
:0041581D BA00010000
:00415822 2B10
:00415824 8D1452
:00415827 8B0424
:0041582A 8B00
:0041582C 8D0440
:0041582F 8D0406
:00415832 33C9
:00415834 E8FFD0FEFF
:00415839 8B0424
:0041583C C70000010000
mov
lea
lea
lea
mov
mov
mov
mov
mov
mov
inc
dec
jne

eax, dword ptr [eax+4*ecx]
edx, dword ptr [ecx+2*ecx]
edx, dword ptr [esi+edx]
bl, byte ptr [eax+02]
byte ptr [edx+02], bl
bl, byte ptr [eax+01]
byte ptr [edx+01], bl
al, byte ptr [eax]
byte ptr [edx], al
ecx
edi
004157EE

jge 00415842
mov edx, 00000100
sub edx, dword ptr [eax]
lea eax, dword ptr [esi+eax]
xor ecx, ecx
call 00402938

|:00415818(C)
|
:00415842
:00415843
:00415844
:00415845
:00415846
:00415847
59
5A
5F
5E
5B
C3
pop
pop
pop
pop
pop
ret
ecx
edx
edi
esi
ebx

|:00415AD6 , :00415B38
|
:00415848 55
push ebp
:00415849 8BEC
mov ebp, esp
:0041584B 83C4D4
add esp, FFFFFFD4
:0041584E 8955F8
:00415851 8945FC
:00415854 8D45D4
:00415857 50
push eax
* Reference To: kernel32.GetSystemInfo, Ord:0000h
|
:00415858 E87304FFFF
Call 00405CD0
:0041585D 8B55FC
:00415860 8B4DF8
:00415863 49
dec ecx
:00415864 7833
js 00415899
:00415866 8D45D4
:00415869 6683782003
:0041586E 7410
je 00415880
|:0041587C(C)
|
:00415870 8B048A
mov eax, dword ptr [edx+4*ecx]
:00415873 0FC8
bswap eax
:00415875 C1E808
shr eax, 08
:00415878 89048A
mov dword ptr [edx+4*ecx], eax
:0041587B 49
dec ecx
:0041587C 79F2
jns 00415870
:0041587E EB19
jmp 00415899
|:0041586E(C)
|
:00415880 53
push ebx
|:00415896(C)
|
:00415881 31DB
xor ebx, ebx
:00415883 8B048A
mov eax, dword ptr [edx+4*ecx]
:00415886 88C7
mov bh, al
:00415888 88E3
mov bl, ah
:0041588A C1E810
shr eax, 10
:0041588D C1E308
shl ebx, 08
:00415890 88C3
mov bl, al
:00415892 891C8A
mov dword ptr [edx+4*ecx], ebx
:00415895 49
dec ecx
:00415896 79E9
jns 00415881
:00415898 5B
pop ebx
|:00415864(C), :0041587E(U)
|
:00415899 8BE5
:0041589B 5D
:0041589C C3
:0041589D 8D4000
mov esp, ebp

pop ebp
ret

|:0041A635
|
:004158A0 55
push ebp
:004158A1 8BEC
mov ebp, esp
:004158A3 81C4F8FBFFFF
add esp, FFFFFBF8
:004158A9 53
push ebx
:004158AA 66C785F8FBFFFF0003
mov word ptr [ebp+FFFFFBF8], 0300
:004158B3 66C785FAFBFFFF1000
mov word ptr [ebp+FFFFFBFA], 0010
:004158BC 8D95FCFBFFFF
lea edx, dword ptr [ebp+FFFFFBFC]
:004158C2 B940000000
mov ecx, 00000040
:004158C7 E8E0CEFEFF
call 004027AC
:004158CC 6A00
push 00000000
|
:004158CE E87508FFFF
Call 00406148
:004158D3 8945FC
:004158D6 33C0
xor eax, eax
:004158D8 55
push ebp
:004158D9 689D594100
push 0041599D
:004158DE 64FF30
:004158E1 648920
:004158E4 6A68
push 00000068
:004158E6 8B45FC
:004158E9 50
push eax
|
:004158EA E8B905FFFF
Call 00405EA8
:004158EF 8BD8
mov ebx, eax
:004158F1 83FB10
cmp ebx, 00000010
:004158F4 0F8C8A000000
jl 00415984
:004158FA 8D85FCFBFFFF
lea eax, dword ptr [ebp+FFFFFBFC]
:00415900 50
push eax
:00415901 6A08
push 00000008
:00415903 6A00
push 00000000
:00415905 8B45FC
:00415908 50
push eax
|
:00415909 E8DA05FFFF
Call 00405EE8
:0041590E 81BD18FCFFFFC0C0C000
cmp dword ptr [ebp+FFFFFC18], 00C0C0C0
:00415918 754C
jne 00415966
:0041591A 8D8518FCFFFF
lea eax, dword ptr [ebp+FFFFFC18]
:00415920 50
push eax
:00415921 6A01
push 00000001
:00415923
:00415925
:00415928
:00415929
:0041592C
8BC3
83E808
50
8B45FC
50
mov eax, ebx

sub eax, 00000008
push eax
push eax

|
:0041592D E8B605FFFF
Call 00405EE8
:00415932 0FB785FAFBFFFF
movzx eax, word ptr [ebp+FFFFFBFA]
:00415939 8D8485E0FBFFFF
lea eax, dword ptr [ebp+4*eax-00000420]
:00415940 50
push eax
:00415941 6A07
push 00000007
:00415943 83EB07
sub ebx, 00000007
:00415946 53
push ebx
:00415947 8B45FC
:0041594A 50
push eax
|
:0041594B E89805FFFF
Call 00405EE8
:00415950 8D851CFCFFFF
lea eax, dword ptr [ebp+FFFFFC1C]
:00415956 50
push eax
:00415957 6A01
push 00000001
:00415959 6A07
push 00000007
:0041595B 8B45FC
:0041595E 50
push eax
|
:0041595F E88405FFFF
Call 00405EE8
:00415964 EB1E
jmp 00415984
|:00415918(C)
|
:00415966 0FB785FAFBFFFF
:0041596D 8D8485DCFBFFFF
:00415974 50
:00415975 6A08
:00415977 83EB08
:0041597A 53
:0041597B 8B45FC
:0041597E 50

movzx eax, word ptr [ebp+FFFFFBFA]
lea eax, dword ptr [ebp+4*eax-00000424]
push eax
push 00000008
sub ebx, 00000008
push ebx
push eax

|
:0041597F E86405FFFF
Call 00405EE8
|:004158F4(C), :00415964(U)
|
:00415984 33C0
:00415986 5A
:00415987 59
:00415988 59
:00415989 648910
:0041598C 68A4594100

xor eax, eax
pop edx
pop ecx
pop ecx
push 004159A4
|:004159A2(U)
|
:00415991 8B45FC
:00415994 50
:00415995 6A00

push eax
push 00000000

|
:00415997 E8C409FFFF
Call 00406360
:0041599C C3
ret
:0041599D
:004159A2
:004159A4
:004159AA
E9D6D8FEFF
EBED
8D85F8FBFFFF
50
jmp 00403278
jmp 00415991
lea eax, dword ptr [ebp+FFFFFBF8]
push eax

|
:004159AB E87004FFFF
Call 00405E20
:004159B0 5B
pop ebx
:004159B1 8BE5
mov esp, ebp
:004159B3 5D
pop ebp
:004159B4 C3
ret
:004159B5 8D4000

|:00415AC4
|
:004159B8 55
push ebp
:004159B9 8BEC
mov ebp, esp
:004159BB 83C4F8
add esp, FFFFFFF8
:004159BE 53
push ebx
:004159BF 8BD8
mov ebx, eax
:004159C1 C645FF00
mov [ebp-01], 00
:004159C5 833D3036440000
cmp dword ptr [00443630], 00000000
:004159CC 7477
je 00415A45
:004159CE 6A00
push 00000000
|
:004159D0 E87307FFFF
Call 00406148
:004159D5 8945F8
:004159D8 33D2
xor edx, edx
:004159DA 55
push ebp
:004159DB 683E5A4100
push 00415A3E
:004159E0 64FF32
:004159E3 648922
:004159E6 6A68
push 00000068
:004159E8 8B45F8
:004159EB 50
push eax
|
:004159EC E8B704FFFF
Call 00405EA8
:004159F1 83F810
cmp eax, 00000010
:004159F4 7C2F
jl 00415A25
:004159F6 8D4304
:004159F9
:004159FA
:004159FC
:004159FE
:00415A03
50
6A08
6A00
A130364400
50
push eax
push 00000008
push 00000000
push eax

|
:00415A04 E8C704FFFF
Call 00405ED0
:00415A09 0FB74302
movzx eax, word ptr [ebx+02]
:00415A0D 8D4483E4
lea eax, dword ptr [ebx+4*eax-1C]
:00415A11 50
push eax
:00415A12 6A08
push 00000008
:00415A14 6A08
push 00000008
:00415A16 A130364400
:00415A1B 50
push eax
|
:00415A1C E8AF04FFFF
Call 00405ED0
:00415A21 C645FF01
mov [ebp-01], 01
|:004159F4(C)
|
:00415A25 33C0
:00415A27 5A
:00415A28 59
:00415A29 59
:00415A2A 648910
:00415A2D 68455A4100

xor eax, eax
pop edx
pop ecx
pop ecx
push 00415A45

|:00415A43(U)
|
:00415A32 8B45F8
:00415A35 50
push eax
:00415A36 6A00
push 00000000
|
:00415A38 E82309FFFF
Call 00406360
:00415A3D C3
ret
:00415A3E E935D8FEFF
:00415A43 EBED
jmp 00403278
jmp 00415A32

|:004159CC(C)
|
:00415A45 8A45FF
:00415A48 5B
pop ebx
:00415A49 59
pop ecx
:00415A4A 59
pop ecx
:00415A4B 5D
pop ebp
:00415A4C C3
ret
:00415A4D 8D4000

|:004192D2 , :0041977B , :004198F2
|
:00415A50 53
push ebx
:00415A51 56
push esi
:00415A52 57
push edi
:00415A53 81C4FCFBFFFF
add esp, FFFFFBFC
:00415A59 8BF8
mov edi, eax
:00415A5B 33F6
xor esi, esi
:00415A5D 66C704240003
:00415A63 85FF
test edi, edi
:00415A65 7438
je 00415A9F
:00415A67 6A00
push 00000000
|
:00415A69 E88A03FFFF
Call 00405DF8
:00415A6E 8BD8
mov ebx, eax
:00415A70 57
push edi
:00415A71 53
push ebx
|
:00415A72 E8F104FFFF
Call 00405F68
:00415A77 8BF8
mov edi, eax
:00415A79 8D442404
:00415A7D 50
push eax
:00415A7E 6800010000
push 00000100
:00415A83 6A00
push 00000000
:00415A85 53
push ebx
|
:00415A86 E80D04FFFF
Call 00405E98
:00415A8B 6689442402
:00415A90 57
push edi
:00415A91 53
push ebx
|
:00415A92 E8D104FFFF
Call 00405F68
:00415A97 53
push ebx
|
:00415A98 E8A303FFFF
Call 00405E40
:00415A9D EB13
jmp 00415AB2
|:00415A65(C)
|
:00415A9F 66894C2402
:00415AA4 8BC2
:00415AA6 8D542404
:00415AAA C1E102
:00415AAD E8FACCFEFF

mov word ptr [esp+02], cx
mov eax, edx
shl ecx, 02
call 004027AC

|:00415A9D(U)
|
:00415AB2
:00415AB8
:00415ABA
:00415AC0
:00415AC2
:00415AC4
:00415AC9
:00415ACB
66837C240200
742B
66837C240210
750B
8BC4
E8EFFEFFFF
84C0
750E
|:00415AC0(C)
|
:00415ACD 0FB7542402
:00415AD2 8D442404
:00415AD6 E86DFDFFFF
cmp word ptr [esp+02], 0000

je 00415AE5
cmp word ptr [esp+02], 0010
jne 00415ACD
mov eax, esp
call 004159B8
test al, al
jne 00415ADB
movzx edx, word ptr [esp+02]
call 00415848

|:00415ACB(C)
|
:00415ADB 8BC4
mov eax, esp
:00415ADD 50
push eax
|
:00415ADE E83D03FFFF
Call 00405E20
:00415AE3 8BF0
mov esi, eax
|:00415AB8(C)
|
:00415AE5 8BC6
:00415AE7 81C404040000
:00415AED 5F
:00415AEE 5E
:00415AEF 5B
:00415AF0 C3
:00415AF1 8D4000
mov
add
pop
pop
pop
ret
eax, esi
esp, 00000404
edi
esi
ebx

|:004181B5 , :00418456 , :00419EFD
|
:00415AF4 53
push ebx
:00415AF5 56
push esi
:00415AF6 57
push edi
:00415AF7 51
push ecx
:00415AF8 8BF9
mov edi, ecx
:00415AFA 8BF2
mov esi, edx
:00415AFC 8BD8
mov ebx, eax
:00415AFE 33C0
xor eax, eax
:00415B00 890424
:00415B03 85DB
test ebx, ebx
:00415B05 7436
je 00415B3D
:00415B07 54
push esp
:00415B08 6A04
push 00000004
:00415B0A 53
push ebx
:00415B0B
:00415B10
:00415B12
:00415B14
:00415B18
:00415B1A
:00415B1D
:00415B20
:00415B22
E8B803FFFF
85C0
7429
833C2400
7423
8D4701
3B0424
7D03
890424
|:00415B20(C)
|
:00415B25 56
:00415B26 8B442404
:00415B2A 50
:00415B2B 6A00
:00415B2D 53
|
Call 00405EC8
test eax, eax
je 00415B3D
je 00415B3D
cmp eax, dword ptr [esp]
jge 00415B25
push esi
push eax
push 00000000
push ebx

|
:00415B2E E89D03FFFF
Call 00405ED0
:00415B33 8BC6
mov eax, esi
:00415B35 8B1424
:00415B38 E80BFDFFFF
call 00415848
|:00415B05(C), :00415B12(C), :00415B18(C)
|
:00415B3D 8B0424
:00415B40 5A
pop edx
:00415B41 5F
pop edi
:00415B42 5E
pop esi
:00415B43 5B
pop ebx
:00415B44 C3
ret
:00415B45 8D4000

|:00415EA7
|
:00415B48 55
push ebp
:00415B49 8BEC
mov ebp, esp
:00415B4B 83C4E4
add esp, FFFFFFE4
:00415B4E 53
push ebx
:00415B4F 56
push esi
:00415B50 57
push edi
:00415B51 894DF8
:00415B54 8BDA
mov ebx, edx
:00415B56 8945FC
:00415B59 6A0B
push 0000000B
|
:00415B5B E8C006FFFF
Call 00406220
:00415B60 8945E4
:00415B63 6A0C
push 0000000C

|
:00415B65 E8B606FFFF
Call 00406220
:00415B6A 8945E8
:00415B6D 8B45FC
:00415B70 D16808
shr dword ptr [eax+08], 1
:00415B73 8B55FC
:00415B76 0FB7520E
movzx edx, word ptr [edx+0E]
:00415B7A 8B45FC
:00415B7D 8B4004
:00415B80 B920000000
mov ecx, 00000020
:00415B85 E866F9FFFF
call 004154F0
:00415B8A 8B55FC
:00415B8D F76A08
imul [edx+08]
:00415B90 8B55FC
:00415B93 894214
:00415B96 8B45FC
:00415B99 668B400E
mov ax, word ptr [eax+0E]
:00415B9D E82EF9FFFF
call 004154D0
:00415BA2 8BF0
mov esi, eax
:00415BA4 6A00
push 00000000
|
:00415BA6 E89D05FFFF
Call 00406148
:00415BAB 8945F0
:00415BAE 837DF000
:00415BB2 7505
jne 00415BB9
:00415BB4 E8ABF6FFFF
call 00415264
|:00415BB2(C)
|
:00415BB9 33D2
:00415BBB 55
:00415BBC 68085D4100
:00415BC1 64FF32
:00415BC4 648922
:00415BC7 8B7DFC
:00415BCA 8BC7
:00415BCC 83C028
:00415BCF 8BD6
:00415BD1 C1E202
:00415BD4 03C2
:00415BD6 8945EC
:00415BD9 6A00
:00415BDB 8B45FC
:00415BDE 57
:00415BDF 8B45EC
:00415BE2 50
:00415BE3 6A04
:00415BE5 8B45FC
:00415BE8 50
:00415BE9 8B45F0
:00415BEC 50

xor edx, edx
push ebp
push 00415D08
mov eax, edi
add eax, 00000028
mov edx, esi
shl edx, 02
add eax, edx
push 00000000
push edi
push eax
push 00000004
push eax
push eax

|
:00415BED E81602FFFF
Call 00405E08
:00415BF2 E869F7FFFF
call 00415360
:00415BF7
:00415BFA
:00415BFC
:00415BFD
:00415C02
:00415C05
:00415C08
:00415C0A
:00415C0D
:00415C10
:00415C15
:00415C17
:00415C19
:00415C1A
:00415C1B
:00415C1C
:00415C1F
8945F4
33C0
55
682E5C4100
64FF30
648920
33C9
8D55E4
8B45F4
E85BF7FFFF
8903
33C0
5A
59
59
648910
68355C4100

xor eax, eax
push ebp
push 00415C2E
xor ecx, ecx
call 00415370
xor eax, eax
pop edx
pop ecx
pop ecx
push 00415C35

|:00415C33(U)
|
:00415C24 8B45F4
:00415C27 50
push eax
|
:00415C28 E82302FFFF
Call 00405E50
:00415C2D C3
ret
:00415C2E
:00415C33
:00415C35
:00415C38
:00415C3B
:00415C3E
:00415C41
:00415C45
:00415C49
:00415C4C
:00415C4F
:00415C52
:00415C55
:00415C5A
:00415C5F
:00415C62
:00415C65
:00415C68
:00415C6B
:00415C6E
:00415C75
:00415C78
:00415C7F
:00415C82
:00415C85
:00415C87
:00415C89
:00415C90
:00415C92
:00415C95
E945D6FEFF
EBEF
8B45FC
8B4014
0145EC
8B45FC
66BB0100
6689580E
8B45FC
0FB7D3
8B45FC
8B4004
B920000000
E891F8FFFF
8B55FC
F76A08
8B55FC
894214
8B45FC
C7402002000000
8B45FC
C7402402000000
8B45FC
83C028
33D2
8910
C74004FFFFFF00
6A00
8B5DFC
53
jmp 00403278
jmp 00415C24
add dword ptr [ebp-14], eax
mov bx, 0001
mov word ptr [eax+0E], bx
movzx edx, bx
mov ecx, 00000020
call 004154F0
imul [edx+08]
mov [eax+20], 00000002
mov [eax+24], 00000002
add eax, 00000028
xor edx, edx
mov [eax+04], 00FFFFFF
push 00000000
push ebx
:00415C96
:00415C99
:00415C9A
:00415C9C
:00415C9F
:00415CA0
:00415CA3
8B45EC
50
6A04
8B45FC
53
8B45F0
50

push eax
push 00000004
push ebx
push eax

|
:00415CA4 E85F01FFFF
Call 00405E08
:00415CA9 E8B2F6FFFF
call 00415360
:00415CAE 8945F4
:00415CB1 33C0
xor eax, eax
:00415CB3 55
push ebp
:00415CB4 68E85C4100
push 00415CE8
:00415CB9 64FF30
:00415CBC 648920
:00415CBF B101
mov cl, 01
:00415CC1 8D55E4
:00415CC4 8B45F4
:00415CC7 E8A4F6FFFF
call 00415370
:00415CCC 8B55F8
:00415CCF 8902
:00415CD1 33C0
xor eax, eax
:00415CD3 5A
pop edx
:00415CD4 59
pop ecx
:00415CD5 59
pop ecx
:00415CD6 648910
:00415CD9 68EF5C4100
push 00415CEF
|:00415CED(U)
|
:00415CDE 8B45F4
:00415CE1 50
push eax
|
:00415CE2 E86901FFFF
Call 00405E50
:00415CE7 C3
ret
:00415CE8
:00415CED
:00415CEF
:00415CF1
:00415CF2
:00415CF3
:00415CF4
E98BD5FEFF
EBEF
33C0
5A
59
59
648910
jmp
jmp
xor
pop
pop
pop
mov
00403278
00415CDE
eax, eax
edx
ecx
ecx

|
:00415CF7 680F5D4100
push 00415D0F
|:00415D0D(U)
|
:00415CFC 8B45F0
:00415CFF 50
push eax
:00415D00 6A00
push 00000000

|
:00415D02 E85906FFFF
Call 00406360
:00415D07 C3
ret
:00415D08
:00415D0D
:00415D0F
:00415D10
:00415D11
:00415D12
:00415D14
:00415D15
E96BD5FEFF
EBED
5F
5E
5B
8BE5
5D
C3
:00415D16 8BC0
jmp
jmp
pop
pop
pop
mov
pop
ret
00403278
00415CFC
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:0041A2A2
|
:00415D18 55
push ebp
:00415D19 8BEC
mov ebp, esp
:00415D1B 83C48C
add esp, FFFFFF8C
:00415D1E 53
push ebx
:00415D1F 56
push esi
:00415D20 57
push edi
:00415D21 894DF4
:00415D24 8955F8
:00415D27 8945FC
:00415D2A 8B45F4
:00415D2D C1E004
shl eax, 04
:00415D30 8945EC
:00415D33 8B45EC
:00415D36 E80D17FFFF
call 00407448
:00415D3B 8945F0
:00415D3E 55
push ebp
:00415D3F 68C85F4100
push 00415FC8
:00415D44 64FF3500000000
push dword ptr fs:[00000000]
:00415D4B 64892500000000
mov dword ptr fs:[00000000], esp
:00415D52 8B55F0
:00415D55 8B4DEC
:00415D58 8B45FC
:00415D5B 8B18
:00415D5D FF5304
call [ebx+04]
:00415D60 6A0B
push 0000000B
|
:00415D62 E8B904FFFF
Call 00406220
:00415D67 8945D8
:00415D6A 6A0C
push 0000000C
|
:00415D6C E8AF04FFFF
Call 00406220
:00415D71 8945DC
:00415D74 6A00
push 00000000

|
:00415D76 E8CD03FFFF
Call 00406148
:00415D7B 8945D4
:00415D7E 837DD400
:00415D82 7505
jne 00415D89
:00415D84 E8DBF4FFFF
call 00415264
|:00415D82(C)
|
:00415D89 33D2
:00415D8B 55
:00415D8C 68E95D4100
:00415D91 64FF32
:00415D94 648922
:00415D97 6A0E
:00415D99 8B45D4
:00415D9C 50

xor edx, edx
push ebp
push 00415DE9
push 0000000E
push eax

|
:00415D9D E80601FFFF
Call 00405EA8
:00415DA2 8BD8
mov ebx, eax
:00415DA4 6A0C
push 0000000C
:00415DA6 8B45D4
:00415DA9 50
push eax
|
:00415DAA E8F900FFFF
Call 00405EA8
:00415DAF 660FAFD8
imul bx, ax
:00415DB3 8BC3
mov eax, ebx
:00415DB5 6683F818
cmp ax, 0018
:00415DB9 7508
jne 00415DC3
:00415DBB 66C745E60000
mov [ebp-1A], 0000
:00415DC1 EB0D
jmp 00415DD0
|:00415DB9(C)
|
:00415DC3 8BC8
:00415DC5 66B80100
:00415DC9 66D3E0
:00415DCC 668945E6
|:00415DC1(U)
|
:00415DD0 33C0
:00415DD2 5A
:00415DD3 59
:00415DD4 59
:00415DD5 648910
:00415DD8 68F05D4100
mov
mov
shl
mov
ecx, eax
ax, 0001
ax, cl
word ptr [ebp-1A], ax
xor eax, eax

pop edx
pop ecx
pop ecx
push 00415DF0

|:00415DEE(U)
|
:00415DDD 8B45D4
:00415DE0 50
:00415DE1 6A00

push eax
push 00000000

|
:00415DE3 E87805FFFF
Call 00406360
:00415DE8 C3
ret
:00415DE9
:00415DEE
:00415DF0
:00415DF3
:00415DF5
:00415DF8
:00415DFB
:00415DFC
:00415DFE
:00415E00
:00415E01
E98AD4FEFF
EBED
83CEFF
33C0
8945E0
8B4DF4
49
85C9
7C42
41
33C0
jmp 00403278
jmp 00415DDD
or esi, FFFFFFFF
xor eax, eax
dec ecx
test ecx, ecx
jl 00415E42
inc ecx
xor eax, eax
|:00415E40(C)
|
:00415E03 8BD0
:00415E05 03D2
:00415E07 8B5DF0
:00415E0A 0FB754D302
:00415E0F 0FB77DE6
:00415E13 3BD7
:00415E15 7504
:00415E17 8BF0
:00415E19 EB27
|:00415E15(C)
|
:00415E1B 83FEFF
:00415E1E 7517
:00415E20 3BFA
:00415E22 7C1A
:00415E24 8BF0
:00415E26 8BD0
:00415E28 03D2
:00415E2A 8B5DF0
:00415E2D 0FB754D302
:00415E32 8955E0
:00415E35 EB07
mov edx, eax

add edx, edx
movzx edx, word ptr [ebx+8*edx+02]
movzx edi, word ptr [ebp-1A]
cmp edx, edi
jne 00415E1B
mov esi, eax
jmp 00415E42
cmp esi, FFFFFFFF

jne 00415E37
cmp edi, edx
jl 00415E3E
mov esi, eax
mov edx, eax
add edx, edx
movzx edx, word ptr [ebx+8*edx+02]
jmp 00415E3E

|:00415E1E(C)
|
:00415E37 3B55E0
:00415E3A 7E02
jle 00415E3E
:00415E3C 8BF0
mov esi, eax
|:00415E22(C), :00415E35(U), :00415E3A(C)
|
:00415E3E 40
:00415E3F 49
:00415E40 75C1
inc eax
dec ecx
jne 00415E03
|:00415DFE(C), :00415E19(U)
|
:00415E42 83FEFF
:00415E45 7502
:00415E47 33F6
|:00415E45(C)
|
:00415E49 8BC6
:00415E4B 03C0
:00415E4D 8B55F0
:00415E50 8D04C2
:00415E53 8945BC
:00415E56 8B45BC
:00415E59 8B4008
:00415E5C E8E715FFFF
:00415E61 8945D0
:00415E64 33C0
:00415E66 55
:00415E67 68A85F4100
:00415E6C 64FF30
:00415E6F 648920
:00415E72 8B45BC
:00415E75 8B500C
:00415E78 8B45EC
:00415E7B 034508
:00415E7E 2BD0
:00415E80 66B90100
:00415E84 8B45FC
:00415E87 8B18
:00415E89 FF530C
:00415E8C 8B45BC
:00415E8F 8B4808
:00415E92 8B5DD0
:00415E95 8BD3
:00415E97 8B45FC
:00415E9A 8B30
:00415E9C FF5604
:00415E9F 8D4DC4
:00415EA2 8D55C8
:00415EA5 8BC3
:00415EA7 E89CFCFFFF
:00415EAC 8D458C
:00415EAF 50
:00415EB0 6A18
:00415EB2 8B45C4
:00415EB5 50
cmp esi, FFFFFFFF

jne 00415E49
xor esi, esi
mov eax, esi

add eax, eax
lea eax, dword ptr [edx+8*eax]
call 00407448
xor eax, eax
push ebp
push 00415FA8
add eax, dword ptr [ebp+08]
sub edx, eax
mov cx, 0001
call [ebx+0C]
mov edx, ebx
call [esi+04]
mov eax, ebx
call 00415B48
push eax
push 00000018
push eax

|
:00415EB6 E80D00FFFF
Call 00405EC8
:00415EBB 8D45A4
:00415EBE 50
push eax
:00415EBF 6A18
push 00000018
:00415EC1 8B45C8
:00415EC4 50

push eax

|
:00415EC5 E8FEFFFEFF
Call 00405EC8
:00415ECA 8B5D98
:00415ECD 0FAF5D94
imul ebx, dword ptr [ebp-6C]
:00415ED1 0FB7459C
movzx eax, word ptr [ebp-64]
:00415ED5 0FAFD8
imul ebx, eax
:00415ED8 8B45B0
:00415EDB F76DAC
imul [ebp-54]
:00415EDE 0FB755B4
movzx edx, word ptr [ebp-4C]
:00415EE2 F7EA
imul edx
:00415EE4 8945C0
:00415EE7 8B45C0
:00415EEA 03C3
add eax, ebx
:00415EEC 8945E8
:00415EEF 8B45E8
:00415EF2 E85115FFFF
call 00407448
:00415EF7 8945CC
:00415EFA 33C0
xor eax, eax
:00415EFC 55
push ebp
:00415EFD 68855F4100
push 00415F85
:00415F02 64FF30
:00415F05 648920
:00415F08 8B7DCC
:00415F0B 8B75CC
:00415F0E 03F3
add esi, ebx
:00415F10 57
push edi
:00415F11 53
push ebx
:00415F12 8B45C4
:00415F15 50
push eax
|
:00415F16 E855FFFEFF
Call 00405E70
:00415F1B 56
push esi
:00415F1C 8B45C0
:00415F1F 50
push eax
:00415F20 8B45C8
:00415F23 50
push eax
|
Call 00405E70
:00415F29 8B45C8
:00415F2C 50
push eax
|
:00415F2D E81EFFFEFF
Call 00405E50
:00415F32 8B45C4
:00415F35 50
push eax
|
Call 00405E50
:00415F3B 56
push esi
:00415F3C 57
push edi
:00415F3D
:00415F40
:00415F41
:00415F44
:00415F45
:00415F48
:00415F49
:00415F4C
:00415F4D
:00415F52
:00415F54
8A45B6
50
8A45B4
50
8B45DC
50
8B45D8
50
A1E02B4400
8B00
50
mov al, byte ptr [ebp-4A]

push eax
mov al, byte ptr [ebp-4C]
push eax
push eax
push eax
push eax
* Reference To: user32.CreateIcon, Ord:0000h

|
:00415F55 E8D600FFFF
Call 00406030
:00415F5A 8B55F8
:00415F5D 8902
:00415F5F 8B45F8
:00415F62 833800
:00415F65 7505
jne 00415F6C
:00415F67 E84CF3FFFF
call 004152B8
|:00415F65(C)
|
:00415F6C 33C0
:00415F6E 5A
:00415F6F 59
:00415F70 59
:00415F71 648910
:00415F74 688C5F4100
|:00415F8A(U)
|
:00415F79 8B55E8
:00415F7C 8B45CC
:00415F7F E828C7FEFF
:00415F84 C3
:00415F85
:00415F8A
:00415F8C
:00415F8E
:00415F8F
:00415F90
:00415F91
:00415F94
jmp 00403278
jmp 00415F79
xor eax, eax
pop edx
pop ecx
pop ecx
push 00415FAF
E9EED2FEFF
EBED
33C0
5A
59
59
648910
68AF5F4100
|:00415FAD(U)
|
:00415F99 8B45BC
:00415F9C 8B5008
:00415F9F 8B45D0
:00415FA2 E805C7FEFF
:00415FA7 C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 00415F8C

call 004026AC
ret

call 004026AC
ret
:00415FA8
:00415FAD
:00415FAF
:00415FB1
:00415FB2
:00415FB3
:00415FB4
E9CBD2FEFF
EBEA
33C0
5A
59
59
648910
jmp
jmp
xor
pop
pop
pop
mov
00403278
00415F99
eax, eax
edx
ecx
ecx

|
:00415FB7 68CF5F4100
push 00415FCF
|:00415FCD(U)
|
:00415FBC 8B55EC
:00415FBF 8B45F0
:00415FC2 E8E5C6FEFF
:00415FC7 C3
:00415FC8
:00415FCD
:00415FCF
:00415FD0
:00415FD1
:00415FD2
:00415FD4
:00415FD5
jmp
jmp
pop
pop
pop
mov
pop
ret
E9ABD2FEFF
EBED
5F
5E
5B
8BE5
5D
C20400

call 004026AC
ret
00403278
00415FBC
edi
esi
ebx
esp, ebp
ebp
0004

|:004175E0 , :00417B41
|
:00415FD8 33C9
xor ecx, ecx
:00415FDA 8BD0
mov edx, eax
:00415FDC 83C014
add eax, 00000014
:00415FDF EB06
jmp 00415FE7
|:00415FE9(C)
|
:00415FE1 66330A
xor cx, word ptr [edx]
:00415FE4 83C202
add edx, 00000002
|:00415FDF(U)
|
:00415FE7 3BD0
cmp edx, eax
:00415FE9 7CF6
jl 00415FE1
:00415FEB 8BC1
mov eax, ecx
:00415FED C3
ret
:00415FEE 8BC0
mov eax, eax

|:004160DA , :00416136
|
:00415FF0
:00415FF1
:00415FF2
:00415FF3
:00415FF6
:00415FF8
:00415FFA
:00415FFC
:00416000
:00416001
:00416003
53
56
57
83C4AC
8BF1
8BDA
33D2
89542418
54
6A54
50
push ebx
push esi
push edi
add esp, FFFFFFAC
mov esi, ecx
mov ebx, edx
xor edx, edx
push esp
push 00000054
push eax

|
:00416004 E8BFFEFEFF
Call 00405EC8
:00416009 85C0
test eax, eax
:0041600B 7507
jne 00416014
:0041600D E87AF1FFFF
call 0041518C
:00416012 EB3F
jmp 00416053
|:0041600B(C)
|
:00416014 83F840
:00416017 7C18
:00416019 837C241828
:0041601E 7211
:00416020 56
:00416021 8BFB
:00416023 8D74241C
:00416027 B90A000000
:0041602C F3
:0041602D A5
:0041602E 5E
:0041602F EB22
|:00416017(C), :0041601E(C)
|
:00416031 8BC3
:00416033 33C9
:00416035 BA28000000
:0041603A E8F9C8FEFF
:0041603F C70328000000
:00416045 8B442404
:00416049 894304
:0041604C 8B442408
:00416050 894308
|:00416012(U), :0041602F(U)
|
:00416053 85F6
:00416055 742C
:00416057 83EE02
:0041605A 740F
:0041605C 83EE0E
:0041605F 7412
:00416061 81EEF0000000
:00416067 7412
cmp eax, 00000040

jl 00416031
jb 00416031
push esi
mov edi, ebx
lea esi, dword ptr [esp+1C]
mov ecx, 0000000A
repz
movsd
pop esi
jmp 00416053
mov eax, ebx

xor ecx, ecx
mov edx, 00000028
call 00402938
test esi, esi

je 00416083
sub esi, 00000002
je 0041606B
sub esi, 0000000E
je 00416073
sub esi, 000000F0
je 0041607B
:00416069 EB26
jmp 00416091

|:0041605A(C)
|
:0041606B 66C7430E0100
mov [ebx+0E], 0001
:00416071 EB1E
jmp 00416091
|:0041605F(C)
|
:00416073 66C7430E0400
mov [ebx+0E], 0004
:00416079 EB16
jmp 00416091
|:00416067(C)
|
:0041607B 66C7430E0800
mov [ebx+0E], 0008
:00416081 EB0E
jmp 00416091
|:00416055(C)
|
:00416083 668B442412
:00416088 66F76C2410
:0041608D 6689430E

mov ax, word ptr [esp+12]
imul [esp+10]
mov word ptr [ebx+0E], ax

|:00416069(U), :00416071(U), :00416079(U), :00416081(U)
|
:00416091 66C7430C0100
mov [ebx+0C], 0001
:00416097 837B1400
:0041609B 7521
jne 004160BE
:0041609D 0FB7530E
movzx edx, word ptr [ebx+0E]
:004160A1 8B4304
:004160A4 B920000000
mov ecx, 00000020
:004160A9 E842F4FFFF
call 004154F0
:004160AE 8BC8
mov ecx, eax
:004160B0 8B4308
:004160B3 99
cdq
:004160B4 33C2
xor eax, edx
:004160B6 2BC2
sub eax, edx
:004160B8 0FAFC8
imul ecx, eax
:004160BB 894B14
|:0041609B(C)
|
:004160BE 83C454
add esp, 00000054
:004160C1 5F
pop edi
:004160C2 5E
pop esi
:004160C3 5B
pop ebx
:004160C4 C3
ret
:004160C5 8D4000

|:0041611A , :0041624A , :0041625A
|
, :00419E10
:004160C8
:004160C9
:004160CB
:004160CE
:004160CF
:004160D0
:004160D2
:004160D4
:004160D7
:004160DA
:004160DF
:004160E3
:004160E7
:004160E9
:004160EF
:004160F3
:004160F5
:004160F8
55
8BEC
83C4D8
53
56
8BF1
8BDA
8D55D8
8B4D08
E811FFFFFF
668B45E6
6683F808
7611
C70328000000
F645E803
7416
83030C
EB11
push ebp
mov ebp, esp
add esp, FFFFFFD8
push ebx
push esi
mov esi, ecx
mov ebx, edx
call 00415FF0
mov ax, word ptr [ebp-1A]
cmp ax, 0008
jbe 004160FA
test [ebp-18], 03
je 0041610B
add dword ptr [ebx], 0000000C
jmp 0041610B
|:004160E7(C)
|
:004160FA 8BC8
:004160FC B801000000
:00416101 D3E0
:00416103 C1E002
:00416106 83C028
:00416109 8903
|:004160F3(C), :004160F8(U)
|
:0041610B 8B45EC
:0041610E 8906
:00416110 5E
:00416111 5B
:00416112 8BE5
:00416114 5D
:00416115 C20400
mov
mov
shl
shl
add
mov
mov
mov
pop
pop
mov
pop
ret
ecx, eax
eax, 00000001
eax, cl
eax, 02
eax, 00000028
dword ptr [ebx], eax

esi
ebx
esp, ebp
ebp
0004

|:0042F81F , :0043F8CD
|
:00416118 6A00
push 00000000
:0041611A E8A9FFFFFF
call 004160C8
:0041611F C3
ret

|:004161DA , :004162BB , :004162CE
|
:00416120 55
push ebp
:00416121 8BEC
mov ebp, esp
:00416123 83C4F4
add esp, FFFFFFF4
:00416126 53
push ebx
:00416127 56
push esi
:00416128 57
push edi
:00416129
:0041612B
:0041612D
:0041612F
:00416131
:00416134
:00416136
:0041613B
:0041613D
:00416140
8BD9
8BFA
8BF0
8BD3
8B4D08
8BC6
E8B5FEFFFF
33C0
8945F8
6A00
mov ebx, ecx

mov edi, edx
mov esi, eax
mov edx, ebx
mov eax, esi
call 00415FF0
xor eax, eax
push 00000000

|
:00416142 E8B1FCFEFF
Call 00405DF8
:00416147 8945F4
:0041614A 33C0
xor eax, eax
:0041614C 55
push ebp
:0041614D 68BD614100
push 004161BD
:00416152 64FF30
:00416155 648920
:00416158 85FF
test edi, edi
:0041615A 7418
je 00416174
:0041615C 6A00
push 00000000
:0041615E 57
push edi
:0041615F 8B45F4
:00416162 50
push eax
|
:00416163 E808FEFEFF
Call 00405F70
:00416168 8945F8
:0041616B 8B45F4
:0041616E 50
push eax
|
:0041616F E8CCFDFEFF
Call 00405F40
|:0041615A(C)
|
:00416174 6A00
push 00000000
:00416176 53
push ebx
:00416177 8B450C
:0041617A 50
push eax
:0041617B 8B4308
:0041617E 50
push eax
:0041617F 6A00
push 00000000
:00416181 56
push esi
:00416182 8B45F4
:00416185 50
push eax
|
:00416186 E815FDFEFF
Call 00405EA0
:0041618B 85C0
test eax, eax
:0041618D 0F9545FF
setne byte ptr [ebp-01]
:00416191 33C0
xor eax, eax
:00416193 5A
pop edx
:00416194 59
pop ecx
:00416195 59
:00416196 648910
:00416199 68C4614100
pop ecx
push 004161C4
|:004161C2(U)
|
:0041619E 837DF800
:004161A2 740F
:004161A4 6A00
:004161A6 8B45F8
:004161A9 50
:004161AA 8B45F4
:004161AD 50

je 004161B3
push 00000000
push eax
push eax

|
:004161AE E8BDFDFEFF
Call 00405F70
|:004161A2(C)
|
:004161B3 8B45F4
:004161B6 50
push eax
|
:004161B7 E884FCFEFF
Call 00405E40
:004161BC C3
ret
:004161BD
:004161C2
:004161C4
:004161C7
:004161C8
:004161C9
:004161CA
:004161CC
:004161CD
E9B6D0FEFF
EBDA
8A45FF
5F
5E
5B
8BE5
5D
C20800
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
00403278
0041619E
edi
esi
ebx
esp, ebp
ebp
0008

|:0042F84E , :0043F8FF
|
:004161D0 55
push ebp
:004161D1 8BEC
mov ebp, esp
:004161D3 53
push ebx
:004161D4 8B5D08
:004161D7 53
push ebx
:004161D8 6A00
push 00000000
:004161DA E841FFFFFF
call 00416120
:004161DF 5B
pop ebx
:004161E0 5D
pop ebp
:004161E1 C20400
ret 0004
|:004161EC
|
:004161E4 C3
:004161E5 8D4000
ret

|:0041622C
|
:004161E8 85C0
test eax, eax
:004161EA 7505
jne 004161F1
:004161EC E8F3FFFFFF
call 004161E4
|:004161EA(C)
|
:004161F1 C3
ret
:004161F2 8BC0
mov eax, eax
|:0041A33A
|
:004161F4 55
push ebp
:004161F5 8BEC
mov ebp, esp
:004161F7 83C4AC
add esp, FFFFFFAC
:004161FA 53
push ebx
:004161FB 56
push esi
:004161FC 57
push edi
:004161FD 884DFF
mov byte ptr [ebp-01], cl
:00416200 8BF2
mov esi, edx
:00416202 8BD8
mov ebx, eax
:00416204 8D45D6
lea eax, dword ptr [ebp-2A]
:00416207 33C9
xor ecx, ecx
:00416209 BA06000000
mov edx, 00000006
:0041620E E825C7FEFF
call 00402938
:00416213 8D45AC
:00416216 33C9
xor ecx, ecx
:00416218 BA10000000
mov edx, 00000010
:0041621D E816C7FEFF
call 00402938
:00416222 8D45BC
:00416225 50
push eax
:00416226 56
push esi
|
:00416227 E844FFFEFF
Call 00406170
:0041622C E8B7FFFFFF
call 004161E8
:00416231 33D2
xor edx, edx
:00416233 55
push ebp
:00416234 68E2634100
push 004163E2
:00416239 64FF32
:0041623C 648922
:0041623F 6A02
push 00000002
:00416241 8D4DF0
:00416244 8D55F8
:00416247 8B45C8
call 004160C8
:0041624F 6A10
push 00000010
:00416251 8D4DEC
:00416254 8D55F4
:00416257 8B45CC
:0041625A
:0041625F
:00416261
:00416264
:00416266
:00416269
:0041626B
:0041626E
:00416270
:00416273
:00416275
:00416276
:0041627B
:0041627E
:00416281
:00416284
:00416289
:0041628C
:0041628F
:00416294
:00416297
:0041629A
:0041629F
:004162A2
:004162A5
:004162AA
:004162AD
:004162B0
:004162B1
:004162B3
:004162B6
:004162B8
:004162BB
:004162C0
:004162C3
:004162C4
:004162C6
:004162C9
:004162CB
:004162CE
:004162D3
:004162D7
:004162D9
:004162DC
:004162DF
:004162E2
:004162E5
:004162E8
:004162EB
:004162F0
:004162F2
:004162F4
E869FEFFFF
33C0
8945E8
33C0
8945E4
33C0
8945E0
33C0
8945DC
33D2
55
68BB634100
64FF32
648922
8B45F8
E8BF11FFFF
8945E8
8B45F0
E8B411FFFF
8945E4
8B45F4
E8A911FFFF
8945E0
8B45EC
E89E11FFFF
8945DC
8B45E4
50
6A02
8B4DE8
33D2
8B45C8
E860FEFFFF
8B45DC
50
6A10
8B4DE0
33D2
8B45CC
E84DFEFFFF
807DFF00
741E
8B45F4
83C016
0345EC
0345F0
8945D0
8D55D0
B904000000
8BC3
8B30
FF5608
|:004162D7(C)
|
:004162F7 66C745D80100
:004162FD 66C745DA0100
:00416303 8D55D6
:00416306 B906000000
call 004160C8
xor eax, eax
xor eax, eax
xor eax, eax
xor eax, eax
xor edx, edx
push ebp
push 004163BB
call 00407448
call 00407448
call 00407448
call 00407448
push eax
push 00000002
xor edx, edx
call 00416120
push eax
push 00000010
xor edx, edx
call 00416120
je 004162F7
add eax, 00000016
add eax, dword ptr [ebp-14]
mov ecx, 00000004
mov eax, ebx
call [esi+08]
mov
mov
lea
mov
[ebp-28], 0001
[ebp-26], 0001
edx, dword ptr [ebp-2A]
ecx, 00000006
:0041630B
:0041630D
:0041630F
:00416312
:00416315
:00416317
:0041631A
:0041631D
:00416320
:00416323
:00416327
:0041632C
:00416330
:00416333
:00416336
:00416339
:0041633C
:00416343
:00416346
:0041634B
:0041634D
:0041634F
:00416352
:00416354
:00416357
:0041635A
:0041635D
:00416360
:00416362
:00416364
:00416367
:0041636A
:0041636D
:0041636F
:00416371
:00416374
:00416377
:0041637A
:0041637C
:0041637E
:00416381
:00416383
:00416384
:00416385
:00416386
:00416389
8BC3
8B30
FF5608
8B75E0
8BC6
8A5004
8855AC
8A5008
8855AD
668B500C
660FAF500E
668955AE
8B45F4
0345EC
0345F0
8945B4
C745B816000000
8D55AC
B910000000
8BC3
8B38
FF5708
8BC6
8B5008
015008
8B55E0
8B4DF4
8BC3
8B30
FF5608
8B55DC
8B4DEC
8BC3
8B30
FF5608
8B55E4
8B4DF0
8BC3
8B18
FF5308
33C0
5A
59
59
648910
68C2634100
|:004163C0(U)
|
:0041638E 8B55F4
:00416391 8B45E0
:00416394 E813C3FEFF
:00416399 8B55EC
:0041639C 8B45DC
:0041639F E808C3FEFF
:004163A4 8B55F8
:004163A7 8B45E8
:004163AA E8FDC2FEFF
:004163AF 8B55F0
mov eax, ebx

call [esi+08]
mov eax, esi
mov dx, word ptr [eax+0C]
imul dx, word ptr [eax+0E]
mov word ptr [ebp-52], dx
mov [ebp-48], 00000016
mov ecx, 00000010
mov eax, ebx
call [edi+08]
mov eax, esi
add dword ptr [eax+08], edx
mov eax, ebx
call [esi+08]
mov eax, ebx
call [esi+08]
mov eax, ebx
call [ebx+08]
xor eax, eax
pop edx
pop ecx
pop ecx
push 004163C2
mov edx, dword
mov eax, dword
call 004026AC
mov edx, dword
mov eax, dword
call 004026AC
mov edx, dword
mov eax, dword
call 004026AC
mov edx, dword
ptr [ebp-0C]
ptr [ebp-20]
ptr [ebp-14]
ptr [ebp-24]
ptr [ebp-08]
ptr [ebp-18]
ptr [ebp-10]
:004163B2 8B45E4
:004163B5 E8F2C2FEFF
:004163BA C3

call 004026AC
ret
:004163BB
:004163C0
:004163C2
:004163C4
:004163C5
:004163C6
:004163C7
jmp
jmp
xor
pop
pop
pop
mov
E9B8CEFEFF
EBCC
33C0
5A
59
59
648910
00403278
0041638E
eax, eax
edx
ecx
ecx

|
:004163CA 68E9634100
push 004163E9
|:004163E7(U)
|
:004163CF 8B45CC
:004163D2 50
push eax
|
:004163D3 E878FAFEFF
Call 00405E50
:004163D8 8B45C8
:004163DB 50
push eax
|
:004163DC E86FFAFEFF
Call 00405E50
:004163E1 C3
ret
:004163E2
:004163E7
:004163E9
:004163EA
:004163EB
:004163EC
:004163EE
:004163EF
E991CEFEFF
EBE6
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
00403278
004163CF
edi
esi
ebx
esp, ebp
ebp

|:0041711E , :00418B43 , :0041A10F
|
:004163F0 53
push ebx
:004163F1 56
push esi
:004163F2 84D2
test dl, dl
:004163F4 7408
je 004163FE
:004163F6 83C4F0
add esp, FFFFFFF0
:004163F9 E806CBFEFF
call 00402F04
|:004163F4(C)
|
:004163FE 8BDA
mov ebx, edx
:00416400
:00416402
:00416404
:00416406
:0041640B
:0041640D
:0041640F
:00416411
:00416416
:0041641D
8BF0
33D2
8BC6
E8E5C7FEFF
8BC6
84DB
740F
E846CBFEFF
648F0500000000
83C40C
mov esi, eax

xor edx, edx
mov eax, esi
call 00402BF0
mov eax, esi
test bl, bl
je 00416420
call 00402F5C
add esp, 0000000C

|:0041640F(C)
|
:00416420 8BC6
mov eax, esi
:00416422 5E
pop esi
:00416423 5B
pop ebx
:00416424 C3
ret
:00416425 8D4000

|:00418D88
|
:00416428 53
push ebx
:00416429 C6401401
mov [eax+14], 01
:0041642D 6683780600
:00416432 740A
je 0041643E
:00416434 8BD8
mov ebx, eax
:00416436 8BD0
mov edx, eax
:00416438 8B4308
:0041643B FF5304
call [ebx+04]
|:00416432(C)
|
:0041643E 5B
pop ebx
:0041643F C3
ret

|:004164BA
|
:00416440 55
push ebp
:00416441 8BEC
mov ebp, esp
:00416443 53
push ebx
:00416444 8B4508
:00416447 8B40FC
:0041644A 83781C00
:0041644E 7437
je 00416487
:00416450 8B4508
:00416453 8B40FC
:00416456 8B581C
:00416459 8BC3
mov eax, ebx
:0041645B 8B15842D4100
mov edx, dword ptr [00412D84]
:00416461 E82AC9FEFF
call 00402D90
:00416466 84C0
test al, al
:00416468 7418
je 00416482
:0041646A
:0041646D
:0041646F
:00416472
:00416475
:00416477
:0041647A
:0041647C
:0041647E
:00416480
8B4508
8BD3
8B4508
8B40F8
8B08
FF5118
84C0
7404
33C0
EB12
|:00416468(C), :0041647C(C)
|
:00416482 B001
:00416484 5B
:00416485 5D
:00416486 C3
mov eax, dword

mov edx, ebx
mov eax, dword
mov eax, dword
mov ecx, dword
call [ecx+18]
test al, al
je 00416482
xor eax, eax
jmp 00416494
ptr [ebp+08]
ptr [ebp+08]
ptr [eax-08]
ptr [eax]

mov al, 01
pop ebx
pop ebp
ret

|:0041644E(C)
|
:00416487 8B4508
:0041648A 8B40F8
:0041648D 8B10
:0041648F FF521C
call [edx+1C]
:00416492 3401
xor al, 01
|:00416480(U)
|
:00416494 5B
pop ebx
:00416495 5D
pop ebp
:00416496 C3
ret
:00416497
:00416498
:00416499
:0041649B
:0041649E
:0041649F
:004164A2
:004164A5
:004164A8
:004164A9
:004164AB
:004164AE
:004164AF
:004164B2
:004164B3
:004164B5
:004164B8
:004164B9
:004164BA
:004164BF
:004164C0
90
55
8BEC
83C4F8
53
8955FC
8945F8
8B45F8
50
8B00
8B4030
50
8B45F8
50
8B00
8B4044
50
55
E881FFFFFF
59
8BC8
nop
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push eax
push eax
push eax
push eax
push ebp
call 00416440
pop ecx
mov ecx, eax
* Possible StringData Ref from Code Obj ->"Data"

|
:004164C2 BADC644100
mov edx, 004164DC
:004164C7 8B45FC
:004164CA 8B18
:004164CC FF5304
call [ebx+04]
:004164CF 5B
pop ebx
:004164D0 59
pop ecx
:004164D1 59
pop ecx
:004164D2 5D
pop ebp
:004164D3 C3
ret
:004164D4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004164D8
:004164DA
:004164DC
:004164DD
:004164DE
:004164E0
0400
0000
44
61
7461
00000000
add al, 00
inc esp
popad
je 00416541
BYTE 4 DUP(0)
:004164E4
:004164E5
:004164E7
:004164EA
:004164EB
:004164EC
:004164ED
:004164EF
:004164F1
:004164F3
:004164F5
:004164F7
:004164FC
:004164FE
:00416500
:00416505
:00416507
55
8BEC
83C4F4
53
56
57
8BF2
8BD8
85F6
7414
8BC3
E86CC6FEFF
8BF8
8BC6
E863C6FEFF
3BF8
7404
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
test esi, esi
je 00416509
mov eax, ebx
call 00402B68
mov edi, eax
mov eax, esi
call 00402B68
cmp edi, eax
je 0041650D

|:004164F3(C)
|
:00416509 33C0
xor eax, eax
:0041650B EB02
jmp 0041650F
|:00416507(C)
|
:0041650D B001
mov al, 01
|:0041650B(U)
|
:0041650F 8845FF
:00416512 8BC3
mov eax, ebx
:00416514 8B10
:00416516 FF521C
call [edx+1C]
:00416519
:0041651B
:0041651D
:0041651F
:00416521
:00416524
:00416526
84C0
750B
8BC6
8B10
FF521C
84C0
7424
test al, al
jne 00416528
mov eax, esi
call [edx+1C]
test al, al
je 0041654C

|:0041651B(C)
|
:00416528 8BC3
mov eax, ebx
:0041652A 8B10
:0041652C FF521C
call [edx+1C]
:0041652F 84C0
test al, al
:00416531 740B
je 0041653E
:00416533 8BC6
mov eax, esi
:00416535 8B10
:00416537 FF521C
call [edx+1C]
:0041653A 84C0
test al, al
:0041653C 7504
jne 00416542
|:00416531(C)
|
:0041653E 33C0
xor eax, eax
:00416540 EB02
jmp 00416544
|:0041653C(C)
|
:00416542 B001
mov al, 01
|:00416540(U)
|
:00416544 8845FF
:00416547 E9D0000000
jmp 0041661C
|:00416526(C)
|
:0041654C 807DFF00
:00416550 0F84C6000000
:00416556 B201
:00416558 A1FCBA4000
:0041655D E88EC6FEFF
:00416562 8945F8
:00416565 33C0
:00416567 55
:00416568 6815664100
:0041656D 64FF30
:00416570 648920
:00416573 8B55F8
:00416576 8BC3
:00416578 8B08
:0041657A FF5144
:0041657D B201
:0041657F A1FCBA4000
:00416584 E867C6FEFF

je 0041661C
mov dl, 01
call 00402BF0
xor eax, eax
push ebp
push 00416615
mov eax, ebx
call [ecx+44]
mov dl, 01
call 00402BF0
:00416589
:0041658C
:0041658E
:0041658F
:00416594
:00416597
:0041659A
:0041659D
:0041659F
:004165A1
:004165A4
:004165A7
:004165AC
:004165AE
:004165B1
:004165B6
:004165B8
:004165BA
:004165BD
:004165C2
:004165C4
:004165C7
:004165CA
:004165CD
:004165D0
:004165D5
:004165D7
8945F4
33C0
55
68F8654100
64FF30
648920
8B55F4
8BC6
8B08
FF5144
8B45F8
E8AC81FFFF
8BD8
8B45F4
E8A281FFFF
3BD8
751F
8B45F8
E89681FFFF
8BC8
8B45F4
8B5004
8B45F8
8B4004
E8F70EFFFF
84C0
7504

xor eax, eax
push ebp
push 004165F8
mov eax, esi
call [ecx+44]
call 0040E758
mov ebx, eax
call 0040E758
cmp ebx, eax
jne 004165D9
call 0040E758
mov ecx, eax
call 004074CC
test al, al
jne 004165DD

|:004165B8(C)
|
:004165D9 33C0
xor eax, eax
:004165DB EB02
jmp 004165DF
|:004165D7(C)
|
:004165DD B001
mov al, 01
|:004165DB(U)
|
:004165DF 8845FF
:004165E2 33C0
:004165E4 5A
:004165E5 59
:004165E6 59
:004165E7 648910
:004165EA 68FF654100
|:004165FD(U)
|
:004165EF 8B45F4
:004165F2 E829C6FEFF
:004165F7 C3
:004165F8 E97BCCFEFF
:004165FD EBF0
jmp 00403278
jmp 004165EF

xor eax, eax
pop edx
pop ecx
pop ecx
push 004165FF

call 00402C20
ret
:004165FF
:00416601
:00416602
:00416603
:00416604
:00416607
33C0
5A
59
59
648910
681C664100
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041661C
|:0041661A(U)
|
:0041660C 8B45F8
:0041660F E80CC6FEFF
:00416614 C3
:00416615 E95ECCFEFF
:0041661A EBF0
jmp 00403278
jmp 0041660C
|:00416547(U), :00416550(C)
|
:0041661C 8A45FF
:0041661F 5F
:00416620 5E
:00416621 5B
:00416622 8BE5
:00416624 5D
:00416625 C3
:00416626 8BC0
:00416628 33C0
:0041662A C3
mov eax, eax

xor eax, eax
ret
:0041662B 90
:0041662C 8A4015
:0041662F C3
nop
ret
:00416630
:00416631
:00416633
:00416634
:00416635
:00416637
:00416639
:0041663B
:00416640
:00416642
:00416647
:0041664A
:0041664C
:0041664D
:00416652
:00416655
:00416658
:0041665B
:0041665D
:0041665F
push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
push 00000000
mov ecx, edx
mov dl, 01
call 0040E934
xor eax, eax
push ebp
push 00416678
mov eax, esi
call [ecx+50]
55
8BEC
51
56
8BF0
6A00
8BCA
A124BA4000
B201
E8ED82FFFF
8945FC
33C0
55
6878664100
64FF30
648920
8B55FC
8BC6
8B08
FF5150

call 00402C20
ret
mov
pop
pop
pop
mov
pop
ret

edi
esi
ebx
esp, ebp
ebp
:00416662
:00416664
:00416665
:00416666
:00416667
33C0
5A
59
59
648910
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0041666A 687F664100
push 0041667F
|:0041667D(U)
|
:0041666F 8B45FC
:00416672 E8A9C5FEFF
:00416677 C3
:00416678
:0041667D
:0041667F
:00416680
:00416681
:00416682
E9FBCBFEFF
EBF0
5E
59
5D
C3
jmp
jmp
pop
pop
pop
ret
:00416683
:00416684
:00416685
:00416687
:00416688
:0041668D
:0041668F
:00416692
:00416693
:00416696
:00416697
:0041669A
:0041669B
:0041669E
:0041669F
:004166A1
:004166A4
90
55
8BEC
53
6683780E00
7418
8A5D14
53
8A5D10
53
8B5D0C
53
8B5D08
53
8BD8
8B4310
FF530C
nop
push ebp
mov ebp, esp
push ebx
je 004166A7
mov bl, byte ptr [ebp+14]
push ebx
push ebx
push ebx
push ebx
mov ebx, eax
call [ebx+0C]

call 00402C20
ret
00403278
0041666F
esi
ecx
ebp

|:0041668D(C)
|
:004166A7 5B
pop ebx
:004166A8 5D
pop ebp
:004166A9 C21000
ret 0010
:004166AC
:004166AD
:004166AF
:004166B1
:004166B3
:004166B6
:004166B7
56
8BF0
8BC6
8B08
FF5150
5E
C3
push esi
mov esi, eax
mov eax, esi
call [ecx+50]
pop esi
ret

|:0041771F
|
:004166B8 55
push ebp
:004166B9 8BEC
mov ebp, esp
:004166BB 51
push ecx
:004166BC 56
push esi
:004166BD 8BF0
mov esi, eax
* Possible Reference to String Resource ID=65535: "Floating point underflow"
|
:004166BF 68FFFF0000
push 0000FFFF
:004166C4 8BCA
mov ecx, edx
:004166C6 A124BA4000
:004166CB B201
mov dl, 01
:004166CD E86282FFFF
call 0040E934
:004166D2 8945FC
:004166D5 33C0
xor eax, eax
:004166D7 55
push ebp
:004166D8 6803674100
push 00416703
:004166DD 64FF30
:004166E0 648920
:004166E3 8B55FC
:004166E6 8BC6
mov eax, esi
:004166E8 8B08
:004166EA FF5154
call [ecx+54]
:004166ED 33C0
xor eax, eax
:004166EF 5A
pop edx
:004166F0 59
pop ecx
:004166F1 59
pop ecx
:004166F2 648910
|
:004166F5 680A674100
push 0041670A
|:00416708(U)
|
:004166FA 8B45FC
:004166FD E81EC5FEFF
:00416702 C3
:00416703
:00416708
:0041670A
:0041670B
:0041670C
:0041670D
jmp
jmp
pop
pop
pop
ret
E970CBFEFF
EBF0
5E
59
5D
C3

call 00402C20
ret
00403278
004166FA
esi
ecx
ebp
:0041670E 8BC0
:00416710 C3
mov eax, eax

ret
:00416711 8D4000
:00416714 3A5015

:00416717
:00416719
:0041671C
:0041671E
:00416720
740A
885015
8BD0
8B08
FF5110
je 00416723
mov edx, eax
call [ecx+10]

|:00416717(C)
|
:00416723 C3
ret
:00416724 56
push esi
:00416725 8BF0
mov esi, eax
:00416727 8BC6
mov eax, esi
:00416729 8B08
:0041672B FF5154
call [ecx+54]
:0041672E 5E
pop esi
:0041672F C3
ret
:00416730
:00416732
:00416733
:00416735
:00416739
:0041673A
3467
41
000E
0B544669
6C
65
xor al, 67
inc ecx
or edx, dword ptr [esi+2*eax+69]
insb
BYTE 065h
:0041673B
:0041673C
:0041673D
:0041673F
:00416740
:00416742
46
6F
726D
61
7410
000000
inc esi
outsd
jb 004167AC
popad
je 00416752
BYTE 3 DUP(0)
:00416745
:00416747
:00416749
:0041674B
:0041674C
:0041674F
:00416751
:00416753
:00416754
:00416756
0200
0000
7C10
40
000400
0000
7C10
40
0008
000000

jl 0041675B
inc eax
jl 00416763
inc eax
BYTE 3 DUP(0)
:00416759
:0041675C
:0041675E
:0041675F
:00416769
:00416773
8D4000
A867
41
00000000000000000000
00000000000000000000
000000000000000000

test al, 67
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0041677C
:0041677E
:0041677F
:00416781
B067
41
0010
000000
mov al, 67
inc ecx
BYTE 3 DUP(0)
:00416784
:00416785
:00416787
:00416789
54
B540
0028
2E
push esp
mov ch, 40
BYTE 02eh
:0041678A
:0041678B
:0041678E
:0041678F
:00416791
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00416792
:00416793
:00416796
:00416797
:00416799
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041679A
:0041679B
:004167A2
:004167A3
:004167A5
:004167AA
:004167AB
:004167AD
40
00B42B4000C82B
40
00EC
684100DCCB
40
0020
CB
inc eax
inc eax
add ah, ch
push CBDC0041
inc eax
retf
:004167AE
:004167AF
:004167B1
:004167B2
:004167B3
:004167BB
:004167BD
:004167BE
:004167BF
:004167C0
:004167C1
:004167C2
:004167C3
40
0010
54
46
696C65466F726D61
7473
4C
69
73
74
8D
40
00
inc eax
push esp
inc esi
imul ebp, dword ptr [ebp+46], 616D726F
je 00416830
dec esp
BYTE 69h
BYTE 73h
BYTE 74h
BYTE 8dh
BYTE 40h
BYTE 00h

|:00416BE0
|
:004167C4 55
push ebp
:004167C5 8BEC
mov ebp, esp
:004167C7 6A00
push 00000000
:004167C9 53
push ebx
:004167CA 56
push esi
:004167CB 84D2
test dl, dl
:004167CD 7408
je 004167D7
:004167CF 83C4F0
add esp, FFFFFFF0
:004167D2 E82DC7FEFF
call 00402F04
|:004167CD(C)
|
:004167D7 8BDA
:004167D9 8BF0
:004167DB 33C0
:004167DD 55
:004167DE 6898684100
:004167E3 64FF30
:004167E6 648920
:004167E9 33D2
:004167EB 8BC6
:004167ED E8FEC3FEFF
:004167F2 6A00
:004167F4 A1D02F4100
:004167F9 50
:004167FA 8D55FC
:004167FD A1D42B4400
:00416802 E81DE6FEFF
:00416807 8B4DFC
mov ebx, edx

mov esi, eax
xor eax, eax
push ebp
push 00416898
xor edx, edx
mov eax, esi
call 00402BF0
push 00000000
mov eax, dword ptr [00412FD0]
push eax
mov eax, dword ptr [00442BD4]
call 00404E24
* Possible StringData Ref from Code Obj ->"wmf"

|
:0041680A BAC4684100
mov edx, 004168C4
:0041680F 8BC6
mov eax, esi
:00416811 E822010000
call 00416938
:00416816 6A00
push 00000000
:00416818 A1D02F4100
mov eax, dword ptr
:0041681D 50
push eax
:0041681E 8D55FC
lea edx, dword ptr
:00416821 A18C2A4400
mov eax, dword ptr
:00416826 E8F9E5FEFF
call 00404E24
:0041682B 8B4DFC
mov ecx, dword ptr
[00412FD0]
* Possible StringData Ref from Code Obj ->"emf"

|
:0041682E BAD0684100
mov edx, 004168D0
:00416833 8BC6
mov eax, esi
:00416835 E8FE000000
call 00416938
:0041683A 6A00
push 00000000
:0041683C A14C324100
mov eax, dword ptr
:00416841 50
push eax
:00416842 8D55FC
lea edx, dword ptr
:00416845 A1882A4400
mov eax, dword ptr
:0041684A E8D5E5FEFF
call 00404E24
:0041684F 8B4DFC
mov ecx, dword ptr
[0041324C]
* Possible StringData Ref from Code Obj ->"ico"

|
:00416852 BADC684100
mov edx, 004168DC
:00416857 8BC6
mov eax, esi
:00416859 E8DA000000
call 00416938
:0041685E 6A00
push 00000000
:00416860 A10C314100
mov eax, dword ptr
:00416865 50
push eax
:00416866 8D55FC
lea edx, dword ptr
:00416869 A1842A4400
mov eax, dword ptr
:0041686E E8B1E5FEFF
call 00404E24
:00416873 8B4DFC
mov ecx, dword ptr
[0041310C]
* Possible StringData Ref from Code Obj ->"bmp"
[ebp-04]
[00442A8C]
[ebp-04]
[ebp-04]
[00442A88]
[ebp-04]
[ebp-04]
[00442A84]
[ebp-04]
:00416876
:0041687B
:0041687D
:00416882
:00416884
:00416885
:00416886
:00416887
:0041688A
BAE8684100
8BC6
E8B6000000
33C0
5A
59
59
648910
689F684100
|
mov edx, 004168E8
mov eax, esi
call 00416938
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041689F
|:0041689D(U)
|
:0041688F 8D45FC
:00416892 E821CFFEFF
:00416897 C3
:00416898
:0041689D
:0041689F
:004168A1
:004168A3
:004168A5
:004168AA
:004168B1
jmp 00403278
jmp 0041688F
mov eax, esi
test bl, bl
je 004168B4
call 00402F5C
add esp, 0000000C
E9DBC9FEFF
EBF0
8BC6
84DB
740F
E8B2C6FEFF
648F0500000000
83C40C

call 004037B8
ret

|:004168A3(C)
|
:004168B4 8BC6
mov eax, esi
:004168B6 5E
pop esi
:004168B7 5B
pop ebx
:004168B8 59
pop ecx
:004168B9 5D
pop ebp
:004168BA C3
ret
:004168BB 00
BYTE 0
:004168BC FFFFFFFF
BYTE 4 DUP(0ffh)
:004168C0
:004168C2
:004168C4
:004168C6
:004168C9

ja 00416933
add bh, bh
BYTE 3 DUP(0ffh)
0300
0000
776D
6600FF
FFFFFF
:004168CC 0300
:004168CE 0000
:004168D0 65

BYTE 065h
:004168D1 6D
:004168D2 6600FF
:004168D5 FFFFFF
insd
add bh, bh
BYTE 3 DUP(0ffh)
:004168D8
:004168DA
:004168DC
:004168E3
:004168E5
0300
0000
69636F00FFFFFF
FF03
000000

imul esp, dword ptr [ebx+6F], FFFFFF00
inc dword ptr [ebx]
BYTE 3 DUP(0)
:004168E8
:004168EB
:004168EE
:004168EF
:004168F0
:004168F5
:004168F7
:004168F9
:004168FC
:004168FD
:004168FF
:00416901
:00416902
626D70
005356
57
55
E86FC6FEFF
8BDA
8BF8
8B6F08
4D
85ED
7C1B
45
33F6

add byte ptr [ebx+56], dl
push edi
push ebp
call 00402F64
mov ebx, edx
mov edi, eax
dec ebp
test ebp, ebp
jl 0041691C
inc ebp
xor esi, esi
|:0041691A(C)
|
:00416904 8BD6
:00416906 8BC7
:00416908 E86B62FFFF
:0041690D 8B1530674100
:00416913 E8F4D9FEFF
:00416918 46
:00416919 4D
:0041691A 75E8
|:004168FF(C)
|
:0041691C 8BD3
:0041691E 80E2FC
:00416921 8BC7
:00416923 E80C61FFFF
:00416928 84DB
:0041692A 7E07
:0041692C 8BC7
:0041692E E821C6FEFF
|:004168C4(C), :0041692A(C)
|
:00416933 5D
:00416934 5F
:00416935 5E
:00416936 5B
:00416937 C3
mov edx, esi

mov eax, edi
call 0040CB78
call 0040430C
inc esi
dec ebp
jne 00416904
mov edx, ebx

and dl, FC
mov eax, edi
call 0040CA34
test bl, bl
jle 00416933
mov eax, edi
call 00402F54
pop
pop
pop
pop
ret

|:00416811 , :00416835 , :00416859
ebp
edi
esi
ebx
, :0041687D
|
:00416938
:00416939
:0041693B
:0041693E
:0041693F
:00416940
:00416941
:00416943
:00416946
:00416949
:0041694C
:0041694E
:00416950
:00416951
:00416956
:00416959
:0041695C
:00416962
:00416967
:0041696C
:0041696E
:00416970
:00416973
:00416976
:0041697B
:0041697E
:00416981
:00416986
:00416989
:0041698B
:0041698E
:00416991
:00416996
:00416999
:0041699C
:0041699E
:004169A0
:004169A5
:004169A7
:004169A8
:004169A9
:004169AA
55
8BEC
83C4F4
53
56
57
33DB
895DF4
894DF8
8955FC
8BF8
33C0
55
68BB694100
64FF30
648920
8B1530674100
B810000000
E88CD9FEFF
8BF0
8BDE
8D55F4
8B45FC
E8C50BFFFF
8B55F4
8D4304
E886CEFEFF
8B4508
8903
8D4308
8B55F8
E876CEFEFF
8B450C
89430C
8BD6
8BC7
E8BB60FFFF
33C0
5A
59
59
648910
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
push edi
xor ebx, ebx
mov edi, eax
xor eax, eax
push ebp
push 004169BB
mov eax, 00000010
call 004042F8
mov esi, eax
mov ebx, esi
call 00407540
call 0040380C
call 0040380C
mov edx, esi
mov eax, edi
call 0040CA60
xor eax, eax
pop edx
pop ecx
pop ecx

|
:004169AD 68C2694100
push 004169C2
|:004169C0(U)
|
:004169B2 8D45F4
:004169B5 E8FECDFEFF
:004169BA C3
:004169BB
:004169C0
:004169C2
:004169C3
jmp
jmp
pop
pop
E9B8C8FEFF
EBF0
5F
5E

call 004037B8
ret
00403278
004169B2
edi
esi
:004169C4
:004169C5
:004169C7
:004169C8
5B
8BE5
5D
C20800
:004169CB 90
pop
mov
pop
ret
ebx
esp, ebp
ebp
0008
nop

|:00416ED9
|
:004169CC 55
push ebp
:004169CD 8BEC
mov ebp, esp
:004169CF 81C4F8FEFFFF
add esp, FFFFFEF8
:004169D5 53
push ebx
:004169D6 56
push esi
:004169D7 57
push edi
:004169D8 33C9
xor ecx, ecx
:004169DA 894DF8
:004169DD 8955FC
:004169E0 8BF8
mov edi, eax
:004169E2 33C0
xor eax, eax
:004169E4 55
push ebp
:004169E5 684A6A4100
push 00416A4A
:004169EA 64FF30
:004169ED 648920
:004169F0 8B5F08
:004169F3 4B
dec ebx
:004169F4 83FB00
cmp ebx, 00000000
:004169F7 7C39
jl 00416A32
|:00416A30(C)
|
:004169F9 8BD3
:004169FB 8BC7
:004169FD E87661FFFF
:00416A02 8B30
:00416A04 8D95F8FEFFFF
:00416A0A 8BC6
:00416A0C E85BC1FEFF
:00416A11 8D95F8FEFFFF
:00416A17 8D45F8
:00416A1A E8B9CFFEFF
:00416A1F 8B45F8
:00416A22 8B55FC
:00416A25 E81AD1FEFF
:00416A2A 7408
:00416A2C 4B
:00416A2D 83FBFF
:00416A30 75C7

mov edx, ebx
mov eax, edi
call 0040CB78
mov esi, dword ptr
lea edx, dword ptr
mov eax, esi
call 00402B6C
lea edx, dword ptr
lea eax, dword ptr
call 004039D8
mov eax, dword ptr
mov edx, dword ptr
call 00403B44
je 00416A34
dec ebx
cmp ebx, FFFFFFFF
jne 004169F9
[eax]
[ebp+FFFFFEF8]
[ebp+FFFFFEF8]
[ebp-08]
[ebp-08]
[ebp-04]

|:004169F7(C)
|
:00416A32 33F6
xor esi, esi
|:00416A2A(C)
|
:00416A34
:00416A36
:00416A37
:00416A38
:00416A39
:00416A3C
33C0
5A
59
59
648910
68516A4100
xor eax, eax

pop edx
pop ecx
pop ecx
push 00416A51
|:00416A4F(U)
|
:00416A41 8D45F8
:00416A44 E86FCDFEFF
:00416A49 C3
:00416A4A
:00416A4F
:00416A51
:00416A53
:00416A54
:00416A55
:00416A56
:00416A58
:00416A59
E929C8FEFF
EBF0
8BC6
5F
5E
5B
8BE5
5D
C3
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
:00416A5A
:00416A5C
:00416A5E
:00416A5F
:00416A69
:00416A73
8BC0
A86A
41
00000000000000000000
00000000000000000000
000000000000000000
mov eax, eax

test al, 6A
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:00416A7C
:00416A7E
:00416A7F
:00416A82
:00416A84
:00416A86
:00416A87
:00416A89
A86A
41
000C00
0000
8810
40
0028
2E
test al, 6A
inc ecx
add byte ptr
add byte ptr
mov byte ptr
inc eax
add byte ptr
BYTE 02eh
:00416A8A
:00416A8B
:00416A8E
:00416A8F
:00416A91
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00416A92
:00416A93
:00416A96
:00416A97
:00416A99
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00416A9A 40
:00416A9B 00B42B4000C82B

call 004037B8
ret
00403278
00416A41
eax, esi
edi
esi
ebx
esp, ebp
ebp
[eax+eax], cl
[eax], al
[eax], dl
[eax], ch
inc eax
:00416AA2
:00416AA3
:00416AA6
:00416AA7
:00416AA9
:00416AAA
:00416AAB
:00416AAC
:00416AB3
:00416AB4
:00416AB5
:00416AB7
:00416AB8
:00416ABA
40
003C6B
41
0011
54
43
6C
6970626F617264
46
6F
726D
61
7473
8BC0
inc eax
add byte ptr [ebx+2*ebp], bh
inc ecx
add byte ptr [ecx], dl
push esp
inc ebx
insb
imul esi, dword ptr [eax+62], 6472616F
inc esi
outsd
jb 00416B24
popad
je 00416B2D
mov eax, eax

|:00416C00
|
:00416ABC 53
push ebx
:00416ABD 56
push esi
:00416ABE 84D2
test dl, dl
:00416AC0 7408
je 00416ACA
:00416AC2 83C4F0
add esp, FFFFFFF0
:00416AC5 E83AC4FEFF
call 00402F04
|:00416AC0(C)
|
:00416ACA 8BDA
:00416ACC 8BF0
:00416ACE B201
:00416AD0 A154B54000
:00416AD5 E816C1FEFF
:00416ADA 894604
:00416ADD B201
:00416ADF A154B54000
:00416AE4 E807C1FEFF
:00416AE9 894608
:00416AEC 8B0DD02F4100
:00416AF2 66BA0300
:00416AF6 8BC6
:00416AF8 E86B000000
:00416AFD 8B0DD02F4100
:00416B03 66BA0E00
:00416B07 8BC6
:00416B09 E85A000000
:00416B0E 8B0D0C314100
:00416B14 66BA0200
:00416B18 8BC6
:00416B1A E849000000
:00416B1F 8BC6
:00416B21 84DB
:00416B23 740F
:00416B25 E832C4FEFF
:00416B2A 648F0500000000
:00416B31 83C40C

mov ebx, edx
mov esi, eax
mov dl, 01
call 00402BF0
mov dl, 01
call 00402BF0
mov ecx, dword ptr [00412FD0]
mov dx, 0003
mov eax, esi
call 00416B68
mov ecx, dword ptr [00412FD0]
mov dx, 000E
mov eax, esi
call 00416B68
mov ecx, dword ptr [0041310C]
mov dx, 0002
mov eax, esi
call 00416B68
mov eax, esi
test bl, bl
je 00416B34
call 00402F5C
add esp, 0000000C

|:00416B23(C)
|
:00416B34
:00416B36
:00416B37
:00416B38
8BC6
5E
5B
C3
mov eax, esi

pop esi
pop ebx
ret
:00416B39
:00416B3C
:00416B3D
:00416B3E
:00416B43
:00416B45
:00416B47
:00416B4A
:00416B4F
:00416B52
:00416B57
:00416B59
:00416B5B
:00416B5D
8D4000
53
56
E821C4FEFF
8BDA
8BF0
8B4604
E8D1C0FEFF
8B4608
E8C9C0FEFF
84DB
7E07
8BC6
E8F2C3FEFF

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00402C20
call 00402C20
test bl, bl
jle 00416B62
mov eax, esi
call 00402F54

|:00416B59(C)
|
:00416B62 5E
pop esi
:00416B63 5B
pop ebx
:00416B64 C3
ret
:00416B65 8D4000

|:00416AF8 , :00416B09 , :00416B1A
|
:00416B68 55
push ebp
:00416B69 8BEC
mov ebp, esp
:00416B6B 83C4F8
add esp, FFFFFFF8
:00416B6E 53
push ebx
:00416B6F 56
push esi
:00416B70 57
push edi
:00416B71 8BDA
mov ebx, edx
:00416B73 8945FC
:00416B76 8B45FC
:00416B79 8B4004
:00416B7C 8BD1
mov edx, ecx
:00416B7E E8DD5EFFFF
call 0040CA60
:00416B83 8945F8
:00416B86 33C0
xor eax, eax
:00416B88 55
push ebp
:00416B89 68AC6B4100
push 00416BAC
:00416B8E 64FF30
:00416B91 648920
:00416B94 0FB7D3
movzx edx, bx
:00416B97 8B45FC
:00416B9A 8B4008
:00416B9D E8BE5EFFFF
call 0040CA60
:00416BA2 33C0
xor eax, eax
:00416BA4 5A
pop edx
:00416BA5 59
pop ecx
:00416BA6 59
pop ecx
:00416BA7
:00416BAA
:00416BAC
:00416BB1
:00416BB4
:00416BB7
:00416BBA
:00416BBF
:00416BC4
648910
EB1D
E9BFC4FEFF
8B45FC
8B4004
8B55F8
E8DD5EFFFF
E808C7FEFF
E857C7FEFF

jmp 00416BC9
jmp 00403070
call 0040CA9C
call 004032CC
call 00403320

|:00416BAA(U)
|
:00416BC9 5F
pop edi
:00416BCA 5E
pop esi
:00416BCB 5B
pop ebx
:00416BCC 59
pop ecx
:00416BCD 59
pop ecx
:00416BCE 5D
pop ebp
:00416BCF C3
ret

|:00416C2B
|
:00416BD0 833D6825440000
cmp dword ptr [00442568], 00000000
:00416BD7 7511
jne 00416BEA
:00416BD9 B201
mov dl, 01
:00416BDB A15C674100
:00416BE0 E8DFFBFFFF
call 004167C4
:00416BE5 A368254400
|:00416BD7(C)
|
:00416BEA A168254400
:00416BEF C3
ret

|:00416C30
|
:00416BF0 833D6425440000
cmp dword ptr [00442564], 00000000
:00416BF7 7511
jne 00416C0A
:00416BF9 B201
mov dl, 01
:00416BFB A15C6A4100
:00416C00 E8B7FEFFFF
call 00416ABC
:00416C05 A364254400
|:00416BF7(C)
|
:00416C0A A164254400
:00416C0F C3
ret
|:004404C6
|
:00416C10 53
:00416C11 56
:00416C12 84D2
:00416C14 7408
:00416C16 83C4F0
:00416C19 E8E6C2FEFF
|:00416C14(C)
|
:00416C1E 8BDA
:00416C20 8BF0
:00416C22 33D2
:00416C24 8BC6
:00416C26 E8C5BFFEFF
:00416C2B E8A0FFFFFF
:00416C30 E8BBFFFFFF
:00416C35 8BC6
:00416C37 84DB
:00416C39 740F
:00416C3B E81CC3FEFF
:00416C40 648F0500000000
:00416C47 83C40C
push ebx
push esi
test dl, dl
je 00416C1E
add esp, FFFFFFF0
call 00402F04
mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 00402BF0
call 00416BD0
call 00416BF0
mov eax, esi
test bl, bl
je 00416C4A
call 00402F5C
add esp, 0000000C

|:00416C39(C)
|
:00416C4A 8BC6
mov eax, esi
:00416C4C 5E
pop esi
:00416C4D 5B
pop ebx
:00416C4E C3
ret
:00416C4F
:00416C50
:00416C51
:00416C52
:00416C57
:00416C59
:00416C5B
:00416C5E
:00416C63
:00416C65
:00416C68
:00416C6A
:00416C6F
:00416C71
:00416C73
:00416C75
90
53
56
E80DC3FEFF
8BDA
8BF0
8B4604
E8BDBFFEFF
8BD3
80E2FC
8BC6
E86D65FFFF
84DB
7E07
8BC6
E8DAC2FEFF
nop
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 0040D1DC
test bl, bl
jle 00416C7A
mov eax, esi
call 00402F54

|:00416C71(C)
|
:00416C7A 5E
pop esi
:00416C7B 5B
pop ebx
:00416C7C C3
ret
:00416C7D
:00416C80
:00416C81
:00416C82
:00416C84
:00416C86
:00416C88
:00416C8D
:00416C8F
:00416C92
:00416C97
:00416C99
:00416C9B
:00416C9E
:00416CA0
:00416CA2
:00416CA5
:00416CA6
:00416CA7
8D4000
53
56
8BF2
8BD8
8BC6
E8DBBEFEFF
8BD0
8B4304
E8F9C0FEFF
84C0
740D
8B5304
8BC6
8B08
FF5108
5E
5B
C3
|:00416C99(C)
|
:00416CA8 8BD6
:00416CAA 8BC3
:00416CAC E85B66FFFF
:00416CB1 5E
:00416CB2 5B
:00416CB3 C3
lea eax, dword

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 00402B68
mov edx, eax
mov eax, dword
call 00402D90
test al, al
je 00416CA8
mov edx, dword
mov eax, esi
mov ecx, dword
call [ecx+08]
pop esi
pop ebx
ret
ptr [eax+00]
ptr [ebx+04]
ptr [ebx+04]
ptr [eax]

mov edx, esi
mov eax, ebx
call 0040D30C
pop esi
pop ebx
ret

|:00416D23
|
:00416CB4 53
push ebx
:00416CB5 56
push esi
:00416CB6 57
push edi
:00416CB7 8BFA
mov edi, edx
:00416CB9 8BD8
mov ebx, eax
:00416CBB 8B7304
:00416CBE 8BC6
mov eax, esi
:00416CC0 8BD7
mov edx, edi
:00416CC2 E8C9C0FEFF
call 00402D90
:00416CC7 84C0
test al, al
:00416CC9 7547
jne 00416D12
:00416CCB 8BC6
mov eax, esi
:00416CCD E84EBFFEFF
call 00402C20
:00416CD2 33C0
xor eax, eax
:00416CD4 894304
:00416CD7 B201
mov dl, 01
:00416CD9 8BC7
mov eax, edi
:00416CDB FF500C
call [eax+0C]
:00416CDE 8BF0
mov esi, eax
:00416CE0 897304
:00416CE3 895E08
:00416CE6 8BC3
mov eax, ebx
:00416CE8 66BAFDFF
mov dx, FFFD
:00416CEC
:00416CF1
:00416CF4
:00416CF7
:00416CF9
:00416CFD
:00416D02
:00416D05
:00416D07
:00416D09
:00416D0D
E81BC1FEFF
894604
895E10
8BC3
66BAFCFF
E80AC1FEFF
89460C
8BD3
8BC3
66BBFDFF
E8E2C0FEFF
call 00402E0C
mov eax, ebx
mov dx, FFFC
call 00402E0C
mov edx, ebx
mov eax, ebx
mov bx, FFFD
call 00402DF4

|:00416CC9(C)
|
:00416D12 5F
pop edi
:00416D13 5E
pop esi
:00416D14 5B
pop ebx
:00416D15 C3
ret
:00416D16 8BC0
mov eax, eax

|:00441044
|
:00416D18 53
push ebx
:00416D19 8BD8
mov ebx, eax
:00416D1B 8B154C324100
:00416D21 8BC3
mov eax, ebx
:00416D23 E88CFFFFFF
call 00416CB4
:00416D28 8B4304
:00416D2B 5B
pop ebx
:00416D2C C3
ret
:00416D2D 8D4000

|:00416DEE , :00416E0C , :00416E28
|
:00416D30 55
push ebp
:00416D31 8BEC
mov ebp, esp
:00416D33 51
push ecx
:00416D34 53
push ebx
:00416D35 56
push esi
:00416D36 57
push edi
:00416D37 8BF2
mov esi, edx
:00416D39 8BD8
mov ebx, eax
:00416D3B 33C0
xor eax, eax
:00416D3D 8945FC
:00416D40 85F6
test esi, esi
:00416D42 7449
je 00416D8D
:00416D44 8BC6
mov eax, esi
:00416D46 E81DBEFEFF
call 00402B68
:00416D4B B201
mov dl, 01
:00416D4D FF500C
call [eax+0C]
:00416D50 8945FC
:00416D53 8BD6
mov edx, esi
:00416D55 8B45FC
:00416D58
:00416D5A
:00416D5D
:00416D60
:00416D63
:00416D64
:00416D66
:00416D6A
:00416D6F
:00416D71
:00416D72
:00416D75
:00416D78
:00416D7B
:00416D7C
:00416D7E
:00416D82
:00416D87
:00416D89
:00416D8A
8B08
FF5108
8B45FC
895808
50
8BC3
66BAFDFF
E89DC0FEFF
8BD0
58
895004
8B45FC
895810
50
8BC3
66BAFCFF
E885C0FEFF
8BD0
58
89500C
|:00416D42(C)
|
:00416D8D 33C0
:00416D8F 55
:00416D90 68C06D4100
:00416D95 64FF30
:00416D98 648920
:00416D9B 8B4304
:00416D9E E87DBEFEFF
:00416DA3 8B45FC
:00416DA6 894304
:00416DA9 8BD3
:00416DAB 8BC3
:00416DAD 66BBFDFF
:00416DB1 E83EC0FEFF
:00416DB6 33C0
:00416DB8 5A
:00416DB9 59
:00416DBA 59
:00416DBB 648910
:00416DBE EB17
:00416DC0 E9ABC2FEFF
:00416DC5 8B45FC
:00416DC8 E853BEFEFF
:00416DCD E8FAC4FEFF
:00416DD2 E849C5FEFF

call [ecx+08]
push eax
mov eax, ebx
mov dx, FFFD
call 00402E0C
mov edx, eax
pop eax
push eax
mov eax, ebx
mov dx, FFFC
call 00402E0C
mov edx, eax
pop eax
xor eax, eax
push ebp
push 00416DC0
call 00402C20
mov edx, ebx
mov eax, ebx
mov bx, FFFD
call 00402DF4
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00416DD7
jmp 00403070
call 00402C20
call 004032CC
call 00403320

|:00416DBE(U)
|
:00416DD7 5F
pop edi
:00416DD8 5E
pop esi
:00416DD9 5B
pop ebx
:00416DDA 59
pop ecx
:00416DDB 5D
pop ebp
:00416DDC C3
ret
:00416DDD
:00416DE0
:00416DE1
:00416DE2
:00416DE4
:00416DE6
:00416DE8
:00416DEA
:00416DEC
:00416DEE
:00416DF3
:00416DF4
:00416DF5
8D4000
53
56
8BDA
8BF0
85DB
750C
33D2
8BC6
E83DFFFFFF
5E
5B
C3

push ebx
push esi
mov ebx, edx
mov esi, eax
test ebx, ebx
jne 00416DF6
xor edx, edx
mov eax, esi
call 00416D30
pop esi
pop ebx
ret
|:00416DE8(C)
|
:00416DF6 8BC3
:00416DF8 8B15682E4100
:00416DFE E88DBFFEFF
:00416E03 84C0
:00416E05 740C
:00416E07 8B5304
:00416E0A 8BC6
:00416E0C E81FFFFFFF
:00416E11 EB25
|:00416E05(C)
|
:00416E13 8BC3
:00416E15 8B15842D4100
:00416E1B E870BFFEFF
:00416E20 84C0
:00416E22 740B
:00416E24 8BD3
:00416E26 8BC6
:00416E2D EB09
|:00416E22(C)
|
:00416E2F 8BD3
:00416E31 8BC6
:00416E33 E8D063FFFF
|:00416E11(U), :00416E2D(U)
|
:00416E38 5E
:00416E39 5B
:00416E3A C3
:00416E3B 90
:00416E3C 53
:00416E3D 8BD8
nop
push ebx
mov ebx, eax
mov eax, ebx

mov edx, dword ptr [00412E68]
call 00402D90
test al, al
je 00416E13
mov eax, esi
call 00416D30
jmp 00416E38
mov eax, ebx

call 00402D90
test al, al
je 00416E2F
mov edx, ebx
mov eax, esi
call 00416D30
jmp 00416E38
mov edx, ebx

mov eax, esi
call 0040D208
pop esi
pop ebx
ret
:00416E3F
:00416E44
:00416E46
:00416E48
:00416E4B
66837B0A00
7408
8BD3
8B430C
FF5308
|:00416E44(C)
|
:00416E4E 837B1000
:00416E52 7408
:00416E54 8B4310
:00416E57 8B10
:00416E59 FF520C
cmp word ptr [ebx+0A], 0000

je 00416E4E
mov edx, ebx
call [ebx+08]
je 00416E5C
call [edx+0C]

|:00416E52(C)
|
:00416E5C 5B
pop ebx
:00416E5D C3
ret
:00416E5E
:00416E60
:00416E61
:00416E63
:00416E64
:00416E69
:00416E6B
:00416E6E
:00416E6F
:00416E72
:00416E73
:00416E76
:00416E77
:00416E7A
:00416E7B
:00416E7D
:00416E80
8BC0
55
8BEC
53
6683781600
7418
8A5D14
53
8A5D10
53
8B5D0C
53
8B5D08
53
8BD8
8B4318
FF5314
mov eax, eax

push ebp
mov ebp, esp
push ebx
je 00416E83
push ebx
push ebx
push ebx
push ebx
mov ebx, eax
call [ebx+14]

|:00416E69(C)
|
:00416E83 5B
pop ebx
:00416E84 5D
pop ebp
:00416E85 C21000
ret 0010
:00416E88
:00416E89
:00416E8B
:00416E8E
:00416E8F
:00416E90
:00416E91
:00416E93
:00416E96
:00416E98
:00416E9A
:00416E9C
55
8BEC
83C4B8
53
56
57
33C9
894DB8
8BF2
8BD8
33C0
55
push ebp
mov ebp, esp
add esp, FFFFFFB8
push ebx
push esi
push edi
xor ecx, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
:00416E9D
:00416EA2
:00416EA5
:00416EA8
:00416EAB
:00416EB0
:00416EB2
:00416EB4
:00416EB7
:00416EB9
:00416EBC
:00416EBF
:00416EC1
:00416EC3
:00416EC6
:00416EC9
:00416ECC
:00416ED1
:00416ED4
:00416ED9
:00416EDE
:00416EE0
:00416EE2
:00416EE4
:00416EE7
:00416EEA
:00416EEC
:00416EED
:00416EF2
:00416EF5
:00416EF8
:00416EFA
:00416EFD
:00416EFF
:00416F02
:00416F04
:00416F05
:00416F06
:00416F07
:00416F0A
:00416F0C
:00416F11
:00416F14
:00416F19
:00416F1E
68766F4100
64FF30
648920
8D55BC
B901000000
8BC6
8B38
FF5704
33C9
8A4DBC
8D55BD
8BC6
8B38
FF5704
8D45B8
8D55BC
E807CBFEFF
8B55B8
A168254400
E8EEFAFFFF
85C0
747E
B201
FF500C
8945FC
33C0
55
680C6F4100
64FF30
648920
8BD6
8B45FC
8B08
FF5130
33C0
5A
59
59
648910
EB17
E95FC1FEFF
8B45FC
E807BDFEFF
E8AEC3FEFF
E8FDC3FEFF
|:00416F0A(U)
|
:00416F23 8B4304
:00416F26 E8F5BCFEFF
:00416F2B 8B75FC
:00416F2E 897304
:00416F31 895E08
:00416F34 8BC3
:00416F36 66BAFDFF
:00416F3A E8CDBEFEFF
:00416F3F 894604
:00416F42 895E10
:00416F45 8BC3
push 00416F76
mov ecx, 00000001
mov eax, esi
call [edi+04]
xor ecx, ecx
mov cl, byte ptr [ebp-44]
mov eax, esi
call [edi+04]
call 004039D8
call 004169CC
test eax, eax
je 00416F60
mov dl, 01
call [eax+0C]
xor eax, eax
push ebp
push 00416F0C
mov edx, esi
call [ecx+30]
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00416F23
jmp 00403070
call 00402C20
call 004032CC
call 00403320
call 00402C20
mov eax, ebx
mov dx, FFFD
call 00402E0C
mov eax, ebx
:00416F47
:00416F4B
:00416F50
:00416F53
:00416F55
:00416F57
:00416F5B
66BAFCFF
E8BCBEFEFF
89460C
8BD3
8BC3
66BBFDFF
E894BEFEFF
mov dx, FFFC

call 00402E0C
mov edx, ebx
mov eax, ebx
mov bx, FFFD
call 00402DF4

|:00416EE0(C)
|
:00416F60 33C0
xor eax, eax
:00416F62 5A
pop edx
:00416F63 59
pop ecx
:00416F64 59
pop ecx
:00416F65 648910
|
:00416F68 687D6F4100
push 00416F7D
|:00416F7B(U)
|
:00416F6D 8D45B8
:00416F70 E843C8FEFF
:00416F75 C3
:00416F76
:00416F7B
:00416F7D
:00416F7E
:00416F7F
:00416F80
:00416F82
:00416F83
E9FDC2FEFF
EBF0
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:00416F84
:00416F85
:00416F86
:00416F87
:00416F8D
:00416F8F
:00416F91
:00416F95
:00416F98
:00416F9A
:00416F9F
:00416FA3
:00416FA5
:00416FA7
:00416FAC
:00416FAE
:00416FB1
:00416FB2
:00416FB4
:00416FB6
:00416FB8
53
56
57
81C4C0FEFFFF
8BF2
8BD8
8D542440
8B4304
8B00
E8CDBBFEFF
8D542440
8BC4
B13F
E868B8FEFF
33C9
8A0C24
41
8BD4
8BC6
8B38
FF5708
push ebx
push esi
push edi
add esp, FFFFFEC0
mov esi, edx
mov ebx, eax
call 00402B6C
mov eax, esp
mov cl, 3F
call 00402814
xor ecx, ecx
inc ecx
mov edx, esp
mov eax, esi
call [edi+08]

call 004037B8
ret
00403278
00416F6D
edi
esi
ebx
esp, ebp
ebp
:00416FBB
:00416FBD
:00416FC0
:00416FC2
:00416FC5
:00416FCB
:00416FCC
:00416FCD
:00416FCE
8BD6
8B4304
8B08
FF5144
81C440010000
5F
5E
5B
C3
:00416FCF 90
mov edx, esi

call [ecx+44]
add esp, 00000140
pop edi
pop esi
pop ebx
ret
nop

|:0041706C
|
:00416FD0 55
push ebp
:00416FD1 8BEC
mov ebp, esp
:00416FD3 53
push ebx
:00416FD4 56
push esi
:00416FD5 8B4508
:00416FD8 8B40FC
:00416FDB 8B701C
:00416FDE 85F6
test esi, esi
:00416FE0 7457
je 00417039
:00416FE2 B301
mov bl, 01
:00416FE4 8B4508
:00416FE7 8BC6
mov eax, esi
:00416FE9 8B15682E4100
:00416FEF E89CBDFEFF
call 00402D90
:00416FF4 84C0
test al, al
:00416FF6 744E
je 00417046
:00416FF8 8B4508
:00416FFB 8BDE
mov ebx, esi
:00416FFD 8B4508
:00417000 8B40F8
:00417003 8B4004
:00417006 3B4304
:00417009 7424
je 0041702F
:0041700B 8B4508
:0041700E 8B40F8
:00417011 8B7004
:00417014 85F6
test esi, esi
:00417016 741B
je 00417033
:00417018 837B0400
:0041701C 7415
je 00417033
:0041701E 8B5304
:00417021 8B4508
:00417024 8BC6
mov eax, esi
:00417026 8B08
:00417028 FF5118
call [ecx+18]
:0041702B 84C0
test al, al
:0041702D 7404
je 00417033
|:00417009(C)
|
:0041702F 33C0
xor eax, eax
:00417031 EB02
jmp 00417035

|:00417016(C), :0041701C(C), :0041702D(C)
|
:00417033 B001
mov al, 01
|:00417031(U)
|
:00417035 8BD8
mov ebx, eax
:00417037 EB0D
jmp 00417046
|:00416FE0(C)
|
:00417039 8B4508
:0041703C 8B40F8
:0041703F 83780400
:00417043 0F95C3
|:00416FF6(C), :00417037(U)
|
:00417046 8BC3
:00417048 5E
:00417049 5B
:0041704A 5D
:0041704B C3
:0041704C
:0041704D
:0041704F
:00417052
:00417053
:00417056
:00417059
:0041705C
:0041705D
:00417062
:00417065
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push eax
push 00416E88
push eax
55
8BEC
83C4F8
53
8955FC
8945F8
8B45F8
50
68886E4100
8B45F8
50

setne bl
mov
pop
pop
pop
ret
eax, ebx
esi
ebx
ebp
* Possible StringData Ref from Code Obj ->"SVW"

|
:00417066 68846F4100
push 00416F84
:0041706B 55
push ebp
:0041706C E85FFFFFFF
call 00416FD0
:00417071 59
pop ecx
:00417072 8BC8
mov ecx, eax
* Possible StringData Ref from Code Obj ->"Data"
|
:00417074 BA90704100
mov edx, 00417090
:00417079 8B45FC
:0041707C 8B18
:0041707E FF5304
call [ebx+04]
:00417081 5B
pop ebx
:00417082 59
pop ecx
:00417083 59
pop ecx
:00417084 5D
pop ebp
:00417085 C3
ret
:00417086 0000
BYTE 2 DUP(0)
:00417088 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041708C
:0041708E
:00417090
:00417091
:00417092
:00417094
add al, 00
inc esp
popad
je 004170F5
BYTE 4 DUP(0)
0400
0000
44
61
7461
00000000

|:004405C3 , :004405DB , :004405FE , :00440840 , :0044085E
|:00440964 , :0044098F
|
:00417098 33D2
xor edx, edx
:0041709A 8B4804
:0041709D 85C9
test ecx, ecx
:0041709F 7409
je 004170AA
:004170A1 8BC1
mov eax, ecx
:004170A3 8B10
:004170A5 FF522C
call [edx+2C]
:004170A8 8BD0
mov edx, eax
|:0041709F(C)
|
:004170AA 8BC2
mov eax, edx
:004170AC C3
ret
:004170AD 8D4000

|:0044059E , :004405AB , :004405F1 , :0044084F , :0044086A
|:00440973 , :004409A3
|
:004170B0 33D2
xor edx, edx
:004170B2 8B4804
:004170B5 85C9
test ecx, ecx
:004170B7 7409
je 004170C2
:004170B9 8BC1
mov eax, ecx
:004170BB 8B10
:004170BD FF5220
call [edx+20]
:004170C0 8BD0
mov edx, eax
|:004170B7(C)
|
:004170C2 8BC2
mov eax, edx
:004170C4 C3
ret
:004170C5 8D4000
:004170C8
:004170C9
:004170CA
:004170CF
:004170D1
:004170D3
:004170D6
:004170D8
:004170DA
53
56
E895BEFEFF
8BDA
8BF0
8B4608
85C0
7406
50
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
test eax, eax
je 004170E0
push eax
* Reference To: gdi32.DeleteEnhMetaFile, Ord:0000h

|
:004170DB E868EDFEFF
Call 00405E48
|:004170D8(C)
|
:004170E0 8B4614
:004170E3 E838C2FFFF
:004170E8 8BD3
:004170EA 80E2FC
:004170ED 8BC6
:004170EF E81CBBFEFF
:004170F4 84DB
:004170F6 7E07
:004170F8 8BC6
:004170FA E855BEFEFF

call 00413320
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 004170FF
mov eax, esi
call 00402F54

|:004170F6(C)
|
:004170FF 5E
pop esi
:00417100 5B
pop ebx
:00417101 C3
ret
:00417102 8BC0
:00417104 C3
mov eax, eax

ret
:00417105
:00417108
:00417109
:0041710A
:0041710C
:0041710E
:00417111

push ebx
push esi
test dl, dl
je 00417116
add esp, FFFFFFF0
call 00402F04
8D4000
53
56
84D2
7408
83C4F0
E8EEBDFEFF
|:0041710C(C)
|
:00417116 8BDA
:00417118 8BF0
:0041711A 33D2
:0041711C 8BC6
:0041711E E8CDF2FFFF
:00417123 C6461C01
:00417127 C6461501
:0041712B 33D2
:0041712D 8BC6

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 004163F0
mov [esi+1C], 01
mov [esi+15], 01
xor edx, edx
mov eax, esi
:0041712F
:00417131
:00417134
:00417136
:00417138
:0041713A
:0041713F
:00417146
8B08
FF5108
8BC6
84DB
740F
E81DBEFEFF
648F0500000000
83C40C

call [ecx+08]
mov eax, esi
test bl, bl
je 00417149
call 00402F5C
add esp, 0000000C

|:00417138(C)
|
:00417149 8BC6
mov eax, esi
:0041714B 5E
pop esi
:0041714C 5B
pop ebx
:0041714D C3
ret
:0041714E
:00417150
:00417151
:00417152
:00417157
:00417159
:0041715B
:0041715E
:00417163
:00417165
:00417168
:0041716A
:0041716F
:00417171
:00417173
:00417175
8BC0
53
56
E80DBEFEFF
8BDA
8BF0
8B4618
E8610F0000
8BD3
80E2FC
8BC6
E86D60FFFF
84DB
7E07
8BC6
E8DABDFEFF
mov eax, eax

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 004180C4
mov edx, ebx
and dl, FC
mov eax, esi
call 0040D1DC
test bl, bl
jle 0041717A
mov eax, esi
call 00402F54

|:00417171(C)
|
:0041717A 5E
pop esi
:0041717B 5B
pop ebx
:0041717C C3
ret
:0041717D
:00417180
:00417181
:00417182
:00417183
:00417185
:00417187
:00417189
:0041718B
:0041718D
:00417193
:00417198
:0041719A
8D4000
53
56
57
8BF2
8BD8
85F6
7411
8BC6
8B15D02F4100
E8F8BBFEFF
84C0
746A

push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
test esi, esi
je 0041719C
mov eax, esi
mov edx, dword ptr [00412FD0]
call 00402D90
test al, al
je 00417206

|:00417189(C)
|
:0041719C
:0041719E
:004171A1
:004171A3
:004171A5
:004171A8
33FF
8B4318
85C0
7408
8B7814
E8170F0000
xor edi, edi

test eax, eax
je 004171AD
call 004180C4

|:004171A3(C)
|
:004171AD 85F6
test esi, esi
:004171AF 7410
je 004171C1
:004171B1 8BC6
mov eax, esi
:004171B3 8B5018
:004171B6 895318
:004171B9 8A401C
:004171BC 88431C
mov byte ptr [ebx+1C], al
:004171BF EB13
jmp 004171D4
|:004171AF(C)
|
:004171C1 B201
:004171C3 A1702F4100
:004171C8 E823BAFEFF
:004171CD 894318
:004171D0 C6431C01
|:004171BF(U)
|
:004171D4 8B4318
:004171D7 E8E40E0000
:004171DC 8BC3
:004171DE 8B10
:004171E0 FF5224
:004171E3 3BF8
:004171E5 740B
:004171E7 8BC3
:004171E9 8B10
:004171EB FF5224
:004171EE 85C0
:004171F0 7504
mov dl, 01
call 00402BF0
mov [ebx+1C], 01

call 004180C0
mov eax, ebx
call [edx+24]
cmp edi, eax
je 004171F2
mov eax, ebx
call [edx+24]
test eax, eax
jne 004171F6

|:004171E5(C)
|
:004171F2 33C0
xor eax, eax
:004171F4 EB02
jmp 004171F8
|:004171F0(C)
|
:004171F6 B001
mov al, 01
|:004171F4(U)
|
:004171F8 884316
:004171FB 8BD3
mov edx, ebx
:004171FD
:004171FF
:00417201
:00417204
8BC3
8B08
FF5110
EB09
|:0041719A(C)
|
:00417206 8BD6
:00417208 8BC3
:0041720A E8F95FFFFF
mov eax, ebx

call [ecx+10]
jmp 0041720F
mov edx, esi
mov eax, ebx
call 0040D208

|:00417204(U)
|
:0041720F 5F
pop edi
:00417210 5E
pop esi
:00417211 5B
pop ebx
:00417212 C3
ret
:00417213
:00417214
:00417215
:00417216
:00417217
:00417218
:0041721B
:0041721E
:00417220
:00417222
:00417226
:00417228
:0041722A
:0041722C
:0041722F
:00417231
:00417233
:00417235
:00417237
:00417239
:0041723A
:0041723C
:00417241
90
53
56
57
55
83C4EC
890C24
8BFA
8BD8
837B1800
7477
8BC3
8B10
FF5224
8BF0
33ED
85F6
741F
6AFF
56
8BC7
E81FDCFFFF
50
nop
push ebx
push esi
push edi
push ebp
add esp, FFFFFFEC
mov edi, edx
mov ebx, eax
je 0041729F
mov eax, ebx
call [edx+24]
mov esi, eax
xor ebp, ebp
test esi, esi
je 00417256
push FFFFFFFF
push esi
mov eax, edi
call 00414E60
push eax

|
:00417242 E829EDFEFF
Call 00405F70
:00417247 8BE8
mov ebp, eax
:00417249 8BC7
mov eax, edi
:0041724B E810DCFFFF
call 00414E60
:00417250 50
push eax
|
:00417251 E8EAECFEFF
Call 00405F40
|:00417235(C)
|
:00417256
:00417259
:0041725A
:0041725B
:0041725D
:00417261
:00417266
:00417267
:00417268
:00417269
:0041726A
:0041726E
:00417272
:00417276
:00417277
:0041727A
:0041727D
:0041727E
:00417280
:00417285
8B0424
56
57
8BF0
8D7C240C
B904000000
F3
A5
5F
5E
FF4C240C
FF4C2410
8D442404
50
8B4318
8B4008
50
8BC7
E8DBDBFFFF
50
mov eax, dword ptr

push esi
push edi
mov esi, eax
lea edi, dword ptr
mov ecx, 00000004
repz
movsd
pop edi
pop esi
dec [esp+0C]
dec [esp+10]
lea eax, dword ptr
push eax
mov eax, dword ptr
mov eax, dword ptr
push eax
mov eax, edi
call 00414E60
push eax
[esp]
[esp+0C]
[esp+04]
[ebx+18]
[eax+08]
* Reference To: gdi32.PlayEnhMetaFile, Ord:0000h

|
:00417286 E8ADECFEFF
Call 00405F38
:0041728B 85F6
test esi, esi
:0041728D 7410
je 0041729F
:0041728F 6AFF
push FFFFFFFF
:00417291 55
push ebp
:00417292 8BC7
mov eax, edi
:00417294 E8C7DBFFFF
call 00414E60
:00417299 50
push eax
|
:0041729A E8D1ECFEFF
Call 00405F70
|:00417226(C), :0041728D(C)
|
:0041729F 83C414
:004172A2 5D
:004172A3 5F
:004172A4 5E
:004172A5 5B
:004172A6 C3
:004172A7
:004172A8
:004172AC
:004172AF
90
83781800
0F94C0
C3
nop
sete al
ret
:004172B0
:004172B1
:004172B4
:004172B6
:004172BA
:004172BC
:004172BE
53
83C49C
8BD8
837B1800
7507
8BC3
E895010000
push ebx
add esp, FFFFFF9C
mov ebx, eax
jne 004172C3
mov eax, ebx
call 00417458
add
pop
pop
pop
pop
ret
esp, 00000014
ebp
edi
esi
ebx
|:004172BA(C)
|
:004172C3 8B5B18
:004172C6 66837B1800
:004172CB 752B
:004172CD 8B4308
:004172D0 85C0
:004172D2 7505
:004172D4 8B4320
:004172D7 EB33

jne 004172F8
test eax, eax
jne 004172D9
jmp 0041730C

|:004172D2(C)
|
:004172D9 54
push esp
:004172DA 6A64
push 00000064
:004172DC 50
push eax
|
:004172DD E8D6EBFEFF
Call 00405EB8
:004172E2 6B44245464
imul eax, dword ptr [esp+54], 00000064
:004172E7 50
push eax
:004172E8 8B442450
:004172EC 50
push eax
:004172ED 8B4310
:004172F0 50
push eax
|
:004172F1 E86AEAFEFF
Call 00405D60
:004172F6 EB14
jmp 0041730C
|:004172CB(C)
|
:004172F8 68EC090000
:004172FD A138364400
:00417302 50
:00417303 8B4310
:00417306 50

push 000009EC
push eax
push eax

|
:00417307 E854EAFEFF
Call 00405D60
|:004172D7(U), :004172F6(U)
|
:0041730C 83C464
:0041730F 5B
:00417310 C3
:00417311
:00417314
:00417315
:00417316

push ebx
push esi
push edi
8D4000
53
56
57
add esp, 00000064

pop ebx
ret
:00417317
:0041731D
:0041731F
:00417321
:00417324
:00417326
:00417328
:0041732C
:0041732E
:00417332
:00417334
:00417336
:00417338
:0041733B
81C4FCFBFFFF
8BD8
33FF
8B4318
85C0
7469
83780800
7463
83781400
7557
6A00
6A00
8B4008
50
add esp, FFFFFBFC

mov ebx, eax
xor edi, edi
test eax, eax
je 00417391
je 00417391
jne 0041738B
push 00000000
push 00000000
push eax

|
:0041733C E87FEBFEFF
Call 00405EC0
:00417341 8BF0
mov esi, eax
:00417343 85F6
test esi, esi
:00417345 744A
je 00417391
:00417347 81FE00010000
cmp esi, 00000100
:0041734D 7E06
jle 00417355
:0041734F 81E6FF000000
and esi, 000000FF
|:0041734D(C)
|
:00417355 8B4318
:00417358 8B4014
:0041735B E8C0BFFFFF
:00417360 66C704240003
:00417366 6689742402
:0041736B 8D442404
:0041736F 50
:00417370 56
:00417371 8B4318
:00417374 8B4008
:00417377 50

call 00413320
mov word ptr [esp+02], si
push eax
push esi
push eax

|
:00417378 E843EBFEFF
Call 00405EC0
:0041737D 8BC4
mov eax, esp
:0041737F 50
push eax
|
:00417380 E89BEAFEFF
Call 00405E20
:00417385 8B5318
:00417388 894214
|:00417332(C)
|
:0041738B 8B4318
:0041738E 8B7814
|:00417326(C), :0041732C(C), :00417345(C)
|
:00417391
:00417393
:00417399
:0041739A
:0041739B
:0041739C
8BC7
81C404040000
5F
5E
5B
C3
mov
add
pop
pop
pop
ret
:0041739D
:004173A0
:004173A1
:004173A4
:004173A6
:004173AA
:004173AC
:004173AE
8D4000
53
83C49C
8BD8
837B1800
7507
8BC3
E8A5000000

push ebx
add esp, FFFFFF9C
mov ebx, eax
jne 004173B3
mov eax, ebx
call 00417458
|:004173AA(C)
|
:004173B3 8B5B18
:004173B6 66837B1800
:004173BB 752B
:004173BD 8B4308
:004173C0 85C0
:004173C2 7505
:004173C4 8B431C
:004173C7 EB33
eax, edi
esp, 00000404
edi
esi
ebx

jne 004173E8
test eax, eax
jne 004173C9
jmp 004173FC

|:004173C2(C)
|
:004173C9 54
push esp
:004173CA 6A64
push 00000064
:004173CC 50
push eax
|
:004173CD E8E6EAFEFF
Call 00405EB8
:004173D2 6B44245064
:004173D7 50
push eax
:004173D8 8B44244C
:004173DC 50
push eax
:004173DD 8B430C
:004173E0 50
push eax
|
:004173E1 E87AE9FEFF
Call 00405D60
:004173E6 EB14
jmp 004173FC
|:004173BB(C)
|
:004173E8 68EC090000
:004173ED A138364400
:004173F2 50
:004173F3 8B430C
:004173F6 50

push 000009EC
push eax
push eax

|
:004173F7 E864E9FEFF
Call 00405D60
|:004173C7(U), :004173E6(U)
|
:004173FC 83C464
:004173FF 5B
:00417400 C3
:00417401
:00417404
:00417405
:00417406
:00417408
:0041740A
:0041740C
:0041740E
:00417413
:00417415
:00417417
:00417419
:0041741B
:00417420

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 004178E0
test al, al
je 00417422
mov edx, esi
mov eax, ebx
call 004174DC
jmp 0041743D
8D4000
53
56
8BF2
8BD8
8BD6
8BC3
E8CD040000
84C0
740B
8BD6
8BC3
E8BC000000
EB1B
|:00417415(C)
|
:00417422 8BC6
:00417424 E82F73FFFF
:00417429 50
:0041742A 8BC6
:0041742C E80B73FFFF
:00417431 59
:00417432 2BC8
:00417434 8BD6
:00417436 8BC3
:00417438 E86F010000
add esp, 00000064

pop ebx
ret

mov eax, esi
call 0040E758
push eax
mov eax, esi
call 0040E73C
pop ecx
sub ecx, eax
mov edx, esi
mov eax, ebx
call 004175AC

|:00417420(U)
|
:0041743D 8BC3
mov eax, ebx
:0041743F 8B10
:00417441 FF5224
call [edx+24]
:00417444 85C0
test eax, eax
:00417446 0F95C0
setne al
:00417449 884316
:0041744C 8BD3
mov edx, ebx
:0041744E 8BC3
mov eax, ebx
:00417450 8B08
:00417452 FF5110
call [ecx+10]
:00417455 5E
pop esi
:00417456 5B
pop ebx
:00417457 C3
ret

|:004172BE , :004173AE , :004174EB , :004175BF , :0041778D
|:004177FE , :0041783A , :0041787D , :0041794E , :00417C56
|
:00417458 53
push ebx
:00417459 56
push esi
:0041745A 8BD8
mov ebx, eax
:0041745C 8B4318
:0041745F E8600C0000
call 004180C4
:00417464 B201
mov dl, 01
:00417466 A1702F4100
:0041746B E880B7FEFF
call 00402BF0
:00417470 8BF0
mov esi, eax
:00417472 897318
:00417475 8BC6
mov eax, esi
:00417477 E8440C0000
call 004180C0
:0041747C 5E
pop esi
:0041747D 5B
pop ebx
:0041747E C3
ret
:0041747F
:00417480
:00417481
:00417482
:00417483
:00417484
:00417486
:00417488
:0041748A
:0041748F
:00417491
:00417493
:00417496
:00417498
:0041749A
:0041749F
:004174A1
:004174A3
:004174A5
:004174A7
:004174AC
90
53
56
57
51
8BF2
8BD8
8BD4
B904000000
8BC6
8B38
FF5704
8BD6
8BC3
E841040000
84C0
740B
8BD6
8BC3
E830000000
EB0F
|:004174A1(C)
|
:004174AE 8B0C24
:004174B1 83E904
:004174B4 8BD6
:004174B6 8BC3
:004174B8 E8EF000000
nop
push ebx
push esi
push edi
push ecx
mov esi, edx
mov ebx, eax
mov edx, esp
mov ecx, 00000004
mov eax, esi
call [edi+04]
mov edx, esi
mov eax, ebx
call 004178E0
test al, al
je 004174AE
mov edx, esi
mov eax, ebx
call 004174DC
jmp 004174BD
sub ecx, 00000004
mov edx, esi
mov eax, ebx
call 004175AC

|:004174AC(U)
|
:004174BD 8BC3
mov eax, ebx
:004174BF 8B10
:004174C1 FF5224
call [edx+24]
:004174C4 85C0
test eax, eax
:004174C6
:004174C9
:004174CC
:004174CE
:004174D0
:004174D2
:004174D5
:004174D6
:004174D7
:004174D8
:004174D9
0F95C0
884316
8BD3
8BC3
8B08
FF5110
5A
5F
5E
5B
C3
:004174DA 8BC0
setne al
mov edx, ebx
mov eax, ebx
call [ecx+10]
pop edx
pop edi
pop esi
pop ebx
ret
mov eax, eax

|:0041741B , :004174A7
|
:004174DC 55
push ebp
:004174DD 8BEC
mov ebp, esp
:004174DF 83C498
add esp, FFFFFF98
:004174E2 53
push ebx
:004174E3 56
push esi
:004174E4 57
push edi
:004174E5 8BFA
mov edi, edx
:004174E7 8BF0
mov esi, eax
:004174E9 8BC6
mov eax, esi
:004174EB E868FFFFFF
call 00417458
:004174F0 8D5598
:004174F3 B964000000
mov ecx, 00000064
:004174F8 8BC7
mov eax, edi
:004174FA E89172FFFF
call 0040E790
:004174FF 817DC020454D46
cmp dword ptr [ebp-40], 464D4520
:00417506 7405
je 0041750D
:00417508 E80FDDFFFF
call 0041521C
|:00417506(C)
|
:0041750D 8B45C8
:00417510 E87FB1FEFF
:00417515 8945FC
:00417518 8B5E18
:0041751B 33C0
:0041751D 55
:0041751E 689C754100
:00417523 64FF30
:00417526 648920
:00417529 8B55FC
:0041752C 8D4598
:0041752F B964000000
:00417534 E873B2FEFF
:00417539 8B4DC8
:0041753C 83E964
:0041753F 8B55FC
:00417542 83C264
:00417545 8BC7
:00417547 E84472FFFF
:0041754C 8B45FC
:0041754F 50

call 00402694
xor eax, eax
push ebp
push 0041759C
mov ecx, 00000064
call 004027AC
sub ecx, 00000064
add edx, 00000064
mov eax, edi
call 0040E790
push eax
:00417550 8B45C8
:00417553 50

push eax
* Reference To: gdi32.SetEnhMetaFileBits, Ord:0000h

|
:00417554 E83FEAFEFF
Call 00405F98
:00417559 8BF8
mov edi, eax
:0041755B 897B08
:0041755E 85FF
test edi, edi
:00417560 7505
jne 00417567
:00417562 E8B5DCFFFF
call 0041521C
|:00417560(C)
|
:00417567 66C743180000
:0041756D 8B45B8
:00417570 2B45B0
:00417573 89430C
:00417576 8B45BC
:00417579 2B45B4
:0041757C 894310
:0041757F C6461C01
:00417583 33C0
:00417585 5A
:00417586 59
:00417587 59
:00417588 648910

mov
mov
sub
mov
mov
sub
mov
mov
xor
pop
pop
pop
mov
[ebx+18], 0000
[esi+1C], 01
eax, eax
edx
ecx
ecx

|
:0041758B 68A3754100
push 004175A3
|:004175A1(U)
|
:00417590 8B55C8
:00417593 8B45FC
:00417596 E811B1FEFF
:0041759B C3
:0041759C
:004175A1
:004175A3
:004175A4
:004175A5
:004175A6
:004175A8
:004175A9
jmp
jmp
pop
pop
pop
mov
pop
ret
E9D7BCFEFF
EBED
5F
5E
5B
8BE5
5D
C3
:004175AA 8BC0

call 004026AC
ret
00403278
00417590
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:00417438 , :004174B8
|
:004175AC 55
push ebp
:004175AD 8BEC
mov ebp, esp
:004175AF 83C4CC
add esp, FFFFFFCC
:004175B2
:004175B3
:004175B4
:004175B5
:004175B8
:004175BB
:004175BD
:004175BF
:004175C4
:004175C7
:004175CC
:004175CF
:004175D1
:004175D4
:004175DB
:004175DD
:004175E0
:004175E5
:004175E9
53
56
57
894DF8
8955FC
8BD8
8BC3
E894FEFFFF
8D55DE
B916000000
8B45FC
8B30
FF5604
817DDED7CDC69A
750E
8D45DE
E8F3E9FFFF
663B45F2
7405
push ebx
push esi
push edi
mov ebx, eax
mov eax, ebx
call 00417458
mov ecx, 00000016
call [esi+04]
cmp dword ptr [ebp-22], 9AC6CDD7
jne 004175EB
call 00415FD8
cmp ax, word ptr [ebp-0E]
je 004175F0

|:004175DB(C)
|
:004175EB E82CDCFFFF
call 0041521C
|:004175E9(C)
|
:004175F0 836DF816
:004175F4 8B45F8
:004175F7 E898B0FEFF
:004175FC 8945F4
:004175FF 8B7318
:00417602 33C0
:00417604 55
:00417605 68C4764100
:0041760A 64FF30
:0041760D 648920
:00417610 8B55F4
:00417613 8B4DF8
:00417616 8B45FC
:00417619 8B38
:0041761B FF5704
:0041761E 8B4318
:00417621 668B55EC
:00417625 66895018
:00417629 66837DEC00
:0041762E 7506
:00417630 66C745EC6000
|:0041762E(C)
|
:00417636 0FB745EC
:0041763A 50
:0041763B 68EC090000
:00417640 0FBF45E8
:00417644 0FBF55E4
:00417648 2BC2
:0041764A 50
sub dword ptr [ebp-08], 00000016

call 00402694
xor eax, eax
push ebp
push 004176C4
call [edi+04]
mov word ptr [eax+18], dx
cmp word ptr [ebp-14], 0000
jne 00417636
mov [ebp-14], 0060

push eax
push 000009EC
movsx edx, word ptr [ebp-1C]
sub eax, edx
push eax

|
:0041764B E810E7FEFF
Call 00405D60
:00417650 89460C
:00417653 0FB745EC
:00417657 50
push eax
:00417658 68EC090000
push 000009EC
:0041765D 0FBF45EA
:00417661 0FBF55E6
movsx edx, word ptr [ebp-1A]
:00417665 2BC2
sub eax, edx
:00417667 50
push eax
|
:00417668 E8F3E6FEFF
Call 00405D60
:0041766D 894610
:00417670 C745CE08000000
mov [ebp-32], 00000008
:00417677 33C0
xor eax, eax
:00417679 8945D2
mov dword ptr [ebp-2E], eax
:0041767C 33C0
xor eax, eax
:0041767E 8945D6
mov dword ptr [ebp-2A], eax
:00417681 33C0
xor eax, eax
:00417683 8945DA
:00417686 8D45CE
:00417689 50
push eax
:0041768A 6A00
push 00000000
:0041768C 8B45F4
:0041768F 50
push eax
:00417690 8B45F8
:00417693 50
push eax
* Reference To: gdi32.SetWinMetaFileBits, Ord:0000h
|
:00417694 E82FE9FEFF
Call 00405FC8
:00417699 8BF8
mov edi, eax
:0041769B 897E08
:0041769E 85FF
test edi, edi
:004176A0 7505
jne 004176A7
:004176A2 E875DBFFFF
call 0041521C
|:004176A0(C)
|
:004176A7 C6431C00
:004176AB 33C0
:004176AD 5A
:004176AE 59
:004176AF 59
:004176B0 648910

mov
xor
pop
pop
pop
mov
[ebx+1C], 00
eax, eax
edx
ecx
ecx

|
:004176B3 68CB764100
push 004176CB
|:004176C9(U)
|
:004176B8 8B55F8
:004176BB 8B45F4
:004176BE E8E9AFFEFF
:004176C3 C3
call 004026AC
ret
:004176C4
:004176C9
:004176CB
:004176CC
:004176CD
:004176CE
:004176D0
:004176D1
E9AFBBFEFF
EBED
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:004176D2
:004176D4
:004176D5
:004176D7
:004176D9
:004176DB
:004176DC
:004176DD
:004176DE
:004176E0
:004176E2
:004176E4
:004176E5
:004176EA
:004176ED
:004176F0
:004176F3
:004176F6
:004176F8
:004176FD
:00417700
:00417703
:00417708
8BC0
55
8BEC
6A00
6A00
53
56
57
8BF2
8BF8
33C0
55
6842774100
64FF30
648920
8A5F1C
8D55F8
8BC6
E80301FFFF
8B45F8
8D55FC
E80C1AFFFF
8B45FC
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push 00000000
push ebx
push esi
push edi
mov esi, edx
mov edi, eax
xor eax, eax
push ebp
push 00417742
mov bl, byte ptr [edi+1C]
mov eax, esi
call 00407800
call 00409114
00403278
004176B8
edi
esi
ebx
esp, ebp
ebp
* Possible StringData Ref from Code Obj ->".wmf"

|
:0041770B BA58774100
mov edx, 00417758
:00417710 E82FC4FEFF
call 00403B44
:00417715 7504
jne 0041771B
:00417717 C6471C00
mov [edi+1C], 00
|:00417715(C)
|
:0041771B 8BD6
:0041771D 8BC7
:0041771F E894EFFFFF
:00417724 885F1C
:00417727 33C0
:00417729 5A
:0041772A 59
:0041772B 59
:0041772C 648910

mov edx, esi
mov eax, edi
call 004166B8
mov byte ptr [edi+1C], bl
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0041772F 6849774100
push 00417749
|:00417747(U)
|
:00417734 8D45F8
:00417737 BA02000000
:0041773C E89BC0FEFF
:00417741 C3
:00417742
:00417747
:00417749
:0041774A
:0041774B
:0041774C
:0041774D
:0041774E
:0041774F
jmp
jmp
pop
pop
pop
pop
pop
pop
ret
E931BBFEFF
EBEB
5F
5E
5B
59
59
5D
C3

mov edx, 00000002
call 004037DC
ret
00403278
00417734
edi
esi
ebx
ecx
ecx
ebp
:00417750 FFFFFFFF
BYTE 4 DUP(0ffh)
:00417754 0400
:00417756 0000
:00417758 2E
add al, 00
BYTE 02eh
:00417759 776D
:0041775B 00
:0041775C 00000000
ja 004177C8
BYTE 000h
BYTE 4 DUP(0)
:00417760
:00417764
:00417766
:0041776A
:0041776C
:00417771

je 00417778
je 00417773
call 00417A48
jmp 00417778
83781800
7412
80781C00
7407
E8D7020000
EB05

|:0041776A(C)
|
:00417773 E854030000
call 00417ACC
|:00417764(C), :00417771(U)
|
:00417778 C3
:00417779 8D4000
:0041777C 53
:0041777D 56
:0041777E 83C49C
:00417781 8BF2
:00417783 8BD8
:00417785 837B1800
:00417789 7507
:0041778B 8BC3

ret
push ebx
push esi
add esp, FFFFFF9C
mov esi, edx
mov ebx, eax
jne 00417792
mov eax, ebx
:0041778D E8C6FCFFFF
call 00417458
|:00417789(C)
|
:00417792 8B4318
:00417795 6683781800
:0041779A 7531
:0041779C 8B5008
:0041779F 85D2
:004177A1 7505
:004177A3 897020
:004177A6 EB3F

jne 004177CD
test edx, edx
jne 004177A8
jmp 004177E7

|:004177A1(C)
|
:004177A8 54
push esp
:004177A9 6A64
push 00000064
:004177AB 52
push edx
|
:004177AC E807E7FEFF
Call 00405EB8
:004177B1 8B44244C
:004177B5 50
push eax
:004177B6 6B44245864
:004177BB 50
push eax
:004177BC 56
push esi
|
:004177BD E89EE5FEFF
Call 00405D60
:004177C2 8BD0
mov edx, eax
:004177C4 8BC3
mov eax, ebx
:004177C6 E825000000
call 004177F0
:004177CB EB1A
jmp 004177E7
|:0041779A(C)
|
:004177CD A138364400
:004177D2 50
:004177D3 68EC090000
:004177D8 56

push eax
push 000009EC
push esi

|
:004177D9 E882E5FEFF
Call 00405D60
:004177DE 8BD0
mov edx, eax
:004177E0 8BC3
mov eax, ebx
:004177E2 E809000000
call 004177F0
|:004177A6(U), :004177CB(U)
|
:004177E7 83C464
:004177EA 5E
:004177EB 5B
:004177EC C3

add esp, 00000064
pop esi
pop ebx
ret
:004177ED 8D4000

|:004177C6 , :004177E2
|
:004177F0 53
push ebx
:004177F1 56
push esi
:004177F2 8BF2
mov esi, edx
:004177F4 8BD8
mov ebx, eax
:004177F6 837B1800
:004177FA 7507
jne 00417803
:004177FC 8BC3
mov eax, ebx
:004177FE E855FCFFFF
call 00417458
|:004177FA(C)
|
:00417803 8B4318
:00417806 33D2
:00417808 895020
:0041780B 3B7010
:0041780E 7416
:00417810 8BC3
:00417812 E829010000
:00417817 8B4318
:0041781A 897010
:0041781D 8BD3
:0041781F 8BC3
:00417821 8B08
:00417823 FF5110

xor edx, edx
je 00417826
mov eax, ebx
call 00417940
mov edx, ebx
mov eax, ebx
call [ecx+10]

|:0041780E(C)
|
:00417826 5E
pop esi
:00417827 5B
pop ebx
:00417828 C3
ret
:00417829 8D4000

|:004178B6 , :004178D2
|
:0041782C 53
push ebx
:0041782D 56
push esi
:0041782E 8BF2
mov esi, edx
:00417830 8BD8
mov ebx, eax
:00417832 837B1800
:00417836 7507
jne 0041783F
:00417838 8BC3
mov eax, ebx
:0041783A E819FCFFFF
call 00417458
|:00417836(C)
|
:0041783F 8B4318
:00417842 33D2
xor edx, edx
:00417844
:00417847
:0041784A
:0041784C
:0041784E
:00417853
:00417856
:00417859
:0041785B
:0041785D
:0041785F
89501C
3B700C
7416
8BC3
E8ED000000
8B4318
89700C
8BD3
8BC3
8B08
FF5110

je 00417862
mov eax, ebx
call 00417940
mov dword ptr [eax+0C], esi
mov edx, ebx
mov eax, ebx
call [ecx+10]

|:0041784A(C)
|
:00417862 5E
pop esi
:00417863 5B
pop ebx
:00417864 C3
ret
:00417865 8D4000
:00417868 C3

ret
:00417869
:0041786C
:0041786D
:0041786E
:00417871
:00417873
:00417875
:00417879
:0041787B
:0041787D

push ebx
push esi
add esp, FFFFFF9C
mov esi, edx
mov ebx, eax
jne 00417882
mov eax, ebx
call 00417458
8D4000
53
56
83C49C
8BF2
8BD8
837B1800
7507
8BC3
E8D6FBFFFF
|:00417879(C)
|
:00417882 8B4318
:00417885 6683781800
:0041788A 7531
:0041788C 8B5008
:0041788F 85D2
:00417891 7505
:00417893 89701C
:00417896 EB3F

jne 004178BD
test edx, edx
jne 00417898
jmp 004178D7

|:00417891(C)
|
:00417898 54
push esp
:00417899 6A64
push 00000064
:0041789B 52
push edx
|
:0041789C E817E6FEFF
Call 00405EB8
:004178A1 8B442448
:004178A5 50
push eax
:004178A6 6B44245464
:004178AB 50
:004178AC 56
push eax
push esi

|
:004178AD E8AEE4FEFF
Call 00405D60
:004178B2 8BD0
mov edx, eax
:004178B4 8BC3
mov eax, ebx
call 0041782C
:004178BB EB1A
jmp 004178D7
|:0041788A(C)
|
:004178BD A138364400
:004178C2 50
:004178C3 68EC090000
:004178C8 56

push eax
push 000009EC
push esi

|
:004178C9 E892E4FEFF
Call 00405D60
:004178CE 8BD0
mov edx, eax
:004178D0 8BC3
mov eax, ebx
call 0041782C
|:00417896(U), :004178BB(U)
|
:004178D7 83C464
:004178DA 5E
:004178DB 5B
:004178DC C3
:004178DD 8D4000
add esp, 00000064

pop esi
pop ebx
ret

|:0041740E , :0041749A
|
:004178E0 53
push ebx
:004178E1 56
push esi
:004178E2 57
push edi
:004178E3 83C49C
add esp, FFFFFF9C
:004178E6 8BDA
mov ebx, edx
:004178E8 8BC3
mov eax, ebx
:004178EA E8696EFFFF
call 0040E758
:004178EF 8BF0
mov esi, eax
:004178F1 8BC3
mov eax, ebx
:004178F3 E8446EFFFF
call 0040E73C
:004178F8 2BF0
sub esi, eax
:004178FA 83FE64
cmp esi, 00000064
:004178FD 7E1E
jle 0041791D
:004178FF 8BD4
mov edx, esp
:00417901 B964000000
mov ecx, 00000064
:00417906 8BC3
mov eax, ebx
:00417908 8B38
:0041790A FF5704
call [edi+04]
:0041790D 66B90100
mov cx, 0001
:00417911 BA9CFFFFFF
mov edx, FFFFFF9C
:00417916 8BC3
:00417918 8B18
:0041791A FF530C
mov eax, ebx

call [ebx+0C]
|:004178FD(C)
|
:0041791D 83FE64
:00417920 7E10
:00417922 833C2401
:00417926 750A
:00417928 817C242820454D46
:00417930 7404

cmp esi, 00000064
jle 00417932
jne 00417932
cmp dword ptr [esp+28], 464D4520
je 00417936

|:00417920(C), :00417926(C)
|
:00417932 33C0
xor eax, eax
:00417934 EB02
jmp 00417938
|:00417930(C)
|
:00417936 B001
mov al, 01
|:00417934(U)
|
:00417938 83C464
add esp, 00000064
:0041793B 5F
pop edi
:0041793C 5E
pop esi
:0041793D 5B
pop ebx
:0041793E C3
ret
:0041793F 90
nop

|:00417812 , :0041784E
|
:00417940 53
push ebx
:00417941 56
push esi
:00417942 57
push edi
:00417943 8BD8
mov ebx, eax
:00417945 8B4318
:00417948 85C0
test eax, eax
:0041794A 7509
jne 00417955
:0041794C 8BC3
mov eax, ebx
:0041794E E805FBFFFF
call 00417458
:00417953 EB6A
jmp 004179BF
|:0041794A(C)
|
:00417955 83780401
:00417959 7E64
:0041795B B201
:0041795D A1702F4100
:00417962 E889B2FEFF
:00417967 8BF0

jle 004179BF
mov dl, 01
call 00402BF0
mov esi, eax
:00417969
:0041796C
:0041796F
:00417971
:00417973
:00417975
8B4318
8B7808
85FF
740B
6A00
57

test edi, edi
je 0041797E
push 00000000
push edi

|
:00417976 E85DE4FEFF
Call 00405DD8
:0041797B 894608
|:00417971(C)
|
:0041797E 8B4318
:00417981 8B4010
:00417984 894610
:00417987 8B4318
:0041798A 8B400C
:0041798D 89460C
:00417990 8B4318
:00417993 668B4018
:00417997 66894618
:0041799B 8B4318
:0041799E 8B401C
:004179A1 89461C
:004179A4 8B4318
:004179A7 8B4020
:004179AA 894620
:004179AD 8B4318
:004179B0 E80F070000
:004179B5 8BC6
:004179B7 894318
:004179BA E801070000
|:00417953(U), :00417959(C)
|
:004179BF 5F
:004179C0 5E
:004179C1 5B
:004179C2 C3
:004179C3
:004179C4
:004179C5
:004179C6
:004179C7
:004179C8
:004179CA
:004179CC
:004179D0
:004179D2
:004179D4
:004179D7
:004179D9
:004179DE
:004179E0
nop
push ebx
push esi
push edi
push ecx
mov ebx, edx
mov esi, eax
je 00417A40
xor eax, eax
mov edx, esp
mov ecx, 00000004
mov eax, ebx
90
53
56
57
51
8BDA
8BF0
837E1800
746E
33C0
890424
8BD4
B904000000
8BC3
8B38

call 004180C4
mov eax, esi
call 004180C0
pop edi
pop esi
pop ebx
ret
:004179E2
:004179E5
:004179E7
:004179EC
:004179EF
:004179F2
:004179F6
:004179F8
:004179FA
:004179FC
:00417A01
FF5708
8BC3
E8506DFFFF
83E804
890424
807E1C00
740B
8BD3
8BC6
E847000000
EB09
call [edi+08]
mov eax, ebx
call 0040E73C
sub eax, 00000004
cmp byte ptr [esi+1C], 00
je 00417A03
mov edx, ebx
mov eax, esi
call 00417A48
jmp 00417A0C
|:004179F6(C)
|
:00417A03 8BD3
:00417A05 8BC6
:00417A07 E8C0000000
|:00417A01(U)
|
:00417A0C 33C9
:00417A0E 8B1424
:00417A11 8BC3
:00417A13 8B30
:00417A15 FF560C
:00417A18 8BC3
:00417A1A E8396DFFFF
:00417A1F 2B0424
:00417A22 890424
:00417A25 8BD4
:00417A27 B904000000
:00417A2C 8BC3
:00417A2E 8B30
:00417A30 FF5608
:00417A33 66B90200
:00417A37 33D2
:00417A39 8BC3
:00417A3B 8B18
:00417A3D FF530C
mov edx, ebx

mov eax, esi
call 00417ACC
xor ecx, ecx

mov eax, ebx
call [esi+0C]
mov eax, ebx
call 0040E758
mov edx, esp
mov ecx, 00000004
mov eax, ebx
call [esi+08]
mov cx, 0002
xor edx, edx
mov eax, ebx
call [ebx+0C]

|:004179D0(C)
|
:00417A40 5A
pop edx
:00417A41 5F
pop edi
:00417A42 5E
pop esi
:00417A43 5B
pop ebx
:00417A44 C3
ret
:00417A45 8D4000

|:0041776C , :004179FC
|
:00417A48 55
push ebp
:00417A49 8BEC
mov ebp, esp
:00417A4B 83C4F8
add esp, FFFFFFF8
:00417A4E
:00417A4F
:00417A50
:00417A52
:00417A54
:00417A57
:00417A59
:00417A5B
:00417A5D
:00417A5F
:00417A62
53
56
8BF2
8BD8
8B4318
85C0
746A
6A00
6A00
8B4008
50
push ebx
push esi
mov esi, edx
mov ebx, eax
test eax, eax
je 00417AC5
push 00000000
push 00000000
push eax

|
:00417A63 E848E4FEFF
Call 00405EB0
:00417A68 8945F8
:00417A6B 8B45F8
:00417A6E E821ACFEFF
call 00402694
:00417A73 8945FC
:00417A76 33C0
xor eax, eax
:00417A78 55
push ebp
:00417A79 68BE7A4100
push 00417ABE
:00417A7E 64FF30
:00417A81 648920
:00417A84 8B45FC
:00417A87 50
push eax
:00417A88 8B45F8
:00417A8B 50
push eax
:00417A8C 8B4318
:00417A8F 8B4008
:00417A92 50
push eax
|
:00417A93 E818E4FEFF
Call 00405EB0
:00417A98 8B55FC
:00417A9B 8B4DF8
:00417A9E 8BC6
mov eax, esi
:00417AA0 E8676DFFFF
call 0040E80C
:00417AA5 33C0
xor eax, eax
:00417AA7 5A
pop edx
:00417AA8 59
pop ecx
:00417AA9 59
pop ecx
:00417AAA 648910
|
:00417AAD 68C57A4100
push 00417AC5
|:00417AC3(U)
|
:00417AB2 8B55F8
:00417AB5 8B45FC
:00417AB8 E8EFABFEFF
:00417ABD C3
:00417ABE E9B5B7FEFF
:00417AC3 EBED
jmp 00403278
jmp 00417AB2

call 004026AC
ret

|:00417A59(C)
|
:00417AC5 5E
pop esi
:00417AC6 5B
pop ebx
:00417AC7 59
pop ecx
:00417AC8 59
pop ecx
:00417AC9 5D
pop ebp
:00417ACA C3
ret
:00417ACB 90
nop

|:00417773 , :00417A07
|
:00417ACC 55
push ebp
:00417ACD 8BEC
mov ebp, esp
:00417ACF 83C4DC
add esp, FFFFFFDC
:00417AD2 53
push ebx
:00417AD3 56
push esi
:00417AD4 8BF2
mov esi, edx
:00417AD6 8BD8
mov ebx, eax
:00417AD8 837B1800
:00417ADC 0F842C010000
je 00417C0E
:00417AE2 8D45DE
:00417AE5 33C9
xor ecx, ecx
:00417AE7 BA16000000
mov edx, 00000016
:00417AEC E847AEFEFF
call 00402938
:00417AF1 8B5B18
:00417AF4 C745DED7CDC69A
mov [ebp-22], 9AC6CDD7
:00417AFB 668B4318
:00417AFF 6685C0
test ax, ax
:00417B02 7508
jne 00417B0C
:00417B04 66C745EC6000
mov [ebp-14], 0060
:00417B0A EB04
jmp 00417B10
|:00417B02(C)
|
:00417B0C 668945EC
|:00417B0A(U)
|
:00417B10 68EC090000
:00417B15 0FB745EC
:00417B19 50
:00417B1A 8B430C
:00417B1D 50

push 000009EC
push eax
push eax

|
:00417B1E E83DE2FEFF
Call 00405D60
:00417B23 668945E8
:00417B27 68EC090000
push 000009EC
:00417B2C 0FB745EC
:00417B30 50
push eax
:00417B31 8B4310
:00417B34 50
push eax

|
:00417B35 E826E2FEFF
Call 00405D60
:00417B3A 668945EA
:00417B3E 8D45DE
:00417B41 E892E4FFFF
call 00415FD8
:00417B46 668945F2
mov word ptr [ebp-0E], ax
:00417B4A 6A00
push 00000000
|
:00417B4C E8F7E5FEFF
Call 00406148
:00417B51 8945F4
:00417B54 33C0
xor eax, eax
:00417B56 55
push ebp
:00417B57 68077C4100
push 00417C07
:00417B5C 64FF30
:00417B5F 648920
:00417B62 8B45F4
:00417B65 50
push eax
:00417B66 6A08
push 00000008
:00417B68 6A00
push 00000000
:00417B6A 6A00
push 00000000
:00417B6C 8B4308
:00417B6F 50
push eax
|
:00417B70 E88BE3FEFF
Call 00405F00
:00417B75 8945F8
:00417B78 8B45F8
:00417B7B E814ABFEFF
call 00402694
:00417B80 8945FC
:00417B83 33C0
xor eax, eax
:00417B85 55
push ebp
:00417B86 68E77B4100
push 00417BE7
:00417B8B 64FF30
:00417B8E 648920
:00417B91 8B45F4
:00417B94 50
push eax
:00417B95 6A08
push 00000008
:00417B97 8B45FC
:00417B9A 50
push eax
:00417B9B 8B45F8
:00417B9E 50
push eax
:00417B9F 8B4308
:00417BA2 50
push eax
|
:00417BA3 E858E3FEFF
Call 00405F00
:00417BA8 3B45F8
:00417BAB 7305
jnb 00417BB2
:00417BAD E806D7FFFF
call 004152B8
|:00417BAB(C)
|
:00417BB2
:00417BB5
:00417BBA
:00417BBC
:00417BC1
:00417BC4
:00417BC7
:00417BC9
:00417BCE
:00417BD0
:00417BD1
:00417BD2
:00417BD3
:00417BD6
8D55DE
B916000000
8BC6
E84B6CFFFF
8B55FC
8B4DF8
8BC6
E83E6CFFFF
33C0
5A
59
59
648910
68EE7B4100

mov ecx, 00000016
mov eax, esi
call 0040E80C
mov eax, esi
call 0040E80C
xor eax, eax
pop edx
pop ecx
pop ecx
push 00417BEE
|:00417BEC(U)
|
:00417BDB 8B55F8
:00417BDE 8B45FC
:00417BE1 E8C6AAFEFF
:00417BE6 C3
:00417BE7
:00417BEC
:00417BEE
:00417BF0
:00417BF1
:00417BF2
:00417BF3
:00417BF6
jmp 00403278
jmp 00417BDB
xor eax, eax
pop edx
pop ecx
pop ecx
push 00417C0E
E98CB6FEFF
EBED
33C0
5A
59
59
648910
680E7C4100

call 004026AC
ret

|:00417C0C(U)
|
:00417BFB 8B45F4
:00417BFE 50
push eax
:00417BFF 6A00
push 00000000
|
:00417C01 E85AE7FEFF
Call 00406360
:00417C06 C3
ret
:00417C07 E96CB6FEFF
:00417C0C EBED
jmp 00403278
jmp 00417BFB

|:00417ADC(C)
|
:00417C0E 5E
pop esi
:00417C0F 5B
pop ebx
:00417C10 8BE5
mov esp, ebp
:00417C12 5D
pop ebp
:00417C13 C3
ret
:00417C14 55
push ebp
:00417C15
:00417C17
:00417C1A
:00417C1B
:00417C1C
:00417C1D
:00417C1F
:00417C22
:00417C24
:00417C26
:00417C27
:00417C2C
:00417C2F
:00417C32
8BEC
83C498
53
56
57
33DB
895D98
8BD8
33C0
55
68C27C4100
64FF30
648920
6A0E
mov ebp, esp

add esp, FFFFFF98
push ebx
push esi
push edi
xor ebx, ebx
mov ebx, eax
xor eax, eax
push ebp
push 00417CC2
push 0000000E
* Reference To: user32.GetClipboardData, Ord:0000h

|
:00417C34 E8F7E4FEFF
Call 00406130
:00417C39 8BF8
mov edi, eax
:00417C3B 85FF
test edi, edi
:00417C3D 7515
jne 00417C54
:00417C3F 8D5598
:00417C42 A1382C4400
:00417C47 E8D8D1FEFF
call 00404E24
:00417C4C 8B4598
:00417C4F E820D5FFFF
call 00415174
|:00417C3D(C)
|
:00417C54 8BC3
:00417C56 E8FDF7FFFF
:00417C5B 8B7318
:00417C5E 6A00
:00417C60 57

mov eax, ebx
call 00417458
push 00000000
push edi

|
:00417C61 E872E1FEFF
Call 00405DD8
:00417C66 894608
:00417C69 8D459C
:00417C6C 50
push eax
:00417C6D 6A64
push 00000064
:00417C6F 8B4608
:00417C72 50
push eax
|
:00417C73 E840E2FEFF
Call 00405EB8
:00417C78 8B45BC
:00417C7B 2B45B4
sub eax, dword ptr [ebp-4C]
:00417C7E 89460C
:00417C81 8B45C0
:00417C84 2B45B8
:00417C87 894610
:00417C8A 66C746180000
mov [esi+18], 0000
:00417C90 C6431C01
mov [ebx+1C], 01
:00417C94 8BC3
mov eax, ebx
:00417C96 8B10
:00417C98 FF5224
call [edx+24]
:00417C9B
:00417C9D
:00417CA0
:00417CA3
:00417CA5
:00417CA7
:00417CA9
:00417CAC
:00417CAE
:00417CAF
:00417CB0
:00417CB1
85C0
0F95C0
884316
8BD3
8BC3
8B08
FF5110
33C0
5A
59
59
648910
test eax, eax

setne al
mov edx, ebx
mov eax, ebx
call [ecx+10]
xor eax, eax
pop edx
pop ecx
pop ecx

|
:00417CB4 68C97C4100
push 00417CC9
|:00417CC7(U)
|
:00417CB9 8D4598
:00417CBC E8F7BAFEFF
:00417CC1 C3
:00417CC2
:00417CC7
:00417CC9
:00417CCA
:00417CCB
:00417CCC
:00417CCE
:00417CCF
E9B1B5FEFF
EBF0
5F
5E
5B
8BE5
5D
C20400
jmp
jmp
pop
pop
pop
mov
pop
ret
:00417CD2
:00417CD4
:00417CD5
:00417CD7
:00417CD8
:00417CD9
:00417CDA
:00417CDC
:00417CDE
:00417CE1
:00417CE3
:00417CE5
:00417CEA
:00417CED
:00417CEF
:00417CF1
:00417CF3
:00417CF6
8BC0
55
8BEC
53
56
57
8BF9
8BD8
8B7318
85F6
7419
66C7020E00
8B4508
33D2
8910
6A00
8B4608
50
mov eax, eax

push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, ecx
mov ebx, eax
test esi, esi
je 00417CFE
mov word ptr [edx], 000E
xor edx, edx
push 00000000
push eax

call 004037B8
ret
00403278
00417CB9
edi
esi
ebx
esp, ebp
ebp
0004

|
:00417CF7 E8DCE0FEFF
Call 00405DD8
:00417CFC 8907
|:00417CE3(C)
|
:00417CFE 5F
:00417CFF 5E
:00417D00 5B
:00417D01 5D
:00417D02 C20400
pop
pop
pop
pop
ret
:00417D05
:00417D08
:00417D09
:00417D0B
:00417D15

push esp
jge 00417D4C
BYTE 10 DUP(0)
BYTE 3 DUP(0)
8D4000
54
7D41
00000000000000000000
000000
edi
esi
ebx
ebp
0004
:00417D18 807D4100
:00417D1C 00000000000000000000
:00417D26 0000

BYTE 10 DUP(0)
BYTE 2 DUP(0)
:00417D28
:00417D29
:00417D2B
:00417D2E
:00417D30
:00417D31
:00417D34
:00417D36
:00417D37
:00417D3A
:00417D3B
:00417D3D
6C
7D41
006000
0000
FC
2B4100
282E
40
00342E
40
0038
2E
insb
jge 00417D6C
cld
sub byte ptr [esi], ch
inc eax
inc eax
BYTE 02eh
:00417D3E
:00417D3F
:00417D42
:00417D43
:00417D45
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00417D46
:00417D47
:00417D4E
:00417D4F
:00417D51
:00417D53
:00417D56
:00417D57
:00417D5A
:00417D5B
:00417D5D
40
00B42B4000C82B
40
0008
7F41
000CD3
40
0014D3
40
0008
D24000
inc eax
add byte ptr
inc eax
add byte ptr
jg 00417D94
add byte ptr
inc eax
add byte ptr
inc eax
add byte ptr
rol byte ptr
:00417D60 10504100
:00417D64 FC4F4100
:00417D68 D47F4100
[eax], cl
[ebx+8*edx], cl
[ebx+8*edx], dl
[eax], cl
[eax+00], cl
DWORD 00415010
DWORD 00414FFC
DWORD 00417FD4
|:00417D29(C)
|
:00417D6C 0D54426974
:00417D71 6D
:00417D72 61
:00417D73 7043
:00417D75 61
:00417D76 6E
:00417D77 7661
:00417D79 738B
:00417D7B C0807D4100070D
:00417D82 54
:00417D83 42
:00417D84 69746D617043616E
:00417D8C 7661
:00417D8E 7354
:00417D90 7D41
:00417D92 00682C
:00417D95 41
:00417D96 000400
:00417D99 084772
:00417D9C 61
:00417D9D 7068
:00417D9F 69
:00417DA0 63
:00417DA1 73
:00417DA2 00
:00417DA3 00

or eax, 74694254
insd
popad
jo 00417DB8
popad
outsb
jbe 00417DDA
jnb 00417D06
rol byte ptr [eax+0700417D], 0D
push esp
inc edx
imul esi, dword ptr [ebp+2*ebp+61], 6E614370
jbe 00417DEF
jnb 00417DE4
jge 00417DD3
inc ecx
popad
jo 00417E07
BYTE 69h
BYTE 63h
BYTE 73h
BYTE 00h
BYTE 00h

|:0041AA73 , :0042684D
|
:00417DA4 55
push ebp
:00417DA5 8BEC
mov ebp, esp
:00417DA7 83C4F4
add esp, FFFFFFF4
:00417DAA A16C254400
:00417DAF E8E051FFFF
call 0040CF94
:00417DB4 8945F8
:00417DB7 33C0
xor eax, eax
:00417DB9 55
push ebp
:00417DBA 68427E4100
push 00417E42
:00417DBF 64FF30
:00417DC2 648920
:00417DC5 8B45F8
:00417DC8 8B4008
:00417DCB 48
dec eax
:00417DCC 83F800
cmp eax, 00000000
:00417DCF 7C59
jl 00417E2A
:00417DD1 8945FC
|:00417E28(C)
|
:00417DD4 8B55FC
:00417DD7 8B45F8
|:00417D77(C)
|
:00417DDA
:00417DDF
:00417DE2
:00417DE5
:00417DEA
:00417DEC
:00417DEE
:00417DF0
:00417DF1
:00417DF6
:00417DF9
:00417DFC
:00417DFF
:00417E04
:00417E06
E8994DFFFF
8945F4
8B45F4
E812CFFFFF
84C0
7433
33C0
55
681A7E4100
64FF30
648920
8B45F4
E830010000
33C0
5A
call 0040CB78
call 00414CFC
test al, al
je 00417E21
xor eax, eax
push ebp
push 00417E1A
call 00417F34
xor eax, eax
pop edx
|:00417D9D(C)
|
:00417E07 59
:00417E08 59
:00417E09 648910
:00417E0C 68217E4100
|:00417E1F(U)
|
:00417E11 8B45F4
:00417E14 E83FCFFFFF
:00417E19 C3
:00417E1A E959B4FEFF
:00417E1F EBF0
jmp 00403278
jmp 00417E11
|:00417DEC(C)
|
:00417E21 FF4DFC
:00417E24 837DFCFF
:00417E28 75AA
|:00417DCF(C)
|
:00417E2A 33C0
:00417E2C 5A
:00417E2D 59
:00417E2E 59
:00417E2F 648910
:00417E32 68497E4100
|:00417E47(U)
|
:00417E37 A16C254400
:00417E3C E8B751FFFF
:00417E41 C3
pop ecx
pop ecx
push 00417E21

call 00414D58
ret
dec [ebp-04]
jne 00417DD4
xor eax, eax

pop edx
pop ecx
pop ecx
push 00417E49

call 0040CFF8
ret
:00417E42
:00417E47
:00417E49
:00417E4B
:00417E4C
E931B4FEFF
EBEE
8BE5
5D
C3
:00417E4D 8D4000
jmp
jmp
mov
pop
ret
00403278
00417E37
esp, ebp
ebp

|:00418017 , :004180F6 , :00418147 , :0041815C , :004182EF
|:00418952 , :00419246 , :004192BB
|
:00417E50 55
push ebp
:00417E51 8BEC
mov ebp, esp
:00417E53 51
push ecx
:00417E54 53
push ebx
:00417E55 56
push esi
:00417E56 8945FC
:00417E59 837DFC00
:00417E5D 7468
je 00417EC7
:00417E5F A16C254400
:00417E64 E82B51FFFF
call 0040CF94
:00417E69 8BF0
mov esi, eax
:00417E6B 33C9
xor ecx, ecx
:00417E6D 55
push ebp
:00417E6E 68C07E4100
push 00417EC0
:00417E73 64FF31
:00417E76 648921
:00417E79 8B5E08
:00417E7C 4B
dec ebx
:00417E7D 83FB00
cmp ebx, 00000000
:00417E80 7C26
jl 00417EA8
|:00417EA6(C)
|
:00417E82 8BD3
:00417E84 8BC6
:00417E86 E8ED4CFFFF
:00417E8B 8B5054
:00417E8E 85D2
:00417E90 7410
:00417E92 8B5218
:00417E95 8B5208
:00417E98 3B55FC
:00417E9B 7505
:00417E9D E892000000
|:00417E90(C), :00417E9B(C)
|
:00417EA2 4B
:00417EA3 83FBFF
:00417EA6 75DA
mov edx, ebx

mov eax, esi
call 0040CB78
mov edx, dword
test edx, edx
je 00417EA2
mov edx, dword
mov edx, dword
cmp edx, dword
jne 00417EA2
call 00417F34
ptr [eax+54]
ptr [edx+18]
ptr [edx+08]
ptr [ebp-04]
dec ebx
cmp ebx, FFFFFFFF
jne 00417E82

|:00417E80(C)
|
:00417EA8
:00417EAA
:00417EAB
:00417EAC
:00417EAD
33C0
5A
59
59
648910
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:00417EB0 68C77E4100
push 00417EC7
|:00417EC5(U)
|
:00417EB5 A16C254400
:00417EBA E83951FFFF
:00417EBF C3
:00417EC0 E9B3B3FEFF
:00417EC5 EBEE
jmp 00403278
jmp 00417EB5

call 0040CFF8
ret

|:00417E5D(C)
|
:00417EC7 5E
pop esi
:00417EC8 5B
pop ebx
:00417EC9 59
pop ecx
:00417ECA 5D
pop ebp
:00417ECB C3
ret

|:0041907E
|
:00417ECC 53
push ebx
:00417ECD 56
push esi
:00417ECE 57
push edi
:00417ECF 84D2
test dl, dl
:00417ED1 7408
je 00417EDB
:00417ED3 83C4F0
add esp, FFFFFFF0
:00417ED6 E829B0FEFF
call 00402F04
|:00417ED1(C)
|
:00417EDB 8BF1
:00417EDD 8BDA
:00417EDF 8BF8
:00417EE1 33D2
:00417EE3 8BC7
:00417EE5 E8F2C9FFFF
:00417EEA 897754
:00417EED 8BC7
:00417EEF 84DB
:00417EF1 740F
:00417EF3 E864B0FEFF
:00417EF8 648F0500000000
:00417EFF 83C40C

mov esi, ecx
mov ebx, edx
mov edi, eax
xor edx, edx
mov eax, edi
call 004148DC
mov eax, edi
test bl, bl
je 00417F02
call 00402F5C
add esp, 0000000C

|:00417EF1(C)
|
:00417F02 8BC7
mov eax, edi
:00417F04 5F
pop edi
:00417F05 5E
pop esi
:00417F06 5B
pop ebx
:00417F07 C3
ret
:00417F08
:00417F09
:00417F0A
:00417F0F
:00417F11
:00417F13
:00417F15
:00417F1A
:00417F1C
:00417F1F
:00417F21
:00417F26
:00417F28
:00417F2A
:00417F2C
53
56
E855B0FEFF
8BDA
8BF0
8BC6
E81A000000
8BD3
80E2FC
8BC6
E87ACAFFFF
84DB
7E07
8BC6
E823B0FEFF
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
mov eax, esi
call 00417F34
mov edx, ebx
and dl, FC
mov eax, esi
call 004149A0
test bl, bl
jle 00417F31
mov eax, esi
call 00402F54

|:00417F28(C)
|
:00417F31 5E
pop esi
:00417F32 5B
pop ebx
:00417F33 C3
ret

|:00417DFF , :00417E9D , :00417F15 , :00419215
|
:00417F34 55
push ebp
:00417F35 8BEC
mov ebp, esp
:00417F37 51
push ecx
:00417F38 53
push ebx
:00417F39 8945FC
:00417F3C 8B45FC
:00417F3F 83780400
:00417F43 0F8486000000
je 00417FCF
:00417F49 8B45FC
:00417F4C E853CCFFFF
call 00414BA4
:00417F51 33D2
xor edx, edx
:00417F53 55
push ebp
:00417F54 68C87F4100
push 00417FC8
:00417F59 64FF32
:00417F5C 648922
:00417F5F 8B45FC
:00417F62 8B4058
:00417F65 85C0
test eax, eax
:00417F67 740D
je 00417F76
:00417F69 50
push eax
:00417F6A 8B45FC
:00417F6D 8B4004
:00417F70 50
push eax

|
:00417F71 E8F2DFFEFF
Call 00405F68
|:00417F67(C)
|
:00417F76 8B45FC
:00417F79 8B405C
:00417F7C 85C0
test eax, eax
:00417F7E 740F
je 00417F8F
:00417F80 6AFF
push FFFFFFFF
:00417F82 50
push eax
:00417F83 8B45FC
:00417F86 8B4004
:00417F89 50
push eax
|
:00417F8A E8E1DFFEFF
Call 00405F70
|:00417F7E(C)
|
:00417F8F 8B45FC
:00417F92 8B5804
:00417F95 33D2
:00417F97 8B45FC
:00417F9A E841CFFFFF
:00417F9F 53

xor edx, edx
call 00414EE0
push ebx

|
:00417FA0 E89BDEFEFF
Call 00405E40
:00417FA5 8B55FC
:00417FA8 A16C254400
:00417FAD E8F64FFFFF
call 0040CFA8
:00417FB2 33C0
xor eax, eax
:00417FB4 5A
pop edx
:00417FB5 59
pop ecx
:00417FB6 59
pop ecx
:00417FB7 648910
|
:00417FBA 68CF7F4100
push 00417FCF
|:00417FCD(U)
|
:00417FBF 8B45FC
:00417FC2 E891CDFFFF
:00417FC7 C3
:00417FC8 E9ABB2FEFF
:00417FCD EBF0
jmp 00403278
jmp 00417FBF

call 00414D58
ret

|:00417F43(C)
|
:00417FCF 5B
pop ebx
:00417FD0 59
pop ecx
:00417FD1 5D
pop ebp
:00417FD2 C3
ret
:00417FD3
:00417FD4
:00417FD5
:00417FD7
:00417FD8
:00417FD9
:00417FDA
:00417FDD
:00417FE0
:00417FE4
:00417FEA
:00417FED
:00417FF2
:00417FF4
:00417FF5
:00417FFA
:00417FFD
:00418000
:00418003
:00418006
:0041800B
:0041800E
:00418011
:00418014
:00418017
:0041801C
:0041801F
:00418022
:00418027
90
55
8BEC
51
53
56
8945FC
8B45FC
83785400
0F84D0000000
8B45FC
E8B2CBFFFF
33C0
55
68B3804100
64FF30
648920
8B45FC
8B4054
E811120000
8B45FC
8B4054
8B4018
8B4008
E834FEFFFF
8B45FC
8B4054
E865120000
6A00
nop
push ebp
mov ebp, esp
push ecx
push ebx
push esi
je 004180BA
call 00414BA4
xor eax, eax
push ebp
push 004180B3
call 0041921C
call 00417E50
call 0041928C
push 00000000

|
:00418029 E8CADDFEFF
Call 00405DF8
:0041802E 8BD8
mov ebx, eax
:00418030 8B45FC
mov eax, dword ptr
:00418033 8B4054
mov eax, dword ptr
:00418036 8B4018
mov eax, dword ptr
:00418039 8B7008
mov esi, dword ptr
:0041803C 85F6
test esi, esi
:0041803E 740F
je 0041804F
:00418040 56
push esi
:00418041 53
push ebx
[ebp-04]
[eax+54]
[eax+18]
[eax+08]

|
:00418042 E821DFFEFF
Call 00405F68
:00418047 8B55FC
:0041804A 894258
:0041804D EB08
jmp 00418057
|:0041803E(C)
|
:0041804F 8B45FC
:00418052 33D2
:00418054 895058

xor edx, edx

|:0041804D(U)
|
:00418057 8B45FC
:0041805A 8B4054
:0041805D 8B4018
:00418060 8B7010
:00418063 85F6
test esi, esi
:00418065 7417
je 0041807E
:00418067 6AFF
push FFFFFFFF
:00418069 56
push esi
:0041806A 53
push ebx
|
:0041806B E800DFFEFF
Call 00405F70
:00418070 8B55FC
:00418073 89425C
:00418076 53
push ebx
|
:00418077 E8C4DEFEFF
Call 00405F40
:0041807C EB08
jmp 00418086
|:00418065(C)
|
:0041807E 8B45FC
:00418081 33D2
xor edx, edx
:00418083 89505C
|:0041807C(U)
|
:00418086 8BD3
:00418088 8B45FC
:0041808B E850CEFFFF
:00418090 8B55FC
:00418093 A16C254400
:00418098 E8974EFFFF
:0041809D 33C0
:0041809F 5A
:004180A0 59
:004180A1 59
:004180A2 648910

mov edx, ebx
call 00414EE0
call 0040CF34
xor eax, eax
pop edx
pop ecx
pop ecx

|
:004180A5 68BA804100
push 004180BA
|:004180B8(U)
|
:004180AA 8B45FC
:004180AD E8A6CCFFFF
:004180B2 C3

call 00414D58
ret
:004180B3 E9C0B1FEFF
:004180B8 EBF0
jmp 00403278
jmp 004180AA

|:00417FE4(C)
|
:004180BA 5E
pop esi
:004180BB 5B
pop ebx
:004180BC 59
pop ecx
:004180BD 5D
pop ebp
:004180BE C3
ret
:004180BF 90
nop

|:004171D7 , :00417477 , :004179BA , :00418B62
|:004194DE , :0041A12B , :0041A1A1 , :0041A482
|
:004180C0 FF4004
inc [eax+04]
:004180C3 C3
ret
, :00418C17

|:0041715E , :004171A8 , :0041745F , :004179B0 , :00418BA9
|:00418C22 , :004194D0 , :0041A15A , :0041A1A9 , :0041A48A
|
:004180C4 53
push ebx
:004180C5 8BD8
mov ebx, eax
:004180C7 85DB
test ebx, ebx
:004180C9 7416
je 004180E1
:004180CB FF4B04
dec [ebx+04]
:004180CE 837B0400
:004180D2 750D
jne 004180E1
:004180D4 8BC3
mov eax, ebx
:004180D6 8B10
:004180D8 FF12
:004180DA 8BC3
mov eax, ebx
:004180DC E83FABFEFF
call 00402C20
|:004180C9(C), :004180D2(C)
|
:004180E1 5B
pop ebx
:004180E2 C3
ret
:004180E3
:004180E4
:004180E5
:004180E6
:004180EB
:004180ED
:004180EF
90
53
56
E879AEFEFF
8BDA
8BF0
8B4614
nop
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
:004180F2
:004180F4
:004180F6
:004180FB
:004180FE
85C0
7413
E855FDFFFF
8B4614
50
test eax, eax

je 00418109
call 00417E50
push eax

|
:004180FF E84CDDFEFF
Call 00405E50
:00418104 33C0
xor eax, eax
:00418106 894614
|:004180F4(C)
|
:00418109 8BC6
mov eax, esi
:0041810B 8B10
:0041810D FF12
:0041810F 8B4664
:00418112 85C0
test eax, eax
:00418114 7406
je 0041811C
:00418116 50
push eax
|
:00418117 E80CDBFEFF
Call 00405C28
|:00418114(C)
|
:0041811C 8BD3
:0041811E 80E2FC
:00418121 8BC6
:00418123 E8E8AAFEFF
:00418128 84DB
:0041812A 7E07
:0041812C 8BC6
:0041812E E821AEFEFF

mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 00418133
mov eax, esi
call 00402F54

|:0041812A(C)
|
:00418133 5E
pop esi
:00418134 5B
pop ebx
:00418135 C3
ret
:00418136
:00418138
:00418139
:0041813B
:0041813E
:00418140
:00418142
:00418145
:00418147
:0041814C
:0041814F
8BC0
53
8BD8
8B4308
85C0
7413
3B4314
740E
E804FDFFFF
8B4308
50
mov eax, eax

push ebx
mov ebx, eax
test eax, eax
je 00418155
je 00418155
call 00417E50
push eax
:00418150 E8FBDCFEFF
|:00418140(C), :00418145(C)
|
:00418155 8B430C
:00418158 85C0
:0041815A 7413
:0041815C E8EFFCFFFF
:00418161 8B430C
:00418164 50
|
Call 00405E50
test eax, eax
je 0041816F
call 00417E50
push eax

|
:00418165 E8E6DCFEFF
Call 00405E50
:0041816A 33C0
xor eax, eax
:0041816C 89430C
|:0041815A(C)
|
:0041816F 8B4310
:00418172 E8A9B1FFFF
:00418177 33C0
:00418179 894308
:0041817C 33C0
:0041817E 894310
:00418181 5B
:00418182 C3
:00418183 90
nop

call 00413320
xor eax, eax
xor eax, eax
pop ebx
ret

|:00419D68
|
:00418184 55
push ebp
:00418185 8BEC
mov ebp, esp
:00418187 81C4F0FBFFFF
add esp, FFFFFBF0
:0041818D 53
push ebx
:0041818E 56
push esi
:0041818F 8955FC
:00418192 8BF0
mov esi, eax
:00418194 85F6
test esi, esi
:00418196 0F849E000000
je 0041823A
:0041819C 6683792608
cmp word ptr [ecx+26], 0008
:004181A1 0F8793000000
ja 0041823A
:004181A7 8D95F0FBFFFF
lea edx, dword ptr [ebp+FFFFFBF0]
:004181AD B9FF000000
mov ecx, 000000FF
:004181B2 8B45FC
:004181B5 E83AD9FFFF
call 00415AF4
:004181BA 8BD8
mov ebx, eax
:004181BC 85DB
test ebx, ebx
:004181BE 747A
je 0041823A
:004181C0 6A00
push 00000000
|
:004181C2 E881DFFEFF
Call 00406148
:004181C7 8945F8
:004181CA 8B45F8
:004181CD 50

push eax

|
:004181CE E825DCFEFF
Call 00405DF8
:004181D3 8945F4
:004181D6 56
push esi
:004181D7 8B45F4
:004181DA 50
push eax
|
:004181DB E888DDFEFF
Call 00405F68
:004181E0 8945F0
:004181E3 33C0
xor eax, eax
:004181E5 55
push ebp
:004181E6 6833824100
push 00418233
:004181EB 64FF30
:004181EE 648920
:004181F1 8D85F0FBFFFF
lea eax, dword ptr [ebp+FFFFFBF0]
:004181F7 50
push eax
:004181F8 53
push ebx
:004181F9 6A00
push 00000000
:004181FB 8B45F4
:004181FE 50
push eax
|
:004181FF E88CDDFEFF
Call 00405F90
:00418204 33C0
xor eax, eax
:00418206 5A
pop edx
:00418207 59
pop ecx
:00418208 59
pop ecx
:00418209 648910
:0041820C 683A824100
push 0041823A
|:00418238(U)
|
:00418211 8B45F0
:00418214 50
push eax
:00418215 8B45F4
:00418218 50
push eax
|
:00418219 E84ADDFEFF
Call 00405F68
:0041821E 8B45F4
:00418221 50
push eax
|
:00418222 E819DCFEFF
Call 00405E40
:00418227 8B45F8
:0041822A 50
push eax
:0041822B 6A00
push 00000000
:0041822D E82EE1FEFF
:00418232 C3
|
Call 00406360
ret
:00418233 E940B0FEFF
:00418238 EBD7
jmp 00403278
jmp 00418211

|:00418196(C), :004181A1(C), :004181BE(C)
|
:0041823A 5E
pop esi
:0041823B 5B
pop ebx
:0041823C 8BE5
mov esp, ebp
:0041823E 5D
pop ebp
:0041823F C3
ret

|:004184F9 , :00419F09
|
:00418240 F6402803
test [eax+28], 03
:00418244 7442
je 00418288
:00418246 83784000
:0041824A 753C
jne 00418288
:0041824C 668B5026
mov dx, word ptr [eax+26]
:00418250 6683FA10
cmp dx, 0010
:00418254 7517
jne 0041826D
:00418256 C7404000F80000
mov [eax+40], 0000F800
:0041825D C74044E0070000
mov [eax+44], 000007E0
:00418264 C740481F000000
mov [eax+48], 0000001F
:0041826B EB1B
jmp 00418288
|:00418254(C)
|
:0041826D 6683FA20
:00418271 7515
:00418273 C740400000FF00
:0041827A C7404400FF0000
:00418281 C74048FF000000

cmp
jne
mov
mov
mov
dx, 0020
00418288
[eax+40], 00FF0000
[eax+44], 0000FF00
[eax+48], 000000FF

|:00418244(C), :0041824A(C), :0041826B(U), :00418271(C)
|
:00418288 C3
ret
:00418289 8D4000
|:00418A1D , :00418D23 , :00419200 , :00419BAD , :00419D11
|:0041A058
|
:0041828C 55
push ebp
:0041828D 8BEC
mov ebp, esp
:0041828F 81C468FFFFFF
add esp, FFFFFF68
:00418295 53
push ebx
:00418296 56
push esi
:00418297 57
push edi
:00418298 894DF4
:0041829B
:0041829E
:004182A1
:004182A3
:004182A6
:004182A9
:004182AD
:004182AF
:004182B2
:004182B6
:004182BC
:004182BF
:004182C3
8955F8
8945FC
33C0
8945F0
8B450C
83781800
741A
8B450C
83781C00
0F84F2050000
8B450C
83782000
0F84E5050000

xor eax, eax
je 004182C9
je 004188AE
je 004188AE
|:004182AD(C)
|
:004182C9 8B450C
:004182CC 83781800
:004182D0 751A
:004182D2 8B450C
:004182D5 83780400
:004182D9 0F84CF050000
:004182DF 8B450C
:004182E2 83780800
:004182E6 0F84C2050000
|:004182D0(C)
|
:004182EC 8B45FC
:004182EF E85CFBFFFF
:004182F4 33C0
:004182F6 894590
:004182F9 837DFC00
:004182FD 741C
:004182FF 8D8578FFFFFF
:00418305 50
:00418306 6A54
:00418308 8B45FC
:0041830B 50

jne 004182EC
je 004188AE
je 004188AE

call 00417E50
xor eax, eax
je 0041831B
push eax
push 00000054
push eax

|
:0041830C E8B7DBFEFF
Call 00405EC8
:00418311 83F818
cmp eax, 00000018
:00418314 7D05
jge 0041831B
:00418316 E871CEFFFF
call 0041518C
|:004182FD(C), :00418314(C)
|
:0041831B 6A00
push 00000000
|
:0041831D E826DEFEFF
Call 00406148
:00418322 E839D0FFFF
call 00415360
:00418327 8945E8
:0041832A 8B45E8
:0041832D 50
push eax

|
:0041832E E8C5DAFEFF
Call 00405DF8
:00418333 E828D0FFFF
call 00415360
:00418338 8945E4
:0041833B 33D2
xor edx, edx
:0041833D 55
push ebp
:0041833E 68A7884100
push 004188A7
:00418343 64FF32
:00418346 648922
:00418349 8B450C
:0041834C 83781828
:00418350 735E
jnb 004183B0
:00418352 8B450C
:00418355 668B4010
:00418359 8B550C
:0041835C 660B4212
or ax, word ptr [edx+12]
:00418360 6683F801
cmp ax, 0001
:00418364 7526
jne 0041838C
:00418366 6A00
push 00000000
:00418368 6A01
push 00000001
:0041836A 6A01
push 00000001
:0041836C 8B450C
:0041836F 8B4008
:00418372 50
push eax
:00418373 8B450C
:00418376 8B4004
:00418379 50
push eax
|
:0041837A E861DAFEFF
Call 00405DE0
:0041837F E8DCCFFFFF
call 00415360
:00418384 8945F0
:00418387 E92C020000
jmp 004185B8
|:00418364(C)
|
:0041838C 8B450C
:0041838F 8B4008
:00418392 50
push eax
:00418393 8B450C
:00418396 8B4004
:00418399 50
push eax
:0041839A 8B45E8
:0041839D 50
push eax
|
:0041839E E84DDAFEFF
Call 00405DF0
:004183A3 E8B8CFFFFF
call 00415360
:004183A8 8945F0
:004183AB E908020000
jmp 004185B8
|:00418350(C)
|
:004183B0
:004183B5
:004183BA
:004183BD
:004183BF
:004183C0
:004183C5
:004183C8
:004183CB
:004183CE
:004183D5
:004183D8
:004183DE
:004183E1
:004183E4
:004183E7
:004183E9
:004183EE
:004183EF
:004183F0
:004183F3
:004183F6
:004183F9
:004183FC
:004183FF
:00418402
:00418405
:00418408
:0041840B
:00418410
:00418416
:00418419
:0041841E
:00418420
:00418424
:00418426
:00418429
:0041842B
:0041842E
:00418431
:00418434
:00418437
:0041843D
B82C040000
E8DAA2FEFF
8945DC
33D2
55
68B1854100
64FF32
648922
8B450C
C7401828000000
8B450C
66C740240100
8B450C
8B55DC
8D7018
8BFA
B90A000000
F3
A5
8B450C
8B401C
8B550C
894204
8B450C
8B4020
8B550C
894208
8B450C
6683782608
0F87C1000000
8B450C
6683782601
7522
837D8C00
751C
8B45DC
33D2
895028
8B45DC
83C028
83C004
C700FFFFFF00
E9D2000000
|:0041841E(C), :00418424(C)
|
:00418442 837DF400
:00418446 7418
:00418448 8B45DC
:0041844B 8D5028
:0041844E B9FF000000
:00418453 8B45F4
:00418456 E899D6FFFF
:0041845B E9B4000000
mov eax, 0000042C

call 00402694
xor edx, edx
push ebp
push 004185B1
mov [eax+18], 00000028
mov [eax+24], 0001
mov edi, edx
mov ecx, 0000000A
repz
movsd
ja 004184D7
jne 00418442
jne 00418442
xor edx, edx
add eax, 00000028
add eax, 00000004
mov dword ptr [eax], 00FFFFFF
jmp 00418514
je 00418460
mov ecx, 000000FF
call 00415AF4
jmp 00418514

|:00418446(C)
|
:00418460 837DFC00
:00418464
:0041846A
:0041846D
:0041846E
:00418471
0F84AA000000
8B45FC
50
8B45E4
50
je 00418514
push eax
push eax

|
:00418472 E8F1DAFEFF
Call 00405F68
:00418477 8945EC
:0041847A 837D9000
:0041847E 7625
jbe 004184A5
:00418480 837D8C00
:00418484 741F
je 004184A5
:00418486 8B45DC
:00418489 83C028
add eax, 00000028
:0041848C 50
push eax
:0041848D 6800010000
push 00000100
:00418492 6A00
push 00000000
:00418494 8B45E4
:00418497 50
push eax
|
:00418498 E8FBD9FEFF
Call 00405E98
:0041849D 8B550C
:004184A0 894238
:004184A3 EB23
jmp 004184C8
|:0041847E(C), :00418484(C)
|
:004184A5 6A00
:004184A7 8B45DC
:004184AA 50
:004184AB 6A00
:004184AD 8B450C
:004184B0 8B4020
:004184B3 99
:004184B4 33C2
:004184B6 2BC2
:004184B8 50
:004184B9 6A00
:004184BB 8B45FC
:004184BE 50
:004184BF 8B45E4
:004184C2 50

push 00000000
mov eax, dword
push eax
push 00000000
mov eax, dword
mov eax, dword
cdq
xor eax, edx
sub eax, edx
push eax
push 00000000
mov eax, dword
push eax
mov eax, dword
push eax
ptr [ebp-24]
ptr [ebp+0C]
ptr [eax+20]
ptr [ebp-04]
ptr [ebp-1C]

|
:004184C3 E8D8D9FEFF
Call 00405EA0
|:004184A3(U)
|
:004184C8 8B45EC
:004184CB 50
push eax
:004184CC 8B45E4
:004184CF 50
push eax

|
:004184D0 E893DAFEFF
Call 00405F68
:004184D5 EB3D
jmp 00418514
|:00418410(C)
|
:004184D7 8B450C
:004184DA 668B4026
:004184DE 6683F810
:004184E2 7409
:004184E4 8B550C
:004184E7 6683F820
:004184EB 7527
|:004184E2(C)
|
:004184ED 8B450C
:004184F0 F6402803
:004184F4 741E
:004184F6 8B450C
:004184FE 8B45DC
:00418501 8D5028
:00418504 8B450C
:00418507 83C040
:0041850A B90C000000
:0041850F E898A2FEFF

cmp ax, 0010
je 004184ED
cmp ax, 0020
jne 00418514
mov eax, dword ptr

test [eax+28], 03
je 00418514
mov eax, dword ptr
call 00418240
mov eax, dword ptr
lea edx, dword ptr
mov eax, dword ptr
add eax, 00000040
mov ecx, 0000000C
call 004027AC
[ebp+0C]
[ebp+0C]
[ebp-24]
[eax+28]
[ebp+0C]

|:0041843D(U), :0041845B(U), :00418464(C), :004184D5(U), :004184EB(C)
|:004184F4(C)
|
:00418514 6A00
push 00000000
:00418516 6A00
push 00000000
:00418518 8D45D8
:0041851B 50
push eax
:0041851C 6A00
push 00000000
:0041851E 8B45DC
:00418521 50
push eax
:00418522 8B45E8
:00418525 50
push eax
|
:00418526 E8D5D8FEFF
Call 00405E00
:0041852B E830CEFFFF
call 00415360
:00418530 8945F0
:00418533 837DD800
:00418537 7505
jne 0041853E
:00418539 E87ACDFFFF
call 004152B8
|:00418537(C)
|
:0041853E 837DFC00
:00418542 7457
:00418544 8B450C

je 0041859B
:00418547
:0041854A
:00418550
:00418552
:00418555
:00418558
:0041855B
:0041855D
:00418560
:00418565
:00418567
:00418569
:0041856C
:0041856D
:00418570
:00418571
:00418574
:00418577
:00418578
:0041857A
:0041857C
:0041857D
:0041857F
:00418582
:00418583
:00418586
8B401C
3B857CFFFFFF
7549
8B450C
8B4020
3B4580
753E
8B450C
6683782608
7634
6A00
8B45DC
50
8B45D8
50
8B450C
8B4020
99
33C2
2BC2
50
6A00
8B45FC
50
8B45E4
50

cmp eax, dword ptr [ebp+FFFFFF7C]
jne 0041859B
jne 0041859B
jbe 0041859B
push 00000000
push eax
push eax
cdq
xor eax, edx
sub eax, edx
push eax
push 00000000
push eax
push eax

|
:00418587 E814D9FEFF
Call 00405EA0
:0041858C E8BFADFEFF
call 00403350
:00418591 E8BAADFEFF
call 00403350
:00418596 E913030000
jmp 004188AE
|:00418542(C), :00418550(C), :0041855B(C), :00418565(C)
|
:0041859B 33C0
xor eax, eax
:0041859D 5A
pop edx
:0041859E 59
pop ecx
:0041859F 59
pop ecx
:004185A0 648910
:004185A3 68B8854100
push 004185B8
|:004185B6(U)
|
:004185A8 8B45DC
:004185AB E8FCA0FEFF
:004185B0 C3
:004185B1 E9C2ACFEFF
:004185B6 EBF0
jmp 00403278
jmp 004185A8

call 004026AC
ret

|:00418387(U), :004183AB(U)
|
:004185B8 8B45F0
:004185BB E8A0CDFFFF
call 00415360
:004185C0
:004185C3
:004185C4
:004185C7
8B45F0
50
8B45E4
50

push eax
push eax

|
:004185C8 E89BD9FEFF
Call 00405F68
:004185CD E88ECDFFFF
call 00415360
:004185D2 8945EC
:004185D5 33C0
xor eax, eax
:004185D7 55
push ebp
:004185D8 6858884100
push 00418858
:004185DD 64FF30
:004185E0 648920
:004185E3 33C0
xor eax, eax
:004185E5 55
push ebp
:004185E6 6847884100
push 00418847
:004185EB 64FF30
:004185EE 648920
:004185F1 33C0
xor eax, eax
:004185F3 8945CC
:004185F6 33DB
xor ebx, ebx
:004185F8 837DF400
:004185FC 741B
je 00418619
:004185FE 6A00
push 00000000
:00418600 8B45F4
:00418603 50
push eax
:00418604 8B45E4
:00418607 50
push eax
|
:00418608 E863D9FEFF
Call 00405F70
:0041860D 8945CC
:00418610 8B45E4
:00418613 50
push eax
|
:00418614 E827D9FEFF
Call 00405F40
|:004185FC(C)
|
:00418619 33C0
:0041861B 55
:0041861C 6825884100
:00418621 64FF30
:00418624 648920
:00418627 837D0800
:0041862B 0F84B5000000
:00418631 8B4508
:00418634 8B4014
:00418637 E884C1FFFF
:0041863C 50
:0041863D 8B450C
:00418640 8B4008
:00418643 50
:00418644 8D8568FFFFFF

xor eax, eax
push ebp
push 00418825
je 004186E6
call 004147C0
push eax
push eax
:0041864A
:0041864B
:0041864E
:00418651
:00418653
:00418655
:0041865A
:00418660
:00418661
:00418664
50
8B4D0C
8B4904
33D2
33C0
E83E3BFFFF
8D8568FFFFFF
50
8B45E4
50
push eax
mov ecx, dword
mov ecx, dword
xor edx, edx
xor eax, eax
call 0040C198
lea eax, dword
push eax
mov eax, dword
push eax
ptr [ebp+0C]
ptr [ecx+04]
ptr [ebp+FFFFFF68]

|
:00418665 E88EDAFEFF
Call 004060F8
:0041866A 8B4508
mov eax, dword
:0041866D 8B400C
mov eax, dword
:00418670 8B4014
mov eax, dword
:00418673 E890B4FFFF
call 00413B08
:00418678 50
push eax
:00418679 8B45E4
mov eax, dword
:0041867C 50
push eax
ptr [ebp-1C]
ptr [ebp+08]
ptr [eax+0C]
ptr [eax+14]
ptr [ebp-1C]

|
:0041867D E836D9FEFF
Call 00405FB8
:00418682 8B4508
:00418685 8B4014
:00418688 E8F7C0FFFF
call 00414784
:0041868D E876B4FFFF
call 00413B08
:00418692 50
push eax
:00418693 8B45E4
:00418696 50
push eax
|
:00418697 E8DCD8FEFF
Call 00405F78
:0041869C 8B450C
:0041869F 6683782601
:004186A4 7560
jne 00418706
:004186A6 8B450C
:004186A9 83781400
:004186AD 7457
je 00418706
:004186AF 8B4508
:004186B2 8B400C
:004186B5 8B4014
:004186B8 E84BB4FFFF
call 00413B08
:004186BD 8945D0
:004186C0 8B4508
:004186C3 8B4014
:004186C6 E8B9C0FFFF
call 00414784
:004186CB E838B4FFFF
call 00413B08
:004186D0 8945D4
:004186D3 8D45D0
:004186D6 50
push eax
:004186D7 6A02
push 00000002
:004186D9 6A00
push 00000000
:004186DB 8B45E4
:004186DE 50
push eax
:004186DF E8ACD8FEFF
:004186E4 EB20
|:0041862B(C)
|
:004186E6 686200FF00
:004186EB 8B450C
:004186EE 8B4008
:004186F1 50
:004186F2 8B450C
:004186F5 8B4004
:004186F8 50
:004186F9 6A00
:004186FB 6A00
:004186FD 8B45E4
:00418700 50
|
Call 00405F90
jmp 00418706
push 00FF0062
mov eax, dword
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
push 00000000
push 00000000
mov eax, dword
push eax
ptr [ebp+0C]
ptr [eax+08]
ptr [ebp+0C]
ptr [eax+04]
ptr [ebp-1C]

|
:00418701 E82AD8FEFF
Call 00405F30
|:004186A4(C), :004186AD(C), :004186E4(U)
|
:00418706 837DFC00
:0041870A 0F84F2000000
je 00418802
:00418710 8B45E8
:00418713 50
push eax
|
:00418714 E8DFD6FEFF
Call 00405DF8
:00418719 E842CCFFFF
call 00415360
:0041871E 8945E0
:00418721 33C0
xor eax, eax
:00418723 55
push ebp
:00418724 68FB874100
push 004187FB
:00418729 64FF30
:0041872C 648920
:0041872F 8B45FC
:00418732 50
push eax
:00418733 8B45E0
:00418736 50
push eax
|
:00418737 E82CD8FEFF
Call 00405F68
:0041873C E81FCCFFFF
call 00415360
:00418741 8BF0
mov esi, eax
:00418743 837DF800
:00418747 741A
je 00418763
:00418749 6A00
push 00000000
:0041874B 8B45F8
:0041874E 50
push eax
:0041874F 8B45E0
:00418752 50
push eax
:00418753
:00418758
:0041875A
:0041875D
E818D8FEFF
8BD8
8B45E0
50
|
Call 00405F70
mov ebx, eax
push eax

|
:0041875E E8DDD7FEFF
Call 00405F40
|:00418747(C)
|
:00418763 837D0800
:00418767 7432
:00418769 8B4508
:0041876C 8B400C
:0041876F 8B4014
:00418772 E891B3FFFF
:00418777 50
:00418778 8B45E0
:0041877B 50

je 0041879B
call 00413B08
push eax
push eax

|
:0041877C E837D8FEFF
Call 00405FB8
:00418781 8B4508
:00418784 8B4014
:00418787 E8F8BFFFFF
call 00414784
:0041878C E877B3FFFF
call 00413B08
:00418791 50
push eax
:00418792 8B45E0
:00418795 50
push eax
|
:00418796 E8DDD7FEFF
Call 00405F78
|:00418767(C)
|
:0041879B 682000CC00
:004187A0 6A00
:004187A2 6A00
:004187A4 8B45E0
:004187A7 50
:004187A8 8B450C
:004187AB 8B4008
:004187AE 50
:004187AF 8B450C
:004187B2 8B4004
:004187B5 50
:004187B6 6A00
:004187B8 6A00
:004187BA 8B45E4
:004187BD 50

push 00CC0020
push 00000000
push 00000000
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
push 00000000
push 00000000
mov eax, dword
push eax

|
:004187BE E80DD6FEFF
Call 00405DD0
ptr [ebp-20]
ptr [ebp+0C]
ptr [eax+08]
ptr [ebp+0C]
ptr [eax+04]
ptr [ebp-1C]
:004187C3
:004187C7
:004187C9
:004187CB
:004187CC
:004187CF
837DF800
740C
6AFF
53
8B45E0
50

je 004187D5
push FFFFFFFF
push ebx
push eax

|
:004187D0 E89BD7FEFF
Call 00405F70
|:004187C7(C)
|
:004187D5 56
push esi
:004187D6 8B45E0
:004187D9 50
push eax
|
:004187DA E889D7FEFF
Call 00405F68
:004187DF E87CCBFFFF
call 00415360
:004187E4 33C0
xor eax, eax
:004187E6 5A
pop edx
:004187E7 59
pop ecx
:004187E8 59
pop ecx
:004187E9 648910
:004187EC 6802884100
push 00418802
|:00418800(U)
|
:004187F1 8B45E0
:004187F4 50
push eax
|
:004187F5 E846D6FEFF
Call 00405E40
:004187FA C3
ret
:004187FB E978AAFEFF
:00418800 EBEF
jmp 00403278
jmp 004187F1
|:0041870A(C)
|
:00418802 33C0
:00418804 5A
:00418805 59
:00418806 59
:00418807 648910
:0041880A 682C884100
|:0041882A(U)
|
:0041880F 837DF400
:00418813 740F
:00418815 6AFF
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041882C

je 00418824
push FFFFFFFF
:00418817
:0041881A
:0041881B
:0041881E
8B45CC
50
8B45E4
50

push eax
push eax

|
:0041881F E84CD7FEFF
Call 00405F70
|:00418813(C)
|
:00418824 C3
:00418825 E94EAAFEFF
:0041882A EBE3
:0041882C 33C0
:0041882E 5A
:0041882F 59
:00418830 59
:00418831 648910
:00418834 684E884100

ret
jmp 00403278
jmp 0041880F
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041884E

|:0041884C(U)
|
:00418839 8B45EC
:0041883C 50
push eax
:0041883D 8B45E4
:00418840 50
push eax
|
:00418841 E822D7FEFF
Call 00405F68
:00418846 C3
ret
:00418847
:0041884C
:0041884E
:00418850
:00418851
:00418852
:00418853
:00418856
:00418858
:0041885D
:00418860
E92CAAFEFF
EBEB
33C0
5A
59
59
648910
EB18
E913A8FEFF
8B45F0
50
jmp 00403278
jmp 00418839
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00418870
jmp 00403070
push eax

|
:00418861 E8EAD5FEFF
Call 00405E50
:00418866 E861AAFEFF
call 004032CC
:0041886B E8B0AAFEFF
call 00403320
|:00418856(U)
|
:00418870 33C0
xor eax, eax
:00418872 5A
pop edx
:00418873 59
pop ecx
:00418874 59
:00418875 648910
:00418878 68AE884100
pop ecx
push 004188AE

|:004188AC(U)
|
:0041887D 8B45E4
:00418880 50
push eax
|
:00418881 E8BAD5FEFF
Call 00405E40
:00418886 8B45E8
:00418889 50
push eax
:0041888A 6A00
push 00000000
|
:0041888C E8CFDAFEFF
Call 00406360
:00418891 837DF000
:00418895 740F
je 004188A6
:00418897 8B450C
:0041889A 50
push eax
:0041889B 6A54
push 00000054
:0041889D 8B45F0
:004188A0 50
push eax
|
:004188A1 E822D6FEFF
Call 00405EC8
|:00418895(C)
|
:004188A6 C3
:004188A7 E9CCA9FEFF
:004188AC EBCF

ret
jmp 00403278
jmp 0041887D

|:004182B6(C), :004182C3(C), :004182D9(C), :004182E6(C), :00418596(U)
|
:004188AE 8B45F0
:004188B1 5F
pop edi
:004188B2 5E
pop esi
:004188B3 5B
pop ebx
:004188B4 8BE5
mov esp, ebp
:004188B6 5D
pop ebp
:004188B7 C20800
ret 0008
:004188BA 8BC0
mov eax, eax

|:00418D0C , :00419A4F , :00419B9B , :0041A076
|
:004188BC 53
push ebx
:004188BD 56
push esi
:004188BE 81C4F8FBFFFF
add esp, FFFFFBF8
:004188C4 8BD8
mov ebx, eax
:004188C6
:004188C8
:004188CA
:004188CC
:004188CE
:004188D1
:004188D2
:004188D4
33F6
85DB
7446
33C0
890424
54
6A04
53
xor esi, esi

test ebx, ebx
je 00418912
xor eax, eax
push esp
push 00000004
push ebx

|
:004188D5 E8EED5FEFF
Call 00405EC8
:004188DA 85C0
test eax, eax
:004188DC 7434
je 00418912
:004188DE 833C2400
:004188E2 742E
je 00418912
:004188E4 66C74424040003
mov [esp+04], 0300
:004188EB 668B0424
mov ax, word ptr [esp]
:004188EF 6689442406
:004188F4 8D442408
:004188F8 50
push eax
:004188F9 8B442404
:004188FD 50
push eax
:004188FE 6A00
push 00000000
:00418900 53
push ebx
|
:00418901 E8CAD5FEFF
Call 00405ED0
:00418906 8D442404
:0041890A 50
push eax
|
:0041890B E810D5FEFF
Call 00405E20
:00418910 8BF0
mov esi, eax
|:004188CA(C), :004188DC(C), :004188E2(C)
|
:00418912 8BC6
mov eax, esi
:00418914 81C408040000
add esp, 00000408
:0041891A 5E
pop esi
:0041891B 5B
pop ebx
:0041891C C3
ret
:0041891D 8D4000

|:00419276
|
:00418920 55
push ebp
:00418921 8BEC
mov ebp, esp
:00418923 83C490
add esp, FFFFFF90
:00418926 53
push ebx
:00418927 56
push esi
:00418928 57
push edi
:00418929 8BF9
mov edi, ecx
:0041892B 8BF2
mov esi, edx
:0041892D
:0041892F
:00418931
:00418934
:00418936
:0041893C
:0041893F
:00418940
:00418942
8BD8
33C0
8945FC
85DB
0F84E6010000
8D4590
50
6A54
53
mov ebx, eax

xor eax, eax
test ebx, ebx
je 00418B22
push eax
push 00000054
push ebx

|
:00418943 E880D5FEFF
Call 00405EC8
:00418948 85C0
test eax, eax
:0041894A 0F84D2010000
je 00418B22
:00418950 8BC3
mov eax, ebx
:00418952 E8F9F4FFFF
call 00417E50
:00418957 33C0
xor eax, eax
:00418959 8945F8
:0041895C 33C0
xor eax, eax
:0041895E 8945F0
:00418961 33C0
xor eax, eax
:00418963 55
push ebp
:00418964 681B8B4100
push 00418B1B
:00418969 64FF30
:0041896C 648920
:0041896F 6A00
push 00000000
|
:00418971 E8D2D7FEFF
Call 00406148
:00418976 E8E5C9FFFF
call 00415360
:0041897B 8945F8
:0041897E 8B45F8
:00418981 50
push eax
|
:00418982 E871D4FEFF
Call 00405DF8
:00418987 E8D4C9FFFF
call 00415360
:0041898C 8945F0
:0041898F 6A00
push 00000000
:00418991 6A01
push 00000001
:00418993 6A01
push 00000001
:00418995 8B4598
:00418998 50
push eax
:00418999 8B4594
:0041899C 50
push eax
|
:0041899D E83ED4FEFF
Call 00405DE0
:004189A2 8945FC
:004189A5 837DFC00
:004189A9 0F843E010000
je 00418AED
:004189AF 8B45FC
:004189B2 50
push eax
:004189B3 8B45F0
:004189B6 50
push eax

|
:004189B7 E8ACD5FEFF
Call 00405F68
:004189BC 8945E4
:004189BF 81FFFFFFFF1F
cmp edi, 1FFFFFFF
:004189C5 751C
jne 004189E3
:004189C7 6A42
push 00000042
:004189C9 8B4598
:004189CC 50
push eax
:004189CD 8B4594
:004189D0 50
push eax
:004189D1 6A00
push 00000000
:004189D3 6A00
push 00000000
:004189D5 8B45F0
:004189D8 50
push eax
|
:004189D9 E852D5FEFF
Call 00405F30
:004189DE E9F7000000
jmp 00418ADA
|:004189C5(C)
|
:004189E3 8B45F8
:004189E6 50
push eax
|
:004189E7 E80CD4FEFF
Call 00405DF8
:004189EC E86FC9FFFF
call 00415360
:004189F1 8945F4
:004189F4 33C0
xor eax, eax
:004189F6 55
push ebp
:004189F7 68D38A4100
push 00418AD3
:004189FC 64FF30
:004189FF 648920
:00418A02 837DA400
:00418A06 741E
je 00418A26
:00418A08 C645EF01
mov [ebp-11], 01
:00418A0C 33C0
xor eax, eax
:00418A0E 8945A8
:00418A11 8D4590
:00418A14 50
push eax
:00418A15 6A00
push 00000000
:00418A17 8BCE
mov ecx, esi
:00418A19 8BD6
mov edx, esi
:00418A1B 8BC3
mov eax, ebx
:00418A1D E86AF8FFFF
call 0041828C
:00418A22 8BD8
mov ebx, eax
:00418A24 EB04
jmp 00418A2A
|:00418A06(C)
|
:00418A26 C645EF00
mov [ebp-11], 00
|:00418A24(U)
|
:00418A2A 53
:00418A2B 8B45F4
:00418A2E 50
push ebx
push eax

|
:00418A2F E834D5FEFF
Call 00405F68
:00418A34 8945E8
:00418A37 85F6
test esi, esi
:00418A39 742A
je 00418A65
:00418A3B 6A00
push 00000000
:00418A3D 56
push esi
:00418A3E 8B45F4
:00418A41 50
push eax
|
:00418A42 E829D5FEFF
Call 00405F70
:00418A47 8B45F4
:00418A4A 50
push eax
|
:00418A4B E8F0D4FEFF
Call 00405F40
:00418A50 6A00
push 00000000
:00418A52 56
push esi
:00418A53 8B45F0
:00418A56 50
push eax
|
:00418A57 E814D5FEFF
Call 00405F70
:00418A5C 8B45F0
:00418A5F 50
push eax
|
:00418A60 E8DBD4FEFF
Call 00405F40
|:00418A39(C)
|
:00418A65 57
push edi
:00418A66 8B45F4
:00418A69 50
push eax
|
:00418A6A E809D5FEFF
Call 00405F78
:00418A6F 8BF0
mov esi, eax
:00418A71 682000CC00
push 00CC0020
:00418A76 6A00
push 00000000
:00418A78 6A00
push 00000000
:00418A7A 8B45F4
:00418A7D 50
push eax
:00418A7E 8B4598
:00418A81 50
push eax
:00418A82 8B4594
:00418A85 50
push eax
:00418A86 6A00
push 00000000
:00418A88 6A00
:00418A8A 8B45F0
:00418A8D 50
push 00000000
push eax

|
:00418A8E E83DD3FEFF
Call 00405DD0
:00418A93 56
push esi
:00418A94 8B45F4
:00418A97 50
push eax
|
:00418A98 E8DBD4FEFF
Call 00405F78
:00418A9D 837DE800
:00418AA1 740D
je 00418AB0
:00418AA3 8B45E8
:00418AA6 50
push eax
:00418AA7 8B45F4
:00418AAA 50
push eax
|
:00418AAB E8B8D4FEFF
Call 00405F68
|:00418AA1(C)
|
:00418AB0 807DEF00
:00418AB4 7406
:00418AB6 53

je 00418ABC
push ebx

|
:00418AB7 E894D3FEFF
Call 00405E50
|:00418AB4(C)
|
:00418ABC 33C0
:00418ABE 5A
:00418ABF 59
:00418AC0 59
:00418AC1 648910
:00418AC4 68DA8A4100

xor eax, eax
pop edx
pop ecx
pop ecx
push 00418ADA

|:00418AD8(U)
|
:00418AC9 8B45F4
:00418ACC 50
push eax
|
:00418ACD E86ED3FEFF
Call 00405E40
:00418AD2 C3
ret
:00418AD3 E9A0A7FEFF
:00418AD8 EBEF
jmp 00403278
jmp 00418AC9
|:004189DE(U)
|
:00418ADA 837DE400
:00418ADE 740D
:00418AE0 8B45E4
:00418AE3 50
:00418AE4 8B45F0
:00418AE7 50

je 00418AED
push eax
push eax

|
:00418AE8 E87BD4FEFF
Call 00405F68
|:004189A9(C), :00418ADE(C)
|
:00418AED 33C0
:00418AEF 5A
:00418AF0 59
:00418AF1 59
:00418AF2 648910
:00418AF5 68228B4100
|:00418B20(U)
|
:00418AFA 837DF000
:00418AFE 7409
:00418B00 8B45F0
:00418B03 50
xor eax, eax

pop edx
pop ecx
pop ecx
push 00418B22

je 00418B09
push eax

|
:00418B04 E837D3FEFF
Call 00405E40
|:00418AFE(C)
|
:00418B09 837DF800
:00418B0D 740B
:00418B0F 8B45F8
:00418B12 50
:00418B13 6A00

je 00418B1A
push eax
push 00000000

|
:00418B15 E846D8FEFF
Call 00406360
|:00418B0D(C)
|
:00418B1A C3
:00418B1B E958A7FEFF
:00418B20 EBD8

ret
jmp 00403278
jmp 00418AFA

|:00418936(C), :0041894A(C)
|
:00418B22
:00418B25
:00418B26
:00418B27
:00418B28
:00418B2A
:00418B2B
8B45FC
5F
5E
5B
8BE5
5D
C3
|:0041A89D , :0042E6E0
|:0042EE16 , :0042EE4F
|:0042F4E9 , :0042F9CF
|:004325C3
|
:00418B2C 53
:00418B2D 56
:00418B2E 57
:00418B2F 84D2
:00418B31 7408
:00418B33 83C4F0
:00418B36 E8C9A3FEFF
mov
pop
pop
pop
mov
pop
ret
Addresses:
, :0042EA16
, :0042F45B
, :0042F9DE

edi
esi
ebx
esp, ebp
ebp
, :0042EA33
, :0042F497
, :0043194F
, :0042EC5E
, :0042F4BE
, :00432528
push ebx
push esi
push edi
test dl, dl
je 00418B3B
add esp, FFFFFFF0
call 00402F04
|:00418B31(C)
|
:00418B3B 8BDA
:00418B3D 8BF8
:00418B3F 33D2
:00418B41 8BC7
:00418B43 E8A8D8FFFF
:00418B48 C7472400000020
:00418B4F B201
:00418B51 A1AC304100
:00418B56 E895A0FEFF
:00418B5B 8BF0
:00418B5D 897718
:00418B60 8BC6
:00418B62 E859F5FFFF
:00418B67 803D3023440000
:00418B6E 7409
:00418B70 B201
:00418B72 8BC7
:00418B74 8B08
:00418B76 FF5168
|:00418B6E(C)
|
:00418B79 8BC7
:00418B7B 84DB
:00418B7D 740F
:00418B7F E8D8A3FEFF
:00418B84 648F0500000000
:00418B8B 83C40C
mov ebx, edx

mov edi, eax
xor edx, edx
mov eax, edi
call 004163F0
mov [edi+24], 20000000
mov dl, 01
mov eax, dword ptr [004130AC]
call 00402BF0
mov esi, eax
mov eax, esi
call 004180C0
cmp byte ptr [00442330], 00
je 00418B79
mov dl, 01
mov eax, edi
call [ecx+68]
mov eax, edi

test bl, bl
je 00418B8E
call 00402F5C
add esp, 0000000C

|:00418B7D(C)
|
:00418B8E
:00418B90
:00418B91
:00418B92
:00418B93
8BC7
5F
5E
5B
C3
mov
pop
pop
pop
ret
eax, edi
edi
esi
ebx
:00418B94
:00418B95
:00418B96
:00418B9B
:00418B9D
:00418B9F
:00418BA1
:00418BA6
:00418BA9
:00418BAE
:00418BB1
:00418BB6
:00418BB8
:00418BBB
:00418BBD
:00418BC2
:00418BC4
:00418BC6
:00418BC8
53
56
E8C9A3FEFF
8BDA
8BF0
8BC6
E866060000
8B4618
E816F5FFFF
8B461C
E86AA0FEFF
8BD3
80E2FC
8BC6
E81A46FFFF
84DB
7E07
8BC6
E887A3FEFF
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
mov eax, esi
call 0041920C
call 004180C4
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 0040D1DC
test bl, bl
jle 00418BCD
mov eax, esi
call 00402F54

|:00418BC4(C)
|
:00418BCD 5E
pop esi
:00418BCE 5B
pop ebx
:00418BCF C3
ret
:00418BD0
:00418BD1
:00418BD3
:00418BD6
:00418BD7
:00418BD8
:00418BDA
:00418BDD
:00418BDF
:00418BE1
:00418BE3
:00418BE9
:00418BEE
:00418BF0
55
8BEC
83C4A8
53
56
8BDA
8945FC
85DB
7415
8BC3
8B150C314100
E8A2A1FEFF
84C0
0F84B7000000
push ebp
mov ebp, esp
add esp, FFFFFFA8
push ebx
push esi
mov ebx, edx
test ebx, ebx
je 00418BF6
mov eax, ebx
call 00402D90
test al, al
je 00418CAD

|:00418BDF(C)
|
:00418BF6 684C364400
push 0044364C
|
:00418BFB E858D0FEFF
Call 00405C58
:00418C00 33C0
xor eax, eax
:00418C02 55
push ebp
:00418C03
:00418C08
:00418C0B
:00418C0E
:00418C10
:00418C12
:00418C14
:00418C17
:00418C1C
:00418C1F
:00418C22
:00418C27
:00418C2A
:00418C2D
:00418C30
:00418C33
:00418C36
:00418C39
:00418C3C
:00418C3F
:00418C42
:00418C45
:00418C48
:00418C4B
68868C4100
64FF30
648920
85DB
743B
8BF3
8B4618
E8A4F4FFFF
8B45FC
8B4018
E89DF4FFFF
8B4618
8B55FC
894218
8A4615
8B55FC
884215
8B4624
8B55FC
894224
8A4628
8B55FC
884228
EB21
push 00418C86
test ebx, ebx
je 00418C4D
mov esi, ebx
call 004180C0
call 004180C4
mov byte ptr [edx+15], al
jmp 00418C6E
|:00418C10(C)
|
:00418C4D 8D45A8
:00418C50 33C9
:00418C52 BA54000000
:00418C57 E8DC9CFEFF
:00418C5C 8D45A8
:00418C5F 50
:00418C60 6A00
:00418C62 33C9
:00418C64 33D2
:00418C66 8B45FC
:00418C69 E8BA070000
|:00418C4B(U)
|
:00418C6E 33C0
:00418C70 5A
:00418C71 59
:00418C72 59
:00418C73 648910
:00418C76 688D8C4100

xor ecx, ecx
mov edx, 00000054
call 00402938
push eax
push 00000000
xor ecx, ecx
xor edx, edx
call 00419428
xor eax, eax

pop edx
pop ecx
pop ecx
push 00418C8D

|:00418C8B(U)
|
:00418C7B 684C364400
push 0044364C
|
:00418C80 E8BBD0FEFF
Call 00405D40
:00418C85 C3
ret
:00418C86
:00418C8B
:00418C8D
:00418C90
:00418C92
:00418C95
:00418C97
:00418C9A
:00418C9D
:00418CA0
:00418CA3
:00418CA6
:00418CA8
:00418CAB
E9EDA5FEFF
EBEE
8B45FC
8B10
FF5224
85C0
0F95C0
8B55FC
884216
8B55FC
8B45FC
8B08
FF5110
EB0A
|:00418BF0(C)
|
:00418CAD 8BD3
:00418CAF 8B45FC
:00418CB2 E85145FFFF
jmp 00403278
jmp 00418C7B
call [edx+24]
test eax, eax
setne al
call [ecx+10]
jmp 00418CB7
mov edx, ebx
call 0040D208

|:00418CAB(U)
|
:00418CB7 5E
pop esi
:00418CB8 5B
pop ebx
:00418CB9 8BE5
mov esp, ebp
:00418CBB 5D
pop ebp
:00418CBC C3
ret
:00418CBD 8D4000

|:0041901C , :004193BA , :00419B4F , :00419C18 , :00419C98
|:00419DC0
|
:00418CC0 55
push ebp
:00418CC1 8BEC
mov ebp, esp
:00418CC3 83C4A4
add esp, FFFFFFA4
:00418CC6 53
push ebx
:00418CC7 56
push esi
:00418CC8 57
push edi
:00418CC9 8B7508
:00418CCC 8D7DA4
:00418CCF 51
push ecx
:00418CD0 B915000000
mov ecx, 00000015
:00418CD5 F3
repz
:00418CD6 A5
movsd
:00418CD7 59
pop ecx
:00418CD8 8BF1
mov esi, ecx
:00418CDA 8BFA
mov edi, edx
:00418CDC 8BD8
mov ebx, eax
:00418CDE 8BC3
mov eax, ebx
:00418CE0 E827050000
call 0041920C
:00418CE5 33C0
xor eax, eax
:00418CE7 8945FC
:00418CEA 33C0
xor eax, eax
:00418CEC
:00418CEF
:00418CF1
:00418CF2
:00418CF7
:00418CFA
:00418CFD
:00418D03
:00418D05
:00418D08
8945F8
33C0
55
684D8D4100
64FF30
648920
3B3530364400
7505
8975F8
EB0A

xor eax, eax
push ebp
push 00418D4D
cmp esi, dword ptr [00443630]
jne 00418D0A
jmp 00418D14
|:00418D03(C)
|
:00418D0A 8BC6
:00418D0C E8ABFBFFFF
:00418D11 8945F8
|:00418D08(U)
|
:00418D14 8D45A4
:00418D17 50
:00418D18 8B431C
:00418D1B 50
:00418D1C 8B4DF8
:00418D1F 8BD6
:00418D21 8BC7
:00418D23 E864F5FFFF
:00418D28 8945FC
:00418D2B 8D45A4
:00418D2E 50
:00418D2F 8B4318
:00418D32 8A406C
:00418D35 50
:00418D36 8B4DF8
:00418D39 8B55FC
:00418D3C 8BC3
:00418D3E E8E5060000
:00418D43 33C0
:00418D45 5A
:00418D46 59
:00418D47 59
:00418D48 648910
:00418D4B EB26
:00418D4D E91EA3FEFF
:00418D52 8B45F8
:00418D55 E8C6A5FFFF
:00418D5A 837DFC00
:00418D5E 7409
:00418D60 8B45FC
:00418D63 50
mov eax, esi

call 004188BC

push eax
push eax
mov edx, esi
mov eax, edi
call 0041828C
push eax
push eax
mov eax, ebx
call 00419428
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00418D73
jmp 00403070
call 00413320
je 00418D69
push eax

|
:00418D64 E8E7D0FEFF
Call 00405E50
|:00418D5E(C)
|
:00418D69 E85EA5FEFF
:00418D6E E8ADA5FEFF
call 004032CC
call 00403320

|:00418D4B(U)
|
:00418D73 5F
pop edi
:00418D74 5E
pop esi
:00418D75 5B
pop ebx
:00418D76 8BE5
mov esp, ebp
:00418D78 5D
pop ebp
:00418D79 C20400
ret 0004

|:004190B9
|
:00418D7C E87B020000
call 00418FFC
:00418D81 C3
ret
:00418D82
:00418D84
:00418D88
:00418D8D
8BC0
C6402100
E89BD6FFFF
C3
:00418D8E 8BC0
mov eax, eax

mov [eax+21], 00
call 00416428
ret
mov eax, eax

|:0041A958
|
:00418D90 53
push ebx
:00418D91 8BD8
mov ebx, eax
:00418D93 8BC3
mov eax, ebx
:00418D95 E872040000
call 0041920C
:00418D9A 8BC3
mov eax, ebx
:00418D9C E8F7030000
call 00419198
:00418DA1 8B4318
:00418DA4 8B10
:00418DA6 FF12
:00418DA8 5B
pop ebx
:00418DA9 C3
ret
:00418DAA
:00418DAC
:00418DAD
:00418DAF
:00418DB2
:00418DB3
:00418DB4
:00418DB5
:00418DB7
:00418DBA
:00418DBC
:00418DBF
:00418DC5
:00418DC8
8BC0
55
8BEC
83C4E4
53
56
57
8BF9
8955FC
8BD8
8B7318
8A15F88F4100
8B45FC
E8BBC1FFFF
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFE4
push ebx
push esi
push edi
mov edi, ecx
mov ebx, eax
mov dl, byte ptr [00418FF8]
call 00414F88
:00418DCD
:00418DCF
:00418DD4
:00418DD6
:00418DD9
:00418DDD
:00418DE0
:00418DE2
:00418DE4
:00418DE6
:00418DE7
:00418DEA
:00418DED
8BC3
E8B8040000
33C0
8945F8
C645F700
8B4610
85C0
7422
6AFF
50
8B45FC
8B4004
50
mov eax, ebx

call 0041928C
xor eax, eax
mov [ebp-09], 00
test eax, eax
je 00418E06
push FFFFFFFF
push eax
push eax

|
:00418DEE E87DD1FEFF
Call 00405F70
:00418DF3 8945F8
:00418DF6 8B45FC
:00418DF9 8B4004
:00418DFC 50
push eax
|
:00418DFD E83ED1FEFF
Call 00405F40
:00418E02 C645F701
mov [ebp-09], 01
|:00418DE2(C)
|
:00418E06 6A0C
push 0000000C
:00418E08 8B45FC
:00418E0B 8B4004
:00418E0E 50
push eax
|
:00418E0F E894D0FEFF
Call 00405EA8
:00418E14 50
push eax
:00418E15 6A0E
push 0000000E
:00418E17 8B45FC
:00418E1A 8B4004
:00418E1D 50
push eax
|
:00418E1E E885D0FEFF
Call 00405EA8
:00418E23 5A
pop edx
:00418E24 0FAFD0
imul edx, eax
:00418E27 8BC2
mov eax, edx
:00418E29 83F808
cmp eax, 00000008
:00418E2C 7F0F
jg 00418E3D
:00418E2E 0FB7562A
movzx edx, word ptr [esi+2A]
:00418E32 0FB74E28
movzx ecx, word ptr [esi+28]
:00418E36 0FAFD1
imul edx, ecx
:00418E39 3BC2
cmp eax, edx
:00418E3B 7C04
jl 00418E41
|:00418E2C(C)
|
:00418E3D 33C0
:00418E3F EB02
xor eax, eax

jmp 00418E43

|:00418E3B(C)
|
:00418E41 B001
mov al, 01
|:00418E3F(U)
|
:00418E43 84C0
test al, al
:00418E45 7438
je 00418E7F
:00418E47 8D45EC
:00418E4A 50
push eax
:00418E4B 8B45FC
:00418E4E 8B4004
:00418E51 50
push eax
* Reference To: gdi32.GetBrushOrgEx, Ord:0000h
|
:00418E52 E821D0FEFF
Call 00405E78
:00418E57 6A04
push 00000004
:00418E59 8B45FC
:00418E5C 8B4004
:00418E5F 50
push eax
|
:00418E60 E84BD1FEFF
Call 00405FB0
:00418E65 8D45EC
lea eax, dword ptr
:00418E68 50
push eax
:00418E69 8B45F0
mov eax, dword ptr
:00418E6C 50
push eax
:00418E6D 8B45EC
mov eax, dword ptr
:00418E70 50
push eax
:00418E71 8B45FC
mov eax, dword ptr
:00418E74 8B4004
mov eax, dword ptr
:00418E77 50
push eax
[ebp-14]
[ebp-10]
[ebp-14]
[ebp-04]
[eax+04]
* Reference To: gdi32.SetBrushOrgEx, Ord:0000h

|
Call 00405F88
:00418E7D EB1B
jmp 00418E9A
|:00418E45(C)
|
:00418E7F 8BC3
:00418E81 E892020000
:00418E86 84C0
:00418E88 7510
:00418E8A 6A03
:00418E8C 8B45FC
:00418E8F E8CCBFFFFF
:00418E94 50

mov eax, ebx
call 00419118
test al, al
jne 00418E9A
push 00000003
call 00414E60
push eax

|
:00418E95 E816D1FEFF
Call 00405FB0
|:00418E7D(U), :00418E88(C)
|
:00418E9A 33C0
:00418E9C 55
:00418E9D 68E98F4100
:00418EA2 64FF30
:00418EA5 648920
:00418EA8 8BC3
:00418EAA 8B10
:00418EAC FF5228
:00418EAF 84C0
:00418EB1 7407
:00418EB3 8BC3
:00418EB5 E872030000
|:00418EB1(C)
|
:00418EBA 8BC3
:00418EBC E8A3010000
:00418EC1 8A15F88F4100
:00418EC7 E8BCC0FFFF
:00418ECC 8BC3
:00418ECE 8B10
:00418ED0 FF5228
:00418ED3 84C0
:00418ED5 0F84AA000000
:00418EDB 33C0
:00418EDD 8945E4
:00418EE0 33C0
:00418EE2 8945E8
:00418EE5 33C0
:00418EE7 55
:00418EE8 687E8F4100
:00418EED 64FF30
:00418EF0 648920
:00418EF3 6A00
xor eax, eax

push ebp
push 00418FE9
mov eax, ebx
call [edx+28]
test al, al
je 00418EBA
mov eax, ebx
call 0041922C
mov eax, ebx

call 00419064
mov dl, byte ptr [00418FF8]
call 00414F88
mov eax, ebx
call [edx+28]
test al, al
je 00418F85
xor eax, eax
xor eax, eax
xor eax, eax
push ebp
push 00418F7E
push 00000000

|
:00418EF5 E8FECEFEFF
Call 00405DF8
:00418EFA E861C4FFFF
call 00415360
:00418EFF 8945E8
:00418F02 8B460C
:00418F05 50
push eax
:00418F06 8B45E8
:00418F09 50
push eax
|
:00418F0A E859D0FEFF
Call 00405F68
:00418F0F 8945E4
:00418F12 8B4708
:00418F15 2B07
sub eax, dword ptr [edi]
:00418F17 50
push eax
:00418F18 8B470C
:00418F1B 2B4704
sub eax, dword ptr [edi+04]
:00418F1E
:00418F1F
:00418F21
:00418F26
:00418F29
:00418F2A
:00418F2C
:00418F2E
:00418F31
:00418F32
:00418F35
:00418F36
:00418F39
:00418F3A
:00418F3C
:00418F3E
:00418F41
:00418F43
:00418F46
:00418F49
:00418F4E
:00418F50
:00418F51
:00418F52
:00418F53
:00418F56
50
8BC3
E83E010000
8B4004
50
6A00
6A00
8B461C
50
8B4620
50
8B45E8
50
6A00
6A00
8B4F04
8B17
8B45FC
8B4004
E8B6C5FFFF
33C0
5A
59
59
648910
68C38F4100
|:00418F83(U)
|
:00418F5B 837DE400
:00418F5F 740D
:00418F61 8B45E4
:00418F64 50
:00418F65 8B45E8
:00418F68 50
push eax
mov eax, ebx
call 00419064
push eax
push 00000000
push 00000000
push eax
push eax
push eax
push 00000000
push 00000000
call 00415504
xor eax, eax
pop edx
pop ecx
pop ecx
push 00418FC3
je 00418F6E
push eax
push eax

|
:00418F69 E8FACFFEFF
Call 00405F68
|:00418F5F(C)
|
:00418F6E 837DE800
:00418F72 7409
:00418F74 8B45E8
:00418F77 50

je 00418F7D
push eax

|
:00418F78 E8C3CEFEFF
Call 00405E40
|:00418F72(C)
|
:00418F7D C3
:00418F7E E9F5A2FEFF
:00418F83 EBD6

ret
jmp 00403278
jmp 00418F5B
|:00418ED5(C)
|
:00418F85 8B45FC
:00418F88 8B4020
:00418F8B 50
:00418F8C 8B4620
:00418F8F 50
:00418F90 8B461C
:00418F93 50
:00418F94 6A00
:00418F96 6A00
:00418F98 8BC3
:00418F9A E8C5000000
:00418F9F 8B4004
:00418FA2 50
:00418FA3 8B470C
:00418FA6 2B4704
:00418FA9 50
:00418FAA 8B4708
:00418FAD 2B07
:00418FAF 50
:00418FB0 8B4704
:00418FB3 50
:00418FB4 8B07
:00418FB6 50
:00418FB7 8B45FC
:00418FBA 8B4004
:00418FBD 50

mov eax, dword
mov eax, dword
push eax
mov eax, dword
push eax
mov eax, dword
push eax
push 00000000
push 00000000
mov eax, ebx
call 00419064
mov eax, dword
push eax
mov eax, dword
sub eax, dword
push eax
mov eax, dword
sub eax, dword
push eax
mov eax, dword
push eax
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
ptr [ebp-04]
ptr [eax+20]
ptr [esi+20]
ptr [esi+1C]
ptr [eax+04]
ptr [edi+0C]
ptr [edi+04]
ptr [edi+08]
ptr [edi]
ptr [edi+04]
ptr [edi]
ptr [ebp-04]
ptr [eax+04]

|
:00418FBE E815D0FEFF
Call 00405FD8
:00418FC3 33C0
xor eax, eax
:00418FC5 5A
pop edx
:00418FC6 59
pop ecx
:00418FC7 59
pop ecx
:00418FC8 648910
|
:00418FCB 68F08F4100
push 00418FF0
|:00418FEE(U)
|
:00418FD0 807DF700
:00418FD4 7412
:00418FD6 6AFF
:00418FD8 8B45F8
:00418FDB 50
:00418FDC 8B45FC
:00418FDF 8B4004
:00418FE2 50

je 00418FE8
push FFFFFFFF
push eax
push eax

|
:00418FE3 E888CFFEFF
Call 00405F70
|:00418FD4(C)
|
:00418FE8 C3
:00418FE9 E98AA2FEFF
:00418FEE EBE0
:00418FF0 5F
:00418FF1 5E
:00418FF2 5B
:00418FF3 8BE5
:00418FF5 5D
:00418FF6 C3
ret
jmp
jmp
pop
pop
pop
mov
pop
ret
:00418FF7 00
BYTE 0
:00418FF8 0F0000
:00418FFB 00

BYTE 00h
00403278
00418FD0
edi
esi
ebx
esp, ebp
ebp

|:00418D7C
|
:00418FFC 53
push ebx
:00418FFD 56
push esi
:00418FFE 8BF0
mov esi, eax
:00419000 8B5E18
:00419003 837B0401
:00419007 7E1B
jle 00419024
:00419009 8BC6
mov eax, esi
:0041900B E80C020000
call 0041921C
:00419010 8D4318
:00419013 50
push eax
:00419014 8B4B10
:00419017 8B5308
:0041901A 8BC6
mov eax, esi
:0041901C E89FFCFFFF
call 00418CC0
:00419021 5E
pop esi
:00419022 5B
pop ebx
:00419023 C3
ret

|:00419007(C)
|
:00419024 8B7314
:00419027 3B7308
:0041902A 741D
je 00419049
:0041902C 85F6
test esi, esi
:0041902E 740F
je 0041903F
:00419030 56
push esi
|
:00419031 E81ACEFEFF
Call 00405E50
:00419036 85C0
test eax, eax
:00419038 7505
jne 0041903F
:0041903A E879C2FFFF
call 004152B8
|:0041902E(C), :00419038(C)
|
:0041903F 33C0
:00419041 894314
:00419044 33C0
:00419046 89432C

xor
mov
xor
mov
eax, eax
eax, eax

|:0041902A(C)
|
:00419049 5E
pop esi
:0041904A 5B
pop ebx
:0041904B C3
ret
:0041904C
:0041904F
:00419053
:00419055
:00419059
8B4018
83780800
7506
83781400
7403

jne 0041905B
je 0041905E

|:00419053(C)
|
:0041905B 33C0
xor eax, eax
:0041905D C3
ret

|:00419059(C)
|
:0041905E B001
mov al, 01
:00419060 C3
ret
:00419061 8D4000
|:00418EBC , :00418F21
|:0041A8D0 , :0042E76E
|:0042EEA1 , :0042EECD
|:0042F618 , :0042F940
|
:00419064 53
:00419065 56
:00419066 8BD8
:00419068 837B1C00
:0041906C 752F
:0041906E 8BC3
:00419070 E8A7010000
:00419075 8BCB
:00419077 B201
:00419079 A1087D4100
:0041907E E849EEFFFF
:00419083 8BF0
:00419085 89731C
:00419088 895E28
:0041908B 8B03

Addresses:
, :00418F9A
, :0042E7A1
, :0042F5C9
, :0042F94C
, :00419172
, :0042EC96
, :0042F5D2
, :00419E8E
, :0042ECD1
, :0042F60F
push ebx
push esi
mov ebx, eax
jne 0041909D
mov eax, ebx
call 0041921C
mov ecx, ebx
mov dl, 01
call 00417ECC
mov esi, eax
:0041908D
:00419090
:00419093
:00419096
8B4010
894624
895E30
C7462C7C8D4100
mov
mov
mov
mov
eax, dword ptr [eax+10]

dword ptr [esi+24], eax
dword ptr [esi+30], ebx
[esi+2C], 00418D7C

|:0041906C(C)
|
:0041909D 8B431C
:004190A0 5E
pop esi
:004190A1 5B
pop ebx
:004190A2 C3
ret
:004190A3
:004190A4
:004190A5
:004190A7
:004190A9
:004190AE
:004190B0
:004190B5
:004190B7
:004190B9
:004190BE
:004190C1
:004190C4
:004190C5
90
53
8BD8
8BC3
E85E010000
8BC3
E867010000
8BD3
8BC3
E8BEFCFFFF
8B4318
8B4008
5B
C3
:004190C6 8BC0
nop
push ebx
mov ebx, eax
mov eax, ebx
call 0041920C
mov eax, ebx
call 0041921C
mov edx, ebx
mov eax, ebx
call 00418D7C
pop ebx
ret
mov eax, eax

|:00419AB5 , :0042E874
|
:004190C8 8B4018
:004190CB 8B5008
:004190CE 85D2
test edx, edx
:004190D0 7405
je 004190D7
:004190D2 3B5014
:004190D5 7517
jne 004190EE
|:004190D0(C)
|
:004190D7 83781400
:004190DB 750E
:004190DD 83783000
:004190E1 7504
:004190E3 B001
:004190E5 EB09

cmp
jne
cmp
jne
mov
jmp
dword ptr [eax+14], 00000000

004190EB
dword ptr [eax+30], 00000000
004190E7
al, 01
004190F0

|:004190E1(C)
|
:004190E7 33C0
xor eax, eax
:004190E9 EB05
jmp 004190F0
|:004190DB(C)
|
:004190EB 33C0
:004190ED C3
xor eax, eax

ret

|:004190D5(C)
|
:004190EE B001
mov al, 01
|:004190E5(U), :004190E9(U)
|
:004190F0 C3
:004190F1 8D4000
:004190F4 8BC8
:004190F6 8B4118
:004190F9 8B4020
:004190FC 99
:004190FD 33C2
:004190FF 2BC2
:00419101 C3
:00419102
:00419104
:00419105
:00419107
:00419109
:0041910E
:00419111
:00419114
:00419115
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 0041922C
pop ebx
ret
8BC0
53
8BD8
8BC3
E81E010000
8B4318
8B400C
5B
C3
:00419116 8BC0
ret
lea
mov
mov
mov
cdq
xor
sub
ret
eax,
ecx,
eax,
eax,
dword ptr [eax+00]

eax
dword ptr [ecx+18]
dword ptr [eax+20]
eax, edx
eax, edx
mov eax, eax

|:00418E81 , :00419157
|
:00419118 8B4018
:0041911B 83C018
add eax, 00000018
:0041911E 6683781001
:00419123 7507
jne 0041912C
:00419125 6683781201
:0041912A 7403
je 0041912F
|:00419123(C)
|
:0041912C 33C0
xor eax, eax
:0041912E C3
ret

|:0041912A(C)
|
:0041912F B001
mov al, 01
:00419131 C3
ret
:00419132
:00419134
:00419135
:00419137
:00419139
:0041913E
:00419141
:00419144
:00419145
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 0041928C
pop ebx
ret
8BC0
53
8BD8
8BC3
E84E010000
8B4318
8B4010
5B
C3
:00419146 8BC0
mov eax, eax

|:00419269
|
:00419148 53
push ebx
:00419149 8BD8
mov ebx, eax
:0041914B 8B4324
:0041914E 3D00000020
cmp eax, 20000000
:00419153 752C
jne 00419181
:00419155 8BC3
mov eax, ebx
:00419157 E8BCFFFFFF
call 00419118
:0041915C 84C0
test al, al
:0041915E 7407
je 00419167
:00419160 B8FFFFFF00
mov eax, 00FFFFFF
:00419165 EB1F
jmp 00419186
|:0041915E(C)
|
:00419167 8BC3
:00419169 8B10
:0041916B FF5220
:0041916E 48
:0041916F 50
:00419170 8BC3
:00419172 E8EDFEFFFF
:00419177 33D2
:00419179 59
:0041917A E86DBCFFFF
:0041917F EB05

mov eax, ebx
call [edx+20]
dec eax
push eax
mov eax, ebx
call 00419064
xor edx, edx
pop ecx
call 00414DEC
jmp 00419186

|:00419153(C)
|
:00419181 E882A9FFFF
call 00413B08
|:00419165(U), :0041917F(U)
|
:00419186 0D00000002
:0041918B 5B
:0041918C C3
:0041918D 8D4000
or eax, 02000000
pop ebx
ret
:00419190 8B4018
:00419193 8B401C
:00419196 C3

ret
:00419197 90
nop

|:00418D9C , :00419B10 , :00419DF2
|
:00419198 53
push ebx
:00419199 56
push esi
:0041919A 8B5818
:0041919D 837B0800
:004191A1 7465
je 00419208
:004191A3 837B1400
:004191A7 755F
jne 00419208
:004191A9 E8DE000000
call 0041928C
:004191AE 837B3000
:004191B2 753C
jne 004191F0
:004191B4 8D4318
:004191B7 50
push eax
:004191B8 6A54
push 00000054
:004191BA 8B4308
:004191BD 50
push eax
|
:004191BE E805CDFEFF
Call 00405EC8
:004191C3 8D4318
:004191C6 8BD0
mov edx, eax
:004191C8 83C018
add eax, 00000018
:004191CB C70028000000
:004191D1 8B4A04
:004191D4 894804
:004191D7 8B4A08
:004191DA 894808
:004191DD 66C7400C0100
mov [eax+0C], 0001
:004191E3 668B4A10
mov cx, word ptr [edx+10]
:004191E7 660FAF4A12
imul cx, word ptr [edx+12]
:004191EC 6689480E
mov word ptr [eax+0E], cx
|:004191B2(C)
|
:004191F0 8D4318
:004191F3 50
:004191F4 6A00
:004191F6 8B7310
:004191F9 8BCE
:004191FB 8BD6
:004191FD 8B4308
:00419200 E887F0FFFF
:00419205 894314

push eax
push 00000000
mov ecx, esi
mov edx, esi
call 0041828C

|:004191A1(C), :004191A7(C)
|
:00419208 5E
pop esi
:00419209 5B
pop ebx
:0041920A C3
ret
:0041920B 90
nop

|:00418BA1 , :00418CE0 , :00418D95 , :004190A9 , :0041925B
|:00419384 , :0041998A , :00419A03 , :00419B02 , :00419B64
|:00419CE6
|
:0041920C 8B501C
:0041920F 85D2
test edx, edx
:00419211 7407
je 0041921A
:00419213 8BC2
mov eax, edx
:00419215 E81AEDFFFF
call 00417F34
|:00419211(C)
|
:0041921A C3
ret
:0041921B 90
nop
|:00418006 , :0041900B , :00419070 , :004190B0 , :00419262
|:00419BF0 , :00419C5A , :00419CED , :00419D98 , :0041A025
|
:0041921C 8B4018
:0041921F 83780800
:00419223 7506
jne 0041922B
:00419225 8B5014
:00419228 895008
|:00419223(C)
|
:0041922B C3
ret
|:00418EB5 , :00419109
|
:0041922C 53
push ebx
:0041922D 56
push esi
:0041922E 8BD8
mov ebx, eax
:00419230 807B2200
:00419234 7406
je 0041923C
:00419236 807B2100
:0041923A 754A
jne 00419286
|:00419234(C)
|
:0041923C 8B7318
:0041923F 8B460C
:00419242 85C0
:00419244 7413
:00419246 E805ECFFFF
:0041924B 8B460C
:0041924E 50

test eax, eax
je 00419259
call 00417E50
push eax
:0041924F E8FCCBFEFF
:00419254 33C0
:00419256 89460C
|:00419244(C)
|
:00419259 8BC3
:0041925B E8ACFFFFFF
:00419260 8BC3
:00419267 8BC3
:00419269 E8DAFEFFFF
:0041926E 8BC8
:00419270 8B5610
:00419273 8B4608
:00419276 E8A5F6FFFF
:0041927B 89460C
:0041927E C6432201
:00419282 C6432101
|
Call 00405E50
xor eax, eax
mov eax, ebx
call 0041920C
mov eax, ebx
call 0041921C
mov eax, ebx
call 00419148
mov ecx, eax
call 00418920
mov [ebx+22], 01
mov [ebx+21], 01

|:0041923A(C)
|
:00419286 5E
pop esi
:00419287 5B
pop ebx
:00419288 C3
ret
:00419289 8D4000

|:00418022 , :00418DCF , :00419139 , :004191A9 , :00419B09
|:00419B6B
|
:0041928C 53
push ebx
:0041928D 56
push esi
:0041928E 57
push edi
:0041928F 55
push ebp
:00419290 8BF8
mov edi, eax
:00419292 8B6F18
:00419295 807F2000
cmp byte ptr [edi+20], 00
:00419299 0F85A0000000
jne 0041933F
:0041929F 837D1000
:004192A3 0F8596000000
jne 0041933F
:004192A9 837D1400
:004192AD 0F848C000000
je 0041933F
:004192B3 8B4514
:004192B6 3B4508
:004192B9 7505
jne 004192C0
:004192BB E890EBFFFF
call 00417E50
|:004192B9(C)
|
:004192C0 668B4D3E
:004192C4 B801000000
:004192C9 D3E0
:004192CB 8BC8

mov
mov
shl
mov
cx, word ptr [ebp+3E]

eax, 00000001
eax, cl
ecx, eax
:004192CD
:004192CF
:004192D2
:004192D7
:004192D9
:004192DC
:004192DE
:004192E0
33D2
8B4514
E879C7FFFF
8BF0
897510
85F6
755F
6A00
xor edx, edx

call 00415A50
mov esi, eax
test esi, esi
jne 0041933F
push 00000000

|
:004192E2 E861CEFEFF
Call 00406148
:004192E7 E874C0FFFF
call 00415360
:004192EC 8BF0
mov esi, eax
:004192EE 807D6D00
cmp byte ptr [ebp+6D], 00
:004192F2 7527
jne 0041931B
:004192F4 6A0C
push 0000000C
:004192F6 56
push esi
|
:004192F7 E8ACCBFEFF
Call 00405EA8
:004192FC 8BD8
mov ebx, eax
:004192FE 6A0E
push 0000000E
:00419300 56
push esi
|
:00419301 E8A2CBFEFF
Call 00405EA8
:00419306 0FAFD8
imul ebx, eax
:00419309 0FB7452A
movzx eax, word ptr [ebp+2A]
:0041930D 0FB75528
movzx edx, word ptr [ebp+28]
:00419311 F7EA
imul edx
:00419313 3BD8
cmp ebx, eax
:00419315 7C04
jl 0041931B
:00419317 33DB
xor ebx, ebx
:00419319 EB02
jmp 0041931D
|:004192F2(C), :00419315(C)
|
:0041931B B301
mov bl, 01
|:00419319(U)
|
:0041931D 885D6D
mov byte ptr [ebp+6D], bl
:00419320 84DB
test bl, bl
:00419322 7409
je 0041932D
:00419324 56
push esi
* Reference To: gdi32.CreateHalftonePalette, Ord:0000h
|
:00419325 E8EECAFEFF
Call 00405E18
:0041932A 894510
|:00419322(C)
|
:0041932D 56
push esi
:0041932E 6A00
push 00000000

|
:00419330 E82BD0FEFF
Call 00406360
:00419335 837D1000
:00419339 7504
jne 0041933F
:0041933B C6472001
mov [edi+20], 01
|:00419299(C), :004192A3(C), :004192AD(C), :004192DE(C), :00419339(C)
|
:0041933F 5D
pop ebp
:00419340 5F
pop edi
:00419341 5E
pop esi
:00419342 5B
pop ebx
:00419343 C3
ret
:00419344
:00419345
:00419347
:0041934A
:0041934B
:0041934C
:0041934E
:00419351
:00419353
:00419355
:00419357
:00419358
:0041935D
:00419360
:00419363
:00419367
:00419369
:0041936B
55
8BEC
83C4A8
53
56
33DB
895DA8
8BD9
8BF0
33C0
55
68F4934100
64FF30
648920
6683FA02
7504
85DB
7515
push ebp
mov ebp, esp
add esp, FFFFFFA8
push ebx
push esi
xor ebx, ebx
mov ebx, ecx
mov esi, eax
xor eax, eax
push ebp
push 004193F4
cmp dx, 0002
jne 0041936D
test ebx, ebx
jne 00419382
|:00419367(C)
|
:0041936D 8D55A8
:00419370 A1382C4400
:00419375 E8AABAFEFF
:0041937A 8B45A8
:0041937D E8F2BDFFFF
|:0041936B(C)
|
:00419382 8BC6
:00419384 E883FEFFFF
:00419389 8D45AC
:0041938C 33C9
:0041938E BA54000000
:00419393 E8A095FEFF
:00419398 8D45AC
:0041939B 50
:0041939C 6A54
:0041939E 53

call 00404E24
call 00415174
mov eax, esi

call 0041920C
xor ecx, ecx
mov edx, 00000054
call 00402938
push eax
push 00000054
push ebx

|
:0041939F E824CBFEFF
Call 00405EC8
:004193A4 837DC000
:004193A8 7505
jne 004193AF
:004193AA 33C0
xor eax, eax
:004193AC 8945C4
|:004193A8(C)
|
:004193AF 8D45AC
:004193B2 50
:004193B3 8B4D08
:004193B6 8BD3
:004193B8 8BC6
:004193BF 8B4618
:004193C2 C6406C00
:004193C6 8BC6
:004193C8 8B10
:004193CA FF5224
:004193CD 85C0
:004193CF 0F95C0
:004193D2 884616
:004193D5 8BD6
:004193D7 8BC6
:004193D9 8B08
:004193DB FF5110
:004193DE 33C0
:004193E0 5A
:004193E1 59
:004193E2 59
:004193E3 648910
:004193E6 68FB934100
|:004193F9(U)
|
:004193EB 8D45A8
:004193EE E8C5A3FEFF
:004193F3 C3
:004193F4
:004193F9
:004193FB
:004193FC
:004193FD
:004193FF
:00419400
E97F9EFEFF
EBF0
5E
5B
8BE5
5D
C20400
jmp
jmp
pop
pop
mov
pop
ret
:00419403
:00419404
:00419405
:00419406
:00419408
:0041940A
90
53
56
8BDA
8BF0
8BC3
nop
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, ebx

push eax
mov edx, ebx
mov eax, esi
call 00418CC0
mov [eax+6C], 00
mov eax, esi
call [edx+24]
test eax, eax
setne al
mov edx, esi
mov eax, esi
call [ecx+10]
xor eax, eax
pop edx
pop ecx
pop ecx
push 004193FB

call 004037B8
ret
00403278
004193EB
esi
ebx
esp, ebp
ebp
0004
:0041940C
:00419411
:00419412
:00419414
:00419419
:0041941A
:0041941C
:0041941E
:00419420
:00419425
:00419426
:00419427
E84753FFFF
50
8BC3
E82353FFFF
59
2BC8
8BD3
8BC6
E857050000
5E
5B
C3
call 0040E758
push eax
mov eax, ebx
call 0040E73C
pop ecx
sub ecx, eax
mov edx, ebx
mov eax, esi
call 0041997C
pop esi
pop ebx
ret

|:00418C69 , :00418D3E , :0041994F , :004199B0 , :00419A72
|:00419B39 , :00419BC6 , :00419D36
|
:00419428 55
push ebp
:00419429 8BEC
mov ebp, esp
:0041942B 83C4F8
add esp, FFFFFFF8
:0041942E 53
push ebx
:0041942F 56
push esi
:00419430 57
push edi
:00419431 8BF1
mov esi, ecx
:00419433 8BDA
mov ebx, edx
:00419435 8945FC
:00419438 B201
mov dl, 01
:0041943A A1AC304100
mov eax, dword ptr [004130AC]
:0041943F E8AC97FEFF
call 00402BF0
:00419444 8945F8
:00419447 33C0
xor eax, eax
:00419449 55
push ebp
:0041944A 689B944100
push 0041949B
:0041944F 64FF30
:00419452 648920
:00419455 8B45F8
:00419458 895808
:0041945B 8B45F8
:0041945E 897010
:00419461 8B450C
:00419464 8B55F8
:00419467 8BF0
mov esi, eax
:00419469 8D7A18
lea edi, dword ptr [edx+18]
:0041946C B915000000
mov ecx, 00000015
:00419471 F3
repz
:00419472 A5
movsd
:00419473 8B45F8
:00419476 8A5508
mov dl, byte ptr [ebp+08]
:00419479 88506C
mov byte ptr [eax+6C], dl
:0041947C 8B45F8
:0041947F 83782C00
:00419483 740C
je 00419491
:00419485 8B45F8
:00419488 8B4008
:0041948B 8B55F8
:0041948E 894214
|:00419483(C)
|
:00419491 33C0
:00419493 5A
:00419494 59
:00419495 59
:00419496 648910
:00419499 EB17
:0041949B E9D09BFEFF
:004194A0 8B45F8
:004194A3 E87897FEFF
:004194A8 E81F9EFEFF
:004194AD E86E9EFEFF
xor eax, eax

pop edx
pop ecx
pop ecx
jmp 004194B2
jmp 00403070
call 00402C20
call 004032CC
call 00403320

|:00419499(U)
|
:004194B2 684C364400
push 0044364C
|
:004194B7 E89CC7FEFF
Call 00405C58
:004194BC 33D2
xor edx, edx
:004194BE 55
push ebp
:004194BF 68FB944100
push 004194FB
:004194C4 64FF32
:004194C7 648922
:004194CA 8B45FC
:004194CD 8B4018
:004194D0 E8EFEBFFFF
call 004180C4
:004194D5 8B55FC
:004194D8 8B45F8
:004194DB 894218
:004194DE E8DDEBFFFF
call 004180C0
:004194E3 33C0
xor eax, eax
:004194E5 5A
pop edx
:004194E6 59
pop ecx
:004194E7 59
pop ecx
:004194E8 648910
:004194EB 6802954100
push 00419502
|:00419500(U)
|
:004194F0 684C364400
push 0044364C
|
:004194F5 E846C8FEFF
Call 00405D40
:004194FA C3
ret
:004194FB
:00419500
:00419502
:00419505
:00419509
:0041950A
:0041950B
:0041950C
E9789DFEFF
EBEE
8B45FC
C6402200
5F
5E
5B
59
jmp
jmp
mov
mov
pop
pop
pop
pop
00403278
004194F0
[eax+22], 00
edi
esi
ebx
ecx
:0041950D 59
:0041950E 5D
:0041950F C20800
pop ecx
pop ebp
ret 0008
:00419512
:00419514
:00419515
:00419516
:00419517
:00419518
:0041951A
:0041951C
:0041951E
:00419523
:00419525
:00419527
:0041952A
:0041952D
:0041952F
:00419531
:00419536
:00419537
:00419538
:00419539
:0041953A
mov eax, eax

push ebx
push esi
push edi
push ecx
mov esi, edx
mov ebx, eax
mov edx, esp
mov ecx, 00000004
mov eax, esi
call [edi+04]
mov edx, esi
mov eax, ebx
call 0041997C
pop edx
pop edi
pop esi
pop ebx
ret
8BC0
53
56
57
51
8BF2
8BD8
8BD4
B904000000
8BC6
8B38
FF5704
8B0C24
8BD6
8BC3
E846040000
5A
5F
5E
5B
C3
:0041953B 90
nop

|:004199DB
|
:0041953C 55
push ebp
:0041953D 8BEC
mov ebp, esp
:0041953F 81C46CFFFFFF
add esp, FFFFFF6C
:00419545 53
push ebx
:00419546 56
push esi
:00419547 57
push edi
:00419548 8BF1
mov esi, ecx
:0041954A 8955F8
:0041954D 8945FC
:00419550 33C0
xor eax, eax
:00419552 8945D4
:00419555 8D55E0
:00419558 B904000000
mov ecx, 00000004
:0041955D 8B45F8
:00419560 8B18
:00419562 FF5304
call [ebx+04]
:00419565 837DE00C
cmp dword ptr [ebp-20], 0000000C
:00419569 0F9445DF
:0041956D 807DDF00
:00419571 7407
je 0041957A
:00419573 C745E028000000
mov [ebp-20], 00000028
|:00419571(C)
|
:0041957A 8B45E0
:0041957D 83C00C
add eax, 0000000C
:00419580
:00419585
:0041958A
:0041958D
:00419590
:00419593
:00419595
:00419596
:0041959B
:0041959E
:004195A1
:004195A5
:004195A7
:004195AA
:004195AD
:004195B2
:004195B5
:004195B7
:004195BA
:004195BD
:004195BF
:004195C1
:004195C6
:004195CB
:004195CD
:004195D1
:004195D4
:004195D8
:004195DB
:004195DF
:004195E3
:004195E7
:004195EB
:004195EE
0500040000
E80A91FEFF
8945E8
8B45E8
8945CC
33D2
55
6810994100
64FF32
648922
807DDF00
7449
8D55C0
83C204
B908000000
8B45F8
8B18
FF5304
8B5DCC
8BC3
33C9
BA28000000
E86D93FEFF
8BC3
0FB755C4
895004
0FB755C6
895008
668B55C8
6689500C
668B55CA
6689500E
83EE0C
EB17
add eax, 00000400

call 00402694
xor edx, edx
push ebp
push 00419910
je 004195F0
add edx, 00000004
mov ecx, 00000008
call [ebx+04]
mov eax, ebx
xor ecx, ecx
mov edx, 00000028
call 00402938
mov eax, ebx
movzx edx, word ptr [ebp-3C]
movzx edx, word ptr [ebp-3A]
mov word ptr [eax+0C], dx
mov word ptr [eax+0E], dx
sub esi, 0000000C
jmp 00419607

|:004195A5(C)
|
:004195F0 8B4DE0
:004195F3 83E904
sub ecx, 00000004
:004195F6 8B55E8
:004195F9 83C204
add edx, 00000004
:004195FC 8B45F8
:004195FF 8B18
:00419601 FF5304
call [ebx+04]
:00419604 2B75E0
sub esi, dword ptr [ebp-20]
|:004195EE(U)
|
:00419607 8B5DCC
:0041960A 8B45E0
:0041960D 8903
:0041960F 8B45E8
:00419612 0345E0
:00419615 8945E4
:00419618 66837B0C01
:0041961D 7405
:0041961F E868BBFFFF

cmp word ptr [ebx+0C], 0001
je 00419624
call 0041518C
|:0041961D(C)
|
:00419624 837DE028
:00419628 752D
:0041962A 668B430E
:0041962E 6683F810
:00419632 7406
:00419634 6683F820
:00419638 751D
|:00419632(C)
|
:0041963A 837B1003
:0041963E 7517
:00419640 8B55E4
:00419643 B90C000000
:00419648 8B45F8
:0041964B E84051FFFF
:00419650 8345E40C
:00419654 83EE0C

jne 00419657
mov ax, word ptr [ebx+0E]
cmp ax, 0010
je 0041963A
cmp ax, 0020
jne 00419657

jne 00419657
mov ecx, 0000000C
call 0040E790
add dword ptr [ebp-1C], 0000000C
sub esi, 0000000C

|:00419628(C), :00419638(C), :0041963E(C)
|
:00419657 837B2000
:0041965B 750C
jne 00419669
:0041965D 668B430E
mov ax, word ptr [ebx+0E]
:00419661 E86ABEFFFF
call 004154D0
:00419666 894320
|:0041965B(C)
|
:00419669 8B4B20
:0041966C 0FB67DDF
:00419670 33C0
:00419672 8A8770254400
:00419678 0FAFC8
:0041967B 8B55E4
:0041967E 8B45F8
:00419681 E80A51FFFF
:00419686 8B4320
:00419689 33D2
:0041968B 8A9770254400
:00419691 F7EA
:00419693 2BF0
:00419695 837B1400
:00419699 7521
:0041969B 0FB7530E
:0041969F 8B4304
:004196A2 B920000000
:004196A7 E844BEFFFF
:004196AC 8BC8
:004196AE 8B4308
:004196B1 99
:004196B2 33C2
:004196B4 2BC2
:004196B6 0FAFC8

movzx edi, byte ptr [ebp-21]
xor eax, eax
imul ecx, eax
call 0040E790
xor edx, edx
mov dl, byte ptr [edi+00442570]
imul edx
sub esi, eax
jne 004196BC
movzx edx, word ptr [ebx+0E]
mov ecx, 00000020
call 004154F0
mov ecx, eax
cdq
xor eax, edx
sub eax, edx
imul ecx, eax
:004196B9 894B14

|:00419699(C)
|
:004196BC 8B4314
:004196BF 3BF0
cmp esi, eax
:004196C1 7602
jbe 004196C5
:004196C3 8BF0
mov esi, eax
|:004196C1(C)
|
:004196C5 807DDF00
:004196C9 7408
:004196CB 8B45E4
:004196CE E8C5C0FFFF

je 004196D3
call 00415798

|:004196C9(C)
|
:004196D3 6A00
push 00000000
|
:004196D5 E86ECAFEFF
Call 00406148
:004196DA E881BCFFFF
call 00415360
:004196DF 8945F4
:004196E2 33D2
xor edx, edx
:004196E4 55
push ebp
:004196E5 68C7984100
push 004198C7
:004196EA 64FF32
:004196ED 648922
:004196F0 8B45CC
:004196F3 8B4010
:004196F6 83F801
cmp eax, 00000001
:004196F9 7412
je 0041970D
:004196FB 83F802
cmp eax, 00000002
:004196FE 740D
je 0041970D
:00419700 803D3023440000
cmp byte ptr [00442330], 00
:00419707 0F8429010000
je 00419836
|:004196F9(C), :004196FE(C)
|
:0041970D 33C0
:0041970F 8945F0
:00419712 8BC6
:00419714 E87B8FFEFF
:00419719 8945EC
:0041971C 33D2
:0041971E 55
:0041971F 682F984100
:00419724 64FF32
:00419727 648922
:0041972A 8B55EC
:0041972D 8BCE
:0041972F 8B45F8
:00419732 E85950FFFF
:00419737 8B45F4

xor eax, eax
mov eax, esi
call 00402694
xor edx, edx
push ebp
push 0041982F
mov ecx, esi
call 0040E790
:0041973A 50
push eax

|
:0041973B E8B8C6FEFF
Call 00405DF8
:00419740 E81BBCFFFF
call 00415360
:00419745 8945F0
:00419748 6A01
push 00000001
:0041974A 6A01
push 00000001
:0041974C 8B45F4
:0041974F 50
push eax
|
:00419750 E89BC6FEFF
Call 00405DF0
:00419755 50
push eax
:00419756 8B45F0
:00419759 50
push eax
|
:0041975A E809C8FEFF
Call 00405F68
:0041975F 50
push eax
|
:00419760 E8EBC6FEFF
Call 00405E50
:00419765 33C0
xor eax, eax
:00419767 8945D0
:0041976A 8B45CC
:0041976D 8B4020
:00419770 85C0
test eax, eax
:00419772 762A
jbe 0041979E
:00419774 8BC8
mov ecx, eax
:00419776 8B55E4
:00419779 33C0
xor eax, eax
:0041977B E8D0C2FFFF
call 00415A50
:00419780 8945D4
:00419783 6A00
push 00000000
:00419785 8B45D4
:00419788 50
push eax
:00419789 8B45F0
:0041978C 50
push eax
|
:0041978D E8DEC7FEFF
Call 00405F70
:00419792 8945D0
:00419795 8B45F0
:00419798 50
push eax
|
:00419799 E8A2C7FEFF
Call 00405F40
|:00419772(C)
|
:0041979E 33D2
xor edx, edx
:004197A0 55
push ebp
:004197A1
:004197A6
:004197A9
:004197AC
:004197AE
:004197B1
:004197B2
:004197B5
:004197B6
:004197B8
:004197B9
:004197BC
6803984100
64FF32
648922
6A00
8B45E8
50
8B55EC
52
6A04
50
8B45F0
50
push 00419803
push 00000000
push eax
push edx
push 00000004
push eax
push eax

|
:004197BD E846C6FEFF
Call 00405E08
:004197C2 8945D8
:004197C5 837DD800
:004197C9 7515
jne 004197E0
|
:004197CB E8D8C4FEFF
Call 00405CA8
:004197D0 85C0
test eax, eax
:004197D2 7507
jne 004197DB
:004197D4 E8B3B9FFFF
call 0041518C
:004197D9 EB05
jmp 004197E0
|:004197D2(C)
|
:004197DB E8F4FEFEFF
call 004096D4
|:004197C9(C), :004197D9(U)
|
:004197E0 33C0
:004197E2 5A
:004197E3 59
:004197E4 59
:004197E5 648910
:004197E8 680A984100
|:00419808(U)
|
:004197ED 837DD000
:004197F1 740F
:004197F3 6AFF
:004197F5 8B45D0
:004197F8 50
:004197F9 8B45F0
:004197FC 50
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041980A

je 00419802
push FFFFFFFF
push eax
push eax

|
:004197FD E86EC7FEFF
Call 00405F70
|:004197F1(C)
|
:00419802
:00419803
:00419808
:0041980A
:0041980C
:0041980D
:0041980E
:0041980F
:00419812
C3
E9709AFEFF
EBE3
33C0
5A
59
59
648910
68AE984100
|:00419834(U)
|
:00419817 837DF000
:0041981B 7409
:0041981D 8B45F0
:00419820 50
ret
jmp 00403278
jmp 004197ED
xor eax, eax
pop edx
pop ecx
pop ecx
push 004198AE
je 00419826
push eax

|
:00419821 E81AC6FEFF
Call 00405E40
|:0041981B(C)
|
:00419826 8B45EC
:00419829 E87E8EFEFF
:0041982E C3
:0041982F E9449AFEFF
:00419834 EBE1
jmp 00403278
jmp 00419817

call 004026AC
ret

|:00419707(C)
|
:00419836 6A00
push 00000000
:00419838 6A00
push 00000000
:0041983A 8D45EC
:0041983D 50
push eax
:0041983E 6A00
push 00000000
:00419840 8B45E8
:00419843 50
push eax
:00419844 8B45F4
:00419847 50
push eax
|
:00419848 E8B3C5FEFF
Call 00405E00
:0041984D 8945D8
:00419850 837DD800
:00419854 7406
je 0041985C
:00419856 837DEC00
:0041985A 7515
jne 00419871
|:00419854(C)
|

|
:0041985C E847C4FEFF
Call 00405CA8
:00419861 85C0
test eax, eax
:00419863 7507
jne 0041986C
:00419865 E822B9FFFF
call 0041518C
:0041986A EB05
jmp 00419871
|:00419863(C)
|
:0041986C E863FEFEFF
call 004096D4
|:0041985A(C), :0041986A(U)
|
:00419871 33C0
:00419873 55
:00419874 6896984100
:00419879 64FF30
:0041987C 648920
:0041987F 8B55EC
:00419882 8BCE
:00419884 8B45F8
:00419887 E8044FFFFF
:0041988C 33C0
:0041988E 5A
:0041988F 59
:00419890 59
:00419891 648910
:00419894 EB18
:00419896 E9D597FEFF
:0041989B 8B45D8
:0041989E 50

xor eax, eax
push ebp
push 00419896
mov ecx, esi
call 0040E790
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 004198AE
jmp 00403070
push eax

|
:0041989F E8ACC5FEFF
Call 00405E50
:004198A4 E8239AFEFF
call 004032CC
:004198A9 E8729AFEFF
call 00403320
|:00419894(U)
|
:004198AE 33C0
:004198B0 5A
:004198B1 59
:004198B2 59
:004198B3 648910
:004198B6 68CE984100

xor eax, eax
pop edx
pop ecx
pop ecx
push 004198CE

|:004198CC(U)
|
:004198BB 8B45F4
:004198BE 50
push eax
:004198BF 6A00
push 00000000
|
:004198C1 E89ACAFEFF
:004198C6 C3
Call 00406360
ret
:004198C7
:004198CC
:004198CE
:004198D1
:004198D6
:004198D8
:004198DB
:004198DF
:004198E1
:004198E5
:004198E7
:004198EA
:004198ED
:004198F0
:004198F2
:004198F7
jmp 00403278
jmp 004198BB
jbe 004198FA
jbe 004198FA
jne 004198FA
xor eax, eax
call 00415A50
E9AC99FEFF
EBED
8B45CC
6683780E08
7622
8B45CC
83782000
7619
837DD400
7513
8B45CC
8B4820
8B55E4
33C0
E859C1FFFF
8945D4

|:004198D6(C), :004198DF(C), :004198E5(C)
|
:004198FA 33C0
xor eax, eax
:004198FC 5A
pop edx
:004198FD 59
pop ecx
:004198FE 59
pop ecx
:004198FF 648910
:00419902 6817994100
push 00419917
|:00419915(U)
|
:00419907 8B45E8
:0041990A E89D8DFEFF
:0041990F C3
:00419910
:00419915
:00419917
:0041991D
:0041991F
:00419924
:00419929
:0041992F
:00419930
:00419932
:00419935
jmp 00403278
jmp 00419907
lea eax, dword ptr [ebp+FFFFFF6C]
xor ecx, ecx
mov edx, 00000054
call 00402938
push eax
push 00000054
push eax
E96399FEFF
EBF0
8D856CFFFFFF
33C9
BA54000000
E80F90FEFF
8D856CFFFFFF
50
6A54
8B45D8
50

call 004026AC
ret

|
:00419936 E88DC5FEFF
Call 00405EC8
:0041993B 8D856CFFFFFF
:00419941 50
push eax
:00419942 8A45DF
:00419945 50
push eax
:00419946 8B4DD4
:00419949 8B55D8
:0041994C
:0041994F
:00419954
:00419957
:00419959
:0041995C
:0041995E
:00419961
:00419964
:00419967
:0041996A
:0041996D
:0041996F
:00419972
:00419973
:00419974
:00419975
:00419977
:00419978
8B45FC
E8D4FAFFFF
8B45FC
8B10
FF5224
85C0
0F95C0
8B55FC
884216
8B55FC
8B45FC
8B08
FF5110
5F
5E
5B
8BE5
5D
C3
:00419979 8D4000

call 00419428
call [edx+24]
test eax, eax
setne al
call [ecx+10]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret

|:00419420 , :00419531
|
:0041997C 53
push ebx
:0041997D 56
push esi
:0041997E 57
push edi
:0041997F 83C49C
add esp, FFFFFF9C
:00419982 8BF1
mov esi, ecx
:00419984 8BFA
mov edi, edx
:00419986 8BD8
mov ebx, eax
:00419988 8BC3
mov eax, ebx
:0041998A E87DF8FFFF
call 0041920C
:0041998F 85F6
test esi, esi
:00419991 7524
jne 004199B7
:00419993 8D44240E
lea eax, dword ptr [esp+0E]
:00419997 33C9
xor ecx, ecx
:00419999 BA54000000
mov edx, 00000054
:0041999E E8958FFEFF
call 00402938
:004199A3 8D44240E
lea eax, dword ptr [esp+0E]
:004199A7 50
push eax
:004199A8 6A00
push 00000000
:004199AA 33C9
xor ecx, ecx
:004199AC 33D2
xor edx, edx
:004199AE 8BC3
mov eax, ebx
:004199B0 E873FAFFFF
call 00419428
:004199B5 EB29
jmp 004199E0
|:00419991(C)
|
:004199B7 8BD4
:004199B9 B90E000000
:004199BE 8BC7
:004199C0 E8CB4DFFFF
:004199C5 66813C24424D
:004199CB 7405
:004199CD E8BAB7FFFF

mov edx, esp
mov ecx, 0000000E
mov eax, edi
call 0040E790
cmp word ptr [esp], 4D42
je 004199D2
call 0041518C
|:004199CB(C)
|
:004199D2 8BCE
:004199D4 83E90E
:004199D7 8BD7
:004199D9 8BC3
:004199DB E85CFBFFFF

mov ecx, esi
sub ecx, 0000000E
mov edx, edi
mov eax, ebx
call 0041953C

|:004199B5(U)
|
:004199E0 83C464
add esp, 00000064
:004199E3 5F
pop edi
:004199E4 5E
pop esi
:004199E5 5B
pop ebx
:004199E6 C3
ret
:004199E7 90
nop

|:0042E767 , :0042F875 , :0042F931 , :00431980
|
:004199E8 55
push ebp
:004199E9 8BEC
mov ebp, esp
:004199EB 83C4A8
add esp, FFFFFFA8
:004199EE 53
push ebx
:004199EF 56
push esi
:004199F0 57
push edi
:004199F1 8BFA
mov edi, edx
:004199F3 8BD8
mov ebx, eax
:004199F5 8B7318
:004199F8 3B7E08
cmp edi, dword ptr [esi+08]
:004199FB 0F84A0000000
je 00419AA1
:00419A01 8BC3
mov eax, ebx
:00419A03 E804F8FFFF
call 0041920C
:00419A08 8D45A8
:00419A0B 33C9
xor ecx, ecx
:00419A0D BA54000000
mov edx, 00000054
:00419A12 E8218FFEFF
call 00402938
:00419A17 85FF
test edi, edi
:00419A19 740C
je 00419A27
:00419A1B 8D45A8
:00419A1E 50
push eax
:00419A1F 6A54
push 00000054
:00419A21 57
push edi
|
:00419A22 E8A1C4FEFF
Call 00405EC8
|:00419A19(C)
|
:00419A27 837E0401
:00419A2B 750D
:00419A2D 8B4610
:00419A30 8945FC

cmp
jne
mov
mov
dword ptr [esi+04], 00000001

00419A3A
:00419A33 33C0
:00419A35 894610
:00419A38 EB1D
xor eax, eax

jmp 00419A57
|:00419A2B(C)
|
:00419A3A 8B4610
:00419A3D 3B0530364400
:00419A43 750A
:00419A45 A130364400
:00419A4A 8945FC
:00419A4D EB08

mov
cmp
jne
mov
mov
jmp

00419A4F
00419A57

|:00419A43(C)
|
:00419A4F E868EEFFFF
call 004188BC
:00419A54 8945FC
|:00419A38(U), :00419A4D(U)
|
:00419A57 33C0
:00419A59 55
:00419A5A 68819A4100
:00419A5F 64FF30
:00419A62 648920
:00419A65 8D45A8
:00419A68 50
:00419A69 6A00
:00419A6B 8B4DFC
:00419A6E 8BD7
:00419A70 8BC3
:00419A77 33C0
:00419A79 5A
:00419A7A 59
:00419A7B 59
:00419A7C 648910
:00419A7F EB17
:00419A81 E9EA95FEFF
:00419A86 8B45FC
:00419A89 E89298FFFF
:00419A8E E83998FEFF
:00419A93 E88898FEFF

xor eax, eax
push ebp
push 00419A81
push eax
push 00000000
mov edx, edi
mov eax, ebx
call 00419428
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00419A98
jmp 00403070
call 00413320
call 004032CC
call 00403320

|:00419A7F(U)
|
:00419A98 8BD3
mov edx, ebx
:00419A9A 8BC3
mov eax, ebx
:00419A9C 8B08
:00419A9E FF5110
call [ecx+10]
|:004199FB(C)
|
:00419AA1 5F
pop edi
:00419AA2 5E
pop esi
:00419AA3
:00419AA4
:00419AA6
:00419AA7
5B
8BE5
5D
C3
pop ebx
mov esp, ebp
pop ebp
ret
:00419AA8
:00419AA9
:00419AAA
:00419AAB
:00419AAC
:00419AAF
:00419AB1
:00419AB3
:00419AB5
:00419ABA
:00419ABC
:00419AC2
:00419AC5
:00419AC9
:00419ACB
:00419ACF
:00419AD1
:00419AD4
:00419AD6
:00419AD8
:00419ADB
53
56
57
55
83C4AC
8BDA
8BF0
8BC6
E80EF6FFFF
3AD8
0F8412010000
8B7E18
837F0800
7521
837F1400
751B
80FB01
750A
33C0
894730
E9F4000000
push ebx
push esi
push edi
push ebp
add esp, FFFFFFAC
mov ebx, edx
mov esi, eax
mov eax, esi
call 004190C8
cmp bl, al
je 00419BD4
jne 00419AEC
jne 00419AEC
cmp bl, 01
jne 00419AE0
xor eax, eax
jmp 00419BD4

|:00419AD4(C)
|
:00419AE0 C7473028000000
mov [edi+30], 00000028
:00419AE7 E9E8000000
jmp 00419BD4
|:00419AC9(C), :00419ACF(C)
|
:00419AEC 84DB
:00419AEE 7566
:00419AF0 8B4714
:00419AF3 85C0
:00419AF5 7409
:00419AF7 3B4708
:00419AFA 0F84D4000000
|:00419AF5(C)
|
:00419B00 8BC6
:00419B02 E805F7FFFF
:00419B07 8BC6
:00419B09 E87EF7FFFF
:00419B0E 8BC6
:00419B10 E883F6FFFF
:00419B15 837F0401
:00419B19 7528
:00419B1B 8B4714
:00419B1E 33D2
:00419B20 895714
:00419B23 8B6F10
test bl, bl
jne 00419B56
test eax, eax
je 00419B00
cmp eax, dword ptr [edi+08]
je 00419BD4
mov eax, esi

call 0041920C
mov eax, esi
call 0041928C
mov eax, esi
call 00419198
jne 00419B43
xor edx, edx
mov dword ptr [edi+14], edx
:00419B26
:00419B28
:00419B2B
:00419B2E
:00419B2F
:00419B32
:00419B33
:00419B35
:00419B37
:00419B39
:00419B3E
33D2
895710
8D5718
52
8A576C
52
8BCD
8BD0
8BC6
E8EAF8FFFF
E988000000
|:00419B19(C)
|
:00419B43 8D4718
:00419B46 50
:00419B47 8B4F10
:00419B4A 8B5714
:00419B4D 8BC6
:00419B4F E86CF1FFFF
:00419B54 EB75
xor edx, edx

mov dword ptr [edi+10], edx
lea edx, dword ptr [edi+18]
push edx
mov dl, byte ptr [edi+6C]
push edx
mov ecx, ebp
mov edx, eax
mov eax, esi
call 00419428
jmp 00419BCB
push eax
mov eax, esi
call 00418CC0
jmp 00419BCB

|:00419AEE(C)
|
:00419B56 8B4708
:00419B59 85C0
test eax, eax
:00419B5B 7405
je 00419B62
:00419B5D 3B4714
:00419B60 7572
jne 00419BD4
|:00419B5B(C)
|
:00419B62 8BC6
:00419B69 8BC6
:00419B6B E81CF7FFFF
:00419B70 56
:00419B71 57
:00419B72 8D7718
:00419B75 8D7C2408
:00419B79 B915000000
:00419B7E F3
:00419B7F A5
:00419B80 5F
:00419B81 5E
:00419B82 33C0
:00419B84 89442418
:00419B88 837F0401
:00419B8C 0F94C3
:00419B8F 84DB
:00419B91 7405
:00419B93 8B6F10
:00419B96 EB0A

mov eax, esi
call 0041920C
mov eax, esi
call 0041928C
push esi
push edi
lea esi, dword ptr [edi+18]
lea edi, dword ptr [esp+08]
mov ecx, 00000015
repz
movsd
pop edi
pop esi
xor eax, eax
sete bl
test bl, bl
je 00419B98
jmp 00419BA2

|:00419B91(C)
|
:00419B98 8B4710
:00419B9B E81CEDFFFF
:00419BA0 8BE8

call 004188BC
mov ebp, eax
|:00419B96(U)
|
:00419BA2 54
:00419BA3 6A00
:00419BA5 8BCD
:00419BA7 8B5710
:00419BAA 8B4714
:00419BAD E8DAE6FFFF
:00419BB2 84DB
:00419BB4 7405
:00419BB6 894708
:00419BB9 EB10
|:00419BB4(C)
|
:00419BBB 54
:00419BBC 8A576C
:00419BBF 52
:00419BC0 8BCD
:00419BC2 8BD0
:00419BC4 8BC6
:00419BC6 E85DF8FFFF
push esp
push 00000000
mov ecx, ebp
call 0041828C
test bl, bl
je 00419BBB
jmp 00419BCB
push esp
push edx
mov ecx, ebp
mov edx, eax
mov eax, esi
call 00419428

|:00419B3E(U), :00419B54(U), :00419BB9(U)
|
:00419BCB 8BD6
mov edx, esi
:00419BCD 8BC6
mov eax, esi
:00419BCF 8B08
:00419BD1 FF5110
call [ecx+10]
|:00419ABC(C), :00419ADB(U), :00419AE7(U), :00419AFA(C), :00419B60(C)
|
:00419BD4 83C454
add esp, 00000054
:00419BD7 5D
pop ebp
:00419BD8 5F
pop edi
:00419BD9 5E
pop esi
:00419BDA 5B
pop ebx
:00419BDB C3
ret
:00419BDC
:00419BDD
:00419BDE
:00419BDF
:00419BE2
:00419BE4
:00419BE6
:00419BE9
:00419BEC
:00419BEE
:00419BF0
:00419BF5
53
56
57
83C4AC
8BFA
8BD8
8B7318
3B7E20
7438
8BC3
E827F6FFFF
56
push ebx
push esi
push edi
add esp, FFFFFFAC
mov edi, edx
mov ebx, eax
je 00419C26
mov eax, ebx
call 0041921C
push esi
:00419BF6
:00419BF7
:00419BFA
:00419BFE
:00419C03
:00419C04
:00419C05
:00419C06
:00419C07
:00419C0B
:00419C0F
:00419C10
:00419C13
:00419C16
:00419C18
:00419C1D
:00419C1F
:00419C21
:00419C23
57
83C618
8D7C2408
B915000000
F3
A5
5F
5E
897C2408
897C2420
54
8B4E10
8B5608
8BC3
E8A3F0FFFF
8BD3
8BC3
8B08
FF5110
push edi
add esi, 00000018
mov ecx, 00000015
repz
movsd
pop edi
pop esi
push esp
mov eax, ebx
call 00418CC0
mov edx, ebx
mov eax, ebx
call [ecx+10]

|:00419BEC(C)
|
:00419C26 83C454
add esp, 00000054
:00419C29 5F
pop edi
:00419C2A 5E
pop esi
:00419C2B 5B
pop ebx
:00419C2C C3
ret
:00419C2D 8D4000

|:0042EC6C , :0042EE6A , :0042F4F6
|
:00419C30 53
push ebx
:00419C31 56
push esi
:00419C32 57
push edi
:00419C33 83C4AC
add esp, FFFFFFAC
:00419C36 8BDA
mov ebx, edx
:00419C38 8BF8
mov edi, eax
:00419C3A 8B7718
:00419C3D 8D4630
:00419C40 6683780C01
cmp word ptr [eax+0C], 0001
:00419C45 7507
jne 00419C4E
:00419C47 6683780E01
:00419C4C 7404
je 00419C52
|:00419C45(C)
|
:00419C4E 33C0
xor eax, eax
:00419C50 EB02
jmp 00419C54
|:00419C4C(C)
|
:00419C52 B001
mov al, 01
|:00419C50(U)
|
:00419C54 3AD8
:00419C56 744E
:00419C58 8BC7
:00419C5A E8BDF5FFFF
:00419C5F 56
:00419C60 57
:00419C61 83C618
:00419C64 8D7C2408
:00419C68 B915000000
:00419C6D F3
:00419C6E A5
:00419C6F 5F
:00419C70 5E
:00419C71 33C0
:00419C73 89442418
:00419C77 33C0
:00419C79 8AC3
:00419C7B 6689442424
:00419C80 6689442426
:00419C85 6689442410
:00419C8A 6689442412
:00419C8F 54
:00419C90 8B4E10
:00419C93 8B5608
:00419C96 8BC7
:00419C98 E823F0FFFF
:00419C9D 8BD7
:00419C9F 8BC7
:00419CA1 8B08
:00419CA3 FF5110
cmp bl, al
je 00419CA6
mov eax, edi
call 0041921C
push esi
push edi
add esi, 00000018
mov ecx, 00000015
repz
movsd
pop edi
pop esi
xor eax, eax
xor eax, eax
mov al, bl
push esp
mov eax, edi
call 00418CC0
mov edx, edi
mov eax, edi
call [ecx+10]

|:00419C56(C)
|
:00419CA6 83C454
add esp, 00000054
:00419CA9 5F
pop edi
:00419CAA 5E
pop esi
:00419CAB 5B
pop ebx
:00419CAC C3
ret
:00419CAD
:00419CB0
:00419CB1
:00419CB3
:00419CB6
:00419CB7
:00419CB8
:00419CB9
:00419CBB
:00419CBD
:00419CC0
:00419CC3
:00419CC9
:00419CCB
:00419CCD
:00419CCF
:00419CD3
8D4000
55
8BEC
83C4A8
53
56
57
8BFA
8BD8
8B4318
3B7810
0F84B1000000
8BF0
85FF
7515
837E0401
750F

push ebp
mov ebp, esp
add esp, FFFFFFA8
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
cmp edi, dword ptr [eax+10]
je 00419D7A
mov esi, eax
test edi, edi
jne 00419CE4
jne 00419CE4
:00419CD5
:00419CD8
:00419CDD
:00419CDF
:00419CE2
8B4610
E84396FFFF
33C0
894610
EB79
|:00419CCD(C), :00419CD3(C)
|
:00419CE4 8BC3
:00419CE6 E821F5FFFF
:00419CEB 8BC3
:00419CED E82AF5FFFF
:00419CF2 56
:00419CF3 57
:00419CF4 83C618
:00419CF7 8D7DA8
:00419CFA B915000000
:00419CFF F3
:00419D00 A5
:00419D01 5F
:00419D02 5E
:00419D03 8D45A8
:00419D06 50
:00419D07 6A00
:00419D09 8B5610
:00419D0C 8B4608
:00419D0F 8BCF
:00419D11 E876E5FFFF
:00419D16 8945FC
:00419D19 33C0
:00419D1B 55
:00419D1C 68459D4100
:00419D21 64FF30
:00419D24 648920
:00419D27 8D45A8
:00419D2A 50
:00419D2B 8A466C
:00419D2E 50
:00419D2F 8BCF
:00419D31 8B55FC
:00419D34 8BC3
:00419D36 E8EDF6FFFF
:00419D3B 33C0
:00419D3D 5A
:00419D3E 59
:00419D3F 59
:00419D40 648910
:00419D43 EB18
:00419D45 E92693FEFF
:00419D4A 8B45FC
:00419D4D 50

call 00413320
xor eax, eax
jmp 00419D5D
mov eax, ebx
call 0041920C
mov eax, ebx
call 0041921C
push esi
push edi
add esi, 00000018
mov ecx, 00000015
repz
movsd
pop edi
pop esi
push eax
push 00000000
mov ecx, edi
call 0041828C
xor eax, eax
push ebp
push 00419D45
push eax
mov al, byte ptr [esi+6C]
push eax
mov ecx, edi
mov eax, ebx
call 00419428
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00419D5D
jmp 00403070
push eax

|
:00419D4E E8FDC0FEFF
Call 00405E50
:00419D53 E87495FEFF
call 004032CC
:00419D58 E8C395FEFF
call 00403320
|:00419CE2(U), :00419D43(U)
|
:00419D5D 8B4318
:00419D60 8D4818
:00419D63 8B4014
:00419D66 8BD7
:00419D68 E817E4FFFF
:00419D6D C6431601
:00419D71 8BD3
:00419D73 8BC3
:00419D75 8B08
:00419D77 FF5110
mov eax, dword ptr

lea ecx, dword ptr
mov eax, dword ptr
mov edx, edi
call 00418184
mov [ebx+16], 01
mov edx, ebx
mov eax, ebx
mov ecx, dword ptr
call [ecx+10]
[ebx+18]
[eax+18]
[eax+14]
[eax]

|:00419CC3(C)
|
:00419D7A 5F
pop edi
:00419D7B 5E
pop esi
:00419D7C 5B
pop ebx
:00419D7D 8BE5
mov esp, ebp
:00419D7F 5D
pop ebp
:00419D80 C3
ret
:00419D81
:00419D84
:00419D85
:00419D86
:00419D87
:00419D8A
:00419D8C
:00419D8E
:00419D91
:00419D94
:00419D96
:00419D98
:00419D9D
:00419D9E
:00419D9F
:00419DA2
:00419DA6
:00419DAB
:00419DAC
:00419DAD
:00419DAE
:00419DAF
:00419DB3
:00419DB7
:00419DB8
:00419DBB
:00419DBE
:00419DC0
:00419DC5
:00419DC7
:00419DC9
:00419DCB
8D4000
53
56
57
83C4AC
8BFA
8BD8
8B7318
3B7E1C
7438
8BC3
E87FF4FFFF
56
57
83C618
8D7C2408
B915000000
F3
A5
5F
5E
897C2404
897C241C
54
8B4E10
8B5608
8BC3
E8FBEEFFFF
8BD3
8BC3
8B08
FF5110

push ebx
push esi
push edi
add esp, FFFFFFAC
mov edi, edx
mov ebx, eax
cmp edi, dword ptr [esi+1C]
je 00419DCE
mov eax, ebx
call 0041921C
push esi
push edi
add esi, 00000018
mov ecx, 00000015
repz
movsd
pop edi
pop esi
mov dword ptr [esp+1C], edi
push esp
mov eax, ebx
call 00418CC0
mov edx, ebx
mov eax, ebx
call [ecx+10]

|:00419D94(C)
|
:00419DCE
:00419DD1
:00419DD2
:00419DD3
:00419DD4
83C454
5F
5E
5B
C3
add
pop
pop
pop
ret
esp, 00000054
edi
esi
ebx
:00419DD5
:00419DD8
:00419DDA
:00419DDF
8D4000
B101
E801000000
C3

mov cl, 01
call 00419DE0
ret

|:00419DDA , :0041A00A
|
:00419DE0 53
push ebx
:00419DE1 56
push esi
:00419DE2 57
push edi
:00419DE3 55
push ebp
:00419DE4 81C4D8FBFFFF
add esp, FFFFFBD8
:00419DEA 8BD9
mov ebx, ecx
:00419DEC 8BFA
mov edi, edx
:00419DEE 8BF0
mov esi, eax
:00419DF0 8BC6
mov eax, esi
:00419DF2 E8A1F3FFFF
call 00419198
:00419DF7 8B6E18
mov ebp, dword ptr [esi+18]
:00419DFA 33C0
xor eax, eax
:00419DFC 890424
:00419DFF 8B4514
:00419E02 85C0
test eax, eax
:00419E04 7441
je 00419E47
:00419E06 6A00
push 00000000
:00419E08 8D4C2404
:00419E0C 8D54240C
:00419E10 E8B3C2FFFF
call 004160C8
:00419E15 807D6C00
cmp byte ptr [ebp+6C], 00
:00419E19 7422
je 00419E3D
:00419E1B C74424080C000000
mov [esp+08], 0000000C
:00419E23 668B453E
mov ax, word ptr [ebp+3E]
:00419E27 6683F808
cmp ax, 0008
:00419E2B 7710
ja 00419E3D
:00419E2D 8BC8
mov ecx, eax
:00419E2F B801000000
mov eax, 00000001
:00419E34 D3E0
shl eax, cl
:00419E36 8D0440
:00419E39 01442408
add dword ptr [esp+08], eax
|:00419E19(C), :00419E2B(C)
|
:00419E3D 8B442408
:00419E41 83C00E
:00419E44 010424

add eax, 0000000E
add dword ptr [esp], eax

|:00419E04(C)
|
:00419E47 84DB
test bl, bl
:00419E49
:00419E4B
:00419E4D
:00419E52
:00419E54
740E
8BD4
B904000000
8BC7
E8B349FFFF
|:00419E49(C)
|
:00419E59 833C2400
:00419E5D 0F8493010000
:00419E63 8D44240C
:00419E67 33C9
:00419E69 BA0E000000
:00419E6E E8C58AFEFF
:00419E73 66C744240C424D
:00419E7A 8B0424
:00419E7D 8944240E
:00419E81 8B442408
:00419E85 83C00E
:00419E88 89442416
:00419E8C 8BC6
:00419E8E E8D1F1FFFF
:00419E93 8A1504A04100
:00419E99 E8EAB0FFFF
:00419E9E 8B4514
:00419EA1 50
:00419EA2 8B461C
:00419EA5 8B4004
:00419EA8 50
je 00419E59
mov edx, esp
mov ecx, 00000004
mov eax, edi
call 0040E80C
je 00419FF6
xor ecx, ecx
mov edx, 0000000E
call 00402938
mov [esp+0C], 4D42
mov dword ptr [esp+0E], eax
add eax, 0000000E
mov eax, esi
call 00419064
call 00414F88
push eax
push eax

|
:00419EA9 E8BAC0FEFF
Call 00405F68
:00419EAE E8ADB4FFFF
call 00415360
:00419EB3 8BD8
mov ebx, eax
:00419EB5 8D442426
:00419EB9 50
push eax
:00419EBA 6800010000
push 00000100
:00419EBF 6A00
push 00000000
:00419EC1 8B461C
:00419EC4 8B4004
:00419EC7 50
push eax
|
:00419EC8 E8CBBFFEFF
Call 00405E98
:00419ECD 89442404
:00419ED1 53
push ebx
:00419ED2 8B461C
:00419ED5 8B4004
:00419ED8 50
push eax
|
:00419ED9 E88AC0FEFF
Call 00405F68
:00419EDE 837C240400
:00419EE3 7521
jne 00419F06
:00419EE5 837D1000
:00419EE9 741B
je 00419F06
:00419EEB
:00419EEF
:00419EF1
:00419EF5
:00419EFA
:00419EFD
:00419F02
807D6D00
7515
8D542426
B9FF000000
8B4510
E8F2BBFFFF
89442404
cmp byte ptr [ebp+6D], 00

jne 00419F06
mov ecx, 000000FF
call 00415AF4

|:00419EE3(C), :00419EE9(C), :00419EEF(C)
|
:00419F06 8D4518
lea eax, dword ptr [ebp+18]
:00419F09 E832E3FFFF
call 00418240
:00419F0E 837C240400
:00419F13 7427
je 00419F3C
:00419F15 8B4550
:00419F18 85C0
test eax, eax
:00419F1A 7406
je 00419F22
:00419F1C 3B442404
:00419F20 7407
je 00419F29
|:00419F1A(C)
|
:00419F22 8B442404
:00419F26 894550
|:00419F20(C)
|
:00419F29 807D6C00
:00419F2D 740D
:00419F2F 8D542404
:00419F33 8D442426
:00419F37 E894B8FFFF
|:00419F13(C), :00419F2D(C)
|
:00419F3C 807D6C00
:00419F40 744F
:00419F42 8D4530
:00419F45 C744241A0C000000
:00419F4D 668B5004
:00419F51 668954241E
:00419F56 668B5008
:00419F5A 6689542420
:00419F5F 66C74424220100
:00419F66 668B400E
:00419F6A 6689442424
:00419F6F 8D54240C
:00419F73 B90E000000
:00419F78 8BC7
:00419F7A E88D48FFFF
:00419F7F 8D54241A
:00419F83 B90C000000
:00419F88 8BC7
:00419F8F EB3B

je 00419F3C
call 004157D0

je 00419F91
lea eax, dword ptr [ebp+30]
mov [esp+1A], 0000000C
mov word ptr [esp+1E], dx
mov word ptr [esp+20], dx
mov [esp+22], 0001
mov ecx, 0000000E
mov eax, edi
call 0040E80C
lea edx, dword ptr [esp+1A]
mov ecx, 0000000C
mov eax, edi
call 0040E80C
jmp 00419FCC
|:00419F40(C)
|
:00419F91 8D54240C
:00419F95 B90E000000
:00419F9A 8BC7
:00419F9C E86B48FFFF
:00419FA1 8D5530
:00419FA4 B928000000
:00419FA9 8BC7
:00419FAB E85C48FFFF
:00419FB0 66837D3E08
:00419FB5 7615
:00419FB7 F6454003
:00419FBB 740F
:00419FBD 8D5558
:00419FC0 B90C000000
:00419FC5 8BC7
:00419FC7 E84048FFFF

mov ecx, 0000000E
mov eax, edi
call 0040E80C
lea edx, dword ptr [ebp+30]
mov ecx, 00000028
mov eax, edi
call 0040E80C
cmp word ptr [ebp+3E], 0008
jbe 00419FCC
test [ebp+40], 03
je 00419FCC
mov ecx, 0000000C
mov eax, edi
call 0040E80C

|:00419F8F(U), :00419FB5(C), :00419FBB(C)
|
:00419FCC 33C0
xor eax, eax
:00419FCE 8A456C
mov al, byte ptr [ebp+6C]
:00419FD1 33C9
xor ecx, ecx
:00419FD3 8A8874254400
:00419FD9 0FAF4C2404
imul ecx, dword ptr [esp+04]
:00419FDE 8D542426
:00419FE2 8BC7
mov eax, edi
:00419FE4 E82348FFFF
call 0040E80C
:00419FE9 8B552C
:00419FEC 8B4D44
:00419FEF 8BC7
mov eax, edi
:00419FF1 E81648FFFF
call 0040E80C
|:00419E5D(C)
|
:00419FF6 81C428040000
:00419FFC 5D
:00419FFD 5F
:00419FFE 5E
:00419FFF 5B
:0041A000 C3
:0041A001 000000
BYTE 3 DUP(0)
:0041A004
:0041A006
:0041A008
:0041A00A
:0041A00F

xor ecx, ecx
call 00419DE0
ret
0100
0000
33C9
E8D1FDFFFF
C3
:0041A010 55
:0041A011 8BEC
:0041A013 83C4A8
add
pop
pop
pop
pop
ret
esp, 00000428
ebp
edi
esi
ebx
push ebp
mov ebp, esp
add esp, FFFFFFA8
:0041A016
:0041A017
:0041A018
:0041A019
:0041A01C
:0041A01E
:0041A023
:0041A025
:0041A02A
:0041A02D
:0041A02E
:0041A031
:0041A034
:0041A039
:0041A03A
:0041A03B
:0041A03C
:0041A03E
:0041A041
:0041A043
:0041A046
:0041A049
:0041A04A
:0041A04D
:0041A04E
:0041A051
:0041A053
:0041A055
:0041A058
:0041A05D
:0041A060
:0041A062
:0041A064
:0041A065
:0041A06A
:0041A06D
:0041A070
:0041A073
:0041A076
:0041A07B
:0041A07E
:0041A080
:0041A082
:0041A083
:0041A084
:0041A085
:0041A088
:0041A08A
:0041A08F
:0041A092
:0041A094
53
56
57
894DFC
8BD8
66C7020200
8BC3
E8F2F1FFFF
8B7318
56
83C618
8D7DA8
B915000000
F3
A5
5E
33C0
8945C0
33C0
8945BC
8D45A8
50
8B431C
50
8B7E10
8BCF
8BD7
8B4608
E82FE2FFFF
8B55FC
8902
33C0
55
688AA04100
64FF30
648920
8B4318
8B4010
E841E8FFFF
8B5508
8902
33C0
5A
59
59
648910
EB1A
E9E18FFEFF
8B45FC
8B00
50
push ebx
push esi
push edi
mov ebx, eax
mov word ptr [edx], 0002
mov eax, ebx
call 0041921C
push esi
add esi, 00000018
mov ecx, 00000015
repz
movsd
pop esi
xor eax, eax
xor eax, eax
push eax
push eax
mov ecx, edi
mov edx, edi
call 0041828C
xor eax, eax
push ebp
push 0041A08A
call 004188BC
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0041A0A4
jmp 00403070
push eax

|
:0041A095 E8B6BDFEFF
Call 00405E50
:0041A09A E82D92FEFF
call 004032CC
:0041A09F E87C92FEFF
call 00403320
|:0041A088(U)
|
:0041A0A4
:0041A0A5
:0041A0A6
:0041A0A7
:0041A0A9
:0041A0AA
5F
5E
5B
8BE5
5D
C20400
pop
pop
pop
mov
pop
ret
:0041A0AD
:0041A0B0
:0041A0B1
:0041A0B2
:0041A0B7
:0041A0B9
:0041A0BB
:0041A0BE
:0041A0C3
:0041A0C5
:0041A0C8
:0041A0CA
:0041A0CF
:0041A0D1
:0041A0D3
:0041A0D5
8D4000
53
56
E8AD8EFEFF
8BDA
8BF0
8B460C
E85D8BFEFF
8BD3
80E2FC
8BC6
E8418BFEFF
84DB
7E07
8BC6
E87A8EFEFF

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 0041A0DA
mov eax, esi
call 00402F54
edi
esi
ebx
esp, ebp
ebp
0004

|:0041A0D1(C)
|
:0041A0DA 5E
pop esi
:0041A0DB 5B
pop ebx
:0041A0DC C3
ret
:0041A0DD
:0041A0E0
:0041A0E1
:0041A0E3
:0041A0E6
:0041A0E8
:0041A0EA
8D4000
53
8BD8
8B4308
85C0
7406
50

push ebx
mov ebx, eax
test eax, eax
je 0041A0F0
push eax
* Reference To: user32.DestroyIcon, Ord:0000h

|
:0041A0EB E888BFFEFF
Call 00406078
|:0041A0E8(C)
|
:0041A0F0 33C0
xor eax, eax
:0041A0F2 894308
:0041A0F5 5B
pop ebx
:0041A0F6 C3
ret
:0041A0F7 90
nop

|:004382B9 , :0043DAFC
|
:0041A0F8
:0041A0F9
:0041A0FA
:0041A0FB
:0041A0FD
:0041A0FF
:0041A102
53
56
57
84D2
7408
83C4F0
E8FD8DFEFF
|:0041A0FD(C)
|
:0041A107 8BDA
:0041A109 8BF8
:0041A10B 33D2
:0041A10D 8BC7
:0041A10F E8DCC2FFFF
:0041A114 C6471501
:0041A118 B201
:0041A11A A1F0314100
:0041A11F E8CC8AFEFF
:0041A124 8BF0
:0041A126 897718
:0041A129 8BC6
:0041A12B E890DFFFFF
:0041A130 8BC7
:0041A132 84DB
:0041A134 740F
:0041A136 E8218EFEFF
:0041A13B 648F0500000000
:0041A142 83C40C
push ebx
push esi
push edi
test dl, dl
je 0041A107
add esp, FFFFFFF0
call 00402F04
mov ebx, edx
mov edi, eax
xor edx, edx
mov eax, edi
call 004163F0
mov [edi+15], 01
mov dl, 01
call 00402BF0
mov esi, eax
mov eax, esi
call 004180C0
mov eax, edi
test bl, bl
je 0041A145
call 00402F5C
add esp, 0000000C

|:0041A134(C)
|
:0041A145 8BC7
mov eax, edi
:0041A147 5F
pop edi
:0041A148 5E
pop esi
:0041A149 5B
pop ebx
:0041A14A C3
ret
:0041A14B
:0041A14C
:0041A14D
:0041A14E
:0041A153
:0041A155
:0041A157
:0041A15A
:0041A15F
:0041A161
:0041A164
:0041A166
:0041A16B
:0041A16D
:0041A16F
:0041A171
90
53
56
E8118EFEFF
8BDA
8BF0
8B4618
E865DFFFFF
8BD3
80E2FC
8BC6
E87130FFFF
84DB
7E07
8BC6
E8DE8DFEFF
nop
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 004180C4
mov edx, ebx
and dl, FC
mov eax, esi
call 0040D1DC
test bl, bl
jle 0041A176
mov eax, esi
call 00402F54

|:0041A16D(C)
|
:0041A176 5E
:0041A177 5B
:0041A178 C3
pop esi
pop ebx
ret
:0041A179
:0041A17C
:0041A17D
:0041A17E
:0041A17F
:0041A181
:0041A183
:0041A185
:0041A187
:0041A189
:0041A18F
:0041A194
:0041A196

push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
test ebx, ebx
je 0041A198
mov eax, ebx
call 00402D90
test al, al
je 0041A1CC
8D4000
53
56
57
8BDA
8BF0
85DB
7411
8BC3
8B154C324100
E8FC8BFEFF
84C0
7434
|:0041A185(C)
|
:0041A198 85DB
:0041A19A 741A
:0041A19C 8BFB
:0041A19E 8B4718
:0041A1A1 E81ADFFFFF
:0041A1A6 8B4618
:0041A1A9 E816DFFFFF
:0041A1AE 8B4718
:0041A1B1 894618
:0041A1B4 EB0B
|:0041A19A(C)
|
:0041A1B6 33C9
:0041A1B8 33D2
:0041A1BA 8BC6
:0041A1BC E867020000
test ebx, ebx

je 0041A1B6
mov edi, ebx
call 004180C0
call 004180C4
jmp 0041A1C1
xor ecx, ecx

xor edx, edx
mov eax, esi
call 0041A428

|:0041A1B4(U)
|
:0041A1C1 8BD6
mov edx, esi
:0041A1C3 8BC6
mov eax, esi
:0041A1C5 8B08
:0041A1C7 FF5110
call [ecx+10]
:0041A1CA EB09
jmp 0041A1D5
|:0041A196(C)
|
:0041A1CC 8BD3
:0041A1CE 8BC6
:0041A1D0 E83330FFFF

mov edx, ebx
mov eax, esi
call 0040D208

|:0041A1CA(U)
|
:0041A1D5
:0041A1D6
:0041A1D7
:0041A1D8
5F
5E
5B
C3
pop edi
pop esi
pop ebx
ret
:0041A1D9
:0041A1DC
:0041A1DD
:0041A1DE
:0041A1DF
:0041A1E1
:0041A1E3
:0041A1E5
:0041A1EB
:0041A1ED
:0041A1F2
:0041A1F4
:0041A1F9
:0041A1FA
:0041A1FD
:0041A1FE
:0041A200
:0041A201
:0041A204
8D4000
53
56
57
8BF9
8BF2
8BD8
8A1510A24100
8BC6
E896ADFFFF
8BC3
E833000000
50
8B4704
50
8B07
50
8B4604
50

push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov eax, esi
call 00414F88
mov eax, ebx
call 0041A22C
push eax
push eax
push eax
push eax

|
:0041A205 E89EBEFEFF
Call 004060A8
:0041A20A 5F
pop edi
:0041A20B 5E
pop esi
:0041A20C 5B
pop ebx
:0041A20D C3
ret
:0041A20E 0000
BYTE 2 DUP(0)
:0041A210
:0041A212
:0041A214
:0041A217
:0041A21B
:0041A21D
:0041A221

jne 0041A223
je 0041A226
0100
0000
8B4018
83780800
7506
83780C00
7403

|:0041A21B(C)
|
:0041A223 33C0
xor eax, eax
:0041A225 C3
ret

|:0041A221(C)
|
:0041A226 B001
mov al, 01
:0041A228 C3
ret
:0041A229 8D4000

|:0041A1F4 , :0041A2FE , :0041A32E , :00439924 , :0043ABB2
|:0043BBDD , :0043E806
|
:0041A22C 53
push ebx
:0041A22D 8BD8
mov ebx, eax
:0041A22F 8BC3
mov eax, ebx
:0041A231 E81A000000
call 0041A250
:0041A236 8B4318
:0041A239 8B4008
:0041A23C 5B
pop ebx
:0041A23D C3
ret
:0041A23E 8BC0
:0041A240 6A0C
mov eax, eax

push 0000000C

|
:0041A242 E8D9BFFEFF
Call 00406220
:0041A247 C3
ret
:0041A248 6A0B
push 0000000B

|
:0041A24A E8D1BFFEFF
Call 00406220
:0041A24F C3
ret

|:0041A231
|
:0041A250 53
push ebx
:0041A251 83C4F4
add esp, FFFFFFF4
:0041A254 8B5818
:0041A257 837B0800
:0041A25B 7558
jne 0041A2B5
:0041A25D 8B430C
:0041A260 85C0
test eax, eax
:0041A262 7451
je 0041A2B5
:0041A264 33D2
xor edx, edx
:0041A266 E8E144FFFF
call 0040E74C
:0041A26B 8BD4
mov edx, esp
:0041A26D B906000000
mov ecx, 00000006
:0041A272 8B430C
:0041A275 E81645FFFF
call 0040E790
:0041A27A 668B442402
mov ax, word ptr [esp+02]
:0041A27F 6683E801
sub ax, 0001
:0041A283 7204
jb 0041A289
:0041A285 740D
je 0041A294
:0041A287 EB20
jmp 0041A2A9
|:0041A283(C)
|
:0041A289 A148364400
:0041A28E 89442408
:0041A292 EB1A
|:0041A285(C)
|
:0041A294 6A06
:0041A296 0FB74C2408
:0041A29B 8D54240C
:0041A29F 8B430C
:0041A2A2 E871BAFFFF
:0041A2A7 EB05

jmp 0041A2AE
push 00000006
movzx ecx, word ptr [esp+08]
call 00415D18
jmp 0041A2AE

|:0041A287(U)
|
:0041A2A9 E826AFFFFF
call 004151D4
|:0041A292(U), :0041A2A7(U)
|
:0041A2AE 8B442408
:0041A2B2 894308
|:0041A25B(C), :0041A262(C)
|
:0041A2B5 83C40C
:0041A2B8 5B
:0041A2B9 C3
:0041A2BA 8BC0
mov eax, eax
add esp, 0000000C

pop ebx
ret

|:0041A550
|
:0041A2BC 55
push ebp
:0041A2BD 8BEC
mov ebp, esp
:0041A2BF 83C4F4
add esp, FFFFFFF4
:0041A2C2 53
push ebx
:0041A2C3 56
push esi
:0041A2C4 57
push edi
:0041A2C5 8BF0
mov esi, eax
:0041A2C7 8B5E18
:0041A2CA 837B0C00
:0041A2CE 0F8592000000
jne 0041A366
:0041A2D4 837B0800
:0041A2D8 7505
jne 0041A2DF
:0041A2DA E8F5AEFFFF
call 004151D4
|:0041A2D8(C)
|
:0041A2DF B201
:0041A2E1 A1FCBA4000
:0041A2E6 E80589FEFF

mov dl, 01
call 00402BF0
:0041A2EB
:0041A2EE
:0041A2F0
:0041A2F1
:0041A2F6
:0041A2F9
:0041A2FC
:0041A2FE
:0041A303
:0041A309
:0041A30B
:0041A30E
:0041A310
:0041A315
:0041A31A
:0041A31D
:0041A322
:0041A325
:0041A32A
8945FC
33C0
55
6849A34100
64FF30
648920
8BC6
E829FFFFFF
3B0548364400
7521
8D45F6
33C9
BA06000000
E81E86FEFF
8D55F6
B906000000
8B45FC
E8E244FFFF
EB13

xor eax, eax
push ebp
push 0041A349
mov eax, esi
call 0041A22C
jne 0041A32C
lea eax, dword ptr [ebp-0A]
xor ecx, ecx
mov edx, 00000006
call 00402938
lea edx, dword ptr [ebp-0A]
mov ecx, 00000006
call 0040E80C
jmp 0041A33F
|:0041A309(C)
|
:0041A32C 8BC6
:0041A32E E8F9FEFFFF
:0041A333 8BD0
:0041A335 33C9
:0041A337 8B45FC
:0041A33A E8B5BEFFFF
|:0041A32A(U)
|
:0041A33F 33C0
:0041A341 5A
:0041A342 59
:0041A343 59
:0041A344 648910
:0041A347 EB17
:0041A349 E9228DFEFF
:0041A34E 8B45FC
:0041A351 E8CA88FEFF
:0041A356 E8718FFEFF
:0041A35B E8C08FFEFF
mov eax, esi

call 0041A22C
mov edx, eax
xor ecx, ecx
call 004161F4
xor eax, eax

pop edx
pop ecx
pop ecx
jmp 0041A360
jmp 00403070
call 00402C20
call 004032CC
call 00403320

|:0041A347(U)
|
:0041A360 8B45FC
:0041A363 89430C
|:0041A2CE(C)
|
:0041A366 5F
pop edi
:0041A367 5E
pop esi
:0041A368 5B
pop ebx
:0041A369 8BE5
mov esp, ebp
:0041A36B 5D
pop ebp
:0041A36C C3
ret
:0041A36D
:0041A370
:0041A371
:0041A373
:0041A376
:0041A377
:0041A378
:0041A379
:0041A37B
:0041A37D
:0041A37F
:0041A384
:0041A389
:0041A38C
:0041A38E
:0041A38F
:0041A394
:0041A397
:0041A39A
:0041A39C
:0041A3A1
:0041A3A2
:0041A3A4
:0041A3A9
:0041A3AA
:0041A3AC
:0041A3AF
:0041A3B1
:0041A3B3
:0041A3B6
:0041A3BB
:0041A3BD
:0041A3C0
:0041A3C3
:0041A3C5
:0041A3CA
:0041A3CD
:0041A3D2
:0041A3D5
:0041A3DA
:0041A3DE
:0041A3E2
:0041A3E4
8D4000
55
8BEC
83C4F4
53
56
57
8BF2
8BD8
B201
A1FCBA4000
E86788FEFF
8945FC
33C0
55
68FFA34100
64FF30
648920
8BC6
E8B743FFFF
50
8BC6
E89343FFFF
5A
2BD0
8B45FC
8B08
FF11
8B45FC
E89D43FFFF
8BC8
8B45FC
8B5004
8BC6
E8C643FFFF
8D55F6
B906000000
8B45FC
E8B643FFFF
668B45F8
6683E802
7205
E8EBADFFFF
|:0041A3E2(C)
|
:0041A3E9 8B4DFC
:0041A3EC 33D2
:0041A3EE 8BC3
:0041A3F0 E833000000
:0041A3F5 33C0
:0041A3F7 5A
:0041A3F8 59
:0041A3F9 59
:0041A3FA 648910
:0041A3FD EB17
:0041A3FF E96C8CFEFF

push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov dl, 01
call 00402BF0
xor eax, eax
push ebp
push 0041A3FF
mov eax, esi
call 0040E758
push eax
mov eax, esi
call 0040E73C
pop edx
sub edx, eax
call 0040E758
mov ecx, eax
mov eax, esi
call 0040E790
lea edx, dword ptr [ebp-0A]
mov ecx, 00000006
call 0040E790
sub ax, 0002
jb 0041A3E9
call 004151D4
xor edx, edx
mov eax, ebx
call 0041A428
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0041A416
jmp 00403070
:0041A404
:0041A407
:0041A40C
:0041A411
8B45FC
E81488FEFF
E8BB8EFEFF
E80A8FFEFF

call 00402C20
call 004032CC
call 00403320

|:0041A3FD(U)
|
:0041A416 8BD3
mov edx, ebx
:0041A418 8BC3
mov eax, ebx
:0041A41A 8B08
:0041A41C FF5110
call [ecx+10]
:0041A41F 5F
pop edi
:0041A420 5E
pop esi
:0041A421 5B
pop ebx
:0041A422 8BE5
mov esp, ebp
:0041A424 5D
pop ebp
:0041A425 C3
ret
:0041A426 8BC0
mov eax, eax

|:0041A1BC , :0041A3F0 , :0041A4A3
|
:0041A428 55
push ebp
:0041A429 8BEC
mov ebp, esp
:0041A42B 51
push ecx
:0041A42C 53
push ebx
:0041A42D 56
push esi
:0041A42E 57
push edi
:0041A42F 8BF9
mov edi, ecx
:0041A431 8BF2
mov esi, edx
:0041A433 8BD8
mov ebx, eax
:0041A435 B201
mov dl, 01
:0041A437 A1F0314100
:0041A43C E8AF87FEFF
call 00402BF0
:0041A441 8945FC
:0041A444 33C0
xor eax, eax
:0041A446 55
push ebp
:0041A447 6868A44100
push 0041A468
:0041A44C 64FF30
:0041A44F 648920
:0041A452 8B45FC
:0041A455 897008
:0041A458 8B45FC
:0041A45B 89780C
mov dword ptr [eax+0C], edi
:0041A45E 33C0
xor eax, eax
:0041A460 5A
pop edx
:0041A461 59
pop ecx
:0041A462 59
pop ecx
:0041A463 648910
:0041A466 EB17
jmp 0041A47F
:0041A468 E9038CFEFF
jmp 00403070
:0041A46D 8B45FC
:0041A470 E8AB87FEFF
call 00402C20
:0041A475 E8528EFEFF
call 004032CC
:0041A47A E8A18EFEFF
call 00403320
|:0041A466(U)
|
:0041A47F 8B45FC
:0041A482 E839DCFFFF
:0041A487 8B4318
:0041A48A E835DCFFFF
:0041A48F 8B45FC
:0041A492 894318
:0041A495 5F
:0041A496 5E
:0041A497 5B
:0041A498 59
:0041A499 5D
:0041A49A C3

call 004180C0
call 004180C4
pop edi
pop esi
pop ebx
pop ecx
pop ebp
ret
:0041A49B 90
nop

|:0043DB1F , :0044104A
|
:0041A49C 53
push ebx
:0041A49D 8BD8
mov ebx, eax
:0041A49F 33C9
xor ecx, ecx
:0041A4A1 8BC3
mov eax, ebx
:0041A4A3 E880FFFFFF
call 0041A428
:0041A4A8 8BD3
mov edx, ebx
:0041A4AA 8BC3
mov eax, ebx
:0041A4AC 8B08
:0041A4AE FF5110
call [ecx+10]
:0041A4B1 5B
pop ebx
:0041A4B2 C3
ret
:0041A4B3
:0041A4B4
:0041A4B5
:0041A4B7
:0041A4B9
:0041A4BB
:0041A4BC
:0041A4C1
:0041A4C4
:0041A4C7
:0041A4CA
:0041A4CF
:0041A4D4
:0041A4D7
:0041A4DC
:0041A4DE
:0041A4DF
:0041A4E0
:0041A4E1
:0041A4E4
90
55
8BEC
6A00
33C0
55
68F2A44100
64FF30
648920
8D55FC
A1E02A4400
E850A9FEFF
8B45FC
E880ACFFFF
33C0
5A
59
59
648910
68F9A44100
nop
push ebp
mov ebp, esp
push 00000000
xor eax, eax
push ebp
push 0041A4F2
mov eax, dword ptr [00442AE0]
call 00404E24
call 0041515C
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041A4F9

|:0041A4F7(U)
|
:0041A4E9 8D45FC
:0041A4EC E8C792FEFF
call 004037B8
:0041A4F1 C3
ret
:0041A4F2
:0041A4F7
:0041A4F9
:0041A4FA
:0041A4FB
jmp
jmp
pop
pop
ret
E9818DFEFF
EBF0
59
5D
C3
00403278
0041A4E9
ecx
ebp
:0041A4FC C3
ret
:0041A4FD
:0041A500
:0041A501
:0041A503
:0041A505
:0041A507
:0041A508
:0041A50D
:0041A510
:0041A513
:0041A516
:0041A51B
:0041A520
:0041A523
:0041A528
:0041A52A
:0041A52B
:0041A52C
:0041A52D
:0041A530

push ebp
mov ebp, esp
push 00000000
xor eax, eax
push ebp
push 0041A53E
call 00404E24
call 0041515C
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041A545
8D4000
55
8BEC
6A00
33C0
55
683EA54100
64FF30
648920
8D55FC
A1E02A4400
E804A9FEFF
8B45FC
E834ACFFFF
33C0
5A
59
59
648910
6845A54100
|:0041A543(U)
|
:0041A535 8D45FC
:0041A538 E87B92FEFF
:0041A53D C3
:0041A53E
:0041A543
:0041A545
:0041A546
:0041A547
E9358DFEFF
EBF0
59
5D
C3
jmp
jmp
pop
pop
ret
:0041A548
:0041A549
:0041A54A
:0041A54C
:0041A54E
:0041A550
:0041A555
:0041A558
:0041A55B
:0041A55D
:0041A562
53
56
8BF2
8BD8
8BC3
E867FDFFFF
8B4318
8B580C
8BC3
E8F641FFFF
8BC8
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 0041A2BC
mov eax, ebx
call 0040E758
mov ecx, eax

call 004037B8
ret
00403278
0041A535
ecx
ebp
:0041A564
:0041A567
:0041A569
:0041A56E
:0041A56F
:0041A570
8B5304
8BC6
E89E42FFFF
5E
5B
C3

mov eax, esi
call 0040E80C
pop esi
pop ebx
ret
:0041A571
:0041A574
:0041A575
:0041A577
:0041A579
:0041A57A
:0041A57C
:0041A57D
:0041A582
:0041A585
:0041A588
:0041A58B
:0041A590
:0041A595
:0041A598
:0041A59D
:0041A59F
:0041A5A0
:0041A5A1
:0041A5A2
8D4000
55
8BEC
6A00
53
33C0
55
68B3A54100
64FF30
648920
8D55FC
A1382A4400
E88FA8FEFF
8B45FC
E8BFABFFFF
33C0
5A
59
59
648910

push ebp
mov ebp, esp
push 00000000
push ebx
xor eax, eax
push ebp
push 0041A5B3
call 00404E24
call 0041515C
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0041A5A5 68BAA54100
push 0041A5BA
|:0041A5B8(U)
|
:0041A5AA 8D45FC
:0041A5AD E80692FEFF
:0041A5B2 C3
:0041A5B3
:0041A5B8
:0041A5BA
:0041A5BB
:0041A5BC
:0041A5BD
E9C08CFEFF
EBF0
5B
59
5D
C20400
jmp
jmp
pop
pop
pop
ret
:0041A5C0
:0041A5C1
:0041A5C3
:0041A5C5
:0041A5C6
:0041A5C8
:0041A5C9
:0041A5CE
:0041A5D1
:0041A5D4
:0041A5D7
55
8BEC
6A00
53
33C0
55
68FFA54100
64FF30
648920
8D55FC
A1382A4400
push ebp
mov ebp, esp
push 00000000
push ebx
xor eax, eax
push ebp
push 0041A5FF

call 004037B8
ret
00403278
0041A5AA
ebx
ecx
ebp
0004
:0041A5DC
:0041A5E1
:0041A5E4
:0041A5E9
:0041A5EB
:0041A5EC
:0041A5ED
:0041A5EE
E843A8FEFF
8B45FC
E873ABFFFF
33C0
5A
59
59
648910
call 00404E24
call 0041515C
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0041A5F1 6806A64100
push 0041A606
|:0041A604(U)
|
:0041A5F6 8D45FC
:0041A5F9 E8BA91FEFF
:0041A5FE C3
:0041A5FF
:0041A604
:0041A606
:0041A607
:0041A608
:0041A609
jmp
jmp
pop
pop
pop
ret
E9748CFEFF
EBF0
5B
59
5D
C20400

call 004037B8
ret
00403278
0041A5F6
ebx
ecx
ebp
0004

|:0041AB19
|
:0041A60C 53
push ebx
:0041A60D 6A00
push 00000000
|
:0041A60F E834BBFEFF
Call 00406148
:0041A614 8BD8
mov ebx, eax
:0041A616 6A5A
push 0000005A
:0041A618 53
push ebx
|
:0041A619 E88AB8FEFF
Call 00405EA8
:0041A61E A338364400
:0041A623 53
push ebx
:0041A624 6A00
push 00000000
|
:0041A626 E835BDFEFF
Call 00406360
:0041A62B B878254400
mov eax, 00442578
:0041A630 BA0F000000
mov edx, 0000000F
:0041A635 E866B2FFFF
call 004158A0
:0041A63A A330364400
:0041A63F 5B
pop ebx
:0041A640 C3
ret
:0041A641 8D4000

|:0041A6AC
|
:0041A644 53
push ebx
:0041A645 56
push esi
:0041A646 83C4C8
add esp, FFFFFFC8
:0041A649 B301
mov bl, 01
:0041A64B 6A00
push 00000000
|
:0041A64D E8F6BAFEFF
Call 00406148
:0041A652 8BF0
mov esi, eax
:0041A654 85F6
test esi, esi
:0041A656 7427
je 0041A67F
:0041A658 A144364400
:0041A65D 50
push eax
:0041A65E 56
push esi
|
:0041A65F E804B9FEFF
Call 00405F68
:0041A664 85C0
test eax, eax
:0041A666 740F
je 0041A677
:0041A668 54
push esp
:0041A669 56
push esi
|
:0041A66A E889B8FEFF
Call 00405EF8
:0041A66F 85C0
test eax, eax
:0041A671 7404
je 0041A677
:0041A673 8A5C2434
mov bl, byte ptr [esp+34]
|:0041A666(C), :0041A671(C)
|
:0041A677 56
push esi
:0041A678 6A00
push 00000000
|
:0041A67A E8E1BCFEFF
Call 00406360
|:0041A656(C)
|
:0041A67F 8BC3
mov eax, ebx
:0041A681 83C438
add esp, 00000038
:0041A684 5E
pop esi
:0041A685 5B
pop ebx
:0041A686 C3
ret
:0041A687 90
nop
|:0041AB67
|
:0041A688 53
:0041A689 56
:0041A68A 57
:0041A68B 6A48
:0041A68D A138364400
:0041A692 50
:0041A693 6A08
push ebx
push esi
push edi
push 00000048
push eax
push 00000008

|
:0041A695 E8C6B6FEFF
Call 00405D60
:0041A69A F7D8
neg eax
:0041A69C A308234400
:0041A6A1 A1502D4400
:0041A6A6 80780800
cmp byte ptr [eax+08], 00
:0041A6AA 743A
je 0041A6E6
:0041A6AC E893FFFFFF
call 0041A644
:0041A6B1 8BD8
mov ebx, eax
:0041A6B3 8BC3
mov eax, ebx
:0041A6B5 2C80
sub al, 80
:0041A6B7 752D
jne 0041A6E6
:0041A6B9 BEECA64100
mov esi, 0041A6EC
:0041A6BE BF0F234400
mov edi, 0044230F
:0041A6C3 B904000000
mov ecx, 00000004
:0041A6C8 F3
repz
:0041A6C9 A5
movsd
:0041A6CA 6A48
push 00000048
:0041A6CC A138364400
:0041A6D1 50
push eax
:0041A6D2 6A09
push 00000009
|
:0041A6D4 E887B6FEFF
Call 00405D60
:0041A6D9 F7D8
neg eax
:0041A6DB A308234400
:0041A6E0 881D0E234400
mov byte ptr [0044230E], bl
|:0041A6AA(C), :0041A6B7(C)
|
:0041A6E6 5F
:0041A6E7 5E
:0041A6E8 5B
:0041A6E9 C3
:0041A6EA 0000
BYTE 2 DUP(0)
:0041A6EC
:0041A6F2
:0041A6F6
:0041A6FA
:0041A6FE
:0041A6FF
:0041A709
:0041A713
jb 20B4295E
sub byte ptr [edi-7D], 53
adc dword ptr [esi-7D], 00000062
or dword ptr [esi+48], FFFFFFA7
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
0F826C827220
826F8353
83568362
834E48A7
41
00000000000000000000
00000000000000000000
000000000000000000
pop edi
pop esi
pop ebx
ret
:0041A71C
:0041A71D
:0041A71E
:0041A71F
:0041A721
48
A7
41
0020
000000
dec eax
cmpsd
inc ecx
BYTE 3 DUP(0)
:0041A724
:0041A726
:0041A727
:0041A729
8810
40
0028
2E

inc eax
BYTE 02eh
:0041A72A
:0041A72B
:0041A72E
:0041A72F
:0041A731
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0041A732
:0041A733
:0041A736
:0041A737
:0041A739
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041A73A
:0041A73B
:0041A742
:0041A743
:0041A749
:0041A74A
:0041A74B
:0041A74C
:0041A74E
40
00B42B4000C82B
40
0090A741000F
54
50
61
7474
65
inc eax
inc eax
add byte ptr [eax+0F0041A7], dl
push esp
push eax
popad
je 0041A7C2
BYTE 065h
:0041A74F
:0041A751
:0041A752
:0041A753
:0041A754
:0041A755
:0041A756
726E
4D
61
6E
61
67
65
jb 0041A7BF
dec ebp
popad
outsb
popad
BYTE 067h
BYTE 065h
:0041A757 72
BYTE 72h

|:0041ABB2
|
:0041A758 53
push ebx
:0041A759 56
push esi
:0041A75A 84D2
test dl, dl
:0041A75C 7408
je 0041A766
:0041A75E 83C4F0
add esp, FFFFFFF0
:0041A761 E89E87FEFF
call 00402F04

|:0041A75C(C)
|
:0041A766 8BDA
mov ebx, edx
:0041A768 8BF0
mov esi, eax
:0041A76A 8D4608
:0041A76D 50
push eax
|
:0041A76E E8C5B5FEFF
Call 00405D38
:0041A773 8BC6
mov eax, esi
:0041A775 84DB
test bl, bl
:0041A777 740F
je 0041A788
:0041A779 E8DE87FEFF
call 00402F5C
:0041A77E 648F0500000000
:0041A785 83C40C
add esp, 0000000C
|:0041A777(C)
|
:0041A788 8BC6
mov eax, esi
:0041A78A 5E
pop esi
:0041A78B 5B
pop ebx
:0041A78C C3
ret
:0041A78D
:0041A790
:0041A791
:0041A792
:0041A797
:0041A799
:0041A79B
:0041A79D
:0041A7A2
:0041A7A5
8D4000
53
56
E8CD87FEFF
8BDA
8BF0
8BC6
E8E6010000
8D4608
50

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
mov eax, esi
call 0041A988
push eax

|
:0041A7A6 E8A5B4FEFF
Call 00405C50
:0041A7AB 84DB
test bl, bl
:0041A7AD 7E07
jle 0041A7B6
:0041A7AF 8BC6
mov eax, esi
:0041A7B1 E89E87FEFF
call 00402F54
|:0041A7AD(C)
|
:0041A7B6 5E
pop esi
:0041A7B7 5B
pop ebx
:0041A7B8 C3
ret
:0041A7B9 8D4000

|:0041A7E7 , :0041A99F
|
:0041A7BC 83C008
add eax, 00000008

|:0041A74F(C)
|
:0041A7BF 50
push eax
|
:0041A7C0 E893B4FEFF
Call 00405C58
:0041A7C5 C3
ret
:0041A7C6 8BC0
mov eax, eax

|:0041A86F , :0041A9CD
|
:0041A7C8 83C008
add eax, 00000008
:0041A7CB 50
push eax
|
:0041A7CC E86FB5FEFF
Call 00405D40
:0041A7D1 C3
ret
:0041A7D2 8BC0
mov eax, eax

|:0041AA26
|
:0041A7D4 55
push ebp
:0041A7D5 8BEC
mov ebp, esp
:0041A7D7 83C4F8
add esp, FFFFFFF8
:0041A7DA 53
push ebx
:0041A7DB 56
push esi
:0041A7DC 57
push edi
:0041A7DD 8BF1
mov esi, ecx
:0041A7DF 8BDA
mov ebx, edx
:0041A7E1 8945FC
:0041A7E4 8B45FC
:0041A7E7 E8D0FFFFFF
call 0041A7BC
:0041A7EC 33C0
xor eax, eax
:0041A7EE 55
push ebp
:0041A7EF 6875A84100
push 0041A875
:0041A7F4 64FF30
:0041A7F7 648920
:0041A7FA 8B45FC
:0041A7FD 8B4004
:0041A800 8945F8
:0041A803 EB08
jmp 0041A80D
|:0041A819(C), :0041A821(C)
|
:0041A805 8B45F8
:0041A808 8B00
:0041A80A 8945F8

|:0041A803(U)
|
:0041A80D 837DF800
:0041A811 7410
:0041A813 8B45F8
:0041A816 3B5808
:0041A819 75EA
:0041A81B 8B45F8
:0041A81E 3B700C
:0041A821 75E2
|:0041A811(C)
|
:0041A823 837DF800
:0041A827 7536
:0041A829 B810000000
:0041A82E E8617EFEFF
:0041A833 8945F8
:0041A836 8B7DF8
:0041A839 8B45FC
:0041A83C 8B4004
:0041A83F 8907
:0041A841 8BCE
:0041A843 8BD3
:0041A845 8B45FC
:0041A848 E83B000000
:0041A84D 894704
:0041A850 895F08
:0041A853 89770C
:0041A856 8B45FC
:0041A859 8B55F8
:0041A85C 895004
|:0041A827(C)
|
:0041A85F 33C0
:0041A861 5A
:0041A862 59
:0041A863 59
:0041A864 648910
:0041A867 687CA84100
|:0041A87A(U)
|
:0041A86C 8B45FC
:0041A86F E854FFFFFF
:0041A874 C3
:0041A875
:0041A87A
:0041A87C
:0041A87F
:0041A880
:0041A881
jmp
jmp
mov
pop
pop
pop
E9FE89FEFF
EBF0
8B45F8
5F
5E
5B

je 0041A823
cmp ebx, dword ptr [eax+08]
jne 0041A805
jne 0041A805

jne 0041A85F
mov eax, 00000010
call 00402694
mov ecx, esi
mov edx, ebx
call 0041A888
mov dword ptr [edi+08], ebx
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041A87C

call 0041A7C8
ret
00403278
0041A86C
edi
esi
ebx
:0041A882
:0041A883
:0041A884
:0041A885
59
59
5D
C3
:0041A886 8BC0
pop ecx
pop ecx
pop ebp
ret
mov eax, eax

|:0041A848
|
:0041A888 55
push ebp
:0041A889 8BEC
mov ebp, esp
:0041A88B 83C4E8
add esp, FFFFFFE8
:0041A88E 53
push ebx
:0041A88F 56
push esi
:0041A890 57
push edi
:0041A891 894DFC
:0041A894 8BDA
mov ebx, edx
:0041A896 B201
mov dl, 01
:0041A898 A10C314100
:0041A89D E88AE2FFFF
call 00418B2C
:0041A8A2 8945F8
:0041A8A5 33C0
xor eax, eax
:0041A8A7 55
push ebp
:0041A8A8 6867A94100
push 0041A967
:0041A8AD 64FF30
:0041A8B0 648920
:0041A8B3 BA08000000
mov edx, 00000008
:0041A8B8 8B45F8
:0041A8BB 8B08
:0041A8BD FF5140
call [ecx+40]
:0041A8C0 BA08000000
mov edx, 00000008
:0041A8C5 8B45F8
:0041A8C8 8B08
:0041A8CA FF5134
call [ecx+34]
:0041A8CD 8B45F8
:0041A8D0 E88FE7FFFF
call 00419064
:0041A8D5 8BF8
mov edi, eax
:0041A8D7 8B4714
:0041A8DA 33D2
xor edx, edx
:0041A8DC E8C79FFFFF
call 004148A8
:0041A8E1 8B4714
:0041A8E4 8BD3
mov edx, ebx
:0041A8E6 E8A19EFFFF
call 0041478C
:0041A8EB 8B45F8
:0041A8EE 8B10
:0041A8F0 FF5220
call [edx+20]
:0041A8F3 50
push eax
:0041A8F4 8D45E8
:0041A8F7 50
push eax
:0041A8F8 8B45F8
:0041A8FB 8B10
:0041A8FD FF522C
call [edx+2C]
:0041A900 8BC8
mov ecx, eax
:0041A902 33D2
xor edx, edx
:0041A904 33C0
xor eax, eax
:0041A906 E88D18FFFF
call 0040C198
:0041A90B 8D55E8
:0041A90E 8BC7
mov eax, edi
:0041A910 E81BA2FFFF
:0041A915 33F6
call 00414B30
xor esi, esi

|:0041A953(C)
|
:0041A917 33DB
xor ebx, ebx
|:0041A94D(C)
|
:0041A919 8BC6
:0041A91B 2501000080
:0041A920 7905
:0041A922 48
:0041A923 83C8FE
:0041A926 40
|:0041A920(C)
|
:0041A927 8BD3
:0041A929 81E201000080
:0041A92F 7905
:0041A931 4A
:0041A932 83CAFE
:0041A935 42
|:0041A92F(C)
|
:0041A936 3BC2
:0041A938 750F
:0041A93A 8B45FC
:0041A93D 50
:0041A93E 8BCE
:0041A940 8BD3
:0041A942 8BC7
:0041A944 E8CFA4FFFF
|:0041A938(C)
|
:0041A949 43
:0041A94A 83FB09
:0041A94D 75CA
:0041A94F 46
:0041A950 83FE09
:0041A953 75C2
:0041A955 8B45F8
:0041A958 E833E4FFFF
:0041A95D 33C0
:0041A95F 5A
:0041A960 59
:0041A961 59
:0041A962 648910
:0041A965 EB17
:0041A967 E90487FEFF
:0041A96C 8B45F8
:0041A96F E8AC82FEFF
mov eax, esi

and eax, 80000001
jns 0041A927
dec eax
or eax, FFFFFFFE
inc eax
mov edx, ebx

and edx, 80000001
jns 0041A936
dec edx
or edx, FFFFFFFE
inc edx
cmp eax, edx

jne 0041A949
push eax
mov ecx, esi
mov edx, ebx
mov eax, edi
call 00414E18
inc ebx
cmp ebx, 00000009
jne 0041A919
inc esi
cmp esi, 00000009
jne 0041A917
call 00418D90
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0041A97E
jmp 00403070
call 00402C20
:0041A974 E85389FEFF
:0041A979 E8A289FEFF
call 004032CC
call 00403320

|:0041A965(U)
|
:0041A97E 8B45F8
:0041A981 5F
pop edi
:0041A982 5E
pop esi
:0041A983 5B
pop ebx
:0041A984 8BE5
mov esp, ebp
:0041A986 5D
pop ebp
:0041A987 C3
ret

|:0041A79D
|
:0041A988 55
push ebp
:0041A989 8BEC
mov ebp, esp
:0041A98B 83C4F4
add esp, FFFFFFF4
:0041A98E 8945FC
:0041A991 EB5E
jmp 0041A9F1
|:0041A9F9(C)
|
:0041A993 8945F8
:0041A996 8B45F8
:0041A999 8945F4
:0041A99C 8B45FC
:0041A99F E818FEFFFF
:0041A9A4 33C0
:0041A9A6 55
:0041A9A7 68D3A94100
:0041A9AC 64FF30
:0041A9AF 648920
:0041A9B2 8B45F4
:0041A9B5 8B00
:0041A9B7 8B55FC
:0041A9BA 894204
:0041A9BD 33C0
:0041A9BF 5A
:0041A9C0 59
:0041A9C1 59
:0041A9C2 648910
:0041A9C5 68DAA94100
|:0041A9D8(U)
|
:0041A9CA 8B45FC
:0041A9CD E8F6FDFFFF
:0041A9D2 C3
:0041A9D3 E9A088FEFF
:0041A9D8 EBF0
:0041A9DA 8B45F4
jmp 00403278
jmp 0041A9CA

call 0041A7BC
xor eax, eax
push ebp
push 0041A9D3
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041A9DA

call 0041A7C8
ret
:0041A9DD
:0041A9E0
:0041A9E2
:0041A9E4
8B4004
85C0
7405
E83782FEFF

test eax, eax
je 0041A9E9
call 00402C20

|:0041A9E2(C)
|
:0041A9E9 8B45F8
:0041A9EC E8BB7CFEFF
call 004026AC
|:0041A991(U)
|
:0041A9F1 8B45FC
:0041A9F4 8B4004
:0041A9F7 85C0
test eax, eax
:0041A9F9 7598
jne 0041A993
:0041A9FB 8BE5
mov esp, ebp
:0041A9FD 5D
pop ebp
:0041A9FE C3
ret
:0041A9FF 90
nop

|:00420C2C , :0042AF73 , :004318B9
|
:0041AA00 53
push ebx
:0041AA01 56
push esi
:0041AA02 8BF2
mov esi, edx
:0041AA04 8BD8
mov ebx, eax
:0041AA06 833D8C36440000
cmp dword ptr [0044368C], 00000000
:0041AA0D 7422
je 0041AA31
:0041AA0F 8BC6
mov eax, esi
:0041AA11 E8F290FFFF
call 00413B08
:0041AA16 50
push eax
:0041AA17 8BC3
mov eax, ebx
:0041AA19 E8EA90FFFF
call 00413B08
:0041AA1E 8BD0
mov edx, eax
:0041AA20 A18C364400
:0041AA25 59
pop ecx
:0041AA26 E8A9FDFFFF
call 0041A7D4
:0041AA2B 8B4004
:0041AA2E 5E
pop esi
:0041AA2F 5B
pop ebx
:0041AA30 C3
ret

|:0041AA0D(C)
|
:0041AA31 33C0
xor eax, eax
:0041AA33 5E
pop esi
:0041AA34 5B
pop ebx
:0041AA35 C3
ret
:0041AA36 8BC0
mov eax, eax
:0041AA38
:0041AA39
:0041AA3B
:0041AA3D
:0041AA3E
:0041AA43
:0041AA46
:0041AA49
:0041AA4F
:0041AA55
:0041AA5A
:0041AA5F
:0041AA64
:0041AA69
:0041AA6E
:0041AA73
:0041AA78
:0041AA7D
:0041AA82
:0041AA87
:0041AA8C
:0041AA91
:0041AA96
:0041AA9B
:0041AAA0
:0041AAA5
:0041AAAA
:0041AAAF
55
8BEC
33C0
55
6801AB4100
64FF30
648920
FF0534364400
0F859E000000
A18C364400
E8C181FEFF
A168254400
E8B781FEFF
A164254400
E8AD81FEFF
E82CD3FFFF
A16C254400
E89E81FEFF
A188364400
E89481FEFF
A17C364400
E88A81FEFF
A180364400
E88081FEFF
A184364400
E87681FEFF
A130364400
50
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0041AB01
jne 0041AAF3
call 00402C20
call 00402C20
call 00402C20
call 00417DA4
call 00402C20
call 00402C20
call 00402C20
call 00402C20
call 00402C20
push eax

|
:0041AAB0 E89BB3FEFF
Call 00405E50
:0041AAB5 684C364400
push 0044364C
|
:0041AABA E891B1FEFF
Call 00405C50
:0041AABF 6864364400
push 00443664
|
:0041AAC4 E887B1FEFF
Call 00405C50
:0041AAC9 B884244400
mov eax, 00442484
:0041AACE B912000000
mov ecx, 00000012
:0041AAD3 8B155CC14000
mov edx, dword ptr [0040C15C]
:0041AAD9 E81E95FEFF
call 00403FFC
:0041AADE B834234400
mov eax, 00442334
:0041AAE3 B92A000000
mov ecx, 0000002A
:0041AAE8 8B155CC14000
:0041AAEE E80995FEFF
call 00403FFC
|:0041AA4F(C)
|
:0041AAF3 33C0
:0041AAF5 5A
:0041AAF6 59
:0041AAF7 59
:0041AAF8 648910
:0041AAFB 6808AB4100

xor eax, eax
pop edx
pop ecx
pop ecx
push 0041AB08
|:0041AB06(U)
|
:0041AB00 C3
:0041AB01 E97287FEFF
:0041AB06 EBF8
:0041AB08 5D
:0041AB09 C3
:0041AB0A
:0041AB0C
:0041AB13
:0041AB19
:0041AB1E
mov eax, eax

sub dword ptr [00443634], 00000001
jnb 0041AC06
call 0041A60C
push 0044364C
8BC0
832D3436440001
0F83ED000000
E8EEFAFFFF
684C364400
ret
jmp 00403278
jmp 0041AB00
pop ebp
ret

|
:0041AB23 E810B2FEFF
Call 00405D38
:0041AB28 6864364400
push 00443664
|
:0041AB2D E806B2FEFF
Call 00405D38
:0041AB32 6A07
push 00000007
|
:0041AB34 E8A7B3FEFF
Call 00405EE0
:0041AB39 A33C364400
:0041AB3E 6A05
push 00000005
|
:0041AB40 E89BB3FEFF
Call 00405EE0
:0041AB45 A340364400
:0041AB4A 6A0D
push 0000000D
|
:0041AB4C E88FB3FEFF
Call 00405EE0
:0041AB51 A344364400
:0041AB56 68007F0000
push 00007F00
:0041AB5B 6A00
push 00000000
|
:0041AB5D E886B7FEFF
Call 004062E8
:0041AB62 A348364400
:0041AB67 E81CFBFFFF
call 0041A688
:0041AB6C 66B92C00
mov cx, 002C
:0041AB70 B201
mov dl, 01
:0041AB72 A134334100
:0041AB77 E82C88FFFF
call 004133A8
:0041AB7C A37C364400
:0041AB81 66B91000
mov cx, 0010
:0041AB85 B201
mov dl, 01
:0041AB87 A134334100
:0041AB8C E81788FFFF
call 004133A8
:0041AB91
:0041AB96
:0041AB9A
:0041AB9C
:0041ABA1
:0041ABA6
:0041ABAB
:0041ABAD
:0041ABB2
:0041ABB7
:0041ABBC
:0041ABBE
:0041ABC3
:0041ABC8
:0041ABCD
:0041ABCF
:0041ABD4
:0041ABD9
:0041ABDE
:0041ABE3
:0041ABE8
:0041ABED
:0041ABF2
:0041ABF7
:0041ABFC
:0041AC01
A380364400
66B91000
B201
A134334100
E80288FFFF
A384364400
B201
A1FCA64100
E8A1FBFFFF
A38C364400
B201
A1B8B54000
E8A022FFFF
A36C254400
B201
A1B8B54000
E88F22FFFF
A388364400
B9183B4100
BA283B4100
A1BC244100
E8BA1AFFFF
B9203D4100
BA303D4100
A1E4254100
E8A61AFFFF

mov cx, 0010
mov dl, 01
call 004133A8
mov dl, 01
mov eax, dword ptr [0041A6FC]
call 0041A758
mov dl, 01
call 0040CE68
mov dl, 01
call 0040CE68
mov ecx, 00413B18
mov edx, 00413B28
call 0040C6AC
mov ecx, 00413D20
mov edx, 00413D30
call 0040C6AC

|:0041AB13(C)
|
:0041AC06 C3
ret
:0041AC07 90
nop
|:0042A622 , :0042E91B
|
* Reference To: comctl32.ImageList_Create, Ord:0000h
|
:0041AC08 FF2588464400
:0041AC0E 8BC0
mov eax, eax
|:0042A6AA , :0042E8CC
|
* Reference To: comctl32.ImageList_Destroy, Ord:0000h
|
:0041AC10 FF2584464400
:0041AC16 8BC0
mov eax, eax
|:0042EAE2 , :0042EE8F
|
* Reference To: comctl32.ImageList_GetImageCount, Ord:0000h
|
:0041AC18 FF2580464400
:0041AC1E 8BC0
mov eax, eax

|:0042EA74
|
* Reference To: comctl32.ImageList_Add, Ord:0000h
|
:0041AC20 FF257C464400
:0041AC26 8BC0
mov eax, eax
|:0041AC44
|
* Reference To: comctl32.ImageList_ReplaceIcon, Ord:0000h
|
:0041AC28 FF2578464400
:0041AC2E 8BC0
mov eax, eax
|:0042EBA5
|
* Reference To: comctl32.ImageList_SetBkColor, Ord:0000h
|
:0041AC30 FF2574464400
:0041AC36 8BC0
mov eax, eax
|:0042EBD6 , :0042F015 , :0042F0CD
|
* Reference To: comctl32.ImageList_GetBkColor, Ord:0000h
|
:0041AC38 FF2570464400
:0041AC3E 8BC0
mov eax, eax
|:0042A64D , :0042A667
|
:0041AC40 52
push edx
:0041AC41 6AFF
push FFFFFFFF
:0041AC43 50
push eax
* Reference To: comctl32.ImageList_ReplaceIcon, Ord:0000h
|
:0041AC44 E8DFFFFFFF
Call 0041AC28
:0041AC49 C3
ret
:0041AC4A 8BC0
mov eax, eax

|:0042EEC5 , :0042EEF1
|
* Reference To: comctl32.ImageList_Draw, Ord:0000h
|
:0041AC4C FF256C464400
:0041AC52 8BC0
mov eax, eax

|:0042EC47 , :0042ECAD
|
* Reference To: comctl32.ImageList_DrawEx, Ord:0000h
|
:0041AC54 FF2568464400
:0041AC5A 8BC0
mov eax, eax
|:0042EB49
|
* Reference To: comctl32.ImageList_Remove, Ord:0000h
|
:0041AC5C FF2564464400
:0041AC62 8BC0
mov eax, eax
|:0042A6ED
|
* Reference To: comctl32.ImageList_BeginDrag, Ord:0000h
|
:0041AC64 FF2560464400
:0041AC6A 8BC0
mov eax, eax
|:0042A894
|
* Reference To: comctl32.ImageList_EndDrag, Ord:0000h
|
:0041AC6C FF255C464400
:0041AC72 8BC0
mov eax, eax
|:0042A7C7
|
* Reference To: comctl32.ImageList_DragEnter, Ord:0000h
|
:0041AC74 FF2558464400
:0041AC7A 8BC0
mov eax, eax
|:0042A7F8
|
* Reference To: comctl32.ImageList_DragLeave, Ord:0000h
|
:0041AC7C FF2554464400
:0041AC82 8BC0
mov eax, eax
|:0042A832
|
* Reference To: comctl32.ImageList_DragMove, Ord:0000h
|
:0041AC84 FF2550464400
:0041AC8A 8BC0

mov eax, eax

|:0042A676 , :0042A694
|
* Reference To: comctl32.ImageList_SetDragCursorImage, Ord:0000h
|
:0041AC8C FF254C464400
:0041AC92 8BC0
mov eax, eax
|:0042A858 , :0042A870
|
* Reference To: comctl32.ImageList_DragShowNolock, Ord:0000h
|
:0041AC94 FF2548464400
:0041AC9A 8BC0
mov eax, eax
|:0042A681
|
* Reference To: comctl32.ImageList_GetDragImage, Ord:0000h
|
:0041AC9C FF2544464400
:0041ACA2 8BC0
mov eax, eax
|:0042F700
|
* Reference To: comctl32.ImageList_Read, Ord:0000h
|
:0041ACA4 FF2540464400
:0041ACAA 8BC0
mov eax, eax
|:0042E802
|
* Reference To: comctl32.ImageList_GetIconSize, Ord:0000h
|
:0041ACAC FF253C464400
:0041ACB2 8BC0
mov eax, eax
|:0042F008 , :0042F0C0
|
* Reference To: comctl32.ImageList_SetIconSize, Ord:0000h
|
:0041ACB4 FF2538464400
:0041ACBA 8BC0
mov eax, eax
|:0042E99C , :0042E9DC
|
* Reference To: comctl32.ImageList_GetImageInfo, Ord:0000h

|
:0041ACBC FF2534464400
:0041ACC2 8BC0
mov eax, eax
:0041ACC4 55
push ebp
:0041ACC5 8BEC
mov ebp, esp
:0041ACC7 33C0
xor eax, eax
:0041ACC9 55
push ebp
:0041ACCA 68E9AC4100
push 0041ACE9
:0041ACCF 64FF30
:0041ACD2 648920
:0041ACD5 FF0590364400
:0041ACDB 33C0
xor eax, eax
:0041ACDD 5A
pop edx
:0041ACDE 59
pop ecx
:0041ACDF 59
pop ecx
:0041ACE0 648910
:0041ACE3 68F0AC4100
push 0041ACF0
|:0041ACEE(U)
|
:0041ACE8 C3
:0041ACE9 E98A85FEFF
:0041ACEE EBF8
:0041ACF0 5D
:0041ACF1 C3
:0041ACF2 8BC0
:0041ACF4 832D9036440001
:0041ACFB C3
mov eax, eax

sub dword ptr [00443690], 00000001
ret
ret
jmp 00403278
jmp 0041ACE8
pop ebp
ret

|:0041AD52 , :0041AE01 , :0041AE8E , :0041AF1C , :0041AFAA
|:0041B041 , :0041B119 , :0041B1F1 , :0041B2C9
|
:0041ACFC 55
push ebp
:0041ACFD 8BEC
mov ebp, esp
:0041ACFF 51
push ecx
:0041AD00 53
push ebx
:0041AD01 56
push esi
:0041AD02 57
push edi
:0041AD03 894DFC
:0041AD06 8BFA
mov edi, edx
:0041AD08 8BD8
mov ebx, eax
:0041AD0A 8B45FC
:0041AD0D E8D68EFEFF
call 00403BE8
:0041AD12 33C0
xor eax, eax
:0041AD14 55
push ebp
:0041AD15 68BBAD4100
push 0041ADBB
:0041AD1A 64FF30
:0041AD1D 648920
:0041AD20 33F6
xor esi, esi
:0041AD22 33C0
xor eax, eax
:0041AD24 8AC3
mov al, bl
:0041AD26 80B8BC36440000
cmp byte ptr [eax+004436BC], 00
:0041AD2D
:0041AD2F
:0041AD36
:0041AD38
:0041AD3A
:0041AD3C
:0041AD43
7576
833DB836440000
744D
84DB
7531
803DC436440000
7528
jne 0041ADA5
cmp dword ptr [004436B8], 00000000
je 0041AD85
test bl, bl
jne 0041AD6D
cmp byte ptr [004436C4], 00
jne 0041AD6D
* Possible StringData Ref from Code Obj ->"GetMonitorInfoA"

|
:0041AD45 B9D4AD4100
mov ecx, 0041ADD4
:0041AD4A 8B15AC364400
mov edx, dword ptr [004436AC]
:0041AD50 B004
mov al, 04
:0041AD52 E8A5FFFFFF
call 0041ACFC
:0041AD57 A3AC364400
:0041AD5C 803DC436440000
:0041AD63 7508
jne 0041AD6D
:0041AD65 8D45FC
:0041AD68 E84B8AFEFF
call 004037B8
|:0041AD3A(C), :0041AD43(C), :0041AD63(C)
|
:0041AD6D 8B45FC
:0041AD70 E8838EFEFF
call 00403BF8
:0041AD75 50
push eax
:0041AD76 A1B8364400
:0041AD7B 50
push eax
|
:0041AD7C E847AFFEFF
Call 00405CC8
:0041AD81 8BF0
mov esi, eax
:0041AD83 EB02
jmp 0041AD87
|:0041AD36(C)
|
:0041AD85 33F6
xor esi, esi
|:0041AD83(U)
|
:0041AD87 85F6
test esi, esi
:0041AD89 7504
jne 0041AD8F
:0041AD8B 8BF7
mov esi, edi
:0041AD8D EB0B
jmp 0041AD9A
|:0041AD89(C)
|
:0041AD8F 84DB
:0041AD91 7407
:0041AD93 C605C436440001

test bl, bl
je 0041AD9A
mov byte ptr [004436C4], 01

|:0041AD8D(U), :0041AD91(C)
|
:0041AD9A 33C0
xor eax, eax
:0041AD9C 8AC3
mov al, bl
:0041AD9E C680BC36440001
mov byte ptr [eax+004436BC], 01
|:0041AD2D(C)
|
:0041ADA5 33C0
:0041ADA7 5A
:0041ADA8 59
:0041ADA9 59
:0041ADAA 648910
:0041ADAD 68C2AD4100
|:0041ADC0(U)
|
:0041ADB2 8D45FC
:0041ADB5 E8FE89FEFF
:0041ADBA C3
:0041ADBB
:0041ADC0
:0041ADC2
:0041ADC4
:0041ADC5
:0041ADC6
:0041ADC7
:0041ADC8
:0041ADC9
jmp
jmp
mov
pop
pop
pop
pop
pop
ret
E9B884FEFF
EBF0
8BC6
5F
5E
5B
59
5D
C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041ADC2

call 004037B8
ret
00403278
0041ADB2
eax, esi
edi
esi
ebx
ecx
ebp
:0041ADCA 0000
BYTE 2 DUP(0)
:0041ADCC FFFFFFFF
BYTE 4 DUP(0ffh)
:0041ADD0
:0041ADD3
:0041ADD6
:0041ADD8
:0041ADD9
:0041ADDA
:0041ADE2
:0041ADE3
0F0000
004765
744D
6F
6E
69746F72496E666F
41
00

add byte ptr [edi+65], al
je 0041AE25
outsd
outsb
imul esi, dword ptr [edi+2*ebp+72], 6F666E49
inc ecx
BYTE 0
:0041ADE4
:0041ADE5
:0041ADE7
:0041ADE8
:0041ADEB
:0041ADF2
55
8BEC
53
8B5D08
803DBC36440000
7520
push ebp
mov ebp, esp
push ebx
cmp byte ptr [004436BC], 00
jne 0041AE14
* Possible StringData Ref from Code Obj ->"GetSystemMetrics"

|
:0041ADF4 B958AE4100
mov ecx, 0041AE58
:0041ADF9 8B1594364400
:0041ADFF 33C0
xor eax, eax
:0041AE01 E8F6FEFFFF
call 0041ACFC
:0041AE06
:0041AE0B
:0041AE0C
:0041AE12
A394364400
53
FF1594364400
EB37
|:0041ADF2(C)
|
:0041AE14 83C8FF
:0041AE17 8BD3
:0041AE19 83C2B4
:0041AE1C 83EA02
:0041AE1F 7212
:0041AE21 7414
:0041AE23 4A
:0041AE24 7415
:0041AE26 4A
:0041AE27 83EA02
:0041AE2A 7314
:0041AE2C B801000000
:0041AE31 EB0D

push ebx
jmp 0041AE4B
or eax, FFFFFFFF
mov edx, ebx
add edx, FFFFFFB4
sub edx, 00000002
jb 0041AE33
je 0041AE37
dec edx
je 0041AE3B
dec edx
sub edx, 00000002
jnb 0041AE40
mov eax, 00000001
jmp 0041AE40

|:0041AE1F(C)
|
:0041AE33 33C0
xor eax, eax
:0041AE35 EB09
jmp 0041AE40
|:0041AE21(C)
|
:0041AE37 33DB
xor ebx, ebx
:0041AE39 EB05
jmp 0041AE40
|:0041AE24(C)
|
:0041AE3B BB01000000
mov ebx, 00000001
|:0041AE2A(C), :0041AE31(U), :0041AE35(U), :0041AE39(U)
|
:0041AE40 83F8FF
cmp eax, FFFFFFFF
:0041AE43 7506
jne 0041AE4B
:0041AE45 53
push ebx
|
:0041AE46 E8D5B3FEFF
Call 00406220
|:0041AE12(U), :0041AE43(C)
|
:0041AE4B 5B
:0041AE4C 5D
:0041AE4D C20400
:0041AE50 FFFFFFFF
BYTE 4 DUP(0ffh)
pop ebx
pop ebp
ret 0004
:0041AE54
:0041AE56
:0041AE58
:0041AE59
1000
0000
47
65

inc edi
BYTE 065h
:0041AE5A
:0041AE5C
:0041AE5E
:0041AE60
:0041AE61
:0041AE62
7453
7973
7465
6D
4D
65
je 0041AEAF
jns 0041AED1
je 0041AEC5
insd
dec ebp
BYTE 065h
:0041AE63 7472
:0041AE65 69637300000000
je 0041AED7
imul esp, dword ptr [ebx+73], 00000000

|:0041AF61
|
:0041AE6C 55
push ebp
:0041AE6D 8BEC
mov ebp, esp
:0041AE6F 53
push ebx
:0041AE70 56
push esi
:0041AE71 57
push edi
:0041AE72 8B7D0C
:0041AE75 8B5D08
:0041AE78 803DBE36440000
cmp byte ptr [004436BE], 00
:0041AE7F 7523
jne 0041AEA4
* Possible StringData Ref from Code Obj ->"MonitorFromRect"
|
:0041AE81 B9E8AE4100
mov ecx, 0041AEE8
:0041AE86 8B159C364400
:0041AE8C B002
mov al, 02
:0041AE8E E869FEFFFF
call 0041ACFC
:0041AE93 A39C364400
:0041AE98 57
push edi
:0041AE99 53
push ebx
:0041AE9A FF159C364400
:0041AEA0 8BF0
mov esi, eax
:0041AEA2 EB32
jmp 0041AED6
|:0041AE7F(C)
|
:0041AEA4 33F6
:0041AEA6 8BC7
:0041AEA8 A803
:0041AEAA 742A
:0041AEAC 837B0800
:0041AEB0 7E24
:0041AEB2 837B0C00
:0041AEB6 7E1E
:0041AEB8 6A00
:0041AEBA FF1594364400
:0041AEC0 3B03
:0041AEC2 7E12
:0041AEC4 6A01

xor esi, esi
mov eax, edi
test al, 03
je 0041AED6
jle 0041AED6
jle 0041AED6
push 00000000
jle 0041AED6
push 00000001
:0041AEC6 FF1594364400
:0041AECC 3B4304
:0041AECF 7E05

jle 0041AED6

|:0041AE5C(C)
|
:0041AED1 BE42003412
mov esi, 12340042
|:0041AEA2(U), :0041AEAA(C), :0041AEB0(C), :0041AEB6(C), :0041AEC2(C)
|:0041AECF(C)
|
:0041AED6 8BC6
mov eax, esi
:0041AED8 5F
pop edi
:0041AED9 5E
pop esi
:0041AEDA 5B
pop ebx
:0041AEDB 5D
pop ebp
:0041AEDC C20800
ret 0008
:0041AEDF 00
BYTE 0
:0041AEE0 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041AEE4
:0041AEE7
:0041AEEA
:0041AEEB
:0041AEF3
:0041AEF4
:0041AEF9
:0041AEFB
:0041AEFE
:0041AEFF
:0041AF00
:0041AF03
:0041AF06
:0041AF0D

add byte ptr [ebp+6F], cl
outsb
imul esi, dword ptr [edi+2*ebp+72], 6D6F7246
push edx
arpl dword ptr gs:[eax+eax+55], esi
mov ebp, esp
add esp, FFFFFFD4
push ebx
push esi
cmp byte ptr [004436BD], 00
jne 0041AF30
0F0000
004D6F
6E
69746F7246726F6D
52
6563740055
8BEC
83C4D4
53
56
8B5D0C
8B7508
803DBD36440000
7521
* Possible StringData Ref from Code Obj ->"MonitorFromWindow"

|
:0041AF0F B978AF4100
mov ecx, 0041AF78
:0041AF14 8B1598364400
:0041AF1A B001
mov al, 01
:0041AF1C E8DBFDFFFF
call 0041ACFC
:0041AF21 A398364400
:0041AF26 53
push ebx
:0041AF27 56
push esi
:0041AF28 FF1598364400
:0041AF2E EB36
jmp 0041AF66
|:0041AF0D(C)
|
:0041AF30 F6C303
:0041AF33 7407
:0041AF35 B842003412

test bl, 03
je 0041AF3C
mov eax, 12340042
:0041AF3A EB2A
jmp 0041AF66

|:0041AF33(C)
|
:0041AF3C 56
push esi
|
:0041AF3D E866B3FEFF
Call 004062A8
:0041AF42 85C0
test eax, eax
:0041AF44 740C
je 0041AF52
:0041AF46 8D45D4
:0041AF49 50
push eax
:0041AF4A 56
push esi
|
:0041AF4B E8F8B2FEFF
Call 00406248
:0041AF50 EB0A
jmp 0041AF5C
|:0041AF44(C)
|
:0041AF52 8D45F0
:0041AF55 50
push eax
:0041AF56 56
push esi
|
:0041AF57 E8F4B2FEFF
Call 00406250
|:0041AF50(U)
|
:0041AF5C 53
:0041AF5D 8D45F0
:0041AF60 50
:0041AF61 E806FFFFFF
|:0041AF2E(U), :0041AF3A(U)
|
:0041AF66 5E
:0041AF67 5B
:0041AF68 8BE5
:0041AF6A 5D
:0041AF6B C20800
:0041AF6E 0000
BYTE 2 DUP(0)
:0041AF70 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041AF74
:0041AF76
:0041AF78
:0041AF79
adc dword ptr [eax], eax

dec ebp
outsd
1100
0000
4D
6F
push ebx
push eax
call 0041AE6C
pop
pop
mov
pop
ret
esi
ebx
esp, ebp
ebp
0008
:0041AF7A
:0041AF7B
:0041AF83
:0041AF84
:0041AF8B
6E
69746F7246726F6D
57
696E646F770000
00
outsb
push edi
BYTE 0
:0041AF8C
:0041AF8D
:0041AF8F
:0041AF90
:0041AF91
:0041AF94
:0041AF9B
55
8BEC
53
56
8B7510
803DBF36440000
7528
push ebp
mov ebp, esp
push ebx
push esi
cmp byte ptr [004436BF], 00
jne 0041AFC5
* Possible StringData Ref from Code Obj ->"MonitorFromPoint"

|
:0041AF9D B908B04100
mov ecx, 0041B008
:0041AFA2 8B15A0364400
:0041AFA8 B003
mov al, 03
:0041AFAA E84DFDFFFF
call 0041ACFC
:0041AFAF A3A0364400
:0041AFB4 56
push esi
:0041AFB5 FF750C
push [ebp+0C]
:0041AFB8 FF7508
push [ebp+08]
:0041AFBB FF15A0364400
call dword ptr [004436A0]
:0041AFC1 8BD8
mov ebx, eax
:0041AFC3 EB33
jmp 0041AFF8
|:0041AF9B(C)
|
:0041AFC5 33DB
:0041AFC7 8BC6
:0041AFC9 A803
:0041AFCB 742B
:0041AFCD 837D0800
:0041AFD1 7C25
:0041AFD3 6A00
:0041AFD5 FF1594364400
:0041AFDB 3B4508
:0041AFDE 7E18
:0041AFE0 837D0C00
:0041AFE4 7C12
:0041AFE6 6A01
:0041AFE8 FF1594364400
:0041AFEE 3B450C
:0041AFF1 7E05
:0041AFF3 BB42003412

xor ebx, ebx
mov eax, esi
test al, 03
je 0041AFF8
jl 0041AFF8
push 00000000
jle 0041AFF8
cmp dword ptr [ebp+0C], 00000000
jl 0041AFF8
push 00000001
jle 0041AFF8
mov ebx, 12340042

|:0041AFC3(U), :0041AFCB(C), :0041AFD1(C), :0041AFDE(C), :0041AFE4(C)
|:0041AFF1(C)
|
:0041AFF8 8BC3
mov eax, ebx
:0041AFFA 5E
pop esi
:0041AFFB 5B
pop ebx
:0041AFFC 5D
pop ebp
:0041AFFD C20C00
ret 000C
:0041B000 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041B004
:0041B006
:0041B008
:0041B009
:0041B00A
:0041B00B
:0041B013
:0041B014
:0041B015
:0041B01C
:0041B01D
:0041B01F
:0041B022
:0041B023
:0041B024
:0041B025
:0041B028
:0041B02B
:0041B032

dec ebp
outsd
outsb
push eax
outsd
push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi
jne 0041B057
1000
0000
4D
6F
6E
69746F7246726F6D
50
6F
696E7400000000
55
8BEC
83C4F0
53
56
57
8B750C
8B7D08
803DC136440000
7523
* Possible StringData Ref from Code Obj ->"GetMonitorInfoA"

|
:0041B034 B9DCB04100
mov ecx, 0041B0DC
:0041B039 8B15A4364400
:0041B03F B005
mov al, 05
:0041B041 E8B6FCFFFF
call 0041ACFC
:0041B046 A3A4364400
:0041B04B 56
push esi
:0041B04C 57
push edi
:0041B04D FF15A4364400
:0041B053 8BD8
mov ebx, eax
:0041B055 EB71
jmp 0041B0C8
|:0041B032(C)
|
:0041B057 33DB
:0041B059 81FF42003412
:0041B05F 7567
:0041B061 85F6
:0041B063 7463
:0041B065 833E28
:0041B068 725E
:0041B06A 6A00
:0041B06C 8D45F0
:0041B06F 50
:0041B070 6A00
:0041B072 6A30

xor ebx, ebx
cmp edi, 12340042
jne 0041B0C8
test esi, esi
je 0041B0C8
jb 0041B0C8
push 00000000
push eax
push 00000000
push 00000030

|
:0041B074 E8CFB3FEFF
Call 00406448
:0041B079 85C0
test eax, eax
:0041B07B 744B
je 0041B0C8
:0041B07D 33C0
xor eax, eax
:0041B07F 894604
:0041B082
:0041B084
:0041B087
:0041B089
:0041B08F
:0041B092
:0041B094
:0041B09A
:0041B09D
:0041B09E
:0041B0A1
:0041B0A4
:0041B0A9
:0041B0AA
:0041B0AB
:0041B0AC
:0041B0B3
:0041B0B6
33C0
894608
6A00
FF1594364400
89460C
6A01
FF1594364400
894610
56
8D7E14
8D75F0
B904000000
F3
A5
5E
C7462401000000
833E4C
720E
xor eax, eax

push 00000000
push 00000001
push esi
lea edi, dword ptr [esi+14]
mov ecx, 00000004
repz
movsd
pop esi
mov [esi+24], 00000001
cmp dword ptr [esi], 0000004C
jb 0041B0C6
* Possible StringData Ref from Code Obj ->"DISPLAY"

|
:0041B0B8 68ECB04100
push 0041B0EC
:0041B0BD 8D4628
:0041B0C0 50
push eax
|
:0041B0C1 E802ADFEFF
Call 00405DC8
|:0041B0B6(C)
|
:0041B0C6 B301
mov bl, 01
|:0041B055(U), :0041B05F(C), :0041B063(C), :0041B068(C), :0041B07B(C)
|
:0041B0C8 8BC3
mov eax, ebx
:0041B0CA 5F
pop edi
:0041B0CB 5E
pop esi
:0041B0CC 5B
pop ebx
:0041B0CD 8BE5
mov esp, ebp
:0041B0CF 5D
pop ebp
:0041B0D0 C20800
ret 0008
:0041B0D3 00
BYTE 0
:0041B0D4 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041B0D8
:0041B0DB
:0041B0DE
:0041B0E0
:0041B0E1
:0041B0E2
:0041B0EA
:0041B0EB

je 0041B12D
outsd
outsb
inc ecx
add byte ptr [ecx+2*ecx+53], al
0F0000
004765
744D
6F
6E
69746F72496E666F
41
00444953
:0041B0EF
:0041B0F0
:0041B0F1
:0041B0F2
:0041B0F3
50
4C
41
59
00
push eax
dec esp
inc ecx
pop ecx
BYTE 0
:0041B0F4
:0041B0F5
:0041B0F7
:0041B0FA
:0041B0FB
:0041B0FC
:0041B0FD
:0041B100
:0041B103
:0041B10A
55
8BEC
83C4F0
53
56
57
8B750C
8B7D08
803DC236440000
7523
push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi
jne 0041B12F
* Possible StringData Ref from Code Obj ->"GetMonitorInfoW"

|
:0041B10C B9B4B14100
mov ecx, 0041B1B4
:0041B111 8B15A8364400
:0041B117 B006
mov al, 06
:0041B119 E8DEFBFFFF
call 0041ACFC
:0041B11E A3A8364400
:0041B123 56
push esi
:0041B124 57
push edi
:0041B125 FF15A8364400
:0041B12B 8BD8
mov ebx, eax
|:0041B0DE(C)
|
:0041B12D EB71
jmp 0041B1A0
|:0041B10A(C)
|
:0041B12F 33DB
:0041B131 81FF42003412
:0041B137 7567
:0041B139 85F6
:0041B13B 7463
:0041B13D 833E28
:0041B140 725E
:0041B142 6A00
:0041B144 8D45F0
:0041B147 50
:0041B148 6A00
:0041B14A 6A30

xor ebx, ebx
cmp edi, 12340042
jne 0041B1A0
test esi, esi
je 0041B1A0
jb 0041B1A0
push 00000000
push eax
push 00000000
push 00000030

|
:0041B14C E8F7B2FEFF
Call 00406448
:0041B151 85C0
test eax, eax
:0041B153 744B
je 0041B1A0
:0041B155 33C0
xor eax, eax
:0041B157 894604
:0041B15A 33C0
xor eax, eax
:0041B15C 894608
:0041B15F
:0041B161
:0041B167
:0041B16A
:0041B16C
:0041B172
:0041B175
:0041B176
:0041B179
:0041B17C
:0041B181
:0041B182
:0041B183
:0041B184
:0041B18B
:0041B18E
6A00
FF1594364400
89460C
6A01
FF1594364400
894610
56
8D7E14
8D75F0
B904000000
F3
A5
5E
C7462401000000
833E4C
720E
push 00000000
push 00000001
push esi
mov ecx, 00000004
repz
movsd
pop esi
mov [esi+24], 00000001
jb 0041B19E

|
:0041B190 68C4B14100
push 0041B1C4
:0041B195 8D4628
:0041B198 50
push eax
|
:0041B199 E82AACFEFF
Call 00405DC8
|:0041B18E(C)
|
:0041B19E B301
mov bl, 01
|:0041B12D(U), :0041B137(C), :0041B13B(C), :0041B140(C), :0041B153(C)
|
:0041B1A0 8BC3
mov eax, ebx
:0041B1A2 5F
pop edi
:0041B1A3 5E
pop esi
:0041B1A4 5B
pop ebx
:0041B1A5 8BE5
mov esp, ebp
:0041B1A7 5D
pop ebp
:0041B1A8 C20800
ret 0008
:0041B1AB 00
BYTE 0
:0041B1AC FFFFFFFF
BYTE 4 DUP(0ffh)
:0041B1B0
:0041B1B3
:0041B1B6
:0041B1B8
:0041B1B9
:0041B1BA
:0041B1C2
:0041B1C3
:0041B1C7
:0041B1C8

je 0041B205
outsd
outsb
push edi
add byte ptr [ecx+2*ecx+53], al
push eax
dec esp
0F0000
004765
744D
6F
6E
69746F72496E666F
57
00444953
50
4C
:0041B1C9 41
:0041B1CA 59
:0041B1CB 00
inc ecx
pop ecx
BYTE 0
:0041B1CC
:0041B1CD
:0041B1CF
:0041B1D2
:0041B1D3
:0041B1D4
:0041B1D5
:0041B1D8
:0041B1DB
:0041B1E2
push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi
jne 0041B207
55
8BEC
83C4F0
53
56
57
8B750C
8B7D08
803DC036440000
7523
* Possible StringData Ref from Code Obj ->"GetMonitorInfo"

|
:0041B1E4 B98CB24100
mov ecx, 0041B28C
:0041B1E9 8B15AC364400
mov edx, dword ptr [004436AC]
:0041B1EF B004
mov al, 04
:0041B1F1 E806FBFFFF
call 0041ACFC
:0041B1F6 A3AC364400
:0041B1FB 56
push esi
:0041B1FC 57
push edi
:0041B1FD FF15AC364400
call dword ptr [004436AC]
:0041B203 8BD8
mov ebx, eax
|:0041B1B6(C)
|
:0041B205 EB71
jmp 0041B278
|:0041B1E2(C)
|
:0041B207 33DB
:0041B209 81FF42003412
:0041B20F 7567
:0041B211 85F6
:0041B213 7463
:0041B215 833E28
:0041B218 725E
:0041B21A 6A00
:0041B21C 8D45F0
:0041B21F 50
:0041B220 6A00
:0041B222 6A30

xor ebx, ebx
cmp edi, 12340042
jne 0041B278
test esi, esi
je 0041B278
jb 0041B278
push 00000000
push eax
push 00000000
push 00000030

|
:0041B224 E81FB2FEFF
Call 00406448
:0041B229 85C0
test eax, eax
:0041B22B 744B
je 0041B278
:0041B22D 33C0
xor eax, eax
:0041B22F 894604
:0041B232 33C0
xor eax, eax
:0041B234 894608
:0041B237 6A00
push 00000000
:0041B239 FF1594364400
:0041B23F
:0041B242
:0041B244
:0041B24A
:0041B24D
:0041B24E
:0041B251
:0041B254
:0041B259
:0041B25A
:0041B25B
:0041B25C
:0041B263
:0041B266
89460C
6A01
FF1594364400
894610
56
8D7E14
8D75F0
B904000000
F3
A5
5E
C7462401000000
833E4C
720E

push 00000001
push esi
mov ecx, 00000004
repz
movsd
pop esi
mov [esi+24], 00000001
jb 0041B276

|
:0041B268 689CB24100
push 0041B29C
:0041B26D 8D4628
:0041B270 50
push eax
|
:0041B271 E852ABFEFF
Call 00405DC8
|:0041B266(C)
|
:0041B276 B301
mov bl, 01
|:0041B205(U), :0041B20F(C), :0041B213(C), :0041B218(C), :0041B22B(C)
|
:0041B278 8BC3
mov eax, ebx
:0041B27A 5F
pop edi
:0041B27B 5E
pop esi
:0041B27C 5B
pop ebx
:0041B27D 8BE5
mov esp, ebp
:0041B27F 5D
pop ebp
:0041B280 C20800
ret 0008
:0041B283 00
BYTE 0
:0041B284 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041B288 0E
:0041B289 000000
push cs
BYTE 3 DUP(0)
:0041B28C 47
:0041B28D 65
inc edi
BYTE 065h
:0041B28E
:0041B290
:0041B291
:0041B292
je 0041B2DD
outsd
outsb
744D
6F
6E
69746F72496E666F
:0041B29A
:0041B29C
:0041B29D
:0041B29E
:0041B29F
:0041B2A0
:0041B2A1
:0041B2A2
:0041B2A3
0000
44
49
53
50
4C
41
59
00

inc esp
dec ecx
push ebx
push eax
dec esp
inc ecx
pop ecx
BYTE 0
:0041B2A4
:0041B2A5
:0041B2A7
:0041B2AA
:0041B2AB
:0041B2AC
:0041B2AD
:0041B2B0
:0041B2B3
:0041B2BA
55
8BEC
83C4D4
53
56
57
8B7D0C
8B7508
803DC336440000
752E
push ebp
mov ebp, esp
add esp, FFFFFFD4
push ebx
push esi
push edi
jne 0041B2EA
* Possible StringData Ref from Code Obj ->"EnumDisplayMonitors"

|
:0041B2BC B9C0B34100
mov ecx, 0041B3C0
:0041B2C1 8B15B0364400
:0041B2C7 B007
mov al, 07
:0041B2C9 E82EFAFFFF
call 0041ACFC
:0041B2CE A3B0364400
:0041B2D3 8B4514
:0041B2D6 50
push eax
:0041B2D7 8B4510
:0041B2DA 50
push eax
:0041B2DB 57
push edi
:0041B2DC 56
push esi
|:0041B28E(C)
|
:0041B2DD FF15B0364400
:0041B2E3 8BD8
:0041B2E5 E9C2000000
|:0041B2BA(C)
|
:0041B2EA 33DB
:0041B2EC 837D1000
:0041B2F0 0F84B6000000
:0041B2F6 33C0
:0041B2F8 8945E4
:0041B2FB 33C0
:0041B2FD 8945E8
:0041B300 6A00
:0041B302 FF1594364400
:0041B308 8945EC
:0041B30B 6A01
:0041B30D FF1594364400
:0041B313 8945F0
:0041B316 85F6
call dword ptr [004436B0]

mov ebx, eax
jmp 0041B3AC
xor ebx, ebx

je 0041B3AC
xor eax, eax
xor eax, eax
push 00000000
push 00000001
test esi, esi
:0041B318
:0041B31A
:0041B31D
:0041B31E
7465
8D45D4
50
56
je 0041B37F
push eax
push esi
* Reference To: gdi32.GetClipBox, Ord:0000h

|
:0041B31F E85CABFEFF
Call 00405E80
:0041B324 8945F4
:0041B327 8D45F8
:0041B32A 50
push eax
:0041B32B 56
push esi
* Reference To: gdi32.GetDCOrgEx, Ord:0000h
|
:0041B32C E85FABFEFF
Call 00405E90
:0041B331 85C0
test eax, eax
:0041B333 7477
je 0041B3AC
:0041B335 8B45FC
:0041B338 F7D8
neg eax
:0041B33A 50
push eax
:0041B33B 8B45F8
:0041B33E F7D8
neg eax
:0041B340 50
push eax
:0041B341 8D45E4
:0041B344 50
push eax
|
:0041B345 E8CEAFFEFF
Call 00406318
:0041B34A 8D45D4
:0041B34D 50
push eax
:0041B34E 8D45E4
:0041B351 50
push eax
:0041B352 8D45E4
:0041B355 50
push eax
|
:0041B356 E82DAFFEFF
Call 00406288
:0041B35B 85C0
test eax, eax
:0041B35D 7404
je 0041B363
:0041B35F 85FF
test edi, edi
:0041B361 7436
je 0041B399
|:0041B35D(C)
|
:0041B363 57
push edi
:0041B364 8D45E4
:0041B367 50
push eax
:0041B368 8D45E4
:0041B36B 50
push eax
|
:0041B36C E817AFFEFF
Call 00406288
:0041B371 85C0
test eax, eax
:0041B373 7524
jne 0041B399
:0041B375 837DF401
:0041B379 7531
:0041B37B B301
:0041B37D EB2D
jne 0041B3AC
mov bl, 01
jmp 0041B3AC

|:0041B318(C)
|
:0041B37F 85FF
test edi, edi
:0041B381 7416
je 0041B399
:0041B383 57
push edi
:0041B384 8D45E4
:0041B387 50
push eax
:0041B388 8D45E4
:0041B38B 50
push eax
|
:0041B38C E8F7AEFEFF
Call 00406288
:0041B391 85C0
test eax, eax
:0041B393 7504
jne 0041B399
:0041B395 B301
mov bl, 01
:0041B397 EB13
jmp 0041B3AC
|:0041B361(C), :0041B373(C), :0041B381(C), :0041B393(C)
|
:0041B399 8B4514
:0041B39C 50
push eax
:0041B39D 8D45E4
:0041B3A0 50
push eax
:0041B3A1 56
push esi
:0041B3A2 6842003412
push 12340042
:0041B3A7 FF5510
call [ebp+10]
:0041B3AA 8BD8
mov ebx, eax
|:0041B2E5(U), :0041B2F0(C), :0041B333(C), :0041B379(C), :0041B37D(U)
|:0041B397(U)
|
:0041B3AC 8BC3
mov eax, ebx
:0041B3AE 5F
pop edi
:0041B3AF 5E
pop esi
:0041B3B0 5B
pop ebx
:0041B3B1 8BE5
mov esp, ebp
:0041B3B3 5D
pop ebp
:0041B3B4 C21000
ret 0010
:0041B3B7 00
BYTE 0
:0041B3B8 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041B3BC
:0041B3BE
:0041B3C0
:0041B3C1
:0041B3C2
:0041B3C4

inc ebp
outsb
jne 0041B431
inc esp
1300
0000
45
6E
756D
44
:0041B3C5
:0041B3CC
:0041B3CD
:0041B3CE
:0041B3CF
:0041B3D0
:0041B3D1
:0041B3D2
:0041B3D3
6973706C61794D
6F
6E
69
74
6F
72
73
00
imul esi, dword ptr [ebx+70], 4D79616C

outsd
outsb
BYTE 69h
BYTE 74h
BYTE 6fh
BYTE 72h
BYTE 73h
BYTE 00h

|:0041B479
|
* Possible StringData Ref from Code Obj ->"USER32.DLL"
|
:0041B3D4 6834B44100
push 0041B434
|
:0041B3D9 E8E2A8FEFF
Call 00405CC0
:0041B3DE A3B8364400
mov dword ptr [004436B8],
:0041B3E3 C70594364400E4AD4100
mov dword ptr [00443694],
:0041B3ED C70598364400F8AE4100
mov dword ptr [00443698],
:0041B3F7 C7059C3644006CAE4100
mov dword ptr [0044369C],
:0041B401 C705A03644008CAF4100
mov dword ptr [004436A0],
:0041B40B C705A43644001CB04100
:0041B415 C705A8364400F4B04100
:0041B41F C705AC364400CCB14100
mov dword ptr [004436AC],
:0041B429 C705B0364400A4B24100
mov dword ptr [004436B0],
:0041B433 C3
ret
eax
0041ADE4
0041AEF8
0041AE6C
0041AF8C
0041B01C
0041B0F4
0041B1CC
0041B2A4
:0041B434
:0041B435
:0041B436
:0041B437
:0041B438
:0041B43A
55
53
45
52
3332
2E
push ebp
push ebx
inc ebp
push edx
BYTE 02eh
:0041B43B
:0041B43C
:0041B43D
:0041B43E
:0041B440
:0041B441
:0041B443
:0041B445
:0041B446
:0041B44B
:0041B44E
:0041B451
:0041B457
:0041B459
:0041B45A
:0041B45B
:0041B45C
:0041B45F
44
4C
4C
0000
55
8BEC
33C0
55
6865B44100
64FF30
648920
FF05B4364400
33C0
5A
59
59
648910
686CB44100
inc esp
dec esp
dec esp
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0041B465
inc dword ptr [004436B4]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041B46C
|:0041B46A(U)
|
:0041B464 C3
:0041B465 E90E7EFEFF
:0041B46A EBF8
:0041B46C 5D
:0041B46D C3
:0041B46E
:0041B470
:0041B477
:0041B479
8BC0
832DB436440001
7305
E856FFFFFF
mov eax, eax

sub dword ptr [004436B4], 00000001
jnb 0041B47E
call 0041B3D4
|:0041B477(C)
|
:0041B47E C3
:0041B47F 90
:0041B480 55
:0041B481 8BEC
:0041B483 33C0
:0041B485 55
:0041B486 68A5B44100
:0041B48B 64FF30
:0041B48E 648920
:0041B491 FF05C8364400
:0041B497 33C0
:0041B499 5A
:0041B49A 59
:0041B49B 59
:0041B49C 648910
:0041B49F 68ACB44100
|:0041B4AA(U)
|
:0041B4A4 C3
:0041B4A5 E9CE7DFEFF
:0041B4AA EBF8
:0041B4AC 5D
:0041B4AD C3
:0041B4AE 8BC0
:0041B4B0 832DC836440001
:0041B4B7 C3
mov eax, eax

sub dword ptr [004436C8], 00000001
ret
ret
jmp 00403278
jmp 0041B464
pop ebp
ret
ret
nop
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0041B4A5
inc dword ptr [004436C8]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041B4AC
ret
jmp 00403278
jmp 0041B4A4
pop ebp
ret

|:00436E36 , :00436E7C , :00437E8E , :00437EAB
|
:0041B4B8 3BD0
cmp edx, eax
:0041B4BA 7C02
jl 0041B4BE
:0041B4BC 8BC2
mov eax, edx
|:0041B4BA(C)
|
:0041B4BE C3
:0041B4BF 90
:0041B4C0 55
:0041B4C1 8BEC
:0041B4C3 33C0
:0041B4C5 55
:0041B4C6 68E5B44100
:0041B4CB 64FF30
:0041B4CE 648920
:0041B4D1 FF05CC364400
:0041B4D7 33C0
:0041B4D9 5A
:0041B4DA 59
:0041B4DB 59
:0041B4DC 648910
:0041B4DF 68ECB44100
ret
nop
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0041B4E5
inc dword ptr [004436CC]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041B4EC
|:0041B4EA(U)
|
:0041B4E4 C3
:0041B4E5 E98E7DFEFF
:0041B4EA EBF8
:0041B4EC 5D
:0041B4ED C3
:0041B4EE 8BC0
:0041B4F0 832DCC36440001
:0041B4F7 C3
mov eax, eax

sub dword ptr [004436CC], 00000001
ret
:0041B4F8
:0041B4F9
:0041B4FB
:0041B4FD
:0041B4FE
:0041B503
:0041B506
:0041B509
:0041B50F
:0041B511
:0041B512
:0041B513
:0041B514
:0041B517
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0041B51D
inc dword ptr [004436D0]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041B524
55
8BEC
33C0
55
681DB54100
64FF30
648920
FF05D0364400
33C0
5A
59
59
648910
6824B54100
ret
jmp 00403278
jmp 0041B4E4
pop ebp
ret
|:0041B522(U)
|
:0041B51C C3
:0041B51D E9567DFEFF
:0041B522 EBF8
:0041B524 5D
:0041B525 C3
:0041B526 8BC0
mov eax, eax
ret
jmp 00403278
jmp 0041B51C
pop ebp
ret
:0041B528 832DD036440001
:0041B52F C3
sub dword ptr [004436D0], 00000001

ret
:0041B530
:0041B531
:0041B533
:0041B535
:0041B536
:0041B53B
:0041B53E
:0041B541
:0041B547
:0041B549
:0041B54E
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0041B561
inc dword ptr [004436D4]
jne 0041B553
call 00402C20
55
8BEC
33C0
55
6861B54100
64FF30
648920
FF05D4364400
750A
A1B8254400
E8CD76FEFF
|:0041B547(C)
|
:0041B553 33C0
:0041B555 5A
:0041B556 59
:0041B557 59
:0041B558 648910
:0041B55B 6868B54100
|:0041B566(U)
|
:0041B560 C3
:0041B561 E9127DFEFF
:0041B566 EBF8
:0041B568 5D
:0041B569 C3
:0041B56A 8BC0
:0041B56C 832DD436440001
:0041B573 C3
mov eax, eax

sub dword ptr [004436D4], 00000001
ret
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041B568
ret
jmp 00403278
jmp 0041B560
pop ebp
ret

|:004375F4 , :00437625 , :00437656 , :00437687 , :004376B5
|
:0041B574 55
push ebp
:0041B575 8BEC
mov ebp, esp
:0041B577 833D0037440000
cmp dword ptr [00443700], 00000000
:0041B57E 741A
je 0041B59A
:0041B580 8B4514
:0041B583 50
push eax
:0041B584 8B4510
:0041B587 50
push eax
:0041B588 8B450C
:0041B58B 50
push eax
:0041B58C 8B4508
:0041B58F 50
push eax
:0041B590 FF1500374400
:0041B596 85C0
test eax, eax
:0041B598 7504
jne 0041B59E

|:0041B57E(C)
|
:0041B59A 33C0
xor eax, eax
:0041B59C EB02
jmp 0041B5A0
|:0041B598(C)
|
:0041B59E B001
mov al, 01
|:0041B59C(U)
|
:0041B5A0 F6D8
neg al
:0041B5A2 1BC0
sbb eax, eax
:0041B5A4 5D
pop ebp
:0041B5A5 C21000
ret 0010

|:00436DF2 , :004378A9
|
:0041B5A8 55
push ebp
:0041B5A9 8BEC
mov ebp, esp
:0041B5AB 833D0437440000
cmp dword ptr [00443704], 00000000
:0041B5B2 740E
je 0041B5C2
:0041B5B4 8B4508
:0041B5B7 50
push eax
:0041B5B8 FF1504374400
:0041B5BE 85C0
test eax, eax
:0041B5C0 7504
jne 0041B5C6
|:0041B5B2(C)
|
:0041B5C2 33C0
xor eax, eax
:0041B5C4 EB02
jmp 0041B5C8
|:0041B5C0(C)
|
:0041B5C6 B001
mov al, 01
|:0041B5C4(U)
|
:0041B5C8 F6D8
neg al
:0041B5CA 1BC0
sbb eax, eax
:0041B5CC 5D
pop ebp
:0041B5CD C20400
ret 0004

|:00436DCD
|
:0041B5D0 55
push ebp
:0041B5D1
:0041B5D3
:0041B5DA
:0041B5DC
:0041B5DF
:0041B5E0
8BEC
833D0837440000
740A
8B4508
50
FF1508374400
mov ebp, esp

cmp dword ptr [00443708], 00000000
je 0041B5E6
push eax

|:0041B5DA(C)
|
:0041B5E6 5D
pop ebp
:0041B5E7 C20400
ret 0004
:0041B5EA 8BC0
mov eax, eax

|:0041B8A9
|
:0041B5EC 53
push ebx
:0041B5ED 56
push esi
* Possible StringData Ref from Code Obj ->"comctl32.dll"
|
:0041B5EE 6850B74100
push 0041B750
|
:0041B5F3 E8C8A6FEFF
Call 00405CC0
:0041B5F8 8BD8
mov ebx, eax
:0041B5FA 85DB
test ebx, ebx
:0041B5FC 0F8448010000
je 0041B74A
* Possible StringData Ref from Code Obj ->"InitializeFlatSB"
|
:0041B602 6860B74100
push 0041B760
:0041B607 53
push ebx
|
:0041B608 E8BBA6FEFF
Call 00405CC8
:0041B60D A304374400
* Possible StringData Ref from Code Obj ->"UninitializeFlatSB"
|
:0041B612 6874B74100
push 0041B774
:0041B617 53
push ebx
|
:0041B618 E8ABA6FEFF
Call 00405CC8
:0041B61D A308374400
* Possible StringData Ref from Code Obj ->"FlatSB_GetScrollProp"
|
:0041B622 6888B74100
push 0041B788
:0041B627 53
push ebx
|
:0041B628 E89BA6FEFF
:0041B62D A3FC364400
Call 00405CC8
* Possible StringData Ref from Code Obj ->"FlatSB_SetScrollProp"

|
:0041B632 68A0B74100
push 0041B7A0
:0041B637 53
push ebx
|
Call 00405CC8
:0041B63D A300374400
* Possible StringData Ref from Code Obj ->"FlatSB_EnableScrollBar"
|
:0041B642 68B8B74100
push 0041B7B8
:0041B647 53
push ebx
|
Call 00405CC8
:0041B64D 8BF0
mov esi, eax
:0041B64F 8935D8364400
mov dword ptr [004436D8], esi
:0041B655 85F6
test esi, esi
:0041B657 750A
jne 0041B663
:0041B659 B8C8604000
mov eax, 004060C8
:0041B65E A3D8364400
|:0041B657(C)
|
* Possible StringData Ref from Code Obj ->"FlatSB_ShowScrollBar"
|
:0041B663 68D0B74100
push 0041B7D0
:0041B668 53
push ebx
|
:0041B669 E85AA6FEFF
Call 00405CC8
:0041B66E 8BF0
mov esi, eax
:0041B670 8935DC364400
mov dword ptr [004436DC], esi
:0041B676 85F6
test esi, esi
:0041B678 750A
jne 0041B684
:0041B67A B838644000
mov eax, 00406438
:0041B67F A3DC364400
mov dword ptr [004436DC], eax
|:0041B678(C)
|
* Possible StringData Ref from Code Obj ->"FlatSB_GetScrollRange"
|
:0041B684 68E8B74100
push 0041B7E8
:0041B689 53
push ebx
|
:0041B68A E839A6FEFF
Call 00405CC8
:0041B68F 8BF0
mov esi, eax
:0041B691
:0041B697
:0041B699
:0041B69B
:0041B6A0
8935E0364400
85F6
750A
B800624000
A3E0364400
mov dword ptr [004436E0], esi

test esi, esi
jne 0041B6A5
mov eax, 00406200
mov dword ptr [004436E0], eax

|:0041B699(C)
|
* Possible StringData Ref from Code Obj ->"FlatSB_GetScrollInfo"
|
:0041B6A5 6800B84100
push 0041B800
:0041B6AA 53
push ebx
|
:0041B6AB E818A6FEFF
Call 00405CC8
:0041B6B0 8BF0
mov esi, eax
:0041B6B2 8935E4364400
:0041B6B8 85F6
test esi, esi
:0041B6BA 750A
jne 0041B6C6
:0041B6BC B8F0614000
mov eax, 004061F0
:0041B6C1 A3E4364400
|:0041B6BA(C)
|
* Possible StringData Ref from Code Obj ->"FlatSB_GetScrollPos"
|
:0041B6C6 6818B84100
push 0041B818
:0041B6CB 53
push ebx
|
:0041B6CC E8F7A5FEFF
Call 00405CC8
:0041B6D1 8BF0
mov esi, eax
:0041B6D3 8935E8364400
:0041B6D9 85F6
test esi, esi
:0041B6DB 750A
jne 0041B6E7
:0041B6DD B8F8614000
mov eax, 004061F8
:0041B6E2 A3E8364400
|:0041B6DB(C)
|
* Possible StringData Ref from Code Obj ->"FlatSB_SetScrollPos"
|
:0041B6E7 682CB84100
push 0041B82C
:0041B6EC 53
push ebx
|
:0041B6ED E8D6A5FEFF
Call 00405CC8
:0041B6F2 8BF0
mov esi, eax
:0041B6F4 8935EC364400
mov dword ptr [004436EC], esi
:0041B6FA 85F6
test esi, esi
:0041B6FC 750A
jne 0041B708
:0041B6FE B8E0634000
:0041B703 A3EC364400
mov eax, 004063E0

mov dword ptr [004436EC], eax

|:0041B6FC(C)
|
* Possible StringData Ref from Code Obj ->"FlatSB_SetScrollInfo"
|
:0041B708 6840B84100
push 0041B840
:0041B70D 53
push ebx
|
:0041B70E E8B5A5FEFF
Call 00405CC8
:0041B713 8BF0
mov esi, eax
:0041B715 8935F0364400
mov dword ptr [004436F0], esi
:0041B71B 85F6
test esi, esi
:0041B71D 750A
jne 0041B729
:0041B71F B8D8634000
mov eax, 004063D8
:0041B724 A3F0364400
|:0041B71D(C)
|
* Possible StringData Ref from Code Obj ->"FlatSB_SetScrollRange"
|
:0041B729 6858B84100
push 0041B858
:0041B72E 53
push ebx
|
:0041B72F E894A5FEFF
Call 00405CC8
:0041B734 8BF0
mov esi, eax
:0041B736 8935F4364400
mov dword ptr [004436F4], esi
:0041B73C 85F6
test esi, esi
:0041B73E 750A
jne 0041B74A
:0041B740 B8E8634000
mov eax, 004063E8
:0041B745 A3F4364400
|:0041B5FC(C), :0041B73E(C)
|
:0041B74A 5E
:0041B74B 5B
:0041B74C C3
:0041B74D 000000
BYTE 3 DUP(0)
:0041B750
:0041B753
:0041B757
:0041B759
arpl dword ptr [edi+6D], ebp

arpl dword ptr [esp+2*ebp+33], esi
xor ch, byte ptr [esi]
BYTE 064h
636F6D
63746C33
322E
64
:0041B75A 6C
:0041B75B 6C
pop esi
pop ebx
ret
insb
insb
:0041B75C 00000000
BYTE 4 DUP(0)
:0041B760
:0041B761
:0041B762
:0041B76A
:0041B76B
:0041B76C
:0041B76D
:0041B76F
:0041B770
49
6E
697469616C697A65
46
6C
61
7453
42
00000000
dec ecx
outsb
imul esi, dword ptr [ecx+2*ebp+61], 657A696C
inc esi
insb
popad
je 0041B7C2
inc edx
BYTE 4 DUP(0)
:0041B774
:0041B775
:0041B776
:0041B77D
:0041B784
:0041B785
:0041B786
:0041B788
:0041B789
:0041B78A
:0041B78B
:0041B78D
:0041B78E
:0041B78F
:0041B790
55
6E
696E697469616C
697A65466C6174
53
42
0000
46
6C
61
7453
42
5F
47
65
push ebp
outsb
imul ebp, dword ptr [esi+69], 6C616974
imul edi, dword ptr [edx+65], 74616C46
push ebx
inc edx
inc esi
insb
popad
je 0041B7E0
inc edx
pop edi
inc edi
BYTE 065h
:0041B791
:0041B793
:0041B796
:0041B797
:0041B798
:0041B799
:0041B79B
7453
63726F
6C
6C
50
726F
7000
je 0041B7E6
arpl dword ptr [edx+6F], esi
insb
insb
push eax
jb 0041B80A
jo 0041B79D

|:0041B79B(C)
|
:0041B79D 000000
BYTE 3 DUP(0)
:0041B7A0 46
inc esi
:0041B7A1 6C
insb
:0041B7A2 61
popad
:0041B7A3 7453
je 0041B7F8
:0041B7A5 42
inc edx
:0041B7A6 5F
pop edi
:0041B7A7 53
push ebx
:0041B7A8 65
BYTE 065h
:0041B7A9
:0041B7AB
:0041B7AE
:0041B7AF
:0041B7B0
:0041B7B1
:0041B7B3
7453
63726F
6C
6C
50
726F
7000
je 0041B7FE
insb
insb
push eax
jb 0041B822
jo 0041B7B5

|:0041B7B3(C)
|
:0041B7B5 000000
BYTE 3 DUP(0)
:0041B7B8 46
inc esi
:0041B7B9 6C
insb
:0041B7BA 61
popad
:0041B7BB 7453
je 0041B810
:0041B7BD 42
inc edx
:0041B7BE 5F
pop edi
:0041B7BF 45
inc ebp
:0041B7C0 6E
outsb
:0041B7C1 61
popad
|:0041B76D(C)
|
:0041B7C2 626C6553
:0041B7C6 63726F
:0041B7C9 6C
:0041B7CA 6C
:0041B7CB 42
:0041B7CC 61
:0041B7CD 7200
|:0041B7CD(C)
|
:0041B7CF 00466C
:0041B7D2 61
:0041B7D3 7453
:0041B7D5 42
:0041B7D6 5F
:0041B7D7 53
:0041B7D8 686F775363
:0041B7DD 726F
:0041B7DF 6C

insb
insb
inc edx
popad
jb 0041B7CF
add byte ptr [esi+6C], al

popad
je 0041B828
inc edx
pop edi
push ebx
push 6353776F
jb 0041B84E
insb

|:0041B78B(C)
|
:0041B7E0 6C
insb
:0041B7E1 42
inc edx
:0041B7E2 61
popad
:0041B7E3 7200
jb 0041B7E5
|:0041B7E3(C)
|
:0041B7E5 000000
BYTE 3 DUP(0)
:0041B7E8 46
inc esi
:0041B7E9 6C
insb
:0041B7EA 61
popad
:0041B7EB 7453
je 0041B840
:0041B7ED 42
inc edx
:0041B7EE 5F
pop edi
:0041B7EF 47
inc edi
:0041B7F0 65
BYTE 065h
:0041B7F1
:0041B7F3
:0041B7F6
:0041B7F7
7453
63726F
6C
6C
je 0041B846
insb
insb

|:0041B7A3(C)
|
:0041B7F8 52
push edx
:0041B7F9 61
popad
:0041B7FA 6E
outsb
:0041B7FB 67
BYTE 067h
:0041B7FC 65
BYTE 065h
:0041B7FD 000000
BYTE 3 DUP(0)
:0041B800
:0041B801
:0041B802
:0041B803
:0041B805
:0041B806
:0041B807
:0041B808
46
6C
61
7453
42
5F
47
65
inc esi
insb
popad
je 0041B858
inc edx
pop edi
inc edi
BYTE 065h
:0041B809
:0041B80B
:0041B80E
:0041B80F
7453
63726F
6C
6C
je 0041B85E
insb
insb
|:0041B7BB(C)
|
:0041B810 49
:0041B811 6E
:0041B812 666F
:0041B814 00000000
:0041B818
:0041B819
:0041B81A
:0041B81B
:0041B81D
:0041B81E
:0041B81F
:0041B820
46
6C
61
7453
42
5F
47
65
inc esi
insb
popad
je 0041B870
inc edx
pop edi
inc edi
BYTE 065h
:0041B821
:0041B823
:0041B826
:0041B827
7453
63726F
6C
6C
je 0041B876
insb
insb
dec ecx
outsb
outsw
BYTE 4 DUP(0)

|:0041B7D3(C)
|
:0041B828 50
:0041B829 6F
:0041B82A 7300
push eax
outsd
jnb 0041B82C

|:0041B82A(C)
|
:0041B82C 46
inc esi
:0041B82D 6C
insb
:0041B82E 61
popad
:0041B82F 7453
je 0041B884
:0041B831 42
inc edx
:0041B832 5F
pop edi
:0041B833 53
push ebx
:0041B834 65
BYTE 065h
:0041B835
:0041B837
:0041B83A
:0041B83B
:0041B83C
:0041B83D
:0041B83E
7453
63726F
6C
6C
50
6F
7300
|:0041B7EB(C), :0041B83E(C)
|
:0041B840 46
:0041B841 6C
:0041B842 61
:0041B843 7453
:0041B845 42
je 0041B88A
insb
insb
push eax
outsd
jnb 0041B840
inc esi
insb
popad
je 0041B898
inc edx

|:0041B7F1(C)
|
:0041B846 5F
pop edi
:0041B847 53
push ebx
:0041B848 65
BYTE 065h
:0041B849 7453
:0041B84B 63726F
je 0041B89E
|:0041B7DD(C)
|
:0041B84E 6C
:0041B84F 6C
:0041B850 49
:0041B851 6E
:0041B852 666F
:0041B854 00000000

insb
insb
dec ecx
outsb
outsw
BYTE 4 DUP(0)

|:0041B803(C)
|
:0041B858
:0041B859
:0041B85A
:0041B85B
:0041B85D
46
6C
61
7453
42
inc esi
insb
popad
je 0041B8B0
inc edx

|:0041B809(C)
|
:0041B85E 5F
pop edi
:0041B85F 53
push ebx
:0041B860 65
BYTE 065h
:0041B861
:0041B863
:0041B866
:0041B867
:0041B868
:0041B869
:0041B86A
:0041B86B
:0041B86C
7453
63726F
6C
6C
52
61
6E
67
65
:0041B86D 000000
je 0041B8B6
insb
insb
push edx
popad
outsb
BYTE 067h
BYTE 065h
BYTE 3 DUP(0)

|:0041B81B(C)
|
:0041B870 55
push ebp
:0041B871 8BEC
mov ebp, esp
:0041B873 33C0
xor eax, eax
:0041B875 55
push ebp
|:0041B821(C)
|
:0041B876 6895B84100
:0041B87B 64FF30
:0041B87E 648920
:0041B881 FF05F8364400
:0041B887 33C0
:0041B889 5A
|:0041B835(C)
|
:0041B88A 59
:0041B88B 59
:0041B88C 648910
:0041B88F 689CB84100
push 0041B895
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041B89C

|:0041B89A(U)
|
:0041B894 C3
ret
:0041B895
:0041B89A
:0041B89C
:0041B89D
E9DE79FEFF
EBF8
5D
C3
|:0041B849(C)
|
:0041B89E 8BC0
:0041B8A0 832DF836440001
:0041B8A7 7305
:0041B8A9 E83EFDFFFF
jmp 00403278
jmp 0041B894
pop ebp
ret

mov eax, eax
sub dword ptr [004436F8], 00000001
jnb 0041B8AE
call 0041B5EC

|:0041B8A7(C)
|
:0041B8AE C3
ret
:0041B8AF 90
nop
|:0041B85B(C)
|
:0041B8B0 B4B8
:0041B8B2 41
:0041B8B3 0003
:0041B8B5 0B545465
:0041B8B9 7874
:0041B8BB 4C
:0041B8BC 61
:0041B8BD 796F
:0041B8BF 7574
:0041B8C1 0100
:0041B8C3 000000
:0041B8C6
:0041B8C8
:0041B8CA
:0041B8CC
:0041B8CD
:0041B8D3
:0041B8D5
:0041B8D7
:0041B8D8
0200
0000
B0B8
41
0005746C546F
7008
746C
43
65

mov al, B8
inc ecx
add byte ptr [6F546C74], al
jo 0041B8DD
je 0041B943
inc ebx
BYTE 065h
:0041B8D9
:0041B8DA
:0041B8DC
:0041B8DE
:0041B8E0
:0041B8E1
:0041B8E2
:0041B8E4
:0041B8E5
6E
7465
7208
746C
42
6F
7474
6F
6D
outsb
je 0041B941
jb 0041B8E6
je 0041B94C
inc edx
outsd
je 0041B958
outsd
insd
mov ah, B8
inc ecx
or edx, dword ptr [esp+2*edx+65]
js 0041B92F
dec esp
popad
jns 0041B92E
jne 0041B935
BYTE 3 DUP(0)

|:0041B8DC(C)
|
:0041B8E6
:0041B8E8
:0041B8EA
:0041B8EB
:0041B8F5
8BC0
34B9
41
00000000000000000000
000000
mov eax, eax

xor al, B9
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041B8F8 FC
:0041B8F9 B941000000
:0041B8FE 000000000000
cld
mov ecx, 00000041
BYTE 6 DUP(0)
:0041B904 C8B94100
:0041B908 E8B94100
DWORD 0041B9C8
DWORD 0041B9E8
:0041B90C 2401
:0041B90E 0000
and al, 01
:0041B910 C8FD4100
:0041B914 681C4100
DWORD 0041FDC8
DWORD 00411C68
:0041B918
:0041B91A
:0041B91B
:0041B91D
342E
40
0038
2E
xor al, 2E
inc eax
BYTE 02eh
:0041B91E
:0041B91F
:0041B922
:0041B923
:0041B929
:0041B92C
:0041B930
:0041B936
:0041B937
:0041B93A
:0041B93B
:0041B93D
40
003C2E
40
0090434200B4
2B4000
C82B4000
28A042006C4F
42
006844
42
0008
D24000
inc eax
inc eax
add byte ptr [eax+B4004243], dl
sub eax, dword ptr [eax+00]
enter 402B, 00
sub byte ptr [eax+4F6C0042], ah
inc edx
inc edx
:0041B940 E4D54100
:0041B944 ACD74100
DWORD 0041D5E4
DWORD 0041D7AC
:0041B948
:0041B949
:0041B94A
:0041B94B
:0041B94D
:0041B94E
:0041B94F
:0041B955
dec
daa
inc
add
das
inc
add
sbb
48
27
42
0028
2F
42
00801C4100C4
184100
eax
edx
byte ptr [eax], ch
edx
byte ptr [eax+C400411C], al
byte ptr [ecx+00], al

|:0041B8E2(C)
|
:0041B958 BC184100
:0041B95C 881C4100
:0041B960 F0D24100
DWORD 004118BC
DWORD 00411C88
DWORD 0041D2F0
:0041B964
:0041B965
:0041B966
:0041B967
:0041B969
:0041B96A
:0041B96B
:0041B96D
:0041B96E
:0041B96F
:0041B975
:0041B977
:0041B97E
:0041B97F
:0041B985
:0041B98A
:0041B98B
:0041B98E
:0041B98F
:0041B992
:0041B993
:0041B995
:0041B998
:0041B99A
:0041B99B
:0041B99F
:0041B9A1
:0041B9A4
:0041B9A6
:0041B9A7
:0041B9AD
EC
51
42
00C4
3F
42
00C0
3F
42
009040420038
2C42
009C2B42009C34
42
00B8254200BC
2542000051
42
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
7842
42
00B05142005C
36
in al, dx
push ecx
inc edx
add ah, al
aas
inc edx
add al, al
aas
inc edx
add byte ptr [eax+38004240], dl
sub al, 42
add byte ptr [ebx+ebp+349C0042], bl
inc edx
add byte ptr [eax+BC004225], bh
and eax, 51000042
inc edx
add byte ptr [ecx+2*edx], ch
inc edx
inc edx
add al, bl
xor byte ptr [edx+00], al
adc byte ptr [eax], dh
inc edx
add byte ptr [ebx+esi+42], dh
xor al, byte ptr [edx+00]
js 0041B9E8
inc edx
add byte ptr [eax+5C004251], dh
BYTE 036h
:0041B9AE
:0041B9AF
:0041B9B5
:0041B9B8
:0041B9B9
42
0080364200B8
284200
6C
36
inc edx
add byte ptr [eax+B8004236], al
sub byte ptr [edx+00], al
insb
BYTE 036h
:0041B9BA
:0041B9BB
:0041B9BD
:0041B9BF
:0041B9C3
:0041B9C5
:0041B9C6
:0041B9C7
:0041B9CD
:0041B9CF
:0041B9D1
:0041B9D3
:0041B9D5
:0041B9D6
42
00E0
D441
005CD341
00E0
D6
41
00050012B00E
B006
B0CE
FFCD
FFDC
D7
41
inc edx
add al, ah
aam (base65)
add byte ptr [ebx+8*edx+41], bl
add al, ah
BYTE 0d6h
inc ecx
add byte ptr [0EB01200], al
mov al, 06
mov al, CE
dec ebp
call far esp
xlat
inc ecx
:0041B9D7
:0041B9D9
:0041B9DA
:0041B9DB
:0041B9DD
00F4
D7
41
0010
D84100
add ah, dh
xlat
inc ecx
fadd dword ptr [ecx+00]
:0041B9E0 FCD54100
:0041B9E4 70D34100
DWORD 0041D5FC
DWORD 0041D370
|:0041B9A4(C)
|
:0041B9E8 0C54
:0041B9EA 43
:0041B9EB 7573
:0041B9ED 746F
:0041B9EF 6D
:0041B9F0 4C
:0041B9F1 61
:0041B9F2 62656C
:0041B9F5 8D4000
:0041B9F8 FC
:0041B9F9 B94100070C
:0041B9FE 54
:0041B9FF 43
:0041BA00 7573
:0041BA02 746F
:0041BA04 6D
:0041BA05 4C
:0041BA06 61
:0041BA07 62656C
:0041BA0A 34B94100
:0041BA0E B8FE4100
DWORD 0041B934
DWORD 0041FEB8
:0041BA12 0800
:0041BA14 085374
:0041BA17 64

or byte ptr [ebx+74], dl
BYTE 064h
:0041BA18
:0041BA19
:0041BA1B
:0041BA1C
inc ebx
je 0041BA8D
insb
jnb 0041BA1E
43
7472
6C
7300
or al, 54
inc ebx
jne 0041BA60
je 0041BA5E
insd
dec esp
popad
bound esp, dword ptr [ebp+6C]
cld
mov ecx, 0C070041
push esp
inc ebx
jne 0041BA75
je 0041BA73
insd
dec esp
popad
|:0041BA1C(C)
|
:0041BA1E 00906CBA4100
:0041BA24 00000000000000000000
:0041BA2E 0000
:0041BA30
:0041BA32
:0041BA33
:0041BA3D
or al, BB
inc ecx
BYTE 10 DUP(0)
BYTE 4 DUP(0)
0CBB
41
00000000000000000000
00000000
add byte ptr [eax+0041BA6C], dl

BYTE 10 DUP(0)
BYTE 2 DUP(0)
:0041BA41 BB41002401
:0041BA46 0000
mov ebx, 01240041

:0041BA48 E8B84100
:0041BA4C 681C4100
DWORD 0041B8E8
DWORD 00411C68
:0041BA50
:0041BA52
:0041BA53
:0041BA55
342E
40
0038
2E
xor al, 2E
inc eax
BYTE 02eh
:0041BA56
:0041BA57
:0041BA5A
:0041BA5B
:0041BA61
:0041BA64
:0041BA68
:0041BA6E
:0041BA6F
:0041BA72
40
003C2E
40
0090434200B4
2B4000
C82B4000
28A042006C4F
42
006844
42
inc eax
inc eax
enter 402B, 00
sub byte ptr [eax+4F6C0042], ah
inc edx
inc edx

|:0041BA02(C)
|
:0041BA73 0008
|:0041BA00(C)
|
:0041BA75 D24000
:0041BA78 E4D54100
DWORD 0041D5E4
|:0041BA16(C)
|
:0041BA7C ACD74100
:0041BA80 48
:0041BA81 27
:0041BA82 42
:0041BA83 0028
:0041BA85 2F
:0041BA86 42
:0041BA87 00801C4100C4

DWORD 0041D7AC
dec eax
daa
inc edx
das
inc edx

|:0041BA19(C)
|
:0041BA8D 184100
:0041BA90 BC184100
:0041BA94 881C4100
:0041BA98 F0D24100
DWORD 004118BC
DWORD 00411C88
DWORD 0041D2F0
:0041BA9C
:0041BA9D
:0041BA9E
:0041BA9F
:0041BAA1
:0041BAA2
:0041BAA3
:0041BAA5
:0041BAA6
:0041BAA7
:0041BAAD
:0041BAAF
:0041BAB6
:0041BAB7
:0041BABD
:0041BAC2
:0041BAC3
:0041BAC6
:0041BAC7
:0041BACA
:0041BACB
:0041BACD
:0041BAD0
:0041BAD2
:0041BAD3
:0041BAD7
:0041BAD9
:0041BADC
:0041BADE
:0041BADF
:0041BAE5
EC
51
42
00C4
3F
42
00C0
3F
42
009040420038
2C42
009C2B42009C34
42
00B8254200BC
2542000051
42
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
7842
42
00B05142005C
36
in al, dx
push ecx
inc edx
add ah, al
aas
inc edx
add al, al
aas
inc edx
sub al, 42
inc edx
and eax, 51000042
inc edx
inc edx
inc edx
add al, bl
inc edx
js 0041BB20
inc edx
BYTE 036h
:0041BAE6
:0041BAE7
:0041BAED
:0041BAF0
:0041BAF1
42
0080364200B8
284200
6C
36
inc edx
insb
BYTE 036h
:0041BAF2
:0041BAF3
:0041BAF5
:0041BAF7
:0041BAFB
:0041BAFD
:0041BAFE
:0041BAFF
:0041BB01
:0041BB02
:0041BB03
:0041BB04
:0041BB07
:0041BB08
:0041BB0A
:0041BB0B
:0041BB0D
:0041BB0E
:0041BB0F
:0041BB10
42
00E0
D441
005CD341
00E0
D6
41
0006
54
4C
61
62656C
90
0CBB
41
0007
06
54
4C
61
inc edx
add al, ah
aam (base65)
add byte ptr [ebx+8*edx+41], bl
add al, ah
BYTE 0d6h
inc ecx
push esp
dec esp
popad
nop
or al, BB
inc ecx
push es
push esp
dec esp
popad
:0041BB11 62656C
:0041BB14 6CBA4100
:0041BB18 F8B94100
DWORD 0041BA6C
DWORD 0041B9F8
:0041BB1C 2C00
:0041BB1E 085374
:0041BB21 64
sub al, 00
BYTE 064h
:0041BB22
:0041BB23
:0041BB25
:0041BB26
:0041BB28
:0041BB2A
:0041BB2F
:0041BB31
:0041BB33
:0041BB34
:0041BB36
43
7472
6C
7324
00C8
E841004B00
00FF
2028
42
0001
000000000000
inc ebx
je 0041BB97
insb
jnb 0041BB4C
add al, cl
call 008CBB70
add bh, bh
and byte ptr [eax], ch
inc edx
BYTE 6 DUP(0)
:0041BB3C
:0041BB3F
:0041BB41
:0041BB43
:0041BB48
:0041BB49
:0041BB4F
:0041BB51
:0041BB52
:0041BB53
:0041BB54
:0041BB56
800000
0000
0800
05416C6967
6E
10AF40001C01
00FF
CC
D6
41
0001
000000000000

add eax, 67696C41
outsb
adc byte ptr [edi+011C0040], ch
add bh, bh
int 03
BYTE 0d6h
inc ecx
BYTE 6 DUP(0)
:0041BB5C
:0041BB5F
:0041BB61
:0041BB63
:0041BB66
:0041BB6D
:0041BB6E
:0041BB6F
:0041BB70
:0041BB73
:0041BB75
:0041BB76
:0041BB78
:0041BB79
:0041BB7A
800000
0000
0900
09416C
69676E6D656E74
54
ED
41
006000
00FF
60
0000
FF
FC
26

or dword ptr [ecx+6C], eax
push esp
in ax, dx
inc ecx
add bh, bh
pushad
BYTE 0ffh
cld
BYTE 026h
:0041BB7B 42
:0041BB7C 00000000
inc edx
BYTE 4 DUP(0)
:0041BB80 800300
add byte ptr [ebx], 00
:0041BB83
:0041BB85
:0041BB87
:0041BB88
:0041BB89
:0041BB8A
:0041BB8D
:0041BB8F
:0041BB91
:0041BB92
:0041BB98
:0041BB9A
:0041BB9C
0000
0A00
07
41
6E
63686F
7273
0010
40
001D0100FF90
0000
FE01
000000000000

pop es
inc ecx
outsb
arpl dword ptr [eax+6F], ebp
jb 0041BC02
inc eax
add byte ptr [90FF0001], bl
inc byte ptr [ecx]
BYTE 6 DUP(0)
:0041BBA2
:0041BBA5
:0041BBA7
:0041BBA9
:0041BBAC
:0041BBAE
:0041BBAF
:0041BBB6
:0041BBB7
:0041BBB9
:0041BBBD
:0041BBBF
:0041BBC2
800100
0000
0B00
084175
746F
53
697A6554AF4000
4F
0000
FF6C0000
FEC0
324200
000000

or byte ptr [ecx+75], al
je 0041BC1D
push ebx
imul edi, dword ptr [edx+65], 0040AF54
dec edi
jmp far [eax+eax]
inc al
BYTE 3 DUP(0)
:0041BBC5
:0041BBC8
:0041BBCE
:0041BBD6
:0041BBD7
:0041BBD8
:0041BBDF
:0041BBE0
:0041BBE7
:0041BBED
:0041BBF2
:0041BBF4
:0041BBFB
800000
00800C000842
6944694D6F646508
ED
41
00A4314200D431
42
009C4E42000000
008000000080
0D00074361
7074
696F6EBC244100
64

imul eax, dword ptr [ecx+2*ebp+4D], 0865646F
in ax, dx
inc ecx
add byte ptr [ecx+esi+31D40042], ah
inc edx
add byte ptr [esi+2*ecx+00000042], bl
or eax, 61430700
jo 0041BC68
imul ebp, dword ptr [edi+6E], 004124BC
BYTE 064h
:0041BBFC
:0041BBFE
:0041BC00
:0041BC03
:0041BC04
:0041BC07
0000
FF30
334200
4C
334200
000000

xor eax, dword ptr [edx+00]
dec esp
BYTE 3 DUP(0)
:0041BC0A 80050000800E00
:0041BC11 05436F6C6F
:0041BC16 7200
add byte ptr [0E800000], 00

add eax, 6F6C6F43
jb 0041BC18

|:0041BC16(C)
|
:0041BC18 EE
:0041BC19 41
:0041BC1A 006800
out dx, al
inc ecx
|:0041BBAC(C)
|
:0041BC1D 00FF
:0041BC1F 680000FF01
:0041BC24 000000000000
:0041BC2A
:0041BC2D
:0041BC33
:0041BC34
:0041BC35
:0041BC37
:0041BC39
:0041BC40
:0041BC43
:0041BC45
:0041BC46
:0041BC48
:0041BC4A

add byte ptr [eax+430B000F], al
outsd
outsb
jnb 0041BCAB
jb 0041BC9A
imul ebp, dword ptr [esi+74], 41E8B073
add byte ptr [esi+00], ch
add bh, bh
outsb
inc dword ptr [ecx]
BYTE 6 DUP(0)
800000
00800F000B43
6F
6E
7374
7261
696E7473B0E841
006E00
00FF
6E
0000
FF01
000000000000
add bh, bh
push 01FF0000
BYTE 6 DUP(0)
:0041BC50 80F4FF
:0041BC53 FFFF
xor ah, FF
BYTE 2 DUP(0ffh)
:0041BC55
:0041BC57
:0041BC5B
:0041BC5D
:0041BC5F
:0041BC61
:0041BC63
:0041BC64
:0041BC65
:0041BC6B
:0041BC6D
:0041BC6F
1000
0A447261
6743
7572
736F
72C4
EC
41
00870000FF87
0000
FF01
000000000000

or al, byte ptr [edx+2*esi+61]
inc ebx
jne 0041BCD1
jnb 0041BCD0
jb 0041BC27
in al, dx
inc ecx
add byte ptr [edi+87FF0000], al
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041BC75
:0041BC78
:0041BC7A
:0041BC7C
:0041BC80
:0041BC82
:0041BC89
:0041BC8A
:0041BC8C
:0041BC90
:0041BC92
800000
0000
1100
08447261
674B
696E6490EC4100
4D
0000
FF5C0000
FE01
000000000000

or byte ptr [edx+2*esi+61], al
dec ebx
imul ebp, dword ptr [esi+64], 0041EC90
dec ebp
call far [eax+eax]
inc byte ptr [ecx]
BYTE 6 DUP(0)
:0041BC98 800000
:0041BC9B 0000

:0041BC9D
:0041BC9F
:0041BCA3
:0041BCA5
:0041BCA6
1200
08447261
674D
6F
64

dec ebp
outsd
BYTE 064h
:0041BCA7 650010
:0041BCAA 40
add byte ptr gs:[eax], dl

inc eax
|:0041BC35(C)
|
:0041BCAB 005000
:0041BCAE 00FE
:0041BCB0 60
:0041BCB1 0000
:0041BCB3 FE
:0041BCB4 BC4E420000
:0041BCB9 0000
:0041BCBB 800100
:0041BCBE 0000
:0041BCC0 1300
:0041BCC2 07
:0041BCC3 45
:0041BCC4 6E
:0041BCC5 61
:0041BCC6 626C6564
:0041BCCA 7CFD
:0041BCCC 41
:0041BCCD 0018
:0041BCCF 0100
|:0041BC5D(C)
|
:0041BCD1 FF08
:0041BCD3 D7
:0041BCD4 41
:0041BCD5 0001
:0041BCD7 000000000000
:0041BCDD
:0041BCE0
:0041BCE6
:0041BCE7
:0041BCEA
:0041BCEB
:0041BCEC
:0041BCED
:0041BCEF
:0041BCF0
:0041BCF1
:0041BCF3
:0041BCF4
:0041BCF7
:0041BCF9
:0041BCFA
:0041BCFD

add byte ptr [eax+460C0014], al
outsd
arpl dword ptr [ebp+73], esi
inc ebx
outsd
outsb
je 0041BD61
outsd
insb
xor al, 29
inc ecx
add bh, bh
nop
800000
008014000C46
6F
637573
43
6F
6E
7472
6F
6C
3429
41
005800
00FF
90
324200
A032420000

add dh, bh
pushad
BYTE 0feh
mov esp, 0000424E
pop es
inc ebp
outsb
popad
jl 0041BCC9
inc ecx
dec dword ptr [eax]

xlat
inc ecx
BYTE 6 DUP(0)
:0041BD02
:0041BD04
:0041BD07
:0041BD0D
:0041BD0E
:0041BD0F
0000
800000
008015000446
6F
6E
7400

outsd
outsb
je 0041BD11
|:0041BD0F(C)
|
:0041BD11 104000
:0041BD14 50
:0041BD15 0000
:0041BD17 FF6800
:0041BD1A 00FE
:0041BD1C 0100
:0041BD1E 0000000000
:0041BD23
:0041BD26
:0041BD28
:0041BD29
:0041BD2B
:0041BD2C
:0041BD2D
:0041BD2F
:0041BD30
:0041BD32
:0041BD3A
:0041BD3D
:0041BD3E
:0041BD40
:0041BD44
:0041BD46
800100
0000
16
000E
50
61
7265
6E
7442
6944694D6F646500
104000
4A
0000
FF543342
0001
000000000000

push ss
push eax
popad
jb 0041BD94
outsb
je 0041BD74
dec edx
call [ebx+esi+42]
BYTE 6 DUP(0)
:0041BD4C
:0041BD4F
:0041BD51
:0041BD52
:0041BD54
:0041BD55
:0041BD56
:0041BD58
:0041BD59
:0041BD5B
:0041BD5C
:0041BD5D
:0041BD5E
800100
0000
17
000B
50
61
7265
6E
7443
6F
6C
6F
7200

pop ss
push eax
popad
jb 0041BDBD
outsb
je 0041BD9E
outsd
insb
outsd
jb 0041BD60

push eax
jmp far [eax+00]
add dh, bh
BYTE 5 DUP(0)

|:0041BD5E(C)
|
:0041BD60 104000
:0041BD63 49
dec ecx
:0041BD64 0000
:0041BD66 FFC8
dec eax
:0041BD68 324200
:0041BD6B 0100
:0041BD6D 0000000000
BYTE 5 DUP(0)
:0041BD72
:0041BD75
:0041BD77
:0041BD79
:0041BD7C
:0041BD7E
:0041BD7F
:0041BD81
:0041BD82
:0041BD83

or dl, byte ptr [eax+61]
jb 0041BDE3
outsb
je 0041BDC7
outsd
outsb
je 0041BD85
800100
0000
1800
0A5061
7265
6E
7446
6F
6E
7400
|:0041BD83(C)
|
:0041BD85 104000
:0041BD88 8600
:0041BD8A 00FF
:0041BD8C 0C33
:0041BD8E 42
:0041BD8F 0001
:0041BD91 000000000000
:0041BD97 800100
:0041BD9A 0000
:0041BD9C 1900

sbb dword ptr [eax], eax
|:0041BD59(C)
|
:0041BD9E 0E
:0041BD9F 50
:0041BDA0 61
:0041BDA1 7265
:0041BDA3 6E
:0041BDA4 7453
:0041BDA6 686F774869
:0041BDAB 6E
:0041BDAC 7438
:0041BDAE 0443
:0041BDB0 007000
:0041BDB3 00FF
:0041BDB5 5C
:0041BDB6 314200
:0041BDB9 0100
:0041BDBB 0000000000
:0041BDC0
:0041BDC3
:0041BDC9
:0041BDCA
:0041BDCC
:0041BDCE

add byte ptr [eax+5009001A], al
outsd
jo 0041BE41
jo 0041BE1B
BYTE 065h
800000
00801A000950
6F
7075
704D
65
:0041BDCF 6E

xchg byte ptr [eax], al
add bh, bh
or al, 33
inc edx
BYTE 6 DUP(0)
push cs
push eax
popad
jb 0041BE08
outsb
je 0041BDF9
push 6948776F
outsb
je 0041BDE6
add al, 43
add byte ptr [eax+00], dh
add bh, bh
pop esp
xor dword ptr [edx+00], eax
BYTE 5 DUP(0)
outsb
:0041BDD0 7500
jne 0041BDD2
|:0041BDD0(C)
|
:0041BDD2 104000
:0041BDD5 2001
:0041BDD7 00FF
:0041BDD9 1CD7
:0041BDDB 41
:0041BDDC 0001
:0041BDDE 000000000000
:0041BDE4
:0041BDE7
:0041BDE9
:0041BDEB
:0041BDF0
:0041BDF1
:0041BDF4
:0041BDF5
:0041BDF6
:0041BDFB
:0041BDFC
:0041BE02
:0041BE05
:0041BE07

sbb eax, dword ptr [eax]
or eax, 776F6853
inc ecx
insb
inc ebx
push 10007261
inc eax
add byte ptr [ebp+E8FF0000], al
mov ah, 32
inc edx
800100
0000
1B00
0D53686F77
41
636365
6C
43
6861720010
40
00850000FFE8
324200
B432
42
|:0041BDA1(C)
|
:0041BE08 00000000
:0041BE0C 800000
:0041BE0F 00801C000853
:0041BE15 686F774869
:0041BE1A 6E

and byte ptr [ecx], al
add bh, bh
sbb al, D7
inc ecx
BYTE 6 DUP(0)

BYTE 4 DUP(0)
push 6948776F
outsb

|:0041BDCC(C)
|
:0041BE1B 7400
je 0041BE1D
|:0041BE1B(C)
|
:0041BE1D 104000
:0041BE20 FCD64100
:0041BE24 30D74100
DWORD 0041D6FC
DWORD 0041D730
:0041BE28 0100
:0041BE2A 0000000000

BYTE 5 DUP(0)
:0041BE2F
:0041BE32
:0041BE34
:0041BE39

sbb eax, 72540B00
popad
800000
0000
1D000B5472
61
:0041BE3A
:0041BE3B
:0041BE3D
:0041BE3E
:0041BE40
6E
7370
61
7265
6E
outsb
jnb 0041BEAD
popad
jb 0041BEA5
outsb
|:0041BDCA(C)
|
:0041BE41 74B0
:0041BE43 B841001E01
:0041BE48 00FF
:0041BE4A 70D7
:0041BE4C 41
:0041BE4D 0001
:0041BE4F 000000000000
:0041BE55
:0041BE58
:0041BE5A
:0041BE5B
:0041BE5D
:0041BE5E
:0041BE5F
:0041BE61
:0041BE63
:0041BE65
:0041BE66
:0041BE69
:0041BE6B
:0041BE6C
:0041BE6F
:0041BE70
:0041BE71
:0041BE72
800000
0000
1E
0006
4C
61
796F
7574
0010
40
004700
00FF
94
304200
FC
4E
42
00000000

push ds
dec esp
popad
jns 0041BED0
jne 0041BED7
inc eax
add bh, bh
xchg eax,esp
cld
dec esi
inc edx
BYTE 4 DUP(0)
:0041BE76
:0041BE79
:0041BE7B
:0041BE7C
:0041BE7E
:0041BE7F
:0041BE86
:0041BE89
:0041BE8A
:0041BE8C
:0041BE93
800100
0000
1F
0007
56
697369626C6500
104000
1F
0100
FF84D741000100
0000000000

pop ds
push esi
imul esi, dword ptr [ebx+69], 00656C62
pop ds
inc dword ptr [edi+8*edx+00010041]
BYTE 5 DUP(0)
:0041BE98
:0041BE9B
:0041BE9D
:0041BE9F
:0041BEA2
:0041BEA4
800000
0000
2000
08576F
7264
57

or byte ptr [edi+6F], dl
jb 0041BF08
push edi
je 0041BDF3
mov eax, 011E0041
add bh, bh
jo 0041BE23
inc ecx
BYTE 6 DUP(0)

|:0041BE3E(C)
|
:0041BEA5
:0041BEA7
:0041BEA9
:0041BEAA
:0041BEAB
:0041BEAE
:0041BEB0
:0041BEB2
:0041BEB4
:0041BEB6
:0041BEB7
7261
70F0
AF
40
000401
00FF
0401
00FF
1C4F
42
00000000
jb 0041BF08
jo 0041BE99
scasd
inc eax
add byte ptr [ecx+eax], al
add bh, bh
add al, 01
add bh, bh
sbb al, 4F
inc edx
BYTE 4 DUP(0)
:0041BEBB
:0041BEBE
:0041BEC4
:0041BEC5
:0041BEC6
:0041BEC7
:0041BECE
800000
00802100074F
6E
43
6C
69636BF0AF4000
0C01

add byte ptr [eax+4F070021], al
outsb
inc ebx
insb
imul esp, dword ptr [ebx+6B], 0040AFF0
or al, 01
|:0041BE5F(C)
|
:0041BED0 00FF
:0041BED2 0C01
:0041BED4 00FF
:0041BED6 0100
:0041BED8 0000000000
:0041BEDD
:0041BEE0
:0041BEE6
:0041BEE7
:0041BEE8
:0041BEEC
:0041BEF3
:0041BEF4
:0041BEF6
:0041BEF8
:0041BEFA
:0041BEFC
800000
008022000A4F
6E
44
626C436C
69636B50F04100
CC
0000
FFCC
0000
FF01
000000000000

add byte ptr [eax+4F0A0022], al
outsb
inc esp
bound ebp, dword ptr [ebx+2*eax+6C]
imul esp, dword ptr [ebx+6B], 0041F050
int 03
dec esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041BF02
:0041BF05
:0041BF0B
:0041BF0C
:0041BF0D
:0041BF0F
:0041BF11
:0041BF13
:0041BF15
800000
008023000A4F
6E
44
7261
6744
726F
70E0
EF

outsb
inc esp
jb 0041BF70
inc esp
jb 0041BF82
jo 0041BEF5
out dx, ax
add bh, bh
or al, 01
add bh, bh
BYTE 5 DUP(0)

|:0041BF38(C)
|
:0041BF16 41
inc ecx
:0041BF17
:0041BF19
:0041BF1B
:0041BF1D
:0041BF1F
:0041BF21
00D4
0000
FFD4
0000
FF01
000000000000
add ah, dl
call esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041BF27
:0041BF2A
:0041BF30
:0041BF31
:0041BF32
:0041BF34
:0041BF36
:0041BF38
:0041BF3A
:0041BF3B
:0041BF3C
:0041BF3E
:0041BF40
:0041BF42
:0041BF44
:0041BF46
800000
008024000A4F
6E
44
7261
674F
7665
72DC
F0
41
00EC
0000
FFEC
0000
FF01
000000000000

outsb
inc esp
jb 0041BF95
dec edi
jbe 0041BF9D
jb 0041BF16
lock
inc ecx
add ah, ch
jmp far esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041BF4C
:0041BF4F
:0041BF55
:0041BF56
:0041BF57
:0041BF58
800000
00802500094F
6E
45
6E
64

outsb
inc ebp
outsb
BYTE 064h
:0041BF59
:0041BF5A
:0041BF5B
:0041BF5E
:0041BF5F
:0041BF60
:0041BF62
:0041BF64
:0041BF65
:0041BF66
:0041BF68
:0041BF6A
44
6F
636BDC
F0
41
00FC
0000
FF
FC
0000
FF01
000000000000
inc esp
outsd
arpl dword ptr [ebx-24], ebp
lock
inc ecx
add ah, bh
BYTE 0ffh
cld
inc dword ptr [ecx]
BYTE 6 DUP(0)
|:0041BF0D(C)
|
:0041BF70 800000
:0041BF73 00802600094F
:0041BF79 6E
:0041BF7A 45
:0041BF7B 6E
:0041BF7C 64

outsb
inc ebp
outsb
BYTE 064h
:0041BF7D
:0041BF7E
:0041BF80
:0041BF86
:0041BF88
:0041BF8F
44
7261
67BCEE4100B4
0000
FFB40000FF0100
0000000000
:0041BF94 800000
:0041BF97 008027000B4F
inc esp
jb 0041BFE1
mov esp, B40041EE
push dword ptr [eax+eax+0001FF00]
BYTE 5 DUP(0)
add byte ptr [eax+4F0B0027], al

|:0041BF36(C)
|
:0041BF9D 6E
outsb
:0041BF9E 4D
dec ebp
:0041BF9F 6F
outsd
:0041BFA0 7573
jne 0041C015
:0041BFA2 65
BYTE 065h
:0041BFA3
:0041BFA4
:0041BFA5
:0041BFA7
:0041BFA9
:0041BFAA
:0041BFB1
:0041BFB3
:0041BFB5
44
6F
776E
20EF
41
00BC0000FFBC00
00FF
0100
0000000000
inc esp
outsd
ja 0041C015
and bh, ch
inc ecx
add byte ptr [eax+eax+00BCFF00], bh
add bh, bh
BYTE 5 DUP(0)
:0041BFBA
:0041BFBD
:0041BFC3
:0041BFC4
:0041BFC5
:0041BFC6
:0041BFC8
800000
008028000B4F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 0041C03B
BYTE 065h
:0041BFC9
:0041BFCA
:0041BFCB
:0041BFCD
:0041BFD2
:0041BFD4
:0041BFD6
:0041BFD8
:0041BFDA
4D
6F
7665
BCEE4100C4
0000
FFC4
0000
FF01
000000000000
dec ebp
outsd
jbe 0041C032
mov esp, C40041EE
inc esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041BFE0
:0041BFE3
:0041BFE9
:0041BFEA
:0041BFEB
:0041BFEC
:0041BFEE
800000
00802900094F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 0041C061
BYTE 065h
:0041BFEF
:0041BFF0
:0041BFF2
:0041BFF3
:0041BFF4
:0041BFF6
:0041BFF8
:0041BFFA
:0041BFFC
:0041BFFE
55
7050
F2
41
00E4
0000
FFE4
0000
FF01
000000000000
push ebp
jo 0041C042
repnz
inc ecx
add ah, ah
jmp esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041C004
:0041C007
:0041C00D
:0041C00E
:0041C00F
:0041C011
:0041C013
:0041C014
800000
00802A000B4F
6E
53
7461
7274
44
6F

add byte ptr [eax+4F0B002A], al
outsb
push ebx
je 0041C072
jb 0041C087
inc esp
outsd
|:0041BFA0(C), :0041BFA5(C)
|
:0041C015 636B9C
:0041C018 F0
:0041C019 41
:0041C01A 00F4
:0041C01C 0000
:0041C01E FFF4
:0041C020 0000
:0041C022 FF01
:0041C024 000000000000
:0041C02A
:0041C02D
:0041C033
:0041C034
:0041C035
:0041C037
:0041C039
:0041C03A
:0041C03C
:0041C040
:0041C041
:0041C045
:0041C04A
:0041C04C
:0041C051
:0041C053
:0041C055
800000
00802B000B4F
6E
53
7461
7274
44
7261
678D4000
44
C0410003
0D54456469
7443
6861724361
7365
0100
000000

add byte ptr [eax+4F0B002B], al
outsb
push ebx
je 0041C098
jb 0041C0AD
inc esp
jb 0041C09D
lea eax, [bx+si+00]
inc esp
rol byte ptr [ecx+00], 03
or eax, 69644554
je 0041C08F
push 61437261
jnb 0041C0B8
BYTE 3 DUP(0)
:0041C058
:0041C05A
:0041C05C
:0041C05D
0200
0000
40
C0410008
add
add
inc
rol

lock
inc ecx
add ah, dh
push esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
al, byte ptr [eax]

byte ptr [eax], al
eax
byte ptr [ecx+00], 08
|:0041BFEC(C)
|
:0041C061 65634E6F
:0041C065 726D
:0041C067 61
:0041C068 6C
:0041C069 0B6563
:0041C06C 55
:0041C06D 7070
:0041C06F 65
:0041C070 7243
jb 0041C0B5
arpl dword ptr gs:[esi+6F], ecx

jb 0041C0D4
popad
insb
or esp, dword ptr [ebp+63]
push ebp
jo 0041C0DF
BYTE 065h

|:0041C00F(C)
|
:0041C072 61
popad
:0041C073 7365
jnb 0041C0DA
:0041C075 0B6563
or esp, dword ptr [ebp+63]
:0041C078 4C
dec esp
:0041C079 6F
outsd
:0041C07A 7765
ja 0041C0E1
:0041C07C 7243
jb 0041C0C1
:0041C07E 61
popad
:0041C07F 7365
jnb 0041C0E6
:0041C081 8D4000
:0041C084 D0C0
rol al, 1
:0041C086 41
inc ecx
|:0041C011(C)
|
:0041C087 00000000000000000000
BYTE 10 DUP(0)
:0041C091 000000
BYTE 3 DUP(0)
:0041C094 E4C1
:0041C096 41
:0041C097 000000000000000000
in al, C1
inc ecx
BYTE 9 DUP(0)
:0041C0A0 A8C14100
:0041C0A4 D4C14100
DWORD 0041C1A8
DWORD 0041C1D4
:0041C0A8 0402
:0041C0AA 0000
add al, 02
:0041C0AC CCF94100
:0041C0B0 681C4100
DWORD 0041F9CC
DWORD 00411C68
:0041C0B4
:0041C0B6
:0041C0B7
:0041C0B9
xor al, 2E
inc eax
BYTE 02eh
342E
40
0038
2E
:0041C0BA
:0041C0BB
:0041C0BE
:0041C0BF
:0041C0C5
:0041C0C8
:0041C0CC
:0041C0CD
:0041C0CE
:0041C0CF
:0041C0D5
:0041C0D6
:0041C0D7
:0041C0D9
:0041C0DC
:0041C0DE
40
003C2E
40
0080E04100B4
2B4000
C82B4000
54
53
42
00B89A420068
44
42
0008
D24000
3C4F
42
inc eax
inc eax
add byte ptr [eax+B40041E0], al
enter 402B, 00
push esp
push ebx
inc edx
add byte ptr [eax+6800429A], bh
inc esp
inc edx
cmp al, 4F
inc edx

|:0041C06D(C)
|
:0041C0DF 00DC
add ah, bl
|:0041C07A(C)
|
:0041C0E1 27
daa
:0041C0E2 42
inc edx
:0041C0E3 00FC
add ah, bh
:0041C0E5 54
push esp
|:0041C07F(C)
|
:0041C0E6 42
:0041C0E7 0028
:0041C0E9 2F
:0041C0EA 42
:0041C0EB 00801C4100C4
:0041C0F1 184100
:0041C0F4 BC184100
:0041C0F8 881C4100
:0041C0FC A4D84100
DWORD 004118BC
DWORD 00411C88
DWORD 0041D8A4
:0041C100
:0041C106
:0041C107
:0041C109
:0041C110
:0041C112
:0041C113
:0041C115
:0041C118
:0041C11F
:0041C126
:0041C127
:0041C12A
:0041C12B
mov [ecx+95C00042], ss
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
add al, cl
pop [edx+00]
fmul qword ptr [edx+2*eax+4225B800]
add byte ptr [ebp+51000042], bh
inc edx
inc edx
8C914200C095
42
00E8
9A4200149A4200
A88F
42
00C8
8F4200
DC8C4200B82542
00BC2542000051
42
002C51
42
001427
inc
add
das
inc
add
sbb
edx
byte ptr [eax], ch
edx
:0041C12E
:0041C12F
:0041C131
:0041C134
:0041C136
:0041C137
:0041C13B
:0041C13D
:0041C140
:0041C142
:0041C143
:0041C149
:0041C14C
:0041C14D
:0041C150
:0041C152
:0041C153
:0041C155
:0041C158
:0041C15A
:0041C15B
:0041C15F
:0041C161
42
00D8
304200
1030
42
00743342
0038
324200
D469
42
00B051420074
8D4200
F0
8D4200
1C89
42
00D4
8D4200
7455
42
004C5A42
00C4
65
inc edx
add al, bl
inc edx
aam (base105)
inc edx
lea eax, dword ptr [edx+00]
lock
sbb al, 89
inc edx
add ah, dl
je 0041C1AF
inc edx
add byte ptr [edx+2*ebx+42], cl
add ah, al
BYTE 065h
:0041C162
:0041C163
:0041C16A
:0041C16B
:0041C171
42
008CDD410048DE
41
00B8DE410020
65
inc edx
add byte ptr [ebp+8*ebx-21B7FFBF], cl
inc ecx
add byte ptr [eax+200041DE], bh
BYTE 065h
:0041C172
:0041C173
:0041C177
:0041C17A
:0041C17B
:0041C17D
:0041C17E
:0041C17F
:0041C186
:0041C187
:0041C18B
:0041C191
42
005CDF41
00148F
42
00C0
6D
42
008C8B4200808E
42
004CD941
0088DB410044
DB4100
inc edx
add byte ptr [edi+8*ebx+41], bl
add byte ptr [edi+4*ecx], dl
inc edx
add al, al
insd
inc edx
add byte ptr [ebx+4*ecx-717FFFBE], cl
inc edx
add byte ptr [ecx+8*ebx+41], cl
add byte ptr [eax+440041DB], cl
fild dword ptr [ecx+00]
:0041C194
:0041C198
:0041C19C
:0041C1A0
:0041C1A4
F0DC4100
B8DB4100
68DB4100
1CDC4100
54DC4100
DWORD
DWORD
DWORD
DWORD
DWORD
:0041C1A8
:0041C1A9
:0041C1AB
:0041C1AD
07
0030
0010
B01A
pop
add
add
mov
0041DCF0
0041DBB8
0041DB68
0041DC1C
0041DC54
es
byte ptr [eax], dh
byte ptr [eax], dl
al, 1A

|:0041C158(C)
|
:0041C1AF B00E
:0041C1B1 B011
:0041C1B3 BD12B0B8FF
mov al, 0E
mov al, 11
mov ebp, FFB8B012
:0041C1B8
:0041C1BC
:0041C1C0
:0041C1C4
:0041C1C8
:0041C1CC
:0041C1D0
CCE04100
0CE14100
88E14100
40E14100
68E14100
C4E14100
5CE04100
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0041C1D4
:0041C1D8
:0041C1DA
:0041C1DB
:0041C1DC
:0041C1DD
:0041C1E6
:0041C1E7
:0041C1E8
:0041C1EA
:0041C1EC
:0041C1ED
:0041C1EE
1
:0041C1F7
:0041C1F8
:0041C1FA
:0041C1FC
:0041C1FD
:0041C1FF
:0041C200
:0041C202
:0041C203
:0041C205
:0041C207
:0041C20A
:0041C20C
:0041C20E
:0041C210
:0041C211
:0041C213
0B544375
7374
6F
6D
45
646974E4C14100070B
54
43
7573
746F
6D
45
646974D0C041007CFD
or edx, dword ptr [ebx+2*eax+75]

jnb 0041C24E
outsd
insd
inc ebp
imul esi, dword ptr fs:[esp-3F], 0B070041
push esp
inc ebx
jne 0041C25D
je 0041C25B
insd
inc ebp
imul esi, dword ptr fs:[eax+8*edx-40], FD7C004
41
000A
0008
53
7464
43
7472
6C
7301
0000
104000
7801
00FF
2C91
42
0001
000000000000
inc ecx
push ebx
je 0041C263
inc ebx
je 0041C274
insb
jnb 0041C206
js 0041C20D
add bh, bh
sub al, 91
inc edx
BYTE 6 DUP(0)
:0041C219
:0041C21C
:0041C21E
:0041C220
:0041C221
:0041C222
:0041C223
:0041C226
:0041C227
:0041C229
800100
0000
0900
07
54
61
625374
6F
7074
C24100

pop es
push esp
popad
bound edx, dword ptr [ebx+74]
outsd
jo 0041C29D
ret 0041
:0041C22C 00000000000000000000
:0041C236 0000
0041E0CC
0041E10C
0041E188
0041E140
0041E168
0041E1C4
0041E05C
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:0041C238 58
:0041C239 C3
pop eax
ret
:0041C23A 41
:0041C23B 00000000000000000000
:0041C245 000000
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041C248 4C
:0041C249 C3
dec esp
ret

|:0041C1D9(C)
|
:0041C24A 41
inc ecx
:0041C24B 000402
add byte ptr [edx+eax], al
:0041C24E 0000
:0041C250 84C04100
:0041C254 681C4100
DWORD 0041C084
DWORD 00411C68
:0041C258 342E
:0041C25A 40
xor al, 2E
inc eax

|:0041C1EA(C)
|
:0041C25B 0038
|:0041C1E8(C)
|
:0041C25D 2E
BYTE 02eh
:0041C25E 40
inc eax
:0041C25F 003C2E
:0041C262 40
inc eax
|:0041C1FD(C)
|
:0041C263 0080E04100B4
:0041C269 2B4000
:0041C26C C82B4000
:0041C270 54
:0041C271 53
:0041C272 42
:0041C273 00B89A420068
:0041C279 44
:0041C27A 42
:0041C27B 0008
:0041C27D D24000
:0041C280 3C4F
:0041C282 42
:0041C283 00DC

add byte ptr [eax+B40041E0], al
enter 402B, 00
push esp
push ebx
inc edx
inc esp
inc edx
cmp al, 4F
inc edx
add ah, bl
:0041C285
:0041C286
:0041C287
:0041C289
:0041C28A
:0041C28B
:0041C28D
:0041C28E
:0041C28F
:0041C295
27
42
00FC
54
42
0028
2F
42
00801C4100C4
184100
daa
inc edx
add ah, bh
push esp
inc edx
das
inc edx
:0041C298 BC184100
:0041C29C 881C4100
:0041C2A0 A4D84100
DWORD 004118BC
DWORD 00411C88
DWORD 0041D8A4
:0041C2A4
:0041C2AA
:0041C2AB
:0041C2AD
:0041C2B4
:0041C2B6
:0041C2B7
:0041C2B9
:0041C2BC
:0041C2C3
:0041C2CA
:0041C2CB
:0041C2CE
:0041C2CF
:0041C2D2
:0041C2D3
:0041C2D5
:0041C2D8
:0041C2DA
:0041C2DB
:0041C2DF
:0041C2E1
:0041C2E4
:0041C2E6
:0041C2E7
:0041C2ED
:0041C2F0
:0041C2F1
:0041C2F4
:0041C2F6
:0041C2F7
:0041C2F9
:0041C2FC
:0041C2FE
:0041C2FF
:0041C303
:0041C305
8C914200C095
42
00E8
9A4200149A4200
A88F
42
00C8
8F4200
DC8C4200B82542
00BC2542000051
42
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
D469
42
00B051420074
8D4200
F0
8D4200
1C89
42
00D4
8D4200
7455
42
004C5A42
00C4
65
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
add al, cl
pop [edx+00]
inc edx
inc edx
inc edx
add al, bl
inc edx
aam (base105)
inc edx
lock
sbb al, 89
inc edx
add ah, dl
je 0041C353
inc edx
add ah, al
BYTE 065h
:0041C306
:0041C307
:0041C30E
:0041C30F
:0041C315
42
008CDD410048DE
41
00B8DE410020
65
inc edx
add byte ptr [ebp+8*ebx-21B7FFBF], cl
inc ecx
add byte ptr [eax+200041DE], bh
BYTE 065h
:0041C316
:0041C317
:0041C31B
:0041C31E
:0041C31F
:0041C321
:0041C322
:0041C323
:0041C32A
:0041C32B
:0041C32F
:0041C335
42
005CDF41
00148F
42
00C0
6D
42
008C8B4200808E
42
004CD941
0088DB410044
DB4100
inc edx
add byte ptr [edi+8*ebx+41], bl
inc edx
add al, al
insd
inc edx
inc edx
add byte ptr [ecx+8*ebx+41], cl
add byte ptr [eax+440041DB], cl
:0041C338
:0041C33C
:0041C340
:0041C344
:0041C348
F0DC4100
B8DB4100
68DB4100
1CDC4100
54DC4100
DWORD
DWORD
DWORD
DWORD
DWORD
0041DCF0
0041DBB8
0041DB68
0041DC1C
0041DC54
:0041C34C 0554456469
:0041C351 748B
add eax, 69644554

je 0041C2DE
|:0041C2FC(C)
|
:0041C353 C058C341
:0041C357 0007
:0041C359 0554456469
:0041C35E 7474
:0041C360 C24100
:0041C363
:0041C365
:0041C366
:0041C368
:0041C36A
:0041C36B
:0041C36D
:0041C36E
:0041C370
:0041C371
:0041C373
:0041C377
:0041C37A
:0041C37C
:0041C37D
:0041C37F
:0041C380
:0041C381
loopnz 0041C326
inc ecx
add byte ptr [edx], bh
push ebx
je 0041C3D1
inc ebx
je 0041C3E2
insb
jnb 0041C3A4
add byte ptr [ebp+8*ebp+41], dl
add bh, bh
pushad
BYTE 0ffh
cld
BYTE 026h
E0C1
41
003A
0008
53
7464
43
7472
6C
7331
0054ED41
006000
00FF
60
0000
FF
FC
26
rcr byte ptr [eax-3D], 41

add eax, 69644554
je 0041C3D4
ret 0041
:0041C382 42
:0041C383 00000000
inc edx
BYTE 4 DUP(0)
:0041C387 800300
:0041C38A
:0041C38C
:0041C38E
:0041C38F
:0041C390
:0041C391
:0041C394
:0041C396
:0041C398
:0041C399
:0041C39B
:0041C39D
:0041C39F
:0041C3A1
:0041C3A3
0000
0A00
07
41
6E
63686F
7273
0010
40
00F4
0100
FFF4
0100
FF01
000000000000

pop es
inc ecx
outsb
jb 0041C409
inc eax
add ah, dh
push esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041C3A9
:0041C3AC
:0041C3AE
:0041C3B0
:0041C3B3
:0041C3B5
:0041C3B6
800100
0000
0B00
0A4175
746F
53
65

or al, byte ptr [ecx+75]
je 0041C424
push ebx
BYTE 065h
:0041C3B7
:0041C3B8
:0041C3BD
:0041C3BE
:0041C3C0
:0041C3C2
:0041C3C6
:0041C3C8
6C
6563740010
40
00F3
0100
FF6CD941
0001
000000000000
insb
inc eax
add bl, dh
jmp far [ecx+8*ebx+41]
BYTE 6 DUP(0)
:0041C3CE 800100
|:0041C36B(C)
|
:0041C3D1 0000
:0041C3D3 0C00
:0041C3D5 084175
:0041C3D8 746F
:0041C3DA 53
:0041C3DB 697A6554AF4000
|:0041C36E(C)
|
:0041C3E2 4F
:0041C3E3 0000
:0041C3E5 FF6C0000
:0041C3E9 FEC0
:0041C3EB 324200
:0041C3EE 000000
:0041C3F1 800000

or al, 00
je 0041C449
push ebx
dec edi
jmp far [eax+eax]
inc al
BYTE 3 DUP(0)
:0041C3F4
:0041C3FA
:0041C402
:0041C403
:0041C404
:0041C406
:0041C408
:0041C40E
00800D000842
6944694D6F6465EC
44
43
00F0
0100
FF80D9410001
000000000000
add byte ptr [eax+4208000D], al

imul eax, dword ptr [ecx+2*ebp+4D], EC65646F
inc esp
inc ebx
add al, dh
inc dword ptr [eax+010041D9]
BYTE 6 DUP(0)
:0041C414
:0041C417
:0041C419
:0041C41A
:0041C41C
:0041C41D
:0041C41E
:0041C420
800100
0000
0E
000B
42
6F
7264
65

push cs
inc edx
outsd
jb 0041C484
BYTE 065h
:0041C421
:0041C423
:0041C425
:0041C426
7253
7479
6C
65
jb 0041C476
je 0041C49E
insb
BYTE 065h
:0041C427
:0041C428
:0041C42C
:0041C42E
:0041C435
40
C04100F7
0100
FFA4D941000100
0000000000
inc eax
rol byte ptr [ecx+00], F7
jmp dword ptr [ecx+8*ebx+00010041]
BYTE 5 DUP(0)
:0041C43A
:0041C43D
:0041C43F
:0041C442
:0041C443
:0041C448
:0041C44A
:0041C44F
:0041C451
:0041C453
:0041C456
:0041C457
:0041C45A
800000
0000
0F0008
43
6861724361
7365
BC24410064
0000
FF30
334200
4C
334200
000000

str dword ptr [eax]
inc ebx
push 61437261
jnb 0041C4AF
mov esp, 64004124
dec esp
BYTE 3 DUP(0)
:0041C45D 80050000801000
:0041C464 05436F6C6F
:0041C469 7200
add byte ptr [10800000], 00

add eax, 6F6C6F43
jb 0041C46B
|:0041C469(C)
|
:0041C46B EE
:0041C46C 41
:0041C46D 006800
:0041C470 00FF
:0041C472 680000FF01

out dx, al
inc ecx
add bh, bh
push 01FF0000
:0041C477 000000000000
BYTE 6 DUP(0)
:0041C47D
:0041C480
:0041C486
:0041C487
:0041C488
:0041C48A
:0041C48C
:0041C493
:0041C496
:0041C498
:0041C499

outsd
outsb
jnb 0041C4FE
jb 0041C4ED
add byte ptr [ecx+eax], ch
add bh, bh
inc eax
nop
800000
008011000B43
6F
6E
7374
7261
696E7473001040
002C01
00FF
40
90
|:0041C4D4(C)
|
:0041C49A 42
:0041C49B 00649042
:0041C49F 00000000
:0041C4A3
:0041C4A6
:0041C4AC
:0041C4AE
:0041C4B2
:0041C4B3
:0041C4B6
:0041C4B8
:0041C4B9
:0041C4BB
:0041C4BD

je 0041C51A
xor eax, dword ptr [eax+4*esi-18]
inc ecx
add bh, bh
outsb
inc dword ptr [ecx]
BYTE 6 DUP(0)
800000
008012000543
746C
3344B0E8
41
006E00
00FF
6E
0000
FF01
000000000000
inc edx
add byte ptr [eax+4*edx+42], ah
BYTE 4 DUP(0)
:0041C4C3 80F4FF
:0041C4C6 FFFF
xor ah, FF
BYTE 2 DUP(0ffh)
:0041C4C8
:0041C4CA
:0041C4CE
:0041C4D0
:0041C4D2
:0041C4D4
:0041C4D6
:0041C4D7
:0041C4D8
:0041C4DE
:0041C4E0
:0041C4E2

inc ebx
jne 0041C544
jnb 0041C543
jb 0041C49A
in al, dx
inc ecx
inc dword ptr [ecx]
BYTE 6 DUP(0)
1300
0A447261
6743
7572
736F
72C4
EC
41
00870000FF87
0000
FF01
000000000000
:0041C4E8 800000
:0041C4EB 0000


|:0041C48A(C)
|
:0041C4ED
:0041C4EF
:0041C4F3
:0041C4F5
:0041C4FC
:0041C4FD
:0041C4FF
:0041C503
:0041C505
1400
08447261
674B
696E6490EC4100
4D
0000
FF5C0000
FE01
000000000000
adc al, 00
dec ebx
dec ebp
call far [eax+eax]
inc byte ptr [ecx]
BYTE 6 DUP(0)
:0041C50B
:0041C50E
:0041C510
:0041C515
:0041C516
:0041C518
:0041C519
800000
0000
1500084472
61
674D
6F
64

adc eax, 72440800
popad
dec ebp
outsd
BYTE 064h
|:0041C4AC(C)
|
:0041C51A 650010
:0041C51D 40
:0041C51E 005000
:0041C521 00FE
:0041C523 60
:0041C524 0000
:0041C526 FE
:0041C527 BC4E420000
:0041C52C 0000
:0041C52E 800100
:0041C531 0000
:0041C533 16
:0041C534 0007
:0041C536 45
:0041C537 6E
:0041C538 61
:0041C539 626C6564
:0041C53D 3429
:0041C53F 41
:0041C540 005800
|:0041C4D2(C)
|
:0041C543 00FF
:0041C545 90
:0041C546 324200
:0041C549 A032420000
:0041C54E 0000
:0041C550 800000
:0041C553 008017000446
:0041C559 6F
:0041C55A 6E
:0041C55B 7400

inc eax
add dh, bh
pushad
BYTE 0feh
mov esp, 0000424E
push ss
inc ebp
outsb
popad
xor al, 29
inc ecx
add bh, bh
nop
xor al, byte
mov al, byte
add byte ptr
add byte ptr
add byte ptr
outsd
outsb
je 0041C55D
ptr [edx+00]
ptr [00004232]
[eax], al
[eax], 00
[eax+46040017], al
|:0041C55B(C)
|
:0041C55D 104000
:0041C560 F5
:0041C561 0100
:0041C563 FF
:0041C564 B8D9410001
:0041C569 000000000000

cmc
BYTE 0ffh
mov eax, 010041D9
BYTE 6 DUP(0)
:0041C56F
:0041C572
:0041C574
:0041C576
:0041C57B
:0041C57C
800100
0000
1800
0D48696465
53
65

or eax, 65646948
push ebx
BYTE 065h
:0041C57D
:0041C57E
:0041C583
:0041C584
:0041C586
:0041C587
:0041C58A
:0041C58C
:0041C58D
:0041C58F
:0041C591
6C
656374696F
6E
E4F8
41
004801
00FF
48
0100
FF01
000000000000
insb
arpl dword ptr gs:[ecx+2*ebp+6F], esi
outsb
in al, F8
inc ecx
add bh, bh
dec eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041C597
:0041C59A
:0041C59C
:0041C59E
:0041C59F
:0041C5A0
:0041C5A1
800300
0000
1900
07
49
6D
65

sbb dword ptr [eax], eax
pop es
dec ecx
insd
BYTE 065h
:0041C5A2 4D
:0041C5A3 6F
:0041C5A4 64
dec ebp
outsd
BYTE 064h
:0041C5A5 65
BYTE 065h
:0041C5A6
:0041C5A7
:0041C5A8
:0041C5A9
:0041C5AD
:0041C5B1
:0041C5B3
insb
stc
inc ecx
add byte ptr [ecx+eax], cl
dec [ecx+eax]
inc dword ptr [ecx]
BYTE 6 DUP(0)
6C
F9
41
004C0100
FF4C0100
FF01
000000000000
:0041C5B9 800000
:0041C5BC 00801A000749
:0041C5C2 6D

insd
:0041C5C3 65
BYTE 065h
:0041C5C4
:0041C5C5
:0041C5C6
:0041C5C7
4E
61
6D
65
dec esi
popad
insd
BYTE 065h
:0041C5C8
:0041C5CA
:0041C5CB
:0041C5CD
:0041C5CF
:0041C5D1
:0041C5D4
:0041C5D6
3C10
40
00EC
0100
FFCC
D94100
0100
0000000000
cmp al, 10
inc eax
add ah, ch
dec esp
fld dword ptr [ecx+00]
BYTE 5 DUP(0)
:0041C5DB
:0041C5DE
:0041C5E0
:0041C5E2
:0041C5E5
:0041C5E7
800000
0000
1B00
094D61
784C
65

or dword ptr [ebp+61], ecx
js 0041C633
BYTE 065h
:0041C5E8
:0041C5E9
:0041C5EC
:0041C5EE
:0041C5EF
:0041C5F1
:0041C5F3
:0041C5F4
:0041C5F5
:0041C5F8
:0041C5FA
6E
677468
0010
40
00F6
0100
FF
FC
D94100
0100
0000000000
outsb
je 0041C654
inc eax
add dh, dh
BYTE 0ffh
cld
fld dword ptr [ecx+00]
BYTE 5 DUP(0)
:0041C5FF
:0041C602
:0041C604
:0041C606
:0041C609
:0041C60A
:0041C60B
:0041C60C
:0041C60D
:0041C60F
:0041C611
:0041C613
:0041C614
:0041C617
:0041C619
:0041C61E
800000
0000
1C00
0A4F45
4D
43
6F
6E
7665
7274
0010
40
005000
00FF
680000FE01
000000000000

sbb al, 00
or cl, byte ptr [edi+45]
dec ebp
inc ebx
outsd
outsb
jbe 0041C674
jb 0041C685
inc eax
add bh, bh
push 01FE0000
BYTE 6 DUP(0)
:0041C624 800100
:0041C627 0000

:0041C629
:0041C62E
:0041C630
:0041C631
1D000E5061
7265
6E
7442
sbb eax, 61500E00

jb 0041C695
outsb
je 0041C675
|:0041C5E5(C)
|
:0041C633 6944694D6F646500
:0041C63B 104000
:0041C63E 4A
:0041C63F 0000
:0041C641 FF543342
:0041C645 0001
:0041C647 000000000000
:0041C64D
:0041C650
:0041C652
:0041C653
:0041C655
:0041C656
:0041C657
:0041C659
:0041C65A
:0041C65C
:0041C65D
:0041C65E
:0041C65F

push ds
push eax
popad
jb 0041C6BE
outsb
je 0041C69F
outsd
insb
outsd
jb 0041C661
800000
0000
1E
000B
50
61
7265
6E
7443
6F
6C
6F
7200

dec edx
call [ebx+esi+42]
BYTE 6 DUP(0)
|:0041C65F(C)
|
:0041C661 104000
:0041C664 640100
:0041C667 FF7090
:0041C66A 42
:0041C66B 0001
:0041C66D 000000000000
:0041C673
:0041C676
:0041C678
:0041C679
:0041C67B
:0041C67C
:0041C67D
:0041C67F
:0041C680
:0041C682
:0041C684
:0041C688
:0041C689
:0041C68C
:0041C68E
:0041C692
:0041C694

pop ds
push eax
popad
jb 0041C6E4
outsb
je 0041C6C5
je 0041C6F0
xor eax, dword ptr [eax+eax+10]
inc eax
add bh, bh
enter 4232, 00
BYTE 5 DUP(0)
800100
0000
1F
000B
50
61
7265
6E
7443
746C
33440010
40
004900
00FF
C8324200
0100
0000000000

add dword ptr fs:[eax], eax
push [eax-70]
inc edx
BYTE 6 DUP(0)
:0041C699
:0041C69C
:0041C69E
:0041C6A0
:0041C6A3
:0041C6A5
:0041C6A6
:0041C6A8
:0041C6A9
:0041C6AA
800100
0000
2000
0A5061
7265
6E
7446
6F
6E
7400
|:0041C6AA(C)
|
:0041C6AC 104000
:0041C6AF 8600
:0041C6B1 00FF
:0041C6B3 0C33
:0041C6B5 42
:0041C6B6 0001
:0041C6B8 000000000000

jb 0041C70A
outsb
je 0041C6EE
outsd
outsb
je 0041C6AC
add bh, bh
or al, 33
inc edx
BYTE 6 DUP(0)

|:0041C657(C)
|
:0041C6BE 800100
:0041C6C1 0000
:0041C6C3 2100
and dword ptr [eax], eax
|:0041C680(C)
|
:0041C6C5 0E
:0041C6C6 50
:0041C6C7 61
:0041C6C8 7265
:0041C6CA 6E
:0041C6CB 7453
:0041C6CD 686F774869
:0041C6D2 6E
:0041C6D3 7428
:0041C6D5 104000
:0041C6D8 F1
:0041C6D9 0100
:0041C6DB FF80DA410001
:0041C6E1 000000000000
:0041C6E7 800000
:0041C6EA 0000
:0041C6EC 2200

and al, byte ptr [eax]
push cs
push eax
popad
jb 0041C72F
outsb
je 0041C720
push 6948776F
outsb
je 0041C6FD
BYTE 0f1h
inc dword ptr [eax+010041DA]
BYTE 6 DUP(0)

|:0041C6A6(C)
|
:0041C6EE 0C50
or al, 50
|:0041C682(C)
|
:0041C6F0 61
:0041C6F1 7373
:0041C6F3 776F
:0041C6F5 7264
:0041C6F7 43
:0041C6F8 6861723804
|:0041C6D3(C)
|
:0041C6FD 43
:0041C6FE 007000
:0041C701 00FF
:0041C703 5C
:0041C704 314200
:0041C707 0100
:0041C709 0000000000
:0041C70E
:0041C711
:0041C717
:0041C718
:0041C71A
:0041C71C

outsd
jo 0041C78F
jo 0041C769
BYTE 065h
800000
008023000950
6F
7075
704D
65
popad
jnb 0041C766
ja 0041C764
jb 0041C75B
inc ebx
push 04387261
inc ebx
add bh, bh
pop esp
BYTE 5 DUP(0)
:0041C71D 6E
:0041C71E 7500
outsb
jne 0041C720
|:0041C6CB(C), :0041C71E(C)
|
:0041C720 104000
:0041C723 F2
:0041C724 0100
:0041C726 FF08
:0041C728 DB4100
:0041C72B 0100
:0041C72D 0000000000
:0041C732
:0041C735
:0041C737
:0041C739
:0041C73C
:0041C73D
800000
0000
2400
085265
61
64

and al, 00
or byte ptr [edx+65], dl
popad
BYTE 064h
:0041C73E
:0041C73F
:0041C740
:0041C741
4F
6E
6C
7900
dec edi
outsb
insb
jns 0041C743

repnz
dec dword ptr [eax]
BYTE 5 DUP(0)

|:0041C741(C)
|
:0041C743
:0041C746
:0041C748
:0041C74A
:0041C74F
:0041C752
104000
8500
00FF
E8324200B4
324200
000000

test dword ptr [eax], eax
add bh, bh
call B4420981
BYTE 3 DUP(0)
:0041C755
:0041C758
:0041C75E
:0041C763
800000
008025000853
686F774869
6E

push 6948776F
outsb

|:0041C6F3(C)
|
:0041C764 74F0
je 0041C756
|:0041C6F1(C)
|
:0041C766 EC
:0041C767 41
:0041C768 00949042001491
:0041C76F 42
:0041C770 0001
:0041C772 000000000000
:0041C778 80FFFF
:0041C77B FFFF
cmp bh, FF
BYTE 2 DUP(0ffh)
:0041C77D
:0041C780
:0041C781
:0041C782
:0041C785
add byte ptr es:[eax], cl

push esp
popad
bound ecx, dword ptr [edi+72]
BYTE 064h
260008
54
61
624F72
64
in al, dx
inc ecx
add byte ptr [eax+4*edx-6EEBFFBE], dl
inc edx
BYTE 6 DUP(0)
:0041C786 65
BYTE 065h
:0041C787 7200
jb 0041C789
|:0041C787(C)
|
:0041C789 104000
:0041C78C 7801
:0041C78E 00FF
:0041C790 2C91
:0041C792 42
:0041C793 0001
:0041C795 000000000000
:0041C79B 800100
:0041C79E 0000


js 0041C78F
add bh, bh
sub al, 91
inc edx
BYTE 6 DUP(0)
:0041C7A0
:0041C7A2
:0041C7A3
:0041C7A4
:0041C7A5
:0041C7A8
:0041C7A9
:0041C7AB
:0041C7AC
:0041C7AD
:0041C7B4
:0041C7B5
:0041C7B7
0900
07
54
61
625374
6F
7008
ED
41
00A4314200D431
42
0001
000000000000

pop es
push esp
popad
outsd
jo 0041C7B3
in ax, dx
inc ecx
inc edx
BYTE 6 DUP(0)
:0041C7BD 800000
:0041C7C0 008027000454
:0041C7C6 65

BYTE 065h
:0041C7C7
:0041C7C9
:0041C7CB
:0041C7CC
:0041C7CF
:0041C7D1
:0041C7D2
:0041C7D5
:0041C7D6
:0041C7D7
:0041C7D8
7874
0010
40
004700
00FF
94
304200
FC
4E
42
00000000
js 0041C83D
inc eax
add bh, bh
xchg eax,esp
cld
dec esi
inc edx
BYTE 4 DUP(0)
:0041C7DC
:0041C7DF
:0041C7E1
:0041C7E3
:0041C7E4
:0041C7E5
:0041C7EC
:0041C7ED
:0041C7EE
:0041C7F0
:0041C7F2
:0041C7F3
:0041C7F4
:0041C7F6
:0041C7F8
800100
0000
2800
07
56
697369626C65F0
AF
40
00FC
0100
FF
FC
0100
FF01
000000000000

sub byte ptr [eax], al
pop es
push esi
imul esi, dword ptr [ebx+69], F0656C62
scasd
inc eax
add ah, bh
BYTE 0ffh
cld
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041C7FE
:0041C801
:0041C807
:0041C808
:0041C809
:0041C80E
:0041C80F
:0041C810
:0041C811
:0041C814
800000
00802900084F
6E
43
68616E6765
F0
AF
40
000401
00FF

outsb
inc ebx
push 65676E61
lock
scasd
inc eax
add bh, bh
:0041C816
:0041C818
:0041C81A
:0041C81C
:0041C81D
0401
00FF
1C4F
42
00000000
add al,
add bh,
sbb al,
inc edx
BYTE 4
01
bh
4F
:0041C821
:0041C824
:0041C82A
:0041C82B
:0041C82C
:0041C82D
:0041C834
:0041C836
:0041C838
:0041C83A
:0041C83C
:0041C83E
800000
00802A00074F
6E
43
6C
69636BF0AF4000
0C01
00FF
0C01
00FF
0100
0000000000

add byte ptr [eax+4F07002A], al
outsb
inc ebx
insb
or al, 01
add bh, bh
or al, 01
add bh, bh
BYTE 5 DUP(0)
:0041C843
:0041C846
:0041C84C
:0041C84D
:0041C84E
:0041C852
:0041C859
:0041C85A
:0041C85C
:0041C85E
:0041C860
:0041C862
800000
00802B000A4F
6E
44
626C436C
69636B50F04100
CC
0000
FFCC
0000
FF01
000000000000

add byte ptr [eax+4F0A002B], al
outsb
inc esp
int 03
dec esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041C868
:0041C86B
:0041C871
:0041C872
:0041C873
:0041C875
:0041C877
:0041C879
:0041C87B
800000
00802C000A4F
6E
44
7261
6744
726F
70E0
EF

add byte ptr [eax+4F0A002C], al
outsb
inc esp
jb 0041C8D6
inc esp
jb 0041C8E8
jo 0041C85B
out dx, ax
DUP(0)
|:0041C89E(C)
|
:0041C87C 41
:0041C87D 00D4
:0041C87F 0000
:0041C881 FFD4
:0041C883 0000
:0041C885 FF01
:0041C887 000000000000
:0041C88D 800000
:0041C890 00802D000A4F
:0041C896 6E

add byte ptr [eax+4F0A002D], al
outsb
inc ecx
add ah, dl
call esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041C897
:0041C898
:0041C89A
:0041C89C
:0041C89E
:0041C8A0
:0041C8A1
:0041C8A2
:0041C8A4
:0041C8A6
:0041C8A8
:0041C8AA
:0041C8AC
44
7261
674F
7665
72DC
F0
41
00EC
0000
FFEC
0000
FF01
000000000000
inc esp
jb 0041C8FB
dec edi
jbe 0041C903
jb 0041C87C
lock
inc ecx
add ah, ch
jmp far esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041C8B2
:0041C8B5
:0041C8BB
:0041C8BC
:0041C8BD
:0041C8BE
800000
00802E00094F
6E
45
6E
64

add byte ptr [eax+4F09002E], al
outsb
inc ebp
outsb
BYTE 064h
:0041C8BF
:0041C8C0
:0041C8C1
:0041C8C4
:0041C8C5
:0041C8C6
:0041C8C8
:0041C8CA
:0041C8CB
:0041C8CC
:0041C8CE
:0041C8D0
44
6F
636BDC
F0
41
00FC
0000
FF
FC
0000
FF01
000000000000
inc esp
outsd
lock
inc ecx
add ah, bh
BYTE 0ffh
cld
inc dword ptr [ecx]
BYTE 6 DUP(0)
|:0041C873(C)
|
:0041C8D6 800000
:0041C8D9 00802F00094F
:0041C8DF 6E
:0041C8E0 45
:0041C8E1 6E
:0041C8E2 64
:0041C8E3 44
:0041C8E4 7261
:0041C8E6 67F0
inc esp
jb 0041C947
lock
|:0041C877(C)
|
:0041C8E8 AF
:0041C8E9 40
:0041C8EA 00980100FF98
:0041C8F0 0100

add byte ptr [eax+4F09002F], al
outsb
inc ebp
outsb
BYTE 064h
scasd
inc eax
add byte ptr [eax+98FF0001], bl
:0041C8F2 FF01
:0041C8F4 000000000000
inc dword ptr [ecx]

BYTE 6 DUP(0)

|:0041C908(C)
|
:0041C8FA 800000
:0041C8FD 00803000074F
|:0041C89C(C)
|
:0041C903 6E
:0041C904 45
:0041C905 6E
:0041C906 7465
:0041C908 72F0
:0041C90A AF
:0041C90B 40
:0041C90C 00A00100FFA0
:0041C912 0100
:0041C914 FF01
:0041C916 000000000000
:0041C91C
:0041C91F
:0041C925
:0041C926
:0041C927
:0041C929
:0041C92B
:0041C92C
:0041C92D
:0041C933
:0041C935
:0041C937
800000
00803100064F
6E
45
7869
7470
EF
41
00B00100FFB0
0100
FF01
000000000000

outsb
inc ebp
js 0041C992
je 0041C99B
out dx, ax
inc ecx
add byte ptr [eax+B0FF0001], dh
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041C93D 800000
:0041C940 00803200094F
:0041C946 6E

outsb
outsb
inc ebp
outsb
je 0041C96D
jb 0041C8FA
scasd
inc eax
add byte ptr [eax+A0FF0001], ah
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:0041C8E4(C)
|
:0041C947 4B
dec ebx
:0041C948 65
BYTE 065h
:0041C949
:0041C94B
:0041C94C
:0041C94E
:0041C950
:0041C951
:0041C957
:0041C959
7944
6F
776E
B0EF
41
00B80100FFB8
0100
FF01
jns 0041C98F
outsd
ja 0041C9BC
mov al, EF
inc ecx
add byte ptr [eax+B8FF0001], bh
inc dword ptr [ecx]
:0041C95B 000000000000
BYTE 6 DUP(0)
:0041C961 800000
|:0041C973(C)
|
:0041C964 008033000A4F
:0041C96A 6E
:0041C96B 4B
:0041C96C 65
|:0041C906(C)
|
:0041C96D 7950
:0041C96F 7265
:0041C971 7373
:0041C973 70EF
:0041C975 41
:0041C976 00C0
:0041C978 0100
:0041C97A FFC0
:0041C97C 0100
:0041C97E FF01
:0041C980 000000000000
:0041C986 800000
:0041C989 00803400074F


outsb
dec ebx
BYTE 065h
jns 0041C9BF
jb 0041C9D6
jnb 0041C9E6
jo 0041C964
inc ecx
add al, al
inc eax
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:0041C949(C)
|
:0041C98F 6E
outsb
:0041C990 4B
dec ebx
:0041C991 65
BYTE 065h
|:0041C927(C)
|
:0041C992 7955
:0041C994 70BC
:0041C996 EE
:0041C997 41
:0041C998 00B40000FFB400
:0041C99F 00FF
:0041C9A1 0100
:0041C9A3 0000000000
:0041C9A8
:0041C9AB
:0041C9B1
:0041C9B2

outsb
dec ebp
800000
008035000B4F
6E
4D
jns 0041C9E9
jo 0041C952
out dx, al
inc ecx
add byte ptr [eax+eax+00B4FF00], dh
add bh, bh
BYTE 5 DUP(0)
:0041C9B3 6F
:0041C9B4 7573
:0041C9B6 65
outsd
jne 0041CA29
BYTE 065h
:0041C9B7
:0041C9B8
:0041C9B9
:0041C9BB
:0041C9BD
:0041C9BE
:0041C9C5
:0041C9C7
:0041C9C9
44
6F
776E
20EF
41
00BC0000FFBC00
00FF
0100
0000000000
inc esp
outsd
ja 0041CA29
and bh, ch
inc ecx
add bh, bh
BYTE 5 DUP(0)
:0041C9CE
:0041C9D1
:0041C9D7
:0041C9D8
:0041C9D9
:0041C9DA
:0041C9DC
800000
008036000B4F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 0041CA4F
BYTE 065h
:0041C9DD
:0041C9DE
:0041C9DF
:0041C9E1
4D
6F
7665
BCEE4100C4
dec ebp
outsd
jbe 0041CA46
mov esp, C40041EE
|:0041C971(C)
|
:0041C9E6 0000
:0041C9E8 FFC4
:0041C9EA 0000
:0041C9EC FF01
:0041C9EE 000000000000
:0041C9F4
:0041C9F7
:0041C9FD
:0041C9FE
:0041C9FF
:0041CA00
:0041CA02
800000
00803700094F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 0041CA75
BYTE 065h
:0041CA03
:0041CA04
:0041CA06
:0041CA07
:0041CA08
:0041CA0A
:0041CA0C
:0041CA0E
:0041CA10
:0041CA12
55
7050
F2
41
00E4
0000
FFE4
0000
FF01
000000000000
push ebp
jo 0041CA56
repnz
inc ecx
add ah, ah
jmp esp
inc dword ptr [ecx]
BYTE 6 DUP(0)

inc esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041CA18
:0041CA1B
:0041CA21
:0041CA22
:0041CA23
:0041CA25
:0041CA27
:0041CA28
800000
008038000B4F
6E
53
7461
7274
44
6F

outsb
push ebx
je 0041CA86
jb 0041CA9B
inc esp
outsd
|:0041C9B4(C), :0041C9B9(C)
|
:0041CA29 636B9C
:0041CA2C F0
:0041CA2D 41
:0041CA2E 00F4
:0041CA30 0000
:0041CA32 FFF4
:0041CA34 0000
:0041CA36 FF01
:0041CA38 000000000000
:0041CA3E
:0041CA41
:0041CA47
:0041CA48
:0041CA49
:0041CA4B
:0041CA4D
:0041CA4E
:0041CA50
:0041CA54
:0041CA59
:0041CA63
:0041CA6D

outsb
push ebx
je 0041CAAC
jb 0041CAC1
inc esp
jb 0041CAB1
lea eax, [bx+si+00]
mov al, byte ptr [000041CA]
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
800000
008039000B4F
6E
53
7461
7274
44
7261
678D4000
A0CA410000
00000000000000000000
00000000000000000000
0000000000000000

lock
inc ecx
add ah, dh
push esp
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:0041CA00(C)
|
:0041CA75 CB
retf
:0041CA76 41
inc ecx
:0041CA77 001C00
:0041CA7A 0000
:0041CA7C 20F8
and al, bh
:0041CA7E 41
inc ecx
:0041CA7F 0028
:0041CA81 2E
BYTE 02eh
:0041CA82 40
:0041CA83 00342E
inc eax

|:0041CA23(C)
|
:0041CA86 40
inc eax
:0041CA87 0038
:0041CA89 2E

BYTE 02eh
:0041CA8A
:0041CA8B
:0041CA8E
:0041CA8F
:0041CA91
inc eax
inc eax
BYTE 02eh
40
003C2E
40
0030
2E
:0041CA92 40
:0041CA93 00B42B4000C82B
:0041CA9A 40
inc eax
inc eax
|:0041CA25(C)
|
:0041CA9B 0010
:0041CA9D 1D4100FCE1
:0041CAA2 41
:0041CAA3 00441D41
:0041CAA7 006023
:0041CAAA 42
:0041CAAB 006C1D41
:0041CAAF 000C24
:0041CAB2 42
:0041CAB3 00C8
:0041CAB5 1C41
:0041CAB7 00A41D41005422
:0041CABE 42
:0041CABF 0020
|:0041CA4B(C)
|
:0041CAC1 E241
:0041CAC3 00C8
:0041CAC5 224200
:0041CAC8 1C52
:0041CACA 42
:0041CACB 00FC
:0041CACD 224200
:0041CAD0 2CDF
:0041CAD2 42
:0041CAD3 0040DF
:0041CAD6 42
:0041CAD7 0030
:0041CAD9 234200
:0041CADC 8823
:0041CADE 42
:0041CADF 0058E2
:0041CAE2 41
:0041CAE3 00A823420050
:0041CAE9 52
:0041CAEA 42
:0041CAEB 00C8
:0041CAED 234200
:0041CAF0 7CDF
:0041CAF2 42
add
sbb
inc
add
add
inc
add
add
inc
add
sbb
add
inc
add
byte ptr [eax], dl

eax, E1FC0041
ecx
byte ptr [ebp+ebx+41], al
byte ptr [eax+23], ah
edx
byte ptr [ebp+ebx+41], ch
byte ptr [esp], cl
edx
al, cl
al, 41
byte ptr [ebp+ebx+22540041], ah
edx
byte ptr [eax], ah
loop 0041CB04
add al, cl
and al, byte ptr [edx+00]
sbb al, 52
inc edx
add ah, bh
sub al, DF
inc edx
add byte ptr [eax-21], al
inc edx
and eax, dword ptr [edx+00]
mov byte ptr [ebx], ah
inc edx
add byte ptr [eax-1E], bl
inc ecx
push edx
inc edx
add al, cl
jl 0041CAD1
inc edx
:0041CAF3
:0041CAF9
:0041CAFC
:0041CAFE
:0041CAFF
:0041CB01
:0041CB02
:0041CB03
:0041CB05
:0041CB07
:0041CB08
:0041CB09
:0041CB0D
:0041CB0E
:0041CB0F
:0041CB16
:0041CB17
:0041CB21
0080DF4200EC
234200
7021
42
0011
54
42
7574
746F
6E
41
6374696F
6E
4C
696E6B8BC060CB
41
00000000000000000000
000000
add byte ptr [eax+EC0042DF], al

jo 0041CB1F
inc edx
push esp
inc edx
jne 0041CB79
je 0041CB76
outsb
inc ecx
arpl dword ptr [ecx+2*ebp+6F], esi
outsb
dec esp
imul ebp, dword ptr [esi+6B], CB60C08B
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041CB24
:0041CB25
:0041CB26
:0041CB27
44
CC
41
000000000000000000
inc esp
int 03
inc ecx
BYTE 9 DUP(0)
:0041CB30 20CC4100
:0041CB34 2ECC4100
DWORD 0041CC20
DWORD 0041CC2E
:0041CB38
:0041CB39
:0041CB3B
:0041CB3D
:0041CB3E
:0041CB3F
:0041CB42
:0041CB43
:0041CB46
:0041CB47
:0041CB49
F0
0100
00CC
F9
41
00681C
41
00342E
40
0038
2E
lock
add ah, cl
stc
inc ecx
inc ecx
inc eax
BYTE 02eh
:0041CB4A
:0041CB4B
:0041CB4E
:0041CB4F
:0041CB55
:0041CB58
:0041CB5C
:0041CB5D
:0041CB5E
:0041CB5F
:0041CB65
:0041CB66
:0041CB67
:0041CB69
:0041CB6C
:0041CB6E
40
003C2E
40
00906B4200B4
2B4000
C82B4000
54
53
42
00B89A420068
44
42
0008
D24000
3C4F
42
inc eax
inc eax
add byte ptr [eax+B400426B], dl
enter 402B, 00
push esp
push ebx
inc edx
inc esp
inc edx
cmp al, 4F
inc edx
:0041CB6F
:0041CB71
:0041CB72
:0041CB73
:0041CB75
00DC
27
42
00FC
54
add ah, bl
daa
inc edx
add ah, bh
push esp

|:0041CB05(C)
|
:0041CB76 42
inc edx
:0041CB77 0028
|:0041CB03(C)
|
:0041CB79 2F
:0041CB7A 42
:0041CB7B 00801C4100C4
:0041CB81 184100
:0041CB84 BC184100
:0041CB88 881C4100
:0041CB8C BCE24100
DWORD 004118BC
DWORD 00411C88
DWORD 0041E2BC
:0041CB90
:0041CB96
:0041CB97
:0041CB99
:0041CBA0
:0041CBA2
:0041CBA3
:0041CBA5
:0041CBA8
:0041CBAF
:0041CBB6
:0041CBB7
:0041CBBA
:0041CBBB
:0041CBBE
:0041CBBF
:0041CBC1
:0041CBC4
:0041CBC6
:0041CBC7
:0041CBCB
:0041CBCD
:0041CBD0
:0041CBD1
:0041CBD3
:0041CBD9
:0041CBDC
:0041CBDD
:0041CBE0
:0041CBE2
:0041CBE3
:0041CBE5
:0041CBE8
:0041CBEA
:0041CBEB
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
add al, cl
pop [edx+00]
inc edx
inc edx
inc edx
add al, bl
inc edx
push eax
jcxz 0041CC14
lock
sbb al, 89
inc edx
add ah, dl
je 0041CC3F
inc edx
8C914200C095
42
00E8
9A4200149A4200
A88F
42
00C8
8F4200
DC8C4200B82542
00BC2542000051
42
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
50
E341
00B051420074
8D4200
F0
8D4200
1C89
42
00D4
8D4200
7455
42
004C5A42
das
inc edx
:0041CBEF 00C4
:0041CBF1 65
add ah, al
BYTE 065h
:0041CBF2
:0041CBF3
:0041CBF5
:0041CBF6
:0041CBF7
:0041CBFE
:0041CBFF
:0041CC01
inc edx
add al, ch
popad
inc edx
add byte ptr [esp+63180042], al
inc edx
BYTE 065h
42
00E8
61
42
00846442001863
42
0020
65
:0041CC02 42
:0041CC03 00C8
:0041CC05 64
inc edx
add al, cl
BYTE 064h
:0041CC06
:0041CC07
:0041CC0A
:0041CC0B
:0041CC0D
:0041CC0E
:0041CC0F
:0041CC16
:0041CC17
:0041CC1A
:0041CC1B
:0041CC1F
:0041CC21
:0041CC23
:0041CC25
inc edx
add byte ptr
inc edx
add al, al
insd
inc edx
add byte ptr
inc edx
add byte ptr
inc ecx
add byte ptr
add byte ptr
add al, dh
call far edi
BYTE 0ffh
42
00148F
42
00C0
6D
42
008C8B4200808E
42
0048E3
41
004CE341
0002
00F0
FFDF
FF
[edi+4*ecx], dl
[ebx+4*ecx-717FFFBE], cl
[eax-1D], cl
[ebx+41], cl
[edx], al
:0041CC26 F8E24100
:0041CC2A 40E34100
DWORD 0041E2F8
DWORD 0041E340
:0041CC2E
:0041CC2F
:0041CC30
:0041CC31
:0041CC33
:0041CC35
:0041CC36
:0041CC37
:0041CC38
:0041CC39
:0041CC3B
:0041CC3C
:0041CC3D
:0041CC40
:0041CC41
:0041CC42
:0041CC43
:0041CC45
:0041CC46
:0041CC47
:0041CC48
push cs
push esp
inc edx
jne 0041CCA7
je 0041CCA4
outsb
inc ebx
outsd
outsb
je 0041CCAD
outsd
insb
inc esp
int 03
inc ecx
push cs
push esp
inc edx
jne 0041CCBE
0E
54
42
7574
746F
6E
43
6F
6E
7472
6F
6C
8D4000
44
CC
41
0007
0E
54
42
7574
:0041CC4A
:0041CC4C
:0041CC4D
:0041CC4E
:0041CC4F
:0041CC50
:0041CC52
:0041CC53
746F
6E
43
6F
6E
7472
6F
6C
je 0041CCBB
outsb
inc ebx
outsd
outsb
je 0041CCC4
outsd
insb
:0041CC54 60CB4100
:0041CC58 7CFD4100
DWORD 0041CB60
DWORD 0041FD7C
:0041CC5C 0900
:0041CC5E 085374
:0041CC61 64

BYTE 064h
:0041CC62
:0041CC63
:0041CC65
:0041CC66
inc ebx
je 0041CCD7
insb
jnb 0041CC68
43
7472
6C
7300
|:0041CC66(C)
|
:0041CC68 008D4000B8CC
:0041CC6E 41
:0041CC6F 00000000000000000000
:0041CC79 000000
:0041CC7C B4CD
:0041CC7E 41
:0041CC7F 000000000000000000
mov ah, CD
inc ecx
BYTE 9 DUP(0)
:0041CC88 7CCD4100
:0041CC8C A8CD4100
DWORD 0041CD7C
DWORD 0041CDA8
:0041CC90
:0041CC91
:0041CC93
:0041CC96
:0041CC97
:0041CC9A
:0041CC9B
:0041CC9E
:0041CC9F
:0041CCA1
clc
add byte ptr [ebx+8*ecx], dl
inc ecx
inc ecx
inc eax
BYTE 02eh
F8
0100
0014CB
41
00681C
41
00342E
40
0038
2E
:0041CCA2 40
:0041CCA3 003C2E
:0041CCA6 40
add byte ptr [ebp+CCB80040], cl

inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
inc eax
inc eax

|:0041CC31(C)
|
:0041CCA7 00906B4200B4
|:0041CC39(C)
|
:0041CCAD 2B4000
:0041CCB0 C82B4000
:0041CCB4 54
:0041CCB5 53
:0041CCB6 42
:0041CCB7 00B89A420068
:0041CCBD 44

enter 402B, 00
push esp
push ebx
inc edx
inc esp

|:0041CC48(C)
|
:0041CCBE 42
inc edx
:0041CCBF 0008
:0041CCC1 D24000
|:0041CC50(C)
|
:0041CCC4 3C4F
cmp al, 4F
|:0041CC60(C)
|
:0041CCC6 42
:0041CCC7 00DC
:0041CCC9 27
:0041CCCA 42
:0041CCCB 00FC
:0041CCCD 54
:0041CCCE 42
:0041CCCF 0028
:0041CCD1 2F
:0041CCD2 42
:0041CCD3 00801C4100C4
:0041CCD9 184100
:0041CCDC BC184100
:0041CCE0 881C4100
:0041CCE4 C8E34100
DWORD 004118BC
DWORD 00411C88
DWORD 0041E3C8
:0041CCE8
:0041CCEE
:0041CCEF
:0041CCF1
:0041CCF8
:0041CCFA
:0041CCFB
:0041CCFD
:0041CD00
:0041CD07
:0041CD0E
:0041CD0F
:0041CD12
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
add al, cl
pop [edx+00]
inc edx
inc edx
8C914200C095
42
00E8
9A4200149A4200
A88F
42
00C8
8F4200
DC8C4200B82542
00BC2542000051
42
002C51
42
inc edx
add ah, bl
daa
inc edx
add ah, bh
push esp
inc edx
das
inc edx
:0041CD13
:0041CD16
:0041CD17
:0041CD19
:0041CD1C
:0041CD1E
:0041CD1F
:0041CD23
:0041CD25
:0041CD28
:0041CD29
:0041CD2B
:0041CD31
:0041CD34
:0041CD35
:0041CD38
:0041CD3A
:0041CD3B
:0041CD3D
:0041CD40
:0041CD42
:0041CD43
:0041CD47
:0041CD49
001427
42
00D8
304200
1030
42
00743342
0038
324200
50
E341
00B051420074
8D4200
F0
8D4200
1C89
42
00D4
8D4200
7455
42
004C5A42
00C4
65

inc edx
add al, bl
inc edx
push eax
jcxz 0041CD6C
lock
sbb al, 89
inc edx
add ah, dl
je 0041CD97
inc edx
add ah, al
BYTE 065h
:0041CD4A
:0041CD4B
:0041CD4D
:0041CD4F
:0041CD56
:0041CD57
:0041CD59
42
00DC
E441
008464420018E5
41
0020
65
inc edx
add ah, bl
in al, 41
add byte ptr [esp-1AE7FFBE], al
inc ecx
BYTE 065h
:0041CD5A 42
:0041CD5B 00C8
:0041CD5D 64
inc edx
add al, cl
BYTE 064h
:0041CD5E
:0041CD5F
:0041CD62
:0041CD63
:0041CD65
:0041CD66
:0041CD67
:0041CD6E
:0041CD6F
:0041CD72
:0041CD73
:0041CD77
:0041CD7B
:0041CD7D
:0041CD83
:0041CD85
:0041CD8A
inc edx
inc edx
add al, al
insd
inc edx
inc edx
add byte ptr [eax-1D], cl
inc ecx
add byte ptr [ebx+41], cl
add byte ptr [esp+41], dl
add byte ptr [07B006B0], al
mov al, 11
mov ebp, FFEC0014
iret
42
00148F
42
00C0
6D
42
008C8B4200808E
42
0048E3
41
004CE341
0054E441
0007
0005B006B007
B011
BD1400ECFF
CF
:0041CD8B FF44E541
inc [ebp+41]
:0041CD8F 00ACE541002CE6
:0041CD96 41
add byte ptr [ebp-19D3FFBF], ch

inc ecx
|:0041CD40(C)
|
:0041CD97 0030
:0041CD99 E541
:0041CD9B 0080E641002C
:0041CDA1 E441
:0041CDA3 0050E4
:0041CDA6 41
:0041CDA7 0007
:0041CDA9 54
:0041CDAA 42
:0041CDAB 7574
:0041CDAD 746F
:0041CDAF 6E
:0041CDB0 B4CD
:0041CDB2 41
:0041CDB3 0007
:0041CDB5 07
:0041CDB6 54
:0041CDB7 42
:0041CDB8 7574
:0041CDBA 746F
:0041CDBC 6E
:0041CDBD B8CC4100
:0041CDC1 40CC4100
DWORD 0041CCB8
DWORD 0041CC40
:0041CDC5 2D00085374
:0041CDCA 64
sub eax, 74530800

BYTE 064h
:0041CDCB
:0041CDCC
:0041CDCE
:0041CDCF
:0041CDD1
:0041CDD4
:0041CDD5
:0041CDD8
:0041CDD9
:0041CDDF
43
7472
6C
7324
0034C1
40
007026
42
008026420001
000000000000
inc ebx
je 0041CE40
insb
jnb 0041CDF5
add byte ptr [ecx+8*eax], dh
inc eax
inc edx
BYTE 6 DUP(0)
:0041CDE5
:0041CDE8
:0041CDEE
:0041CDF2
:0041CDF3
:0041CDF4
800000
008009000641
6374696F
6E
54
ED

outsb
push esp
in ax, dx
add byte ptr

in ax, 41
add byte ptr
in al, 41
add byte ptr
inc ecx
add byte ptr
push esp
inc edx
jne 0041CE21
je 0041CE1E
outsb
mov ah, CD
inc ecx
add byte ptr
pop es
push esp
inc edx
jne 0041CE2E
je 0041CE2B
outsb
[eax], dh
[eax+2C0041E6], al
[eax-1C], dl
[edi], al
[edi], al

|:0041CDCF(C)
|
:0041CDF5 41
inc ecx
:0041CDF6 006000
:0041CDF9
:0041CDFB
:0041CDFC
:0041CDFE
:0041CDFF
:0041CE00
00FF
60
0000
FF
FC
26
add bh, bh
pushad
BYTE 0ffh
cld
BYTE 026h
:0041CE01 42
:0041CE02 00000000
inc edx
BYTE 4 DUP(0)
:0041CE06
:0041CE09
:0041CE0B
:0041CE0D
:0041CE0E
:0041CE0F
:0041CE10
:0041CE13
:0041CE15
:0041CE16
:0041CE17
:0041CE18
:0041CE1B
:0041CE1D

pop es
inc ecx
outsb
jb 0041CE88
push esp
scasd
inc eax
add byte ptr [edi+00], cl
add bh, bh
insb
800300
0000
0A00
07
41
6E
63686F
7273
54
AF
40
004F00
00FF
6C

|:0041CDAD(C)
|
:0041CE1E 0000
:0041CE20 FEC0
inc al
:0041CE22 324200
:0041CE25 000000
BYTE 3 DUP(0)
:0041CE28 800000
|:0041CDBA(C)
|
:0041CE2B 00800B000842
:0041CE31 6944694D6F646500
:0041CE39 104000
:0041CE3C F1
:0041CE3D 0100
:0041CE3F FFF1
:0041CE41 0100
:0041CE43 FF01
:0041CE45 000000000000
:0041CE4B
:0041CE4E
:0041CE50
:0041CE52
:0041CE53
:0041CE54
:0041CE55
:0041CE56

or al, 00
push es
inc ebx
popad
outsb
arpl dword ptr [ebp+6C], esp
800000
0000
0C00
06
43
61
6E
63656C
add byte ptr [eax+4208000B], al

BYTE 0f1h
push ecx
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041CE59
:0041CE5B
:0041CE5C
:0041CE63
:0041CE64
:0041CE6B
:0041CE71
:0041CE76
:0041CE78
:0041CE7F
:0041CE84
:0041CE86
08ED
41
00A4314200D431
42
009C4E42000000
008000000080
0D00074361
7074
696F6E00EE4100
680000FF68
0000
FF01
or ch, ch
inc ecx
inc edx
add byte ptr [esi+2*ecx+00000042], bl
or eax, 61430700
jo 0041CEEC
imul ebp, dword ptr [edi+6E], 0041EE00
push 68FF0000
inc dword ptr [ecx]
|:0041CE13(C)
|
:0041CE88 000000000000
:0041CE8E 800000
:0041CE91 00800E000B43
:0041CE97 6F
:0041CE98 6E
:0041CE99 7374
:0041CE9B 7261
:0041CE9D 696E7473001040
:0041CEA4 00F0
:0041CEA6 0100
:0041CEA8 FFA8E4410001
:0041CEAE 000000000000
:0041CEB4
:0041CEB7
:0041CEB9
:0041CEBC
:0041CEBD
:0041CEC0
:0041CEC2
:0041CEC4
:0041CEC9
:0041CECB
:0041CECC
:0041CECE
:0041CED0

sldt dword ptr [edi]
inc esp
popa
jne 0041CF2E
je 0041CE74
call 00AFCF0A
add bh, bh
outsb
inc dword ptr [ecx]
BYTE 6 DUP(0)
800000
0000
0F0007
44
656661
756C
74B0
E841006E00
00FF
6E
0000
FF01
000000000000
BYTE 6 DUP(0)
add byte ptr [eax+430B000E], al
outsd
outsb
jnb 0041CF0F
jb 0041CEFE
add al, dh
jmp far dword ptr [eax+010041E4]
BYTE 6 DUP(0)
:0041CED6 80F4FF
:0041CED9 FFFF
xor ah, FF
BYTE 2 DUP(0ffh)
:0041CEDB
:0041CEDD
:0041CEE1
:0041CEE3
:0041CEE5
:0041CEE7
:0041CEE9
:0041CEEA
:0041CEEB
:0041CEF1
:0041CEF3

inc ebx
jne 0041CF57
jnb 0041CF56
jb 0041CEAD
in al, dx
inc ecx
inc dword ptr [ecx]
1000
0A447261
6743
7572
736F
72C4
EC
41
00870000FF87
0000
FF01
:0041CEF5 000000000000
BYTE 6 DUP(0)
:0041CEFB 800000
|:0041CE9B(C)
|
:0041CEFE 0000
:0041CF00 1100
:0041CF02 08447261
:0041CF06 674B
:0041CF08 696E6490EC4100
|:0041CE99(C)
|
:0041CF0F 4D
:0041CF10 0000
:0041CF12 FF5C0000
:0041CF16 FE01
:0041CF18 000000000000
:0041CF1E
:0041CF21
:0041CF23
:0041CF25
:0041CF29
:0041CF2B
:0041CF2C
800000
0000
1200
08447261
674D
6F
64

dec ebp
outsd
BYTE 064h
:0041CF2D
:0041CF30
:0041CF31
:0041CF34
:0041CF36
:0041CF37
:0041CF39
:0041CF3A
:0041CF3F
:0041CF41
:0041CF44
:0041CF46
:0041CF48
:0041CF49
:0041CF4A
:0041CF4B
:0041CF4C
:0041CF50
:0041CF52
:0041CF53
650010
40
005000
00FE
60
0000
FE
BC4E420000
0000
800100
0000
1300
07
45
6E
61
626C6564
3429
41
005800

inc eax
add dh, bh
pushad
BYTE 0feh
mov esp, 0000424E
pop es
inc ebp
outsb
popad
xor al, 29
inc ecx

dec ebx
dec ebp
call far [eax+eax]
inc byte ptr [ecx]
BYTE 6 DUP(0)

|:0041CEE5(C)
|
:0041CF56 00FF
add bh, bh
:0041CF58 90
nop
:0041CF59 324200
:0041CF5C
:0041CF61
:0041CF63
:0041CF66
:0041CF6C
:0041CF6D
:0041CF6E
:0041CF70
:0041CF71
:0041CF72
:0041CF74
:0041CF76
:0041CF78
:0041CF7A
:0041CF7C
A032420000
0000
800000
008014000446
6F
6E
7478
4F
43
00F4
0100
FFF4
0100
FF01
000000000000

outsd
outsb
je 0041CFE8
dec edi
inc ebx
add ah, dh
push esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041CF82
:0041CF85
:0041CF87
:0041CF8C
800000
0000
15000B4D6F
64

adc eax, 6F4D0B00
BYTE 064h
:0041CF8D
:0041CF8E
:0041CF8F
:0041CF90
61
6C
52
65
popad
insb
push edx
BYTE 065h
:0041CF91 7375
:0041CF93 6C
:0041CF94 7400
jnb 0041D008
insb
je 0041CF96
|:0041CF94(C)
|
:0041CF96 104000
:0041CF99 50
:0041CF9A 0000
:0041CF9C FF6800
:0041CF9F 00FE
:0041CFA1 0100
:0041CFA3 0000000000
:0041CFA8
:0041CFAB
:0041CFAD
:0041CFAE
:0041CFB0
:0041CFB1
:0041CFB2
:0041CFB4
:0041CFB5
:0041CFB7
:0041CFBF
:0041CFC2
:0041CFC3
:0041CFC5
:0041CFC7

push ss
push eax
popad
jb 0041D019
outsb
je 0041CFF9
dec ecx
dec eax
800100
0000
16
000E
50
61
7265
6E
7442
6944694D6F646500
104000
49
0000
FFC8
324200

push eax
jmp far [eax+00]
add dh, bh
BYTE 5 DUP(0)
:0041CFCA 0100
:0041CFCC 0000000000

BYTE 5 DUP(0)
:0041CFD1
:0041CFD4
:0041CFD6
:0041CFD7
:0041CFD9
:0041CFDA
:0041CFDB
:0041CFDD
:0041CFDE
:0041CFE0
:0041CFE1
:0041CFE2

pop ss
push eax
popad
jb 0041D042
outsb
je 0041D026
outsd
outsb
je 0041CFE4
800100
0000
17
000A
50
61
7265
6E
7446
6F
6E
7400
|:0041CFE2(C)
|
:0041CFE4 104000
:0041CFE7 8600
:0041CFE9 00FF
:0041CFEB 0C33
:0041CFED 42
:0041CFEE 0001
:0041CFF0 000000000000
:0041CFF6 800100
|:0041CFB5(C)
|
:0041CFF9 0000
:0041CFFB 1800
:0041CFFD 0E
:0041CFFE 50
:0041CFFF 61
:0041D000 7265
:0041D002 6E
:0041D003 7453
:0041D005 686F774869
:0041D00A 6E
:0041D00B 7438
:0041D00D 0443
:0041D00F 007000
:0041D012 00FF
:0041D014 5C
:0041D015 314200
:0041D018 0100
:0041D01A 0000000000
:0041D01F
:0041D022
:0041D028
:0041D029
:0041D02B
:0041D02D

outsd
jo 0041D0A0
jo 0041D07A
BYTE 065h
800000
008019000950
6F
7075
704D
65

add bh, bh
or al, 33
inc edx
BYTE 6 DUP(0)

push cs
push eax
popad
jb 0041D067
outsb
je 0041D058
push 6948776F
outsb
je 0041D045
add al, 43
add bh, bh
pop esp
BYTE 5 DUP(0)
:0041D02E 6E
:0041D02F 7500
outsb
jne 0041D031
|:0041D02F(C)
|
:0041D031 104000
:0041D034 8500
:0041D036 00FF
:0041D038 E8324200B4
:0041D03D 324200
:0041D040 000000
:0041D043
:0041D046
:0041D04C
:0041D051
:0041D052
:0041D054
:0041D055
:0041D056
:0041D05D
:0041D05E
:0041D060

push 6948776F
outsb
je 0041D044
in al, dx
inc ecx
inc edx
BYTE 6 DUP(0)
800000
00801A000853
686F774869
6E
74F0
EC
41
00949042001491
42
0001
000000000000

add bh, bh
call B442126F
BYTE 3 DUP(0)
:0041D066 80FFFF
:0041D069 FFFF
cmp bh, FF
BYTE 2 DUP(0ffh)
:0041D06B
:0041D06D
:0041D071
:0041D072
:0041D074

or byte ptr [ecx+62], dl
dec edi
jb 0041D0D8
BYTE 065h
1B00
08546162
4F
7264
65
:0041D075 7200
jb 0041D077

|:0041D075(C)
|
:0041D077 104000
|:0041D02B(C)
|
:0041D07A 7801
:0041D07C 00FF
:0041D07E 2C91
:0041D080 42
:0041D081 0001
:0041D083 000000000000
:0041D089 800100
:0041D08C 0000

js 0041D07D
add bh, bh
sub al, 91
inc edx
BYTE 6 DUP(0)
:0041D08E
:0041D090
:0041D091
:0041D092
:0041D093
:0041D096
:0041D097
1C00
07
54
61
625374
6F
7000
sbb al, 00
pop es
push esp
popad
outsd
jo 0041D099
|:0041D097(C)
|
:0041D099 104000
:0041D09C 47
:0041D09D 0000
:0041D09F FF94304200FC4E
:0041D0A6 42
:0041D0A7 00000000
:0041D0AB
:0041D0AE
:0041D0B0
:0041D0B5
:0041D0B7
:0041D0BB
:0041D0BC
:0041D0BD
:0041D0C0
:0041D0C2
:0041D0C4
:0041D0C6
:0041D0C8
:0041D0C9
800100
0000
1D00075669
7369
626C65F0
AF
40
000401
00FF
0401
00FF
1C4F
42
00000000

sbb eax, 69560700
jnb 0041D120
bound ebp, dword ptr [ebp-10]
scasd
inc eax
add bh, bh
add al, 01
add bh, bh
sbb al, 4F
inc edx
BYTE 4 DUP(0)
:0041D0CD
:0041D0D0
:0041D0D6
:0041D0D7
800000
00801E00074F
6E
43

outsb
inc ebx

inc edi
call dword ptr [eax+esi+4EFC0042]
inc edx
BYTE 4 DUP(0)
|:0041D072(C)
|
:0041D0D8 6C
:0041D0D9 69636B50F04100
:0041D0E0 CC
:0041D0E1 0000
:0041D0E3 FFCC
:0041D0E5 0000
:0041D0E7 FF01
:0041D0E9 000000000000
:0041D0EF
:0041D0F2
:0041D0F8
:0041D0F9
:0041D0FA
:0041D0FC
:0041D0FE

add byte ptr [eax+4F0A001F], al
outsb
inc esp
jb 0041D15D
inc esp
jb 0041D16F
800000
00801F000A4F
6E
44
7261
6744
726F
insb
int 03
dec esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041D100 70E0
:0041D102 EF
jo 0041D0E2
out dx, ax
|:0041D125(C)
|
:0041D103 41
:0041D104 00D4
:0041D106 0000
:0041D108 FFD4
:0041D10A 0000
:0041D10C FF01
:0041D10E 000000000000
:0041D114
:0041D117
:0041D11D
:0041D11E
:0041D11F
:0041D121
:0041D123
:0041D125
:0041D127
:0041D128
:0041D129
:0041D12B
:0041D12D
:0041D12F
:0041D131
:0041D133
800000
008020000A4F
6E
44
7261
674F
7665
72DC
F0
41
00EC
0000
FFEC
0000
FF01
000000000000

outsb
inc esp
jb 0041D182
dec edi
jbe 0041D18A
jb 0041D103
lock
inc ecx
add ah, ch
jmp far esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041D139
:0041D13C
:0041D142
:0041D143
:0041D144
:0041D145
800000
00802100094F
6E
45
6E
64

outsb
inc ebp
outsb
BYTE 064h
:0041D146
:0041D147
:0041D148
:0041D14B
:0041D14C
:0041D14D
:0041D14F
:0041D151
:0041D152
:0041D153
:0041D155
:0041D157
44
6F
636BDC
F0
41
00FC
0000
FF
FC
0000
FF01
000000000000
inc esp
outsd
lock
inc ecx
add ah, bh
BYTE 0ffh
cld
inc dword ptr [ecx]
BYTE 6 DUP(0)
inc ecx
add ah, dl
call esp
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:0041D0FA(C)
|
:0041D15D 800000
:0041D160
:0041D166
:0041D167
:0041D168
:0041D169
00802200094F
6E
45
6E
64

outsb
inc ebp
outsb
BYTE 064h
:0041D16A 44
:0041D16B 7261
:0041D16D 67F0
inc esp
jb 0041D1CE
lock
|:0041D0FE(C)
|
:0041D16F AF
:0041D170 40
:0041D171 00980100FF98
:0041D177 0100
:0041D179 FF01
:0041D17B 000000000000

scasd
inc eax
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:0041D18F(C)
|
:0041D181 800000
:0041D184 00802300074F
|:0041D123(C)
|
:0041D18A 6E
:0041D18B 45
:0041D18C 6E
:0041D18D 7465
:0041D18F 72F0
:0041D191 AF
:0041D192 40
:0041D193 00A00100FFA0
:0041D199 0100
:0041D19B FF01
:0041D19D 000000000000
:0041D1A3
:0041D1A6
:0041D1AC
:0041D1AD
:0041D1AE
:0041D1B0
:0041D1B2
:0041D1B3
:0041D1B4
:0041D1BA
:0041D1BC
:0041D1BE

outsb
inc ebp
js 0041D219
je 0041D222
out dx, ax
inc ecx
inc dword ptr [ecx]
BYTE 6 DUP(0)
800000
00802400064F
6E
45
7869
7470
EF
41
00B00100FFB0
0100
FF01
000000000000
:0041D1C4 800000
outsb
inc ebp
outsb
je 0041D1F4
jb 0041D181
scasd
inc eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041D1C7 00802500094F
:0041D1CD 6E

outsb

|:0041D16B(C)
|
:0041D1CE 4B
dec ebx
:0041D1CF 65
BYTE 065h
:0041D1D0
:0041D1D2
:0041D1D3
:0041D1D5
:0041D1D7
:0041D1D8
:0041D1DE
:0041D1E0
:0041D1E2
7944
6F
776E
B0EF
41
00B80100FFB8
0100
FF01
000000000000
jns 0041D216
outsd
ja 0041D243
mov al, EF
inc ecx
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041D1E8 800000
|:0041D1FA(C)
|
:0041D1EB 008026000A4F
:0041D1F1 6E
:0041D1F2 4B
:0041D1F3 65
|:0041D18D(C)
|
:0041D1F4 7950
:0041D1F6 7265
:0041D1F8 7373
:0041D1FA 70EF
:0041D1FC 41
:0041D1FD 00C0
:0041D1FF 0100
:0041D201 FFC0
:0041D203 0100
:0041D205 FF01
:0041D207 000000000000
:0041D20D 800000
:0041D210 00802700074F


outsb
dec ebx
BYTE 065h
jns 0041D246
jb 0041D25D
jnb 0041D26D
jo 0041D1EB
inc ecx
add al, al
inc eax
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:0041D1D0(C)
|
:0041D216 6E
outsb
:0041D217 4B
dec ebx
:0041D218 65
BYTE 065h
|:0041D1AE(C)
|
:0041D219 7955
:0041D21B 70BC
:0041D21D EE
:0041D21E 41
:0041D21F 00B40000FFB400
:0041D226 00FF
:0041D228 0100
:0041D22A 0000000000
:0041D22F
:0041D232
:0041D238
:0041D239
:0041D23A
:0041D23B
:0041D23D
800000
008028000B4F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 0041D2B0
BYTE 065h
:0041D23E
:0041D23F
:0041D240
:0041D242
:0041D244
:0041D245
:0041D24C
:0041D24E
:0041D250
44
6F
776E
20EF
41
00BC0000FFBC00
00FF
0100
0000000000
inc esp
outsd
ja 0041D2B0
and bh, ch
inc ecx
add bh, bh
BYTE 5 DUP(0)
:0041D255
:0041D258
:0041D25E
:0041D25F
:0041D260
:0041D261
:0041D263
800000
008029000B4F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 0041D2D6
BYTE 065h
:0041D264
:0041D265
:0041D266
:0041D268
4D
6F
7665
BCEE4100C4
dec ebp
outsd
jbe 0041D2CD
mov esp, C40041EE
jns 0041D270
jo 0041D1D9
out dx, al
inc ecx
add bh, bh
BYTE 5 DUP(0)
|:0041D1F8(C)
|
:0041D26D 0000
:0041D26F FFC4
:0041D271 0000
:0041D273 FF01
:0041D275 000000000000
:0041D27B 800000
:0041D27E 00802A00094F


inc esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041D284
:0041D285
:0041D286
:0041D287
:0041D289
6E
4D
6F
7573
65
outsb
dec ebp
outsd
jne 0041D2FC
BYTE 065h
:0041D28A
:0041D28B
:0041D28D
:0041D28E
:0041D28F
:0041D291
:0041D293
:0041D295
:0041D297
:0041D299
55
7050
F2
41
00E4
0000
FFE4
0000
FF01
000000000000
push ebp
jo 0041D2DD
repnz
inc ecx
add ah, ah
jmp esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0041D29F
:0041D2A2
:0041D2A8
:0041D2A9
:0041D2AA
:0041D2AC
:0041D2AE
:0041D2AF
800000
00802B000B4F
6E
53
7461
7274
44
6F

add byte ptr [eax+4F0B002B], al
outsb
push ebx
je 0041D30D
jb 0041D322
inc esp
outsd
|:0041D23B(C), :0041D240(C)
|
:0041D2B0 636B9C
:0041D2B3 F0
:0041D2B4 41
:0041D2B5 00F4
:0041D2B7 0000
:0041D2B9 FFF4
:0041D2BB 0000
:0041D2BD FF01
:0041D2BF 000000000000
:0041D2C5
:0041D2C8
:0041D2CE
:0041D2CF
:0041D2D0
:0041D2D2
:0041D2D4
:0041D2D5
:0041D2D7

add byte ptr [eax+4F0B002C], al
outsb
push ebx
je 0041D333
jb 0041D348
inc esp
jb 0041D338
BYTE 67h
800000
00802C000B4F
6E
53
7461
7274
44
7261
67

lock
inc ecx
add ah, dh
push esp
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:0041E096
|
:0041D2D8 B201
mov dl, 01
:0041D2DA 85C0
test eax, eax
:0041D2DC 740D
je 0041D2EB
|:0041D2E9(C)
|
:0041D2DE 83787000
:0041D2E2 7509
:0041D2E4 8B4024
:0041D2E7 85C0
:0041D2E9 75F3

jne 0041D2ED
test eax, eax
jne 0041D2DE

|:0041D2DC(C)
|
:0041D2EB 33D2
xor edx, edx
|:0041D2E2(C)
|
:0041D2ED 8BC2
mov eax, edx
:0041D2EF C3
ret

|:0044106D
|
:0041D2F0 53
push ebx
:0041D2F1 56
push esi
:0041D2F2 84D2
test dl, dl
:0041D2F4 7408
je 0041D2FE
:0041D2F6 83C4F0
add esp, FFFFFFF0
:0041D2F9 E8065CFEFF
call 00402F04
|:0041D2F4(C)
|
:0041D2FE 8BDA
:0041D300 8BF0
:0041D302 33D2
:0041D304 8BC6
:0041D306 E8C1CC0000
:0041D30B A158D34100
:0041D310 0B4640
:0041D313 894640
:0041D316 BA41000000
:0041D31B 8BC6
:0041D31D E88A560000
|:0041D2AC(C)
|
:0041D322 BA11000000
:0041D327 8BC6
:0041D329 E8A2560000
:0041D32E C6861D01000001
:0041D335 C6862001000001
:0041D33C 8BC6
:0041D33E 84DB
:0041D340 740F
:0041D342 E8155CFEFF
:0041D347 648F0500000000
mov ebx, edx

mov esi, eax
xor edx, edx
mov eax, esi
call 00429FCC
or eax, dword ptr [esi+40]
mov edx, 00000041
mov eax, esi
call 004229AC
mov edx, 00000011

mov eax, esi
call 004229D0
mov byte ptr [esi+0000011D], 01
mov byte ptr [esi+00000120], 01
mov eax, esi
test bl, bl
je 0041D351
call 00402F5C
:0041D34E 83C40C
add esp, 0000000C

|:0041D340(C)
|
:0041D351 8BC6
mov eax, esi
:0041D353 5E
pop esi
:0041D354 5B
pop ebx
:0041D355 C3
ret
:0041D356 0000
BYTE 2 DUP(0)
:0041D358
:0041D359
:0041D35B
:0041D35E
:0041D360
:0041D362
:0041D364
:0041D366
:0041D36B
:0041D36C
:0041D36D
40
0800
005356
8BF2
8BD8
8BD6
8BC3
E8395E0000
5E
5B
C3
inc eax
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 004231A4
pop esi
pop ebx
ret
:0041D36E
:0041D370
:0041D371
:0041D373
:0041D375
:0041D376
:0041D377
:0041D378
:0041D37A
:0041D37C
:0041D37E
:0041D380
:0041D381
:0041D386
:0041D389
:0041D38C
:0041D38F
:0041D391
:0041D393
:0041D399
:0041D39F
:0041D3A1
:0041D3A5
:0041D3A7
:0041D3AE
:0041D3B0
:0041D3B3
:0041D3B6
:0041D3B8
:0041D3BB
:0041D3BF
8BC0
55
8BEC
6A00
53
56
57
8BF1
8BFA
8BD8
33C0
55
68C6D44100
64FF30
648920
8D55FC
8BC3
8B08
FF918C000000
F7C600040000
742D
837DFC00
741A
80BB2001000000
741E
8B45FC
803826
7516
8B45FC
80780100
750D
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov esi, ecx
mov edi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0041D4C6
mov eax, ebx
call dword ptr [ecx+0000008C]
test esi, 00000400
je 0041D3CE
je 0041D3C1
je 0041D3CE
jne 0041D3CE
jne 0041D3CE
|:0041D3A5(C)
|
:0041D3C1 8D45FC
:0041D3C4 BADCD44100
:0041D3C9 E86E66FEFF

mov edx, 0041D4DC
call 00403A3C

|:0041D39F(C), :0041D3AE(C), :0041D3B6(C), :0041D3BF(C)
|
:0041D3CE 80BB2001000000
:0041D3D5 7506
jne 0041D3DD
:0041D3D7 81CE00080000
or esi, 00000800
|:0041D3D5(C)
|
:0041D3DD 8BD6
:0041D3DF 8BC3
:0041D3E1 E86E7D0000
:0041D3E6 8BF0
:0041D3E8 8B5358
:0041D3EB 8B8314010000
:0041D3F1 E88A79FFFF
:0041D3F6 8BC3
:0041D3F8 8B10
:0041D3FA FF5250
:0041D3FD 84C0
:0041D3FF 0F8586000000
:0041D405 6A01
:0041D407 6A01
:0041D409 57

mov edx, esi
mov eax, ebx
call 00425154
mov esi, eax
call 00414D80
mov eax, ebx
call [edx+50]
test al, al
jne 0041D48B
push 00000001
push 00000001
push edi

|
:0041D40A E8098FFEFF
Call 00406318
:0041D40F 8B8314010000
mov eax, dword ptr
:0041D415 8B400C
mov eax, dword ptr
:0041D418 BA14000080
mov edx, 80000014
:0041D41D E8A66BFFFF
call 00413FC8
:0041D422 56
push esi
:0041D423 57
push edi
:0041D424 8B45FC
mov eax, dword ptr
:0041D427 E80866FEFF
call 00403A34
:0041D42C 50
push eax
:0041D42D 8B45FC
mov eax, dword ptr
:0041D430 E8C367FEFF
call 00403BF8
:0041D435 50
push eax
:0041D436 8B8314010000
mov eax, dword ptr
:0041D43C E81F7AFFFF
call 00414E60
:0041D441 50
push eax
|
:0041D442 E8718CFEFF
Call 004060B8
:0041D447 6AFF
push FFFFFFFF
:0041D449 6AFF
push FFFFFFFF
:0041D44B 57
push edi
|
[ebx+00000114]
[eax+0C]
[ebp-04]
[ebp-04]
[ebx+00000114]
:0041D44C
:0041D451
:0041D457
:0041D45A
:0041D45F
:0041D464
:0041D465
:0041D466
:0041D469
:0041D46E
:0041D46F
:0041D472
:0041D477
:0041D478
:0041D47E
:0041D483
E8C78EFEFF
8B8314010000
8B400C
BA10000080
E8646BFFFF
56
57
8B45FC
E8C665FEFF
50
8B45FC
E88167FEFF
50
8B8314010000
E8DD79FFFF
50
Call 00406318
mov eax, dword ptr
mov eax, dword ptr
mov edx, 80000010
call 00413FC8
push esi
push edi
mov eax, dword ptr
call 00403A34
push eax
mov eax, dword ptr
call 00403BF8
push eax
mov eax, dword ptr
call 00414E60
push eax
[ebx+00000114]
[eax+0C]
[ebp-04]
[ebp-04]
[ebx+00000114]

|
:0041D484 E82F8CFEFF
Call 004060B8
:0041D489 EB25
jmp 0041D4B0
|:0041D3FF(C)
|
:0041D48B 56
:0041D48C 57
:0041D48D 8B45FC
:0041D490 E89F65FEFF
:0041D495 50
:0041D496 8B45FC
:0041D499 E85A67FEFF
:0041D49E 50
:0041D49F 8B8314010000
:0041D4A5 E8B679FFFF
:0041D4AA 50

push esi
push edi
call 00403A34
push eax
call 00403BF8
push eax
call 00414E60
push eax

|
:0041D4AB E8088CFEFF
Call 004060B8
|:0041D489(U)
|
:0041D4B0 33C0
xor eax, eax
:0041D4B2 5A
pop edx
:0041D4B3 59
pop ecx
:0041D4B4 59
pop ecx
:0041D4B5 648910
|
:0041D4B8 68CDD44100
push 0041D4CD
|:0041D4CB(U)
|
:0041D4BD 8D45FC
:0041D4C0 E8F362FEFF
:0041D4C5 C3

call 004037B8
ret
:0041D4C6
:0041D4CB
:0041D4CD
:0041D4CE
:0041D4CF
:0041D4D0
:0041D4D1
:0041D4D2
E9AD5DFEFF
EBF0
5F
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
pop
ret
00403278
0041D4BD
edi
esi
ebx
ecx
ebp
:0041D4D3 00
BYTE 0
:0041D4D4 FFFFFFFF
BYTE 4 DUP(0ffh)
:0041D4D8
:0041D4DA
:0041D4DC
:0041D4DE
:0041D4E0
:0041D4E1
:0041D4E2
:0041D4E3
:0041D4E6
:0041D4E8
:0041D4EE
:0041D4F0
:0041D4F5
:0041D4F7
:0041D4F9
:0041D4FC
:0041D4FF
:0041D504
:0041D506
:0041D509
:0041D50E
:0041D512
:0041D514
:0041D516
:0041D519
:0041D51D
:0041D51F
0100
0000
2000
0000
53
56
57
83C4D0
8BF0
8B9E14010000
8BC6
E807020000
84C0
752B
8B5664
8B4314
E88872FFFF
33D2
8B4314
E89A73FFFF
8D542420
8BC6
8B08
FF5144
8D542420
8BC3
E80C76FFFF

push ebx
push esi
push edi
add esp, FFFFFFD0
mov esi, eax
mov eax, esi
call 0041D6FC
test al, al
jne 0041D524
call 0041478C
xor edx, edx
call 004148A8
mov eax, esi
call [ecx+44]
mov eax, ebx
call 00414B30
|:0041D4F7(C)
|
:0041D524 B201
:0041D526 8B4314
:0041D529 E87A73FFFF
:0041D52E 8BD4
:0041D530 8BC6
:0041D532 8B08
:0041D534 FF5144
:0041D537 33C0
:0041D539 8A861F010000
:0041D53F 668B3C45CC254400
:0041D547 6683CF40

mov dl, 01
call 004148A8
mov edx, esp
mov eax, esi
call [ecx+44]
xor eax, eax
mov al, byte ptr [esi+0000011F]
mov di, word ptr [2*eax+004425CC]
or di, 0040
:0041D54B
:0041D54D
:0041D553
:0041D55B
:0041D55E
:0041D565
:0041D567
:0041D568
:0041D569
:0041D56D
:0041D571
:0041D576
:0041D577
:0041D578
:0041D579
:0041D57A
:0041D57C
:0041D582
:0041D586
:0041D588
:0041D58C
:0041D591
:0041D598
:0041D59A
:0041D59D
:0041D5A1
:0041D5A2
:0041D5A4
:0041D5A8
33C0
8A861C010000
660B3C45C4254400
0FB7FF
80BE1E01000000
7464
56
57
8D742408
8D7C2418
B904000000
F3
A5
5F
5E
8BCF
81C900040000
8D542410
8BC6
66BBCDFF
E86358FEFF
80BE1E01000002
7516
8B463C
2B44241C
50
6A00
8D442408
50
xor eax, eax

or di, word ptr [2*eax+004425C4]
movzx edi, di
cmp byte ptr [esi+0000011E], 00
je 0041D5CB
push esi
push edi
lea esi, dword ptr [esp+08]
mov ecx, 00000004
repz
movsd
pop edi
pop esi
mov ecx, edi
or ecx, 00000400
mov eax, esi
mov bx, FFCD
call 00402DF4
jne 0041D5B0
sub eax, dword ptr [esp+1C]
push eax
push 00000000
push eax

|
:0041D5A9 E86A8DFEFF
Call 00406318
:0041D5AE EB1B
jmp 0041D5CB
|:0041D598(C)
|
:0041D5B0 8B463C
:0041D5B3 2B44241C
:0041D5B7 D1F8
:0041D5B9 7903
:0041D5BB 83D000
|:0041D5B9(C)
|
:0041D5BE 50
:0041D5BF 6A00
:0041D5C1 8D442408
:0041D5C5 50
mov
sub
sar
jns
adc
eax, dword ptr [esi+3C]

eax, 1
0041D5BE
eax, 00000000
push eax
push 00000000
push eax

|
:0041D5C6 E84D8DFEFF
Call 00406318
|:0041D565(C), :0041D5AE(U)
|
:0041D5CB 8BD4
mov edx, esp
:0041D5CD
:0041D5CF
:0041D5D1
:0041D5D5
:0041D5DA
:0041D5DD
:0041D5DE
:0041D5DF
:0041D5E0
8BCF
8BC6
66BBCDFF
E81A58FEFF
83C430
5F
5E
5B
C3
mov ecx, edi

mov eax, esi
mov bx, FFCD
call 00402DF4
add esp, 00000030
pop edi
pop esi
pop ebx
ret
:0041D5E1
:0041D5E4
:0041D5E5
:0041D5E7
:0041D5E9
:0041D5EE
:0041D5F0
:0041D5F4
:0041D5F9
:0041D5FA
8D4000
53
8BD8
8BC3
E84E790000
8BC3
66BBCEFF
E8FB57FEFF
5B
C3

push ebx
mov ebx, eax
mov eax, ebx
call 00424F3C
mov eax, ebx
mov bx, FFCE
call 00402DF4
pop ebx
ret
:0041D5FB
:0041D5FC
:0041D5FD
:0041D5FE
:0041D5FF
:0041D602
:0041D604
:0041D608
:0041D60E
:0041D615
:0041D61B
:0041D61F
:0041D621
:0041D623
:0041D626
90
53
56
57
83C4EC
8BF0
F6462002
0F85B4000000
80BE1D01000000
0F84A7000000
8D542404
8BC6
8B08
FF5144
6A00
nop
push ebx
push esi
push edi
add esp, FFFFFFEC
mov esi, eax
test [esi+20], 02
jne 0041D6C2
cmp byte ptr [esi+0000011D], 00
je 0041D6C2
mov eax, esi
call [ecx+44]
push 00000000

|
:0041D628 E81B8BFEFF
Call 00406148
:0041D62D 8BF8
mov edi, eax
:0041D62F 8BD7
mov edx, edi
:0041D631 8B8614010000
:0041D637 E8A478FFFF
call 00414EE0
:0041D63C 33C0
xor eax, eax
:0041D63E 8A861F010000
:0041D644 668B0C45D0254400
mov cx, word ptr [2*eax+004425D0]
:0041D64C 6681C94004
or cx, 0440
:0041D651 0FB7C9
movzx ecx, cx
:0041D654 8D542404
:0041D658 8BC6
mov eax, esi
:0041D65A 66BBCDFF
mov bx, FFCD
:0041D65E E89157FEFF
call 00402DF4
:0041D663 33D2
xor edx, edx
:0041D665 8B8614010000
:0041D66B E87078FFFF
call 00414EE0
:0041D670 57
push edi
:0041D671 6A00
push 00000000

|
:0041D673 E8E88CFEFF
Call 00406360
:0041D678 8B7E30
:0041D67B 8A861C010000
:0041D681 880424
:0041D684 8BC6
mov eax, esi
:0041D686 66BBCFFF
mov bx, FFCF
:0041D68A E86557FEFF
call 00402DF4
:0041D68F 84C0
test al, al
:0041D691 7407
je 0041D69A
:0041D693 8BC4
mov eax, esp
:0041D695 E8162D0000
call 004203B0
|:0041D691(C)
|
:0041D69A 803C2401
:0041D69E 7509
:0041D6A0 8B4638
:0041D6A3 2B44240C
:0041D6A7 03F8
|:0041D69E(C)
|
:0041D6A9 8B44240C
:0041D6AD 50
:0041D6AE 8B442414
:0041D6B2 50
:0041D6B3 8B4E34
:0041D6B6 8BD7
:0041D6B8 8BC6
:0041D6BA 8B18
:0041D6BC FF9380000000
|:0041D608(C), :0041D615(C)
|
:0041D6C2 83C414
:0041D6C5 5F
:0041D6C6 5E
:0041D6C7 5B
:0041D6C8 C3
:0041D6C9
:0041D6CC
:0041D6D2
:0041D6D4
:0041D6DA
:0041D6DC

cmp dl, byte ptr [eax+0000011C]
je 0041D6DF
call [edx+78]
8D4000
3A901C010000
740B
88901C010000
8B10
FF5278
|:0041D6D2(C)
|
:0041D6DF C3
:0041D6E0 53
:0041D6E1 3A901D010000
cmp
jne
mov
sub
add
byte ptr [esp], 01

0041D6A9
edi, eax
mov eax, dword

push eax
mov eax, dword
push eax
mov ecx, dword
mov edx, edi
mov eax, esi
mov ebx, dword
call dword ptr
add
pop
pop
pop
ret
ptr [esp+0C]
ptr [esp+14]
ptr [esi+34]
ptr [eax]
[ebx+00000080]
esp, 00000014
edi
esi
ebx

ret
push ebx
cmp dl, byte ptr [eax+0000011D]
:0041D6E7
:0041D6E9
:0041D6EF
:0041D6F3
740F
88901D010000
66BBCEFF
E8FC56FEFF
je 0041D6F8
mov byte ptr [eax+0000011D], dl
mov bx, FFCE
call 00402DF4

|:0041D6E7(C)
|
:0041D6F8 5B
pop ebx
:0041D6F9 C3
ret
:0041D6FA 8BC0
mov eax, eax

|:0041D4F0 , :0041D738
|
:0041D6FC F6404040
test [eax+40], 40
:0041D700 0F95C0
setne al
:0041D703 3401
xor al, 01
:0041D705 C3
ret
:0041D706
:0041D708
:0041D70E
:0041D710
:0041D712
:0041D713
8BC0
899018010000
85D2
7406
92
E8783EFFFF
mov eax, eax

test edx, edx
je 0041D718
xchg eax,edx
call 00411590
|:0041D710(C)
|
:0041D718 C3
:0041D719 8D4000
:0041D71C 3A9020010000
:0041D722 740B
:0041D724 889020010000
:0041D72A 8B10
:0041D72C FF5278
|:0041D722(C)
|
:0041D72F C3
:0041D730 53
:0041D731 56
:0041D732 8BDA
:0041D734 8BF0
:0041D736 8BC6
:0041D738 E8BFFFFFFF
:0041D73D 3AD8
:0041D73F 7425
:0041D741 84DB
:0041D743 740F
:0041D745 A16CD74100
:0041D74A F7D0
:0041D74C 234640
:0041D74F 894640
:0041D752 EB0B
ret
je 0041D72F
call [edx+78]
ret
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, esi
call 0041D6FC
cmp bl, al
je 0041D766
test bl, bl
je 0041D754
not eax
and eax, dword ptr [esi+40]
jmp 0041D75F
|:0041D743(C)
|
:0041D754 A16CD74100
:0041D759 0B4640
:0041D75C 894640

or eax, dword ptr [esi+40]

|:0041D752(U)
|
:0041D75F 8BC6
mov eax, esi
:0041D761 8B10
:0041D763 FF5278
call [edx+78]
|:0041D73F(C)
|
:0041D766 5E
pop esi
:0041D767 5B
pop ebx
:0041D768 C3
ret
:0041D769 000000
BYTE 3 DUP(0)
:0041D76C 40
:0041D76D 000000
inc eax
BYTE 3 DUP(0)
:0041D770
:0041D776
:0041D778
:0041D77E
:0041D780
cmp dl, byte ptr [eax+0000011E]

je 0041D783
mov byte ptr [eax+0000011E], dl
call [edx+78]
3A901E010000
740B
88901E010000
8B10
FF5278

|:0041D776(C)
|
:0041D783 C3
ret
|:0044108E
|
:0041D784 53
push ebx
:0041D785 56
push esi
:0041D786 8BF0
mov esi, eax
:0041D788 3A961F010000
cmp dl, byte ptr [esi+0000011F]
:0041D78E 7418
je 0041D7A8
:0041D790 88961F010000
mov byte ptr [esi+0000011F], dl
:0041D796 8BC6
mov eax, esi
:0041D798 66BBCEFF
mov bx, FFCE
:0041D79C E85356FEFF
call 00402DF4
:0041D7A1 8BC6
mov eax, esi
:0041D7A3 8B10
:0041D7A5 FF5278
call [edx+78]
|:0041D78E(C)
|
:0041D7A8 5E
:0041D7A9 5B
:0041D7AA C3
pop esi
pop ebx
ret
:0041D7AB
:0041D7AC
:0041D7AD
:0041D7AE
:0041D7AF
:0041D7B1
:0041D7B3
:0041D7B5
:0041D7B7
:0041D7B9
:0041D7BB
:0041D7C0
:0041D7C3
:0041D7C5
:0041D7CB
:0041D7CD
:0041D7CF
nop
push ebx
push esi
push edi
mov ebx, ecx
mov esi, edx
mov edi, eax
mov ecx, ebx
mov edx, esi
mov eax, edi
call 004227DC
cmp bl, 01
jne 0041D7D5
jne 0041D7D5
xor eax, eax
90
53
56
57
8BD9
8BF2
8BF8
8BCB
8BD6
8BC7
E81C500000
80FB01
7510
3BB718010000
7508
33C0
898718010000
|:0041D7C3(C), :0041D7CB(C)
|
:0041D7D5 5F
:0041D7D6 5E
:0041D7D7 5B
:0041D7D8 C3
:0041D7D9
:0041D7DC
:0041D7DD
:0041D7DF
:0041D7E1
:0041D7E3
:0041D7E6
:0041D7E8
:0041D7EC
:0041D7F1
:0041D7F2
8D4000
53
8BD8
8BC3
8B10
FF5278
8BC3
66BBCEFF
E80356FEFF
5B
C3

push ebx
mov ebx, eax
mov eax, ebx
call [edx+78]
mov eax, ebx
mov bx, FFCE
call 00402DF4
pop ebx
ret
:0041D7F3
:0041D7F4
:0041D7F5
:0041D7F6
:0041D7F8
:0041D7FA
:0041D7FF
:0041D801
:0041D805
:0041D80A
:0041D80B
:0041D80C
90
53
56
8BF0
8BC6
E8F9720000
8BC6
66BBCEFF
E8EA55FEFF
5E
5B
C3
nop
push ebx
push esi
mov esi, eax
mov eax, esi
call 00424AF8
mov eax, esi
mov bx, FFCE
call 00402DF4
pop esi
pop ebx
ret
:0041D80D 8D4000
pop edi
pop esi
pop ebx
ret
:0041D810
:0041D811
:0041D813
:0041D815
:0041D816
:0041D817
:0041D819
:0041D81B
:0041D81D
:0041D81E
:0041D823
:0041D826
:0041D829
:0041D830
:0041D832
:0041D834
:0041D836
:0041D839
:0041D83B
:0041D83D
:0041D844
:0041D846
:0041D849
:0041D84B
:0041D850
:0041D853
:0041D857
:0041D85C
:0041D85E
:0041D860
:0041D866
:0041D868
:0041D86D
:0041D86F
:0041D871
:0041D873
:0041D875
:0041D87B
55
8BEC
6A00
53
56
8BF2
8BD8
33C0
55
6898D84100
64FF30
648920
83BB1801000000
7450
8BC3
8B10
FF5250
84C0
7445
80BB2001000000
743C
8D55FC
8BC3
E854590000
8B55FC
668B4604
E814930100
84C0
7422
8B9B18010000
8BC3
E8D3B50000
84C0
7411
8BC3
8B10
FF92B4000000
C7460C01000000
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0041D898
cmp dword ptr [ebx+00000118], 00000000
je 0041D882
mov eax, ebx
call [edx+50]
test al, al
je 0041D882
je 0041D882
mov eax, ebx
call 004231A4
call 00436B70
test al, al
je 0041D882
mov eax, ebx
call 00428E40
test al, al
je 0041D882
mov eax, ebx
call dword ptr [edx+000000B4]
mov [esi+0C], 00000001

|:0041D830(C), :0041D83B(C), :0041D844(C), :0041D85E(C), :0041D86F(C)
|
:0041D882 33C0
xor eax, eax
:0041D884 5A
pop edx
:0041D885 59
pop ecx
:0041D886 59
pop ecx
:0041D887 648910
|
:0041D88A 689FD84100
push 0041D89F
|:0041D89D(U)
|
:0041D88F 8D45FC
:0041D892 E8215FFEFF
:0041D897 C3

call 004037B8
ret
:0041D898
:0041D89D
:0041D89F
:0041D8A0
:0041D8A1
:0041D8A2
:0041D8A3
E9DB59FEFF
EBF0
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
ret
:0041D8A4
:0041D8A5
:0041D8A6
:0041D8A8
:0041D8AA
:0041D8AD
53
56
84D2
7408
83C4F0
E85256FEFF
push ebx
push esi
test dl, dl
je 0041D8B2
add esp, FFFFFFF0
call 00402F04
|:0041D8A8(C)
|
:0041D8B2 8BDA
:0041D8B4 8BF0
:0041D8B6 33D2
:0041D8B8 8BC6
:0041D8BA E8B1790000
:0041D8BF A18C2B4400
:0041D8C4 803800
:0041D8C7 740A
:0041D8C9 A144D94100
:0041D8CE 894640
:0041D8D1 EB08
00403278
0041D88F
esi
ebx
ecx
ebp

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 00425270
je 0041D8D3
jmp 0041D8DB

|:0041D8C7(C)
|
:0041D8D3 A148D94100
:0041D8D8 894640
|:0041D8D1(U)
|
:0041D8DB BA79000000
:0041D8E0 8BC6
:0041D8E2 E8C5500000
:0041D8E7 BA19000000
:0041D8EC 8BC6
:0041D8EE E8DD500000
:0041D8F3 B201
:0041D8F5 8BC6
:0041D8F7 E830B80000
:0041D8FC 33D2
:0041D8FE 8BC6
:0041D900 E84F5A0000
:0041D905 C686F001000001
:0041D90C C686F301000001
:0041D913 C686F401000001
:0041D91A C686F501000001
:0041D921 8BC6
:0041D923 E88C060000
:0041D928 8BC6
:0041D92A 84DB

mov edx, 00000079
mov eax, esi
call 004229AC
mov edx, 00000019
mov eax, esi
call 004229D0
mov dl, 01
mov eax, esi
call 0042912C
xor edx, edx
mov eax, esi
call 00423354
mov byte ptr [esi+000001F0],
mov eax, esi
call 0041DFB4
mov eax, esi
test bl, bl
01
01
01
01
:0041D92C
:0041D92E
:0041D933
:0041D93A
740F
E82956FEFF
648F0500000000
83C40C
je 0041D93D
call 00402F5C
add esp, 0000000C

|:0041D92C(C)
|
:0041D93D 8BC6
mov eax, esi
:0041D93F 5E
pop esi
:0041D940 5B
pop ebx
:0041D941 C3
ret
:0041D942 0000
BYTE 2 DUP(0)
:0041D944
:0041D946
:0041D948
:0041D94D
:0041D94E
:0041D950
:0041D952
:0041D954
:0041D955
:0041D95A
:0041D95C
:0041D961
test al, 02
mov eax, 53000002
push esi
mov esi, edx
mov ebx, eax
push 00000000
push esi
push 000000C5
mov eax, ebx
call 00428F00
push eax
A802
0000
B802000053
56
8BF2
8BD8
6A00
56
68C5000000
8BC3
E89FB50000
50

|
:0041D962 E8218AFEFF
Call 00406388
:0041D967 5E
pop esi
:0041D968 5B
pop ebx
:0041D969 C3
ret
:0041D96A
:0041D96C
:0041D972
:0041D974
:0041D97A
8BC0
3A90F3010000
740B
8890F3010000
E8F9050000
|:0041D972(C)
|
:0041D97F C3
:0041D980 53
:0041D981 8BD8
:0041D983 3A93F0010000
:0041D989 7414
:0041D98B 8893F0010000
:0041D991 8BC3
:0041D993 E8E0050000
:0041D998 8BC3
:0041D99A E8DD8C0000
mov eax, eax

cmp dl, byte ptr [eax+000001F3]
je 0041D97F
mov byte ptr [eax+000001F3], dl
call 0041DF78
ret
push ebx
mov ebx, eax
cmp dl, byte ptr [ebx+000001F0]
je 0041D99F
mov byte ptr [ebx+000001F0], dl
mov eax, ebx
call 0041DF78
mov eax, ebx
call 0042667C

|:0041D989(C)
|
:0041D99F 5B
:0041D9A0 C3
pop ebx
ret
:0041D9A1
:0041D9A4
:0041D9AA
:0041D9AC
:0041D9B2

je 0041D9B7
call 0042667C
8D4000
3A90F7010000
740B
8890F7010000
E8C58C0000
|:0041D9AA(C)
|
:0041D9B7 C3
:0041D9B8 3A90F5010000
:0041D9BE 740B
:0041D9C0 8890F5010000
:0041D9C6 E8B18C0000
|:0041D9BE(C)
|
:0041D9CB C3
:0041D9CC 53
:0041D9CD 56
:0041D9CE 8BF2
:0041D9D0 8BD8
:0041D9D2 3BB3EC010000
:0041D9D8 741D
:0041D9DA 89B3EC010000
:0041D9E0 8BC3
:0041D9E2 E8F9B80000
:0041D9E7 84C0
:0041D9E9 740C
:0041D9EB 8BD6
:0041D9ED 8BC3
:0041D9EF 8B08
:0041D9F1 FF91B8000000
|:0041D9D8(C), :0041D9E9(C)
|
:0041D9F7 5E
:0041D9F8 5B
:0041D9F9 C3
:0041D9FA
:0041D9FC
:0041DA02
:0041DA04
:0041DA0A
mov eax, eax

je 0041DA0F
call 0042667C
ret
je 0041D9CB
call 0042667C
ret
push ebx
push esi
mov esi, edx
mov ebx, eax
cmp esi, dword ptr [ebx+000001EC]
je 0041D9F7
mov dword ptr [ebx+000001EC], esi
mov eax, ebx
call 004292E0
test al, al
je 0041D9F7
mov edx, esi
mov eax, ebx
call dword ptr [ecx+000000B8]
8BC0
3A90F6010000
740B
8890F6010000
E86D8C0000
pop esi
pop ebx
ret

|:0041DA02(C)
|
:0041DA0F C3
ret
|:0041DF61
|
:0041DA10 53
:0041DA11 56
:0041DA12 8BF0
:0041DA14 8A9EF9010000
:0041DA1A 8BC6
:0041DA1C E8BFB80000
:0041DA21 84C0
:0041DA23 741B
:0041DA25 6A00
:0041DA27 6A00
:0041DA29 68B8000000
:0041DA2E 8BC6
:0041DA30 E8CBB40000
:0041DA35 50
push ebx
push esi
mov esi, eax
mov bl, byte ptr [esi+000001F9]
mov eax, esi
call 004292E0
test al, al
je 0041DA40
push 00000000
push 00000000
push 000000B8
mov eax, esi
call 00428F00
push eax

|
:0041DA36 E84D89FEFF
Call 00406388
:0041DA3B 85C0
test eax, eax
:0041DA3D 0F95C3
setne bl
|:0041DA23(C)
|
:0041DA40 8BC3
mov eax, ebx
:0041DA42 5E
pop esi
:0041DA43 5B
pop ebx
:0041DA44 C3
ret
:0041DA45 8D4000

|:0041DF1E
|
:0041DA48 53
push ebx
:0041DA49 56
push esi
:0041DA4A 8BDA
mov ebx, edx
:0041DA4C 8BF0
mov esi, eax
:0041DA4E 8BC6
mov eax, esi
:0041DA50 E88BB80000
call 004292E0
:0041DA55 84C0
test al, al
:0041DA57 741C
je 0041DA75
:0041DA59 6A00
push 00000000
:0041DA5B 33C0
xor eax, eax
:0041DA5D 8AC3
mov al, bl
:0041DA5F 50
push eax
:0041DA60 68B9000000
push 000000B9
:0041DA65 8BC6
mov eax, esi
:0041DA67 E894B40000
call 00428F00
:0041DA6C 50
push eax
|
:0041DA6D E81689FEFF
Call 00406388
:0041DA72 5E
pop esi
:0041DA73 5B
pop ebx
:0041DA74 C3
ret
|:0041DA57(C)
|
:0041DA75 889EF9010000
:0041DA7B 5E
:0041DA7C 5B
:0041DA7D C3
:0041DA7E
:0041DA80
:0041DA81
:0041DA83
:0041DA85
:0041DA86
:0041DA88
:0041DA8A
:0041DA8B
:0041DA90
:0041DA93
:0041DA96
:0041DA9C
:0041DA9E
:0041DAA4
:0041DAA6
:0041DAAB
:0041DAAD
:0041DAAF
:0041DAB1
:0041DAB3
:0041DAB9
:0041DABA
:0041DABF
:0041DAC1
:0041DAC6
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push ebx
mov ebx, eax
xor eax, eax
push ebp
push 0041DAFD
je 0041DAE7
mov eax, ebx
call 004292E0
test al, al
je 0041DAE7
push 00000000
xor eax, eax
mov al, byte ptr [ebx+000001F1]
push eax
push 000000CC
mov eax, ebx
call 00428F00
push eax
8BC0
55
8BEC
6A00
53
8BD8
33C0
55
68FDDA4100
64FF30
648920
3A93F1010000
7449
8893F1010000
8BC3
E835B80000
84C0
7438
6A00
33C0
8A83F1010000
50
68CC000000
8BC3
E83AB40000
50
mov byte ptr [esi+000001F9], bl

pop esi
pop ebx
ret

|
:0041DAC7 E8BC88FEFF
Call 00406388
:0041DACC 8D55FC
:0041DACF 8BC3
mov eax, ebx
:0041DAD1 E8CE560000
call 004231A4
:0041DAD6 8B45FC
:0041DAD9 E81A61FEFF
call 00403BF8
:0041DADE 8BD0
mov edx, eax
:0041DAE0 8BC3
mov eax, ebx
:0041DAE2 E899560000
call 00423180
|:0041DA9C(C), :0041DAAD(C)
|
:0041DAE7 33C0
:0041DAE9 5A
:0041DAEA 59
:0041DAEB 59
:0041DAEC 648910

xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0041DAEF 6804DB4100
push 0041DB04
|:0041DB02(U)
|
:0041DAF4 8D45FC
:0041DAF7 E8BC5CFEFF
:0041DAFC C3
:0041DAFD
:0041DB02
:0041DB04
:0041DB05
:0041DB06
:0041DB07
E97657FEFF
EBF0
5B
59
5D
C3
jmp
jmp
pop
pop
pop
ret
:0041DB08
:0041DB09
:0041DB0A
:0041DB0C
:0041DB0E
:0041DB14
:0041DB16
:0041DB1C
:0041DB1E
:0041DB23
:0041DB25
:0041DB27
:0041DB29
:0041DB2B
:0041DB2D
:0041DB2E
:0041DB33
:0041DB35
:0041DB3A
53
56
8BDA
8BF0
3A9EF2010000
742A
889EF2010000
8BC6
E8BDB70000
84C0
7419
6A00
33C0
8AC3
50
68CF000000
8BC6
E8C6B30000
50
push ebx
push esi
mov ebx, edx
mov esi, eax
cmp bl, byte ptr [esi+000001F2]
je 0041DB40
mov byte ptr [esi+000001F2], bl
mov eax, esi
call 004292E0
test al, al
je 0041DB40
push 00000000
xor eax, eax
mov al, bl
push eax
push 000000CF
mov eax, esi
call 00428F00
push eax

call 004037B8
ret
00403278
0041DAF4
ebx
ecx
ebp

|
:0041DB3B E84888FEFF
Call 00406388
|:0041DB14(C), :0041DB25(C)
|
:0041DB40 5E
:0041DB41 5B
:0041DB42 C3
:0041DB43
:0041DB44
:0041DB45
:0041DB46
:0041DB48
:0041DB4A
:0041DB4E
:0041DB4F
nop
push ebx
push ecx
mov ebx, eax
push 00000000
push eax
push 000000B0
90
53
51
8BD8
6A00
8D442404
50
68B0000000
pop esi
pop ebx
ret
:0041DB54 8BC3
:0041DB56 E8A5B30000
:0041DB5B 50
mov eax, ebx

call 00428F00
push eax

|
:0041DB5C E82788FEFF
Call 00406388
:0041DB61 8B0424
:0041DB64 5A
pop edx
:0041DB65 5B
pop ebx
:0041DB66 C3
ret
:0041DB67
:0041DB68
:0041DB69
:0041DB6A
:0041DB6C
:0041DB6E
:0041DB6F
:0041DB70
:0041DB75
:0041DB77
:0041DB7C
90
53
56
8BF2
8BD8
56
56
68B1000000
8BC3
E884B30000
50
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
push esi
push esi
push 000000B1
mov eax, ebx
call 00428F00
push eax

|
:0041DB7D E80688FEFF
Call 00406388
:0041DB82 5E
pop esi
:0041DB83 5B
pop ebx
:0041DB84 C3
ret
:0041DB85
:0041DB88
:0041DB89
:0041DB8C
:0041DB8E
:0041DB92
:0041DB93
:0041DB97
:0041DB98
:0041DB9D
:0041DB9F
:0041DBA4
8D4000
53
83C4F8
8BD8
8D442404
50
8D442404
50
68B0000000
8BC3
E85CB30000
50

push ebx
add esp, FFFFFFF8
mov ebx, eax
push eax
push eax
push 000000B0
mov eax, ebx
call 00428F00
push eax

|
:0041DBA5 E8DE87FEFF
Call 00406388
:0041DBAA 8B442404
:0041DBAE 2B0424
:0041DBB1 59
pop ecx
:0041DBB2 5A
pop edx
:0041DBB3 5B
pop ebx
:0041DBB4 C3
ret
:0041DBB5 8D4000
:0041DBB8 53
:0041DBB9 56

push ebx
push esi
:0041DBBA
:0041DBBD
:0041DBBF
:0041DBC1
:0041DBC5
:0041DBC6
:0041DBCA
:0041DBCB
:0041DBD0
:0041DBD2
:0041DBD7
83C4F8
8BF2
8BD8
8D442404
50
8D442404
50
68B0000000
8BC3
E829B30000
50
add esp, FFFFFFF8

mov esi, edx
mov ebx, eax
push eax
push eax
push 000000B0
mov eax, ebx
call 00428F00
push eax

|
:0041DBD8 E8AB87FEFF
Call 00406388
:0041DBDD 033424
add esi, dword ptr [esp]
:0041DBE0 89742404
:0041DBE4 8B442404
:0041DBE8 50
push eax
:0041DBE9 8B442404
:0041DBED 50
push eax
:0041DBEE 68B1000000
push 000000B1
:0041DBF3 8BC3
mov eax, ebx
:0041DBF5 E806B30000
call 00428F00
:0041DBFA 50
push eax
|
:0041DBFB E88887FEFF
Call 00406388
:0041DC00 6A00
push 00000000
:0041DC02 6A00
push 00000000
:0041DC04 68B7000000
push 000000B7
:0041DC09 8BC3
mov eax, ebx
:0041DC0B E8F0B20000
call 00428F00
:0041DC10 50
push eax
|
:0041DC11 E87287FEFF
Call 00406388
:0041DC16 59
pop ecx
:0041DC17 5A
pop edx
:0041DC18 5E
pop esi
:0041DC19 5B
pop ebx
:0041DC1A C3
ret
:0041DC1B
:0041DC1C
:0041DC1D
:0041DC1F
:0041DC24
:0041DC26
:0041DC2B
90
53
8BD8
6834DC4100
8BC3
E8D5B20000
50
nop
push ebx
mov ebx, eax
push 0041DC34
mov eax, ebx
call 00428F00
push eax
* Reference To: user32.SetWindowTextA, Ord:0000h

|
:0041DC2C E8DF87FEFF
Call 00406410
:0041DC31 5B
pop ebx
:0041DC32 C3
ret
:0041DC33 0000000000
BYTE 5 DUP(0)

|:0041E1B2
|
:0041DC38 53
push ebx
:0041DC39 8BD8
mov ebx, eax
:0041DC3B 6AFF
push FFFFFFFF
:0041DC3D 6A00
push 00000000
:0041DC3F 68B1000000
push 000000B1
:0041DC44 8BC3
mov eax, ebx
:0041DC46 E8B5B20000
call 00428F00
:0041DC4B 50
push eax
|
:0041DC4C E83787FEFF
Call 00406388
:0041DC51 5B
pop ebx
:0041DC52 C3
ret
:0041DC53
:0041DC54
:0041DC55
:0041DC57
:0041DC5A
:0041DC5B
:0041DC5C
:0041DC5D
:0041DC5F
:0041DC62
:0041DC64
:0041DC66
:0041DC68
:0041DC6E
:0041DC70
:0041DC72
:0041DC74
:0041DC7A
:0041DC7D
:0041DC7F
:0041DC84
:0041DC85
:0041DC8A
:0041DC8D
:0041DC8F
:0041DC90
:0041DC95
:0041DC98
:0041DC9B
:0041DC9E
:0041DCA3
:0041DCA5
:0041DCA8
:0041DCAA
:0041DCAF
:0041DCB2
90
55
8BEC
83C4F4
53
56
57
8BF9
8955FC
8BD8
8BC3
8B10
FF92C0000000
8BF0
8BC3
8B10
FF92BC000000
8945F8
8BC3
E86C540000
40
E8469EFEFF
8945F4
33C0
55
68DEDC4100
64FF30
648920
8B45F4
E8419EFEFF
8BC8
8B55F4
8BC3
E851540000
3B7DF8
7F04
nop
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
push edi
mov edi, ecx
mov ebx, eax
mov eax, ebx
call dword ptr [edx+000000C0]
mov esi, eax
mov eax, ebx
call dword ptr [edx+000000BC]
mov eax, ebx
call 004230F0
inc eax
call 00407AD0
xor eax, eax
push ebp
push 0041DCDE
call 00407AE4
mov ecx, eax
mov eax, ebx
call 00423100
jg 0041DCB8
:0041DCB4 4F
:0041DCB5 897DF8
dec edi
|:0041DCB2(C)
|
:0041DCB8 8B55F4
:0041DCBB 03D6
:0041DCBD 8B4DF8
:0041DCC0 8B45FC
:0041DCC3 E8B09CFEFF
:0041DCC8 33C0
:0041DCCA 5A
:0041DCCB 59
:0041DCCC 59
:0041DCCD 648910
:0041DCD0 68E5DC4100
|:0041DCE3(U)
|
:0041DCD5 8B45F4
:0041DCD8 E83F9EFEFF
:0041DCDD C3
:0041DCDE
:0041DCE3
:0041DCE5
:0041DCE8
:0041DCE9
:0041DCEA
:0041DCEB
:0041DCED
:0041DCEE
E99555FEFF
EBF0
8B45F8
5F
5E
5B
8BE5
5D
C3
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
:0041DCEF
:0041DCF0
:0041DCF1
:0041DCF3
:0041DCF6
:0041DCF7
:0041DCF8
:0041DCF9
:0041DCFB
:0041DCFD
:0041DCFF
:0041DD01
:0041DD07
:0041DD0A
:0041DD0C
:0041DD0E
:0041DD14
:0041DD16
:0041DD18
:0041DD1A
:0041DD1C
:0041DD21
:0041DD23
90
55
8BEC
83C4F8
53
56
57
8BFA
8BD8
8BC3
8B10
FF92C0000000
8945F8
8BC3
8B10
FF92BC000000
8BF0
8BC7
8BCE
33D2
E87B5BFEFF
85F6
7460
nop
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
mov eax, ebx
mov eax, ebx
mov esi, eax
mov eax, edi
mov ecx, esi
xor edx, edx
call 0040389C
test esi, esi
je 0041DD85

add edx, esi
call 00407978
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041DCE5

call 00407B1C
ret
00403278
0041DCD5
edi
esi
ebx
esp, ebp
ebp
:0041DD25
:0041DD27
:0041DD2C
:0041DD2D
:0041DD32
:0041DD35
:0041DD37
:0041DD38
:0041DD3D
:0041DD40
:0041DD43
:0041DD46
:0041DD4B
:0041DD4D
:0041DD50
:0041DD52
:0041DD57
:0041DD5A
:0041DD5D
:0041DD5F
:0041DD61
:0041DD63
:0041DD68
:0041DD6A
:0041DD6B
:0041DD6C
:0041DD6D
8BC3
E8C4530000
40
E89E9DFEFF
8945FC
33C0
55
687EDD4100
64FF30
648920
8B45FC
E8999DFEFF
8BC8
8B55FC
8BC3
E8A9530000
8B45FC
8B55F8
03C2
8B17
8BCE
E8444AFEFF
33C0
5A
59
59
648910
mov eax, ebx

call 004230F0
inc eax
call 00407AD0
xor eax, eax
push ebp
push 0041DD7E
call 00407AE4
mov ecx, eax
mov eax, ebx
call 00423100
add eax, edx
mov ecx, esi
call 004027AC
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0041DD70 6885DD4100
push 0041DD85
|:0041DD83(U)
|
:0041DD75 8B45FC
:0041DD78 E89F9DFEFF
:0041DD7D C3
:0041DD7E E9F554FEFF
:0041DD83 EBF0
jmp 00403278
jmp 0041DD75

call 00407B1C
ret

|:0041DD23(C)
|
:0041DD85 5F
pop edi
:0041DD86 5E
pop esi
:0041DD87 5B
pop ebx
:0041DD88 59
pop ecx
:0041DD89 59
pop ecx
:0041DD8A 5D
pop ebp
:0041DD8B C3
ret
:0041DD8C
:0041DD8D
:0041DD8E
:0041DD90
:0041DD92
53
56
8BF2
8BD8
8BD6
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
:0041DD94 8BC3
:0041DD96 E84D840000
mov eax, ebx

call 004261E8
* Possible StringData Ref from Code Obj ->"EDIT"

|
:0041DD9B B940DE4100
mov ecx, 0041DE40
:0041DDA0 8BD6
mov edx, esi
:0041DDA2 8BC3
mov eax, ebx
:0041DDA4 E867830000
call 00426110
:0041DDA9 8B4604
:0041DDAC 0DC0000000
or eax, 000000C0
:0041DDB1 33D2
xor edx, edx
:0041DDB3 8A93F0010000
mov dl, byte ptr [ebx+000001F0]
:0041DDB9 0B0495BC254400
or eax, dword ptr [4*edx+004425BC]
:0041DDC0 80BBF101000000
cmp byte ptr [ebx+000001F1], 00
:0041DDC7 0F95C2
setne dl
:0041DDCA 83E27F
and edx, 0000007F
:0041DDCD 0B0495D4254400
or eax, dword ptr [4*edx+004425D4]
:0041DDD4 33D2
xor edx, edx
:0041DDD6 8A93F2010000
:0041DDDC 0B0495DC254400
or eax, dword ptr [4*edx+004425DC]
:0041DDE3 33D2
xor edx, edx
:0041DDE5 8A93F7010000
:0041DDEB 0B0495E4254400
or eax, dword ptr [4*edx+004425E4]
:0041DDF2 33D2
xor edx, edx
:0041DDF4 8A93F5010000
:0041DDFA 0B0495F0254400
or eax, dword ptr [4*edx+004425F0]
:0041DE01 33D2
xor edx, edx
:0041DE03 8A93F6010000
:0041DE09 0B0495F8254400
:0041DE10 894604
:0041DE13 A18C2B4400
:0041DE18 803800
:0041DE1B 7420
je 0041DE3D
:0041DE1D 80BB2C01000000
cmp byte ptr [ebx+0000012C], 00
:0041DE24 7417
je 0041DE3D
:0041DE26 80BBF001000001
:0041DE2D 750E
jne 0041DE3D
:0041DE2F 816604FFFF7FFF
and dword ptr [esi+04], FF7FFFFF
:0041DE36 814E0800020000
or dword ptr [esi+08], 00000200
|:0041DE1B(C), :0041DE24(C), :0041DE2D(C)
|
:0041DE3D 5E
pop esi
:0041DE3E 5B
pop ebx
:0041DE3F C3
ret
:0041DE40
:0041DE41
:0041DE42
:0041DE43
:0041DE44
45
44
49
54
00000000
inc ebp
inc esp
dec ecx
push esp
BYTE 4 DUP(0)
:0041DE48
:0041DE49
:0041DE4A
:0041DE4B
53
56
57
81C474FFFFFF
push ebx
push esi
push edi
add esp, FFFFFF74
:0041DE51
:0041DE53
:0041DE58
:0041DE5C
:0041DE5E
:0041DE63
:0041DE66
:0041DE68
:0041DE6C
:0041DE6E
:0041DE70
:0041DE72
:0041DE77
:0041DE78
:0041DE79
:0041DE81
:0041DE83
:0041DE85
:0041DE8A
:0041DE90
:0041DE92
:0041DE94
:0041DE96
:0041DE98
:0041DE9D
8BD8
A1502D4400
80780800
7447
A14C2D4400
833802
743D
F6420508
7437
8BF2
8BFC
B923000000
F3
A5
81642404FFF7FFFF
8BD4
8BC3
E8FA850000
8B8340010000
85C0
7418
6A00
6A01
68CF000000
50
mov ebx, eax

je 0041DEA5
je 0041DEA5
test [edx+05], 08
je 0041DEA5
mov esi, edx
mov edi, esp
mov ecx, 00000023
repz
movsd
and dword ptr [esp+04], FFFFF7FF
mov edx, esp
mov eax, ebx
call 00426484
test eax, eax
je 0041DEAC
push 00000000
push 00000001
push 000000CF
push eax

|
:0041DE9E E8E584FEFF
Call 00406388
:0041DEA3 EB07
jmp 0041DEAC
|:0041DE5C(C), :0041DE66(C), :0041DE6C(C)
|
:0041DEA5 8BC3
mov eax, ebx
:0041DEA7 E8D8850000
call 00426484
|:0041DE92(C), :0041DEA3(U)
|
:0041DEAC 81C48C000000
:0041DEB2 5F
:0041DEB3 5E
:0041DEB4 5B
:0041DEB5 C3
:0041DEB6
:0041DEB8
:0041DEB9
:0041DEBB
:0041DEBC
:0041DEBF
:0041DEC2
:0041DEC9
:0041DECB
:0041DECC
:0041DED1
:0041DED4
:0041DED7
mov eax, eax

push ebp
mov ebp, esp
push ecx
mov byte ptr [eax+000001F8], 01
xor eax, eax
push ebp
push 0041DEF7
8BC0
55
8BEC
51
8945FC
8B45FC
C680F801000001
33C0
55
68F7DE4100
64FF30
648920
8B45FC
add
pop
pop
pop
ret
esp, 0000008C
edi
esi
ebx
:0041DEDA
:0041DEDF
:0041DEE1
:0041DEE2
:0041DEE3
:0041DEE4
:0041DEE7
E839840000
33C0
5A
59
59
648910
68FEDE4100
call 00426318
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041DEFE
|:0041DEFC(U)
|
:0041DEEC 8B45FC
:0041DEEF C680F801000000
:0041DEF6 C3
:0041DEF7
:0041DEFC
:0041DEFE
:0041DF01
:0041DF07
:0041DF0A
:0041DF0C
:0041DF12
:0041DF15
:0041DF1B
:0041DF1E
:0041DF23
:0041DF26
:0041DF2D
:0041DF2F
:0041DF31
:0041DF34
:0041DF3B
:0041DF3C
:0041DF41
:0041DF44
:0041DF49
jmp 00403278
jmp 0041DEEC
mov edx, dword ptr [eax+000001EC]
mov dl, byte ptr [eax+000001F9]
call 0041DA48
cmp byte ptr [eax+000001F1], 00
je 0041DF4F
push 00000000
movzx eax, byte ptr [eax+000001F1]
push eax
push 000000CC
call 00428F00
push eax
E97C53FEFF
EBEE
8B45FC
8B90EC010000
8B45FC
8B08
FF91B8000000
8B45FC
8A90F9010000
8B45FC
E825FBFFFF
8B45FC
80B8F101000000
7420
6A00
8B45FC
0FB680F1010000
50
68CC000000
8B45FC
E8B7AF0000
50

ret

|
:0041DF4A E83984FEFF
Call 00406388
|:0041DF2D(C)
|
:0041DF4F 8B45FC
:0041DF52 E821000000
:0041DF57 59
:0041DF58 5D
:0041DF59 C3
:0041DF5A
:0041DF5C
:0041DF5D
:0041DF5F
:0041DF61
:0041DF66
:0041DF6C
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 0041DA10
mov byte ptr [ebx+000001F9], al
mov eax, ebx
8BC0
53
8BD8
8BC3
E8AAFAFFFF
8883F9010000
8BC3

call 0041DF78
pop ecx
pop ebp
ret
:0041DF6E E855850000
:0041DF73 5B
:0041DF74 C3
call 004264C8
pop ebx
ret
:0041DF75 8D4000

|:0041D97A , :0041D993 , :0041DF52 , :0041E127
|
:0041DF78 53
push ebx
:0041DF79 8BD8
mov ebx, eax
:0041DF7B 80BBF301000000
:0041DF82 741D
je 0041DFA1
:0041DF84 80BBF001000001
:0041DF8B 7514
jne 0041DFA1
:0041DF8D A1B0DF4100
mov eax, dword ptr [0041DFB0]
:0041DF92 0B4340
or eax, dword ptr [ebx+40]
:0041DF95 894340
:0041DF98 8BC3
mov eax, ebx
:0041DF9A E815000000
call 0041DFB4
:0041DF9F 5B
pop ebx
:0041DFA0 C3
ret
|:0041DF82(C), :0041DF8B(C)
|
:0041DFA1 A1B0DF4100
:0041DFA6 F7D0
:0041DFA8 234340
:0041DFAB 894340
:0041DFAE 5B
:0041DFAF C3
:0041DFB0 00
BYTE 0
:0041DFB1 0200
:0041DFB3 00

BYTE 00h
mov
not
and
mov
pop
ret
eax, dword ptr [0041DFB0]

eax
ebx

|:0041D923 , :0041DF9A , :0041E15E
|
:0041DFB4 53
push ebx
:0041DFB5 56
push esi
:0041DFB6 57
push edi
:0041DFB7 83C490
add esp, FFFFFF90
:0041DFBA 8BF0
mov esi, eax
:0041DFBC 6A00
push 00000000
|
:0041DFBE E88581FEFF
Call 00406148
:0041DFC3 8BD8
mov ebx, eax
:0041DFC5 54
push esp
:0041DFC6 53
push ebx

|
:0041DFC7 E82C7FFEFF
Call 00405EF8
:0041DFCC 8B4658
:0041DFCF E80860FFFF
call 00413FDC
:0041DFD4 50
push eax
:0041DFD5 53
push ebx
|
:0041DFD6 E88D7FFEFF
Call 00405F68
:0041DFDB 8BF8
mov edi, eax
:0041DFDD 8D442438
:0041DFE1 50
push eax
:0041DFE2 53
push ebx
* Reference To: gdi32.GetTextMetricsA,
|
:0041DFE3 E8107FFEFF
Call
:0041DFE8 57
push
:0041DFE9 53
push
Ord:0000h
00405EF8
edi
ebx

|
:0041DFEA E8797FFEFF
Call 00405F68
:0041DFEF 53
push ebx
:0041DFF0 6A00
push 00000000
|
:0041DFF2 E86983FEFF
Call 00406360
:0041DFF7 A18C2B4400
:0041DFFC 803800
:0041DFFF 7422
je 0041E023
:0041E001 80BE2C01000000
:0041E008 7407
je 0041E011
:0041E00A BB08000000
mov ebx, 00000008
:0041E00F EB05
jmp 0041E016
|:0041E008(C)
|
:0041E011 BB06000000
mov ebx, 00000006
|:0041E00F(U)
|
:0041E016 6A06
push 00000006
|
:0041E018 E80382FEFF
Call 00406220
:0041E01D F7EB
imul ebx
:0041E01F 8BD8
mov ebx, eax
:0041E021 EB25
jmp 0041E048
|:0041DFFF(C)
|
:0041E023
:0041E026
:0041E02A
:0041E02C
:0041E02E
8B1C24
8B442438
3BD8
7E02
8BD8
mov
mov
cmp
jle
mov
ebx, dword ptr [esp]

ebx, eax
0041E030
ebx, eax

|:0041E02C(C)
|
:0041E030 6A06
push 00000006
|
:0041E032 E8E981FEFF
Call 00406220
:0041E037 C1E002
shl eax, 02
:0041E03A 85DB
test ebx, ebx
:0041E03C 7903
jns 0041E041
:0041E03E 83C303
add ebx, 00000003
|:0041E03C(C)
|
:0041E041 C1FB02
sar ebx, 02
:0041E044 03C3
add eax, ebx
:0041E046 8BD8
mov ebx, eax
|:0041E021(U)
|
:0041E048 8B542438
:0041E04C 03D3
:0041E04E 8BC6
:0041E050 E87B490000
:0041E055 83C470
:0041E058 5F
:0041E059 5E
:0041E05A 5B
:0041E05B C3
:0041E05C
:0041E05D
:0041E05F
:0041E061
:0041E066
:0041E06E
:0041E070
:0041E072
:0041E078
push ebx
mov ebx, eax
mov eax, ebx
call 00422DB8
cmp word ptr [ebx+000001FE], 0000
je 0041E07E
mov edx, ebx
call dword ptr [ebx+000001FC]
53
8BD8
8BC3
E8524D0000
6683BBFE01000000
740E
8BD3
8B8300020000
FF93FC010000

add edx, ebx
mov eax, esi
call 004229D0
add esp, 00000070
pop edi
pop esi
pop ebx
ret

|:0041E06E(C)
|
:0041E07E 5B
pop ebx
:0041E07F C3
ret
:0041E080 53
:0041E081 56
:0041E082 8BDA
push ebx
push esi
mov ebx, edx
:0041E084
:0041E086
:0041E088
:0041E08B
:0041E08D
:0041E092
:0041E094
:0041E096
:0041E09B
:0041E09D
:0041E09F
8BF0
8B03
83E807
7414
2DFE010000
7529
8BC6
E83DF2FFFF
84C0
7527
EB1C
|:0041E08B(C)
|
:0041E0A1 A14C2D4400
:0041E0A6 833801
:0041E0A9 7512
:0041E0AB 8B4304
:0041E0AE 50
mov esi, eax

sub eax, 00000007
je 0041E0A1
sub eax, 000001FE
jne 0041E0BD
mov eax, esi
call 0041D2D8
test al, al
jne 0041E0C6
jmp 0041E0BD
jne 0041E0BD
push eax

|
:0041E0AF E8FC81FEFF
Call 004062B0
:0041E0B4 85C0
test eax, eax
:0041E0B6 7505
jne 0041E0BD
:0041E0B8 33C0
xor eax, eax
:0041E0BA 894304
|:0041E092(C), :0041E09F(U), :0041E0A9(C), :0041E0B6(C)
|
:0041E0BD 8BD3
mov edx, ebx
:0041E0BF 8BC6
mov eax, esi
:0041E0C1 E8CA8A0000
call 00426B90
|:0041E09D(C)
|
:0041E0C6 5E
pop esi
:0041E0C7 5B
pop ebx
:0041E0C8 C3
ret
:0041E0C9
:0041E0CC
:0041E0CD
:0041E0CF
:0041E0D1
:0041E0D3
:0041E0D6
:0041E0DB
:0041E0DE
:0041E0E0
:0041E0E2
:0041E0E4
:0041E0E9
8D4000
56
8BF0
8BC6
8B08
FF51F0
A18C2B4400
803800
7429
6AF0
8BC6
E817AE0000
50

push esi
mov esi, eax
mov eax, esi
call [ecx-10]
je 0041E109
push FFFFFFF0
mov eax, esi
call 00428F00
push eax

|
:0041E0EA
:0041E0EF
:0041E0F1
:0041E0F3
:0041E0F5
:0041E0F7
:0041E0FC
:0041E0FE
:0041E103
E85181FEFF
A804
7516
6A00
6A03
68D3000000
8BC6
E8FDAD0000
50
Call 00406240
test al, 04
jne 0041E109
push 00000000
push 00000003
push 000000D3
mov eax, esi
call 00428F00
push eax

|
:0041E104 E87F82FEFF
Call 00406388
|:0041E0DE(C), :0041E0F1(C)
|
:0041E109 5E
pop esi
:0041E10A C3
ret
:0041E10B
:0041E10C
:0041E10D
:0041E10E
:0041E110
:0041E112
:0041E117
:0041E11A
:0041E11C
:0041E123
:0041E125
:0041E127
:0041E12C
:0041E12E
90
53
56
8BF2
8BD8
A18C2B4400
803800
7417
80BBF001000001
750E
8BC3
E84CFEFFFF
8BC3
E849850000
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
je 0041E133
jne 0041E133
mov eax, ebx
call 0041DF78
mov eax, ebx
call 0042667C
|:0041E11A(C), :0041E123(C)
|
:0041E133 8BD6
:0041E135 8BC3
:0041E137 E81CA40000
:0041E13C 5E
:0041E13D 5B
:0041E13E C3
:0041E13F
:0041E140
:0041E141
:0041E143
:0041E145
:0041E14A
:0041E14E
:0041E150
:0041E154
:0041E156
:0041E15A
nop
push ebx
mov ebx, eax
mov eax, ebx
call 004284AC
test [ebx+41], 02
je 0041E163
test [ebx+20], 10
je 0041E15C
test [ebx+20], 01
jne 0041E163
90
53
8BD8
8BC3
E862A30000
F6434102
7413
F6432010
7406
F6432001
7507
mov edx, esi

mov eax, ebx
call 00428558
pop esi
pop ebx
ret
|:0041E154(C)
|
:0041E15C 8BC3
:0041E15E E851FEFFFF
mov eax, ebx

call 0041DFB4

|:0041E14E(C), :0041E15A(C)
|
:0041E163 5B
pop ebx
:0041E164 C3
ret
:0041E165
:0041E168
:0041E169
:0041E16F
:0041E171
:0041E178
:0041E17A
:0041E17E
8D4000
53
66817A060003
7512
80B8F801000000
7509
66BBB8FF
E8714CFEFF

push ebx
cmp word ptr [edx+06], 0300
jne 0041E183
jne 0041E183
mov bx, FFB8
call 00402DF4

|:0041E16F(C), :0041E178(C)
|
:0041E183 5B
pop ebx
:0041E184 C3
ret
:0041E185
:0041E188
:0041E189
:0041E18A
:0041E18C
:0041E18E
:0041E195
:0041E197
:0041E19B
:0041E19D
:0041E19F
:0041E1A1
:0041E1A6
8D4000
53
56
8BF2
8BD8
80BBF401000000
7420
F6434401
751A
6AF0
8BC3
E85AAD0000
50

push ebx
push esi
mov esi, edx
mov ebx, eax
je 0041E1B7
test [ebx+44], 01
jne 0041E1B7
push FFFFFFF0
mov eax, ebx
call 00428F00
push eax

|
:0041E1A7 E89480FEFF
Call 00406240
:0041E1AC A804
test al, 04
:0041E1AE 7507
jne 0041E1B7
:0041E1B0 8BC3
mov eax, ebx
:0041E1B2 E881FAFFFF
call 0041DC38
|:0041E195(C), :0041E19B(C), :0041E1AE(C)
|
:0041E1B7 8BD6
mov edx, esi
:0041E1B9 8BC3
mov eax, ebx
:0041E1BB E8ACA10000
call 0042836C
:0041E1C0 5E
pop esi
:0041E1C1 5B
pop ebx
:0041E1C2 C3
ret
:0041E1C3
:0041E1C4
:0041E1C5
:0041E1C6
:0041E1C8
:0041E1CA
:0041E1CC
:0041E1CF
:0041E1D1
:0041E1D6
:0041E1D8
:0041E1DA
:0041E1DC
:0041E1DE
:0041E1E3
90
53
56
8BF0
8BC6
8B08
FF51F0
8BC6
E80AB10000
84C0
7413
6AF0
8BC6
E81DAD0000
50
nop
push ebx
push esi
mov esi, eax
mov eax, esi
call [ecx-10]
mov eax, esi
call 004292E0
test al, al
je 0041E1ED
push FFFFFFF0
mov eax, esi
call 00428F00
push eax

|
:0041E1E4 E85780FEFF
Call 00406240
:0041E1E9 A804
test al, 04
:0041E1EB 740B
je 0041E1F8
|:0041E1D8(C)
|
:0041E1ED 8BC6
:0041E1EF 66BBB8FF
:0041E1F3 E8FC4BFEFF

mov eax, esi
mov bx, FFB8
call 00402DF4

|:0041E1EB(C)
|
:0041E1F8 5E
pop esi
:0041E1F9 5B
pop ebx
:0041E1FA C3
ret
:0041E1FB
:0041E1FC
:0041E1FD
:0041E1FE
:0041E200
:0041E202
:0041E204
:0041E206
:0041E20B
:0041E20D
:0041E213
:0041E218
:0041E21B
:0041E21C
:0041E21D
90
53
56
8BF2
8BD8
8BD6
8BC3
E8ED6F0000
8BC6
8B1514CB4100
E8904BFEFF
894318
5E
5B
C3
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 004251F8
mov eax, esi
mov edx, dword ptr [0041CB14]
call 00402DA8
pop esi
pop ebx
ret
:0041E21E
:0041E220
:0041E221
:0041E223
:0041E225
8BC0
53
8BD8
8BC3
E8B2FC0000
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 0042DEDC
:0041E22A
:0041E22C
:0041E22E
:0041E231
:0041E233
:0041E239
:0041E23A
:0041E23D
:0041E243
:0041E248
:0041E249
:0041E24C
84C0
7420
8B4318
8B10
FF92B8000000
50
8B430C
8B15F4D74200
E8604BFEFF
5A
3A5050
7404
test al, al
je 0041E24E
push eax
mov edx, dword ptr [0042D7F4]
call 00402DA8
pop edx
je 0041E252

|:0041E22C(C)
|
:0041E24E 33C0
xor eax, eax
:0041E250 5B
pop ebx
:0041E251 C3
ret

|:0041E24C(C)
|
:0041E252 B001
mov al, 01
:0041E254 5B
pop ebx
:0041E255 C3
ret
:0041E256
:0041E258
:0041E259
:0041E25B
:0041E25C
:0041E25D
:0041E25F
:0041E262
:0041E265
:0041E267
:0041E26A
:0041E26C
:0041E26E
:0041E271
:0041E274
:0041E27B
:0041E27D
:0041E27E
:0041E283
:0041E286
:0041E289
:0041E28B
:0041E28D
:0041E293
:0041E295
:0041E296
:0041E297
:0041E298
8BC0
55
8BEC
51
53
8BDA
8945FC
8B45FC
8B10
FF5220
84C0
7447
8B45FC
8B4018
C680EC01000001
33D2
55
68AEE24100
64FF32
648922
8BD3
8B08
FF91BC000000
33C0
5A
59
59
648910
mov eax, eax

push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, edx
call [edx+20]
test al, al
je 0041E2B5
mov byte ptr [eax+000001EC], 01
xor edx, edx
push ebp
push 0041E2AE
mov edx, ebx
call dword ptr [ecx+000000BC]
xor eax, eax
pop edx
pop ecx
pop ecx
:0041E29B 68B5E24100
|
push 0041E2B5
|:0041E2B3(U)
|
:0041E2A0 8B45FC
:0041E2A3 8B4018
:0041E2A6 C680EC01000000
:0041E2AD C3
:0041E2AE E9C54FFEFF
:0041E2B3 EBEB
jmp 00403278
jmp 0041E2A0

mov byte ptr [eax+000001EC], 00
ret

|:0041E26C(C)
|
:0041E2B5 5B
pop ebx
:0041E2B6 59
pop ecx
:0041E2B7 5D
pop ebp
:0041E2B8 C3
ret
:0041E2B9 8D4000

|:0041E3DE
|
:0041E2BC 53
push ebx
:0041E2BD 56
push esi
:0041E2BE 84D2
test dl, dl
:0041E2C0 7408
je 0041E2CA
:0041E2C2 83C4F0
add esp, FFFFFFF0
:0041E2C5 E83A4CFEFF
call 00402F04
|:0041E2C0(C)
|
:0041E2CA 8BDA
:0041E2CC 8BF0
:0041E2CE 33D2
:0041E2D0 8BC6
:0041E2D2 E8996F0000
:0041E2D7 C6864801000000
:0041E2DE 8BC6
:0041E2E0 84DB
:0041E2E2 740F
:0041E2E4 E8734CFEFF
:0041E2E9 648F0500000000
:0041E2F0 83C40C

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 00425270
mov eax, esi
test bl, bl
je 0041E2F3
call 00402F5C
add esp, 0000000C

|:0041E2E2(C)
|
:0041E2F3 8BC6
mov eax, esi
:0041E2F5 5E
pop esi
:0041E2F6 5B
pop ebx
:0041E2F7 C3
ret
:0041E2F8
:0041E2F9
:0041E2FA
:0041E2FB
:0041E2FD
:0041E2FF
:0041E301
:0041E303
:0041E305
:0041E307
:0041E30C
:0041E30E
:0041E314
:0041E319
:0041E31B
:0041E31D
:0041E31F
:0041E321
:0041E323
:0041E325
:0041E32B
:0041E32D
53
56
57
8BD9
8BF2
8BF8
8BCB
8BD6
8BC7
E844B70000
8BC6
8B15F4D74200
E8774AFEFF
84C0
741F
84DB
740E
8BC7
8B10
FF92B8000000
84C0
750D
push ebx
push esi
push edi
mov ebx, ecx
mov esi, edx
mov edi, eax
mov ecx, ebx
mov edx, esi
mov eax, edi
call 00429A50
mov eax, esi
call 00402D90
test al, al
je 0041E33C
test bl, bl
je 0041E32F
mov eax, edi
test al, al
jne 0041E33C
|:0041E31F(C)
|
:0041E32F 8A5650
:0041E332 8BC7
:0041E334 8B08
:0041E336 FF91BC000000
|:0041E31B(C), :0041E32D(C)
|
:0041E33C 5F
:0041E33D 5E
:0041E33E 5B
:0041E33F C3
:0041E340 A154CA4100
:0041E345 C3
mov eax, dword ptr [0041CA54]

ret
:0041E346 8BC0
:0041E348 33C0
:0041E34A C3
mov eax, eax

xor eax, eax
ret
:0041E34B 90
:0041E34C C3
nop
ret
:0041E34D
:0041E350
:0041E351
:0041E352
:0041E353
:0041E355

push ebx
push esi
push edi
mov edi, edx
mov esi, eax
8D4000
53
56
57
8BFA
8BF0

mov eax, edi
call dword ptr [ecx+000000BC]
pop edi
pop esi
pop ebx
ret
:0041E357
:0041E359
:0041E35E
:0041E360
:0041E363
:0041E365
:0041E36A
:0041E36C
8B07
2D01020000
740E
83E802
7409
2D0EBB0000
7443
EB4A
|:0041E35E(C), :0041E363(C)
|
:0041E36E F6462010
:0041E372 7544
:0041E374 8BC6
:0041E376 66BBBBFF
:0041E37A E8754AFEFF
:0041E37F 84C0
:0041E381 7535
:0041E383 C686EC01000001
:0041E38A 8BC6
:0041E38C E86FAB0000
:0041E391 50

sub eax, 00000201
je 0041E36E
sub eax, 00000002
je 0041E36E
sub eax, 0000BB0E
je 0041E3AF
jmp 0041E3B8
test [esi+20], 10
jne 0041E3B8
mov eax, esi
mov bx, FFBB
call 00402DF4
test al, al
jne 0041E3B8
mov byte ptr [esi+000001EC], 01
mov eax, esi
call 00428F00
push eax

|
:0041E392 E81180FEFF
Call 004063A8
:0041E397 C686EC01000000
mov byte ptr [esi+000001EC], 00
:0041E39E 8BC6
mov eax, esi
:0041E3A0 66BBBBFF
mov bx, FFBB
:0041E3A4 E84B4AFEFF
call 00402DF4
:0041E3A9 84C0
test al, al
:0041E3AB 7414
je 0041E3C1
:0041E3AD EB09
jmp 0041E3B8
|:0041E36A(C)
|
:0041E3AF 80BEEC01000000
cmp byte ptr [esi+000001EC], 00
:0041E3B6 7509
jne 0041E3C1
|:0041E36C(U), :0041E372(C), :0041E381(C), :0041E3AD(U)
|
:0041E3B8 8BD7
mov edx, edi
:0041E3BA 8BC6
mov eax, esi
:0041E3BC E813860000
call 004269D4
|:0041E3AB(C), :0041E3B6(C)
|
:0041E3C1 5F
:0041E3C2 5E
:0041E3C3 5B
:0041E3C4 C3
:0041E3C5 8D4000
pop edi
pop esi
pop ebx
ret
|:00441176
|
:0041E3C8 53
:0041E3C9 56
:0041E3CA 84D2
:0041E3CC 7408
:0041E3CE 83C4F0
:0041E3D1 E82E4BFEFF
|:0041E3CC(C)
|
:0041E3D6 8BDA
:0041E3D8 8BF0
:0041E3DA 33D2
:0041E3DC 8BC6
:0041E3DE E8D9FEFFFF
:0041E3E3 A128E44100
:0041E3E8 894640
:0041E3EB BA4B000000
:0041E3F0 8BC6
:0041E3F2 E8B5450000
:0041E3F7 BA19000000
:0041E3FC 8BC6
:0041E3FE E8CD450000
:0041E403 B201
:0041E405 8BC6
:0041E407 E820AD0000
:0041E40C 8BC6
:0041E40E 84DB
:0041E410 740F
:0041E412 E8454BFEFF
:0041E417 648F0500000000
:0041E41E 83C40C
push ebx
push esi
test dl, dl
je 0041E3D6
add esp, FFFFFFF0
call 00402F04
mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 0041E2BC
mov edx, 0000004B
mov eax, esi
call 004229AC
mov edx, 00000019
mov eax, esi
call 004229D0
mov dl, 01
mov eax, esi
call 0042912C
mov eax, esi
test bl, bl
je 0041E421
call 00402F5C
add esp, 0000000C

|:0041E410(C)
|
:0041E421 8BC6
mov eax, esi
:0041E423 5E
pop esi
:0041E424 5B
pop ebx
:0041E425 C3
ret
:0041E426 0000
BYTE 2 DUP(0)
:0041E428
:0041E42A
:0041E42C
:0041E42D
:0041E42F
:0041E431
:0041E436
:0041E438
:0041E43A
:0041E440
loopnz 0041E42A
push ebx
mov ebx, eax
mov eax, ebx
call 00436C10
test eax, eax
je 0041E446
mov edx, dword ptr [ebx+000001F4]
E000
0000
53
8BD8
8BC3
E8DA870100
85C0
740C
8B93F4010000
89902C020000

|:0041E438(C)
|
:0041E446
:0041E448
:0041E44D
:0041E44E
8BC3
E86B600000
5B
C3
mov eax, ebx

call 004244B8
pop ebx
ret
:0041E44F 90
:0041E450 33C0
:0041E452 C3
nop
xor eax, eax
ret
:0041E453
:0041E454
:0041E455
:0041E456
:0041E457
:0041E458
:0041E45A
:0041E45C
:0041E45E
:0041E463
:0041E465
:0041E467
:0041E469
:0041E46B
:0041E46F
nop
push ebx
push esi
push edi
push ebp
mov ebx, edx
mov ebp, eax
mov eax, ebp
call 004292E0
test al, al
je 0041E4A1
test bl, bl
je 0041E471
mov si, 0001
jmp 0041E473
90
53
56
57
55
8BDA
8BE8
8BC5
E87DAE0000
84C0
743A
84DB
7406
66BE0100
EB02

|:0041E469(C)
|
:0041E471 33F6
xor esi, esi
|:0041E46F(U)
|
:0041E473 6AF0
:0041E475 8BC5
:0041E477 E884AA0000
:0041E47C 50

push FFFFFFF0
mov eax, ebp
call 00428F00
push eax

|
:0041E47D E8BE7DFEFF
Call 00406240
:0041E482 83E00F
and eax, 0000000F
:0041E485 0FB7FE
movzx edi, si
:0041E488 3BC7
cmp eax, edi
:0041E48A 7415
je 0041E4A1
:0041E48C 6A01
push 00000001
:0041E48E 57
push edi
:0041E48F 68F4000000
push 000000F4
:0041E494 8BC5
mov eax, ebp
:0041E496 E865AA0000
call 00428F00
:0041E49B 50
push eax
|
:0041E49C E8E77EFEFF
Call 00406388
|:0041E465(C), :0041E48A(C)
|
:0041E4A1 5D
:0041E4A2 5F
:0041E4A3 5E
:0041E4A4 5B
:0041E4A5 C3
pop
pop
pop
pop
ret
:0041E4A6 8BC0
mov eax, eax
ebp
edi
esi
ebx

|:004411C3
|
:0041E4A8 53
push ebx
:0041E4A9 8BD8
mov ebx, eax
:0041E4AB 8893F0010000
:0041E4B1 8BC3
mov eax, ebx
:0041E4B3 E828AE0000
call 004292E0
:0041E4B8 84C0
test al, al
:0041E4BA 741E
je 0041E4DA
:0041E4BC 8BC3
mov eax, ebx
:0041E4BE E84D870100
call 00436C10
:0041E4C3 85C0
test eax, eax
:0041E4C5 7413
je 0041E4DA
:0041E4C7 8B9000020000
:0041E4CD 52
push edx
:0041E4CE 33C9
xor ecx, ecx
:0041E4D0 BA07B00000
mov edx, 0000B007
:0041E4D5 E8BA5C0000
call 00424194
|:0041E4BA(C), :0041E4C5(C)
|
:0041E4DA 5B
pop ebx
:0041E4DB C3
ret
:0041E4DC
:0041E4DD
:0041E4DE
:0041E4E0
:0041E4E2
:0041E4E4
:0041E4E6
53
56
8BF2
8BD8
8BD6
8BC3
E8FD7C0000
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 004261E8
* Possible StringData Ref from Code Obj ->"BUTTON"

|
:0041E4EB B910E54100
mov ecx, 0041E510
:0041E4F0 8BD6
mov edx, esi
:0041E4F2 8BC3
mov eax, ebx
:0041E4F4 E8177C0000
call 00426110
:0041E4F9 33C0
xor eax, eax
:0041E4FB 8A83F0010000
:0041E501 8B048500264400
:0041E508 094604
or dword ptr [esi+04], eax
:0041E50B 5E
pop esi
:0041E50C 5B
pop ebx
:0041E50D C3
ret
:0041E50E 0000
BYTE 2 DUP(0)
:0041E510
:0041E511
:0041E512
:0041E513
:0041E514
:0041E515
:0041E516
:0041E518
:0041E519
:0041E51B
:0041E51D
:0041E522
:0041E528
:0041E52E
:0041E52F
42
55
54
54
4F
4E
0000
53
8BD8
8BC3
E8F67D0000
8A83F0010000
8883F2010000
5B
C3
inc edx
push ebp
push esp
push esp
dec edi
dec esi
push ebx
mov ebx, eax
mov eax, ebx
call 00426318
pop ebx
ret
:0041E530
:0041E531
:0041E536
:0041E538
:0041E53C
53
66837A0600
7509
66BBECFF
E8B348FEFF
push ebx
jne 0041E541
mov bx, FFEC
call 00402DF4

|:0041E536(C)
|
:0041E541 5B
pop ebx
:0041E542 C3
ret
:0041E543
:0041E544
:0041E545
:0041E546
:0041E548
:0041E54A
:0041E54F
:0041E551
:0041E558
90
53
56
8BF2
8BD8
66837E040D
7509
80BBF201000000
7510
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
cmp word ptr [esi+04], 000D
jne 0041E55A
jne 0041E56A
|:0041E54F(C)
|
:0041E55A 66837E041B
:0041E55F 753B
:0041E561 80BBF101000000
:0041E568 7432
|:0041E558(C)
|
:0041E56A 8B4608
:0041E56D E876850100
:0041E572 8A15A8E54100
:0041E578 3AD0
:0041E57A 7520
cmp word ptr [esi+04], 001B

jne 0041E59C
je 0041E59C

call 00436AE8
mov dl, byte ptr [0041E5A8]
cmp dl, al
jne 0041E59C
:0041E57C
:0041E57E
:0041E583
:0041E585
:0041E587
:0041E589
:0041E58D
:0041E592
:0041E599
:0041E59A
:0041E59B
8BC3
E8BDA80000
84C0
7415
8BC3
66BBECFF
E86248FEFF
C7460C01000000
5E
5B
C3
mov eax, ebx

call 00428E40
test al, al
je 0041E59C
mov eax, ebx
mov bx, FFEC
call 00402DF4
mov [esi+0C], 00000001
pop esi
pop ebx
ret

|:0041E55F(C), :0041E568(C), :0041E57A(C), :0041E585(C)
|
:0041E59C 8BD6
mov edx, esi
:0041E59E 8BC3
mov eax, ebx
:0041E5A0 E8279E0000
call 004283CC
:0041E5A5 5E
pop esi
:0041E5A6 5B
pop ebx
:0041E5A7 C3
ret
:0041E5A8 00000000
BYTE 4 DUP(0)
:0041E5AC
:0041E5AD
:0041E5AF
:0041E5B1
:0041E5B2
:0041E5B3
:0041E5B5
:0041E5B7
:0041E5B9
:0041E5BA
:0041E5BF
:0041E5C2
:0041E5C5
:0041E5C8
:0041E5CA
:0041E5CF
:0041E5D2
:0041E5D6
:0041E5DB
:0041E5DD
:0041E5DF
:0041E5E1
:0041E5E6
:0041E5E8
:0041E5EA
:0041E5EC
:0041E5F0
:0041E5F5
:0041E5FC
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0041E61D
mov eax, ebx
call 004231A4
call 00436B70
test al, al
je 0041E5FE
mov eax, ebx
call 00428E40
test al, al
je 0041E5FE
mov eax, ebx
mov bx, FFEC
call 00402DF4
mov [esi+0C], 00000001
jmp 0041E607
55
8BEC
6A00
53
56
8BF2
8BD8
33C0
55
681DE64100
64FF30
648920
8D55FC
8BC3
E8D54B0000
8B55FC
668B4604
E895850100
84C0
741F
8BC3
E85AA80000
84C0
7414
8BC3
66BBECFF
E8FF47FEFF
C7460C01000000
EB09

|:0041E5DD(C), :0041E5E8(C)
|
:0041E5FE 8BD6
:0041E600 8BC3
:0041E602 E8CD9D0000
mov edx, esi

mov eax, ebx
call 004283D4

|:0041E5FC(U)
|
:0041E607 33C0
xor eax, eax
:0041E609 5A
pop edx
:0041E60A 59
pop ecx
:0041E60B 59
pop ecx
:0041E60C 648910
|
:0041E60F 6824E64100
push 0041E624
|:0041E622(U)
|
:0041E614 8D45FC
:0041E617 E89C51FEFF
:0041E61C C3
:0041E61D
:0041E622
:0041E624
:0041E625
:0041E626
:0041E627
:0041E628
E9564CFEFF
EBF0
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
ret
:0041E629
:0041E62C
:0041E62D
:0041E62E
:0041E62F
:0041E631
:0041E633
:0041E636
:0041E638
:0041E63E
:0041E643
:0041E645
:0041E647
:0041E649
:0041E64C
:0041E652
8D4000
53
56
57
8BF2
8BD8
8B7E08
8BC7
8B156CCC4100
E84D47FEFF
84C0
740D
3BDF
0F94C0
8883F2010000
EB0C

push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov eax, edi
mov edx, dword ptr [0041CC6C]
call 00402D90
test al, al
je 0041E654
cmp ebx, edi
sete al
jmp 0041E660

call 004037B8
ret
00403278
0041E614
esi
ebx
ecx
ebp

|:0041E645(C)
|
:0041E654 8A83F0010000
:0041E65A 8883F2010000
|:0041E652(U)
|
:0041E660
:0041E666
:0041E668
:0041E66A
:0041E670
:0041E672
:0041E674
:0041E679
:0041E67A
:0041E67B
:0041E67C
8A93F2010000
8BC3
8B08
FF91C0000000
8BD6
8BC3
E8639D0000
5F
5E
5B
C3

mov eax, ebx
call dword ptr [ecx+000000C0]
mov edx, esi
mov eax, ebx
call 004283DC
pop edi
pop esi
pop ebx
ret
:0041E67D
:0041E680
:0041E682
:0041E685
8D4000
8B08
FF51F0
C3

call [ecx-10]
ret
:0041E686
:0041E688
:0041E689
:0041E68B
:0041E68D
:0041E68E
:0041E693
:0041E696
:0041E699
:0041E69F
:0041E6A1
:0041E6A2
:0041E6A3
:0041E6A4
:0041E6A7
8BC0
55
8BEC
33C0
55
68ADE64100
64FF30
648920
FF050C374400
33C0
5A
59
59
648910
68B4E64100
mov eax, eax

push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0041E6AD
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041E6B4
|:0041E6B2(U)
|
:0041E6AC C3
:0041E6AD E9C64BFEFF
:0041E6B2 EBF8
:0041E6B4 5D
:0041E6B5 C3
:0041E6B6 8BC0
:0041E6B8 832D0C37440001
:0041E6BF C3
mov eax, eax

sub dword ptr [0044370C], 00000001
ret
:0041E6C0
:0041E6C1
:0041E6C3
:0041E6C5
:0041E6C6
:0041E6CB
:0041E6CE
:0041E6D1
:0041E6D7
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0041E6F1
jne 0041E6E3
55
8BEC
33C0
55
68F1E64100
64FF30
648920
FF0514374400
750A
ret
jmp 00403278
jmp 0041E6AC
pop ebp
ret
:0041E6D9 A118374400
:0041E6DE E83D45FEFF

call 00402C20
|:0041E6D7(C)
|
:0041E6E3 33C0
:0041E6E5 5A
:0041E6E6 59
:0041E6E7 59
:0041E6E8 648910
:0041E6EB 68F8E64100
|:0041E6F6(U)
|
:0041E6F0 C3
:0041E6F1 E9824BFEFF
:0041E6F6 EBF8
:0041E6F8 5D
:0041E6F9 C3
:0041E6FA 8BC0
:0041E6FC 832D1437440001
:0041E703 7327
mov eax, eax

sub dword ptr [00443714], 00000001
jnb 0041E72C
xor eax, eax

pop edx
pop ecx
pop ecx
push 0041E6F8
ret
jmp 00403278
jmp 0041E6F0
pop ebp
ret
* Possible StringData Ref from Code Obj ->"Delphi Picture"

|
:0041E705 6830E74100
push 0041E730
|
:0041E70A E8397CFEFF
Call 00406348
:0041E70F 66A310374400
* Possible StringData Ref from Code Obj ->"Delphi Component"
|
:0041E715 6840E74100
push 0041E740
|
:0041E71A E8297CFEFF
Call 00406348
:0041E71F 66A312374400
:0041E725 33C0
xor eax, eax
:0041E727 A318374400
|:0041E703(C)
|
:0041E72C C3
ret
:0041E72D 000000
BYTE 3 DUP(0)
:0041E730 44
:0041E731 65
inc esp
BYTE 065h
:0041E732 6C
:0041E733 7068
insb
jo 0041E79D
:0041E735 692050696374
:0041E73B 7572
:0041E73D 65
imul esp, dword ptr [eax], 74636950

jne 0041E7AF
BYTE 065h
:0041E73E 0000
:0041E740 44
:0041E741 65

inc esp
BYTE 065h
:0041E742
:0041E743
:0041E745
:0041E74B
:0041E74C
:0041E74D
insb
jo 0041E7AD
imul esp, dword ptr [eax], 706D6F43
outsd
outsb
BYTE 065h
6C
7068
6920436F6D70
6F
6E
65
:0041E74E 6E
:0041E74F 7400
outsb
je 0041E751
|:0041E74F(C)
|
:0041E751 000000
:0041E754 A0E7410000
:0041E759 00000000000000000000
:0041E763 00
BYTE 0
:0041E764
:0041E765
:0041E767
:0041E771
clc
out 41, ax
BYTE 10 DUP(0)
BYTE 3 DUP(0)
F8
E741
00000000000000000000
000000
BYTE 3 DUP(0)
mov al, byte ptr [000041E7]
BYTE 10 DUP(0)
:0041E774 E8E7410074
:0041E779 000000
call 74422960
BYTE 3 DUP(0)
:0041E77C
:0041E77D
:0041E77E
:0041E77F
:0041E782
:0041E783
:0041E786
:0041E787
:0041E789
F4
D7
42
00681C
41
00342E
40
0038
2E
hlt
xlat
inc edx
inc ecx
inc eax
BYTE 02eh
:0041E78A
:0041E78B
:0041E78E
:0041E78F
:0041E791
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041E792
:0041E793
:0041E79A
:0041E79B
40
00B42B4000C82B
40
00D0
inc
add
inc
add
eax
eax
al, dl

|:0041E733(C)
|
:0041E79D DF4200
fild word ptr [edx+00]
:0041E7A0 08E0
or al, ah
:0041E7A2 42
inc edx
:0041E7A3 00D4
add ah, dl
:0041E7A5 17
pop ss
:0041E7A6 41
inc ecx
:0041E7A7 0008
:0041E7A9 D24000
:0041E7AC A8184100
:0041E7B0 68174100
DWORD 004118A8
DWORD 00411768
:0041E7B4
:0041E7B6
:0041E7B7
:0041E7BA
:0041E7BB
:0041E7C1
04DA
42
0068E3
42
00801C4100C4
184100
add
inc
add
inc
add
sbb
:0041E7C4
:0041E7C8
:0041E7CC
:0041E7D0
:0041E7D4
:0041E7D8
:0041E7DC
:0041E7E0
BC184100
881C4100
3CE84100
D81E4100
841E4100
401E4100
481E4100
441E4100
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0041E7E4
:0041E7E5
:0041E7E8
:0041E7EC
:0041E7ED
:0041E7EF
:0041E7F3
:0041E7F4
:0041E7F5
:0041E7F7
:0041E7F9
:0041E7FD
:0041E7FE
:0041E800
:0041E804
:0041E805
:0041E80A
:0041E80D
:0041E80F
:0041E812
58
DB4200
0B544869
6E
7441
6374696F
6E
F8
E741
0007
0B544869
6E
7441
6374696F
6E
A0E74100B8
D84200
0400
085374
64
pop eax
fild dword ptr [edx+00]
or edx, dword ptr [eax+2*ecx+69]
outsb
je 0041E830
outsb
clc
out 41, ax
outsb
je 0041E841
outsb
mov al, byte ptr [B80041E7]
fadd dword ptr [edx+00]
add al, 00
BYTE 064h
al, DA
edx
byte ptr [eax-1D], ch
edx
004118BC
00411C88
0041E83C
00411ED8
00411E84
00411E40
00411E48
00411E44
:0041E813
:0041E814
:0041E818
:0041E81A
:0041E81C
:0041E81D
:0041E820
:0041E822
:0041E823
:0041E825
:0041E827
41
63746E73
0100
7C10
40
005800
00FF
F4
E142
0001
000000000000
inc ecx
arpl dword ptr [esi+2*ebp+73], esi
jl 0041E82C
inc eax
add bh, bh
hlt
loopz 0041E867
BYTE 6 DUP(0)
:0041E82D
:0041E830
:0041E836
:0041E837
:0041E838
:0041E839
:0041E83A
:0041E83B
800000
008003000448
69
6E
74
8D
40
00

BYTE 69h
BYTE 6eh
BYTE 74h
BYTE 8dh
BYTE 40h
BYTE 00h

|:0043F577
|
:0041E83C 53
push ebx
:0041E83D 56
push esi
:0041E83E 84D2
test dl, dl
:0041E840 7408
je 0041E84A
:0041E842 83C4F0
add esp, FFFFFFF0
:0041E845 E8BA46FEFF
call 00402F04
|:0041E840(C)
|
:0041E84A 8BDA
:0041E84C 8BF0
:0041E84E 33D2
:0041E850 8BC6
:0041E852 E831F70000
:0041E857 C6464800
:0041E85B 8BC6
:0041E85D 84DB
:0041E85F 740F
:0041E861 E8F646FEFF
:0041E866 648F0500000000
:0041E86D 83C40C

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 0042DF88
mov [esi+48], 00
mov eax, esi
test bl, bl
je 0041E870
call 00402F5C
add esp, 0000000C

|:0041E85F(C)
|
:0041E870 8BC6
mov eax, esi
:0041E872 5E
pop esi
:0041E873 5B
pop ebx
:0041E874 C3
ret
:0041E875 8D4000
:0041E878 55

push ebp
:0041E879
:0041E87B
:0041E87D
:0041E87E
:0041E883
:0041E886
:0041E889
:0041E88F
:0041E891
:0041E892
:0041E893
:0041E894
:0041E897
8BEC
33C0
55
689DE84100
64FF30
648920
FF051C374400
33C0
5A
59
59
648910
68A4E84100
mov ebp, esp

xor eax, eax
push ebp
push 0041E89D
xor eax, eax
pop edx
pop ecx
pop ecx
push 0041E8A4
|:0041E8A2(U)
|
:0041E89C C3
:0041E89D E9D649FEFF
:0041E8A2 EBF8
:0041E8A4 5D
:0041E8A5 C3
:0041E8A6 8BC0
:0041E8A8 832D1C37440001
:0041E8AF C3
mov eax, eax

sub dword ptr [0044371C], 00000001
ret
:0041E8B0
:0041E8B2
:0041E8B3
:0041E8B5
:0041E8B6
:0041E8B7
:0041E8B8
:0041E8BA
:0041E8BC
:0041E8BE
:0041E8C4
:0041E8C6
:0041E8C8
:0041E8C9
:0041E8CE
:0041E8CF
:0041E8D0
:0041E8D1
:0041E8D8
:0041E8DE
:0041E8E3
:0041E8E4
:0041E8E5
:0041E8E6
:0041E8E7
B4E8
41
0001
07
54
43
7572
736F
7202
0080FFFFFF7F
0000
8BC0
CC
E841000306
54
41
6C
69676E01000000
0005000000C8
E841000661
6C
4E
6F
6E
65
mov ah, E8
inc ecx
pop es
push esp
inc ebx
jne 0041E92C
jnb 0041E92B
jb 0041E8C0
add byte ptr [eax+7FFFFFFF], al
mov eax, eax
int 03
call 0644E90F
push esp
inc ecx
insb
imul esp, dword ptr [edi+6E], 00000001
add byte ptr [C8000000], al
call 6147E924
insb
dec esi
outsd
outsb
BYTE 065h
:0041E8E8
:0041E8ED
:0041E8EF
:0041E8F0
05616C546F
7008
61
6C
add eax, 6F546C61

jo 0041E8F7
popad
insb
ret
jmp 00403278
jmp 0041E89C
pop ebp
ret
:0041E8F1
:0041E8F2
:0041E8F3
:0041E8F5
:0041E8F6
42
6F
7474
6F
6D
inc edx
outsd
je 0041E969
outsd
insd
|:0041E8ED(C)
|
:0041E8F7 06
:0041E8F8 61
:0041E8F9 6C
:0041E8FA 4C
:0041E8FB 65667407
:0041E8FF 61
:0041E900 6C
:0041E901 52
:0041E902 6967687408616C
:0041E909 43
:0041E90A 6C
:0041E90B 69656E74905CE9
:0041E912 41
:0041E913 00000000000000000000
:0041E91D 00000000000000000000
:0041E927 000000000000000000
:0041E930
:0041E932
:0041E933
:0041E935
7CE9
41
0030
000000
jl 0041E91B
inc ecx
BYTE 3 DUP(0)
:0041E938
:0041E93A
:0041E93B
:0041E93D
8810
40
0028
2E

inc eax
BYTE 02eh
:0041E93E
:0041E93F
:0041E942
:0041E943
:0041E945
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0041E946
:0041E947
:0041E94A
:0041E94B
:0041E94D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041E94E
:0041E94F
:0041E956
:0041E957
:0041E959
:0041E95B
:0041E962
40
00B42B4000C82B
40
0010
2C40
009C094200C00A
42
inc
add
inc
add
sub
add
inc
push es
popad
insb
dec esp
je 0041E906
popad
insb
push edx
imul esp, dword ptr [edi+68], 6C610874
inc ebx
insb
imul esp, dword ptr [ebp+6E], E95C9074
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
eax
eax
byte ptr [eax], dl
al, 40
byte ptr [ecx+ecx+0AC00042], bl
edx
:0041E963
:0041E96A
:0041E96B
:0041E972
:0041E973
:0041E975
:0041E978
:0041E97A
:0041E97B
:0041E97D
:0041E97E
:0041E97F
:0041E981
:0041E983
:0041E986
:0041E98A
:0041E98B
:0041E995
:0041E99F
00BC0A42004409
42
00A4094200D80A
42
00DC
0A4200
E40A
42
000B
54
44
7261
674F
626A65
6374D4E9
41
00000000000000000000
00000000000000000000
000000000000000000
add byte ptr [edx+ecx+09440042], bh

inc edx
add byte ptr [ecx+ecx+0AD80042], ah
inc edx
add ah, bl
or al, byte ptr [edx+00]
in al, 0A
inc edx
push esp
inc esp
jb 0041E9E2
dec edi
arpl dword ptr [esp+8*edx-17], esi
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0041E9A8
:0041E9A9
:0041E9AE
:0041E9B0
:0041E9B2
:0041E9B3
:0041E9B5
FC
E941003400
0000
10E9
41
0028
2E
cld
jmp 0075E9EF
adc cl, ch
inc ecx
BYTE 02eh
:0041E9B6
:0041E9B7
:0041E9BA
:0041E9BB
:0041E9BD
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0041E9BE
:0041E9BF
:0041E9C2
:0041E9C3
:0041E9C5
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041E9C6
:0041E9C7
:0041E9CE
:0041E9CF
:0041E9D1
:0041E9D3
:0041E9D7
:0041E9D9
:0041E9DC
:0041E9E1
:0041E9E4
:0041E9E5
:0041E9E8
:0041E9EA
:0041E9EB
:0041E9ED
40
00B42B4000C82B
40
0010
2C40
005C0B42
00C0
0A4200
BC0A42000C
0B4200
A4
094200
D80A
42
00DC
0A4200
inc eax
inc eax
sub al, 40
add byte ptr [ebx+ecx+42], bl
add al, al
mov esp, 0C00420A
or eax, dword ptr [edx+00]
movsb
or dword ptr [edx+00], eax
fmul dword ptr [edx]
inc edx
add ah, bl
:0041E9F0
:0041E9F2
:0041E9F3
:0041E9F5
:0041E9F8
:0041E9FD
:0041E9FE
:0041E9FF
:0041EA00
:0041EA02
:0041EA03
:0041EA05
:0041EA07
:0041EA08
:0041EA09
:0041EA0B
:0041EA0C
:0041EA0D
:0041EA0E
:0041EA11
:0041EA15
:0041EA1C
:0041EA26
:0041EA30
E40A
42
0038
0B4200
E80A420016
54
42
61
7365
44
7261
6743
6F
6E
7472
6F
6C
4F
626A65
63749060
EA410000000000
00000000000000000000
00000000000000000000
00000000
in al, 0A
inc edx
call 16422C07
push esp
inc edx
popad
jnb 0041EA67
inc esp
jb 0041EA66
inc ebx
outsd
outsb
je 0041EA7D
outsd
insb
dec edi
arpl dword ptr [eax+4*edx+60], esi
jmp 0000:00000041
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 4 DUP(0)
:0041EA34
:0041EA36
:0041EA37
:0041EA3A
:0041EA3C
:0041EA3E
:0041EA3F
:0041EA41
88EA
41
003400
0000
88E9
41
0028
2E
mov dl, ch
inc ecx
add byte ptr [eax+eax], dh
mov cl, ch
inc ecx
BYTE 02eh
:0041EA42
:0041EA43
:0041EA46
:0041EA47
:0041EA49
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0041EA4A
:0041EA4B
:0041EA4E
:0041EA4F
:0041EA51
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041EA52
:0041EA53
:0041EA5A
:0041EA5B
:0041EA5D
:0041EA5F
:0041EA63
:0041EA69
:0041EA6C
:0041EA6E
40
00B42B4000C82B
40
0010
2C40
005C0B42
00900B4200A8
0B4200
0C0B
42
inc eax
inc eax
sub al, 40
add byte ptr [eax+A800420B], dl
or al, 0B
inc edx
:0041EA6F
:0041EA76
:0041EA77
:0041EA79
:0041EA7C
:0041EA7E
:0041EA7F
:0041EA81
:0041EA84
:0041EA89
:0041EA8A
:0041EA8B
:0041EA8D
:0041EA8F
:0041EA90
:0041EA91
:0041EA93
:0041EA94
:0041EA95
:0041EA96
:0041EA99
:0041EA9D
:0041EAA4
:0041EAAE
:0041EAB8
00A4094200B40B
42
00DC
0A4200
D40B
42
0038
0B4200
E80A420012
54
44
7261
6743
6F
6E
7472
6F
6C
4F
626A65
637490E8
EA410000000000
00000000000000000000
00000000000000000000
00000000
add byte ptr [ecx+ecx+0BB40042], ah

inc edx
add ah, bl
aam (base11)
inc edx
call 12422C93
push esp
inc esp
jb 0041EAEE
inc ebx
outsd
outsb
je 0041EB05
outsd
insb
dec edi
arpl dword ptr [eax+4*edx-18], esi
jmp 0000:00000041
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 4 DUP(0)
:0041EABC
:0041EABE
:0041EABF
:0041EAC3
:0041EAC9
20EB
41
00640000
0088E9410028
2E
and bl, ch
inc ecx
add byte ptr [eax+eax], ah
add byte ptr [eax+280041E9], cl
BYTE 02eh
:0041EACA
:0041EACB
:0041EACE
:0041EACF
:0041EAD1
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0041EAD2
:0041EAD3
:0041EAD6
:0041EAD7
:0041EAD9
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041EADA
:0041EADB
:0041EAE2
:0041EAE3
:0041EAE6
:0041EAE7
:0041EAEB
:0041EAED
:0041EAF2
:0041EAF3
:0041EAF9
:0041EAFC
40
00B42B4000C82B
40
00580C
42
005C0B42
00D8
0D4200BC0A
42
00880C4200A4
094200
D80A
inc eax
inc eax
add byte ptr [eax+0C], bl
inc edx
add al, bl
or eax, 0ABC0042
inc edx
add byte ptr [eax+A400420C], cl
or dword ptr [edx+00], eax
fmul dword ptr [edx]
:0041EAFE
:0041EAFF
:0041EB01
:0041EB04
:0041EB06
:0041EB07
:0041EB09
:0041EB0B
:0041EB0D
:0041EB10
:0041EB16
:0041EB17
:0041EB19
:0041EB1E
:0041EB1F
:0041EB21
:0041EB22
:0041EB23
:0041EB25
:0041EB27
:0041EB28
:0041EB2B
:0041EB2E
:0041EB32
:0041EB33
:0041EB3D
42
00DC
0A4200
E40A
42
00EC
0C42
00F4
0B4200
300D4200B00D
42
00C4
0D4200E40D
42
000F
54
44
7261
6744
6F
636B4F
626A65
63747CEB
41
00000000000000000000
000000
inc edx
add ah, bl
in al, 0A
inc edx
add ah, ch
or al, 42
add ah, dh
xor byte ptr [0DB00042], cl
inc edx
add ah, al
or eax, 0DE40042
inc edx
push esp
inc esp
jb 0041EB86
inc esp
outsd
arpl dword ptr [esp+2*edi-15], esi
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041EB40
:0041EB42
:0041EB43
:0041EB4D
A8EB
41
00000000000000000000
000000
test al, EB
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041EB50
:0041EB51
:0041EB53
:0041EB56
:0041EB58
:0041EB59
:0041EB5C
:0041EB5E
:0041EB5F
:0041EB62
:0041EB63
:0041EB65
94
EB41
006000
0000
FC
2B4100
282E
40
00342E
40
0038
2E
xchg eax,esp
jmp 0041EB94
cld
sub byte ptr [esi], ch
inc eax
inc eax
BYTE 02eh
:0041EB66
:0041EB67
:0041EB6A
:0041EB6B
:0041EB6D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041EB6E
:0041EB6F
:0041EB76
:0041EB77
:0041EB7E
40
00B42B4000C82B
40
00BC1E42000CD3
40
inc
add
inc
add
inc
eax
eax
byte ptr [esi+ebx-2CF3FFBE], bh
eax
:0041EB7F
:0041EB82
:0041EB83
:0041EB85
0014D3
40
0008
D24000
add
inc
add
rol
byte ptr [ebx+8*edx], dl

eax
byte ptr [eax], cl
byte ptr [eax+00], cl
:0041EB88 10504100
:0041EB8C FC4F4100
DWORD 00415010
DWORD 00414FFC
:0041EB90
:0041EB95
:0041EB96
:0041EB97
:0041EB98
:0041EB99
:0041EB9B
:0041EB9C
:0041EB9D
:0041EB9E
:0041EB9F
:0041EBA0
:0041EBA2
:0041EBA4
:0041EBA6
:0041EBA7
:0041EBA9
:0041EBAA
:0041EBAB
:0041EBAC
:0041EBAD
:0041EBAE
:0041EBB0
:0041EBB1
:0041EBB2
:0041EBB3
:0041EBB4
:0041EBB5
:0041EBB7
:0041EBB9
:0041EBBB
:0041EBBE
:0041EBBF
:0041EBC2
:0041EBC5
:0041EBC6
:0041EBC8
:0041EBC9
:0041EBCA
call 0E422DB3
push esp
inc ebx
outsd
outsb
je 0041EC0D
outsd
insb
inc ebx
popad
outsb
jbe 0041EC03
jnb 0041EB34
test al, EB
inc ecx
push cs
push esp
inc ebx
outsd
outsb
je 0041EC22
outsd
insb
inc ebx
popad
outsb
jbe 0041EC18
jnb 0041EC35
jmp 0041EBFC
inc ecx
or byte ptr [ebx+6F], al
outsb
je 0041EC3A
outsd
insb
jnb 0041EBCC
E81E42000E
54
43
6F
6E
7472
6F
6C
43
61
6E
7661
7390
A8EB
41
0007
0E
54
43
6F
6E
7472
6F
6C
43
61
6E
7661
737C
EB41
00682C
41
000400
08436F
6E
7472
6F
6C
7300
|:0041EBCA(C)
|
:0041EBCC 008D40001CEC
:0041EBD2 41
:0041EBD3 00000000000000000000
:0041EBDD 00000000000000000000
:0041EBE7 000000000000000000
:0041EBF0 7CEC
jl 0041EBDE
add byte ptr [ebp+EC1C0040], cl

inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0041EBF2
:0041EBF3
:0041EBF6
:0041EBF8
:0041EBFA
:0041EBFB
:0041EBFD
41
001400
0000
E0D8
42
0028
2E
inc ecx
loopnz 0041EBD2
inc edx
BYTE 02eh
:0041EBFE 40
:0041EBFF 00342E
:0041EC02 40
inc eax
inc eax

|:0041EBA0(C)
|
:0041EC03 0038
:0041EC05 2E
BYTE 02eh
:0041EC06
:0041EC07
:0041EC0A
:0041EC0B
40
003C2E
40
0030
inc
add
inc
add
eax
byte ptr [esi+ebp], bh
eax
byte ptr [eax], dh
|:0041EB99(C)
|
:0041EC0D 2E
:0041EC0E 40
:0041EC0F 00B42B4000C82B
:0041EC16 40
:0041EC17 0010
:0041EC19 1D41005421
:0041EC1E 42
:0041EC1F 00441D41
:0041EC23 006023
:0041EC26 42
:0041EC27 006C1D41
:0041EC2B 000C24
:0041EC2E 42
:0041EC2F 00C8
:0041EC31 1C41
:0041EC33 00A41D41005422
|:0041EBC6(C)
|
:0041EC3A 42
:0041EC3B 00DC
:0041EC3D DE4200
:0041EC40 C8224200
:0041EC44 04DF
:0041EC46 42
:0041EC47 00FC
:0041EC49 224200
:0041EC4C 2CDF
:0041EC4E 42
:0041EC4F 0040DF
:0041EC52 42
BYTE 02eh
inc eax
inc eax
sbb eax, 21540041
inc edx
add byte ptr [ebp+ebx+41], al
inc edx
add byte ptr [ebp+ebx+41], ch
add byte ptr [esp], cl
inc edx
add al, cl
sbb al, 41
inc edx
add ah, bl
fiadd word ptr [edx+00]
enter 4222, 00
add al, DF
inc edx
add ah, bh
sub al, DF
inc edx
inc edx
:0041EC53
:0041EC55
:0041EC58
:0041EC5A
:0041EC5B
:0041EC5F
:0041EC65
:0041EC68
:0041EC6C
:0041EC6E
:0041EC6F
:0041EC75
:0041EC78
:0041EC7A
:0041EC7B
:0041EC7D
:0041EC7E
:0041EC7F
:0041EC80
:0041EC81
:0041EC83
:0041EC84
:0041EC85
:0041EC86
:0041EC8A
:0041EC8B
:0041EC8C
:0041EC93
:0041EC95
:0041EC99
:0041EC9A
:0041EC9C
:0041EC9D
0030
234200
8823
42
006CDF42
00A823420074
DF4200
C8234200
7CDF
42
0080DF4200EC
234200
7021
42
0012
54
43
6F
6E
7472
6F
6C
41
6374696F
6E
4C
696E6B9094EC41
0003
09544472
61
674D
6F
64

inc edx
add byte ptr [edi+8*ebx+42], ch
enter 4223, 00
jl 0041EC4D
inc edx
jo 0041EC9B
inc edx
push esp
inc ebx
outsd
outsb
je 0041ECF5
outsd
insb
inc ecx
outsb
dec esp
imul ebp, dword ptr [esi+6B], 41EC9490
or dword ptr [esp+2*eax+72], edx
popad
dec ebp
outsd
BYTE 064h
:0041EC9E 650100
:0041ECA1 000000

BYTE 3 DUP(0)
:0041ECA4
:0041ECA6
:0041ECA8
:0041ECA9
:0041ECAA
:0041ECAB
:0041ECAD
0100
0000
90
EC
41
0008
64

nop
in al, dx
inc ecx
BYTE 064h
:0041ECAE
:0041ECAF
:0041ECB0
:0041ECB1
:0041ECB2
:0041ECB4
:0041ECB5
:0041ECB9
:0041ECBB
:0041ECBC
:0041ECBD
:0041ECBE
6D
4D
61
6E
7561
6C
0B646D41
7574
6F
6D
61
7469
insd
dec ebp
popad
outsb
jne 0041ED15
insb
or esp, dword ptr [ebp+2*ebp+41]
jne 0041ED2F
outsd
insd
popad
je 0041ED29
:0041ECC0
:0041ECC6
:0041ECC7
:0041ECC9
:0041ECCD
:0041ECCE
:0041ECD0
:0041ECD7
:0041ECD9
638D4000C8EC
41
0003
09544472
61
674B
696E6401000000
0001
000000
arpl dword ptr [ebp+ECC80040], ecx

inc ecx
or dword ptr [esp+2*eax+72], edx
popad
dec ebx
BYTE 3 DUP(0)
:0041ECDC
:0041ECDE
:0041ECDF
:0041ECE1
7
:0041ECE7
:0041ECE8
B
:0041ECEE
:0041ECF0
:0041ECF1
:0041ECF2
:0041ECF3
C4EC
41
0006
646B44726167
les ebp, esp

inc ecx
imul eax, dword ptr fs:[edx+2*esi+61], 0000006
06
646B446F636B
push es
imul eax, dword ptr fs:[edi+2*ebp+63], 0000006
8BC0
F4
EC
41
0001
mov eax, eax

hlt
in al, dx
inc ecx
|:0041EC81(C)
|
:0041ECF5 09545461
:0041ECF9 624F72
:0041ECFC 64
:0041ECFD 65
BYTE 065h
:0041ECFE 7202
:0041ED00 FFFFFFFFFF
jb 0041ED02
BYTE 5 DUP(0ffh)
:0041ED05 7F00
jg 0041ED07
|:0041ED05(C)
|
:0041ED07 000CED41000A08
:0041ED0E 54
:0041ED0F 43
:0041ED10 61
:0041ED11 7074
:0041ED13 696F6E8BC01CED
:0041ED1A 41
:0041ED1B 0003
:0041ED1D 0B54416E
:0041ED21 63686F
:0041ED24 724B
:0041ED26 696E6401000000
:0041ED2D 0003
or dword ptr [esp+2*edx+61], edx

bound ecx, dword ptr [edi+72]
BYTE 064h
add byte ptr [8*ebp+080A0041], cl

push esp
inc ebx
popad
jo 0041ED87
imul ebp, dword ptr [edi+6E], ED1CC08B
inc ecx
or edx, dword ptr [ecx+2*eax+6E]
jb 0041ED71
|:0041ECB9(C)
|
:0041ED2F 000000
:0041ED32 18ED
:0041ED34 41
:0041ED35 0006
:0041ED37 61
:0041ED38 6B4C656674
:0041ED3D 05616B546F
:0041ED42 7007
:0041ED44 61
:0041ED45 6B526967
:0041ED49 687408616B
:0041ED4E 42
:0041ED4F 6F
:0041ED50 7474
:0041ED52 6F
:0041ED53 6D
:0041ED54 58
:0041ED55 ED
:0041ED56 41
:0041ED57 0006
:0041ED59 0854416E
:0041ED5D 63686F
:0041ED60 7273
:0041ED62 0118
:0041ED64 ED
:0041ED65 41
:0041ED66 00906CED4100
:0041ED6C 010F
:0041ED6E 54
:0041ED6F 43
:0041ED70 6F
BYTE 3 DUP(0)
sbb ch, ch
inc ecx
popad
imul ecx, dword ptr [ebp+66], 00000074
add eax, 6F546B61
jo 0041ED4B
popad
imul edx, dword ptr [edx+69], 00000067
push 6B610874
inc edx
outsd
je 0041EDC6
outsd
insd
pop eax
in ax, dx
inc ecx
or byte ptr [ecx+2*eax+6E], dl
jb 0041EDD5
add dword ptr [eax], ebx
in ax, dx
inc ecx
add byte ptr [eax+0041ED6C], dl
add dword ptr [edi], ecx
push esp
inc ebx
outsd
|:0041ED24(C)
|
:0041ED71 6E
:0041ED72 7374
:0041ED74 7261
:0041ED76 696E7453697A65
:0041ED7D 0400
:0041ED7F 000000
:0041ED82 FFFFFF
BYTE 3 DUP(0ffh)
:0041ED85 7F8B
jg 0041ED12
|:0041ED11(C)
|
:0041ED87 C0D4ED
:0041ED8A 41
:0041ED8B 00000000000000000000
:0041ED95 000000
:0041ED98 04EE
add al, EE
outsb
jnb 0041EDE8
jb 0041EDD7
imul ebp, dword ptr [esi+74], 657A6953
add al, 00
BYTE 3 DUP(0)
rcl ah, ED
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041ED9A 41
:0041ED9B 000000000000000000
inc ecx
BYTE 9 DUP(0)
:0041EDA4 E4ED4100
:0041EDA8 ECED4100
DWORD 0041EDE4
DWORD 0041EDEC
:0041EDAC 2000
:0041EDAE 0000
:0041EDB0 64

BYTE 064h
:0041EDB1 B640
:0041EDB3 0028
:0041EDB5 2E
mov dh, 40
BYTE 02eh
:0041EDB6
:0041EDB7
:0041EDBA
:0041EDBB
:0041EDBD
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0041EDBE
:0041EDBF
:0041EDC2
:0041EDC3
:0041EDC5
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
|:0041ED50(C)
|
:0041EDC6 40
:0041EDC7 00B42B4000C82B
:0041EDCE 40
:0041EDCF 00DC
:0041EDD1 D14000
:0041EDD4 4C

inc
add
inc
add
rol
dec
eax
eax
ah, bl
dword ptr [eax+00], 1
esp

|:0041ED60(C)
|
:0041EDD5 204200
and byte ptr [edx+00], al
:0041EDD8 14D3
adc al, D3
:0041EDDA 40
inc eax
:0041EDDB 0008
:0041EDDD D24000
:0041EDE0 1020
adc byte ptr [eax], ah
:0041EDE2 42
inc edx
:0041EDE3 0001
:0041EDE5 00FD
add ch, bh
:0041EDE7 FF4021
inc [eax+21]
:0041EDEA 42
inc edx
:0041EDEB 0010
:0041EDED 54
push esp
:0041EDEE
:0041EDEF
:0041EDF6
:0041EDF8
:0041EDF9
:0041EE00
:0041EE02
:0041EE03
:0041EE05
:0041EE09
:0041EE0B
:0041EE0C
:0041EE0D
:0041EE0E
:0041EE10
:0041EE12
:0041EE19
:0041EE1B
:0041EE1D
:0041EE20
:0041EE23
:0041EE24
:0041EE26
:0041EE27
:0041EE28
:0041EE2A
:0041EE2D
53
697A65436F6E73
7472
61
696E74738D4000
04EE
41
0007
10545369
7A65
43
6F
6E
7374
7261
696E7473D4ED41
00D8
B640
000400
08436F
6E
7472
6F
6C
7304
0068ED
41
push ebx
imul edi, dword ptr [edx+65], 736E6F43
je 0041EE6A
popad
imul ebp, dword ptr [esi+74], 00408D73
add al, EE
inc ecx
adc byte ptr [ebx+2*edx+69], dl
jpe 0041EE70
inc ebx
outsd
outsb
jnb 0041EE84
jb 0041EE73
imul ebp, dword ptr [esi+74], 41EDD473
add al, bl
mov dh, 40
outsb
je 0041EE98
outsd
insb
jnb 0041EE2E
add byte ptr [eax-13], ch
inc ecx
|:0041EE28(C)
|
:0041EE2E 0008
:0041EE30 0000
:0041EE32 FF9820420001
:0041EE38 00000000000000000000
:0041EE42 000000
:0041EE45
:0041EE48
:0041EE4A
:0041EE52
:0041EE55
:0041EE57
:0041EE58
:0041EE5B
:0041EE5D
:0041EE5F
:0041EE61
094D61
7848
656967687468ED41
000C00
00FF
98
204200
0100
0000
0100
000000000000

js 0041EE92
imul esp, dword ptr gs:[edi+68], 41ED6874
add bh, bh
cwde
BYTE 6 DUP(0)
:0041EE67
:0041EE69
:0041EE6C
:0041EE6E
:0041EE76
:0041EE78
:0041EE7A
:0041EE7B
:0041EE7E
0100
084D61
7857
6964746868ED4100
1000
00FF
98
204200
0100

or byte ptr [ebp+61], cl
js 0041EEC5
imul esp, dword ptr [esp+2*esi+68], 0041ED68
add bh, bh
cwde

call far dword ptr [eax+01004220]
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041EE80 0000
:0041EE82 0200

|:0041EE0E(C)
|
:0041EE84 000000000000
:0041EE8A 0200
:0041EE8C 094D69
:0041EE8F 6E
:0041EE90 48
:0041EE91 656967687468ED41
:0041EE99 001400
:0041EE9C 00FF
:0041EE9E 98
:0041EE9F 204200
:0041EEA2 0100
:0041EEA4 0000
:0041EEA6 0300
:0041EEA8 000000000000
:0041EEAE
:0041EEB0
:0041EEB3
:0041EEB4
:0041EEB5
:0041EEBD
:0041EEBE
:0041EEBF
:0041EEC1

outsb
push edi
imul esp, dword ptr [esp+2*esi+68], C000408D
out dx, al
inc ecx
or edx, dword ptr [ebp+2*ecx+6F]
0300
084D69
6E
57
696474688D4000C0
EE
41
0008
0B544D6F
BYTE 6 DUP(0)
outsb
dec eax
imul esp, dword ptr gs:[edi+68], 41ED6874
add bh, bh
cwde
BYTE 6 DUP(0)

|:0041EE6C(C)
|
:0041EEC5 7573
jne 0041EF3A
:0041EEC7 65
BYTE 065h
:0041EEC8
:0041EEC9
:0041EECB
:0041EECC
45
7665
6E
7400
inc ebp
jbe 0041EF30
outsb
je 0041EECE
|:0041EECC(C)
|
:0041EECE 0508065365
:0041EED3 6E
:0041EED4 64
:0041EED5 65
BYTE 065h
:0041EED6
:0041EED8
:0041EED9
:0041EEDA
:0041EEDD
jb 0041EEDF
push esp
dec edi
7207
54
4F
626A65
63740006
add eax, 65530608

outsb
BYTE 064h
:0041EEE1
:0041EEE2
:0041EEE4
:0041EEE6
:0041EEE7
:0041EEE9
:0041EEEA
:0041EEEB
:0041EEED
42
7574
746F
6E
0C54
4D
6F
7573
65
inc edx
jne 0041EF58
je 0041EF55
outsb
or al, 54
dec ebp
outsd
jne 0041EF60
BYTE 065h
:0041EEEE
:0041EEEF
:0041EEF1
:0041EEF3
:0041EEF4
:0041EEFA
:0041EEFC
:0041EEFD
:0041EEFE
:0041EF03
:0041EF05
42
7574
746F
6E
000553686966
740B
54
53
6869667453
7461
7465
inc edx
jne 0041EF65
je 0041EF62
outsb
add byte ptr [66696853], al
je 0041EF07
push esp
push ebx
push 53746669
je 0041EF66
je 0041EF6C

|:0041EEFA(C)
|
:0041EF07 0001
:0041EF09 58
pop eax
:0041EF0A 07
pop es
:0041EF0B 49
dec ecx
:0041EF0C 6E
outsb
:0041EF0D 7465
je 0041EF74
:0041EF0F 67
BYTE 067h
:0041EF10 65
BYTE 065h
:0041EF11 7200
jb 0041EF13

|:0041EF11(C)
|
:0041EF13 015907
add dword ptr [ecx+07], ebx
:0041EF16 49
dec ecx
:0041EF17 6E
outsb
:0041EF18 7465
je 0041EF7F
:0041EF1A 67
BYTE 067h
:0041EF1B 65
BYTE 065h
:0041EF1C
:0041EF1E
:0041EF1F
:0041EF22
:0041EF23
:0041EF25
:0041EF26
:0041EF27
:0041EF28
:0041EF29
:0041EF2B
728D
40
0024EF
41
0008
0F
54
4D
6F
7573
65
jb 0041EEAB
inc eax
add byte ptr [edi+8*ebp], ah
inc ecx
BYTE 0fh
push esp
dec ebp
outsd
jne 0041EF9E
BYTE 065h
:0041EF2C 4D
:0041EF2D 6F
:0041EF2E 7665
dec ebp
outsd
jbe 0041EF95

|:0041EEC9(C)
|
:0041EF30 45
inc ebp
:0041EF31 7665
jbe 0041EF98
:0041EF33 6E
outsb
:0041EF34 7400
je 0041EF36
|:0041EF34(C)
|
:0041EF36 0408
add al, 08
:0041EF38 06
push es
:0041EF39 53
push ebx
|:0041EEC5(C)
|
:0041EF3A 65
BYTE 065h
:0041EF3B 6E
outsb
:0041EF3C 64
BYTE 064h
:0041EF3D 65
BYTE 065h
:0041EF3E
:0041EF40
:0041EF41
:0041EF42
:0041EF45
:0041EF49
:0041EF4A
:0041EF4F
:0041EF50
:0041EF51
:0041EF56
jb 0041EF47
push esp
dec edi
push ebx
push 0B746669
push esp
push ebx
push 53746669
je 0041EFB9
7207
54
4F
626A65
63740005
53
686966740B
54
53
6869667453
7461

|:0041EEE2(C)
|
:0041EF58 7465
je 0041EFBF
:0041EF5A 0001
:0041EF5C 58
pop eax
:0041EF5D 07
pop es
:0041EF5E 49
dec ecx
:0041EF5F 6E
outsb
|:0041EEEB(C)
|
:0041EF60 7465
je 0041EFC7
:0041EF62 67
BYTE 067h
:0041EF63 65
BYTE 065h
:0041EF64 7200
jb 0041EF66
|:0041EF03(C), :0041EF64(C)
|
:0041EF66 015907
:0041EF69 49
:0041EF6A 6E
:0041EF6B 7465
:0041EF6D 67
:0041EF6E 65
:0041EF6F
:0041EF71
:0041EF72
:0041EF73
:0041EF75
:0041EF79
:0041EF7B
:0041EF7D
:0041EF7E
jb 0041EFE5
out dx, ax
inc ecx
or dword ptr [ebx+2*ecx+65], edx
jns 0041EFC0
jbe 0041EFE2
outsb
je 0041EF80
7274
EF
41
0008
09544B65
7945
7665
6E
7400

dec ecx
outsb
je 0041EFD2
BYTE 067h
BYTE 065h

|:0041EF7E(C)
|
:0041EF80 0308
:0041EF82 06
push es
:0041EF83 53
push ebx
:0041EF84 65
BYTE 065h
:0041EF85 6E
:0041EF86 64
outsb
BYTE 064h
:0041EF87 65
BYTE 065h
:0041EF88
:0041EF8A
:0041EF8B
:0041EF8C
:0041EF8F
:0041EF93
:0041EF94
jb 0041EF91
push esp
dec edi
arpl dword ptr [ecx+eax+03], esi
dec ebx
BYTE 065h
7207
54
4F
626A65
63740103
4B
65

|:0041EF2E(C)
|
:0041EF95 7904
jns 0041EF9B
:0041EF97 57
push edi
|:0041EF31(C)
|
:0041EF98 6F
:0041EF99 7264
outsd
jb 0041EFFF
|:0041EF95(C)
|
:0041EF9B 000553686966
:0041EFA1 740B
:0041EFA3 54
:0041EFA4 53
:0041EFA5 6869667453
:0041EFAA 7461
:0041EFAC 7465

je 0041EFAE
push esp
push ebx
push 53746669
je 0041F00D
je 0041F013

|:0041EFA1(C)
|
:0041EFAE 8BC0
mov eax, eax
:0041EFB0 B4EF
mov ah, EF
:0041EFB2 41
inc ecx
:0041EFB3 0008
:0041EFB5 0E
push cs
:0041EFB6 54
push esp
:0041EFB7 4B
dec ebx
:0041EFB8 65
BYTE 065h

|:0041EF56(C)
|
:0041EFB9 7950
jns 0041F00B
:0041EFBB 7265
jb 0041F022
:0041EFBD 7373
jnb 0041F032
|:0041EF58(C)
|
:0041EFBF 45
inc ebp
|:0041EF79(C)
|
:0041EFC0 7665
jbe 0041F027
:0041EFC2 6E
outsb
:0041EFC3 7400
je 0041EFC5
|:0041EFC3(C)
|
:0041EFC5 0208
add cl, byte ptr [eax]
|:0041EF60(C)
|
:0041EFC7 06
push es
:0041EFC8 53
push ebx
:0041EFC9 65
BYTE 065h
:0041EFCA 6E
:0041EFCB 64
outsb
BYTE 064h
:0041EFCC 65
BYTE 065h
:0041EFCD
:0041EFCF
:0041EFD0
:0041EFD1
:0041EFD4
:0041EFD8
:0041EFD9
jb 0041EFD6
push esp
dec edi
dec ebx
BYTE 065h
7207
54
4F
626A65
63740103
4B
65
:0041EFDA 7904
:0041EFDC 43
:0041EFDD 686172E4EF
jns 0041EFE0
inc ebx
push EFE47261

|:0041EF7B(C)
|
:0041EFE2 41
inc ecx
:0041EFE3 0008
|:0041EF6F(C)
|
:0041EFE5 0E
push cs
:0041EFE6 54
push esp
:0041EFE7 44
inc esp
:0041EFE8 7261
jb 0041F04B
:0041EFEA 674F
dec edi
:0041EFEC 7665
jbe 0041F053
:0041EFEE 7245
jb 0041F035
:0041EFF0 7665
jbe 0041F057
:0041EFF2 6E
outsb
:0041EFF3 7400
je 0041EFF5
|:0041EFF3(C)
|
:0041EFF5 06
push es
:0041EFF6 0806
:0041EFF8 53
push ebx
:0041EFF9 65
BYTE 065h
:0041EFFA 6E
:0041EFFB 64
outsb
BYTE 064h
:0041EFFC 65
BYTE 065h
:0041EFFD 7207
jb 0041F006

|:0041EF99(C)
|
:0041EFFF
:0041F000
:0041F001
:0041F004
:0041F008
:0041F009
:0041F00A
:0041F00C
:0041F00F
:0041F010
:0041F011
:0041F014
:0041F018
:0041F019
:0041F01A
:0041F01B
:0041F01C
:0041F01E
:0041F01F
54
4F
626A65
63740806
53
6F
7572
636507
54
4F
626A65
63740001
58
07
49
6E
7465
67
65
push esp
dec edi
arpl dword ptr [eax+ecx+06], esi
push ebx
outsd
jne 0041F07E
push esp
dec edi
pop eax
pop es
dec ecx
outsb
je 0041F083
BYTE 067h
BYTE 065h
:0041F020 7200
jb 0041F022
|:0041EFBB(C), :0041F020(C)
|
:0041F022 015907
:0041F025 49
:0041F026 6E

dec ecx
outsb

|:0041EFC0(C)
|
:0041F027 7465
je 0041F08E
:0041F029 67
BYTE 067h
:0041F02A 65
BYTE 065h
:0041F02B 7200
jb 0041F02D

|:0041F02B(C)
|
:0041F02D 0553746174
add eax, 74617453
|:0041EFBD(C)
|
:0041F032 650A544472
:0041F037 61
:0041F038 6753
:0041F03A 7461
:0041F03C 7465
:0041F03E 0106
:0041F040 41
:0041F041 636365
:0041F044 7074
:0041F046 07
:0041F047 42

or dl, byte ptr gs:[esp+2*eax+72]
popad
push ebx
je 0041F09D
je 0041F0A3
inc ecx
jo 0041F0BA
pop es
inc edx
:0041F048 6F
:0041F049 6F
:0041F04A 6C
outsd
outsd
insb

|:0041EFE8(C)
|
:0041F04B 65
BYTE 065h
:0041F04C 61
popad
:0041F04D 6E
outsb
:0041F04E 8BC0
mov eax, eax
:0041F050 54
push esp
:0041F051 F0
lock
:0041F052 41
inc ecx
|:0041EFEC(C)
|
:0041F053 0008
:0041F055 0E
push cs
:0041F056 54
push esp
|:0041EFF0(C)
|
:0041F057 44
inc esp
:0041F058 7261
jb 0041F0BB
:0041F05A 6744
inc esp
:0041F05C 726F
jb 0041F0CD
:0041F05E 7045
jo 0041F0A5
:0041F060 7665
jbe 0041F0C7
:0041F062 6E
outsb
:0041F063 7400
je 0041F065
|:0041F063(C)
|
:0041F065 0408
add al, 08
:0041F067 06
push es
:0041F068 53
push ebx
:0041F069 65
BYTE 065h
:0041F06A 6E
:0041F06B 64
outsb
BYTE 064h
:0041F06C 65
BYTE 065h
:0041F06D
:0041F06F
:0041F070
:0041F071
:0041F074
:0041F078
:0041F079
:0041F07A
:0041F07C
:0041F07F
jb 0041F076
push esp
dec edi
push ebx
outsd
jne 0041F0EE
push esp
7207
54
4F
626A65
63740806
53
6F
7572
636507
54
:0041F080
:0041F081
:0041F084
:0041F088
:0041F089
:0041F08A
:0041F08B
:0041F08C
:0041F08E
:0041F08F
4F
626A65
63740001
58
07
49
6E
7465
67
65
:0041F090 7200
dec edi
pop eax
pop es
dec ecx
outsb
je 0041F0F3
BYTE 067h
BYTE 065h
jb 0041F092

|:0041F090(C)
|
:0041F092 015907
:0041F095 49
dec ecx
:0041F096 6E
outsb
:0041F097 7465
je 0041F0FE
:0041F099 67
BYTE 067h
:0041F09A 65
BYTE 065h
:0041F09B 72A0
jb 0041F03D

|:0041F03A(C)
|
:0041F09D F0
lock
:0041F09E 41
inc ecx
:0041F09F 0008
:0041F0A1 0F
BYTE 0fh
:0041F0A2 54
push esp
|:0041F03C(C)
|
:0041F0A3 53
push ebx
:0041F0A4 7461
je 0041F107
:0041F0A6 7274
jb 0041F11C
:0041F0A8 44
inc esp
:0041F0A9 7261
jb 0041F10C
:0041F0AB 6745
inc ebp
:0041F0AD 7665
jbe 0041F114
:0041F0AF 6E
outsb
:0041F0B0 7400
je 0041F0B2
|:0041F0B0(C)
|
:0041F0B2 0208
:0041F0B4 06
push es
:0041F0B5 53
push ebx
:0041F0B6 65
BYTE 065h
:0041F0B7 6E
outsb

|:0041F126(C)
|
:0041F0B8 64
BYTE 064h
:0041F0B9 65
BYTE 065h
|:0041F044(C)
|
:0041F0BA 7207
:0041F0BC 54
:0041F0BD 4F
:0041F0BE 626A65
:0041F0C1 6374090A
:0041F0C5 44
:0041F0C6 7261
:0041F0C8 674F
:0041F0CA 626A65
|:0041F05C(C)
|
:0041F0CD 63740B54
:0041F0D1 44
:0041F0D2 7261
:0041F0D4 674F
:0041F0D6 626A65
:0041F0D9 637490E0
:0041F0DD F0
:0041F0DE 41
:0041F0DF 0008
:0041F0E1 0D54456E64
:0041F0E6 44
:0041F0E7 7261
:0041F0E9 6745
:0041F0EB 7665
:0041F0ED 6E
jb 0041F0C3
push esp
dec edi
arpl dword ptr [ecx+ecx+0A], esi
inc esp
jb 0041F129
dec edi
arpl dword ptr [ebx+ecx+54], esi

inc esp
jb 0041F135
dec edi
lock
inc ecx
or eax, 646E4554
inc esp
jb 0041F14A
inc ebp
jbe 0041F152
outsb

|:0041F07A(C)
|
:0041F0EE 7400
je 0041F0F0
|:0041F0EE(C)
|
:0041F0F0 0408
add al, 08
:0041F0F2 06
push es
|:0041F08C(C)
|
:0041F0F3 53
push ebx
:0041F0F4 65
BYTE 065h
:0041F0F5 6E
:0041F0F6 64
outsb
BYTE 064h
:0041F0F7 65
BYTE 065h
:0041F0F8
:0041F0FA
:0041F0FB
:0041F0FC
:0041F0FF
:0041F103
:0041F104
:0041F105
jb 0041F101
push esp
dec edi
push esp
popad
jb 0041F16E
7207
54
4F
626A65
63740806
54
61
7267

|:0041F0A4(C)
|
:0041F107 65
BYTE 065h
:0041F108 7407
je 0041F111
:0041F10A 54
push esp
:0041F10B 4F
dec edi
|:0041F0A9(C)
|
:0041F10C 626A65
:0041F10F 63740001
:0041F113 58

pop eax

|:0041F0AD(C)
|
:0041F114 07
pop es
:0041F115 49
dec ecx
:0041F116 6E
outsb
:0041F117 7465
je 0041F17E
:0041F119 67
BYTE 067h
:0041F11A 65
BYTE 065h
:0041F11B 7200
jb 0041F11D

|:0041F11B(C)
|
:0041F11D 015907
:0041F120 49
dec ecx
:0041F121 6E
outsb
:0041F122 7465
je 0041F189
:0041F124 67
BYTE 067h
:0041F125 65
BYTE 065h
:0041F126
:0041F128
:0041F12A
:0041F12B
:0041F12D
:0041F12E
:0041F12F
7290
2CF1
41
0008
0E
54
44
jb 0041F0B8
sub al, F1
inc ecx
push cs
push esp
inc esp
:0041F130
:0041F131
:0041F134
:0041F136
:0041F138
:0041F13A
:0041F13B
6F
636B44
726F
7045
7665
6E
7400
outsd
jb 0041F1A5
jo 0041F17D
jbe 0041F19F
outsb
je 0041F13D

|:0041F13B(C)
|
:0041F13D 0408
add al, 08
:0041F13F 06
push es
:0041F140 53
push ebx
:0041F141 65
BYTE 065h
:0041F142 6E
:0041F143 64
outsb
BYTE 064h
:0041F144 65
BYTE 065h
:0041F145
:0041F147
:0041F148
:0041F149
:0041F14C
:0041F150
:0041F151
jb 0041F14E
push esp
dec edi
push ebx
outsd
7207
54
4F
626A65
63740806
53
6F
|:0041F0EB(C)
|
:0041F152 7572
:0041F154 63650F
:0041F157 54
:0041F158 44
:0041F159 7261
:0041F15B 6744
:0041F15D 6F
:0041F15E 636B4F
:0041F161 626A65
:0041F164 63740001
:0041F168 58
:0041F169 07
:0041F16A 49
:0041F16B 6E
:0041F16C 7465
:0041F16E 67
:0041F16F 65
:0041F170 7200
jb 0041F172
jne 0041F1C6
arpl dword ptr [ebp+0F], esp
push esp
inc esp
jb 0041F1BC
inc esp
outsd
pop eax
pop es
dec ecx
outsb
je 0041F1D3
BYTE 067h
BYTE 065h

|:0041F170(C)
|
:0041F172 015907
:0041F175
:0041F176
:0041F177
:0041F179
:0041F17A
49
6E
7465
67
65
dec ecx
outsb
je 0041F1DE
BYTE 067h
BYTE 065h
:0041F17B 7280
jb 0041F0FD

|:0041F136(C)
|
:0041F17D F1
BYTE 0f1h
|:0041F117(C)
|
:0041F17E 41
inc ecx
:0041F17F 0008
:0041F181 0E
push cs
:0041F182 54
push esp
:0041F183 44
inc esp
:0041F184 6F
outsd
:0041F185 636B4F
:0041F188 7665
jbe 0041F1EF
:0041F18A 7245
jb 0041F1D1
:0041F18C 7665
jbe 0041F1F3
:0041F18E 6E
outsb
:0041F18F 7400
je 0041F191
|:0041F18F(C)
|
:0041F191 06
push es
:0041F192 0806
:0041F194 53
push ebx
:0041F195 65
BYTE 065h
:0041F196 6E
:0041F197 64
outsb
BYTE 064h
:0041F198 65
BYTE 065h
:0041F199
:0041F19B
:0041F19C
:0041F19D
:0041F1A0
:0041F1A4
jb 0041F1A2
push esp
dec edi
push ebx
7207
54
4F
626A65
63740806
53

|:0041F134(C)
|
:0041F1A5 6F
outsd
:0041F1A6 7572
jne 0041F21A
:0041F1A8 63650F
arpl dword ptr [ebp+0F], esp
:0041F1AB 54
push esp
:0041F1AC
:0041F1AD
:0041F1AF
:0041F1B1
:0041F1B2
:0041F1B5
:0041F1B8
44
7261
6744
6F
636B4F
626A65
63740001
inc esp
jb 0041F210
inc esp
outsd

|:0041F159(C)
|
:0041F1BC 58
pop eax
:0041F1BD 07
pop es
:0041F1BE 49
dec ecx
:0041F1BF 6E
outsb
:0041F1C0 7465
je 0041F227
:0041F1C2 67
BYTE 067h
:0041F1C3 65
BYTE 065h
:0041F1C4 7200
jb 0041F1C6
|:0041F152(C), :0041F1C4(C)
|
:0041F1C6 015907
:0041F1C9 49
:0041F1CA 6E
:0041F1CB 7465
:0041F1CD 67
:0041F1CE 65
:0041F1CF 7200
jb 0041F1D1
|:0041F18A(C), :0041F1CF(C)
|
:0041F1D1 0553746174
:0041F1D6 650A544472
:0041F1DB 61
:0041F1DC 6753

dec ecx
outsb
je 0041F232
BYTE 067h
BYTE 065h
add eax, 74617453

or dl, byte ptr gs:[esp+2*eax+72]
popad
push ebx

|:0041F177(C)
|
:0041F1DE 7461
je 0041F241
:0041F1E0 7465
je 0041F247
:0041F1E2 0106
:0041F1E4 41
inc ecx
:0041F1E5 636365
:0041F1E8 7074
jo 0041F25E
:0041F1EA 07
pop es
:0041F1EB 42
inc edx
:0041F1EC 6F
outsd
:0041F1ED 6F
outsd
:0041F1EE 6C
insb
|:0041F188(C)
|
:0041F1EF
:0041F1F0
:0041F1F1
:0041F1F2
:0041F1F4
:0041F1F5
:0041F1F6
:0041F1F7
:0041F1F9
:0041F1FB
:0041F1FC
:0041F1FD
:0041F1FE
:0041F1FF
:0041F202
:0041F204
:0041F205
65
61
6E
8BC0
F8
F1
41
0008
0C54
55
6E
44
6F
636B45
7665
6E
7400
BYTE 065h
popad
outsb
mov eax, eax
clc
BYTE 0f1h
inc ecx
or al, 54
push ebp
outsb
inc esp
outsd
jbe 0041F269
outsb
je 0041F207

|:0041F205(C)
|
:0041F207 0408
add al, 08
:0041F209 06
push es
:0041F20A 53
push ebx
:0041F20B 65
BYTE 065h
:0041F20C 6E
:0041F20D 64
outsb
BYTE 064h
:0041F20E 65
BYTE 065h
:0041F20F
:0041F211
:0041F212
:0041F213
:0041F216
jb 0041F218
push esp
dec edi
7207
54
4F
626A65
63740806
|:0041F1A6(C)
|
:0041F21A 43
:0041F21B 6C
:0041F21C 69656E74085443
:0041F223 6F
:0041F224 6E
:0041F225 7472

inc ebx
insb
imul esp, dword ptr [ebp+6E], 43540874
outsd
outsb
je 0041F299

|:0041F1C0(C)
|
:0041F227 6F
outsd
:0041F228 6C
insb
:0041F229 0809
or byte ptr [ecx], cl
:0041F22B 4E
dec esi
:0041F22C 65
BYTE 065h
:0041F22D 7754
:0041F22F 61
:0041F230 7267
ja 0041F283
popad
jb 0041F299
|:0041F1CB(C)
|
:0041F232 65
:0041F233 740B
:0041F235 54
:0041F236 57
:0041F237 696E436F6E7472
:0041F23E 6F
:0041F23F 6C
|:0041F233(C)
|
:0041F240 0105416C6C6F
:0041F246 7707
:0041F248 42
:0041F249 6F
:0041F24A 6F
:0041F24B 6C
:0041F24C 65
:0041F24D 61
:0041F24E 6E
popad
outsb
BYTE 065h
je 0041F240
push esp
push edi
imul ebp, dword ptr [esi+43], 72746E6F
outsd
insb
add dword ptr [6F6C6C41], eax

ja 0041F24F
inc edx
outsd
outsd
insb
BYTE 065h

|:0041F246(C)
|
:0041F24F 90
nop
:0041F250 54
push esp
:0041F251 F2
repnz
:0041F252 41
inc ecx
:0041F253 0008
:0041F255 0F
BYTE 0fh
:0041F256 54
push esp
:0041F257 53
push ebx
:0041F258 7461
je 0041F2BB
:0041F25A 7274
jb 0041F2D0
:0041F25C 44
inc esp
:0041F25D 6F
outsd
|:0041F1E8(C)
|
:0041F25E 636B45
:0041F261 7665
jbe 0041F2C8
:0041F263 6E
outsb
:0041F264 7400
je 0041F266
|:0041F264(C)
|
:0041F266 0208
:0041F268 06
push es

|:0041F202(C)
|
:0041F269 53
push ebx
:0041F26A 65
BYTE 065h
:0041F26B 6E
:0041F26C 64
outsb
BYTE 064h
:0041F26D 65
BYTE 065h
:0041F26E
:0041F270
:0041F271
:0041F272
:0041F275
:0041F279
:0041F27A
:0041F27C
:0041F27E
:0041F281
:0041F285
:0041F286
:0041F288
:0041F28A
:0041F28B
:0041F28E
:0041F291
:0041F295
:0041F296
:0041F297
jb 0041F277
push esp
dec edi
arpl dword ptr [ecx+ecx+0A], esi
inc esp
jb 0041F2DD
dec edi
arpl dword ptr [edi+ecx+54], esi
inc esp
jb 0041F2E9
inc esp
outsd
repnz
inc ecx
7207
54
4F
626A65
6374090A
44
7261
674F
626A65
63740F54
44
7261
6744
6F
636B4F
626A65
63749098
F2
41
0008
|:0041F225(C), :0041F230(C)
|
:0041F299 11544765
:0041F29D 7453
:0041F29F 697465496E666F45
:0041F2A7 7665
:0041F2A9 6E
:0041F2AA 7400
|:0041F2AA(C)
|
:0041F2AC 0508065365
:0041F2B1 6E
:0041F2B2 64
:0041F2B3 65
BYTE 065h
:0041F2B4 7207
:0041F2B6 54
:0041F2B7 4F
jb 0041F2BD
push esp
dec edi
adc dword ptr [edi+2*eax+65], edx

je 0041F2F2
imul esi, dword ptr [ebp+49], 456F666E
jbe 0041F30E
outsb
je 0041F2AC
add eax, 65530608

outsb
BYTE 064h
:0041F2B8 626A65
|:0041F258(C)
|
:0041F2BB 6374080A
:0041F2BF 44
:0041F2C0 6F
:0041F2C1 636B43
:0041F2C4 6C
:0041F2C5 69656E74085443
:0041F2CC 6F
:0041F2CD 6E
:0041F2CE 7472
|:0041F25A(C)
|
:0041F2D0 6F
:0041F2D1 6C
:0041F2D2 110D496E666C
:0041F2D8 7565
:0041F2DA 6E
:0041F2DB 636552
:0041F2DE 6563740554
:0041F2E3 52
:0041F2E4 6563741008
arpl dword ptr [eax+ecx+0A], esi

inc esp
outsd
insb
outsd
outsb
je 0041F342
outsd
insb
adc dword ptr [6C666E49], ecx
jne 0041F33F
outsb
arpl dword ptr gs:[ebp+eax+54], esi
push edx
arpl dword ptr gs:[eax+edx+08], esi

|:0041F286(C)
|
:0041F2E9 4D
dec ebp
:0041F2EA 6F
outsd
:0041F2EB 7573
jne 0041F360
:0041F2ED 65
BYTE 065h
:0041F2EE 50
:0041F2EF 6F
:0041F2F0 7306
push eax
outsd
jnb 0041F2F8
|:0041F29D(C)
|
:0041F2F2 54
:0041F2F3 50
:0041F2F4 6F
:0041F2F5 696E7401074361
:0041F2FC 6E
:0041F2FD 44
:0041F2FE 6F
:0041F2FF 636B07
:0041F302 42
:0041F303 6F
:0041F304 6F
:0041F305 6C
:0041F306 65
:0041F307 61
popad
push esp
push eax
outsd
outsb
inc esp
outsd
inc edx
outsd
outsd
insb
BYTE 065h
:0041F308 6E
:0041F309 8D4000
:0041F30C 10F3
outsb
adc bl, dh

|:0041F2A7(C)
|
:0041F30E 41
inc ecx
:0041F30F 0008
:0041F311 0F
BYTE 0fh
:0041F312 54
push esp
:0041F313 43
inc ebx
:0041F314 61
popad
:0041F315 6E
outsb
:0041F316 52
push edx
:0041F317 65
BYTE 065h
:0041F318
:0041F31A
:0041F31C
:0041F31D
:0041F31F
:0041F320
7369
7A65
45
7665
6E
7400
jnb 0041F383
jpe 0041F381
inc ebp
jbe 0041F384
outsb
je 0041F322

|:0041F320(C)
|
:0041F322 0408
add al, 08
:0041F324 06
push es
:0041F325 53
push ebx
:0041F326 65
BYTE 065h
:0041F327 6E
:0041F328 64
outsb
BYTE 064h
:0041F329 65
BYTE 065h
:0041F32A
:0041F32C
:0041F32D
:0041F32E
:0041F331
:0041F335
:0041F336
7207
54
4F
626A65
63740108
4E
65
jb 0041F333
push esp
dec edi
dec esi
BYTE 065h
:0041F337
:0041F339
:0041F341
:0041F342
7757
6964746807496E74
67
6765
ja 0041F390
imul esp, dword ptr [esp+2*esi+68], 746E4907
BYTE 067h
BYTE 065h
:0041F344
:0041F346
:0041F349
:0041F34B
7201
094E65
7748
656967687407496E
jb 0041F347
or dword ptr [esi+65], ecx
ja 0041F393
imul esp, dword ptr gs:[edi+68], 6E490774
:0041F353 7465
:0041F355 67
:0041F356 65
je 0041F3BA
BYTE 067h
BYTE 065h
:0041F357 7201
:0041F359 06
jb 0041F35A
push es

|:0041F357(C)
|
:0041F35A 52
push edx
:0041F35B 65
BYTE 065h
:0041F35C 7369
:0041F35E 7A65
jnb 0041F3C7
jpe 0041F3C5

|:0041F2EB(C)
|
:0041F360 07
pop es
:0041F361 42
inc edx
:0041F362 6F
outsd
:0041F363 6F
outsd
:0041F364 6C
insb
:0041F365 65
BYTE 065h
:0041F366
:0041F367
:0041F368
:0041F369
:0041F36A
:0041F36B
:0041F36D
:0041F36E
61
6E
6C
F3
41
0008
17
54
popad
outsb
insb
repz
inc ecx
pop ss
push esp
|:0041F3E0(C)
|
:0041F36F 43
:0041F370 6F
:0041F371 6E
:0041F372 7374
:0041F374 7261
:0041F376 696E6564526573
:0041F37D 697A654576656E
:0041F384 7400
:0041F386 0508065365
:0041F38B 6E
:0041F38C 64
:0041F38D 65
BYTE 065h
:0041F38E 7207
jb 0041F397
inc ebx
outsd
outsb
jnb 0041F3E8
jb 0041F3D7
imul edi, dword ptr [edx+65], 6E657645
je 0041F386
add eax, 65530608
outsb
BYTE 064h
|:0041F337(C)
|
:0041F390 54
:0041F391 4F
:0041F392 626A65
:0041F395 63740108
:0041F399 4D
:0041F39A 696E5769647468
:0041F3A1 07
:0041F3A2 49
:0041F3A3 6E
:0041F3A4 7465
:0041F3A6 67
:0041F3A7 65
push esp
dec edi
dec ebp
pop es
dec ecx
outsb
je 0041F40B
BYTE 067h
BYTE 065h
:0041F3A8
:0041F3AA
:0041F3AD
:0041F3AE
:0041F3AF
:0041F3B7
:0041F3B9
jb 0041F3AB
outsb
dec eax
je 0041F41E
BYTE 067h
7201
094D69
6E
48
656967687407496E
7465
67
|:0041F353(C)
|
:0041F3BA 65
:0041F3BB 7201
:0041F3BD 084D61
:0041F3C0 7857
:0041F3C2 6964746807496E74
:0041F3CA 67
:0041F3CB 6765
:0041F3CD
:0041F3CF
:0041F3D2
:0041F3D4
:0041F3DC
:0041F3DE
:0041F3DF
7201
094D61
7848
656967687407496E
7465
67
65
jb 0041F3D0
js 0041F41C
je 0041F443
BYTE 067h
BYTE 065h
:0041F3E0
:0041F3E2
:0041F3E3
:0041F3E5
:0041F3E6
:0041F3E7
:0041F3E9
:0041F3ED
:0041F3EF
728D
40
00E8
F3
41
0008
10544D6F
7573
65
jb 0041F36F
inc eax
add al, ch
repz
inc ecx
adc byte ptr [ebp+2*ecx+6F], dl
jne 0041F462
BYTE 065h
:0041F3F0
:0041F3F1
:0041F3F6
:0041F3F8
57
6865656C45
7665
6E
push edi
push 456C6565
jbe 0041F45D
outsb
BYTE 065h
jb 0041F3BE
js 0041F419
imul esp, dword ptr [esp+2*esi+68], 746E4907
BYTE 067h
BYTE 065h
:0041F3F9 7400
je 0041F3FB
|:0041F3F9(C)
|
:0041F3FB 0508065365
:0041F400 6E
:0041F401 64
:0041F402 65
BYTE 065h
:0041F403
:0041F405
:0041F406
:0041F407
:0041F40A
:0041F40E
:0041F40F
:0041F414
:0041F415
:0041F416
:0041F41B
:0041F41D
:0041F41F
:0041F421
:0041F422
:0041F427
7207
54
4F
626A65
63740005
53
686966740B
54
53
6869667453
7461
7465
000A
57
6865656C44
65
jb 0041F40C
push esp
dec edi
push ebx
push 0B746669
push esp
push ebx
push 53746669
je 0041F47E
je 0041F484
push edi
push 446C6565
BYTE 065h
:0041F428
:0041F429
:0041F42B
:0041F42C
:0041F42D
:0041F42E
:0041F430
:0041F431
6C
7461
07
49
6E
7465
67
65
insb
je 0041F48C
pop es
dec ecx
outsb
je 0041F495
BYTE 067h
BYTE 065h
:0041F432
:0041F434
:0041F437
:0041F439
7210
084D6F
7573
65
jb 0041F444
or byte ptr [ebp+6F], cl
jne 0041F4AC
BYTE 065h
:0041F43A
:0041F43B
:0041F43C
:0041F43E
:0041F43F
:0041F440
:0041F441
:0041F448
:0041F449
50
6F
7306
54
50
6F
696E7401074861
6E
64
push eax
outsd
jnb 0041F444
push esp
push eax
outsd
outsb
BYTE 064h
:0041F44A 6C
:0041F44B 65
add eax, 65530608

outsb
BYTE 064h
insb
BYTE 065h
:0041F44C 64
BYTE 064h
:0041F44D
:0041F44E
:0041F44F
:0041F450
:0041F451
:0041F452
07
42
6F
6F
6C
65
pop es
inc edx
outsd
outsd
insb
BYTE 065h
:0041F453
:0041F454
:0041F455
:0041F458
:0041F459
:0041F45A
:0041F45B
61
6E
8D4000
5C
F4
41
0008
popad
outsb
pop esp
hlt
inc ecx

|:0041F3F6(C)
|
:0041F45D 16
push ss
:0041F45E 54
push esp
:0041F45F 4D
dec ebp
:0041F460 6F
outsd
:0041F461 7573
jne 0041F4D6
:0041F463 65
BYTE 065h
:0041F464
:0041F465
:0041F46A
:0041F46C
:0041F46D
:0041F46F
:0041F470
:0041F472
:0041F473
57
6865656C55
7044
6F
776E
45
7665
6E
7400
push edi
push 556C6565
jo 0041F4B0
outsd
ja 0041F4DD
inc ebp
jbe 0041F4D7
outsb
je 0041F475

|:0041F473(C)
|
:0041F475 0408
add al, 08
:0041F477 06
push es
:0041F478 53
push ebx
:0041F479 65
BYTE 065h
:0041F47A 6E
:0041F47B 64
outsb
BYTE 064h
:0041F47C 65
BYTE 065h
:0041F47D 7207
:0041F47F 54
jb 0041F486
push esp
:0041F480 4F
:0041F481 626A65
dec edi
|:0041F41D(C)
|
:0041F484 63740005
:0041F488 53
:0041F489 686966740B
:0041F48E 54
:0041F48F 53
:0041F490 6869667453

arpl
push
push
push
push
push
dword ptr [eax+eax+05], esi

ebx
0B746669
esp
ebx
53746669

|:0041F42E(C)
|
:0041F495 7461
je 0041F4F8
:0041F497 7465
je 0041F4FE
:0041F499 1008
adc byte ptr [eax], cl
:0041F49B 4D
dec ebp
:0041F49C 6F
outsd
:0041F49D 7573
jne 0041F512
:0041F49F 65
BYTE 065h
:0041F4A0
:0041F4A1
:0041F4A2
:0041F4A4
:0041F4A5
:0041F4A6
:0041F4A7
:0041F4AE
:0041F4AF
50
6F
7306
54
50
6F
696E7401074861
6E
64
push eax
outsd
jnb 0041F4AA
push esp
push eax
outsd
outsb
BYTE 064h

|:0041F46A(C)
|
:0041F4B0 6C
insb
:0041F4B1 65
BYTE 065h
:0041F4B2 64
BYTE 064h
:0041F4B3
:0041F4B4
:0041F4B5
:0041F4B6
:0041F4B7
:0041F4B8
07
42
6F
6F
6C
65
pop es
inc edx
outsd
outsd
insb
BYTE 065h
:0041F4B9
:0041F4BA
:0041F4BB
:0041F4BC
:0041F4BE
61
6E
90
08F5
41
popad
outsb
nop
or ch, dh
inc ecx
:0041F4BF 000000000000000000
BYTE 9 DUP(0)
:0041F4C8 90F54100
:0041F4CC 40F74100
DWORD 0041F590
DWORD 0041F740
:0041F4D0 0000000000000000
BYTE 8 DUP(0)
:0041F4D8 A2F54100
:0041F4DC 30F74100
DWORD 0041F5A2
DWORD 0041F730
:0041F4E0
:0041F4E2
:0041F4E4
:0041F4E6
:0041F4E7
:0041F4EA
:0041F4EB
:0041F4EE
:0041F4EF
:0041F4F1
1401
0000
A8BE
40
00681C
41
00342E
40
0038
2E
adc al, 01
add byte ptr
test al, BE
inc eax
add byte ptr
inc ecx
add byte ptr
inc eax
add byte ptr
BYTE 02eh
:0041F4F2
:0041F4F3
:0041F4F6
:0041F4F7
:0041F4FD
:0041F500
:0041F504
:0041F50A
:0041F50B
:0041F50E
:0041F50F
:0041F511
:0041F514
:0041F516
:0041F517
:0041F519
:0041F51A
:0041F51B
:0041F51E
:0041F51F
:0041F521
:0041F522
:0041F523
:0041F529
40
003C2E
40
0090434200B4
2B4000
C82B4000
082542006C4F
42
006844
42
0008
D24000
3C4F
42
00DC
27
42
004827
42
0028
2F
42
00801C4100C4
184100
inc eax
inc eax
enter 402B, 00
or byte ptr [4F6C0042], ah
inc edx
inc edx
cmp al, 4F
inc edx
add ah, bl
daa
inc edx
inc edx
das
inc edx
[eax], al
[eax+1C], ch
[esi+ebp], dh
[eax], bh
:0041F52C BC184100
:0041F530 881C4100
DWORD 004118BC
DWORD 00411C88
:0041F534 382442
:0041F537 00EC
:0041F539 51
cmp byte ptr [edx+2*eax], ah

add ah, ch
push ecx
:0041F53A
:0041F53B
:0041F53D
:0041F53E
:0041F53F
:0041F541
:0041F542
:0041F543
:0041F549
:0041F54B
:0041F552
:0041F553
:0041F559
:0041F55E
:0041F55F
:0041F562
:0041F563
:0041F566
:0041F567
:0041F569
:0041F56C
:0041F56E
:0041F56F
:0041F573
:0041F575
:0041F578
:0041F57A
:0041F57B
:0041F581
42
00C4
3F
42
00C0
3F
42
009040420038
2C42
009C2B42009C34
42
00B8254200BC
2542000051
42
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
7842
42
00B05142005C
36
inc edx
add ah, al
aas
inc edx
add al, al
aas
inc edx
sub al, 42
inc edx
and eax, 51000042
inc edx
inc edx
inc edx
add al, bl
inc edx
js 0041F5BC
inc edx
BYTE 036h
:0041F582
:0041F583
:0041F589
:0041F58C
:0041F58D
42
0080364200B8
284200
6C
36
inc edx
insb
BYTE 036h
:0041F58E 42
:0041F58F 000E
:0041F591 0000000000
inc edx
BYTE 5 DUP(0)
:0041F596
:0041F598
:0041F59A
:0041F59C
:0041F59D
:0041F5A1
:0041F5A4
:0041F5A6
:0041F5AB
:0041F5AD
:0041F5AF
:0041F5B1
:0041F5B3
:0041F5B5
:0041F5BB
:0041F5BE
:0041F5C4

jl 0041F5AC
inc eax
add byte ptr [edx+00], al
add dword ptr [edx], eax
add al, byte ptr [ebx]
add al, byte ptr [esi]
add cl, byte ptr [ecx]
add al, byte ptr [edx]
add al, byte ptr [1F020802]
or esi, dword ptr [eax+B00EB00C]
or eax, 35B008B0
0100
0000
7C10
40
00740000
004200
0102
A100040207
0203
0206
0209
0200
0202
02050208021F
004700
0BB00CB00EB0
0DB008B035
:0041F5C9
:0041F5CB
:0041F5CD
:0041F5CF
:0041F5D1
:0041F5D3
:0041F5D5
:0041F5D7
:0041F5D9
:0041F5DB
:0041F5DD
:0041F5DF
:0041F5E1
:0041F5E3
:0041F5E5
:0041F5E7
:0041F5E9
:0041F5EB
:0041F5ED
:0041F5EF
:0041F5F1
:0041F5F3
:0041F5F5
:0041F5F7
:0041F5F9
:0041F5FB
:0041F5FD
:0041F5FF
:0041F601
:0041F603
:0041F605
:0041F607
:0041F609
:0041F60B
:0041F60D
:0041F60F
:0041F611
:0041F613
:0041F615
:0041F616
:0041F617
:0041F619
:0041F61B
:0041F61D
:0041F61F
:0041F621
:0041F623
:0041F625
:0041F627
:0041F629
:0041F62A
:0041F62B
:0041F62D
:0041F62E
:0041F62F
:0041F636
:0041F637
:0041F63A
:0041F63B
:0041F642
B009
B023
B030
B00A
B013
B014
B01C
B03A
B03C
B03D
B0F0
FFEF
FFEE
FFED
FFEC
FFEB
FFEA
FFE9
FFE8
FFE7
FFE6
FFE5
FFE4
FFE3
FFE2
FFE1
FFE0
FFDF
FFDE
FFDD
FFDC
FFDB
FFDA
FFD9
FFD8
FFD7
FFD6
FFD5
FF
F9
FFD4
FFD3
FFD2
FFD1
FFD0
FFF3
FFF2
FFCF
FFC4
45
42
0010
46
42
0094474200E447
42
002C46
42
00BC4742000C48
42
mov al, 09
mov al, 23
mov al, 30
mov al, 0A
mov al, 13
mov al, 14
mov al, 1C
mov al, 3A
mov al, 3C
mov al, 3D
mov al, F0
jmp far edi
jmp far esi
jmp far ebp
jmp far esp
jmp far ebx
jmp far edx
jmp far ecx
jmp far eax
jmp edi
jmp esi
jmp ebp
jmp esp
jmp ebx
jmp edx
jmp ecx
jmp eax
call far edi
call far esi
call far ebp
call far esp
call far ebx
call far edx
call far ecx
call far eax
call edi
call esi
call ebp
BYTE 0ffh
stc
call esp
call ebx
call edx
call ecx
call eax
push ebx
push edx
dec edi
inc esp
inc ebp
inc edx
add byte ptr
inc esi
inc edx
add byte ptr
inc edx
add byte ptr
inc edx
add byte ptr
inc edx
[eax], dl
[edi+2*eax+47E40042], dl
[esi+2*eax], ch
[edi+2*eax+480C0042], bh
:0041F643
:0041F647
:0041F64A
:0041F64B
:0041F652
:0041F653
:0041F655
:0041F656
:0041F657
:0041F65A
:0041F65B
:0041F65D
:0041F65E
:0041F65F
:0041F661
:0041F662
:0041F663
:0041F665
:0041F666
:0041F667
:0041F669
:0041F66A
:0041F66B
:0041F671
:0041F672
:0041F673
:0041F675
:0041F676
:0041F677
:0041F67A
:0041F67B
:0041F67D
:0041F67E
:0041F67F
:0041F681
:0041F682
:0041F683
:0041F685
:0041F686
:0041F687
:0041F689
:0041F68A
:0041F68B
:0041F68D
:0041F68E
:0041F68F
:0041F696
:0041F697
:0041F699
:0041F69A
:0041F69B
:0041F6A2
:0041F6A3
:0041F6A5
:0041F6A6
:0041F6A7
:0041F6A9
:0041F6AE
:0041F6AF
:0041F6B1
00644842
001449
42
008C494200BC49
42
00DC
49
42
001C4A
42
00C8
4A
42
00F0
4A
42
00F8
4A
42
0000
4B
42
00984B4200C8
4B
42
0008
4B
42
00704B
42
00C0
51
42
00E8
4B
42
00F0
4B
42
0008
4C
42
0020
4C
42
003C4D4200584B
42
0038
4B
42
009C4D42003451
42
00C8
37
42
00C8
2D4200B844
42
0028
45
add byte ptr [eax+2*ecx+42], ah

add byte ptr [ecx+2*ecx], dl
inc edx
add byte ptr [ecx+2*ecx+49BC0042], cl
inc edx
add ah, bl
dec ecx
inc edx
add byte ptr [edx+2*ecx], bl
inc edx
add al, cl
dec edx
inc edx
add al, dh
dec edx
inc edx
add al, bh
dec edx
inc edx
dec ebx
inc edx
add byte ptr [eax+C800424B], bl
dec ebx
inc edx
dec ebx
inc edx
add byte ptr [eax+4B], dh
inc edx
add al, al
push ecx
inc edx
add al, ch
dec ebx
inc edx
add al, dh
dec ebx
inc edx
dec esp
inc edx
dec esp
inc edx
add byte ptr [2*ecx+4B580042], bh
inc edx
dec ebx
inc edx
add byte ptr [ebp+2*ecx+51340042], bl
inc edx
add al, cl
aaa
inc edx
add al, cl
sub eax, 44B80042
inc edx
inc ebp
:0041F6B2
:0041F6B3
:0041F6B5
:0041F6B8
:0041F6BA
:0041F6BB
:0041F6C2
:0041F6C3
:0041F6C5
:0041F6C8
:0041F6CA
:0041F6CB
:0041F6CD
:0041F6D0
:0041F6D2
:0041F6D3
:0041F6D6
:0041F6D7
:0041F6D9
:0041F6DB
:0041F6DD
:0041F6DF
:0041F6E6
:0041F6E7
:0041F6E9
:0041F6EE
:0041F6EF
:0041F6F2
:0041F6F3
:0041F6F6
:0041F6F7
:0041F6FD
:0041F700
:0041F701
:0041F706
:0041F707
:0041F709
:0041F70A
42
00E0
3A4200
743A
42
00943A4200002B
42
00C0
3A4200
E038
42
00F0
384200
7839
42
005839
42
0010
3C42
0020
3C42
00944E42005050
42
00C0
2542008046
42
004845
42
003448
42
00A0484200A4
394200
F4
2542001827
42
0028
27
42
|:0041F6D0(C)
|
:0041F70B 00D0
:0041F70D 2542007834
:0041F712 42
:0041F713 00744242
:0041F717 00F4
:0041F719 294200
:0041F71C 2C39
:0041F71E 42
:0041F71F 007837
:0041F722 42
:0041F723 00CC
:0041F725 254200C425
:0041F72A 42
:0041F72B 00943742000854
:0041F732 43
:0041F733 6F
:0041F734 6E
:0041F735 7472
inc edx
add al, ah
cmp al, byte ptr [edx+00]
je 0041F6F4
inc edx
add byte ptr [edx+edi+2B000042], dl
inc edx
add al, al
loopnz 0041F702
inc edx
add al, dh
cmp byte ptr [edx+00], al
js 0041F70B
inc edx
inc edx
cmp al, 42
cmp al, 42
add byte ptr [esi+2*ecx+50500042], dl
inc edx
add al, al
and eax, 46800042
inc edx
inc edx
add byte ptr [eax+2*ecx], dh
inc edx
cmp dword ptr [edx+00], eax
hlt
and eax, 27180042
inc edx
daa
inc edx
add al, dl
and eax, 34780042
inc edx
add byte ptr [edx+2*eax+42], dh
add ah, dh
sub dword ptr [edx+00], eax
sub al, 39
inc edx
inc edx
add ah, cl
and eax, 25C40042
inc edx
add byte ptr [edi+esi+54080042], dl
inc ebx
outsd
outsb
je 0041F7A9
:0041F737
:0041F738
:0041F739
:0041F73C
:0041F73D
:0041F744
:0041F745
:0041F746
:0041F748
:0041F749
:0041F74A
:0041F74C
:0041F74D
:0041F753
:0041F755
:0041F756
:0041F757
:0041F758
:0041F75A
:0041F75B
:0041F75C
:0041F75E
:0041F761
:0041F762
6F
6C
8D4000
40
F7410007085443
6F
6E
7472
6F
6C
08F5
41
00A0BF400008
0008
43
6F
6E
7472
6F
6C
7306
003C10
40
0030
outsd
insb
inc eax
test [ecx+00], 43540807
outsd
outsb
je 0041F7BA
outsd
insb
or ch, dh
inc ecx
add byte ptr [eax+080040BF], ah
inc ebx
outsd
outsb
je 0041F7CC
outsd
insb
jnb 0041F764
add byte ptr [eax+edx], bh
inc eax
|:0041F75C(C)
|
:0041F764 0000
:0041F766 FF6029
:0041F769 42
:0041F76A 0001
:0041F76C 000000000000
:0041F772
:0041F775
:0041F77B
:0041F77F
:0041F782
:0041F784
:0041F786
:0041F788
:0041F789
:0041F78B
800000
00800200044C
6566743C
104000
3400
00FF
8429
42
0001
000000000000

je 0041F7BB
xor al, 00
add bh, bh
test byte ptr [ecx], ch
inc edx
BYTE 6 DUP(0)
:0041F791
:0041F794
:0041F79A
:0041F79B
:0041F79D
:0041F7A0
:0041F7A2
:0041F7A4
:0041F7A5
:0041F7A8
:0041F7AA
800000
008003000354
6F
703C
104000
3800
00FF
AC
294200
0100
0000000000

outsd
jo 0041F7D9
cmp byte ptr [eax], al
add bh, bh
lodsb
BYTE 5 DUP(0)

jmp [eax+29]
inc edx
BYTE 6 DUP(0)
:0041F7AF
:0041F7B2
:0041F7B8
:0041F7C0
:0041F7C2
:0041F7C4
:0041F7C6
:0041F7C7
:0041F7C9
800000
008004000557
696474683C104000
3C00
00FF
D029
42
0001
000000000000

imul esp, dword ptr [esp+2*esi+68], 0040103C
cmp al, 00
add bh, bh
shr byte ptr [ecx], 1
inc edx
BYTE 6 DUP(0)
:0041F7CF
:0041F7D2
:0041F7D8
:0041F7E0
:0041F7E4
:0041F7EB
800000
008005000648
6569676874B0E841
006C0000
FF943342000100
0000000000

imul esp, dword ptr gs:[edi+68], 41E8B074
call dword ptr [ebx+esi+00010042]
BYTE 5 DUP(0)
:0041F7F0
:0041F7F3
:0041F7F5
:0041F7F6
:0041F7F8
:0041F7F9
:0041F7FB
:0041F7FD
:0041F7FF
:0041F802
800000
0000
06
0006
43
7572
736F
727C
104000
7400
add byte ptr

add byte ptr
push es
add byte ptr
inc ebx
jne 0041F86D
jnb 0041F86C
jb 0041F87B
adc byte ptr
je 0041F804
[eax], 00
[eax], al
[esi], al
[eax+00], al

|:0041F802(C)
|
:0041F804 00FF
add bh, bh
:0041F806 7400
je 0041F808
|:0041F806(C)
|
:0041F808 00FF
:0041F80A DC4E42
:0041F80D 00000000
:0041F811
:0041F814
:0041F81A
:0041F821
:0041F822
:0041F823
:0041F82D
:0041F837
800000
008007000448
696E748D40006C
F8
41
00000000000000000000
00000000000000000000
000000000000000000

imul ebp, dword ptr [esi+74], 6C00408D
clc
inc ecx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0041F840
:0041F841
:0041F842
:0041F843
:0041F845
CC
F8
41
0018
000000
int 03
clc
inc ecx
BYTE 3 DUP(0)
add bh, bh
fmul qword ptr [esi+42]
BYTE 4 DUP(0)
:0041F848
:0041F84A
:0041F84B
:0041F84D
D0EB
41
0028
2E
shr bl, 1
inc ecx
BYTE 02eh
:0041F84E
:0041F84F
:0041F852
:0041F853
:0041F855
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0041F856
:0041F857
:0041F85A
:0041F85B
:0041F85D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0041F85E
:0041F85F
:0041F866
:0041F867
:0041F869
:0041F86E
:0041F86F
:0041F873
:0041F876
:0041F877
40
00B42B4000C82B
40
0010
1D4100F851
42
00441D41
006023
42
006C1D41
inc
add
inc
add
sbb
inc
add
add
inc
add
|:0041F7FD(C)
|
:0041F87B 000C24
:0041F87E 42
:0041F87F 00C8
:0041F881 1C41
:0041F883 00A41D41005422
:0041F88A 42
:0041F88B 00DC
:0041F88D DE4200
:0041F890 C8224200
:0041F894 1C52
:0041F896 42
:0041F897 00FC
:0041F899 224200
:0041F89C 2CDF
:0041F89E 42
:0041F89F 0040DF
:0041F8A2 42
:0041F8A3 0030
:0041F8A5 234200
:0041F8A8 8823
:0041F8AA 42
:0041F8AB 006CDF42
:0041F8AF 00A823420050
:0041F8B5 52
:0041F8B6 42
eax
byte
eax
byte
eax,
edx
byte
byte
edx
byte
ptr [eax], dl
51F80041
ptr [ebp+ebx+41], al
ptr [eax+23], ah
ptr [ebp+ebx+41], ch

add byte ptr [esp], cl
inc edx
add al, cl
sbb al, 41
inc edx
add ah, bl
enter 4222, 00
sbb al, 52
inc edx
add ah, bh
sub al, DF
inc edx
inc edx
inc edx
add byte ptr [edi+8*ebx+42], ch
push edx
inc edx
:0041F8B7
:0041F8B9
:0041F8BC
:0041F8BE
:0041F8BF
:0041F8C5
:0041F8C8
:0041F8CA
:0041F8CB
:0041F8D1
:0041F8D2
:0041F8D3
:0041F8D4
:0041F8D6
:0041F8D7
:0041F8D8
:0041F8D9
:0041F8DD
:0041F8DE
:0041F8DF
:0041F8E6
:0041F8E7
:0041F8E9
:0041F8ED
00C8
234200
7CDF
42
0080DF4200EC
234200
7021
42
00155457696E
43
6F
6E
7472
6F
6C
41
6374696F
6E
4C
696E6B8BC0E8F8
41
0003
0854496D
65
add al, cl
jl 0041F89D
inc edx
jo 0041F8EB
inc edx
add byte ptr [6E695754], dl
inc ebx
outsd
outsb
je 0041F948
outsd
insb
inc ecx
outsb
dec esp
imul ebp, dword ptr [esi+6B], F8E8C08B
inc ecx
or byte ptr [ecx+2*ecx+6D], dl
BYTE 065h
:0041F8EE 4D
:0041F8EF 6F
:0041F8F0 64
dec ebp
outsd
BYTE 064h
:0041F8F1 650100
:0041F8F4 000000

BYTE 3 DUP(0)
:0041F8F7
:0041F8F9
:0041F8FB
:0041F8FD
:0041F8FE
:0041F900
:0041F907
:0041F908
0B00
0000
E4F8
41
0009
696D4469736162
6C
65

in al, F8
inc ecx
add byte ptr [ecx], cl
imul ebp, dword ptr [ebp+44], 62617369
insb
BYTE 065h
:0041F909
:0041F90A
:0041F911
:0041F912
:0041F919
:0041F920
:0041F921
:0041F923
:0041F926
:0041F927
07
696D436C6F7365
06
696D4F70656E0A
696D446F6E7443
61
7265
08696D
53
41
pop es
imul ebp, dword ptr [ebp+43], 65736F6C
push es
imul ebp, dword ptr [ebp+4F], 0A6E6570
imul ebp, dword ptr [ebp+44], 43746E6F
popad
jb 0041F988
or byte ptr [ecx+6D], ch
push ebx
inc ecx

|:0041F996(C)
|
:0041F928 6C
insb
:0041F929
:0041F92B
:0041F92C
:0041F92D
:0041F934
:0041F935
:0041F93C
:0041F943
:0041F944
:0041F94B
:0041F952
:0041F954
:0041F957
:0041F958
:0041F959
:0041F95A
:0041F95B
:0041F95E
:0041F95F
:0041F962
:0041F963
:0041F964
:0041F965
:0041F968
:0041F969
:0041F96C
:0041F96E
:0041F96F
:0041F971
:0041F975
7068
61
07
696D416C706861
06
696D4869726107
696D534B617461
06
696D4B61746109
696D4368696E65
7365
0A696D
53
48
61
6E
677565
6C
09696D
48
61
6E
677565
6C
8D4000
70F9
41
000A
0854496D
65
jo 0041F993
popad
pop es
imul ebp, dword ptr [ebp+41], 6168706C
push es
imul ebp, dword ptr [ebp+48], 07617269
imul ebp, dword ptr [ebp+53], 6174614B
push es
imul ebp, dword ptr [ebp+4B], 09617461
imul ebp, dword ptr [ebp+43], 656E6968
jnb 0041F9B9
or ch, byte ptr [ecx+6D]
push ebx
dec eax
popad
outsb
jne 0041F9C3
insb
or dword ptr [ecx+6D], ebp
dec eax
popad
outsb
jne 0041F9CD
insb
jo 0041F967
inc ecx
or byte ptr [ecx+2*ecx+6D], dl
BYTE 065h
:0041F976
:0041F977
:0041F978
:0041F979
:0041F97C
:0041F97F
:0041F981
:0041F983
:0041F984
:0041F985
:0041F987
4E
61
6D
658BC0
80F941
0001
0C54
42
6F
7264
65
dec esi
popad
insd
mov eax, eax
cmp cl, 41
or al, 54
inc edx
outsd
jb 0041F9EB
BYTE 065h
|:0041F921(C)
|
:0041F988 7257
:0041F98A 6964746804000000
:0041F992 00FF
:0041F994 FFFF
:0041F996
:0041F998
:0041F999
:0041F99A
:0041F99B
jg 0041F928
pushfd
stc
inc ecx
7F90
9C
F9
41
000F
jb 0041F9E1
imul esp, dword ptr [esp+2*esi+68], 00000004
add bh, bh
BYTE 2 DUP(0ffh)
:0041F99D
:0041F99F
:0041F9A0
:0041F9A1
:0041F9A4
:0041F9A5
:0041F9A6
:0041F9A7
:0041F9A8
0C49
44
6F
636B4D
61
6E
61
67
65
or al, 49
inc esp
outsd
arpl dword ptr [ebx+4D], ebp
popad
outsb
popad
BYTE 067h
BYTE 065h
:0041F9A9
:0041F9AB
:0041F9AE
:0041F9B1
:0041F9B7
:0041F9B8
72FC
104000
0179FD
198681C2D111
AA
60
jb 0041F9A7
add dword ptr [ecx-03], edi
sbb dword ptr [esi+11D1C281], eax
stosb
pushad
|:0041F952(C)
|
:0041F9B9 00C0
:0041F9BB 4F
:0041F9BC A370E80843
:0041F9C1 6F
:0041F9C2 6E

add al, al
dec edi
outsd
outsb

|:0041F95C(C)
|
:0041F9C3 7472
je 0041FA37
:0041F9C5 6F
outsd
:0041F9C6 6C
insb
:0041F9C7 7300
jnb 0041F9C9
|:0041F9C7(C)
|
:0041F9C9 008BC018FA41
add byte ptr [ebx+41FA18C0], cl
:0041F9CF 000000000000000000
BYTE 9 DUP(0)
:0041F9D8 D0FA4100
:0041F9DC 80FD4100
DWORD 0041FAD0
DWORD 0041FD80
:0041F9E0 0000000000000000
BYTE 8 DUP(0)
:0041F9E8 EAFA4100
:0041F9EC 6EFD4100
DWORD 0041FAEA
DWORD 0041FD6E
:0041F9F0
:0041F9F1
:0041F9F3
:0041F9FA
:0041F9FB
in al, dx
add byte ptr [esp+8*esi+1C680041], bh
inc ecx
EC
0100
00BCF44100681C
41
00342E
:0041F9FE 40
:0041F9FF 0038
:0041FA01 2E
inc eax
BYTE 02eh
:0041FA02
:0041FA03
:0041FA06
:0041FA07
:0041FA0D
:0041FA10
:0041FA14
:0041FA15
:0041FA16
:0041FA17
:0041FA1D
:0041FA1E
:0041FA1F
:0041FA21
:0041FA24
:0041FA26
:0041FA27
:0041FA29
:0041FA2A
:0041FA2B
:0041FA2D
:0041FA2E
:0041FA2F
:0041FA31
:0041FA32
:0041FA33
:0041FA39
inc eax
inc eax
enter 402B, 00
push esp
push ebx
inc edx
inc esp
inc edx
cmp al, 4F
inc edx
add ah, bl
daa
inc edx
add ah, bh
push esp
inc edx
das
inc edx
40
003C2E
40
00906B4200B4
2B4000
C82B4000
54
53
42
00B89A420068
44
42
0008
D24000
3C4F
42
00DC
27
42
00FC
54
42
0028
2F
42
00801C4100C4
184100
:0041FA3C BC184100
:0041FA40 881C4100
DWORD 004118BC
DWORD 00411C88
:0041FA44
:0041FA46
:0041FA47
:0041FA4E
:0041FA4F
:0041FA51
:0041FA58
:0041FA5A
:0041FA5B
:0041FA5D
:0041FA60
:0041FA67
:0041FA6E
:0041FA6F
:0041FA72
:0041FA73
:0041FA76
:0041FA77
:0041FA79
:0041FA7C
:0041FA7E
:0041FA7F
:0041FA83
jo 0041FA98
inc edx
add byte ptr [ecx+4*edx-6A3FFFBE], cl
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
add al, cl
pop [edx+00]
inc edx
inc edx
inc edx
add al, bl
inc edx
7052
42
008C914200C095
42
00E8
9A4200149A4200
A88F
42
00C8
8F4200
DC8C4200B82542
00BC2542000051
42
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
:0041FA85
:0041FA88
:0041FA8A
:0041FA8B
:0041FA91
:0041FA94
:0041FA95
:0041FA98
:0041FA9A
:0041FA9B
:0041FA9D
:0041FAA0
:0041FAA2
:0041FAA3
:0041FAA7
:0041FAA9
324200
D469
42
00B051420074
8D4200
F0
8D4200
1C89
42
00D4
8D4200
7455
42
004C5A42
00C4
65

aam (base105)
inc edx
lock
sbb al, 89
inc edx
add ah, dl
je 0041FAF7
inc edx
add ah, al
BYTE 065h
:0041FAAA
:0041FAAB
:0041FAAD
:0041FAAE
:0041FAAF
:0041FAB6
:0041FAB7
:0041FAB9
42
00E8
61
42
00846442001863
42
0020
65
inc edx
add al, ch
popad
inc edx
inc edx
BYTE 065h
:0041FABA 42
:0041FABB 00C8
:0041FABD 64
inc edx
add al, cl
BYTE 064h
:0041FABE
:0041FABF
:0041FAC2
:0041FAC3
:0041FAC5
:0041FAC6
:0041FAC7
:0041FACE
:0041FACF
:0041FAD1
42
00148F
42
00C0
6D
42
008C8B4200808E
42
000E
0000000000
inc edx
inc edx
add al, al
insd
inc edx
inc edx
BYTE 5 DUP(0)
:0041FAD6
:0041FAD8
:0041FADA
:0041FADB
:0041FADC
:0041FADD
:0041FAE0
:0041FAE2
:0041FAE3
:0041FAE4
:0041FAE5
:0041FAE9
:0041FAEC
:0041FAEF
:0041FAF2
0200
0000
98
F9
41
003C01
0000
6C
F9
41
004C0100
006B00
0F0011
014E00
1500140115

cwde
stc
inc ecx
add byte ptr [ecx+eax], bh
insb
stc
inc ecx
add byte ptr [ebx+00], ch
lldt dword ptr [ecx]
add dword ptr [esi+00], ecx
adc eax, 15011400
|:0041FAA0(C)
|
:0041FAF7 0139
:0041FAF9 002D002B002C
:0041FAFF 001400
:0041FB02 47
:0041FB03 004600
:0041FB06 0500030020
:0041FB0B 0000
:0041FB0D 010401
:0041FB10 0101
:0041FB12 0501020112
:0041FB17 012F
:0041FB19 0010
:0041FB1B 022E
:0041FB1D 0002
:0041FB1F 008300820084
:0041FB25 0085000F0311
:0041FB2B 031A
:0041FB2D 001D001E0007
:0041FB33 0008
:0041FB35 000D010E010A
:0041FB3B 0237
:0041FB3D B02E
:0041FB3F B005
:0041FB41 B006
:0041FB43 B007
:0041FB45 B00B
:0041FB47 B00C
:0041FB49 B00D
:0041FB4B B00E
:0041FB4D B03B
:0041FB4F B00F
:0041FB51 B010
:0041FB53 B011
:0041FB55 B019
:0041FB57 B022
:0041FB59 B01A
:0041FB5B B01B
:0041FB5D B01C
:0041FB5F B024
:0041FB61 B035
:0041FB63 B025
:0041FB65 B026
:0041FB67 B027
:0041FB69 B02F
:0041FB6B B000
:0041FB6D BD01BD02BD
:0041FB72 04BD
:0041FB74 06
:0041FB75 BD2CB033B0
:0041FB7A 34B0
:0041FB7C 38B039B03AB0
:0041FB82 3CB0
:0041FB84 43
:0041FB85 B0F0
:0041FB87 FFEF
:0041FB89 FFED

add dword ptr [ecx], edi
add byte ptr [2C002B00], ch
inc edi
add byte ptr [esi+00], al
add eax, 20000300
add dword ptr [ecx+eax], eax
add dword ptr [ecx], eax
add eax, 12010201
add dword ptr [edi], ebp
add ch, byte ptr [esi]
add byte ptr [ebx+84008200], al
add byte ptr [ebp+11030F00], al
add ebx, dword ptr [edx]
add byte ptr [07001E00], bl
add byte ptr [0A010E01], cl
add dh, byte ptr [edi]
mov al, 2E
mov al, 05
mov al, 06
mov al, 07
mov al, 0B
mov al, 0C
mov al, 0D
mov al, 0E
mov al, 3B
mov al, 0F
mov al, 10
mov al, 11
mov al, 19
mov al, 22
mov al, 1A
mov al, 1B
mov al, 1C
mov al, 24
mov al, 35
mov al, 25
mov al, 26
mov al, 27
mov al, 2F
mov al, 00
mov ebp, BD02BD01
add al, BD
push es
mov ebp, B033B02C
xor al, B0
cmp byte ptr [eax+B03AB039], dh
cmp al, B0
inc ebx
mov al, F0
jmp far edi
jmp far ebp
:0041FB8B
:0041FB8D
:0041FB8F
:0041FB91
:0041FB93
:0041FB95
:0041FB97
:0041FB99
:0041FB9B
:0041FB9D
:0041FB9F
:0041FBA1
:0041FBA3
:0041FBA5
:0041FBA6
:0041FBA7
:0041FBA9
:0041FBAB
:0041FBAD
:0041FBAE
:0041FBB3
:0041FBB4
:0041FBB5
:0041FBB7
:0041FBB8
:0041FBBD
:0041FBBE
:0041FBC3
:0041FBC5
:0041FBC8
:0041FBC9
:0041FBCF
:0041FBD1
:0041FBD4
:0041FBD5
:0041FBD8
:0041FBD9
:0041FBDD
:0041FBE0
:0041FBE1
:0041FBE8
:0041FBE9
:0041FBEB
:0041FBED
:0041FBEF
:0041FBF1
:0041FBF3
:0041FBF5
:0041FBF8
:0041FBF9
:0041FBFC
:0041FBFD
:0041FC01
:0041FC03
:0041FC05
:0041FC08
:0041FC09
:0041FC10
:0041FC11
FFCE
FFCD
FFCC
FFCB
FFCA
FFC9
FFC8
FFC7
FFC6
FFC5
FFC4
FFC3
FFDF
FF
FD
FFC2
FFC1
FFC0
FF
BFFFD7FFBE
FF
FA
FFD4
FF
BDFFBCFFBB
FF
BAFFB9FF18
7042
007871
42
0098714200BC
7142
000C72
42
002C72
42
004C7242
007072
42
0094724200B872
42
00DC
7242
0028
7342
00E8
7342
003474
42
006874
42
007C7442
0028
7C42
00487C
42
001C7D42003C7D
42
00E8
dec esi
dec ebp
dec esp
dec ebx
dec edx
dec ecx
dec eax
inc edi
inc esi
inc ebp
inc esp
inc ebx
call far edi
BYTE 0ffh
std
inc edx
inc ecx
inc eax
BYTE 0ffh
mov edi, BEFFD7FF
BYTE 0ffh
cli
call esp
BYTE 0ffh
mov ebp, BBFFBCFF
BYTE 0ffh
mov edx, 18FFB9FF
jo 0041FC07
inc edx
add byte ptr [eax+BC004271], bl
jno 0041FC13
add byte ptr [edx+2*esi], cl
inc edx
add byte ptr [edx+2*esi], ch
inc edx
add byte ptr [edx+2*esi+42], cl
inc edx
add byte ptr [edx+2*esi+72B80042], dl
inc edx
add ah, bl
jb 0041FC2F
jnb 0041FC33
add al, ch
jnb 0041FC37
add byte ptr [esp+2*esi], dh
inc edx
inc edx
add byte ptr [esp+2*esi+42], bh
jl 0041FC47
add byte ptr [eax+7C], cl
inc edx
add byte ptr [2*edi+7D3C0042], bl
inc edx
add al, ch
|:0041FBCF(C)
|
:0041FC13 7D42
:0041FC15 00E4
:0041FC17 8042008C
:0041FC1B 814200AC814200
:0041FC22 E081
:0041FC24 42
:0041FC25 0000
:0041FC27 824200B4
:0041FC2B 9C
:0041FC2C 42
:0041FC2D 003482
:0041FC30 42
:0041FC31 005082
:0041FC34 42
:0041FC35 00449D42
:0041FC39 00D8
:0041FC3B 824200FC
:0041FC3F 824200D8
:0041FC43 7142
:0041FC45 00EC
|:0041FC03(C)
|
:0041FC47 7142
:0041FC49 00FC
:0041FC4B 7142
:0041FC4D 006875
:0041FC50 42
:0041FC51 007C7542
:0041FC55 0090754200A4
:0041FC5B 7542
:0041FC5D 00647E42
:0041FC61 00A4834200B883
:0041FC68 42
:0041FC69 00CC
:0041FC6B 834200D4
:0041FC6F 834200DC
:0041FC73 834200E4
:0041FC77 8342003C
:0041FC7B 844200
:0041FC7E 84844200AC8442
:0041FC85 0028
jge 0041FC57
add ah, ah
add byte ptr [edx+00], 8C
add dword ptr [edx+00], 004281AC
loopnz 0041FBA5
inc edx
add byte ptr [edx+00], B4
pushfd
inc edx
add byte ptr [edx+4*eax], dh
inc edx
add byte ptr [eax-7E], dl
inc edx
add byte ptr [ebp+4*ebx+42], al
add al, bl
add byte ptr [edx+00], FC
add byte ptr [edx+00], D8
jno 0041FC87
add ah, ch
jno 0041FC8B
add ah, bh
jno 0041FC8F
inc edx
add byte ptr [ebp+2*esi+42], bh
add byte ptr [eax+A4004275], dl
jne 0041FC9F
add byte ptr [esi+2*edi+42], ah
add byte ptr [ebx+4*eax-7C47FFBE], ah
inc edx
add ah, cl
add dword ptr [edx+00], FFFFFFD4
add dword ptr [edx+00], FFFFFFDC
add dword ptr [edx+00], FFFFFFE4
add dword ptr [edx+00], 0000003C
test byte ptr [edx+00], al
test byte ptr [edx+2*eax+4284AC00], al

|:0041FC43(C)
|
:0041FC87 854200
test dword ptr [edx+00], eax
:0041FC8A E884420058
call 58423F13
|:0041FC4B(C)
|
:0041FC8F 854200
:0041FC92 98
cwde
:0041FC93 854200
:0041FC96 1484
adc al, 84
:0041FC98
:0041FC99
:0041FC9C
:0041FC9D
:0041FCA1
:0041FCA4
:0041FCA5
:0041FCAC
:0041FCAD
:0041FCB1
:0041FCB3
:0041FCB6
:0041FCBB
:0041FCBE
:0041FCBF
:0041FCC2
:0041FCC4
:0041FCC5
:0041FCC7
:0041FCCA
:0041FCCB
:0041FCCE
:0041FCD4
:0041FCD5
:0041FCD8
:0041FCD9
:0041FCE0
:0041FCE1
:0041FCE3
:0041FCE5
:0041FCE7
:0041FCE9
:0041FCEC
:0041FCED
:0041FCF0
:0041FCF1
:0041FCF3
:0041FCF5
:0041FCF8
:0041FCF9
:0041FCFB
:0041FCFE
:0041FCFF
:0041FD02
:0041FD05
:0041FD0C
:0041FD0D
:0041FD10
:0041FD11
:0041FD13
:0041FD15
:0041FD17
:0041FD19
:0041FD1B
:0041FD1C
:0041FD1D
:0041FD1F
:0041FD21
:0041FD28
:0041FD29
42
001C83
42
006C8342
007883
42
0084834200D885
42
00648642
00E0
854200
E8854200F0
854200
F8
854200
1487
42
00EC
874200
40
884200
8C884200E888
42
005086
42
0094664200848D
42
00FC
7942
00EC
7A42
00147B
42
003483
42
0008
7E42
00509A
42
00E0
8F4200
54
8A4200
DC7842
00BC7642008C77
42
005877
42
00C8
7642
00E8
7642
0020
5C
42
00D8
7E42
009C7F4200E87F
42
00C4
inc edx
add byte ptr [ebx+4*eax], bl
inc edx
add byte ptr [ebx+4*eax+42], ch
add byte ptr [eax-7D], bh
inc edx
add byte ptr [ebx+4*eax-7A27FFBE], al
inc edx
add byte ptr [esi+4*eax+42], ah
add al, ah
call F0423F40
clc
adc al, 87
inc edx
add ah, ch
xchg dword ptr [edx+00], eax
inc eax
mov [eax+88E80042], cs
inc edx
add byte ptr [eax-7A], dl
inc edx
add byte ptr [esi-727BFFBE], dl
inc edx
add ah, bh
jns 0041FD27
add ah, ch
jpe 0041FD2B
add byte ptr [ebx+2*edi], dl
inc edx
add byte ptr [ebx+4*eax], dh
inc edx
jle 0041FD37
inc edx
add al, ah
pop [edx+00]
push esp
mov al, byte ptr [edx+00]
fdivr qword ptr [eax+42]
add byte ptr [esi+2*esi+778C0042], bh
inc edx
inc edx
add al, cl
jbe 0041FD57
add al, ch
jbe 0041FD5B
pop esp
inc edx
add al, bl
jle 0041FD63
add byte ptr [edi+2*edi+7FE80042], bl
inc edx
add ah, al
|:0041FCE7(C)
|
:0041FD2B 7642
:0041FD2D 00CC
:0041FD2F 7742
:0041FD31 00909A420038
|:0041FCF3(C)
|
:0041FD37 95
:0041FD38 42
:0041FD39 008078420098
:0041FD3F 7B42
:0041FD41 00687C
:0041FD44 42
:0041FD45 005C7D42
:0041FD49 00748242
:0041FD4D 002478
:0041FD50 42
:0041FD51 00809542007C
|:0041FD13(C)
|
:0041FD57 8C4200
:0041FD5A 087742
:0041FD5D 00F4
:0041FD5F 5C
:0041FD60 42
:0041FD61 00B88E4200B4
:0041FD67 93
:0041FD68 42
:0041FD69 00987E42000B
|:0041FD2B(C)
|
:0041FD6F 54
:0041FD70 57
:0041FD71 696E436F6E7472
:0041FD78 6F
:0041FD79 6C
:0041FD7A 8BC0
:0041FD7C 80FD41
:0041FD7F 0007
:0041FD81 0B545769
:0041FD85 6E
:0041FD86 43
:0041FD87 6F
:0041FD88 6E
:0041FD89 7472
:0041FD8B 6F
:0041FD8C 6C
:0041FD8D 18FA4100
:0041FD91 3CF74100
DWORD 0041FA18
DWORD 0041F73C
jbe 0041FD6F
add ah, cl
ja 0041FD73
add byte ptr [eax+3800429A], dl
xchg eax,ebp
inc edx
add byte ptr
jpo 0041FD83
add byte ptr
inc edx
add byte ptr
add byte ptr
add byte ptr
inc edx
add byte ptr
[eax+98004278], al
[eax+7C], ch
[ebp+2*edi+42], bl
[edx+4*eax+42], dh
[eax+2*edi], ah
[eax+7C004295], al
mov [edx+00], es
or byte ptr [edi+42], dh
add ah, dh
pop esp
inc edx
add byte ptr [eax+B400428E], bh
xchg eax,ebx
inc edx
add byte ptr [eax+0B00427E], bl
push esp
push edi
imul ebp, dword ptr [esi+43], 72746E6F
outsd
insb
mov eax, eax
cmp ch, 41
or edx, dword ptr [edi+2*edx+69]
outsb
inc ebx
outsd
outsb
je 0041FDFD
outsd
insb
:0041FD95
:0041FD97
:0041FD9A
:0041FD9B
:0041FD9D
:0041FD9E
:0041FD9F
:0041FDA1
:0041FDA8
:0041FDAA
:0041FDAB
:0041FDAD
:0041FDB3
:0041FDB5
:0041FDB8
:0041FDBA
:0041FDBC
:0041FDBF
:0041FDC0
:0041FDC2
:0041FDC3
:0041FDC4
:0041FDC6
:0041FDC8
:0041FDCA
:0041FDCB
:0041FDD5
0900
08436F
6E
7472
6F
6C
7301
00BCAF40004401
00FF
44
0100
FF989A420000
0000
800000
0000
0800
0B4865
6C
7043
6F
6E
7465
7874
14FE
41
00000000000000000000
000000

outsb
je 0041FE0F
outsd
insb
jnb 0041FDA2
add byte ptr [edi+4*ebp+01440040], bh
add bh, bh
inc esp
call far dword ptr [eax+0000429A]
or ecx, dword ptr [eax+65]
insb
jo 0041FE05
outsd
outsb
je 0041FE2B
js 0041FE3C
adc al, FE
inc ecx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041FDD8 BCFE410000
:0041FDDD 00000000000000
mov esp, 000041FE

BYTE 7 DUP(0)
:0041FDE4 A0FE4100
:0041FDE8 A8FE4100
DWORD 0041FEA0
DWORD 0041FEA8
:0041FDEC 1801
:0041FDEE 0000
sbb byte ptr [ecx], al

:0041FDF0 BCF44100
:0041FDF4 681C4100
DWORD 0041F4BC
DWORD 00411C68
:0041FDF8 342E
:0041FDFA 40
:0041FDFB 0038
xor al, 2E
inc eax
|:0041FD89(C)
|
:0041FDFD 2E
:0041FDFE 40
:0041FDFF 003C2E
:0041FE02 40
:0041FE03 0090434200B4
:0041FE09 2B4000
:0041FE0C C82B4000

BYTE 02eh
inc eax
inc eax
enter 402B, 00
:0041FE10
:0041FE16
:0041FE17
:0041FE1A
:0041FE1B
:0041FE1D
:0041FE20
:0041FE22
:0041FE23
:0041FE25
:0041FE26
:0041FE27
:0041FE2A
28A042006C4F
42
006844
42
0008
D24000
3C4F
42
00DC
27
42
004827
42
sub
inc
add
inc
add
rol
cmp
inc
add
daa
inc
add
inc
byte ptr
edx
byte ptr
edx
byte ptr
byte ptr
al, 4F
edx
ah, bl
[eax+4F6C0042], ah
[eax+44], ch
[eax], cl
[eax+00], cl
edx
edx
|:0041FDC4(C)
|
:0041FE2B 0028
:0041FE2D 2F
:0041FE2E 42
:0041FE2F 00801C4100C4
:0041FE35 184100
:0041FE38 BC184100
DWORD 004118BC
|:0041FDC6(C)
|
:0041FE3C 881C4100
:0041FE40 CC
:0041FE41 9F
:0041FE42 42
:0041FE43 00EC
:0041FE45 51
:0041FE46 42
:0041FE47 00C4
:0041FE49 3F
:0041FE4A 42
:0041FE4B 00C0
:0041FE4D 3F
:0041FE4E 42
:0041FE4F 009040420038
:0041FE55 2C42
:0041FE57 009C2B42009C34
:0041FE5E 42
:0041FE5F 00B8254200BC
:0041FE65 2542000051
:0041FE6A 42
:0041FE6B 002C51
:0041FE6E 42
:0041FE6F 001427
:0041FE72 42
:0041FE73 00D8
:0041FE75 304200
:0041FE78 1030
:0041FE7A 42
:0041FE7B 00743342
:0041FE7F 0038
:0041FE81 324200
:0041FE84 7842
add
das
inc
add
sbb
byte ptr [eax], ch

edx
DWORD 00411C88
int 03
lahf
inc edx
add ah, ch
push ecx
inc edx
add ah, al
aas
inc edx
add al, al
aas
inc edx
sub al, 42
inc edx
and eax, 51000042
inc edx
inc edx
inc edx
add al, bl
inc edx
js 0041FEC8
:0041FE86 42
:0041FE87 00B05142005C
:0041FE8D 36
inc edx
BYTE 036h
:0041FE8E
:0041FE8F
:0041FE95
:0041FE98
:0041FE99
42
0080364200B8
284200
6C
36
inc edx
insb
BYTE 036h
:0041FE9A
:0041FE9B
:0041FE9D
:0041FEA2
:0041FEA6
:0041FEA7
:0041FEA9
:0041FEAA
:0041FEAB
:0041FEAD
:0041FEAF
:0041FEB6
:0041FEB7
:0041FEB8
:0041FEBD
:0041FEBE
:0041FEBF
:0041FEC0
:0041FEC2
:0041FEC4
:0041FECB
:0041FECC
42
0000
A142000100
0F0058A0
42
000F
54
47
7261
7068
6963436F6E7472
6F
6C
BCFE410007
0F
54
47
7261
7068
6963436F6E7472
6F
6C
inc edx
ltr dword ptr [eax-60]
inc edx
push esp
inc edi
jb 0041FF0E
jo 0041FF17
imul esp, dword ptr [ebx+43], 72746E6F
outsd
insb
mov esp, 070041FE
BYTE 0fh
push esp
inc edi
jb 0041FF23
jo 0041FF2C
imul esp, dword ptr [ebx+43], 72746E6F
outsd
insb
:0041FECD 14FE4100
:0041FED1 3CF74100
DWORD 0041FE14
DWORD 0041F73C
:0041FED5
:0041FED7
:0041FEDA
:0041FEDB
:0041FEDD
:0041FEDE
:0041FEDF

outsb
je 0041FF4F
outsd
insb
jnb 0041FEE1
0800
08436F
6E
7472
6F
6C
7300
|:0041FEDF(C)
|
:0041FEE1 008BC030FF41
:0041FEE7 00000000000000000000
:0041FEF1 000000
:0041FEF4 0800
:0041FEF6 42
:0041FEF7 000000000000000000

inc edx
BYTE 9 DUP(0)
add byte ptr [ebx+41FF30C0], cl

BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0041FF00 ECFF4100
:0041FF04 F4FF4100
DWORD 0041FFEC
DWORD 0041FFF4
:0041FF08
:0041FF09
:0041FF0B
:0041FF0D
lock
add ah, cl
stc
F0
0100
00CC
F9

|:0041FEAB(C)
|
:0041FF0E 41
inc ecx
:0041FF0F 00681C
:0041FF12 41
inc ecx
:0041FF13 00342E
:0041FF16 40
inc eax
|:0041FEAD(C)
|
:0041FF17 0038
:0041FF19 2E
BYTE 02eh
:0041FF1A
:0041FF1B
:0041FF1E
:0041FF1F
:0041FF25
:0041FF28
40
003C2E
40
00906B4200B4
2B4000
C82B4000
inc eax
inc eax
enter 402B, 00
|:0041FEC2(C)
|
:0041FF2C 1CA9
:0041FF2E 42
:0041FF2F 00B89A420068
:0041FF35 44
:0041FF36 42
:0041FF37 0008
:0041FF39 D24000
:0041FF3C 3C4F
:0041FF3E 42
:0041FF3F 00DC
:0041FF41 27
:0041FF42 42
:0041FF43 00FC
:0041FF45 54
:0041FF46 42
:0041FF47 0028
:0041FF49 2F
:0041FF4A 42
:0041FF4B 00801C4100C4
:0041FF51 184100
:0041FF54 BC184100
:0041FF58 881C4100
DWORD 004118BC
DWORD 00411C88
sbb al, A9
inc edx
add byte ptr
inc esp
inc edx
add byte ptr
rol byte ptr
cmp al, 4F
inc edx
add ah, bl
daa
inc edx
add ah, bh
push esp
inc edx
add byte ptr
das
inc edx
add byte ptr
sbb byte ptr
[eax+6800429A], bh
[eax], cl
[eax+00], cl
[eax], ch
[eax+C400411C], al
[ecx+00], al
:0041FF5C
:0041FF63
:0041FF65
:0041FF66
:0041FF67
:0041FF69
:0041FF70
:0041FF72
:0041FF73
:0041FF75
:0041FF78
:0041FF7F
:0041FF86
:0041FF87
:0041FF8A
:0041FF8B
:0041FF8E
:0041FF8F
:0041FF91
:0041FF94
:0041FF96
:0041FF97
:0041FF9B
:0041FF9D
:0041FFA0
:0041FFA2
:0041FFA3
:0041FFA9
:0041FFAC
:0041FFAD
:0041FFB0
:0041FFB2
:0041FFB3
:0041FFB5
:0041FFB8
:0041FFBA
:0041FFBB
:0041FFBF
:0041FFC1
C0A842008C9142
00C0
95
42
00E8
9A4200149A4200
A88F
42
00C8
8F4200
DC8C4200B82542
00BC2542000051
42
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
D469
42
00B051420074
8D4200
F0
8D4200
1C89
42
00D4
8D4200
7455
42
004C5A42
00C4
65
shr byte ptr [eax+918C0042], 42

add al, al
xchg eax,ebp
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
add al, cl
pop [edx+00]
inc edx
inc edx
inc edx
add al, bl
inc edx
aam (base105)
inc edx
lock
sbb al, 89
inc edx
add ah, dl
je 0042000F
inc edx
add ah, al
BYTE 065h
:0041FFC2
:0041FFC3
:0041FFC5
:0041FFC6
:0041FFC7
:0041FFCE
:0041FFCF
:0041FFD1
42
00E8
61
42
00846442001863
42
0020
65
inc edx
add al, ch
popad
inc edx
inc edx
BYTE 065h
:0041FFD2 42
:0041FFD3 00C8
:0041FFD5 64
inc edx
add al, cl
BYTE 064h
:0041FFD6 42
:0041FFD7 00148F
:0041FFDA 42
inc edx
inc edx
:0041FFDB
:0041FFDF
:0041FFE6
:0041FFE7
:0041FFE9
:0041FFEA
:0041FFEB
:0041FFED
:0041FFEF
:0041FFF3
:0041FFF5
:0041FFF6
:0041FFF7
:0041FFF9
:0041FFFB
:0041FFFC
:0041FFFD
:0041FFFE
:0041FFFF
:00420001
:00420002
:00420003
:00420004
:00420006
:00420007
:00420009
:0042000A
:0042000B
:0042000C
:0042000E
:00420010
:00420011
:00420012
:00420013
:00420014
:00420016
:00420017
:00420018
:0042001A
:0042001B
:0042001F
:00420021
:00420023
:00420024
:00420025
:00420026
:00420028
:00420029
:0042002A
006CA942
008C8B4200808E
42
0018
AA
42
0001
000F
004CA942
000E
54
43
7573
746F
6D
43
6F
6E
7472
6F
6C
90
0800
42
0007
0E
54
43
7573
746F
6D
43
6F
6E
7472
6F
6C
30FF
41
007CFD41
0009
0008
43
6F
6E
7472
6F
6C
7300
add byte ptr [ecx+4*ebp+42], ch

inc edx
stosb
inc edx
add byte ptr [ecx+4*ebp+42], cl
push esp
inc ebx
jne 0042006C
je 0042006A
insd
inc ebx
outsd
outsb
je 00420073
outsd
insb
nop
inc edx
push cs
push esp
inc ebx
jne 00420081
je 0042007F
insd
inc ebx
outsd
outsb
je 00420088
outsd
insb
xor bh, bh
inc ecx
add byte ptr [ebp+8*edi+41], bh
inc ebx
outsd
outsb
je 0042009A
outsd
insb
jnb 0042002C
|:0042002A(C)
|
:0042002C 008D40007C00
:00420032 42
:00420033 00000000000000000000
:0042003D 000000
:00420040 6C
insb
add byte ptr [ebp+007C0040], cl

inc edx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00420041 014200
:00420044 0000000000000000
add dword ptr [edx+00], eax

BYTE 8 DUP(0)
:0042004C 48014200
:00420050 5C014200
DWORD 00420148
DWORD 0042015C
:00420054
:00420055
:00420057
:00420059
:0042005C
:00420061
hlt
add ah, ah
inc [ecx+00]
push 3400411C
BYTE 02eh
F4
0100
00E4
FE4100
681C410034
2E
:00420062 40
:00420063 0038
:00420065 2E
inc eax
BYTE 02eh
:00420066 40
:00420067 003C2E
inc eax
|:0041FFF9(C)
|
:0042006A 40
:0042006B 00906B4200B4
:00420071 2B4000
:00420074 C82B4000
:00420078 1CA94200
:0042007C B89A4200
:00420080 68444200
DWORD 0042A91C
DWORD 00429AB8
DWORD 00424468
:00420084
:00420086
:00420087
:0042008A
:0042008B
:0042008D
:0042008E
:0042008F
:00420091
:00420092
:00420093
:00420095
:00420096
:00420097
:0042009D
:004200A0
:004200A5
:004200A7
:004200AA
:004200AB
:004200B2
:004200B3
or dl, dl
inc eax
add byte ptr [edi+2*ecx], bh
inc edx
add ah, bl
daa
inc edx
add ah, bh
push esp
inc edx
das
inc edx
mov esp, 88004118
sbb al, 41
inc edx
inc edx
add al, ch
08D2
40
003C4F
42
00DC
27
42
00FC
54
42
0028
2F
42
00801C4100C4
184100
BC18410088
1C41
0004A1
42
008C914200C095
42
00E8
inc eax
enter 402B, 00
:004200B5 9A4200149A4200
call 0042:9A140042
:004200BC
:004200C0
:004200C4
:004200C8
:004200CC
:004200D0
:004200D4
:004200D8
:004200DC
:004200E0
:004200E4
:004200E8
:004200EC
:004200F0
:004200F4
:004200F8
:004200FC
:00420100
:00420104
:00420108
:0042010C
:00420110
:00420114
:00420118
:0042011C
:00420120
:00420124
:00420128
:0042012C
:00420130
:00420134
:00420138
:0042013C
:00420140
:00420144
A88F4200
C88F4200
DC8C4200
B8254200
BC254200
00514200
2C514200
14274200
D8304200
10304200
74334200
38324200
D4694200
B0514200
748D4200
F08D4200
1C894200
D48D4200
74554200
4C5A4200
C4654200
B0A14200
84644200
18634200
20654200
C8644200
148F4200
6CA94200
8C8B4200
808E4200
74A24200
0CA44200
28A54200
54A54200
10A34200
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00420148
:0042014A
:0042014C
:0042014E
0300
8400
8500
12B0ECA14200

test byte ptr [eax], al
adc dh, byte ptr [eax+0042A1EC]
00428FA8
00428FC8
00428CDC
004225B8
004225BC
00425100
0042512C
00422714
004230D8
00423010
00423374
00423238
004269D4
004251B0
00428D74
00428DF0
0042891C
00428DD4
00425574
00425A4C
004265C4
0042A1B0
00426484
00426318
00426520
004264C8
00428F14
0042A96C
00428B8C
00428E80
0042A274
0042A40C
0042A528
0042A554
0042A310
:00420154 F4A14200
:00420158 7CA34200
DWORD 0042A1F4
DWORD 0042A37C
:0042015C
:00420160
:00420161
:00420163
:0042016A
:0042016B
:0042016D
:00420171
:00420172
:00420174
:0042017B
:0042017C

outsb
je 004201BA
imul ebp, dword ptr [esi+64], 016C776F
inc edx
outsb
je 004201CB
imul ebp, dword ptr [esi+64], 007C776F
inc edx
0B544869
6E
7457
696E646F776C01
42
0007
0B544869
6E
7457
696E646F777C00
42
000400
:0042017F
:00420180
:00420182
:00420184
:00420185
:00420186
:00420187
:00420189
:0042018A
:0042018B
42
0009
0008
43
6F
6E
7472
6F
6C
7300
inc edx
inc ebx
outsd
outsb
je 004201FB
outsd
insb
jnb 0042018D
|:0042018B(C)
|
:0042018D 008BC0DC0142
:00420193 00000000000000000000
:0042019D 00000000000000000000
:004201A7 000000000000000000
:004201B0
:004201B2
:004201B3
:004201B6
:004201B8
:004201BA
:004201BB
:004201BD
DC01
42
002400
0000
8810
40
0028
2E
fadd qword ptr [ecx]

inc edx
inc eax
BYTE 02eh
:004201BE
:004201BF
:004201C2
:004201C3
:004201C5
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:004201C6 40
:004201C7 003C2E
:004201CA 40
inc eax
inc eax
add byte ptr [ebx+4201DCC0], cl

BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)

|:00420172(C)
|
:004201CB 0030
:004201CD 2E
BYTE 02eh
:004201CE
:004201CF
:004201D6
:004201D7
:004201D9
:004201DB
:004201DD
:004201DE
:004201DF
:004201E0
:004201E3
:004201E4
40
00B42B4000C82B
40
0010
2C40
0009
54
44
6F
636B5A
6F
6E
inc eax
inc eax
sub al, 40
push esp
inc esp
outsd
arpl dword ptr [ebx+5A], ebp
outsd
outsb
:004201E5
:004201E8
:004201E9
:004201EC
:004201F1
:004201F4
:004201F9
:004201FC
:00420201
:00420204
:00420205
:00420207
:0042020A
:0042020D
658BC0
CC
83C090
E9AFAE0000
83C090
E9ABAE0000
83C090
E98BAF0000
83C090
50
8B00
8B4008
870424
C3
mov eax, eax

int 03
add eax, FFFFFF90
jmp 0042B0A0
add eax, FFFFFF90
jmp 0042B0A4
add eax, FFFFFF90
jmp 0042B18C
add eax, FFFFFF90
push eax
xchg dword ptr [esp], eax
ret
:0042020E
:00420211
:00420212
:00420214
:00420217
:0042021A
83C090
50
8B00
8B400C
870424
C3
add eax, FFFFFF90

push eax
ret
:0042021B
:0042021E
:0042021F
:00420221
:00420224
:00420227
83C090
50
8B00
8B4024
870424
C3
add eax, FFFFFF90

push eax
ret
:00420228
:0042022B
:0042022C
:0042022E
:00420231
:00420234
83C090
50
8B00
8B4014
870424
C3
add eax, FFFFFF90

push eax
ret
:00420235
:00420238
:00420239
:0042023B
:0042023E
:00420241
83C090
50
8B00
8B4018
870424
C3
add eax, FFFFFF90

push eax
ret
:00420242
:00420245
:00420246
:00420248
:0042024B
:0042024E
83C090
50
8B00
8B4020
870424
C3
add eax, FFFFFF90

push eax
ret
:0042024F
:00420252
:00420253
:00420255
83C090
50
8B00
8B401C
add eax, FFFFFF90

push eax
:00420258 870424
:0042025B C3

ret
:0042025C
:0042025F
:00420264
:00420269
:0042026E
:00420273
:00420278
:0042027D
:00420282
add
jmp
add
jmp
add
jmp
add
jmp
int
83C090
E958C40000
8344240490
E95E4CFEFF
8344240490
E97C4CFEFF
8344240490
E9864CFEFF
CC
eax, FFFFFF90
0042C6BC
dword ptr [esp+04], FFFFFF90
00404ECC
00404EF4
00404F08
03
:00420283 64024200
:00420287 6E024200
:0042028B 78024200
DWORD 00420264
DWORD 0042026E
DWORD 00420278
|:0042028B(C)
|
:0042028F E9014200
:00420293 F1014200
:00420297 F9014200
:0042029B 01024200
:0042029F 0E024200
:004202A3 1B024200
:004202A7 28024200
:004202AB 35024200
:004202AF 42024200
:004202B3 4F024200
:004202B7 5C024200
:004202BB
:004202BD
:004202BF
:004202C1
:004202C7
:004202C8
:004202C9
:004202CB
:004202CC
:004202D1
:004202D2
:004202D5

jns 004202BE
sbb dword ptr [esi+11D1C281], eax
stosb
pushad
add al, al
dec edi
inc edx
BYTE 6 DUP(0)
0100
0000
79FD
198681C2D111
AA
60
00C0
4F
A370E88302
42
007000
000000000000
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
004201E9
004201F1
004201F9
00420201
0042020E
0042021B
00420228
00420235
00420242
0042024F
0042025C
:004202DB 90
nop
:004202DC 28034200
:004202E0 BB024200
DWORD 00420328
DWORD 004202BB
:004202E4 00000000000000000000
:004202EE 00000000000000000000
:004202F8 00000000
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 4 DUP(0)
:004202FC 50
push eax
:004202FD 034200
:00420300 7400
add eax, dword ptr [edx+00]

je 00420302

|:00420300(C)
|
:00420302 0000
:00420304 7811
js 00420317
:00420306 40
inc eax
:00420307 0028
:00420309 2E
BYTE 02eh
:0042030A
:0042030B
:0042030E
:0042030F
:00420316
40
00342E
40
00BC4E40003C2E
40
inc
add
inc
add
inc
eax
eax
byte ptr [esi+2*ecx+2E3C0040], bh
eax

|:00420304(C)
|
:00420317 0030
:00420319 2E
BYTE 02eh
:0042031A
:0042031B
:00420322
:00420323
:00420326
:00420327
:0042032E
:0042032F
:00420331
:00420333
:00420335
:0042033A
:0042033B
:0042033D
:00420342
:00420343
:00420345
40
00B42B4000C82B
40
0040B0
42
008CB0420000B2
42
0010
B242
00C8
B8420004BC
42
0018
BE42000CC0
42
00E0
C44200
inc
add
inc
add
inc
add
inc
add
mov
add
mov
inc
add
mov
inc
add
les
eax
eax
byte ptr [eax-50], al
edx
byte ptr [eax+4*esi-4DFFFFBE], cl
edx
byte ptr [eax], dl
dl, 42
al, cl
eax, BC040042
edx
byte ptr [eax], bl
esi, C00C0042
edx
al, ah
eax, dword ptr [edx+00]
:00420348 ACC24200
:0042034C C0BC4200
DWORD 0042C2AC
DWORD 0042BCC0
:00420350
:00420354
:00420357
:00420359
:0042035C
:0042035E
:0042035F
:00420369
:00420373
or dword ptr [esp+2*eax+6F], edx

jb 004203BE
mov eax, eax
test al, 03
inc edx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
0954446F
636B54
7265
658BC0
A803
42
00000000000000000000
00000000000000000000
000000000000000000
:0042037C A803
test al, 03
:0042037E 42
:0042037F 0028
:00420381 000000
inc edx
BYTE 3 DUP(0)
:00420384
:00420386
:00420387
:00420389
8810
40
0028
2E

inc eax
BYTE 02eh
:0042038A
:0042038B
:0042038E
:0042038F
:00420391
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:00420392
:00420393
:00420396
:00420397
:00420399
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0042039A
:0042039B
:004203A2
:004203A3
:004203A6
:004203A7
:004203A9
:004203AA
:004203AB
:004203AC
:004203AE
40
00B42B4000C82B
40
0050CF
42
0006
54
4D
6F
7573
65
inc eax
inc eax
inc edx
push esp
dec ebp
outsd
jne 00420421
BYTE 065h
:004203AF 90
nop

|:0041D695
|
:004203B0 8A10
mov dl, byte ptr [eax]
:004203B2 80EA01
sub dl, 01
:004203B5 7204
jb 004203BB
:004203B7 7406
je 004203BF
:004203B9 EB07
jmp 004203C2
|:004203B5(C)
|
:004203BB C60001
|:00420357(C)
|
:004203BE C3
ret
|:004203B7(C)
|
:004203BF C60000
|:004203B9(U)
|
:004203C2 C3
:004203C3 90
:004203C4 55
:004203C5 8BEC
:004203C7 51
:004203C8 53
:004203C9 8D5DFC
:004203CC A108264400
:004203D1 8B5508
:004203D4 899040010000
:004203DA A108264400
:004203DF 8B8060010000
:004203E5 50
:004203E6 6AFC
:004203E8 8B4508
:004203EB 50

ret
nop
push ebp
mov ebp, esp
push ecx
push ebx
lea ebx, dword ptr [ebp-04]
push eax
push FFFFFFFC
push eax

|
:004203EC E80760FEFF
Call 004063F8
:004203F1 6AF0
push FFFFFFF0
:004203F3 8B4508
:004203F6 50
push eax
|
:004203F7 E8445EFEFF
Call 00406240
:004203FC A900000040
test eax, 40000000
:00420401 741E
je 00420421
:00420403 6AF4
push FFFFFFF4
:00420405 8B4508
:00420408 50
push eax
|
:00420409 E8325EFEFF
Call 00406240
:0042040E 85C0
test eax, eax
:00420410 750F
jne 00420421
:00420412 8B4508
:00420415 50
push eax
:00420416 6AF4
push FFFFFFF4
:00420418 8B4508
:0042041B 50
push eax
|
:0042041C E8D75FFEFF
Call 004063F8
|:004203AC(C), :00420401(C), :00420410(C)
|
:00420421 A108264400
:00420426 50
push eax
:00420427
:0042042E
:0042042F
:00420432
0FB7052E374400
50
8B4508
50
movzx eax, word ptr [0044372E]

push eax
push eax

|
:00420433 E8905FFEFF
Call 004063C8
:00420438 A108264400
:0042043D 50
push eax
:0042043E 0FB7052C374400
movzx eax, word ptr [0044372C]
:00420445 50
push eax
:00420446 8B4508
:00420449 50
push eax
|
:0042044A E8795FFEFF
Call 004063C8
:0042044F FF7514
push [ebp+14]
:00420452 FF7510
push [ebp+10]
:00420455 FF750C
push [ebp+0C]
:00420458 FF7508
push [ebp+08]
:0042045B 8B0508264400
:00420461 C7050826440000000000
mov dword ptr [00442608], 00000000
:0042046B FF9060010000
call dword ptr [eax+00000160]
:00420471 8945FC
:00420474 8B03
:00420476 5B
pop ebx
:00420477 59
pop ecx
:00420478 5D
pop ebp
:00420479 C21000
ret 0010

|:00420709 , :00420E8D , :00421C7A , :00426C63 , :004334FC
|:004397F0 , :0043B4C6
|
:0042047C 53
push ebx
:0042047D 8BD8
mov ebx, eax
:0042047F 33C0
xor eax, eax
:00420481 85DB
test ebx, ebx
:00420483 740E
je 00420493
:00420485 0FB7052E374400
:0042048C 50
push eax
:0042048D 53
push ebx
|
:0042048E E8555DFEFF
Call 004061E8
|:00420483(C)
|
:00420493 5B
pop ebx
:00420494 C3
ret
:00420495 8D4000

|:004286FB , :0042DB43 , :0042DB9B , :0043B27F
|
:00420498 53
push ebx
:00420499 56
push esi
:0042049A 8B1D302C4400
mov ebx, dword ptr [00442C30]
:004204A0 8B1B
:004204A2 8B7324
:004204A5 85F6
test esi, esi
:004204A7 7411
je 004204BA
:004204A9 51
push ecx
:004204AA 52
push edx
:004204AB 50
push eax
:004204AC A1302C4400
:004204B1 56
push esi
|
:004204B2 E8D15EFEFF
Call 00406388
:004204B7 5E
pop esi
:004204B8 5B
pop ebx
:004204B9 C3
ret

|:004204A7(C)
|
:004204BA 33C0
xor eax, eax
:004204BC 5E
pop esi
:004204BD 5B
pop ebx
:004204BE C3
ret
:004204BF 90
:004204C0 FFFFFFFF
nop
BYTE 4 DUP(0ffh)
:004204C4
:004204C6
:004204C8
:004204CB
:004204CE
:004204D0

arpl dword ptr [edx+44], esi
popa
jne 0042053C
je 004204D2
0900
0000
637244
656661
756C
7400

|:004204D0(C)
|
:004204D2 0000
:004204D4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004204D8 07
:004204D9 000000
pop es
BYTE 3 DUP(0)
:004204DC
:004204DF
:004204E1
:004204E2

jb 00420553
outsd
ja 004204E4
637241
7272
6F
7700
|:004204E2(C)
|
:004204E4 FFFFFFFF
:004204E8 07
:004204E9 000000
:004204EC
:004204EF
:004204F1
:004204F3
:004204F5

jb 00420560
jnb 00420566
add bh, bh
BYTE 3 DUP(0ffh)
637243
726F
7373
00FF
FFFFFF
BYTE 4 DUP(0ffh)
pop es
BYTE 3 DUP(0)
:004204F8 07
:004204F9 000000
pop es
BYTE 3 DUP(0)
:004204FC 637249
:004204FF 42
:00420500 65

inc edx
BYTE 065h
:00420501
:00420502
:00420503
:00420505
61
6D
00FF
FFFFFF
popad
insd
add bh, bh
BYTE 3 DUP(0ffh)
:00420508
:0042050A
:0042050C
:0042050F
:00420516
:00420518
0A00
0000
637253
697A654E455357
0000
FFFFFFFF

imul edi, dword ptr [edx+65], 5753454E
BYTE 4 DUP(0ffh)
:0042051C
:0042051E
:00420520
:00420523
:0042052A
:0042052C
0800
0000
637253
697A654E530000
0000
FFFFFFFF

BYTE 4 DUP(0ffh)
:00420530
:00420532
:00420534
:00420537
:0042053E
:00420540
0A00
0000
637253
697A654E575345
0000
FFFFFFFF

BYTE 4 DUP(0ffh)
:00420544
:00420546
:00420548
:0042054B
:00420552
0800
0000
637253
697A6557450000
0000

:00420554 FFFFFFFF
BYTE 4 DUP(0ffh)
:00420558
:0042055A
:0042055C
:0042055F
:00420561
:00420563
:00420564

jo 004205A2
jb 004205D5
outsd
ja 00420566
0900
0000
637255
7041
7272
6F
7700

|:004204F1(C), :00420564(C)
|
:00420566 0000
:00420568 FFFFFFFF
BYTE 4 DUP(0ffh)
:0042056C
:0042056E
:00420570
:00420573
:00420574
:00420576
:00420577
:00420578
:00420579
:0042057B
:0042057D
0B00
0000
637248
6F
7572
47
6C
61
7373
00FF
FFFFFF

outsd
jne 004205E8
inc edi
insb
popad
jnb 004205EE
add bh, bh
BYTE 3 DUP(0ffh)
:00420580 06
:00420581 000000
push es
BYTE 3 DUP(0)
:00420584
:00420587
:00420589
:0042058C
637244
7261
670000
FFFFFFFF

jb 004205EA
add [bx+si], al
BYTE 4 DUP(0ffh)
:00420590
:00420592
:00420594
:00420597
:00420598
:00420599
:0042059B
0800
0000
63724E
6F
44
726F
7000

arpl dword ptr [edx+4E], esi
outsd
inc esp
jb 0042060A
jo 0042059D

|:0042059B(C)
|
:0042059D 000000
BYTE 3 DUP(0)
:004205A0 FFFFFFFF
BYTE 4 DUP(0ffh)
:004205A4
:004205A6
:004205A8
:004205AB
0800
0000
637248
53

push ebx
:004205AC 706C
:004205AE 697400000000FFFF
:004205B6 FFFF
jo 0042061A
imul esi, dword ptr [eax+eax], FFFF0000
BYTE 2 DUP(0ffh)
:004205B8
:004205BA
:004205BC
:004205BF
:004205C0
:004205C2
:004205CA
0800
0000
637256
53
706C
697400000000FFFF
FFFF

push ebx
jo 0042062E
imul esi, dword ptr [eax+eax], FFFF0000
BYTE 2 DUP(0ffh)
:004205CC
:004205CE
:004205D0
:004205D3
0B00
0000
63724D
756C

arpl dword ptr [edx+4D], esi
jne 00420641

|:00420561(C)
|
:004205D5 7469
je 00420640
:004205D7 44
inc esp
:004205D8 7261
jb 0042063B
:004205DA 6700FF
add bh, bh
:004205DD FFFFFF
BYTE 3 DUP(0ffh)
:004205E0
:004205E2
:004205E4
:004205E7
0900
0000
637253
51

push ecx

|:00420574(C)
|
:004205E8 4C
dec esp
:004205E9 57
push edi
|:00420587(C)
|
:004205EA 61
:004205EB 6974000000FFFFFF
:004205F3 FF0400
:004205F6 0000
:004205F8 63724E
:004205FB 6F
:004205FC 00000000
:00420600 FFFFFFFF
BYTE 4 DUP(0ffh)
:00420604
:00420606
:00420608
:0042060B
:0042060D

jo 0042067D
push ebx
0A00
0000
637241
7070
53
popad
imul esi, dword ptr [eax+eax], FFFFFF00
inc dword ptr [eax+eax]
arpl dword ptr [edx+4E], esi
outsd
BYTE 4 DUP(0)
:0042060E
:00420610
:00420612
:00420614
7461
7274
0000
FFFFFFFF
je 00420671
jb 00420686
BYTE 4 DUP(0ffh)
:00420618 06
:00420619 000000
push es
BYTE 3 DUP(0)
:0042061C 637248
:0042061F 65

BYTE 065h
:00420620 6C
:00420621 7000
insb
jo 00420623

|:00420621(C)
|
:00420623 00FF
add bh, bh
:00420625 FFFFFF
BYTE 3 DUP(0ffh)
:00420628
:0042062A
:0042062C
:0042062F
:00420630
:00420631
0B00
0000
637248
61
6E
64
:00420632 50
:00420633 6F
:00420634 696E7400FFFFFF

popad
outsb
BYTE 064h
push eax
outsd
imul ebp, dword ptr [esi+74], FFFFFF00

|:004205D8(C)
|
:0042063B FF09
dec dword ptr [ecx]
:0042063D 000000
BYTE 3 DUP(0)
|:004205D5(C)
|
:00420640 637253
:00420643 697A65416C6C00
:0042064A 0000
:0042064C FFFFFFFF
:00420650 06
:00420651 000000
push es
BYTE 3 DUP(0)
:00420654 637253
:00420657 697A6500006A15
:0042065E B914264400

imul edi, dword ptr [edx+65], 156A0000
mov ecx, 00442614

imul edi, dword ptr [edx+65], 006C6C41
BYTE 4 DUP(0ffh)
:00420663 E8B0C0FEFF
:00420668 C3
call 0040C718
ret
:00420669
:0042066C
:0042066E
:00420673
:00420678

push 00000015
mov ecx, 00442614
call 0040C6D8
ret
8D4000
6A15
B914264400
E860C0FEFF
C3
:00420679 8D4000

|:0043FBBB
|
:0042067C 53
push ebx
|:0042060B(C)
|
:0042067D 56
:0042067E 57
:0042067F 8BFA
:00420681 8BF0
:00420683 8BD6
:00420685 B8BC064200
:0042068A E84D8AFEFF
:0042068F 8BD8
:00420691 85DB
:00420693 750B
:00420695 8BC7
:00420697 8BD6
:00420699 E8B231FEFF
:0042069E EB10
|:00420693(C)
|
:004206A0 57
:004206A1 8BCB
:004206A3 49
:004206A4 BA01000000
:004206A9 8BC6
:004206AB E88835FEFF
push esi
push edi
mov edi, edx
mov esi, eax
mov edx, esi
mov eax, 004206BC
call 004090DC
mov ebx, eax
test ebx, ebx
jne 004206A0
mov eax, edi
mov edx, esi
call 00403850
jmp 004206B0
push edi
mov ecx, ebx
dec ecx
mov edx, 00000001
mov eax, esi
call 00403C38

|:0042069E(U)
|
:004206B0 5F
pop edi
:004206B1 5E
pop esi
:004206B2 5B
pop ebx
:004206B3 C3
ret
:004206B4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004206B8 0100
:004206BA 0000

:004206BC 7C00
jl 004206BE

|:004206BC(C)
|
:004206BE 0000
|:0043B13D , :0043F3E4
|
:004206C0 53
push ebx
:004206C1 56
push esi
:004206C2 57
push edi
:004206C3 8BFA
mov edi, edx
:004206C5 8BF0
mov esi, eax
:004206C7 8BD6
mov edx, esi
:004206C9 B800074200
mov eax, 00420700
:004206CE E8098AFEFF
call 004090DC
:004206D3 8BD8
mov ebx, eax
:004206D5 85DB
test ebx, ebx
:004206D7 750B
jne 004206E4
:004206D9 8BC7
mov eax, edi
:004206DB 8BD6
mov edx, esi
:004206DD E86E31FEFF
call 00403850
:004206E2 EB10
jmp 004206F4
|:004206D7(C)
|
:004206E4 57
:004206E5 8D5301
:004206ED 8BC6
:004206EF E84435FEFF

push edi
mov ecx, 7FFFFFFF
mov eax, esi
call 00403C38

|:004206E2(U)
|
:004206F4 5F
pop edi
:004206F5 5E
pop esi
:004206F6 5B
pop ebx
:004206F7 C3
ret
:004206F8 FFFFFFFF
BYTE 4 DUP(0ffh)
:004206FC 0100
:004206FE 0000
:00420700 7C00

jl 00420702

|:00420700(C)
|
:00420702 0000
|:004233B3 , :0043F32D
|

|
:00420704 E80F5AFEFF
Call 00406118
:00420709 E86EFDFFFF
call 0042047C
:0042070E 85C0
test eax, eax
:00420710 7419
je 0042072B
:00420712 833DC426440000
cmp dword ptr [004426C4], 00000000
:00420719 7410
je 0042072B
:0042071B 8B15C4264400
mov edx, dword ptr [004426C4]
:00420721 3B4224
:00420724 7505
jne 0042072B
:00420726 A1C4264400
|:00420710(C), :00420719(C), :00420724(C)
|
:0042072B C3
ret
|:004233D7 , :004233E0
|
:0042072C 53
push ebx
:0042072D 8BD8
mov ebx, eax
|
:0042072F E8245CFEFF
Call 00406358
:00420734 33C0
xor eax, eax
:00420736 A3C4264400
:0042073B 85DB
test ebx, ebx
:0042073D 742D
je 0042076C
:0042073F 8BC3
mov eax, ebx
:00420741 8B15CCF94100
mov edx, dword ptr [0041F9CC]
:00420747 E84426FEFF
call 00402D90
:0042074C 84C0
test al, al
:0042074E 750F
jne 0042075F
:00420750 837B2400
:00420754 7416
je 0042076C
:00420756 891DC4264400
mov dword ptr [004426C4], ebx
:0042075C 8B5B24
|:0042074E(C)
|
:0042075F 8BC3
:00420761 E89A870000
:00420766 50

mov eax, ebx
call 00428F00
push eax

|
:00420767 E82C5CFEFF
Call 00406398
|:0042073D(C), :00420754(C)
|
:0042076C 5B
pop ebx
:0042076D C3
ret
:0042076E 8BC0
mov eax, eax
:00420770
:00420775
:0042077F
:00420789
BC07420000
00000000000000000000
00000000000000000000
000000
mov esp, 00004207

BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:0042078C C4074200
:00420790 CC074200
DWORD 004207C4
DWORD 004207CC
:00420794
:00420796
:00420798
:00420799
:0042079B
:0042079D
1000
0000
54
B540
0028
2E

push esp
mov ch, 40
BYTE 02eh
:0042079E
:0042079F
:004207A2
:004207A3
:004207A5
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:004207A6
:004207A7
:004207AA
:004207AB
:004207AD
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:004207AE
:004207AF
:004207B6
:004207B7
:004207BA
:004207BB
:004207BD
40
00B42B4000C82B
40
0034CA
40
00DC
CB
inc eax
inc eax
add byte ptr [edx+8*ecx], dh
inc eax
add ah, bl
retf
:004207BE 40
:004207BF 0020
:004207C1 CB
inc eax
retf
:004207C2
:004207C3
:004207C5
:004207C7
:004207CE
:004207CF
:004207D7
inc eax
add bh, bh
jmp far dword ptr [eax+ecx+54090042]
push ebx
imul esi, dword ptr [ebp+4C], 8B747369
BYTE c0h
40
0001
00FF
FFAC0842000954
53
6974654C6973748B
C0

|:00420882 , :00420914
|
:004207D8 53
push ebx
:004207D9
:004207DA
:004207DB
:004207DE
:004207E1
:004207E6
:004207E8
:004207EB
:004207EC
:004207EE
56
57
83C4F8
890C24
C644240400
33F6
8B7808
4F
3BFE
7C29
push esi
push edi
add esp, FFFFFFF8
mov [esp+04], 00
xor esi, esi
dec edi
cmp edi, esi
jl 00420819

|:00420817(C)
|
:004207F0 8D1C37
lea ebx, dword ptr [edi+esi]
:004207F3 D1EB
shr ebx, 1
:004207F5 8B4804
:004207F8 8B0C99
mov ecx, dword ptr [ecx+4*ebx]
:004207FB 8B4904
mov ecx, dword ptr [ecx+04]
:004207FE 2BCA
sub ecx, edx
:00420800 85C9
test ecx, ecx
:00420802 7D05
jge 00420809
:00420804 8D7301
lea esi, dword ptr [ebx+01]
:00420807 EB0C
jmp 00420815
|:00420802(C)
|
:00420809 8BFB
:0042080B 4F
:0042080C 85C9
:0042080E 7505
:00420810 C644240401

mov edi, ebx
dec edi
test ecx, ecx
jne 00420815
mov [esp+04], 01

|:00420807(U), :0042080E(C)
|
:00420815 3BFE
cmp edi, esi
:00420817 7DD7
jge 004207F0
|:004207EE(C)
|
:00420819 8B0424
:0042081C 8930
:0042081E 8A442404
:00420822 59
:00420823 5A
:00420824 5F
:00420825 5E
:00420826 5B
:00420827 C3

mov
mov
mov
pop
pop
pop
pop
pop
ret

ecx
edx
edi
esi
ebx

|:00420870
|
:00420828 55
push ebp
:00420829 8BEC
mov ebp, esp
:0042082B
:0042082C
:0042082F
:00420832
:00420837
:00420839
:0042083B
53
8B4508
8B40FC
E8C9860000
8BD8
85C0
740C
push ebx
call 00428F00
mov ebx, eax
test eax, eax
je 00420849

|:00420847(C)
|
:0042083D 8BD8
mov ebx, eax
:0042083F 50
push eax
|
:00420840 E89B59FEFF
Call 004061E0
:00420845 85C0
test eax, eax
:00420847 75F4
jne 0042083D
|:0042083B(C)
|
:00420849 8BC3
mov eax, ebx
:0042084B 5B
pop ebx
:0042084C 5D
pop ebp
:0042084D C3
ret
:0042084E 8BC0
mov eax, eax

|:004210EA
|
:00420850 55
push ebp
:00420851 8BEC
mov ebp, esp
:00420853 83C4F8
add esp, FFFFFFF8
:00420856 53
push ebx
:00420857 56
push esi
:00420858 57
push edi
:00420859 8955FC
:0042085C 8BF0
mov esi, eax
:0042085E B808000000
mov eax, 00000008
:00420863 E82C1EFEFF
call 00402694
:00420868 8BD8
mov ebx, eax
:0042086A 8B45FC
:0042086D 8903
:0042086F 55
push ebp
call 00420828
:00420875 59
pop ecx
:00420876 8BF8
mov edi, eax
:00420878 897B04
:0042087B 8D4DF8
:0042087E 8BD7
mov edx, edi
:00420880 8BC6
mov eax, esi
:00420882 E851FFFFFF
call 004207D8
:00420887 84C0
test al, al
:00420889 740E
je 00420899
:0042088B 8BCB
mov ecx, ebx
:0042088D 8B55F8
:00420890 8BC6
:00420892 E899C3FEFF
:00420897 EB09
mov eax, esi

call 0040CC30
jmp 004208A2
|:00420889(C)
|
:00420899 8BD3
:0042089B 8BC6
:0042089D E8BEC1FEFF

mov edx, ebx
mov eax, esi
call 0040CA60

|:00420897(U)
|
:004208A2 5F
pop edi
:004208A3 5E
pop esi
:004208A4 5B
pop ebx
:004208A5 59
pop ecx
:004208A6 59
pop ecx
:004208A7 5D
pop ebp
:004208A8 C3
ret
:004208A9
:004208AC
:004208AD
:004208AE
:004208AF
:004208B1
:004208B4
:004208B5
:004208B7
:004208B9
:004208BA
8D4000
53
56
57
8BF8
8B5F08
4B
85DB
7C1A
43
33F6

push ebx
push esi
push edi
mov edi, eax
dec ebx
test ebx, ebx
jl 004208D3
inc ebx
xor esi, esi
|:004208D1(C)
|
:004208BC 8BD6
:004208BE 8BC7
:004208C0 E8B3C2FEFF
:004208C5 BA08000000
:004208CA E8DD1DFEFF
:004208CF 46
:004208D0 4B
:004208D1 75E9
|:004208B7(C)
|
:004208D3 8BC7
:004208D5 E8AAC1FEFF
:004208DA 5F
:004208DB 5E
:004208DC 5B
:004208DD C3
:004208DE 8BC0
mov eax, eax
mov edx, esi

mov eax, edi
call 0040CB78
mov edx, 00000008
call 004026AC
inc esi
dec ebx
jne 004208BC
mov eax, edi

call 0040CA84
pop edi
pop esi
pop ebx
ret

|:00421107
|
:004208E0 53
push ebx
:004208E1 56
push esi
:004208E2 57
push edi
:004208E3 51
push ecx
:004208E4 8BD8
mov ebx, eax
:004208E6 33FF
xor edi, edi
:004208E8 8B4308
:004208EB 85C0
test eax, eax
:004208ED 744D
je 0042093C
:004208EF 48
dec eax
:004208F0 750D
jne 004208FF
:004208F2 33D2
xor edx, edx
:004208F4 8BC3
mov eax, ebx
:004208F6 E87DC2FEFF
call 0040CB78
:004208FB 8B38
:004208FD EB3D
jmp 0042093C
|:004208F0(C)
|
|
:004208FF E85458FEFF
Call 00406158
:00420904 50
push eax
* Reference To: user32.GetTopWindow, Ord:0000h
|
:00420905 E81E59FEFF
Call 00406228
:0042090A 8BF0
mov esi, eax
:0042090C EB26
jmp 00420934
|:0042093A(C)
|
:0042090E 8BCC
:00420910 8BD6
:00420912 8BC3
:00420914 E8BFFEFFFF
:00420919 84C0
:0042091B 740D
:0042091D 8B4304
:00420920 8B1424
:00420923 8B0490
:00420926 8B38
:00420928 EB0A

mov ecx, esp
mov edx, esi
mov eax, ebx
call 004207D8
test al, al
je 0042092A
mov eax, dword
mov edx, dword
mov eax, dword
mov edi, dword
jmp 00420934
ptr
ptr
ptr
ptr
[ebx+04]
[esp]
[eax+4*edx]
[eax]

|:0042091B(C)
|
:0042092A 6A02
push 00000002
:0042092C 56
push esi
|
:0042092D E8A658FEFF
Call 004061D8
:00420932 8BF0
mov esi, eax
|:0042090C(U), :00420928(U)
|
:00420934 85FF
:00420936 7504
:00420938 85F6
:0042093A 75D2

test edi, edi
jne 0042093C
test esi, esi
jne 0042090E

|:004208ED(C), :004208FD(U), :00420936(C)
|
:0042093C 8BC7
mov eax, edi
:0042093E 5A
pop edx
:0042093F 5F
pop edi
:00420940 5E
pop esi
:00420941 5B
pop ebx
:00420942 C3
ret
:00420943 90
nop

|:00420B16
|
:00420944 8B4A04
:00420947 894804
:0042094A 8B4A08
:0042094D 894808
:00420950 8B4A0C
mov ecx, dword ptr [edx+0C]
:00420953 89480C
:00420956 8B4A10
:00420959 894810
:0042095C 8B4A14
:0042095F 894814
:00420962 8B4A18
:00420965 894818
:00420968 8B4A1C
:0042096B 89481C
:0042096E 8B4A20
:00420971 894820
:00420974 8B4A24
:00420977 894824
:0042097A 8B4A28
:0042097D 894828
:00420980 C3
ret
:00420981 8D4000

|:0042167C
|
:00420984 53
push ebx
:00420985 50
push eax
:00420986 68E0094200
push 004209E0
:0042098B E820600100
call 004369B0
:00420990 8BD8
mov ebx, eax
:00420992 53
push ebx

|
:00420993 E8005AFEFF
Call 00406398
:00420998 8BC3
mov eax, ebx
:0042099A 5B
pop ebx
:0042099B C3
ret
:0042099C
:0042099D
:0042099F
:004209A0
55
8BEC
5D
C20800
push ebp
mov ebp, esp
pop ebp
ret 0008
:004209A3
:004209A4
:004209A5
:004209A6
:004209AC
:004209AE
:004209B0
:004209B2
:004209B4
:004209B9
:004209BB
:004209BD
:004209C2
:004209C8
:004209C9
:004209CA
90
53
56
81C400FFFFFF
8BF2
8BD8
8BD4
8B03
E8B321FEFF
8BD4
8BC6
E81630FEFF
81C400010000
5E
5B
C3
nop
push ebx
push esi
add esp, FFFFFF00
mov esi, edx
mov ebx, eax
mov edx, esp
call 00402B6C
mov edx, esp
mov eax, esi
call 004039D8
add esp, 00000100
pop esi
pop ebx
ret
:004209CB 90
nop

|:00421A50
|
:004209CC 53
push ebx
:004209CD 8BDA
mov ebx, edx
|
:004209CF E88459FEFF
Call 00406358
:004209D4 8BC3
mov eax, ebx
:004209D6 E891600100
call 00436A6C
:004209DB 5B
pop ebx
:004209DC C3
ret
:004209DD
:004209E0
:004209E1
:004209E3
:004209E6
:004209E7
:004209E8
:004209E9
:004209EB
:004209ED
:004209EE
8D4000
55
8BEC
83C4F8
53
56
57
8BDA
33C0
55
68960A4200

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
mov ebx, edx
xor eax, eax
push ebp
push 00420A96
:004209F3
:004209F6
:004209F9
:004209FB
:00420A00
:00420A02
:00420A04
:00420A09
:00420A0B
:00420A0E
:00420A10
64FF30
648920
8B03
3D05020000
7F10
743E
2D00020000
7413
83E802
7432
EB7A

cmp eax, 00000205
jg 00420A12
je 00420A42
sub eax, 00000200
je 00420A1E
sub eax, 00000002
je 00420A42
jmp 00420A8C
|:00420A00(C)
|
:00420A12 2D00BD0000
:00420A17 7447
:00420A19 48
:00420A1A 742F
:00420A1C EB6E
|:00420A09(C)
|
:00420A1E 8D55F8
:00420A21 8B4308
:00420A24 E8DB5AFEFF
:00420A29 8D45F8
:00420A2C 50
:00420A2D A13C374400
:00420A32 50
sub eax, 0000BD00

je 00420A60
dec eax
je 00420A4B
jmp 00420A8C
lea edx, dword

mov eax, dword
call 00406504
lea eax, dword
push eax
mov eax, dword
push eax
ptr [ebp-08]
ptr [ebx+08]
ptr [ebp-08]
ptr [0044373C]

|
:00420A33 E8F055FEFF
Call 00406028
:00420A38 8D45F8
:00420A3B E81C090000
call 0042135C
:00420A40 EB4A
jmp 00420A8C
|:00420A02(C), :00420A0E(C)
|
:00420A42 B001
:00420A44 E88F0F0000
:00420A49 EB41
|:00420A1A(C)
|
:00420A4B 837B0411
:00420A4F 753B
:00420A51 A134374400
:00420A56 83C00C
:00420A59 E8FE080000
:00420A5E EB2C
mov al, 01
call 004219D8
jmp 00420A8C

jne 00420A8C
add eax, 0000000C
call 0042135C
jmp 00420A8C

|:00420A17(C)
|
:00420A60 8B4304
:00420A63
:00420A66
:00420A68
:00420A6B
:00420A6D
83E811
7407
83E80A
7411
EB1D
sub eax, 00000011

je 00420A6F
sub eax, 0000000A
je 00420A7E
jmp 00420A8C
|:00420A66(C)
|
:00420A6F A134374400
:00420A74 83C00C
:00420A77 E8E0080000
:00420A7C EB0E
|:00420A6B(C)
|
:00420A7E C7430C01000000
:00420A85 33C0
:00420A87 E84C0F0000

add eax, 0000000C
call 0042135C
jmp 00420A8C
mov [ebx+0C], 00000001

xor eax, eax
call 004219D8

|:00420A10(U), :00420A1C(U), :00420A40(U), :00420A49(U), :00420A4F(C)
|:00420A5E(U), :00420A6D(U), :00420A7C(U)
|
:00420A8C 33C0
xor eax, eax
:00420A8E 5A
pop edx
:00420A8F 59
pop ecx
:00420A90 59
pop ecx
:00420A91 648910
:00420A94 EB1F
jmp 00420AB5
:00420A96 E9D525FEFF
jmp 00403070
:00420A9B 833D3037440000
cmp dword ptr [00443730], 00000000
:00420AA2 7407
je 00420AAB
:00420AA4 33C0
xor eax, eax
:00420AA6 E82D0F0000
call 004219D8
|:00420AA2(C)
|
:00420AAB E81C28FEFF
call 004032CC
:00420AB0 E86B28FEFF
call 00403320
|:00420A94(U)
|
:00420AB5 5F
pop edi
:00420AB6 5E
pop esi
:00420AB7 5B
pop ebx
:00420AB8 59
pop ecx
:00420AB9 59
pop ecx
:00420ABA 5D
pop ebp
:00420ABB C3
ret
:00420ABC 33C0
:00420ABE C3
xor eax, eax

ret
:00420ABF 90
nop
:00420AC0
:00420AC1
:00420AC3
:00420AC5
:00420AC7
:00420ACB
55
8BEC
84D2
7406
66B8F4FF
EB04
push ebp
mov ebp, esp
test dl, dl
je 00420ACD
mov ax, FFF4
jmp 00420AD1

|:00420AC5(C)
|
:00420ACD 66B8F3FF
mov ax, FFF3
|:00420ACB(U)
|
:00420AD1 5D
pop ebp
:00420AD2 C20400
ret 0004
:00420AD5 8D4000
:00420AD8 C3

ret
:00420AD9
:00420ADC
:00420AE1
:00420AE3

ret
8D4000
A1E02B4400
8B00
C3
:00420AE4 C3
ret
:00420AE5 8D4000

|:00420C0F , :00421810
|
:00420AE8 84D2
test dl, dl
:00420AEA 7408
je 00420AF4
:00420AEC 83C4F0
add esp, FFFFFFF0
:00420AEF E81024FEFF
call 00402F04
|:00420AEA(C)
|
:00420AF4 894830
:00420AF7 84D2
:00420AF9 740F
:00420AFB E85C24FEFF
:00420B00 648F0500000000
:00420B07 83C40C

test dl, dl
je 00420B0A
call 00402F5C
add esp, 0000000C

|:00420AF9(C)
|
:00420B0A C3
ret
:00420B0B 90
nop
|:00420C93
|
:00420B0C
:00420B0D
:00420B0E
:00420B10
:00420B12
:00420B14
:00420B16
:00420B1B
:00420B1D
:00420B23
:00420B28
:00420B2A
:00420B2C
:00420B2F
53
56
8BF2
8BD8
8BD6
8BC3
E829FEFFFF
8BC6
8B1588E94100
E86822FEFF
84C0
7406
8B4630
894330
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00420944
mov eax, esi
call 00402D90
test al, al
je 00420B32

|:00420B2A(C)
|
:00420B32 5E
pop esi
:00420B33 5B
pop ebx
:00420B34 C3
ret
:00420B35
:00420B38
:00420B39
:00420B3B
:00420B3C
:00420B3D
:00420B3E
:00420B40
:00420B42
:00420B45
:00420B46
:00420B48
:00420B4B
:00420B4F
:00420B54
:00420B55
:00420B56
:00420B57
:00420B58
8D4000
55
8BEC
53
56
57
8BFA
8BF0
8B4508
50
8BD7
8B4630
66BBE3FF
E8A022FEFF
5F
5E
5B
5D
C20400

push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
push eax
mov edx, edi
mov bx, FFE3
call 00402DF4
pop edi
pop esi
pop ebx
pop ebp
ret 0004
:00420B5B
:00420B5C
:00420B5D
:00420B5F
:00420B60
:00420B61
:00420B62
:00420B64
:00420B66
:00420B6A
:00420B6C
:00420B6F
:00420B73
:00420B78
90
55
8BEC
53
56
57
8BF9
8BF0
807D0800
750E
8B4630
66BBE5FF
E87C22FEFF
33D2
nop
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, ecx
mov esi, eax
jne 00420B7A
mov bx, FFE5
call 00402DF4
xor edx, edx

|:00420B6A(C)
|
:00420B7A 8B450C
:00420B7D 50
push eax
:00420B7E 8BCF
mov ecx, edi
:00420B80 8BC6
mov eax, esi
:00420B82 8B18
:00420B84 FF5320
call [ebx+20]
:00420B87 5F
pop edi
:00420B88 5E
pop esi
:00420B89 5B
pop ebx
:00420B8A 5D
pop ebp
:00420B8B C20800
ret 0008
:00420B8E
:00420B90
:00420B91
:00420B93
:00420B95
:00420B97
:00420B9A
:00420B9E
8BC0
55
8BEC
84D2
7409
8B4030
668B406E
EB04
mov eax, eax

push ebp
mov ebp, esp
test dl, dl
je 00420BA0
jmp 00420BA4

|:00420B95(C)
|
:00420BA0 66B8F3FF
mov ax, FFF3
|:00420B9E(U)
|
:00420BA4 5D
pop ebp
:00420BA5 C20400
ret 0004
:00420BA8
:00420BAB
:00420BAD
:00420BB0
8B4030
8B10
FF524C
C3

call [edx+4C]
ret
:00420BB1
:00420BB4
:00420BB5
:00420BB7
:00420BBA
:00420BBC
:00420BBF
:00420BC1
:00420BC3
:00420BC6
:00420BC8
:00420BCB
8D4000
53
8BD8
8B4330
8B10
FF524C
85C0
740D
8B4330
8B10
FF524C
E8909C0000
lea eax, dword

push ebx
mov ebx, eax
mov eax, dword
mov edx, dword
call [edx+4C]
test eax, eax
je 00420BD0
mov eax, dword
mov edx, dword
call [edx+4C]
call 0042A860
ptr [eax+00]
ptr [ebx+30]
ptr [eax]
ptr [ebx+30]
ptr [eax]

|:00420BC1(C)
|
:00420BD0 5B
pop ebx
:00420BD1 C3
ret
:00420BD2
:00420BD4
:00420BD5
:00420BD7
:00420BDA
:00420BDC
:00420BDF
:00420BE1
:00420BE3
:00420BE6
:00420BE8
:00420BEB
mov eax, eax

push ebx
mov ebx, eax
mov eax, dword
mov edx, dword
call [edx+4C]
test eax, eax
je 00420BF0
mov eax, dword
mov edx, dword
call [edx+4C]
call 0042A848
8BC0
53
8BD8
8B4330
8B10
FF524C
85C0
740D
8B4330
8B10
FF524C
E8589C0000
ptr [ebx+30]
ptr [eax]
ptr [ebx+30]
ptr [eax]

|:00420BE1(C)
|
:00420BF0 5B
pop ebx
:00420BF1 C3
ret
:00420BF2 8BC0
mov eax, eax

|:00421857 , :00423E4D
|
:00420BF4 55
push ebp
:00420BF5 8BEC
mov ebp, esp
:00420BF7 51
push ecx
:00420BF8 53
push ebx
:00420BF9 56
push esi
:00420BFA 84D2
test dl, dl
:00420BFC 7408
je 00420C06
:00420BFE 83C4F0
add esp, FFFFFFF0
:00420C01 E8FE22FEFF
call 00402F04
|:00420BFC(C)
|
:00420C06 8855FF
:00420C09 8BD8
:00420C0B 33D2
:00420C0D 8BC3
:00420C0F E8D4FEFFFF
:00420C14 B201
:00420C16 A1382B4100
:00420C1B E8C039FFFF
:00420C20 8BF0
:00420C22 897334
:00420C25 BAFFFFFF00
:00420C2A 33C0
:00420C2C E8CF9DFFFF
:00420C31 8BD0
:00420C33 8BC6
:00420C35 E8263BFFFF
:00420C3A 8BC3
:00420C3C 807DFF00
:00420C40 740F

mov ebx, eax
xor edx, edx
mov eax, ebx
call 00420AE8
mov dl, 01
call 004145E0
mov esi, eax
mov edx, 00FFFFFF
xor eax, eax
call 0041AA00
mov edx, eax
mov eax, esi
call 00414760
mov eax, ebx
je 00420C51
:00420C42 E81523FEFF
:00420C47 648F0500000000
:00420C4E 83C40C
call 00402F5C
add esp, 0000000C

|:00420C40(C)
|
:00420C51 8BC3
mov eax, ebx
:00420C53 5E
pop esi
:00420C54 5B
pop ebx
:00420C55 59
pop ecx
:00420C56 5D
pop ebp
:00420C57 C3
ret
:00420C58
:00420C59
:00420C5A
:00420C5F
:00420C61
:00420C63
:00420C66
:00420C6B
:00420C6D
:00420C70
:00420C72
:00420C77
:00420C79
:00420C7B
:00420C7D
53
56
E80523FEFF
8BDA
8BF0
8B4634
E8B51FFEFF
8BD3
80E2FC
8BC6
E8991FFEFF
84DB
7E07
8BC6
E8D222FEFF
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 00420C82
mov eax, esi
call 00402F54

|:00420C79(C)
|
:00420C82 5E
pop esi
:00420C83 5B
pop ebx
:00420C84 C3
ret
:00420C85
:00420C88
:00420C89
:00420C8A
:00420C8B
:00420C8D
:00420C8F
:00420C91
:00420C93
:00420C98
:00420C9A
:00420CA0
:00420CA5
:00420CA7
:00420CA9
:00420CAB
:00420CAE
:00420CB1
:00420CB4
:00420CB7
:00420CBA
8D4000
53
56
57
8BF2
8BD8
8BD6
8BC3
E874FEFFFF
8BC6
8B159CEA4100
E8EB20FEFF
84C0
743D
8BC6
8A5048
885348
8B504C
89534C
8A5060
885360

push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00420B0C
mov eax, esi
mov edx, dword ptr [0041EA9C]
call 00402D90
test al, al
je 00420CE6
mov eax, esi
:00420CBD
:00420CBE
:00420CC1
:00420CC4
:00420CC9
:00420CCA
:00420CCB
:00420CCC
:00420CCD
:00420CD0
:00420CD3
:00420CD8
:00420CD9
:00420CDA
:00420CDB
:00420CDE
:00420CE1
:00420CE3
56
8D7038
8D7B38
B904000000
F3
A5
5E
56
8D7050
8D7B50
B904000000
F3
A5
5E
8B5034
8B4334
8B08
FF5108
push esi
lea esi, dword ptr
lea edi, dword ptr
mov ecx, 00000004
repz
movsd
pop esi
push esi
lea esi, dword ptr
lea edi, dword ptr
mov ecx, 00000004
repz
movsd
pop esi
mov edx, dword ptr
mov eax, dword ptr
mov ecx, dword ptr
call [ecx+08]
[eax+38]
[ebx+38]
[eax+50]
[ebx+50]
[eax+34]
[ebx+34]
[eax]

|:00420CA7(C)
|
:00420CE6 5F
pop edi
:00420CE7 5E
pop esi
:00420CE8 5B
pop ebx
:00420CE9 C3
ret
:00420CEA
:00420CEC
:00420CED
:00420CEF
:00420CF0
:00420CF1
:00420CF3
:00420CF6
:00420CF7
:00420CFA
:00420CFE
:00420D03
:00420D04
:00420D05
:00420D06
8BC0
55
8BEC
53
56
8BF0
8B4508
50
8B4630
66BBE8FF
E8F120FEFF
5E
5B
5D
C20400
:00420D09 8D4000
mov eax, eax

push ebp
mov ebp, esp
push ebx
push esi
mov esi, eax
push eax
mov bx, FFE8
call 00402DF4
pop esi
pop ebx
pop ebp
ret 0004

|:00420D5F , :00420D86
|
:00420D0C 53
push ebx
:00420D0D 56
push esi
:00420D0E 8BDA
mov ebx, edx
:00420D10 8BC8
mov ecx, eax
:00420D12 8BC1
mov eax, ecx
:00420D14 99
cdq
:00420D15 33C2
xor eax, edx
:00420D17 2BC2
sub eax, edx
:00420D19 8BF0
mov esi, eax
:00420D1B 8BC3
mov eax, ebx
:00420D1D
:00420D1E
:00420D20
:00420D22
:00420D24
:00420D26
:00420D28
:00420D29
:00420D2A
99
33C2
2BC2
3BF0
7D05
8BC1
5E
5B
C3
cdq
xor
sub
cmp
jge
mov
pop
pop
ret
eax, edx
eax, edx
esi, eax
00420D2B
eax, ecx
esi
ebx

|:00420D24(C)
|
:00420D2B 8BC3
mov eax, ebx
:00420D2D 5E
pop esi
:00420D2E 5B
pop ebx
:00420D2F C3
ret
:00420D30
:00420D31
:00420D32
:00420D33
:00420D36
:00420D38
:00420D3B
:00420D40
:00420D41
:00420D42
:00420D44
:00420D47
:00420D4A
:00420D4C
:00420D4E
:00420D52
53
56
57
83C4F0
8BF2
8D3C24
B904000000
F3
A5
8BD8
8B430C
8B1424
3BC2
7C06
3B442408
7E14
|:00420D4C(C)
|
:00420D54 2BD0
:00420D56 8B4C2408
:00420D5A 2BC8
:00420D5C 8BC1
:00420D5E 92
:00420D5F E8A8FFFFFF
:00420D64 8BF0
:00420D66 EB02
push ebx
push esi
push edi
add esp, FFFFFFF0
mov esi, edx
lea edi, dword ptr
mov ecx, 00000004
repz
movsd
mov ebx, eax
mov eax, dword ptr
mov edx, dword ptr
cmp eax, edx
jl 00420D54
cmp eax, dword ptr
jle 00420D68
[esp]
[ebx+0C]
[esp]
[esp+08]

sub edx, eax
sub ecx, eax
mov eax, ecx
xchg eax,edx
call 00420D0C
mov esi, eax
jmp 00420D6A

|:00420D52(C)
|
:00420D68 33F6
xor esi, esi
|:00420D66(U)
|
:00420D6A 8B4310
:00420D6D 8B542404
:00420D71
:00420D73
:00420D75
:00420D79
3BC2
7C06
3B44240C
7E12
|:00420D73(C)
|
:00420D7B 2BD0
:00420D7D 8B4C240C
:00420D81 2BC8
:00420D83 8BC1
:00420D85 92
:00420D8B EB02
cmp eax, edx

jl 00420D7B
cmp eax, dword ptr [esp+0C]
jle 00420D8D
sub edx, eax
mov ecx, dword ptr [esp+0C]
sub ecx, eax
mov eax, ecx
xchg eax,edx
call 00420D0C
jmp 00420D8F

|:00420D79(C)
|
:00420D8D 33C0
xor eax, eax
|:00420D8B(U)
|
:00420D8F 85F6
test esi, esi
:00420D91 7504
jne 00420D97
:00420D93 85C0
test eax, eax
:00420D95 740F
je 00420DA6
|:00420D91(C)
|
:00420D97 F7D8
neg eax
:00420D99 50
push eax
:00420D9A F7DE
neg esi
:00420D9C 56
push esi
:00420D9D 8D4338
:00420DA0 50
push eax
|
:00420DA1 E87255FEFF
Call 00406318
|:00420D95(C)
|
:00420DA6 83C410
add esp, 00000010
:00420DA9 5F
pop edi
:00420DAA 5E
pop esi
:00420DAB 5B
pop ebx
:00420DAC C3
ret
:00420DAD
:00420DB0
:00420DB1
:00420DB3
:00420DB6
:00420DBA
:00420DBF
8D4000
53
8BD0
8B4030
66BBE1FF
E83520FEFF
5B

push ebx
mov edx, eax
mov bx, FFE1
call 00402DF4
pop ebx
:00420DC0 C3
ret
:00420DC1
:00420DC4
:00420DC5
:00420DC7
:00420DCA
:00420DCE
:00420DD3
:00420DD4
8D4000
53
8BD0
8B4030
66BBE0FF
E82120FEFF
5B
C3

push ebx
mov edx, eax
mov bx, FFE0
call 00402DF4
pop ebx
ret
:00420DD5
:00420DD8
:00420DD9
:00420DDB
:00420DDD
:00420DDE
8D4000
55
8BEC
33C0
5D
C20400

push ebp
mov ebp, esp
xor eax, eax
pop ebp
ret 0004
:00420DE1 8D4000
:00420DE4 B804000000
:00420DE9 C3

mov eax, 00000004
ret
:00420DEA
:00420DEC
:00420DED
:00420DEF
:00420DF2
:00420DF3
:00420DF4
:00420DF5
:00420DF8
:00420DFB
:00420DFD
:00420E00
:00420E02
:00420E04
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi
mov edi, ebx
jne 00420E06
xor eax, eax
jmp 00420E4C
8BC0
55
8BEC
83C4F0
53
56
57
8B5D0C
8B7508
8BFB
3B7704
7504
33C0
EB46
|:00420E00(C)
|
:00420E06 837F0800
:00420E0A 7520
:00420E0C 8D45F0
:00420E0F 50
:00420E10 56

jne 00420E2C
push eax
push esi

|
:00420E11 E83A54FEFF
Call 00406250
:00420E16 FF7710
push [edi+10]
:00420E19 FF770C
push [edi+0C]
:00420E1C 8D45F0
:00420E1F 50
push eax
|
:00420E20
:00420E25
:00420E27
:00420E29
E81355FEFF
85C0
7403
897708
Call 00406338
test eax, eax
je 00420E2C
|:00420E0A(C), :00420E27(C)
|
:00420E2C 8BD3
:00420E2E 3B32
:00420E30 750A
:00420E32 83C8FF
:00420E35 33C9
:00420E37 894A08
:00420E3A EB10
|:00420E30(C)
|
:00420E3C 3B7208
:00420E3F 7508
:00420E41 33C0
:00420E43 C6421401
:00420E47 EB03
mov edx, ebx

cmp esi, dword ptr [edx]
jne 00420E3C
or eax, FFFFFFFF
xor ecx, ecx
mov dword ptr [edx+08], ecx
jmp 00420E4C
cmp
jne
xor
mov
jmp
esi, dword ptr [edx+08]

00420E49
eax, eax
[edx+14], 01
00420E4C

|:00420E3F(C)
|
:00420E49 83C8FF
or eax, FFFFFFFF
|:00420E04(U), :00420E3A(U), :00420E47(U)
|
:00420E4C 5F
pop edi
:00420E4D 5E
pop esi
:00420E4E 5B
pop ebx
:00420E4F 8BE5
mov esp, ebp
:00420E51 5D
pop ebp
:00420E52 C20800
ret 0008
:00420E55 8D4000

|:00421119
|
:00420E58 55
push ebp
:00420E59 8BEC
mov ebp, esp
:00420E5B 83C4C8
add esp, FFFFFFC8
:00420E5E 53
push ebx
:00420E5F 56
push esi
:00420E60 57
push edi
:00420E61 8BF8
mov edi, eax
:00420E63 B301
mov bl, 01
:00420E65 8B4508
:00420E68 83C0F8
add eax, FFFFFFF8
:00420E6B E8A0030000
call 00421210
:00420E70 8BF0
mov esi, eax
:00420E72 8975F0
:00420E75 6A04
push 00000004
:00420E77 56
push esi

|
:00420E78 E8B353FEFF
Call 00406230
:00420E7D 8B15302C4400
mov edx, dword
:00420E83 8B12
mov edx, dword
:00420E85 3B4224
cmp eax, dword
:00420E88 7427
je 00420EB1
:00420E8A 8B45F0
mov eax, dword
:00420E8D E8EAF5FFFF
call 0042047C
:00420E92 8BF0
mov esi, eax
:00420E94 85F6
test esi, esi
:00420E96 0F84FA000000
je 00420F96
:00420E9C EB02
jmp 00420EA0
ptr [00442C30]
ptr [edx]
ptr [edx+24]
ptr [ebp-10]

|:00420EA5(C)
|
:00420E9E 8BF0
mov esi, eax
|:00420E9C(U)
|
:00420EA0 8B4624
:00420EA3 85C0
:00420EA5 75F7
:00420EA7 8BC6
:00420EA9 E852800000
:00420EAE 8945F0
|:00420E88(C)
|
:00420EB1 837DF000
:00420EB5 0F84DB000000
:00420EBB 8BF7
:00420EBD EB02

test eax, eax
jne 00420E9E
mov eax, esi
call 00428F00

je 00420F96
mov esi, edi
jmp 00420EC1

|:00420EC6(C)
|
:00420EBF 8BF0
mov esi, eax
|:00420EBD(U)
|
:00420EC1 8B4624
:00420EC4 85C0
:00420EC6 75F7
:00420EC8 8BC6
:00420ECA E831800000
:00420ECF 8BF8
:00420ED1 897DEC
:00420ED4 3B7DF0
:00420ED7 0F84B9000000
:00420EDD 8B4508
:00420EE0 8B40F4
:00420EE3 8B4024
:00420EE6 85C0

test eax, eax
jne 00420EBF
mov eax, esi
call 00428F00
mov edi, eax
je 00420F96
test eax, eax
:00420EE8
:00420EEA
:00420EED
:00420EEF
741C
8B5508
8BF0
EB02
je 00420F06
mov esi, eax
jmp 00420EF3

|:00420EF8(C)
|
:00420EF1 8BF0
mov esi, eax
|:00420EEF(U)
|
:00420EF3 8B4624
:00420EF6 85C0
:00420EF8 75F7
:00420EFA 8BC6
:00420EFC E8FF7F0000
:00420F01 8945E8
:00420F04 EB2A
|:00420EE8(C)
|
:00420F06 8B4508
:00420F09 8B40F4
:00420F0C 8B15CCF94100
:00420F12 E8791EFEFF
:00420F17 84C0
:00420F19 7410
:00420F1B 8B4508
:00420F1E 8B40F4
:00420F21 E8DA7F0000
:00420F26 8945E8
:00420F29 EB05

test eax, eax
jne 00420EF1
mov eax, esi
call 00428F00
jmp 00420F30

call 00402D90
test al, al
je 00420F2B
call 00428F00
jmp 00420F30

|:00420F19(C)
|
:00420F2B 33C0
xor eax, eax
:00420F2D 8945E8
|:00420F04(U), :00420F29(U)
|
:00420F30 8B45F0
:00420F33 3B45E8
:00420F36 745E
:00420F38 C645FC00
:00420F3C 8B4508
:00420F3F 8B50F8
:00420F42 8955F4
:00420F45 8B50FC
:00420F48 8955F8
:00420F4B 8D45E8
:00420F4E 50
:00420F4F 68EC0D4200

je 00420F96
mov [ebp-04], 00
push eax
push 00420DEC

|
:00420F54 E83F4DFEFF
:00420F59 50
Call 00405C98
push eax

|
:00420F5A E88151FEFF
Call 004060E0
:00420F5F 807DFC00
:00420F63 7431
je 00420F96
:00420F65 8D45D8
:00420F68 50
push eax
:00420F69 8B45F0
:00420F6C 50
push eax
|
:00420F6D E8DE52FEFF
Call 00406250
:00420F72 8D45C8
:00420F75 50
push eax
:00420F76 8B45EC
:00420F79 50
push eax
|
:00420F7A E8D152FEFF
Call 00406250
:00420F7F 8D45C8
:00420F82 50
push eax
:00420F83 8D45D8
:00420F86 50
push eax
:00420F87 8D45D8
:00420F8A 50
push eax
|
:00420F8B E8F852FEFF
Call 00406288
:00420F90 85C0
test eax, eax
:00420F92 7402
je 00420F96
:00420F94 33DB
xor ebx, ebx
|:00420E96(C), :00420EB5(C), :00420ED7(C), :00420F36(C), :00420F63(C)
|:00420F92(C)
|
:00420F96 8BC3
mov eax, ebx
:00420F98 5F
pop edi
:00420F99 5E
pop esi
:00420F9A 5B
pop ebx
:00420F9B 8BE5
mov esp, ebp
:00420F9D 5D
pop ebp
:00420F9E C3
ret
:00420F9F 90
nop

|:00421088
|
:00420FA0 55
push ebp
:00420FA1 8BEC
mov ebp, esp
:00420FA3 8B4508
:00420FA6 8B40F4
:00420FA9
:00420FAF
:00420FB4
:00420FB6
:00420FB8
:00420FBB
:00420FBE
:00420FC3
:00420FC4
:00420FC7
:00420FCA
:00420FCF
8B15CCF94100
E8DC1DFEFF
84C0
7425
8B4508
8B40F0
E83D7F0000
50
8B4508
8B40F4
E8317F0000
50
mov edx, dword

call 00402D90
test al, al
je 00420FDD
mov eax, dword
mov eax, dword
call 00428F00
push eax
mov eax, dword
mov eax, dword
call 00428F00
push eax
ptr [0041F9CC]
ptr [ebp+08]
ptr [eax-10]
ptr [ebp+08]
ptr [eax-0C]
* Reference To: user32.IsChild, Ord:0000h

|
:00420FD0 E8C352FEFF
Call 00406298
:00420FD5 F7D8
neg eax
:00420FD7 1BC0
sbb eax, eax
:00420FD9 F7D8
neg eax
:00420FDB 5D
pop ebp
:00420FDC C3
ret

|:00420FB6(C)
|
:00420FDD 33C0
xor eax, eax
:00420FDF 5D
pop ebp
:00420FE0 C3
ret
:00420FE1 8D4000

|:0042126D
|
:00420FE4 55
push ebp
:00420FE5 8BEC
mov ebp, esp
:00420FE7 83C4D8
add esp, FFFFFFD8
:00420FEA 53
push ebx
:00420FEB 56
push esi
:00420FEC 57
push edi
:00420FED 8BF0
mov esi, eax
:00420FEF 8D7DF8
:00420FF2 A5
movsd
:00420FF3 A5
movsd
:00420FF4 8955F4
:00420FF7 33C0
xor eax, eax
:00420FF9 8945EC
:00420FFC 6A11
push 00000011
|
:00420FFE E87D51FEFF
Call 00406180
:00421003 66A90080
test ax, 8000
:00421007 0F95C0
setne al
:0042100A 833D5837440000
cmp dword ptr [00443758], 00000000
:00421011 0F94C2
sete dl
:00421014 0AC2
or al, dl
:00421016
:0042101C
:00421021
:00421025
:0042102A
:0042102F
:00421032
:00421033
:00421035
:0042103B
:0042103C
0F850C010000
A15C374400
66BBFFFF
E8CA1DFEFF
A158374400
8B7008
4E
85F6
0F8CBC000000
46
33FF
|:004210F1(C)
|
:0042103E 8BD7
:00421040 A158374400
:00421045 E82EBBFEFF
:0042104A 8945F0
:0042104D 8B45F0
:00421050 3B45F4
:00421053 0F8496000000
:00421059 8B45F0
:0042105C 80B86C01000000
:00421063 0F8486000000
:00421069 8B45F0
:0042106C 8B10
:0042106E FF5250
:00421071 84C0
:00421073 747A
:00421075 8B45F0
:00421078 E8837E0000
:0042107D 50
jne 00421128
mov bx, FFFF
call 00402DF4
dec esi
test esi, esi
jl 004210F7
inc esi
xor edi, edi
mov edx, edi
call 0040CB78
je 004210EF
je 004210EF
call [edx+50]
test al, al
je 004210EF
call 00428F00
push eax

|
:0042107E E83D52FEFF
Call 004062C0
:00421083 85C0
test eax, eax
:00421085 7468
je 004210EF
:00421087 55
push ebp
:00421088 E813FFFFFF
call 00420FA0
:0042108D 59
pop ecx
:0042108E 84C0
test al, al
:00421090 755D
jne 004210EF
:00421092 8B45F4
mov eax, dword ptr
:00421095 8B808C000000
mov eax, dword ptr
:0042109B 3B45F0
cmp eax, dword ptr
:0042109E 750B
jne 004210AB
:004210A0 8B45F0
mov eax, dword ptr
:004210A3 E8A0670000
call 00427848
:004210A8 48
dec eax
:004210A9 7E44
jle 004210EF
|:0042109E(C)
|
:004210AB C645EB01
:004210AF 8D45F8
:004210B2 50
:004210B3 8D45EB
[ebp-0C]
[eax+0000008C]
[ebp-10]
[ebp-10]

mov [ebp-15], 01
push eax
:004210B6
:004210B7
:004210BA
:004210BD
:004210C0
:004210C4
:004210C9
:004210CD
:004210CF
:004210D2
:004210D5
:004210D8
50
8D4DD8
8B55F4
8B45F0
66BBC2FF
E82B1DFEFF
807DEB00
7420
FF75FC
FF75F8
8D45D8
50
push eax
mov bx, FFC2
call 00402DF4
je 004210EF
push [ebp-04]
push [ebp-08]
push eax

|
:004210D9 E85A52FEFF
Call 00406338
:004210DE 85C0
test eax, eax
:004210E0 740D
je 004210EF
:004210E2 8B55F0
:004210E5 A15C374400
:004210EA E861F7FFFF
call 00420850
|:00421053(C), :00421063(C), :00421073(C), :00421085(C), :00421090(C)
|:004210A9(C), :004210CD(C), :004210E0(C)
|
:004210EF 47
inc edi
:004210F0 4E
dec esi
:004210F1 0F8547FFFFFF
jne 0042103E
|:00421035(C)
|
:004210F7 A15C374400
:004210FC 83780800
:00421100 7E0D
:00421102 A15C374400
:00421107 E8D4F7FFFF
:0042110C 8945EC
|:00421100(C)
|
:0042110F 837DEC00
:00421113 7413
:00421115 55
:00421116 8B45EC
:00421119 E83AFDFFFF
:0042111E 59
:0042111F 84C0
:00421121 7505
:00421123 33C0
:00421125 8945EC

jle 0042110F
call 004208E0

je 00421128
push ebp
call 00420E58
pop ecx
test al, al
jne 00421128
xor eax, eax

|:00421016(C), :00421113(C), :00421121(C)
|
:00421128 8B45EC
:0042112B 5F
pop edi
:0042112C 5E
pop esi
:0042112D
:0042112E
:00421130
:00421131
5B
8BE5
5D
C3
pop ebx
mov esp, ebp
pop ebp
ret
:00421132 8BC0
mov eax, eax

|:0042537C , :00427979
|
:00421134 53
push ebx
:00421135 56
push esi
:00421136 57
push edi
:00421137 8BDA
mov ebx, edx
:00421139 8BF0
mov esi, eax
:0042113B 85F6
test esi, esi
:0042113D 744E
je 0042118D
:0042113F 833D5837440000
cmp dword ptr [00443758], 00000000
:00421146 7511
jne 00421159
:00421148 B201
mov dl, 01
:0042114A A154B54000
:0042114F E89C1AFEFF
call 00402BF0
:00421154 A358374400
|:00421146(C)
|
:00421159 8BFE
:0042115B 8BD7
:0042115D A158374400
:00421162 E8A9BAFEFF
:00421167 84DB
:00421169 7411
:0042116B 40
:0042116C 751F
:0042116E 8BD7
:00421170 A158374400
:00421175 E8E6B8FEFF
:0042117A EB11
|:00421169(C)
|
:0042117C 83F8FF
:0042117F 740C
:00421181 8BD0
:00421183 A158374400
:00421188 E80FB9FEFF
mov edi, esi

mov edx, edi
call 0040CC10
test bl, bl
je 0042117C
inc eax
jne 0042118D
mov edx, edi
call 0040CA60
jmp 0042118D
cmp eax, FFFFFFFF

je 0042118D
mov edx, eax
call 0040CA9C

|:0042113D(C), :0042116C(C), :0042117A(U), :0042117F(C)
|
:0042118D 5F
pop edi
:0042118E 5E
pop esi
:0042118F 5B
pop ebx
:00421190 C3
ret
:00421191 8D4000

|:0042125F , :004212B9 , :00421BC3
|
:00421194 55
push ebp
:00421195 8BEC
mov ebp, esp
:00421197 83C4E8
add esp, FFFFFFE8
:0042119A 53
push ebx
:0042119B 894DFC
:0042119E 33C9
xor ecx, ecx
:004211A0 85C0
test eax, eax
:004211A2 743C
je 004211E0
:004211A4 8B4D08
:004211A7 8B19
mov ebx, dword ptr [ecx]
:004211A9 895DE8
:004211AC 8B5904
mov ebx, dword ptr [ecx+04]
:004211AF 895DEC
:004211B2 8B4D0C
:004211B5 894DF4
:004211B8 8B4DFC
:004211BB 894DF0
:004211BE 803D5037440002
cmp byte ptr [00443750], 02
:004211C5 0F94C1
sete cl
:004211C8 884DF8
:004211CB 8D4DE8
:004211CE 51
push ecx
:004211CF 83E27F
and edx, 0000007F
:004211D2 52
push edx
:004211D3 682FB00000
push 0000B02F
:004211D8 50
push eax
|
:004211D9 E8AA51FEFF
Call 00406388
:004211DE 8BC8
mov ecx, eax
|:004211A2(C)
|
:004211E0 8BC1
mov eax, ecx
:004211E2 5B
pop ebx
:004211E3 8BE5
mov esp, ebp
:004211E5 5D
pop ebp
:004211E6 C20800
ret 0008
:004211E9 8D4000

|:00421223
|
:004211EC 53
push ebx
:004211ED 8BD8
mov ebx, eax
:004211EF 85DB
test ebx, ebx
:004211F1 7412
je 00421205
:004211F3 0FB7052C374400
:004211FA 50
push eax
:004211FB 53
push ebx
:004211FC E8E74FFEFF
:00421201 85C0
:00421203 7504
|
Call 004061E8
test eax, eax
jne 00421209

|:004211F1(C)
|
:00421205 33C0
xor eax, eax
:00421207 5B
pop ebx
:00421208 C3
ret

|:00421203(C)
|
:00421209 B001
mov al, 01
:0042120B 5B
pop ebx
:0042120C C3
ret
:0042120D 8D4000

|:00420E6B , :0042124B
|
:00421210 53
push ebx
:00421211 FF7004
push [eax+04]
:00421214 FF30
|
:00421216 E87552FEFF
Call 00406490
:0042121B 8BD8
mov ebx, eax
:0042121D 85DB
test ebx, ebx
:0042121F 7417
je 00421238
|:00421236(C)
|
:00421221 8BC3
:00421228 84C0
:0042122A 750C
:0042122C 53

mov eax, ebx
call 004211EC
test al, al
jne 00421238
push ebx

|
:0042122D E8AE4FFEFF
Call 004061E0
:00421232 8BD8
mov ebx, eax
:00421234 85DB
test ebx, ebx
:00421236 75E9
jne 00421221
|:0042121F(C), :0042122A(C)
|
:00421238 8BC3
:0042123A 5B
:0042123B C3

mov eax, ebx
pop ebx
ret

|:004213B1
|
:0042123C 55
push ebp
:0042123D 8BEC
mov ebp, esp
:0042123F 53
push ebx
:00421240 56
push esi
:00421241 8BF2
mov esi, edx
:00421243 8BD8
mov ebx, eax
:00421245 84C9
test cl, cl
:00421247 751F
jne 00421268
:00421249 8BC3
mov eax, ebx
:0042124B E8C0FFFFFF
call 00421210
:00421250 8906
:00421252 6A00
push 00000000
:00421254 53
push ebx
:00421255 8B06
:00421257 8B0D34374400
:0042125D B205
mov dl, 05
call 00421194
:00421264 8BD8
mov ebx, eax
:00421266 EB19
jmp 00421281
|:00421247(C)
|
:00421268 8BC3
:0042126A 8B5508
:0042126D E872FDFFFF
:00421272 8BD8
:00421274 85DB
:00421276 7409
:00421278 8BC3
:0042127A E8817C0000
:0042127F 8906
|:00421266(U), :00421276(C)
|
:00421281 8BC3
:00421283 5E
:00421284 5B
:00421285 5D
:00421286 C20400
:00421289 8D4000
mov eax, ebx

call 00420FE4
mov ebx, eax
test ebx, ebx
je 00421281
mov eax, ebx
call 00428F00
mov
pop
pop
pop
ret
eax, ebx
esi
ebx
ebp
0004

|:00421422 , :00421459 , :004214B2 , :00421AEC
|
:0042128C 53
push ebx
:0042128D 56
push esi
:0042128E 8BD8
mov ebx, eax
:00421290 33C0
xor eax, eax
:00421292 8B1534374400
:00421298 8B7204
:0042129B
:0042129D
:0042129F
:004212A0
:004212A5
:004212A8
:004212A9
:004212AE
:004212B1
:004212B7
:004212B9
:004212BE
:004212C0
:004212C2
85F6
7425
56
A134374400
83C00C
50
A134374400
8B4008
8B0D34374400
8BD3
E8D6FEFFFF
F7D8
1BC0
F7D8
test esi, esi

je 004212C4
push esi
mov eax, dword ptr
add eax, 0000000C
push eax
mov eax, dword ptr
mov eax, dword ptr
mov ecx, dword ptr
mov edx, ebx
call 00421194
neg eax
sbb eax, eax
neg eax
[00443734]
[00443734]
[eax+08]
[00443734]

|:0042129D(C)
|
:004212C4 5E
pop esi
:004212C5 5B
pop ebx
:004212C6 C3
ret
:004212C7 90
nop

|:0042157A
|
:004212C8 53
push ebx
:004212C9 56
push esi
:004212CA 57
push edi
:004212CB 33FF
xor edi, edi
:004212CD A134374400
:004212D2 8B7004
:004212D5 85F6
test esi, esi
:004212D7 747C
je 00421355
:004212D9 80BE8001000000
:004212E0 7473
je 00421355
:004212E2 83BE3401000000
cmp dword ptr [esi+00000134], 00000000
:004212E9 746A
je 00421355
:004212EB 8BC6
mov eax, esi
:004212ED E856650000
call 00427848
:004212F2 85C0
test eax, eax
:004212F4 745F
je 00421355
:004212F6 8BC6
mov eax, esi
:004212F8 E84B650000
call 00427848
:004212FD 48
dec eax
:004212FE 7518
jne 00421318
:00421300 33D2
xor edx, edx
:00421302 8B8634010000
:00421308 E86BB8FEFF
call 0040CB78
:0042130D 8B1534374400
:00421313 3B4230
:00421316 743D
je 00421355
|:004212FE(C)
|
:00421318 A134374400
:0042131D 83C00C
add eax, 0000000C
:00421320
:00421322
:00421327
:00421329
33D2
E871090000
8BD8
EB22
|:00421353(C)
|
:0042132B 8BD3
:0042132D 8B8634010000
:00421333 E8D8B8FEFF
:00421338 83F8FF
:0042133B 740D
:0042133D 8BD0
:0042133F 8BC6
:00421341 E816650000
:00421346 8BF8
:00421348 EB0B
xor edx, edx

call 00421C98
mov ebx, eax
jmp 0042134D
mov edx, ebx
call 0040CC10
cmp eax, FFFFFFFF
je 0042134A
mov edx, eax
mov eax, esi
call 0042785C
mov edi, eax
jmp 00421355

|:0042133B(C)
|
:0042134A 8B5B24
|:00421329(U)
|
:0042134D 85DB
test ebx, ebx
:0042134F 7404
je 00421355
:00421351 3BF3
cmp esi, ebx
:00421353 75D6
jne 0042132B
|:004212D7(C), :004212E0(C), :004212E9(C), :004212F4(C), :00421316(C)
|:00421348(U), :0042134F(C)
|
:00421355 8BC7
mov eax, edi
:00421357 5F
pop edi
:00421358 5E
pop esi
:00421359 5B
pop ebx
:0042135A C3
ret
:0042135B 90
nop

|:00420A3B , :00420A59 , :00420A77 , :00421795
|
:0042135C 53
push ebx
:0042135D 56
push esi
:0042135E 57
push edi
:0042135F 83C4F0
add esp, FFFFFFF0
:00421362 8BF0
mov esi, eax
:00421364 803D5037440000
cmp byte ptr [00443750], 00
:0042136B 752D
jne 0042139A
:0042136D A140374400
:00421372 2B06
sub eax, dword ptr [esi]
:00421374 99
cdq
:00421375 33C2
xor eax, edx
:00421377 2BC2
sub eax, edx
:00421379
:0042137F
:00421381
:00421386
:00421389
:0042138A
:0042138C
:0042138E
:00421394
3B054C374400
7D19
A144374400
2B4604
99
33C2
2BC2
3B054C374400
0F8C8C020000
|:0042136B(C), :0042137F(C)
|
:0042139A A130374400
:0042139F 50
:004213A0 A130374400
:004213A5 8A8887000000
:004213AB 8D542404
:004213AF 8BC6
:004213B6 8BD8
:004213B8 803D5037440000
:004213BF 7526
:004213C1 833D5437440000
:004213C8 741D
:004213CA A144374400
:004213CF 50
cmp eax, dword

jge 0042139A
mov eax, dword
sub eax, dword
cdq
xor eax, edx
sub eax, edx
cmp eax, dword
jl 00421626
ptr [0044374C]
ptr [00443744]
ptr [esi+04]
ptr [0044374C]

push eax
mov eax, esi
call 0042123C
mov ebx, eax
cmp byte ptr [00443750], 00
jne 004213E7
cmp dword ptr [00443754], 00000000
je 004213E7
push eax

|
:004213D0 E8834DFEFF
Call 00406158
:004213D5 8BD0
mov edx, eax
:004213D7 8B0D40374400
:004213DD A154374400
:004213E2 E835930000
call 0042A71C
|:004213BF(C), :004213C8(C)
|
:004213E7 A130374400
:004213EC 80B88700000000
:004213F3 750E
:004213F5 C6055037440001
:004213FC C644240400
:00421401 EB13
|:004213F3(C)
|
:00421403 803D5037440000
:0042140A 0F95442404
:0042140F C6055037440002
|:00421401(U)
|
:00421416 A134374400
:0042141B 3B5804
:0042141E 744B
:00421420 B001
mov
cmp
jne
mov
mov
jmp

byte ptr [eax+00000087], 00
00421403
byte ptr [00443750], 01
[esp+04], 00
00421416
cmp byte ptr [00443750], 00

setne byte ptr [esp+04]
mov byte ptr [00443750], 02

je 0042146B
mov al, 01
:00421422
:00421427
:0042142E
:00421434
:00421439
:0042143C
:00421441
:00421444
:00421447
:0042144C
:0042144E
:00421451
:00421454
:00421457
:00421459
:0042145E
:00421465
E865FEFFFF
833D3437440000
0F84F2010000
A134374400
895804
A134374400
8B1424
895008
A134374400
8B16
89500C
8B5604
895010
33C0
E82EFEFFFF
833D3437440000
0F84BB010000
call 0042128C
cmp dword ptr [00443734], 00000000
je 00421626
xor eax, eax
call 0042128C
cmp dword ptr [00443734], 00000000
je 00421626
|:0042141E(C)
|
:0042146B A134374400
:00421470 8B16
:00421472 89500C
:00421475 8B5604
:00421478 895010
:0042147B A134374400
:00421480 83780400
:00421484 7426
:00421486 8D4C2408
:0042148A 8BD6
:0042148C A134374400
:00421491 8B4004
:00421494 E85B180000
:00421499 A134374400
:0042149E 8B542408
:004214A2 895014
:004214A5 8B54240C
:004214A9 895018
|:00421484(C)
|
:004214AC 8B4604
:004214AF 50
:004214B0 B002
:004214B2 E8D5FDFFFF
:004214B7 8BD0
:004214B9 8B0E
:004214BB A134374400
:004214C0 8B38
:004214C2 FF5704
:004214C5 8BF8
:004214C7 833D5437440000
:004214CE 746A
:004214D0 85DB
:004214D2 7406
:004214D4 F6434120
:004214D8 7441

je 004214AC
mov edx, esi
call 00422CF4

push eax
mov al, 02
call 0042128C
mov edx, eax
call [edi+04]
mov edi, eax
cmp dword ptr [00443754], 00000000
je 0042153A
test ebx, ebx
je 004214DA
test [ebx+41], 20
je 0042151B
|:004214D2(C)
|
:004214DA 8BD7
:004214DC A154374400
:004214E1 E81E920000
:004214E6 A154374400
:004214EB 80785E00
:004214EF 7519
:004214F1 8B4604
:004214F4 50

mov edx, edi
call 0042A704
cmp byte ptr [eax+5E], 00
jne 0042150A
push eax

|
:004214F5 E85E4CFEFF
Call 00406158
:004214FA 8BD0
mov edx, eax
:004214FC 8B0E
:004214FE A154374400
:00421503 E814920000
call 0042A71C
:00421508 EB30
jmp 0042153A
|:004214EF(C)
|
:0042150A 8B4E04
:0042150D 8B16
:0042150F A154374400
:00421514 E8EB920000
:00421519 EB1F
|:004214D8(C)
|
:0042151B A154374400
:00421520 E853930000
:00421525 0FBFD7
:00421528 A1382D4400
:0042152D 8B00
:0042152F E8F8BC0100
:00421534 50

call 0042A804
jmp 0042153A

call 0042A878
movsx edx, di
call 0043D22C
push eax

|
:00421535 E8664EFEFF
Call 004063A0
|:004214CE(C), :00421508(U), :00421519(U)
|
:0042153A 0FBFD7
movsx edx, di
:0042153D A1382D4400
:00421542 8B00
:00421544 E8E3BC0100
call 0043D22C
:00421549 50
push eax
|
:0042154A E8514EFEFF
Call 004063A0
:0042154F 803D5037440002
cmp byte ptr [00443750], 02
:00421556 0F85CA000000
jne 00421626
:0042155C 85DB
test ebx, ebx
:0042155E
:00421560
:00421563
:00421564
:00421566
:0042156B
:0042156E
:0042156F
:00421573
:00421578
751A
8B5604
52
8B0E
A134374400
8B5030
92
66BBE9FF
E87C18FEFF
EB5C
jne 0042157A
mov edx, dword
push edx
mov ecx, dword
mov eax, dword
mov edx, dword
xchg eax,edx
mov bx, FFE9
call 00402DF4
jmp 004215D6
ptr [esi+04]
ptr [esi]
ptr [00443734]
ptr [eax+30]
|:0042155E(C)
|
:0042157A E849FDFFFF
:0042157F 8BF8
:00421581 A134374400
:00421586 89784C
:00421589 85FF
:0042158B 7524
:0042158D A134374400
:00421592 8D5014
:00421595 A134374400
:0042159A 8B4004
:0042159D 66BBDEFF
:004215A1 E84E18FEFF
:004215A6 8B1534374400
:004215AC 884248
:004215AF EB25
|:0042158B(C)
|
:004215B1 8D4C2408
:004215B5 8BD6
:004215B7 8BC7
:004215B9 E836170000
:004215BE 8D542408
:004215C2 8BC7
:004215C4 66BBDEFF
:004215C8 E82718FEFF
:004215CD 8B1534374400
:004215D3 884248
|:00421578(U), :004215AF(U)
|
:004215D6 833D3437440000
:004215DD 7447
:004215DF 8B1D34374400
:004215E5 8D5350
:004215E8 8D4338
:004215EB B910000000
:004215F0 E8D75EFEFF
:004215F5 84C0
:004215F7 752D
:004215F9 807C240400
:004215FE 740A
:00421600 A134374400
:00421605 8B10
call 004212C8
mov edi, eax
test edi, edi
jne 004215B1
mov bx, FFDE
call 00402DF4
jmp 004215D6

mov edx, esi
mov eax, edi
call 00422CF4
mov eax, edi
mov bx, FFDE
call 00402DF4
cmp dword ptr [00443734], 00000000

je 00421626
mov ecx, 00000010
call 004074CC
test al, al
jne 00421626
je 0042160A
:00421607 FF5230
call [edx+30]
|:004215FE(C)
|
:0042160A A134374400
:0042160F 8B10
:00421611 FF522C
:00421614 A134374400
:00421619 8D7038
:0042161C 8D7850
:0042161F B904000000
:00421624 F3
:00421625 A5

mov eax, dword ptr
mov edx, dword ptr
call [edx+2C]
mov eax, dword ptr
lea esi, dword ptr
lea edi, dword ptr
mov ecx, 00000004
repz
movsd
[00443734]
[eax]
[00443734]
[eax+38]
[eax+50]

|:00421394(C), :0042142E(C), :00421465(C), :00421556(C), :004215DD(C)
|:004215F7(C)
|
:00421626 83C410
add esp, 00000010
:00421629 5F
pop edi
:0042162A 5E
pop esi
:0042162B 5B
pop ebx
:0042162C C3
ret
:0042162D 8D4000

|:0042193B
|
:00421630 53
push ebx
:00421631 56
push esi
:00421632 57
push edi
:00421633 83C4F8
add esp, FFFFFFF8
:00421636 8BF9
mov edi, ecx
:00421638 8BDA
mov ebx, edx
:0042163A 8BF0
mov esi, eax
:0042163C 893534374400
mov dword ptr [00443734], esi
:00421642 A134374400
:00421647 33D2
xor edx, edx
:00421649 895004
:0042164C 6840374400
push 00443740
|
:00421651 E8EA4AFEFF
Call 00406140
:00421656 A134374400
:0042165B 8B1540374400
:00421661 89500C
:00421664 8B1544374400
:0042166A 895010
|
:0042166D E8C64AFEFF
Call 00406138
:00421672 A348374400
:00421677 A134374400
:0042167C E803F3FFFF
call 00420984
:00421681 A33C374400
:00421686
:0042168C
:0042168E
:00421694
:00421699
:0042169B
:004216A1
:004216A3
:004216A6
:004216A9
:004216AB
:004216AD
:004216AF
:004216B1
:004216B4
:004216B6
:004216B9
:004216BC
:004216BF
:004216C1
:004216C5
:004216C9
:004216CB
:004216CE
:004216CF
893D4C374400
8BC6
8B159CEA4100
E8F716FEFF
84C0
0F848C000000
8BD6
8D4238
8B7808
8B08
2BF9
85FF
7E20
8B7A0C
2BF9
893C24
DB0424
8B4808
2B08
894C2404
DB442404
DEF9
DD5A1C
9B
EB08
mov dword ptr [0044374C], edi

mov eax, esi
call 00402D90
test al, al
je 0042172D
mov edx, esi
sub edi, ecx
test edi, edi
jle 004216D1
mov edi, dword ptr [edx+0C]
sub edi, ecx
mov dword ptr [esp], edi
fild dword ptr [esp]
sub ecx, dword ptr [eax]
fdivp st(1), st(0)
fstp qword ptr [edx+1C]
wait
jmp 004216D9

|:004216AF(C)
|
:004216D1 33C9
xor ecx, ecx
:004216D3 894A1C
mov dword ptr [edx+1C], ecx
:004216D6 894A20
|:004216CF(U)
|
:004216D9 8B480C
:004216DC 8B5004
:004216DF 2BCA
:004216E1 85C9
:004216E3 7E23
:004216E5 8BCE
:004216E7 8B7910
:004216EA 2BFA
:004216EC 893C24
:004216EF DB0424
:004216F2 8B500C
:004216F5 2B5004
:004216F8 89542404
:004216FC DB442404
:00421700 DEF9
:00421702 DD5924
:00421705 9B
:00421706 EB08

sub ecx, edx
test ecx, ecx
jle 00421708
mov ecx, esi
mov edi, dword ptr [ecx+10]
sub edi, edx
mov dword ptr [esp], edi
fild dword ptr [esp]
sub edx, dword ptr [eax+04]
fdivp st(1), st(0)
fstp qword ptr [ecx+24]
wait
jmp 00421710

|:004216E3(C)
|
:00421708 33C0
xor eax, eax
:0042170A 894624
:0042170D 894628
|:00421706(U)
|
:00421710 84DB
:00421712 7410
:00421714 C6055037440002
:0042171B 8BC6
:0042171D 8B10
:0042171F FF522C
:00421722 EB1D

test bl, bl
je 00421724
mov byte ptr [00443750], 02
mov eax, esi
call [edx+2C]
jmp 00421741

|:00421712(C)
|
:00421724 C6055037440000
mov byte ptr [00443750], 00
:0042172B EB14
jmp 00421741
|:0042169B(C)
|
:0042172D 84DB
:0042172F 7409
:00421731 C6055037440001
:00421738 EB07

test bl, bl
je 0042173A
mov byte ptr [00443750], 01
jmp 00421741

|:0042172F(C)
|
:0042173A C6055037440000
mov byte ptr [00443750], 00
|:00421722(U), :0042172B(U), :00421738(U)
|
:00421741 A134374400
:00421746 8B10
:00421748 FF5208
call [edx+08]
:0042174B A354374400
:00421750 833D5437440000
cmp dword ptr [00443754], 00000000
:00421757 741D
je 00421776
:00421759 A144374400
:0042175E 50
push eax
|
:0042175F E8F449FEFF
Call 00406158
:00421764 8BD0
mov edx, eax
:00421766 8B0D40374400
:0042176C A154374400
:00421771 E8A68F0000
call 0042A71C
|:00421757(C)
|
:00421776 B201
:00421778 A170074200
:0042177D E86E14FEFF
:00421782 A35C374400
:00421787 803D5037440000

mov dl, 01
call 00402BF0
cmp byte ptr [00443750], 00
:0042178E 740A
:00421790 B840374400
:00421795 E8C2FBFFFF
je 0042179A
mov eax, 00443740
call 0042135C

|:0042178E(C)
|
:0042179A 59
pop ecx
:0042179B 5A
pop edx
:0042179C 5F
pop edi
:0042179D 5E
pop esi
:0042179E 5B
pop ebx
:0042179F C3
ret

|:004238B7
|
:004217A0 55
push ebp
:004217A1 8BEC
mov ebp, esp
:004217A3 83C4E0
add esp, FFFFFFE0
:004217A6 53
push ebx
:004217A7 56
push esi
:004217A8 57
push edi
:004217A9 8BF9
mov edi, ecx
:004217AB 8855FF
:004217AE 8BF0
mov esi, eax
:004217B0 893530374400
mov dword ptr [00443730], esi
:004217B6 33D2
xor edx, edx
:004217B8 55
push ebp
:004217B9 684A194200
push 0042194A
:004217BE 64FF32
:004217C1 648922
:004217C4 33C0
xor eax, eax
:004217C6 8945F8
:004217C9 C6053837440000
mov byte ptr [00443738], 00
:004217D0 80BE8700000000
:004217D7 754B
jne 00421824
:004217D9 8D55F8
:004217DC 8BC6
mov eax, esi
:004217DE 66BBE2FF
mov bx, FFE2
:004217E2 E80D16FEFF
call 00402DF4
:004217E7 833D3037440000
cmp dword ptr [00443730], 00000000
:004217EE 750D
jne 004217FD
:004217F0 33C0
xor eax, eax
:004217F2 5A
pop edx
:004217F3 59
pop ecx
:004217F4 59
pop ecx
:004217F5 648910
:004217F8 E963010000
jmp 00421960
|:004217EE(C)
|
:004217FD 837DF800
:00421801 0F852C010000
:00421807 8BCE
:00421809 B201
:0042180B A114EA4100

cmp
jne
mov
mov
mov
dword ptr [ebp-08], 00000000

00421933
ecx, esi
dl, 01
eax, dword ptr [0041EA14]
:00421810
:00421815
:00421818
:0042181F
E8D3F2FFFF
8945F8
C6053837440001
E90F010000
call 00420AE8
mov byte ptr [00443738], 01
jmp 00421933
|:004217D7(C)
|
:00421824 8D55F8
:00421827 8BC6
:00421829 66BBE6FF
:0042182D E8C215FEFF
:00421832 833D3037440000
:00421839 750D
:0042183B 33C0
:0042183D 5A
:0042183E 59
:0042183F 59
:00421840 648910
:00421843 E918010000
|:00421839(C)
|
:00421848 837DF800
:0042184C 7518
:0042184E 8BCE
:00421850 B201
:00421852 A19CEA4100
:00421857 E898F3FFFF
:0042185C 8945F8
:0042185F C6053837440001
|:0042184C(C)
|
:00421866 8B45F8
:00421869 8B5830
:0042186C 8BC3
:0042186E 8B15CCF94100
:00421874 E81715FEFF
:00421879 84C0
:0042187B 7419
:0042187D 8B45F8
:00421880 83C038
:00421883 50
:00421884 8BC3
:00421886 E875760000
:0042188B 50

mov eax, esi
mov bx, FFE6
call 00402DF4
cmp dword ptr [00443730], 00000000
jne 00421848
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00421960

jne 00421866
mov ecx, esi
mov dl, 01
mov eax, dword ptr [0041EA9C]
call 00420BF4
mov byte ptr [00443738], 01
mov eax, dword ptr

mov ebx, dword ptr
mov eax, ebx
mov edx, dword ptr
call 00402D90
test al, al
je 00421896
mov eax, dword ptr
add eax, 00000038
push eax
mov eax, ebx
call 00428F00
push eax
[ebp-08]
[eax+30]
[0041F9CC]
[ebp-08]

|
:0042188C E8BF49FEFF
Call 00406250
:00421891 E98B000000
jmp 00421921
|:0042187B(C)
|
:00421896 8B45F8
:00421899 8B5830
:0042189C
:004218A0
:004218A2
:004218A4
:004218AA
:004218AF
:004218B1
:004218B3
:004218B6
837B2400
752B
8BC3
8B15CCF94100
E8E114FEFF
84C0
751A
8D45F0
50

jne 004218CD
mov eax, ebx
call 00402D90
test al, al
jne 004218CD
push eax

|
:004218B7 E88448FEFF
Call 00406140
:004218BC 8B45F8
:004218BF 8B55F0
:004218C2 895038
:004218C5 8B55F4
:004218C8 89503C
:004218CB EB28
jmp 004218F5
|:004218A0(C), :004218B1(C)
|
:004218CD 8D4DE0
:004218D0 33D2
:004218D2 33C0
:004218D4 E8A7A8FEFF
:004218D9 8D55E0
:004218DC 8D4DE8
:004218DF 8BC3
:004218E1 E8E2130000
:004218E6 8B45F8
:004218E9 8B55E8
:004218EC 895038
:004218EF 8B55EC
:004218F2 89503C
|:004218CB(U)
|
:004218F5 8B5DF8
:004218F8 8B533C
:004218FB 8B45F8
:004218FE 8B7030
:00421901 03563C
:00421904 8B4338
:00421907 034638
:0042190A 8D4DE8
:0042190D E86EA8FEFF
:00421912 8B45F8
:00421915 8B55E8
:00421918 895040
:0042191B 8B55EC
:0042191E 895044

xor edx, edx
xor eax, eax
call 0040C180
mov eax, ebx
call 00422CC8

add edx, dword ptr [esi+3C]
call 0040C180

|:00421891(U)
|
:00421921 8B45F8
:00421924 57
push edi
:00421925
:00421928
:0042192B
:00421930
:00421931
:00421932
8D7038
8D7850
B904000000
F3
A5
5F
|:00421801(C), :0042181F(U)
|
:00421933 8BCF
:00421935 8A55FF
:00421938 8B45F8
:0042193B E8F0FCFFFF
:00421940 33C0
:00421942 5A
:00421943 59
:00421944 59
:00421945 648910
:00421948 EB16
:0042194A E92117FEFF
:0042194F 33C0
:00421951 A330374400
:00421956 E87119FEFF
:0042195B E8C019FEFF

lea edi, dword ptr [eax+50]
mov ecx, 00000004
repz
movsd
pop edi
mov ecx, edi
call 00421630
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00421960
jmp 00403070
xor eax, eax
call 004032CC
call 00403320

|:004217F8(U), :00421843(U), :00421948(U)
|
:00421960 5F
pop edi
:00421961 5E
pop esi
:00421962 5B
pop ebx
:00421963 8BE5
mov esp, ebp
:00421965 5D
pop ebp
:00421966 C3
ret
:00421967 90
nop

|:00421AC8
|
:00421968 55
push ebp
:00421969 8BEC
mov ebp, esp
:0042196B 53
push ebx
:0042196C A134374400
:00421971 83780400
:00421975 0F95C3
setne bl
:00421978 8B4508
:0042197B 8078FF00
cmp byte ptr [eax-01], 00
:0042197F 7452
je 004219D3
:00421981 803D5037440002
cmp byte ptr [00443750], 02
:00421988 7549
jne 004219D3
:0042198A A130374400
:0042198F 8B10
:00421991 FF5254
call [edx+54]
:00421994 84C0
test al, al
:00421996 750E
jne 004219A6
:00421998 A130374400
:0042199D 83B88C00000000
:004219A4 7504
jne 004219AA

|:00421996(C)
|
:004219A6 B301
mov bl, 01
:004219A8 EB29
jmp 004219D3
|:004219A4(C)
|
:004219AA A130374400
:004219AF 8B808C000000
:004219B5 85C0
:004219B7 741A
:004219B9 8B1534374400
:004219BF 8B5204
:004219C2 8B0D30374400
:004219C8 66BBC3FF
:004219CC E82314FEFF
:004219D1 8BD8

mov eax, dword
mov eax, dword
test eax, eax
je 004219D3
mov edx, dword
mov edx, dword
mov ecx, dword
mov bx, FFC3
call 00402DF4
mov ebx, eax
ptr [00443730]
ptr [eax+0000008C]
ptr [00443734]
ptr [edx+04]
ptr [00443730]

|:0042197F(C), :00421988(C), :004219A8(U), :004219B7(C)
|
:004219D3 8BC3
mov eax, ebx
:004219D5 5B
pop ebx
:004219D6 5D
pop ebp
:004219D7 C3
ret

|:00420A44 , :00420A87 , :00420AA6 , :00421C57
|
:004219D8 55
push ebp
:004219D9 8BEC
mov ebp, esp
:004219DB 83C4EC
add esp, FFFFFFEC
:004219DE 53
push ebx
:004219DF 8845FF
:004219E2 33DB
xor ebx, ebx
:004219E4 33C0
xor eax, eax
:004219E6 8945F8
:004219E9 C645F700
mov [ebp-09], 00
:004219ED 833D3437440000
cmp dword ptr [00443734], 00000000
:004219F4 740F
je 00421A05
:004219F6 A134374400
:004219FB 80782C00
:004219FF 0F8542020000
jne 00421C47
|:004219F4(C)
|
:00421A05 33D2
:00421A07 55
:00421A08 68401C4200
:00421A0D 64FF32
:00421A10 648922
:00421A13 833D3437440000
:00421A1A 750A

xor edx, edx
push ebp
push 00421C40
cmp dword ptr [00443734], 00000000
jne 00421A26
:00421A1C E82F19FEFF
:00421A21 E921020000
call 00403350
jmp 00421C47
|:00421A1A(C)
|
:00421A26 A134374400
:00421A2B C6402C01
:00421A2F A134374400
:00421A34 8945F8
:00421A37 33D2
:00421A39 55
:00421A3A 68F51B4200
:00421A3F 64FF32
:00421A42 648922
:00421A45 8B153C374400
:00421A4B A134374400
:00421A50 E877EFFFFF
:00421A55 803D5037440002
:00421A5C 7523
:00421A5E A134374400
:00421A63 8B159CEA4100
:00421A69 E83A13FEFF
:00421A6E 8BD8
:00421A70 8BC3
:00421A72 8B10
:00421A74 FF5230
:00421A77 837B0400
:00421A7B 0F94C0
:00421A7E 884360
|:00421A5C(C)
|
:00421A81 A134374400
:00421A86 83780400
:00421A8A 742A
:00421A8C A134374400
:00421A91 8B4004

mov [eax+2C], 01
xor edx, edx
push ebp
push 00421BF5
call 004209CC
cmp byte ptr [00443750], 02
jne 00421A81
call 00402DA8
mov ebx, eax
mov eax, ebx
call [edx+30]
sete al

je 00421AB6
* Possible StringData Ref from Code Obj ->"lOB"

|
:00421A94 8B15BCF44100
mov edx, dword ptr [0041F4BC]
:00421A9A E8F112FEFF
call 00402D90
:00421A9F 84C0
test al, al
:00421AA1 7413
je 00421AB6
:00421AA3 A134374400
:00421AA8 8B5014
:00421AAB 8955EC
:00421AAE 8B5018
:00421AB1 8955F0
:00421AB4 EB11
jmp 00421AC7
|:00421A8A(C), :00421AA1(C)
|
:00421AB6 A134374400
:00421ABB 8B500C
:00421ABE 8955EC
:00421AC1 8B5010

mov
mov
mov
mov

edx, dword ptr [eax+0C]
edx, dword ptr [eax+10]
:00421AC4 8955F0
|:00421AB4(U)
|
:00421AC7 55
:00421AC8 E89BFEFFFF
:00421ACD 59
:00421ACE 84C0
:00421AD0 7429
:00421AD2 803D5037440002
:00421AD9 7506
:00421ADB 807B6000
:00421ADF 7514
|:00421AD9(C)
|
:00421AE1 803D5037440000
:00421AE8 7411
:00421AEA B001
:00421AEC E89BF7FFFF
:00421AF1 84C0
:00421AF3 7406
push ebp
call 00421968
pop ecx
test al, al
je 00421AFB
cmp byte ptr [00443750], 02
jne 00421AE1
jne 00421AF5
cmp byte ptr [00443750], 00

je 00421AFB
mov al, 01
call 0042128C
test al, al
je 00421AFB

|:00421ADF(C)
|
:00421AF5 807DFF00
:00421AF9 7504
jne 00421AFF
|:00421AD0(C), :00421AE8(C), :00421AF3(C)
|
:00421AFB 33C0
xor eax, eax
:00421AFD EB02
jmp 00421B01
|:00421AF9(C)
|
:00421AFF B001
mov al, 01
|:00421AFD(U)
|
:00421B01 8845F7
:00421B04 803D5037440002
:00421B0B 7543
:00421B0D 807DF700
:00421B11 745D
:00421B13 807B6000
:00421B17 7457
:00421B19 8B4330
:00421B1C E8EF500100
:00421B21 85C0
:00421B23 7412
:00421B25 8B9000020000
:00421B2B 3B5330
:00421B2E 7507
:00421B30 33D2

cmp byte ptr [00443750], 02
jne 00421B50
je 00421B70
je 00421B70
call 00436C10
test eax, eax
je 00421B37
cmp edx, dword ptr [ebx+30]
jne 00421B37
xor edx, edx
:00421B32 E8518A0100
call 0043A588
|:00421B23(C), :00421B2E(C)
|
:00421B37 A134374400
:00421B3C 50
:00421B3D 33C9
:00421B3F BA3AB00000
:00421B44 A130374400
:00421B49 E846260000
:00421B4E EB20
|:00421B0B(C)
|
:00421B50 833D5437440000
:00421B57 740C
:00421B59 A154374400
:00421B5E E8158D0000
:00421B63 EB0B

push eax
xor ecx, ecx
mov edx, 0000B03A
call 00424194
jmp 00421B70
cmp dword ptr [00443754], 00000000

je 00421B65
call 0042A878
jmp 00421B70

|:00421B57(C)
|
:00421B65 A148374400
:00421B6A 50
push eax
|
:00421B6B E83048FEFF
Call 004063A0
|:00421B11(C), :00421B17(C), :00421B4E(U), :00421B63(U)
|
:00421B70 33C0
xor eax, eax
:00421B72 A330374400
:00421B77 33C0
xor eax, eax
:00421B79 A334374400
:00421B7E 8B45F8
:00421B81 83780400
:00421B85 7441
je 00421BC8
:00421B87 B003
mov al, 03
:00421B89 807DF700
:00421B8D 751C
jne 00421BAB
:00421B8F B004
mov al, 04
:00421B91 8B55F8
:00421B94 33C9
xor ecx, ecx
:00421B96 894A0C
:00421B99 8B55F8
:00421B9C 33C9
xor ecx, ecx
:00421B9E 894A10
:00421BA1 33D2
xor edx, edx
:00421BA3 8955EC
:00421BA6 33D2
xor edx, edx
:00421BA8 8955F0
|:00421B8D(C)
|
:00421BAB
:00421BAE
:00421BB1
:00421BB2
:00421BB5
:00421BB8
:00421BB9
:00421BBC
:00421BBF
:00421BC2
:00421BC3
8B55F8
8B5204
52
8B55F8
83C20C
52
8B55F8
8B5208
8B4DF8
92
E8CCF5FFFF
mov edx, dword ptr

mov edx, dword ptr
push edx
mov edx, dword ptr
add edx, 0000000C
push edx
mov edx, dword ptr
mov edx, dword ptr
mov ecx, dword ptr
xchg eax,edx
call 00421194
[ebp-08]
[edx+04]
[ebp-08]
[ebp-08]
[edx+08]
[ebp-08]
|:00421B85(C)
|
:00421BC8 33C0
:00421BCA 5A
:00421BCB 59
:00421BCC 59
:00421BCD 648910
:00421BD0 68FC1B4200
|:00421BFA(U)
|
:00421BD5 8B45F0
:00421BD8 50
:00421BD9 8A45F7
:00421BDC 50
:00421BDD 8B45F8
:00421BE0 8B5004
:00421BE3 8B4DEC
:00421BE6 8B45F8
:00421BE9 8B18
:00421BEB FF13
:00421BED 33C0
:00421BEF A334374400
:00421BF4 C3
:00421BF5
:00421BFA
:00421BFC
:00421BFE
:00421BFF
:00421C00
:00421C01
:00421C04
jmp 00403278
jmp 00421BD5
xor eax, eax
pop edx
pop ecx
pop ecx
push 00421C47
E97E16FEFF
EBD9
33C0
5A
59
59
648910
68471C4200
|:00421C45(U)
|
:00421C09 A15C374400
:00421C0E E80D10FEFF
:00421C13 33C0
:00421C15 A35C374400
:00421C1A 33C0
:00421C1C A330374400
:00421C21 837DF800
:00421C25 7418
xor eax, eax

pop edx
pop ecx
pop ecx
push 00421BFC

push eax
push eax
xor eax, eax
ret

call 00402C20
xor eax, eax
xor eax, eax
je 00421C3F
:00421C27
:00421C2A
:00421C2E
:00421C35
:00421C37
:00421C3A
8B45F8
C6402C00
803D3837440000
7408
8B45F8
E8E10FFEFF

mov [eax+2C], 00
cmp byte ptr [00443738], 00
je 00421C3F
call 00402C20
|:00421C25(C), :00421C35(C)
|
:00421C3F C3
:00421C40 E93316FEFF
:00421C45 EBC2
|:004219FF(C), :00421A21(U)
|
:00421C47 5B
:00421C48 8BE5
:00421C4A 5D
:00421C4B C3
ret
jmp 00403278
jmp 00421C09
pop ebx
mov esp, ebp
pop ebp
ret

|:0042CC07 , :0043BF4B
|
:00421C4C 833D3437440000
cmp dword ptr [00443734], 00000000
:00421C53 7407
je 00421C5C
:00421C55 33C0
xor eax, eax
:00421C57 E87CFDFFFF
call 004219D8
|:00421C53(C)
|
:00421C5C 33C0
:00421C5E A330374400
:00421C63 C3

xor eax, eax
ret

|:00421CA7 , :004305A9 , :0043D8A1
|
:00421C64 53
push
:00421C65 56
push
:00421C66 FF7004
push
:00421C69 FF30
push
ebx
esi
[eax+04]
dword ptr [eax]

|
:00421C6B E82048FEFF
Call 00406490
:00421C70 8BD8
mov ebx, eax
:00421C72 33F6
xor esi, esi
:00421C74 85DB
test ebx, ebx
:00421C76 7419
je 00421C91
|:00421C8F(C)
|
:00421C78
:00421C7A
:00421C7F
:00421C81
:00421C83
:00421C85
8BC3
E8FDE7FFFF
8BF0
85F6
750C
53
mov eax, ebx

call 0042047C
mov esi, eax
test esi, esi
jne 00421C91
push ebx

|
:00421C86 E85545FEFF
Call 004061E0
:00421C8B 8BD8
mov ebx, eax
:00421C8D 85DB
test ebx, ebx
:00421C8F 75E7
jne 00421C78
|:00421C76(C), :00421C83(C)
|
:00421C91 8BC6
:00421C93 5E
:00421C94 5B
:00421C95 C3
:00421C96 8BC0
mov eax, eax
mov eax, esi

pop esi
pop ebx
ret

|:00421322 , :00428501 , :0043F31A , :0043F702
|
:00421C98 53
push ebx
:00421C99 56
push esi
:00421C9A 57
push edi
:00421C9B 55
push ebp
:00421C9C 83C4F8
add esp, FFFFFFF8
:00421C9F 8BDA
mov ebx, edx
:00421CA1 8BF8
mov edi, eax
:00421CA3 33F6
xor esi, esi
:00421CA5 8BC7
mov eax, edi
:00421CA7 E8B8FFFFFF
call 00421C64
:00421CAC 8BE8
mov ebp, eax
:00421CAE 85ED
test ebp, ebp
:00421CB0 741E
je 00421CD0
:00421CB2 8BF5
mov esi, ebp
:00421CB4 8BCC
mov ecx, esp
:00421CB6 8BD7
mov edx, edi
:00421CB8 8BC5
mov eax, ebp
:00421CBA E835100000
call 00422CF4
:00421CBF 8BD4
mov edx, esp
:00421CC1 8BCB
mov ecx, ebx
:00421CC3 8BC5
mov eax, ebp
:00421CC5 E8BA4B0000
call 00426884
:00421CCA 85C0
test eax, eax
:00421CCC 7402
je 00421CD0
:00421CCE 8BF0
mov esi, eax
|:00421CB0(C), :00421CCC(C)
|
:00421CD0 8BC6
:00421CD2 59
:00421CD3 5A
, :0043FAA3

mov eax, esi
pop ecx
pop edx
:00421CD4
:00421CD5
:00421CD6
:00421CD7
:00421CD8
5D
5F
5E
5B
C3
:00421CD9 8D4000
pop
pop
pop
pop
ret
ebp
edi
esi
ebx

|:00425E8B , :00425E98 , :00425EA7
|
:00421CDC 53
push ebx
:00421CDD 56
push esi
:00421CDE 8BF2
mov esi, edx
:00421CE0 8BD8
mov ebx, eax
:00421CE2 833B00
:00421CE5 750E
jne 00421CF5
:00421CE7 B201
mov dl, 01
:00421CE9 A154B54000
:00421CEE E8FD0EFEFF
call 00402BF0
:00421CF3 8903
|:00421CE5(C)
|
:00421CF5 8B03
:00421CF7 8BD6
:00421CF9 E862ADFEFF
:00421CFE 5E
:00421CFF 5B
:00421D00 C3
:00421D01 8D4000

mov edx, esi
call 0040CA60
pop esi
pop ebx
ret

|:00425ED3 , :00425EE0 , :00425EEF
|
:00421D04 53
push ebx
:00421D05 8BD8
mov ebx, eax
:00421D07 8B03
:00421D09 E836B0FEFF
call 0040CD44
:00421D0E 8B03
:00421D10 83780800
:00421D14 750B
jne 00421D21
:00421D16 8B03
:00421D18 E8030FFEFF
call 00402C20
:00421D1D 33C0
xor eax, eax
:00421D1F 8903
|:00421D14(C)
|
:00421D21 5B
pop ebx
:00421D22 C3
ret
:00421D23 90
nop

|:00426EC8
|
:00421D24 53
push ebx
:00421D25 56
push esi
:00421D26 57
push edi
:00421D27 83C4F8
add esp, FFFFFFF8
:00421D2A 8BF9
mov edi, ecx
:00421D2C 8BF2
mov esi, edx
:00421D2E 8BD8
mov ebx, eax
:00421D30 54
push esp
:00421D31 53
push ebx
* Reference To: gdi32.GetWindowOrgEx, Ord:0000h
|
:00421D32 E8D141FEFF
Call 00405F08
:00421D37 6A00
push 00000000
:00421D39 8B442408
:00421D3D 2BC7
sub eax, edi
:00421D3F 50
push eax
:00421D40 8B442408
:00421D44 2BC6
sub eax, esi
:00421D46 50
push eax
:00421D47 53
push ebx
* Reference To: gdi32.SetWindowOrgEx, Ord:0000h
|
:00421D48 E88342FEFF
Call 00405FD0
:00421D4D 59
pop ecx
:00421D4E 5A
pop edx
:00421D4F 5F
pop edi
:00421D50 5E
pop esi
:00421D51 5B
pop ebx
:00421D52 C3
ret
:00421D53 90
nop

|:00421F2F
|
:00421D54 55
push ebp
:00421D55 8BEC
mov ebp, esp
:00421D57 83C4F0
add esp, FFFFFFF0
:00421D5A A160374400
:00421D5F E830B2FEFF
call 0040CF94
:00421D64 8945F8
:00421D67 33C0
xor eax, eax
:00421D69 55
push ebp
:00421D6A 68041E4200
push 00421E04
:00421D6F 64FF30
:00421D72 648920
:00421D75 8B45F8
:00421D78 8B4008
:00421D7B 48
dec eax
:00421D7C 85C0
test eax, eax
:00421D7E 7C6C
jl 00421DEC
:00421D80 40
inc eax
:00421D81 8945F4
:00421D84 C745FC00000000
mov [ebp-04], 00000000
|:00421DEA(C)
|
:00421D8B 8B55FC
:00421D8E 8B45F8
:00421D91 E8E2ADFEFF
:00421D96 8945F0
:00421D99 8B45F0
:00421D9C E85B2FFFFF
:00421DA1 84C0
:00421DA3 743F
:00421DA5 33C0
:00421DA7 55
:00421DA8 68DD1D4200
:00421DAD 64FF30
:00421DB0 648920
:00421DB3 8B45F0
:00421DB6 E8D5010000
:00421DBB E89015FEFF
:00421DC0 E88B15FEFF
:00421DC5 EB44
:00421DC7 33C0
:00421DC9 5A
:00421DCA 59
:00421DCB 59
:00421DCC 648910
:00421DCF 68E41D4200
|:00421DE2(U)
|
:00421DD4 8B45F0
:00421DD7 E87C2FFFFF
:00421DDC C3
:00421DDD E99614FEFF
:00421DE2 EBF0
jmp 00403278
jmp 00421DD4

call 0040CB78
call 00414CFC
test al, al
je 00421DE4
xor eax, eax
push ebp
push 00421DDD
call 00421F90
call 00403350
call 00403350
jmp 00421E0B
xor eax, eax
pop edx
pop ecx
pop ecx
push 00421DE4

call 00414D58
ret

|:00421DA3(C)
|
:00421DE4 FF45FC
inc [ebp-04]
:00421DE7 FF4DF4
dec [ebp-0C]
:00421DEA 759F
jne 00421D8B
|:00421D7E(C)
|
:00421DEC 33C0
:00421DEE 5A
:00421DEF 59
:00421DF0 59
:00421DF1 648910
:00421DF4 680B1E4200

xor eax, eax
pop edx
pop ecx
pop ecx
push 00421E0B

|:00421E09(U)
|
:00421DF9 A160374400
:00421DFE E8F5B1FEFF
:00421E03 C3

call 0040CFF8
ret
:00421E04 E96F14FEFF
:00421E09 EBEE
jmp 00403278
jmp 00421DF9

|:00421DC5(U)
|
:00421E0B 8BE5
mov esp, ebp
:00421E0D 5D
pop ebp
:00421E0E C3
ret
:00421E0F 90
nop

|:00426509 , :00426848
|
:00421E10 55
push ebp
:00421E11 8BEC
mov ebp, esp
:00421E13 83C4F4
add esp, FFFFFFF4
:00421E16 A160374400
:00421E1B E874B1FEFF
call 0040CF94
:00421E20 8945F8
:00421E23 33C0
xor eax, eax
:00421E25 55
push ebp
:00421E26 68AE1E4200
push 00421EAE
:00421E2B 64FF30
:00421E2E 648920
:00421E31 8B45F8
:00421E34 8B4008
:00421E37 48
dec eax
:00421E38 83F800
cmp eax, 00000000
:00421E3B 7C59
jl 00421E96
:00421E3D 8945FC
|:00421E94(C)
|
:00421E40 8B55FC
:00421E43 8B45F8
:00421E46 E82DADFEFF
:00421E4B 8945F4
:00421E4E 8B45F4
:00421E51 E8A62EFFFF
:00421E56 84C0
:00421E58 7433
:00421E5A 33C0
:00421E5C 55
:00421E5D 68861E4200
:00421E62 64FF30
:00421E65 648920
:00421E68 8B45F4
:00421E6B E820010000
:00421E70 33C0
:00421E72 5A
:00421E73 59

call 0040CB78
call 00414CFC
test al, al
je 00421E8D
xor eax, eax
push ebp
push 00421E86
call 00421F90
xor eax, eax
pop edx
pop ecx
:00421E74 59
:00421E75 648910
:00421E78 688D1E4200
pop ecx
push 00421E8D
|:00421E8B(U)
|
:00421E7D 8B45F4
:00421E80 E8D32EFFFF
:00421E85 C3
:00421E86 E9ED13FEFF
:00421E8B EBF0
jmp 00403278
jmp 00421E7D
|:00421E58(C)
|
:00421E8D FF4DFC
:00421E90 837DFCFF
:00421E94 75AA
|:00421E3B(C)
|
:00421E96 33C0
:00421E98 5A
:00421E99 59
:00421E9A 59
:00421E9B 648910
:00421E9E 68B51E4200
|:00421EB3(U)
|
:00421EA3 A160374400
:00421EA8 E84BB1FEFF
:00421EAD C3
:00421EAE
:00421EB3
:00421EB5
:00421EB7
:00421EB8
E9C513FEFF
EBEE
8BE5
5D
C3
jmp
jmp
mov
pop
ret
:00421EB9
:00421EBC
:00421EBD
:00421EBE
:00421EC3
:00421EC5
:00421EC7
:00421EC9
:00421ECE
:00421ED0
:00421ED3
:00421ED5
:00421EDA
8D4000
53
56
E8A110FEFF
8BDA
8BF0
8BC6
E8C2000000
8BD3
80E2FC
8BC6
E8C62AFFFF
84DB

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
mov eax, esi
call 00421F90
mov edx, ebx
and dl, FC
mov eax, esi
call 004149A0
test bl, bl

call 00414D58
ret
dec [ebp-04]
jne 00421E40
xor eax, eax

pop edx
pop ecx
pop ecx
push 00421EB5

call 0040CFF8
ret
00403278
00421EA3
esp, ebp
ebp
:00421EDC 7E07
:00421EDE 8BC6
:00421EE0 E86F10FEFF
jle 00421EE5
mov eax, esi
call 00402F54

|:00421EDC(C)
|
:00421EE5 5E
pop esi
:00421EE6 5B
pop ebx
:00421EE7 C3
ret
:00421EE8
:00421EE9
:00421EEB
:00421EEC
:00421EED
:00421EF0
:00421EF3
:00421EF7
:00421EF9
:00421EFC
:00421F01
55
8BEC
51
53
8945FC
8B45FC
83785400
750D
8B45FC
E8DB2FFFFF
E984000000
push ebp
mov ebp, esp
push ecx
push ebx
jne 00421F06
call 00414EDC
jmp 00421F8A
|:00421EF7(C)
|
:00421F06 8B45FC
:00421F09 83785800
:00421F0D 7565
:00421F0F A160374400
:00421F14 E87BB0FEFF
:00421F19 8BD8
:00421F1B 33C0
:00421F1D 55
:00421F1E 686D1F4200
:00421F23 64FF30
:00421F26 648920
:00421F29 837B0804
:00421F2D 7C05
:00421F2F E820FEFFFF
|:00421F2D(C)
|
:00421F34 8B45FC
:00421F37 8D505C
:00421F3A 8B45FC
:00421F3D 8B4054
:00421F40 8B08
:00421F42 FF5148
:00421F45 8B55FC
:00421F48 894258
:00421F4B 8B55FC
:00421F4E 8BC3
:00421F50 E80BABFEFF
:00421F55 33C0
:00421F57 5A
:00421F58 59
:00421F59 59

jne 00421F74
call 0040CF94
mov ebx, eax
xor eax, eax
push ebp
push 00421F6D
jl 00421F34
call 00421D54

lea edx, dword ptr [eax+5C]
call [ecx+48]
mov eax, ebx
call 0040CA60
xor eax, eax
pop edx
pop ecx
pop ecx
:00421F5A 648910
:00421F5D 68741F4200

push 00421F74
|:00421F72(U)
|
:00421F62 A160374400
:00421F67 E88CB0FEFF
:00421F6C C3
:00421F6D E90613FEFF
:00421F72 EBEE
jmp 00403278
jmp 00421F62
|:00421F0D(C)
|
:00421F74 8B45FC
:00421F77 8B5058
:00421F7A 8B45FC
:00421F7D E85E2FFFFF
:00421F82 8B45FC
:00421F85 E852000000

call 0040CFF8
ret
mov eax, dword

mov edx, dword
mov eax, dword
call 00414EE0
mov eax, dword
call 00421FDC
ptr [ebp-04]
ptr [eax+58]
ptr [ebp-04]
ptr [ebp-04]

|:00421F01(U)
|
:00421F8A 5B
pop ebx
:00421F8B 59
pop ecx
:00421F8C 5D
pop ebp
:00421F8D C3
ret
:00421F8E 8BC0
mov eax, eax

|:00421DB6 , :00421E6B , :00421EC9 , :00421FD1
|
:00421F90 53
push ebx
:00421F91 8BD8
mov ebx, eax
:00421F93 837B5800
:00421F97 7427
je 00421FC0
:00421F99 33D2
xor edx, edx
:00421F9B 8BC3
mov eax, ebx
:00421F9D E83E2FFFFF
call 00414EE0
:00421FA2 8BD3
mov edx, ebx
:00421FA4 A160374400
:00421FA9 E8FAAFFEFF
call 0040CFA8
:00421FAE 8B4358
:00421FB1 50
push eax
:00421FB2 8B435C
:00421FB5 50
push eax
|
:00421FB6 E8A543FEFF
Call 00406360
:00421FBB 33C0
xor eax, eax
:00421FBD 894358
|:00421F97(C)
|
:00421FC0 5B
:00421FC1 C3
pop ebx
ret
:00421FC2 8BC0
mov eax, eax

|:0042A004 , :0042A8F8 , :0042BCF0 , :004382EF
|
:00421FC4 53
push ebx
:00421FC5 56
push esi
:00421FC6 8BF2
mov esi, edx
:00421FC8 8BD8
mov ebx, eax
:00421FCA 3B7354
:00421FCD 740A
je 00421FD9
:00421FCF 8BC3
mov eax, ebx
:00421FD1 E8BAFFFFFF
call 00421F90
:00421FD6 897354
|:00421FCD(C)
|
:00421FD9 5E
pop esi
:00421FDA 5B
pop ebx
:00421FDB C3
ret

|:00421F85 , :0042A9B9
|
:00421FDC 53
push ebx
:00421FDD 8BD8
mov ebx, eax
:00421FDF 837B5400
:00421FE3 7427
je 0042200C
:00421FE5 A1502D4400
:00421FEA 80780900
:00421FEE 7415
je 00422005
:00421FF0 8B4354
:00421FF3 E884170000
call 0042377C
:00421FF8 84C0
test al, al
:00421FFA 7409
je 00422005
:00421FFC 814B5080000000
or dword ptr [ebx+50], 00000080
:00422003 EB07
jmp 0042200C
|:00421FEE(C), :00421FFA(C)
|
:00422005 8163507FFFFFFF
and dword ptr [ebx+50], FFFFFF7F
|:00421FE3(C), :00422003(U)
|
:0042200C 5B
pop ebx
:0042200D C3
ret
:0042200E 8BC0
mov eax, eax

|:00422497
|
:00422010 53
push ebx
:00422011 56
push esi
:00422012 57
push edi
:00422013 84D2
test dl, dl
:00422015 7408
je 0042201F
:00422017 83C4F0
add esp, FFFFFFF0
:0042201A E8E50EFEFF
call 00402F04
|:00422015(C)
|
:0042201F 8BF1
:00422021 8BDA
:00422023 8BF8
:00422025 33D2
:00422027 8BC7
:00422029 E8C20BFEFF
:0042202E 897704
:00422031 8BC7
:00422033 84DB
:00422035 740F
:00422037 E8200FFEFF
:0042203C 648F0500000000
:00422043 83C40C

mov esi, ecx
mov ebx, edx
mov edi, eax
xor edx, edx
mov eax, edi
call 00402BF0
mov eax, edi
test bl, bl
je 00422046
call 00402F5C
add esp, 0000000C

|:00422035(C)
|
:00422046 8BC7
mov eax, edi
:00422048 5F
pop edi
:00422049 5E
pop esi
:0042204A 5B
pop ebx
:0042204B C3
ret
:0042204C
:0042204D
:0042204E
:00422050
:00422052
53
56
8BDA
8BF0
8BC3
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, ebx
* Possible StringData Ref from Code Obj ->"L B"

|
:00422054 8B1588ED4100
mov edx, dword ptr [0041ED88]
:0042205A E8310DFEFF
call 00402D90
:0042205F 84C0
test al, al
:00422061 7426
je 00422089
:00422063 8BC3
mov eax, ebx
:00422065 8B5608
:00422068 895008
:0042206B 8B560C
:0042206E 89500C
:00422071 8B5610
:00422074 895010
:00422077 8B5608
:0042207A 895008
:0042207D
:00422081
:00422086
:00422087
:00422088
66BBFDFF
E86E0DFEFF
5E
5B
C3
mov bx, FFFD

call 00402DF4
pop esi
pop ebx
ret
|:00422061(C)
|
:00422089 8BD3
:0042208B 8BC6
:0042208D E87AB2FEFF
:00422092 5E
:00422093 5B
:00422094 C3
:00422095
:00422098
:00422099
:0042209A
:0042209C
:0042209F
:004220A1
:004220A3
:004220A4
:004220A6
:004220A7
:004220A9

push ebx
push esi
mov esi, eax
sub edx, 00000001
jb 004220AE
je 004220D4
dec edx
je 004220F6
dec edx
je 0042211A
jmp 0042213B
8D4000
53
56
8BF0
83EA01
720D
7431
4A
7450
4A
7471
E98D000000
mov edx, ebx

mov eax, esi
call 0040D30C
pop esi
pop ebx
ret
|:0042209F(C)
|
:004220AE 3B4E08
:004220B1 0F8484000000
:004220B7 894E08
:004220BA 85C9
:004220BC 7608
:004220BE 3B4E10
:004220C1 7303
:004220C3 894E10
|:004220BC(C), :004220C1(C)
|
:004220C6 8BC6
:004220C8 66BBFDFF
:004220CC E8230DFEFF
:004220D1 5E
:004220D2 5B
:004220D3 C3
cmp ecx, dword ptr [esi+08]

je 0042213B
test ecx, ecx
jbe 004220C6
jnb 004220C6
mov eax, esi

mov bx, FFFD
call 00402DF4
pop esi
pop ebx
ret

|:004220A1(C)
|
:004220D4 3B4E0C
cmp ecx, dword ptr [esi+0C]
:004220D7
:004220D9
:004220DC
:004220DE
:004220E0
:004220E3
:004220E5
7462
894E0C
85C9
7608
3B4E14
7303
894E14
|:004220DE(C), :004220E3(C)
|
:004220E8 8BC6
:004220EA 66BBFDFF
:004220EE E8010DFEFF
:004220F3 5E
:004220F4 5B
:004220F5 C3
je 0042213B
mov dword ptr [esi+0C], ecx
test ecx, ecx
jbe 004220E8
jnb 004220E8
mov eax, esi
mov bx, FFFD
call 00402DF4
pop esi
pop ebx
ret

|:004220A4(C)
|
:004220F6 3B4E10
:004220F9 7440
je 0042213B
:004220FB 894E10
:004220FE 8B4608
:00422101 85C0
test eax, eax
:00422103 7607
jbe 0042210C
:00422105 3BC1
cmp eax, ecx
:00422107 7303
jnb 0042210C
:00422109 894E08
|:00422103(C), :00422107(C)
|
:0042210C 8BC6
:0042210E 66BBFDFF
:00422112 E8DD0CFEFF
:00422117 5E
:00422118 5B
:00422119 C3

mov eax, esi
mov bx, FFFD
call 00402DF4
pop esi
pop ebx
ret

|:004220A7(C)
|
:0042211A 3B4E14
:0042211D 741C
je 0042213B
:0042211F 894E14
:00422122 8B460C
:00422125 85C0
test eax, eax
:00422127 7607
jbe 00422130
:00422129 3BC1
cmp eax, ecx
:0042212B 7303
jnb 00422130
:0042212D 894E0C
mov dword ptr [esi+0C], ecx
|:00422127(C), :0042212B(C)
|
:00422130 8BC6
:00422132 66BBFDFF
:00422136 E8B90CFEFF
mov eax, esi

mov bx, FFFD
call 00402DF4

|:004220A9(U), :004220B1(C), :004220D7(C), :004220F9(C), :0042211D(C)
|
:0042213B 5E
pop esi
:0042213C 5B
pop ebx
:0042213D C3
ret
:0042213E
:00422140
:00422141
:00422146
:00422148
:0042214A
:0042214C
:0042214F
8BC0
53
6683781A00
740A
8BD8
8BD0
8B431C
FF5318
mov eax, eax

push ebx
cmp word ptr [eax+1A], 0000
je 00422152
mov ebx, eax
mov edx, eax
call [ebx+18]

|:00422146(C)
|
:00422152 5B
pop ebx
:00422153 C3
ret

|:00425202
|
:00422154 53
push ebx
:00422155 56
push esi
:00422156 8BF2
mov esi, edx
:00422158 8BD8
mov ebx, eax
:0042215A 8BC6
mov eax, esi
|
:0042215C 8B15BCF44100
:00422162 E8410CFEFF
call 00402DA8
:00422167 894310
:0042216A 5E
pop esi
:0042216B 5B
pop ebx
:0042216C C3
ret
:0042216D
:00422170
:00422171
:00422173
:00422176
:00422177
:00422178
:00422179
:0042217B
:0042217E
:00422181
8D4000
55
8BEC
83C4E8
53
56
57
33C9
894DFC
894DE8
8BF2

push ebp
mov ebp, esp
add esp, FFFFFFE8
push ebx
push esi
push edi
xor ecx, ecx
mov esi, edx
:00422183
:00422185
:00422187
:00422188
:0042218D
:00422190
:00422193
:00422195
:00422198
:0042219E
:004221A3
:004221A5
:004221A7
:004221A9
:004221AC
:004221B1
:004221B3
:004221B5
:004221BA
:004221BC
:004221C0
:004221C2
:004221C5
:004221CA
:004221CC
:004221CF
:004221D1
:004221D4
:004221D5
:004221D7
:004221DA
:004221DE
:004221E1
:004221E4
:004221E8
:004221ED
:004221F0
:004221F3
:004221F7
:004221FA
8BF8
33C0
55
6831224200
64FF30
648920
B301
8B470C
8B15F4D74200
E8ED0BFEFF
84C0
746C
8BD6
8B470C
E803C20000
84C0
745E
A1302C4400
8B00
80786400
7451
8B470C
6683786000
7447
833E00
7442
8D45FC
50
8B06
8945EC
C645F00B
8D55E8
8B470C
668B4060
E8E3E40000
8B45E8
8945F4
C645F80B
8D55EC
B901000000
mov edi, eax

xor eax, eax
push ebp
push 00422231
mov bl, 01
call 00402D90
test al, al
je 00422213
mov edx, esi
call 0042E3B4
test al, al
je 00422213
je 00422213
je 00422213
je 00422213
push eax
mov [ebp-10], 0B
call 004306D0
mov [ebp-08], 0B
mov ecx, 00000001
* Possible StringData Ref from Code Obj ->"%s (%s)"

|
:004221FF B84C224200
mov eax, 0042224C
:00422204 E8FB5DFEFF
call 00408004
:00422209 8B55FC
:0042220C 8BC6
mov eax, esi
:0042220E E8F915FEFF
call 0040380C
|:004221A5(C), :004221B3(C), :004221C0(C), :004221CA(C), :004221CF(C)
|
:00422213 33C0
xor eax, eax
:00422215 5A
pop edx
:00422216 59
pop ecx
:00422217 59
pop ecx
:00422218 648910
:0042221B 6838224200
push 00422238
|:00422236(U)
|
:00422220 8D45E8
:00422223 E89015FEFF
:00422228 8D45FC
:0042222B E88815FEFF
:00422230 C3

call 004037B8
call 004037B8
ret
:00422231
:00422236
:00422238
:0042223A
:0042223B
:0042223C
:0042223D
:0042223F
:00422240
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
E94210FEFF
EBE8
8BC3
5F
5E
5B
8BE5
5D
C3
00403278
00422220
eax, ebx
edi
esi
ebx
esp, ebp
ebp
:00422241 000000
BYTE 3 DUP(0)
:00422244 FFFFFFFF
BYTE 4 DUP(0ffh)
:00422248 07
:00422249 000000
pop es
BYTE 3 DUP(0)
:0042224C 2573202825
:00422251 7329
:00422253 00
and eax, 25282073

jnb 0042227C
BYTE 0
:00422254
:00422255
:00422257
:00422259
:0042225A
:0042225C
:0042225E
:0042225F
:00422264
:00422267
:0042226A
:0042226C
:00422271
:00422273
:00422275
:00422278
:0042227B
:00422280
:00422283
:00422284
:00422287
:0042228D
:00422292
:00422295
:00422296
push ebp
mov ebp, esp
push 00000000
push ebx
mov ebx, eax
xor eax, eax
push ebp
push 004222BB
mov eax, ebx
call 0042DEC8
test al, al
je 0042229D
call 004231A4
push eax
call 00402DA8
pop eax
call 00403B44
55
8BEC
6A00
53
8BD8
33C0
55
68BB224200
64FF30
648920
8BC3
E857BC0000
84C0
7428
8D55FC
8B4310
E8240F0000
8B45FC
50
8B430C
8B15F4D74200
E8160BFEFF
8B504C
58
E8A918FEFF
:0042229B 7404
je 004222A1

|:00422273(C)
|
:0042229D 33C0
xor eax, eax
:0042229F EB02
jmp 004222A3
|:0042229B(C)
|
:004222A1 B001
mov al, 01
|:0042229F(U)
|
:004222A3 8BD8
:004222A5 33C0
:004222A7 5A
:004222A8 59
:004222A9 59
:004222AA 648910
:004222AD 68C2224200
|:004222C0(U)
|
:004222B2 8D45FC
:004222B5 E8FE14FEFF
:004222BA C3
:004222BB
:004222C0
:004222C2
:004222C4
:004222C5
:004222C6
:004222C7
E9B80FFEFF
EBF0
8BC3
5B
59
5D
C3
jmp
jmp
mov
pop
pop
pop
ret
:004222C8
:004222C9
:004222CB
:004222CD
:004222D2
:004222D4
:004222D6
:004222D9
:004222DB
:004222DE
:004222DF
:004222E2
:004222E8
:004222ED
:004222EE
:004222F1
53
8BD8
8BC3
E81EBC0000
84C0
741D
8B4310
8B10
FF5250
50
8B430C
8B15F4D74200
E8BB0AFEFF
5A
3A5051
7404
push ebx
mov ebx, eax
mov eax, ebx
call 0042DEF0
test al, al
je 004222F3
call [edx+50]
push eax
call 00402DA8
pop edx
je 004222F7
mov ebx, eax

xor eax, eax
pop edx
pop ecx
pop ecx
push 004222C2

call 004037B8
ret
00403278
004222B2
eax, ebx
ebx
ecx
ebp

|:004222D4(C)
|
:004222F3 33C0
:004222F5 5B
:004222F6 C3
xor eax, eax

pop ebx
ret

|:004222F1(C)
|
:004222F7 B001
mov al, 01
:004222F9 5B
pop ebx
:004222FA C3
ret
:004222FB
:004222FC
:004222FD
:004222FF
:00422301
:00422306
:00422308
:0042230A
:0042230D
:00422313
:00422318
:0042231B
:0042231E
:00422321
:00422326
90
53
8BD8
8BC3
E812BC0000
84C0
741E
8B430C
8B15F4D74200
E8900AFEFF
8B5058
8B4310
8B4074
E81E18FEFF
7404
nop
push ebx
mov ebx, eax
mov eax, ebx
call 0042DF18
test al, al
je 00422328
mov eax, dword
mov edx, dword
call 00402DA8
mov edx, dword
mov eax, dword
mov eax, dword
call 00403B44
je 0042232C
ptr [ebx+0C]
ptr [0042D7F4]
ptr [eax+58]
ptr [ebx+10]
ptr [eax+74]

|:00422308(C)
|
:00422328 33C0
xor eax, eax
:0042232A 5B
pop ebx
:0042232B C3
ret

|:00422326(C)
|
:0042232C B001
mov al, 01
:0042232E 5B
pop ebx
:0042232F C3
ret
:00422330
:00422331
:00422333
:00422335
:0042233A
:0042233C
:0042233E
:00422341
:00422347
:0042234C
:0042234F
:00422352
53
8BD8
8BC3
E81ABC0000
84C0
7419
8B430C
8B15F4D74200
E85C0AFEFF
8A4062
8B5310
3A4247
push ebx
mov ebx, eax
mov eax, ebx
call 0042DF54
test al, al
je 00422357
call 00402DA8
:00422355 7404
je 0042235B

|:0042233C(C)
|
:00422357 33C0
xor eax, eax
:00422359 5B
pop ebx
:0042235A C3
ret

|:00422355(C)
|
:0042235B B001
mov al, 01
:0042235D 5B
pop ebx
:0042235E C3
ret
:0042235F
:00422360
:00422361
:00422363
:00422365
:0042236A
:0042236C
:0042236E
:00422371
:00422377
:0042237A
:0042237D
90
53
8BD8
8BC3
E82EFAFEFF
84C0
7411
8B4310
8B8004010000
8B530C
3B422C
7404
nop
push ebx
mov ebx, eax
mov eax, ebx
call 00411D98
test al, al
je 0042237F
mov eax, dword
mov eax, dword
mov edx, dword
cmp eax, dword
je 00422383
ptr
ptr
ptr
ptr
[ebx+10]
[eax+00000104]
[ebx+0C]
[edx+2C]

|:0042236C(C)
|
:0042237F 33C0
xor eax, eax
:00422381 5B
pop ebx
:00422382 C3
ret

|:0042237D(C)
|
:00422383 B001
mov al, 01
:00422385 5B
pop ebx
:00422386 C3
ret
:00422387
:00422388
:00422389
:0042238A
:0042238C
:0042238E
:00422390
:00422392
:00422395
:00422397
:00422399
90
53
56
8BF2
8BD8
8BC3
8B10
FF521C
84C0
740A
8BD6
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+1C]
test al, al
je 004223A3
mov edx, esi
:0042239B 8B4310
:0042239E E8310E0000

call 004231D4

|:00422397(C)
|
:004223A3 5E
pop esi
:004223A4 5B
pop ebx
:004223A5 C3
ret
:004223A6
:004223A8
:004223A9
:004223AA
:004223AC
:004223AE
:004223B0
:004223B2
:004223B5
:004223B7
:004223B9
:004223BB
:004223BE
:004223C0
8BC0
53
56
8BDA
8BF0
8BC6
8B10
FF5224
84C0
740A
8BD3
8B4610
8B08
FF5160
mov eax, eax

push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, esi
call [edx+24]
test al, al
je 004223C3
mov edx, ebx
call [ecx+60]

|:004223B7(C)
|
:004223C3 5E
pop esi
:004223C4 5B
pop ebx
:004223C5 C3
ret
:004223C6
:004223C8
:004223C9
:004223CA
:004223CC
:004223CE
:004223D0
:004223D2
:004223D5
:004223D7
:004223D9
:004223DC
:004223DF
:004223E1
8BC0
53
56
8BF2
8BD8
8BC3
8B10
FF522C
84C0
740D
8B4310
83C074
8BD6
E82614FEFF
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+2C]
test al, al
je 004223E6
add eax, 00000074
mov edx, esi
call 0040380C

|:004223D7(C)
|
:004223E6 5E
pop esi
:004223E7 5B
pop ebx
:004223E8 C3
ret
:004223E9 8D4000
:004223EC 53
:004223ED 56

push ebx
push esi
:004223EE
:004223F0
:004223F2
:004223F4
:004223F6
:004223F9
:004223FB
:004223FD
:004223FF
:00422402
8BDA
8BF0
8BC6
8B10
FF5238
84C0
740A
8BD3
8B4610
E88D0C0000
mov ebx, edx

mov esi, eax
mov eax, esi
call [edx+38]
test al, al
je 00422407
mov edx, ebx
call 00423094

|:004223FB(C)
|
:00422407 5E
pop esi
:00422408 5B
pop ebx
:00422409 C3
ret
:0042240A
:0042240C
:0042240D
:0042240F
:00422410
:00422412
:00422414
:00422416
:00422419
:0042241B
:0042241D
:00422420
:00422423
:00422429
:0042242C
8BC0
55
8BEC
53
8BD8
8BC3
8B10
FF5208
84C0
7415
8B4310
8B5508
899004010000
8B550C
899008010000
mov eax, eax

push ebp
mov ebp, esp
push ebx
mov ebx, eax
mov eax, ebx
call [edx+08]
test al, al
je 00422432

|:0042241B(C)
|
:00422432 5B
pop ebx
:00422433 5D
pop ebp
:00422434 C20800
ret 0008
:00422437 90
nop

|:0042528B , :00429FE7
|
:00422438 55
push ebp
:00422439 8BEC
mov ebp, esp
:0042243B 51
push ecx
:0042243C 53
push ebx
:0042243D 56
push esi
:0042243E 84D2
test dl, dl
:00422440 7408
je 0042244A
:00422442 83C4F0
add esp, FFFFFFF0
:00422445 E8BA0AFEFF
call 00402F04
|:00422440(C)
|
:0042244A
:0042244D
:0042244F
:00422451
:00422453
:00422458
:0042245B
:0042245D
:00422460
:00422463
:00422468
:0042246B
:0042246D
:00422472
:00422477
:00422479
:0042247C
:0042247F
:00422486
:0042248B
:0042248E
:00422490
8855FF
8BD8
33D2
8BC3
E868F0FEFF
895B2C
8B03
8B4070
894328
A100254200
894340
B201
A1BC284100
E87D19FFFF
8BF0
897358
895E08
C7460454324200
A004254200
884360
8BCB
B201

mov ebx, eax
xor edx, edx
mov eax, ebx
call 004114C0
mov dword ptr [ebx+2C], ebx
mov dl, 01
call 00413DF4
mov esi, eax
mov [esi+04], 00423254
mov ecx, ebx
mov dl, 01
* Possible StringData Ref from Code Obj ->"L B"

|
:00422492 A188ED4100
mov eax, dword ptr [0041ED88]
:00422497 E874FBFFFF
call 00422010
:0042249C 8BF0
mov esi, eax
:0042249E 897368
:004224A1 895E1C
mov dword ptr [esi+1C], ebx
:004224A4 C74618B43F4200
mov [esi+18], 00423FB4
:004224AB C7436405000080
mov [ebx+64], 80000005
:004224B2 C6434701
mov [ebx+47], 01
:004224B6 C6434801
mov [ebx+48], 01
:004224BA C6434901
mov [ebx+49], 01
:004224BE C6434A01
mov [ebx+4A], 01
:004224C2 C6838600000001
mov byte ptr [ebx+00000086], 01
:004224C9 C6435001
mov [ebx+50], 01
:004224CD C6434E00
mov [ebx+4E], 00
:004224D1 66C7436EF4FF
mov [ebx+6E], FFF4
:004224D7 A17C5F4300
mov eax, dword ptr [00435F7C]
:004224DC 8983A0000000
mov dword ptr [ebx+000000A0], eax
:004224E2 8BC3
mov eax, ebx
:004224E4 807DFF00
:004224E8 740F
je 004224F9
:004224EA E86D0AFEFF
call 00402F5C
:004224EF 648F0500000000
:004224F6 83C40C
add esp, 0000000C
|:004224E8(C)
|
:004224F9 8BC3
mov eax, ebx
:004224FB 5E
pop esi
:004224FC 5B
pop ebx
:004224FD 59
pop ecx
:004224FE 5D
pop ebp
:004224FF C3
ret
:00422500 AA
:00422501 000000
stosb
BYTE 3 DUP(0)
:00422504 0300
:00422506 0000


|:0042540F , :0042A045
|
:00422508 53
push ebx
:00422509 56
push esi
:0042250A 83C4EC
add esp, FFFFFFEC
:0042250D E8520AFEFF
call 00402F64
:00422512 881424
:00422515 8BF0
mov esi, eax
:00422517 A1302C4400
:0042251C 8B00
:0042251E 8BD6
mov edx, esi
:00422520 E857B90100
call 0043DE7C
:00422525 33D2
xor edx, edx
:00422527 8BC6
mov eax, esi
:00422529 8B08
:0042252B FF5164
call [ecx+64]
:0042252E 8B868C000000
:00422534 85C0
test eax, eax
:00422536 7438
je 00422570
:00422538 F6402008
test [eax+20], 08
:0042253C 7532
jne 00422570
:0042253E 56
push esi
:0042253F 33C9
xor ecx, ecx
:00422541 BA39B00000
mov edx, 0000B039
:00422546 E8491C0000
call 00424194
:0042254B 8D542404
:0042254F 8BC6
mov eax, esi
:00422551 E802060000
call 00422B58
:00422556 8D4C2404
:0042255A 83CAFF
or edx, FFFFFFFF
:0042255D 8BC6
mov eax, esi
:0042255F 66BBD2FF
mov bx, FFD2
:00422563 E88C08FEFF
call 00402DF4
:00422568 33C0
xor eax, eax
:0042256A 89868C000000
|:00422536(C), :0042253C(C)
|
:00422570 8B465C
:00422573 E8A806FEFF
:00422578 33C0
:0042257A 89465C
:0042257D 8B4668
:00422580 E89B06FEFF
:00422585 8B4658
:00422588 E89306FEFF
:0042258D 8B4654
:00422590 E88755FEFF
:00422595 8A1424
:00422598 80E2FC

call 00402C20
xor eax, eax
call 00402C20
call 00402C20
call 00407B1C
and dl, FC
:0042259B
:0042259D
:004225A2
:004225A6
:004225A8
:004225AA
8BC6
E86AEFFEFF
803C2400
7E07
8BC6
E8A509FEFF
mov eax, esi

call 0041150C
jle 004225AF
mov eax, esi
call 00402F54

|:004225A6(C)
|
:004225AF 83C414
add esp, 00000014
:004225B2 5E
pop esi
:004225B3 5B
pop ebx
:004225B4 C3
ret
:004225B5 8D4000
:004225B8 33C0
:004225BA C3

xor eax, eax
ret
:004225BB 90
:004225BC 8A4048
:004225BF C3
nop
ret
:004225C0 33C0
:004225C2 C3
xor eax, eax

ret
:004225C3
:004225C4
:004225C8
:004225CB
nop
setne al
ret
90
83782400
0F95C0
C3
:004225CC 8B4024
:004225CF C3

ret
:004225D0
:004225D1
:004225D2
:004225D4
:004225D6
:004225D8
:004225DE
:004225E3
:004225E5
:004225E7
:004225E9
:004225EB
:004225ED
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 00402D90
test al, al
je 004225F0
mov edx, esi
mov eax, ebx
call [ecx+64]
53
56
8BF2
8BD8
8BC6
8B15CCF94100
E8AD07FEFF
84C0
7409
8BD6
8BC3
8B08
FF5164

|:004225E5(C)
|
:004225F0 5E
pop esi
:004225F1 5B
pop ebx
:004225F2 C3
ret
:004225F3 90
nop

|:00428282
|
:004225F4 53
push ebx
:004225F5 56
push esi
:004225F6 57
push edi
:004225F7 83C4F8
add esp, FFFFFFF8
:004225FA 881424
:004225FD 8BF0
mov esi, eax
:004225FF C644240100
mov [esp+01], 00
:00422604 807E4700
:00422608 745B
je 00422665
:0042260A 8BC6
mov eax, esi
:0042260C 66BBDDFF
mov bx, FFDD
:00422610 E8DF07FEFF
call 00402DF4
:00422615 8BF8
mov edi, eax
:00422617 85FF
test edi, edi
:00422619 744A
je 00422665
:0042261B 8D542404
:0042261F 8BC6
mov eax, esi
:00422621 8B08
:00422623 FF5148
call [ecx+48]
:00422626 8BD8
mov ebx, eax
:00422628 8A0424
:0042262B 3401
xor al, 01
:0042262D F6D8
neg al
:0042262F 1BC0
sbb eax, eax
:00422631 50
push eax
:00422632 57
push edi
:00422633 53
push ebx
|
:00422634 E83739FEFF
Call 00405F70
:00422639 8BF8
mov edi, eax
:0042263B 53
push ebx
|
:0042263C E8FF38FEFF
Call 00405F40
:00422641 85C0
test eax, eax
:00422643 7407
je 0042264C
:00422645 8BC6
mov eax, esi
:00422647 8B10
:00422649 FF5278
call [edx+78]
|:00422643(C)
|
:0042264C 6AFF
push FFFFFFFF
:0042264E 57
push edi
:0042264F 53
push ebx
|
:00422650 E81B39FEFF
Call 00405F70
:00422655 53
:00422656 8B442408
:0042265A 50
push ebx
push eax

|
:0042265B E8003DFEFF
Call 00406360
:00422660 C644240101
mov [esp+01], 01
|:00422608(C), :00422619(C)
|
:00422665 8A442401
:00422669 59
:0042266A 5A
:0042266B 5F
:0042266C 5E
:0042266D 5B
:0042266E C3
:0042266F 90
nop
mov
pop
pop
pop
pop
pop
ret

ecx
edx
edi
esi
ebx

|:00422807 , :004244C7 , :004244D2 , :00424E78 , :00424F48
|:00424F53
|
:00422670 8B505C
:00422673 85D2
test edx, edx
:00422675 7404
je 0042267B
:00422677 8B420C
:0042267A C3
ret

|:00422675(C)
|
:0042267B 33C0
xor eax, eax
:0042267D C3
ret
:0042267E 8BC0
mov eax, eax

|:00422814
|
:00422680 53
push ebx
:00422681 56
push esi
:00422682 57
push edi
:00422683 8BFA
mov edi, edx
:00422685 8BF0
mov esi, eax
:00422687 85FF
test edi, edi
:00422689 7516
jne 004226A1
:0042268B 8B465C
:0042268E E88D05FEFF
call 00402C20
:00422693 33C0
xor eax, eax
:00422695 89465C
:00422698 816640FF7FFFFF
and dword ptr [esi+40], FFFF7FFF
:0042269F EB56
jmp 004226F7
|:00422689(C)
|
:004226A1 814E4000800000
:004226A8 837E5C00
:004226AC 7515
:004226AE 8BC6
:004226B0 66BBDFFF
:004226B4 E83B07FEFF
:004226B9 8BCE
:004226BB B201
:004226BD FF5014
:004226C0 89465C
|:004226AC(C)
|
:004226C3 8BD7
:004226C5 8B465C
:004226C8 8B08
:004226CA FF510C
:004226CD 8B465C
:004226D0 897008
:004226D3 C74004704E4200
:004226DA F6472001
:004226DE 0F95C1
:004226E1 8BD7
:004226E3 8BC6
:004226E5 66BBF0FF
:004226E9 E80607FEFF
:004226EE 8BD6
:004226F0 8BC7
:004226F2 E899EEFEFF

jne 004226C3
mov eax, esi
mov bx, FFDF
call 00402DF4
mov ecx, esi
mov dl, 01
call [eax+14]
mov edx, edi

call [ecx+0C]
mov [eax+04], 00424E70
test [edi+20], 01
setne cl
mov edx, edi
mov eax, esi
mov bx, FFF0
call 00402DF4
mov edx, esi
mov eax, edi
call 00411590

|:0042269F(U)
|
:004226F7 5F
pop edi
:004226F8 5E
pop esi
:004226F9 5B
pop ebx
:004226FA C3
ret
:004226FB
:004226FC
:004226FD
:004226FF
:00422701
:00422704
:0042270A
:0042270D
:00422710
:00422711
90
53
8BD8
33C0
8A434B
8A800C264400
3A4360
0F95C0
5B
C3
:00422712 8BC0
:00422714 88504D
:00422717 C3
nop
push ebx
mov ebx, eax
xor eax, eax
mov al, byte ptr [ebx+4B]
cmp al, byte ptr [ebx+60]
setne al
pop ebx
ret
mov eax, eax
mov byte ptr [eax+4D], dl
ret

|:0043C2B3
|
:00422718 8B5024
:0042271B 85D2
test edx, edx
:0042271D 7406
je 00422725
:0042271F 92
xchg eax,edx
:00422720 E823340000
call 00425B48
|:0042271D(C)
|
:00422725 C3
:00422726 8BC0
:00422728 53
:00422729 6683B8DE00000000
:00422731 7410
:00422733 8BD8
:00422735 8BD0
:00422737 8B83E0000000
:0042273D FF93DC000000

ret
mov eax, eax
push ebx
cmp word ptr [eax+000000DE], 0000
je 00422743
mov ebx, eax
mov edx, eax
mov eax, dword ptr [ebx+000000E0]
call dword ptr [ebx+000000DC]

|:00422731(C)
|
:00422743 5B
pop ebx
:00422744 C3
ret
:00422745 8D4000

|:00425521
|
:00422748 53
push ebx
:00422749 56
push esi
:0042274A 57
push edi
:0042274B 8BF2
mov esi, edx
:0042274D 8BD8
mov ebx, eax
:0042274F 66834B4408
or word ptr [ebx+44], 0008
:00422754 8B7E28
:00422757 8BC7
mov eax, edi
:00422759 8B15CCF94100
:0042275F E82C06FEFF
call 00402D90
:00422764 84C0
test al, al
:00422766 7409
je 00422771
:00422768 8BD7
mov edx, edi
:0042276A 8BC3
mov eax, ebx
:0042276C 8B08
:0042276E FF5164
call [ecx+64]
|:00422766(C)
|
:00422771 8BD6
:00422773 8BC3
:00422775 E83AF1FEFF
:0042277A 66836344F7

mov edx, esi
mov eax, ebx
call 004118B4
and word ptr [ebx+44], FFF7
:0042277F
:00422783
:00422785
:00422787
:00422789
:0042278E
:00422790
:00422795
:00422797
:00422799
:0042279E
:004227A0
:004227A5
:004227A7
:004227A9
:004227AE
:004227B0
:004227B5
:004227B7
:004227B9
:004227BE
:004227C0
:004227C5
:004227C7
:004227C9
:004227CE
:004227D0
837B2400
7450
6A00
33C9
BA09B00000
8BC3
E8FF190000
6A00
33C9
BA08B00000
8BC3
E8EF190000
6A00
33C9
BA23B00000
8BC3
E8DF190000
6A00
33C9
BA35B00000
8BC3
E8CF190000
6A00
33C9
BA3DB00000
8BC3
E8BF190000

je 004227D5
push 00000000
xor ecx, ecx
mov edx, 0000B009
mov eax, ebx
call 00424194
push 00000000
xor ecx, ecx
mov edx, 0000B008
mov eax, ebx
call 00424194
push 00000000
xor ecx, ecx
mov edx, 0000B023
mov eax, ebx
call 00424194
push 00000000
xor ecx, ecx
mov edx, 0000B035
mov eax, ebx
call 00424194
push 00000000
xor ecx, ecx
mov edx, 0000B03D
mov eax, ebx
call 00424194

|:00422783(C)
|
:004227D5 5F
pop edi
:004227D6 5E
pop esi
:004227D7 5B
pop ebx
:004227D8 C3
ret
:004227D9 8D4000

|:0041D7BB , :00438564
|
:004227DC 53
push ebx
:004227DD 56
push esi
:004227DE 57
push edi
:004227DF 8BD9
mov ebx, ecx
:004227E1 8BFA
mov edi, edx
:004227E3 8BF0
mov esi, eax
:004227E5 8BCB
mov ecx, ebx
:004227E7 8BD7
mov edx, edi
:004227E9 8BC6
mov eax, esi
:004227EB E878EFFEFF
call 00411768
:004227F0 80FB01
cmp bl, 01
:004227F3 7524
jne 00422819
:004227F5 3B7E70
:004227F8 750B
jne 00422805
:004227FA 33D2
xor edx, edx
:004227FC 8BC6
mov eax, esi
:004227FE E859090000
call 0042315C
:00422803 EB14
jmp 00422819
|:004227F8(C)
|
:00422805 8BC6
:00422807 E864FEFFFF
:0042280C 3BF8
:0042280E 7509
:00422810 33D2
:00422812 8BC6
:00422814 E867FEFFFF

mov eax, esi
call 00422670
cmp edi, eax
jne 00422819
xor edx, edx
mov eax, esi
call 00422680

|:004227F3(C), :00422803(U), :0042280E(C)
|
:00422819 5F
pop edi
:0042281A 5E
pop esi
:0042281B 5B
pop ebx
:0042281C C3
ret
:0042281D 8D4000

|:00425DA3 , :00425DAC , :0043C72A , :0043C9B7
|
:00422820 53
push ebx
:00422821 56
push esi
:00422822 51
push ecx
:00422823 881424
:00422826 8BF0
mov esi, eax
:00422828 8A464B
mov al, byte ptr [esi+4B]
:0042282B 3A0424
cmp al, byte ptr [esp]
:0042282E 7477
je 004228A7
:00422830 8A1424
:00422833 88564B
mov byte ptr [esi+4B], dl
:00422836 F6462001
test [esi+20], 01
:0042283A 755D
jne 00422899
:0042283C F6462010
test [esi+20], 10
:00422840 7406
je 00422848
:00422842 837E2400
:00422846 7451
je 00422899
|:00422840(C)
|
:00422848 8BD0
mov edx, eax
:0042284A 4A
dec edx
:0042284B 80EA02
sub dl, 02
:0042284E 0F92C2
setb dl
:00422851 8A0C24
:00422854 80C1FD
add cl, FD
:00422857 80E902
sub cl, 02
:0042285A 0F92C1
setb cl
:0042285D 3AD1
cmp dl, cl
:0042285F 752D
jne 0042288E
:00422861 84C0
test al, al
:00422863 7429
je 0042288E
:00422865 2C05
sub al, 05
:00422867 7425
je 0042288E
:00422869
:0042286C
:0042286E
:00422870
:00422872
:00422874
:00422877
:00422878
:0042287B
:0042287C
:0042287F
:00422882
:00422884
:00422886
:0042288C
8A0424
84C0
741E
2C05
741A
8B463C
50
8B4638
50
8B4E34
8B5630
8BC6
8B18
FF9380000000
EB0B

test al, al
je 0042288E
sub al, 05
je 0042288E
push eax
push eax
mov eax, esi
call dword ptr [ebx+00000080]
jmp 00422899

|:0042285F(C), :00422863(C), :00422867(C), :0042286E(C), :00422872(C)
|
:0042288E 8BC6
mov eax, esi
:00422890 66BBEFFF
mov bx, FFEF
:00422894 E85B05FEFF
call 00402DF4
|:0042283A(C), :00422846(C), :0042288C(U)
|
:00422899 33C0
xor eax, eax
:0042289B 8A0424
:0042289E 8A800C264400
:004228A4 884660
|:0042282E(C)
|
:004228A7 8BC6
:004228A9 66BBD6FF
:004228AD E84205FEFF
:004228B2 5A
:004228B3 5E
:004228B4 5B
:004228B5 C3
:004228B6
:004228B8
:004228B9
:004228BB
:004228BC
:004228BD
:004228BE
:004228BF
:004228C2
:004228C4
:004228C6
:004228C9
:004228CC
:004228CE
:004228D3
:004228D5
:004228D7
mov eax, eax

push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
lea ecx, dword ptr [ebp+08]
lea edx, dword ptr [ebp+0C]
mov eax, esi
call 004246F8
test al, al
je 00422955
cmp ebx, dword ptr [esi+30]
8BC0
55
8BEC
51
53
56
57
894DFC
8BDA
8BF0
8D4D08
8D550C
8BC6
E8251E0000
84C0
747E
3B5E30
mov eax, esi

mov bx, FFD6
call 00402DF4
pop edx
pop esi
pop ebx
ret
:004228DA
:004228DC
:004228DF
:004228E2
:004228E4
:004228E7
:004228EA
:004228EC
:004228EF
:004228F2
7518
8B45FC
3B4634
7510
8B450C
3B4638
7508
8B4508
3B463C
7461
jne 004228F4
mov eax, dword
cmp eax, dword
jne 004228F4
mov eax, dword
cmp eax, dword
jne 004228F4
mov eax, dword
cmp eax, dword
je 00422955
ptr [ebp-04]
ptr [esi+34]
ptr [ebp+0C]
ptr [esi+38]
ptr [ebp+08]
ptr [esi+3C]

|:004228DA(C), :004228E2(C), :004228EA(C)
|
:004228F4 33C9
xor ecx, ecx
:004228F6 8A5647
:004228F9 8BC6
mov eax, esi
:004228FB E8D00C0000
call 004235D0
:00422900 8B4D08
:00422903 8B550C
:00422906 8BC6
mov eax, esi
:00422908 8B38
:0042290A FF5730
call [edi+30]
:0042290D 895E30
:00422910 8B45FC
:00422913 894634
:00422916 8B450C
:00422919 894638
:0042291C 8B4508
:0042291F 89463C
:00422922 8BC6
mov eax, esi
:00422924 8B10
:00422926 FF5278
call [edx+78]
:00422929 6A00
push 00000000
:0042292B 33C9
xor ecx, ecx
:0042292D BA47000000
mov edx, 00000047
:00422932 8BC6
mov eax, esi
:00422934 E85B180000
call 00424194
:00422939 8BC6
mov eax, esi
:0042293B 66BBD6FF
mov bx, FFD6
:0042293F E8B004FEFF
call 00402DF4
:00422944 F6462001
test [esi+20], 01
:00422948 750B
jne 00422955
:0042294A 8BC6
mov eax, esi
:0042294C 66BBD5FF
mov bx, FFD5
:00422950 E89F04FEFF
call 00402DF4
|:004228D5(C), :004228F2(C), :00422948(C)
|
:00422955 5F
pop edi
:00422956 5E
pop esi
:00422957 5B
pop ebx
:00422958 59
pop ecx
:00422959 5D
pop ebp
:0042295A C20800
ret 0008
:0042295D 8D4000

|:00424C83 , :00425C9C , :004379A3 , :00438248 , :00440F98
|:004412EF
|
:00422960 53
push ebx
:00422961 56
push esi
:00422962 8BD8
mov ebx, eax
:00422964 8B4338
:00422967 50
push eax
:00422968 8B433C
:0042296B 50
push eax
:0042296C 8B4B34
:0042296F 8BC3
mov eax, ebx
:00422971 8B30
:00422973 FF9680000000
call dword ptr [esi+00000080]
:00422979 808B8400000001
:00422980 5E
pop esi
:00422981 5B
pop ebx
:00422982 C3
ret
:00422983 90
nop

|:00424C79 , :00438251 , :00440FC4 , :004412FD
|
:00422984 53
push ebx
:00422985 56
push esi
:00422986 8BD8
mov ebx, eax
:00422988 8B4338
:0042298B 50
push eax
:0042298C 8B433C
:0042298F 50
push eax
:00422990 8BCA
mov ecx, edx
:00422992 8BC3
mov eax, ebx
:00422994 8B5330
:00422997 8B30
:00422999 FF9680000000
:0042299F 808B8400000002
:004229A6 5E
pop esi
:004229A7 5B
pop ebx
:004229A8 C3
ret
:004229A9 8D4000

|:0041D31D , :0041D8E2 , :0041E3F2 , :0042A3C1 , :00437FA2
|:0043825D , :00440501
|
:004229AC 53
push ebx
:004229AD 56
push esi
:004229AE 8BD8
mov ebx, eax
:004229B0 52
push edx
:004229B1 8B433C
:004229B4 50
push eax
:004229B5 8B4B34
:004229B8 8BC3
mov eax, ebx
:004229BA 8B5330
:004229BD 8B30
:004229BF
:004229C5
:004229CC
:004229CD
:004229CE
FF9680000000
808B8400000004
5E
5B
C3
:004229CF 90

pop esi
pop ebx
ret
nop

|:0041D329 , :0041D8EE , :0041E050 , :0041E3FE , :0042A3E5
|:00437FAE , :00438269 , :004404F5
|
:004229D0 53
push ebx
:004229D1 56
push esi
:004229D2 8BD8
mov ebx, eax
:004229D4 8B4338
:004229D7 50
push eax
:004229D8 52
push edx
:004229D9 8B4B34
:004229DC 8BC3
mov eax, ebx
:004229DE 8B5330
:004229E1 8B30
:004229E3 FF9680000000
:004229E9 808B8400000008
:004229F0 5E
pop esi
:004229F1 5B
pop ebx
:004229F2 C3
ret
:004229F3 90
nop

|:00439749
|
:004229F4 55
push ebp
:004229F5 8BEC
mov ebp, esp
:004229F7 83C4EC
add esp, FFFFFFEC
:004229FA 53
push ebx
:004229FB 56
push esi
:004229FC 57
push edi
:004229FD 8BF1
mov esi, ecx
:004229FF 8D7DEC
:00422A02 B904000000
mov ecx, 00000004
:00422A07 F3
repz
:00422A08 A5
movsd
:00422A09 8BF2
mov esi, edx
:00422A0B 8945FC
:00422A0E 8B45FC
:00422A11 3BB08C000000
:00422A17 7444
je 00422A5D
:00422A19 8B45FC
:00422A1C 8B808C000000
:00422A22 85C0
test eax, eax
:00422A24 7417
je 00422A3D
:00422A26 83B83401000000
cmp dword ptr [eax+00000134], 00000000
:00422A2D 740E
je 00422A3D
:00422A2F 8B8034010000
:00422A35 8B55FC
:00422A38 E807A3FEFF
call 0040CD44
|:00422A24(C), :00422A2D(C)
|
:00422A3D 85F6
:00422A3F 741C
:00422A41 83FEFF
:00422A44 7417
:00422A46 83BE3401000000
:00422A4D 740E
:00422A4F 8B8634010000
:00422A55 8B55FC
:00422A58 E803A0FEFF

test esi, esi
je 00422A5D
cmp esi, FFFFFFFF
je 00422A5D
cmp dword ptr [esi+00000134], 00000000
je 00422A5D
call 0040CA60

|:00422A17(C), :00422A3F(C), :00422A44(C), :00422A4D(C)
|
:00422A5D 8B45FC
:00422A60 668148440004
or word ptr [eax+44], 0400
:00422A66 33D2
xor edx, edx
:00422A68 55
push ebp
:00422A69 68F22A4200
push 00422AF2
:00422A6E 64FF32
:00422A71 648922
:00422A74 83FEFF
cmp esi, FFFFFFFF
:00422A77 7411
je 00422A8A
:00422A79 8D4DEC
:00422A7C 8BD6
mov edx, esi
:00422A7E 8B45FC
:00422A81 66BBE7FF
mov bx, FFE7
:00422A85 E86A03FEFF
call 00402DF4
|:00422A77(C)
|
:00422A8A 8B45FC
:00422A8D 8B808C000000
:00422A93 3BF0
:00422A95 7444
:00422A97 8BF8
:00422A99 83FEFF
:00422A9C 7420
:00422A9E 8B45FC
:00422AA1 89B08C000000
:00422AA7 85F6
:00422AA9 741E
:00422AAB 8D4DEC
:00422AAE 8B55FC
:00422AB1 8BC6
:00422AB3 66BBCDFF
:00422AB7 E83803FEFF
:00422ABC EB0B
|:00422A9C(C)
|
:00422ABE 8B45FC
:00422AC1 33D2
:00422AC3 89908C000000

cmp esi, eax
je 00422ADB
mov edi, eax
cmp esi, FFFFFFFF
je 00422ABE
test esi, esi
je 00422AC9
mov eax, esi
mov bx, FFCD
call 00402DF4
jmp 00422AC9

xor edx, edx
|:00422AA9(C), :00422ABC(U)
|
:00422AC9 85FF
:00422ACB 740E
:00422ACD 8B55FC
:00422AD0 8BC7
:00422AD2 66BBC4FF
:00422AD6 E81903FEFF
|:00422A95(C), :00422ACB(C)
|
:00422ADB 33C0
:00422ADD 5A
:00422ADE 59
:00422ADF 59
:00422AE0 648910
test edi, edi

je 00422ADB
mov eax, edi
mov bx, FFC4
call 00402DF4
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:00422AE3 68F92A4200
push 00422AF9
|:00422AF7(U)
|
:00422AE8 8B45FC
:00422AEB 66816044FFFB
:00422AF1 C3
:00422AF2
:00422AF7
:00422AF9
:00422AFA
:00422AFB
:00422AFC
:00422AFE
:00422AFF
jmp
jmp
pop
pop
pop
mov
pop
ret
E98107FEFF
EBEF
5F
5E
5B
8BE5
5D
C3

and word ptr [eax+44], FBFF
ret
00403278
00422AE8
edi
esi
ebx
esp, ebp
ebp

|:004397BB
|
:00422B00 53
push ebx
:00422B01 56
push esi
:00422B02 57
push edi
:00422B03 8BF9
mov edi, ecx
:00422B05 8BF2
mov esi, edx
:00422B07 8BD8
mov ebx, eax
:00422B09 8BC3
mov eax, ebx
:00422B0B 8B15CCF94100
:00422B11 E87A02FEFF
call 00402D90
:00422B16 84C0
test al, al
:00422B18 750C
jne 00422B26
:00422B1A 33C9
xor ecx, ecx
:00422B1C 8A5347
:00422B1F 8BC3
mov eax, ebx
:00422B21 E8AA0A0000
call 004235D0
|:00422B18(C)
|
:00422B26 3B7324
:00422B29 740B
:00422B2B 8BD7
:00422B2D 8BC3
:00422B2F E804170000
:00422B34 EB09
|:00422B29(C)
|
:00422B36 8BD7
:00422B38 8BC3
:00422B3A E839000000

je 00422B36
mov edx, edi
mov eax, ebx
call 00424238
jmp 00422B3F
mov edx, edi

mov eax, ebx
call 00422B78

|:00422B34(U)
|
:00422B3F 85F6
test esi, esi
:00422B41 7405
je 00422B48
:00422B43 83FEFF
cmp esi, FFFFFFFF
:00422B46 7509
jne 00422B51
|:00422B41(C)
|
:00422B48 33D2
xor edx, edx
:00422B4A 8BC3
mov eax, ebx
:00422B4C 8B08
:00422B4E FF5164
call [ecx+64]
|:00422B46(C)
|
:00422B51 5F
pop edi
:00422B52 5E
pop esi
:00422B53 5B
pop ebx
:00422B54 C3
ret
:00422B55 8D4000
|:00422551 , :00423590
|:004289D3 , :00428E12
|:0042CE1F , :0043C8EA
|
:00422B58 8B4830
:00422B5B 890A
:00422B5D 8B4834
:00422B60 894A04
:00422B63 8B4830
:00422B66 034838
:00422B69 894A08
:00422B6C 8B4834
:00422B6F 03483C
:00422B72 894A0C

Addresses:
, :00423613
, :0042BD57
, :0043FAF1
mov
mov
mov
mov
mov
add
mov
mov
add
mov
, :00423E7D
, :0042C9A0
, :00425610
, :0042C9AA

dword ptr [edx], ecx
dword ptr [edx+04], ecx
ecx, dword ptr [eax+3C]
dword ptr [edx+0C], ecx
:00422B75 C3
ret
:00422B76 8BC0
mov eax, eax

|:00422B3A , :00424D2D , :004256B9 , :0042AED8 , :0042B2CD
|:004410A2
|
:00422B78 53
push ebx
:00422B79 56
push esi
:00422B7A 57
push edi
:00422B7B 8B4A08
:00422B7E 8B32
:00422B80 2BCE
sub ecx, esi
:00422B82 51
push ecx
:00422B83 8B4A0C
:00422B86 8B7A04
mov edi, dword ptr [edx+04]
:00422B89 2BCF
sub ecx, edi
:00422B8B 51
push ecx
:00422B8C 8BCF
mov ecx, edi
:00422B8E 8BD6
mov edx, esi
:00422B90 8B18
:00422B92 FF9380000000
:00422B98 5F
pop edi
:00422B99 5E
pop esi
:00422B9A 5B
pop ebx
:00422B9B C3
ret
:00422B9C
:00422B9E
:00422BA0
:00422BA2
:00422BA5
:00422BA8
:00422BAB
:00422BAE
:00422BB1
33C9
890A
33C9
894A04
8B4838
894A08
8B403C
89420C
C3
:00422BB2 8BC0
|:00422C1B , :00423F75
|:004291EE , :0042924A
|:00437924 , :00437C4B
|:00437E9B , :004389D8
|:0043B90B , :004410D2
|
:00422BB4 53
:00422BB5 83C4F0
:00422BB8 8BD8
:00422BBA 8BD4
:00422BBC 8BC3
:00422BBE 8B08
:00422BC0 FF5144
:00422BC3 8B442408
:00422BC7 83C410
:00422BCA 5B
xor
mov
xor
mov
mov
mov
mov
mov
ret
ecx, ecx
ecx, ecx
eax, dword ptr [eax+3C]
dword ptr [edx+0C], eax
mov eax, eax

Addresses:
, :004257DC
, :0042BE46
, :00437C59
, :0043A354
, :00441133
,
,
,
,
:00425C4C
:0042BE91
:00437C66
:0043AB0E
,
,
,
,
:004291E3
:0043709D
:00437C78
:0043B848
push ebx
add esp, FFFFFFF0
mov ebx, eax
mov edx, esp
mov eax, ebx
call [ecx+44]
add esp, 00000010
pop ebx
:00422BCB C3
ret

|:00424C91 , :004387D0 , :00438D48
|
:00422BCC 53
push ebx
:00422BCD 56
push esi
:00422BCE 83C4F8
add esp, FFFFFFF8
:00422BD1 8BF2
mov esi, edx
:00422BD3 8BD8
mov ebx, eax
:00422BD5 8BC3
mov eax, ebx
:00422BD7 E81C000000
call 00422BF8
:00422BDC 8BD0
mov edx, eax
:00422BDE 8BCC
mov ecx, esp
:00422BE0 8BC6
mov eax, esi
:00422BE2 E89995FEFF
call 0040C180
:00422BE7 8BD4
mov edx, esp
:00422BE9 8BC3
mov eax, ebx
:00422BEB E8D8030000
call 00422FC8
:00422BF0 59
pop ecx
:00422BF1 5A
pop edx
:00422BF2 5E
pop esi
:00422BF3 5B
pop ebx
:00422BF4 C3
ret
:00422BF5 8D4000
|:00422BD7 , :00423F68
|:00429257 , :0042BE39
|:00437CB5 , :00437CC2
|:0043A34C , :0043AB17
|
:00422BF8 53
:00422BF9 83C4F0
:00422BFC 8BD8
:00422BFE 8BD4
:00422C00 8BC3
:00422C02 8B08
:00422C04 FF5144
:00422C07 8B44240C
:00422C0B 83C410
:00422C0E 5B
:00422C0F C3

Addresses:
, :0042577B
, :0042BEC8
, :00437CD5
, :0043B864
,
,
,
,
:00429224
:0043707B
:00437E80
:0043B927
, :0042922F
, :00437CA7
, :004389CD
push ebx
add esp, FFFFFFF0
mov ebx, eax
mov edx, esp
mov eax, ebx
call [ecx+44]
add esp, 00000010
pop ebx
ret

|:00424CA0 , :004387E7 , :00438D78
|
:00422C10 53
push ebx
:00422C11 56
push esi
:00422C12 83C4F8
add esp, FFFFFFF8
:00422C15 8BF2
mov esi, edx
:00422C17 8BD8
mov ebx, eax
:00422C19 8BC3
mov eax, ebx
:00422C1B E894FFFFFF
call 00422BB4
:00422C20
:00422C22
:00422C24
:00422C29
:00422C2B
:00422C2D
:00422C32
:00422C33
:00422C34
:00422C35
:00422C36
8BCC
8BD6
E85795FEFF
8BD4
8BC3
E896030000
59
5A
5E
5B
C3
mov ecx, esp

mov edx, esi
call 0040C180
mov edx, esp
mov eax, ebx
call 00422FC8
pop ecx
pop edx
pop esi
pop ebx
ret
:00422C37
:00422C38
:00422C39
:00422C3B
:00422C3E
:00422C3F
:00422C40
:00422C42
:00422C45
:00422C47
:00422C49
:00422C4B
:00422C4C
:00422C51
:00422C54
:00422C57
:00422C5B
:00422C5D
:00422C60
:00422C63
:00422C67
:00422C6A
:00422C6B
:00422C6D
:00422C70
:00422C75
:00422C7A
:00422C7D
:00422C7F
:00422C84
:00422C89
90
55
8BEC
83C4F4
53
56
33C9
894DF4
8BF2
8BD8
33C0
55
68B92C4200
64FF30
648920
837B2400
7531
8B4308
8945F8
C645FC0B
8D45F8
50
6A00
8D55F4
A1582C4400
E8AA21FEFF
8B4DF4
B201
A1F4B44000
E81F5CFEFF
E82206FEFF
nop
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
xor ecx, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 00422CB9
jne 00422C8E
mov [ebp-04], 0B
push eax
push 00000000
call 00404E24
mov dl, 01
call 004088A8
call 004032B0

|:00422C5B(C)
|
:00422C8E 8BD6
mov edx, esi
:00422C90 8B4324
:00422C93 8B08
:00422C95 FF5140
call [ecx+40]
:00422C98 8B4330
:00422C9B 0106
:00422C9D 8B4334
:00422CA0 014604
:00422CA3 33C0
xor eax, eax
:00422CA5 5A
pop edx
:00422CA6 59
pop ecx
:00422CA7 59
pop ecx
:00422CA8 648910
:00422CAB 68C02C4200

push 00422CC0
|:00422CBE(U)
|
:00422CB0 8D45F4
:00422CB3 E8000BFEFF
:00422CB8 C3
:00422CB9
:00422CBE
:00422CC0
:00422CC1
:00422CC2
:00422CC4
:00422CC5
jmp
jmp
pop
pop
mov
pop
ret
E9BA05FEFF
EBF0
5E
5B
8BE5
5D
C3
:00422CC6 8BC0
|:004218E1 , :00423DAD
|:00437BE5 , :00437C0F
|:0043F742 , :0043FCE5
|
:00422CC8 53
:00422CC9 56
:00422CCA 57
:00422CCB 83C4F8
:00422CCE 8BF9
:00422CD0 8BF2
:00422CD2 8BD8
:00422CD4 8BD4
:00422CD6 8BC3
:00422CD8 8B08
:00422CDA FF5140
:00422CDD 8B06
:00422CDF 030424
:00422CE2 8907
:00422CE4 8B4604
:00422CE7 03442404
:00422CEB 894704
:00422CEE 59
:00422CEF 5A
:00422CF0 5F
:00422CF1 5E
:00422CF2 5B
:00422CF3 C3
* Referenced
|:00421494
|:00426A8E
|:00437C1E
|
:00422CF4 53
:00422CF5 56

call 004037B8
ret
00403278
00422CB0
esi
ebx
esp, ebp
ebp
mov eax, eax

Addresses:
, :004246D4
, :0043B501
, :0043FD0C
, :00424CDC
, :0043B546
, :0042CA29
, :0043F6F7
push ebx
push esi
push edi
add esp, FFFFFFF8
mov edi, ecx
mov esi, edx
mov ebx, eax
mov edx, esp
mov eax, ebx
call [ecx+40]
add eax, dword ptr [esp]
add eax, dword ptr [esp+04]
pop ecx
pop edx
pop edi
pop esi
pop ebx
ret
, :004215B9 , :00421CBA
, :004274D3 , :0042862B
, :0043FB88
, :00423874
, :0042CD31
push ebx
push esi
, :00423C77
, :00437BF4
:00422CF6
:00422CF7
:00422CFA
:00422CFC
:00422CFE
:00422D00
:00422D02
:00422D04
:00422D06
:00422D09
:00422D0B
:00422D0E
:00422D10
:00422D13
:00422D17
:00422D1A
:00422D1B
:00422D1C
:00422D1D
:00422D1E
:00422D1F
57
83C4F8
8BF9
8BF2
8BD8
8BD4
8BC3
8B08
FF5140
8B06
2B0424
8907
8B4604
2B442404
894704
59
5A
5F
5E
5B
C3
push edi
add esp, FFFFFFF8
mov edi, ecx
mov esi, edx
mov ebx, eax
mov edx, esp
mov eax, ebx
call [ecx+40]
pop ecx
pop edx
pop edi
pop esi
pop ebx
ret

|:004245CE , :0042461A , :00424637 , :004246B6
|
:00422D20 53
push ebx
:00422D21 56
push esi
:00422D22 8BF2
mov esi, edx
:00422D24 8B5824
:00422D27 85DB
test ebx, ebx
:00422D29 7421
je 00422D4C
|:00422D4A(C)
|
:00422D2B 8BC3
:00422D2D 8B153C504300
:00422D33 E85800FEFF
:00422D38 84C0
:00422D3A 7409
:00422D3C 8BD6
:00422D3E 8BC3
:00422D40 E8AB7C0100

mov eax, ebx
call 00402D90
test al, al
je 00422D45
mov edx, esi
mov eax, ebx
call 0043A9F0

|:00422D3A(C)
|
:00422D45 8B5B24
:00422D48 85DB
test ebx, ebx
:00422D4A 75DF
jne 00422D2B
|:00422D29(C)
|
:00422D4C 5E
pop esi
:00422D4D 5B
pop ebx
:00422D4E C3
ret
:00422D4F 90
nop

|:0042437E , :00424408 , :00426C46
|
:00422D50 55
push ebp
:00422D51 8BEC
mov ebp, esp
:00422D53 83C4F0
add esp, FFFFFFF0
:00422D56 53
push ebx
:00422D57 56
push esi
:00422D58 57
push edi
:00422D59 894DFC
:00422D5C 8BFA
mov edi, edx
:00422D5E 8BD8
mov ebx, eax
:00422D60 8BB38C000000
:00422D66 85F6
test esi, esi
:00422D68 743C
je 00422DA6
:00422D6A 833D3437440000
cmp dword ptr [00443734], 00000000
:00422D71 7533
jne 00422DA6
:00422D73 A0B02D4200
mov al, byte ptr [00422DB0]
:00422D78 224320
:00422D7B 8A15B42D4200
mov dl, byte ptr [00422DB4]
:00422D81 3AD0
cmp dl, al
:00422D83 7521
jne 00422DA6
:00422D85 897DF0
:00422D88 8B45FC
:00422D8B 8945F4
:00422D8E 8B4508
:00422D91 8945F8
:00422D94 8D45F0
:00422D97 50
push eax
:00422D98 8BCB
mov ecx, ebx
:00422D9A BA42B00000
mov edx, 0000B042
:00422D9F 8BC6
mov eax, esi
:00422DA1 E8EE130000
call 00424194
|:00422D68(C), :00422D71(C), :00422D83(C)
|
:00422DA6 5F
pop edi
:00422DA7 5E
pop esi
:00422DA8 5B
pop ebx
:00422DA9 8BE5
mov esp, ebp
:00422DAB 5D
pop ebp
:00422DAC C20400
ret 0004
:00422DAF 00
BYTE 0
:00422DB0 0900
:00422DB2 000000000000

BYTE 6 DUP(0)

|:0041E061
|
:00422DB8 50
push eax
:00422DB9
:00422DBB
:00422DC0
:00422DC5
33C9
BA37B00000
E8CF130000
C3
:00422DC6 8BC0
xor ecx, ecx

mov edx, 0000B037
call 00424194
ret
mov eax, eax

|:00428A8A
|
:00422DC8 53
push ebx
:00422DC9 56
push esi
:00422DCA 57
push edi
:00422DCB 55
push ebp
:00422DCC 83C4F4
add esp, FFFFFFF4
:00422DCF 890C24
:00422DD2 8BFA
mov edi, edx
:00422DD4 8BF0
mov esi, eax
:00422DD6 3B3C24
cmp edi, dword ptr [esp]
:00422DD9 0F8415010000
je 00422EF4
:00422DDF F6462001
test [esi+20], 01
:00422DE3 7408
je 00422DED
:00422DE5 8A9E84000000
:00422DEB EB06
jmp 00422DF3
|:00422DE3(C)
|
:00422DED 8A1D082F4200
|:00422DEB(U)
|
:00422DF3 F6C301
test bl, 01
:00422DF6 7412
je 00422E0A
:00422DF8 8B0424
:00422DFB 50
push eax
:00422DFC 57
push edi
:00422DFD 8B4630
:00422E00 50
push eax
|
:00422E01 E85A2FFEFF
Call 00405D60
:00422E06 8BE8
mov ebp, eax
:00422E08 EB03
jmp 00422E0D
|:00422DF6(C)
|
:00422E0A 8B6E30
|:00422E08(U)
|
:00422E0D F6C302
test bl, 02
:00422E10 7414
je 00422E26
:00422E12 8B0424
:00422E15 50
push eax
:00422E16 57
:00422E17 8B4634
:00422E1A 50
push edi
push eax

|
:00422E1B E8402FFEFF
Call 00405D60
:00422E20 89442404
:00422E24 EB07
jmp 00422E2D
|:00422E10(C)
|
:00422E26 8B4634
:00422E29 89442404
|:00422E24(U)
|
:00422E2D F6C304
:00422E30 7438
:00422E32 F6464101
:00422E36 7532
:00422E38 F6C301
:00422E3B 7419
:00422E3D 8B0424
:00422E40 50
:00422E41 57
:00422E42 8B4630
:00422E45 034638
:00422E48 50

test bl, 04
je 00422E6A
test [esi+41],
jne 00422E6A
test bl, 01
je 00422E56
mov eax, dword
push eax
push edi
mov eax, dword
add eax, dword
push eax
01
ptr [esp]
ptr [esi+30]
ptr [esi+38]

|
:00422E49 E8122FFEFF
Call 00405D60
:00422E4E 2BC5
sub eax, ebp
:00422E50 89442408
:00422E54 EB1B
jmp 00422E71
|:00422E3B(C)
|
:00422E56 8B0424
:00422E59 50
push eax
:00422E5A 57
push edi
:00422E5B 8B4638
:00422E5E 50
push eax
|
:00422E5F E8FC2EFEFF
Call 00405D60
:00422E64 89442408
:00422E68 EB07
jmp 00422E71
|:00422E30(C), :00422E36(C)
|
:00422E6A 8B4638
:00422E6D 89442408
|:00422E54(U), :00422E68(U)
|
:00422E71 F6C308
:00422E74 0F95C0
:00422E77 84C0
:00422E79 7437
:00422E7B F6464102
:00422E7F 7531
:00422E81 F6C308
:00422E84 0F95C2
:00422E87 84C0
:00422E89 7417
:00422E8B 8B0424
:00422E8E 50
:00422E8F 57
:00422E90 8B4634
:00422E93 03463C
:00422E96 50

test bl, 08
setne al
test al, al
je 00422EB2
test [esi+41],
jne 00422EB2
test bl, 08
setne dl
test al, al
je 00422EA2
mov eax, dword
push eax
push edi
mov eax, dword
add eax, dword
push eax
02
ptr [esp]
ptr [esi+34]
ptr [esi+3C]

|
:00422E97 E8C42EFEFF
Call 00405D60
:00422E9C 2B442404
:00422EA0 EB13
jmp 00422EB5
|:00422E89(C)
|
:00422EA2 8B0424
:00422EA5 50
push eax
:00422EA6 57
push edi
:00422EA7 8B4634
:00422EAA 50
push eax
|
:00422EAB E8B02EFEFF
Call 00405D60
:00422EB0 EB03
jmp 00422EB5
|:00422E79(C), :00422E7F(C)
|
:00422EB2 8B463C
|:00422EA0(U), :00422EB0(U)
|
:00422EB5 8B542408
:00422EB9 52
:00422EBA 50
:00422EBB 8B4C240C
:00422EBF 8BD5
:00422EC1 8BC6
:00422EC3 8B28
:00422EC5 FF9580000000
:00422ECB 807E4900
:00422ECF 7523
:00422ED1 F6C310
:00422ED4 741E

push edx
push eax
mov edx, ebp
mov eax, esi
call dword ptr [ebp+00000080]
jne 00422EF4
test bl, 10
je 00422EF4
:00422ED6
:00422ED9
:00422EDA
:00422EDB
:00422EDE
:00422EE0
:00422EE5
8B0424
50
57
8B5E58
8BC3
E85B13FFFF
50

push eax
push edi
mov eax, ebx
call 00414240
push eax

|
:00422EE6 E8752EFEFF
Call 00405D60
:00422EEB 8BD0
mov edx, eax
:00422EED 8BC3
mov eax, ebx
:00422EEF E86813FFFF
call 0041425C
|:00422DD9(C), :00422ECF(C), :00422ED4(C)
|
:00422EF4 A00C2F4200
mov al, byte ptr [00422F0C]
:00422EF9 888684000000
:00422EFF 83C40C
add esp, 0000000C
:00422F02 5D
pop ebp
:00422F03 5F
pop edi
:00422F04 5E
pop esi
:00422F05 5B
pop ebx
:00422F06 C3
ret
:00422F07 00
BYTE 0
:00422F08 1F
:00422F09 00000000000000
pop ds
BYTE 7 DUP(0)
:00422F10
:00422F11
:00422F14
:00422F16
:00422F19
:00422F1B
:00422F1D
:00422F21
push ebx
je 00422F26
test dl, dl
je 00422F26
mov bx, FFEF
call 00402DF4
53
3A504C
7410
88504C
84D2
7409
66BBEFFF
E8CEFEFDFF

|:00422F14(C), :00422F1B(C)
|
:00422F26 5B
pop ebx
:00422F27 C3
ret
:00422F28
:00422F29
:00422F2B
:00422F2E
:00422F2F
:00422F30
:00422F31
:00422F33
:00422F36
55
8BEC
83C4F8
53
56
57
33C9
894DF8
8955FC
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
xor ecx, ecx
:00422F39
:00422F3B
:00422F3D
:00422F3E
:00422F43
:00422F46
:00422F49
:00422F4D
:00422F4F
:00422F52
:00422F54
:00422F59
:00422F5C
:00422F5F
:00422F64
:00422F66
:00422F69
:00422F6B
:00422F6D
8BF8
33C0
55
68B82F4200
64FF30
648920
F6474020
7435
8D55F8
8BC7
E84B020000
8B55F8
8B4708
E8E00BFEFF
751E
8B7704
85F6
741B
8BC6
mov edi, eax

xor eax, eax
push ebp
push 00422FB8
test [edi+40], 20
je 00422F84
mov eax, edi
call 004231A4
call 00403B44
jne 00422F84
test esi, esi
je 00422F88
mov eax, esi

|
:00422F6F 8B15BCF44100
:00422F75 E816FEFDFF
call 00402D90
:00422F7A 84C0
test al, al
:00422F7C 740A
je 00422F88
:00422F7E F6462001
test [esi+20], 01
:00422F82 7404
je 00422F88
|:00422F4D(C), :00422F64(C)
|
:00422F84 33DB
xor ebx, ebx
:00422F86 EB02
jmp 00422F8A
|:00422F6B(C), :00422F7C(C), :00422F82(C)
|
:00422F88 B301
mov bl, 01
|:00422F86(U)
|
:00422F8A 8B55FC
:00422F8D 8BC7
:00422F8F E84CEAFEFF
:00422F94 84DB
:00422F96 740A
:00422F98 8B55FC
:00422F9B 8BC7
:00422F9D E832020000

mov eax, edi
call 004119E0
test bl, bl
je 00422FA2
mov eax, edi
call 004231D4

|:00422F96(C)
|
:00422FA2 33C0
xor eax, eax
:00422FA4 5A
pop edx
:00422FA5 59
pop ecx
:00422FA6 59
pop ecx
:00422FA7 648910

|
:00422FAA 68BF2F4200
push 00422FBF
|:00422FBD(U)
|
:00422FAF 8D45F8
:00422FB2 E80108FEFF
:00422FB7 C3
:00422FB8
:00422FBD
:00422FBF
:00422FC0
:00422FC1
:00422FC2
:00422FC3
:00422FC4
:00422FC5
jmp
jmp
pop
pop
pop
pop
pop
pop
ret
E9BB02FEFF
EBF0
5F
5E
5B
59
59
5D
C3
:00422FC6 8BC0

call 004037B8
ret
00403278
00422FAF
edi
esi
ebx
ecx
ecx
ebp
mov eax, eax

|:00422BEB , :00422C2D
|
:00422FC8 53
push ebx
:00422FC9 56
push esi
:00422FCA 57
push edi
:00422FCB 83C4E8
add esp, FFFFFFE8
:00422FCE 8BF2
mov esi, edx
:00422FD0 8D3C24
:00422FD3 A5
movsd
:00422FD4 A5
movsd
:00422FD5 8BD8
mov ebx, eax
:00422FD7 8D542408
:00422FDB 8BC3
mov eax, ebx
:00422FDD 8B08
:00422FDF FF5144
call [ecx+44]
:00422FE2 8B4338
:00422FE5 2B442410
:00422FE9 030424
:00422FEC 50
push eax
:00422FED 8B433C
:00422FF0 2B442418
:00422FF4 03442408
:00422FF8 50
push eax
:00422FF9 8B4B34
:00422FFC 8B5330
:00422FFF 8BC3
mov eax, ebx
:00423001 8B18
:00423003 FF9380000000
:00423009 83C418
add esp, 00000018
:0042300C 5F
pop edi
:0042300D 5E
pop esi
:0042300E 5B
pop ebx
:0042300F C3
ret

|:00438E50
|
:00423010 55
push ebp
:00423011 8BEC
mov ebp, esp
:00423013 6A00
push 00000000
:00423015 53
push ebx
:00423016 56
push esi
:00423017 8BF2
mov esi, edx
:00423019 8BD8
mov ebx, eax
:0042301B 33C0
xor eax, eax
:0042301D 55
push ebp
:0042301E 6886304200
push 00423086
:00423023 64FF30
:00423026 648920
:00423029 8B4324
:0042302C 3BF0
cmp esi, eax
:0042302E 7440
je 00423070
:00423030 3BD8
cmp ebx, eax
:00423032 7521
jne 00423055
:00423034 8D55FC
:00423037 A15C2C4400
:0042303C E8E31DFEFF
call 00404E24
:00423041 8B4DFC
:00423044 B201
mov dl, 01
:00423046 A1F4B44000
:0042304B E81C58FEFF
call 0040886C
:00423050 E85B02FEFF
call 004032B0
|:00423032(C)
|
:00423055 8B4324
:00423058 85C0
:0042305A 7407
:0042305C 8BD3
:0042305E E86D2F0000
|:0042305A(C)
|
:00423063 85F6
:00423065 7409
:00423067 8BD3
:00423069 8BC6
:0042306B E88C2E0000
|:0042302E(C), :00423065(C)
|
:00423070 33C0
:00423072 5A
:00423073 59
:00423074 59
:00423075 648910

test eax, eax
je 00423063
mov edx, ebx
call 00425FD0
test esi, esi

je 00423070
mov edx, ebx
mov eax, esi
call 00425EFC
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx
:00423078 688D304200
|
push 0042308D
|:0042308B(U)
|
:0042307D 8D45FC
:00423080 E83307FEFF
:00423085 C3
:00423086
:0042308B
:0042308D
:0042308E
:0042308F
:00423090
:00423091
jmp
jmp
pop
pop
pop
pop
ret
E9ED01FEFF
EBF0
5E
5B
59
5D
C3
:00423092 8BC0

call 004037B8
ret
00403278
0042307D
esi
ebx
ecx
ebp
mov eax, eax

|:00422402 , :00424E28 , :0042B96E , :0042CD05 , :00438DBE
|:0043C9EF
|
:00423094 53
push ebx
:00423095 56
push esi
:00423096 51
push ecx
:00423097 881424
:0042309A 8BF0
mov esi, eax
:0042309C 8A4647
:0042309F 3A0424
cmp al, byte ptr [esp]
:004230A2 7430
je 004230D4
:004230A4 8BC6
mov eax, esi
:004230A6 66BBD3FF
mov bx, FFD3
:004230AA E845FDFDFF
call 00402DF4
:004230AF 8A0424
:004230B2 884647
:004230B5 6A00
push 00000000
:004230B7 33C9
xor ecx, ecx
:004230B9 8A4C2404
:004230BD BA0BB00000
mov edx, 0000B00B
:004230C2 8BC6
mov eax, esi
:004230C4 E8CB100000
call 00424194
:004230C9 8BC6
mov eax, esi
:004230CB 66BBD6FF
mov bx, FFD6
:004230CF E820FDFDFF
call 00402DF4
|:004230A2(C)
|
:004230D4 5A
pop edx
:004230D5 5E
pop esi
:004230D6 5B
pop ebx
:004230D7 C3
ret
:004230D8 3A5048
:004230DB 7411

je 004230EE
:004230DD
:004230E0
:004230E2
:004230E4
:004230E9
885048
6A00
33C9
BA0CB00000
E8A6100000

push 00000000
xor ecx, ecx
mov edx, 0000B00C
call 00424194

|:004230DB(C)
|
:004230EE C3
ret
:004230EF 90
nop
|:0041DC7F , :0041DD27 , :004231AD , :004264CF
|:0043C94D
|
:004230F0 6A00
push 00000000
:004230F2 33C9
xor ecx, ecx
:004230F4 BA0E000000
mov edx, 0000000E
:004230F9 E896100000
call 00424194
:004230FE C3
ret
:004230FF 90
, :0043C6E4
nop

|:0041DCAA , :0041DD52 , :004231CA , :00426504
|:0043C976
|
:00423100 52
push edx
:00423101 BA0D000000
mov edx, 0000000D
:00423106 E889100000
call 00424194
:0042310B C3
ret
, :0043C70C

|:00423141 , :004239CC , :00423DC0 , :0042B291
|
:0042310C 8B9094000000
:00423112 85D2
test edx, edx
:00423114 7E03
jle 00423119
:00423116 8BC2
mov eax, edx
:00423118 C3
ret

|:00423114(C)
|
:00423119 8B403C
:0042311C C3
ret
:0042311D 8D4000

|:00423155 , :004239C2 , :00423DCC , :0042B282
|
:00423120 8B9090000000
:00423126
:00423128
:0042312A
:0042312C
85D2
7E03
8BC2
C3
test edx, edx

jle 0042312D
mov eax, edx
ret

|:00423128(C)
|
:0042312D 8B4038
:00423130 C3
ret
:00423131 8D4000

|:0042BEB9 , :0042BED1 , :0042BEDF
|
:00423134 8B909C000000
:0042313A 85D2
test edx, edx
:0042313C 7E03
jle 00423141
:0042313E 8BC2
mov eax, edx
:00423140 C3
ret

|:0042313C(C)
|
call 0042310C
:00423146 C3
ret
:00423147 90
nop

|:0042BE82 , :0042BE9A , :0042BEA7
|
:00423148 8B9098000000
:0042314E 85D2
test edx, edx
:00423150 7E03
jle 00423155
:00423152 8BC2
mov eax, edx
:00423154 C3
ret

|:00423150(C)
|
call 00423120
:0042315A C3
ret
:0042315B 90
nop

|:004227FE
|
:0042315C 53
push ebx
:0042315D
:0042315E
:00423160
:00423162
:00423165
:00423167
:00423169
:0042316B
:0042316D
:00423172
:00423174
:00423176
56
8BF2
8BD8
897370
85F6
7412
8BD3
8BC6
E8A6030100
8BD3
8BC6
E815E4FEFF
push esi
mov esi, edx
mov ebx, eax
test esi, esi
je 0042317B
mov edx, ebx
mov eax, esi
call 00433518
mov edx, ebx
mov eax, esi
call 00411590

|:00423167(C)
|
:0042317B 5E
pop esi
:0042317C 5B
pop ebx
:0042317D C3
ret
:0042317E 8BC0
mov eax, eax

|:0041DAE2 , :0042320E
|
:00423180 53
push ebx
:00423181 8BD8
mov ebx, eax
:00423183 52
push edx
:00423184 33C9
xor ecx, ecx
:00423186 8BC3
mov eax, ebx
:00423188 BA0C000000
mov edx, 0000000C
:0042318D E802100000
call 00424194
:00423192 6A00
push 00000000
:00423194 33C9
xor ecx, ecx
:00423196 BA12B00000
mov edx, 0000B012
:0042319B 8BC3
mov eax, ebx
:0042319D E8F20F0000
call 00424194
:004231A2 5B
pop ebx
:004231A3 C3
ret
|:0041D366 , :0041D84B
|:00422F54 , :004231F2
|:0042A3A7 , :0042A3CB
|:00441732
|
:004231A4 53
:004231A5 56
:004231A6 57
:004231A7 8BFA
:004231A9 8BF0
:004231AB 8BC6
:004231AD E83EFFFFFF
:004231B2 8BD8
:004231B4 8BC7
:004231B6 8BCB
:004231B8 33D2
Addresses:
, :0041DAD1
, :00424DD6
, :0042CE6B
, :0041E5CA
, :00424FB8
, :0044170F
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov eax, esi
call 004230F0
mov ebx, eax
mov eax, edi
mov ecx, ebx
xor edx, edx
, :0042227B
, :0042A2CD
, :00441721
:004231BA
:004231BF
:004231C1
:004231C3
:004231C6
:004231C8
:004231CA
E8DD06FEFF
85DB
740C
8D4B01
8B17
8BC6
E831FFFFFF
call 0040389C
test ebx, ebx
je 004231CF
lea ecx, dword ptr [ebx+01]
mov eax, esi
call 00423100

|:004231C1(C)
|
:004231CF 5F
pop edi
:004231D0 5E
pop esi
:004231D1 5B
pop ebx
:004231D2 C3
ret
:004231D3 90
nop

|:0042239E , :00422F9D , :00424DE6 , :0042A449 , :0043C716
|:0043C980 , :00440FE9 , :00441005 , :00441098 , :004411A6
|
:004231D4 55
push ebp
:004231D5 8BEC
mov ebp, esp
:004231D7 6A00
push 00000000
:004231D9 53
push ebx
:004231DA 56
push esi
:004231DB 8BF2
mov esi, edx
:004231DD 8BD8
mov ebx, eax
:004231DF 33C0
xor eax, eax
:004231E1 55
push ebp
:004231E2 6829324200
push 00423229
:004231E7 64FF30
:004231EA 648920
:004231ED 8D55FC
:004231F0 8BC3
mov eax, ebx
:004231F2 E8ADFFFFFF
call 004231A4
:004231F7 8B45FC
:004231FA 8BD6
mov edx, esi
:004231FC E84309FEFF
call 00403B44
:00423201 7410
je 00423213
:00423203 8BC6
mov eax, esi
:00423205 E8EE09FEFF
call 00403BF8
:0042320A 8BD0
mov edx, eax
:0042320C 8BC3
mov eax, ebx
call 00423180
|:00423201(C)
|
:00423213 33C0
xor eax, eax
:00423215 5A
pop edx
:00423216 59
pop ecx
:00423217 59
pop ecx
:00423218 648910
|
:0042321B 6830324200
push 00423230
|:0042322E(U)
|
:00423220 8D45FC
:00423223 E89005FEFF
:00423228 C3
:00423229
:0042322E
:00423230
:00423231
:00423232
:00423233
:00423234
E94A00FEFF
EBF0
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
ret
:00423235
:00423238
:0042323B
:0042323D
:00423240
:00423244
:00423246
:00423248
:0042324D
8D4000
3A504F
7415
88504F
C6405000
6A00
33C9
BA3CB00000
E8420F0000

cmp dl, byte ptr [eax+4F]
je 00423252
mov byte ptr [eax+4F], dl
mov [eax+50], 00
push 00000000
xor ecx, ecx
mov edx, 0000B03C
call 00424194

call 004037B8
ret
00403278
00423220
esi
ebx
ecx
ebp
|:0042323B(C)
|
:00423252 C3
:00423253 90
:00423254 53
:00423255 8BD8
:00423257 C6434900
:0042325B C6434600
:0042325F 8B4358
:00423262 E8350FFFFF
:00423267 3B4378
:0042326A 7412
:0042326C 808B8400000010
:00423273 8B4358
:00423276 E8210FFFFF
:0042327B 894378
|:0042326A(C)
|
:0042327E 6A00
:00423280 33C9
:00423282 BA0EB00000
:00423287 8BC3
:00423289 E8060F0000
:0042328E 5B
:0042328F C3
ret
nop
push ebx
mov ebx, eax
mov [ebx+49], 00
mov [ebx+46], 00
call 0041419C
je 0042327E
call 0041419C
push 00000000
xor ecx, ecx
mov edx, 0000B00E
mov eax, ebx
call 00424194
pop ebx
ret
|:00424BAC , :00424BBB
|
:00423290 56
:00423291 8BF0
:00423293 8B4658
:00423296 8B08
:00423298 FF5108
:0042329B 5E
:0042329C C3
:0042329D
:004232A0
:004232A4
:004232A6
:004232AA
8D4000
80784900
7506
80784600
7403
, :00424BDD
push esi
mov esi, eax
call [ecx+08]
pop esi
ret
jne 004232AC
je 004232AF

|:004232A4(C)
|
:004232AC 33C0
xor eax, eax
:004232AE C3
ret

|:004232AA(C)
|
:004232AF B001
mov al, 01
:004232B1 C3
ret
:004232B2
:004232B4
:004232BA
:004232BC
8BC0
8A8086000000
3401
C3
mov eax, eax

xor al, 01
ret
:004232BD
:004232C0
:004232C3
:004232C5
8D4000
8A4050
3401
C3

xor al, 01
ret
:004232C6 8BC0
mov eax, eax

|:00438284 , :0043891D
|
:004232C8 3A5049
:004232CB 7417
je 004232E4
:004232CD 885049
:004232D0 83782400
:004232D4 740E
je 004232E4
:004232D6 6A00
push 00000000
:004232D8 33C9
xor ecx, ecx
:004232DA BA08B00000
mov edx, 0000B008
:004232DF E8B00E0000
call 00424194
|:004232CB(C), :004232D4(C)
|
:004232E4 C3
:004232E5 8D4000
ret

|:00424B87
|
:004232E8 3A9085000000
:004232EE 741B
je 0042330B
:004232F0 889085000000
:004232F6 C6808600000000
mov byte ptr [eax+00000086], 00
:004232FD 6A00
push 00000000
:004232FF 33C9
xor ecx, ecx
:00423301 BA22B00000
mov edx, 0000B022
:00423306 E8890E0000
call 00424194
|:004232EE(C)
|
:0042330B C3
:0042330C 3A9086000000
:00423312 741A
:00423314 889086000000
:0042331A 83782400
:0042331E 740E
:00423320 6A00
:00423322 33C9
:00423324 BA23B00000
:00423329 E8660E0000

ret
je 0042332E
je 0042332E
push 00000000
xor ecx, ecx
mov edx, 0000B023
call 00424194

|:00423312(C), :0042331E(C)
|
:0042332E C3
ret
:0042332F 90
nop
|:00424B1C , :00424B2B , :0042A12F , :00439993 , :00439D36
|:00439D51 , :0043F28C , :0043FD2D
|
:00423330 3B5064
:00423333 7415
je 0042334A
:00423335 895064
:00423338 C6404A00
mov [eax+4A], 00
:0042333C 6A00
push 00000000
:0042333E 33C9
xor ecx, ecx
:00423340 BA0DB00000
mov edx, 0000B00D
:00423345 E84A0E0000
call 00424194
|:00423333(C)
|
:0042334A C3
ret
:0042334B 90
nop
:0042334C 8A404A
:0042334F 3401
xor al, 01
:00423351 C3
ret
:00423352 8BC0
mov eax, eax

|:0041D900 , :0043827B
|
:00423354 3A504A
cmp dl, byte ptr [eax+4A]
:00423357 7417
je 00423370
:00423359 88504A
mov byte ptr [eax+4A], dl
:0042335C 83782400
:00423360 740E
je 00423370
:00423362 6A00
push 00000000
:00423364 33C9
xor ecx, ecx
:00423366 BA09B00000
mov edx, 0000B009
:0042336B E8240E0000
call 00424194
|:00423357(C), :00423360(C)
|
:00423370 C3
ret
:00423371 8D4000
|:00438D06
|
:00423374 3A5050
:00423377 7417
je 00423390
:00423379 885050
:0042337C 83782400
:00423380 740E
je 00423390
:00423382 6A00
push 00000000
:00423384 33C9
xor ecx, ecx
:00423386 BA3DB00000
mov edx, 0000B03D
:0042338B E8040E0000
call 00424194
|:00423377(C), :00423380(C)
|
:00423390 C3
:00423391 8D4000
:00423394 663B506C
:00423398 7412
:0042339A 6689506C
:0042339E 6A00
:004233A0 33C9
:004233A2 BA0FB00000
:004233A7 E8E80D0000

ret
cmp dx, word ptr [eax+6C]
je 004233AC
push 00000000
xor ecx, ecx
mov edx, 0000B00F
call 00424194

|:00423398(C)
|
:004233AC C3
ret
:004233AD 8D4000
|:004233C8 , :004249E8
|
:004233B0 53
push ebx
:004233B1 8BD8
mov ebx, eax
:004233B3 E84CD3FFFF
call 00420704
:004233B8 3BD8
cmp ebx, eax
:004233BA 0F94C0
:004233BD 5B
:004233BE C3
sete al
pop ebx
ret
:004233BF 90
nop

|:004245E6 , :0042464F , :00424931 , :004249F5
|
:004233C0 53
push ebx
:004233C1 56
push esi
:004233C2 8BDA
mov ebx, edx
:004233C4 8BF0
mov esi, eax
:004233C6 8BC6
mov eax, esi
:004233C8 E8E3FFFFFF
call 004233B0
:004233CD 3AD8
cmp bl, al
:004233CF 7414
je 004233E5
:004233D1 84DB
test bl, bl
:004233D3 7409
je 004233DE
:004233D5 8BC6
mov eax, esi
:004233D7 E850D3FFFF
call 0042072C
:004233DC EB07
jmp 004233E5
|:004233D3(C)
|
:004233DE 33C0
xor eax, eax
:004233E0 E847D3FFFF
call 0042072C
|:004233CF(C), :004233DC(U)
|
:004233E5 5E
:004233E6 5B
:004233E7 C3

pop esi
pop ebx
ret

|:00427AD4 , :00427B78 , :0043BA40 , :0043BE86
|
:004233E8 53
push ebx
:004233E9 B201
mov dl, 01
:004233EB 66BBD4FF
mov bx, FFD4
:004233EF E800FAFDFF
call 00402DF4
:004233F4 5B
pop ebx
:004233F5 C3
ret
:004233F6 8BC0
mov eax, eax

|:0042348D , :00423496 , :004295B8
|
:004233F8 53
push ebx
:004233F9 56
push esi
:004233FA 57
push edi
:004233FB 8BF2
mov esi, edx
:004233FD 8BD8
mov ebx, eax
:004233FF
:00423402
:00423404
:00423406
:0042340C
:0042340E
:00423413
:00423415
:00423417
:0042341A
:00423420
:00423423
:00423425
:00423427
8B4324
85C0
746C
8B8028010000
8BD3
E8FD97FEFF
85C0
7C5B
8B5324
8BBA28010000
8B5708
85F6
7D02
33F6
mov eax, dword

test eax, eax
je 00423472
mov eax, dword
mov edx, ebx
call 0040CC10
test eax, eax
jl 00423472
mov edx, dword
mov edi, dword
mov edx, dword
test esi, esi
jge 00423429
xor esi, esi
ptr [ebx+24]
ptr [eax+00000128]
ptr [ebx+24]
ptr [edx+00000128]
ptr [edi+08]

|:00423425(C)
|
:00423429 3BD6
cmp edx, esi
:0042342B 7F03
jg 00423430
:0042342D 8BF2
mov esi, edx
:0042342F 4E
dec esi
|:0042342B(C)
|
:00423430 3BC6
:00423432 743E
:00423434 8BD7
:00423436 92
:00423437 E86096FEFF
:0042343C 8B4324
:0042343F 8B8028010000
:00423445 8BCB
:00423447 8BD6
:00423449 E8E297FEFF
:0042344E B101
:00423450 8A5347
:00423453 8BC3
:00423455 E876010000
:0042345A 8BC3
:0042345C E8D7370100
:00423461 F6404404
:00423465 740B
:00423467 B201
:00423469 66BBD7FF
:0042346D E882F9FDFF

cmp eax, esi
je 00423472
mov edx, edi
xchg eax,edx
call 0040CA9C
mov ecx, ebx
mov edx, esi
call 0040CC30
mov cl, 01
mov eax, ebx
call 004235D0
mov eax, ebx
call 00436C38
test [eax+44], 04
je 00423472
mov dl, 01
mov bx, FFD7
call 00402DF4

|:00423404(C), :00423415(C), :00423432(C), :00423465(C)
|
:00423472 5F
pop edi
:00423473 5E
pop esi
:00423474 5B
pop ebx
:00423475 C3
ret
:00423476 8BC0
:00423478 8B4824
:0042347B 85C9
mov eax, eax

test ecx, ecx
:0042347D
:0042347F
:00423481
:00423483
:00423489
:0042348C
:0042348D
:00423492
741C
84D2
7411
8B9128010000
8B5208
4A
E866FFFFFF
EB07
je 0042349B
test dl, dl
je 00423494
mov edx, dword ptr [ecx+00000128]
dec edx
call 004233F8
jmp 0042349B

|:00423481(C)
|
:00423494 33D2
xor edx, edx
:00423496 E85DFFFFFF
call 004233F8
|:0042347D(C), :00423492(U)
|
:0042349B C3
:0042349C 55
:0042349D 8BEC
:0042349F 83C4F4
:004234A2 53
:004234A3 56
:004234A4 33C9
:004234A6 894DF4
:004234A9 8BD8
:004234AB 33C0
:004234AD 55
:004234AE 6832354200
:004234B3 64FF30
:004234B6 648920
:004234B9 837B2400
:004234BD 7531
:004234BF 8B4308
:004234C2 8945F8
:004234C5 C645FC0B
:004234C9 8D45F8
:004234CC 50
:004234CD 6A00
:004234CF 8D55F4
:004234D2 A1582C4400
:004234D7 E84819FEFF
:004234DC 8B4DF4
:004234DF B201
:004234E1 A1F4B44000
:004234EB E8C0FDFDFF

ret
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
xor ecx, ecx
mov ebx, eax
xor eax, eax
push ebp
push 00423532
jne 004234F0
mov [ebp-04], 0B
push eax
push 00000000
call 00404E24
mov dl, 01
call 004088A8
call 004032B0

|:004234BD(C)
|
:004234F0 8B4324
:004234F3 8B08
:004234F5 FF5148
call [ecx+48]
:004234F8 8BF0
mov esi, eax
:004234FA 6A00
push 00000000
:004234FC 8B4334
:004234FF 50
push eax
:00423500 8B4330
:00423503 50
:00423504 56
push eax
push esi
* Reference To: gdi32.SetViewportOrgEx, Ord:0000h

|
:00423505 E8B62AFEFF
Call 00405FC0
:0042350A 8B433C
:0042350D 50
push eax
:0042350E 8B4338
:00423511 50
push eax
:00423512 6A00
push 00000000
:00423514 6A00
push 00000000
:00423516 56
push esi
|
:00423517 E8F429FEFF
Call 00405F10
:0042351C 33C0
xor eax, eax
:0042351E 5A
pop edx
:0042351F 59
pop ecx
:00423520 59
pop ecx
:00423521 648910
:00423524 6839354200
push 00423539
|:00423537(U)
|
:00423529 8D45F4
:0042352C E88702FEFF
:00423531 C3
:00423532
:00423537
:00423539
:0042353B
:0042353C
:0042353D
:0042353F
:00423540
jmp
jmp
mov
pop
pop
mov
pop
ret
E941FDFDFF
EBF0
8BC6
5E
5B
8BE5
5D
C3
:00423541 8D4000

call 004037B8
ret
00403278
00423529
eax, esi
esi
ebx
esp, ebp
ebp

|:0042362B
|
:00423544 55
push ebp
:00423545 8BEC
mov ebp, esp
:00423547 83C4DC
add esp, FFFFFFDC
:0042354A 53
push ebx
:0042354B 56
push esi
:0042354C 57
push edi
:0042354D C645FF01
mov [ebp-01], 01
:00423551 8B4508
:00423554 8B40FC
:00423557 8B4024
:0042355A 8BB828010000
:00423560 8B4508
:00423563 8B50FC
:00423566
:00423568
:0042356D
:0042356F
:00423571
8BC7
E8A396FEFF
8BF0
85F6
7E4E
|:004235BF(C)
|
:00423573 4E
:00423574 8BD6
:00423576 8BC7
:00423578 E8FB95FEFF
:0042357D 8BD8
:0042357F 807B4700
:00423583 7438
:00423585 F6434040
:00423589 7432
:0042358B 8D55DC
:0042358E 8BC3
:00423590 E8C3F5FFFF
:00423595 8D45DC
:00423598 50
:00423599 8B4508
:0042359C 83C0EC
:0042359F 50
:004235A0 8D45EC
:004235A3 50
mov eax, edi

call 0040CC10
mov esi, eax
test esi, esi
jle 004235C1
dec esi
mov edx, esi
mov eax, edi
call 0040CB78
mov ebx, eax
je 004235BD
test [ebx+40], 40
je 004235BD
mov eax, ebx
call 00422B58
push eax
add eax, FFFFFFEC
push eax
push eax

|
:004235A4 E8DF2CFEFF
Call 00406288
:004235A9 8B4508
:004235AC 83C0EC
add eax, FFFFFFEC
:004235AF 50
push eax
:004235B0 8D45EC
:004235B3 50
push eax
* Reference To: user32.EqualRect, Ord:0000h
|
:004235B4 E8372BFEFF
Call 004060F0
:004235B9 85C0
test eax, eax
:004235BB 7508
jne 004235C5
|:00423583(C), :00423589(C)
|
:004235BD 85F6
test esi, esi
:004235BF 7FB2
jg 00423573
|:00423571(C)
|
:004235C1 C645FF00
mov [ebp-01], 00
|:004235BB(C)
|
:004235C5 8A45FF
:004235C8 5F
pop edi
:004235C9
:004235CA
:004235CB
:004235CD
:004235CE
5E
5B
8BE5
5D
C3
:004235CF 90
pop
pop
mov
pop
ret
esi
ebx
esp, ebp
ebp
nop

|:004228FB , :00422B21 , :00423455 , :00423666 , :00424AE8
|:00426021
|
:004235D0 55
push ebp
:004235D1 8BEC
mov ebp, esp
:004235D3 83C4E8
add esp, FFFFFFE8
:004235D6 53
push ebx
:004235D7 884DEB
:004235DA 8BDA
mov ebx, edx
:004235DC 8945FC
:004235DF 84DB
test bl, bl
:004235E1 7512
jne 004235F5
:004235E3 8B45FC
:004235E6 F6402010
test [eax+20], 10
:004235EA 7469
je 00423655
:004235EC 8B45FC
:004235EF F6404104
test [eax+41], 04
:004235F3 7560
jne 00423655
|:004235E1(C)
|
:004235F5 8B45FC
:004235F8 83782400
:004235FC 7457
:004235FE 8B45FC
:00423601 8B4024
:00423604 E8D75C0000
:00423609 84C0
:0042360B 7448
:0042360D 8D55EC
:00423610 8B45FC
:00423613 E840F5FFFF
:00423618 807DEB00
:0042361C 7517
:0042361E 8B45FC
:00423621 8B4024
:00423624 F6404040
:00423628 750B
:0042362A 55
:0042362B E814FFFFFF
:00423630 59
:00423631 84C0
:00423633 7404

je 00423655
call 004292E0
test al, al
je 00423655
call 00422B58
jne 00423635
test [eax+40], 40
jne 00423635
push ebp
call 00423544
pop ecx
test al, al
je 00423639

|:0042361C(C), :00423628(C)
|
:00423635 33C0
xor eax, eax
:00423637 EB02
jmp 0042363B

|:00423633(C)
|
:00423639 B001
mov al, 01
|:00423637(U)
|
:0042363B F6D8
:0042363D 1BC0
:0042363F 50
:00423640 8D45EC
:00423643 50
:00423644 8B45FC
:00423647 8B4024
:0042364A E8B1580000
:0042364F 50

neg al
sbb eax, eax
push eax
push eax
call 00428F00
push eax

|
:00423650 E83B2CFEFF
Call 00406290
|:004235EA(C), :004235F3(C), :004235FC(C), :0042360B(C)
|
:00423655 5B
pop ebx
:00423656 8BE5
mov esp, ebp
:00423658 5D
pop ebp
:00423659 C3
ret
:0042365A
:0042365C
:00423660
:00423663
:00423666
:0042366B
8BC0
F6404040
0F95C1
8A5047
E865FFFFFF
C3
mov eax, eax

test [eax+40], 40
setne cl
call 004235D0
ret
:0042366C
:0042366D
:00423670
:00423672
:00423674
:00423676
:00423678
56
8B7024
85F6
740A
8BC6
8B10
FF9284000000
push esi
test esi, esi
je 0042367E
mov eax, esi
call dword ptr [edx+00000084]

|:00423672(C)
|
:0042367E 5E
pop esi
:0042367F C3
ret
:00423680
:00423681
:00423683
:00423686
:00423687
55
8BEC
83C4F8
53
8945FC
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
:0042368A
:0042368D
:00423691
:00423693
:00423696
:0042369A
:004236A0
:004236A3
:004236A7
8B45FC
80784700
751A
8B45FC
F6402010
0F84D3000000
8B45FC
F6404104
0F85C6000000
|:00423691(C)
|
:004236AD 8B45FC
:004236B0 83782400
:004236B4 0F84B9000000
:004236BA 8B45FC
:004236BD 8B4024
:004236C0 E81B5C0000
:004236C5 84C0
:004236C7 0F84A6000000
:004236CD 8B45FC
:004236D0 F6404040
:004236D4 0F8486000000
:004236DA 8B45FC
:004236DD 8B4024
:004236E0 E81B580000
:004236E5 50

jne 004236AD
test [eax+20], 10
je 00423773
test [eax+41], 04
jne 00423773
je 00423773
call 004292E0
test al, al
je 00423773
test [eax+40], 40
je 00423760
call 00428F00
push eax

|
:004236E6 E85D2AFEFF
Call 00406148
:004236EB 8945F8
:004236EE 33C9
xor ecx, ecx
:004236F0 55
push ebp
:004236F1 6859374200
push 00423759
:004236F6 64FF31
:004236F9 648921
:004236FC 8B55FC
:004236FF 8B5234
:00423702 8BCA
mov ecx, edx
:00423704 8B5DFC
:00423707 034B3C
add ecx, dword ptr [ebx+3C]
:0042370A 51
push ecx
:0042370B 8B45FC
:0042370E 8B4030
:00423711 8BC8
mov ecx, eax
:00423713 8B5DFC
:00423716 034B38
add ecx, dword ptr [ebx+38]
:00423719 51
push ecx
:0042371A 52
push edx
:0042371B 50
push eax
:0042371C 8B45F8
:0042371F 50
push eax
|
:00423720 E8EB27FEFF
Call 00405F10
:00423725 8B45FC
:00423728 8B4024
:0042372B
:0042372E
:00423731
:00423736
:00423738
:00423739
:0042373A
:0042373B
8B4DFC
8B55F8
E8B2360000
33C0
5A
59
59
648910

call 00426DE8
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0042373E 6873374200
push 00423773
|:0042375E(U)
|
:00423743 8B45F8
:00423746 50
:00423747 8B45FC
:0042374A 8B4024
:0042374D E8AE570000
:00423752 50

push eax
call 00428F00
push eax

|
:00423753 E8082CFEFF
Call 00406360
:00423758 C3
ret
:00423759 E91AFBFDFF
:0042375E EBE3
jmp 00403278
jmp 00423743
|:004236D4(C)
|
:00423760 8B45FC
:00423763 8B10
:00423765 FF5278
:00423768 8B45FC
:0042376B 8B10
:0042376D FF9284000000

mov eax, dword
mov edx, dword
call [edx+78]
mov eax, dword
mov edx, dword
call dword ptr
ptr [ebp-04]
ptr [eax]
ptr [ebp-04]
ptr [eax]
[edx+00000084]

|:0042369A(C), :004236A7(C), :004236B4(C), :004236C7(C)
|
:00423773 5B
pop ebx
:00423774 59
pop ecx
:00423775 59
pop ecx
:00423776 5D
pop ebp
:00423777 C3
ret
:00423778 33C0
:0042377A C3
xor eax, eax

ret
:0042377B 90
nop

|:00421FF3 , :00425199 , :00426189
|
:0042377C
:00423782
:00423786
:00423788
:0042378C
8B15502D4400
807A0900
7406
80784F00
7503

je 0042378E
cmp byte ptr [eax+4F], 00
jne 00423791

|:00423786(C)
|
:0042378E 33C0
xor eax, eax
:00423790 C3
ret

|:0042378C(C)
|
:00423791 B001
mov al, 01
:00423793 C3
ret
:00423794
:0042379A
:0042379E
:004237A0
:004237A4
8B15502D4400
807A0900
7406
80784F01
7403

je 004237A6
je 004237A9

|:0042379E(C)
|
:004237A6 33C0
xor eax, eax
:004237A8 C3
ret

|:004237A4(C)
|
:004237A9 B001
mov al, 01
:004237AB C3
ret

|:0042619A , :00436DAF
|
:004237AC 8B15502D4400
:004237B2 807A0900
:004237B6 7408
je 004237C0
:004237B8 8A404F
mov al, byte ptr [eax+4F]
:004237BB 48
dec eax
:004237BC 2C02
sub al, 02
:004237BE 7203
jb 004237C3
|:004237B6(C)
|
:004237C0 33C0
xor eax, eax
:004237C2 C3
ret

|:004237BE(C)
|
:004237C3 B001
mov al, 01
:004237C5 C3
ret
:004237C6
:004237C8
:004237CE
:004237D1
:004237D7
:004237DA
:004237DF
8BC0
8B1520374400
8B4A08
8B1520374400
8A5204
E801000000
C3
mov eax, eax

call 004237E0
ret

|:004237DA , :0042CCA1 , :0043AFF8 , :0043C89C
|
:004237E0 55
push ebp
:004237E1 8BEC
mov ebp, esp
:004237E3 83C4EC
add esp, FFFFFFEC
:004237E6 53
push ebx
:004237E7 56
push esi
:004237E8 57
push edi
:004237E9 33DB
xor ebx, ebx
:004237EB 895DF4
:004237EE 8BF1
mov esi, ecx
:004237F0 8BDA
mov ebx, edx
:004237F2 8BF8
mov edi, eax
:004237F4 33C0
xor eax, eax
:004237F6 55
push ebp
:004237F7 68D2384200
push 004238D2
:004237FC 64FF30
:004237FF 648920
:00423802 8BC7
mov eax, edi
:00423804 8B153C504300
:0042380A E881F5FDFF
call 00402D90
:0042380F 84C0
test al, al
:00423811 742A
je 0042383D
:00423813 80BF8700000001
:0042381A 7421
je 0042383D
:0042381C 8D55F4
:0042381F A1502C4400
:00423824 E8FB15FEFF
call 00404E24
:00423829 8B4DF4
:0042382C B201
mov dl, 01
:0042382E A1F4B44000
:00423833 E83450FEFF
call 0040886C
:00423838 E873FAFDFF
call 004032B0
|:00423811(C), :0042381A(C)
|
:0042383D 8BC7
mov eax, edi
:0042383F E884090000
call 004241C8
:00423844
:0042384B
:0042384D
:00423854
833D3037440000
7409
833D30374400FF
7566
cmp dword ptr [00443730], 00000000

je 00423856
cmp dword ptr [00443730], FFFFFFFF
jne 004238BC
|:0042384B(C)
|
:00423856 33C0
:00423858 A330374400
:0042385D F6474401
:00423861 7439
:00423863 8D45F8
:00423866 50

xor eax, eax
test [edi+44], 01
je 0042389C
push eax

|
:00423867 E8D428FEFF
Call 00406140
:0042386C 8D4DEC
:0042386F 8D55F8
:00423872 8BC7
mov eax, edi
:00423874 E87BF4FFFF
call 00422CF4
:00423879 8B45EC
:0042387C 8945F8
:0042387F 8B45F0
:00423882 8945FC
:00423885 8D45F8
:00423888 E88B2CFEFF
call 00406518
:0042388D 50
push eax
:0042388E 33C9
xor ecx, ecx
:00423890 BA02020000
mov edx, 00000202
:00423895 8BC7
mov eax, edi
:00423897 E8F8080000
call 00424194
|:00423861(C)
|
:0042389C 85F6
:0042389E 7D08
:004238A0 A120374400
:004238A5 8B7008
|:0042389E(C)
|
:004238A8 833D30374400FF
:004238AF 740B
:004238B1 8BCE
:004238B3 8BD3
:004238B5 8BC7
:004238B7 E8E4DEFFFF
|:00423854(C), :004238AF(C)
|
:004238BC 33C0
:004238BE 5A
:004238BF 59
:004238C0 59
:004238C1 648910
test esi, esi

jge 004238A8
cmp dword ptr [00443730], FFFFFFFF

je 004238BC
mov ecx, esi
mov edx, ebx
mov eax, edi
call 004217A0
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:004238C4 68D9384200
push 004238D9
|:004238D7(U)
|
:004238C9 8D45F4
:004238CC E8E7FEFDFF
:004238D1 C3
:004238D2
:004238D7
:004238D9
:004238DA
:004238DB
:004238DC
:004238DE
:004238DF
jmp
jmp
pop
pop
pop
mov
pop
ret
E9A1F9FDFF
EBF0
5F
5E
5B
8BE5
5D
C3

call 004037B8
ret
00403278
004238C9
edi
esi
ebx
esp, ebp
ebp
:004238E0 C3
ret
:004238E1 8D4000

|:00426ACE
|
:004238E4 3B0530374400
:004238EA 0F94C0
sete al
:004238ED C3
ret
:004238EE
:004238F0
:004238F1
:004238F3
:004238F4
:004238F5
:004238F8
:004238FB
:00423903
:00423905
:00423908
:00423909
:0042390C
:0042390D
:00423910
:00423911
:00423912
:00423914
:00423916
:00423918
:0042391E
8BC0
55
8BEC
53
56
8B7508
C60600
6683B8D600000000
741F
C60601
51
8B4D10
51
8A4D0C
51
56
8BD8
8BCA
8BD0
8B83D8000000
FF93D4000000
mov eax, eax

push ebp
mov ebp, esp
push ebx
push esi
mov byte ptr [esi], 00
cmp word ptr [eax+000000D6], 0000
je 00423924
mov byte ptr [esi], 01
push ecx
push ecx
mov cl, byte ptr [ebp+0C]
push ecx
push esi
mov ebx, eax
mov ecx, edx
mov edx, eax
mov eax, dword ptr [ebx+000000D8]
call dword ptr [ebx+000000D4]

|:00423903(C)
|
:00423924
:00423925
:00423926
:00423927
5E
5B
5D
C20C00
pop
pop
pop
ret
:0042392A
:0042392C
:0042392D
:0042392F
:00423930
:00423938
:0042393A
:0042393B
:0042393E
:0042393F
:00423941
:00423943
:00423945
:0042394B
8BC0
55
8BEC
53
6683B8CE00000000
7417
51
8B4D08
51
8BD8
8BCA
8BD0
8B83D0000000
FF93CC000000
mov eax, eax

push ebp
mov ebp, esp
push ebx
cmp word ptr [eax+000000CE], 0000
je 00423951
push ecx
push ecx
mov ebx, eax
mov ecx, edx
mov edx, eax
call dword ptr [ebx+000000CC]
esi
ebx
ebp
000C

|:00423938(C)
|
:00423951 5B
pop ebx
:00423952 5D
pop ebp
:00423953 C20400
ret 0004
:00423956
:00423958
:00423959
:00423961
:00423963
:00423965
:00423967
:00423969
:0042396F
8BC0
53
6683B8F600000000
7412
8BCA
8BD8
8BD0
8B83F8000000
FF93F4000000
mov eax, eax

push ebx
cmp word ptr [eax+000000F6], 0000
je 00423975
mov ecx, edx
mov ebx, eax
mov edx, eax
mov eax, dword ptr [ebx+000000F8]
call dword ptr [ebx+000000F4]

|:00423961(C)
|
:00423975 5B
pop ebx
:00423976 C3
ret
:00423977
:00423978
:00423979
:0042397B
:0042397C
:00423984
:00423986
:00423987
:0042398A
:0042398B
:0042398D
:0042398F
:00423991
90
55
8BEC
53
6683B8FE00000000
7417
51
8B4D08
51
8BD8
8BCA
8BD0
8B8300010000
nop
push ebp
mov ebp, esp
push ebx
cmp word ptr [eax+000000FE], 0000
je 0042399D
push ecx
push ecx
mov ebx, eax
mov ecx, edx
mov edx, eax
:00423997 FF93FC000000
call dword ptr [ebx+000000FC]

|:00423984(C)
|
:0042399D 5B
pop ebx
:0042399E 5D
pop ebp
:0042399F C20400
ret 0004
:004239A2
:004239A4
:004239A5
:004239A6
:004239A7
:004239A8
:004239AB
:004239AD
:004239B1
:004239B3
:004239B6
:004239BD
8BC0
53
56
57
55
83C4EC
8BDA
837B0400
740C
8B4304
80B88001000000
756D
mov eax, eax

push ebx
push esi
push edi
push ebp
add esp, FFFFFFEC
mov ebx, edx
je 004239BF
jne 00423A2C
|:004239B1(C)
|
:004239BF 8B4330
:004239C2 E859F7FFFF
:004239C7 8BF8
:004239C9 8B4330
:004239CC E83BF7FFFF
:004239D1 8BE8
:004239D3 897C2410
:004239D7 DB442410
:004239DB DC4B1C
:004239DE DB430C
:004239E1 DEE1
:004239E3 DD1C24
:004239E6 9B
:004239E7 896C2410
:004239EB DB442410
:004239EF DC4B24
:004239F2 DB4310
:004239F5 DEE1
:004239F7 DD5C2408
:004239FB 9B
:004239FC 8D7338
:004239FF DD0424
:00423A02 E8E5EDFDFF
:00423A07 8906
:00423A09 DD442408
:00423A0D E8DAEDFDFF
:00423A12 894604
:00423A15 033E
:00423A17 897E08
:00423A1A 036E04
:00423A1D 896E0C
:00423A20 8D5338
:00423A23 8BC3
:00423A25 8B08

call 00423120
mov edi, eax
call 0042310C
mov ebp, eax
fmul qword ptr [ebx+1C]
fild dword ptr [ebx+0C]
fsubrp st(1), st(0)
fstp qword ptr [esp]
wait
mov dword ptr [esp+10], ebp
fmul qword ptr [ebx+24]
fild dword ptr [ebx+10]
fsubrp st(1), st(0)
fstp qword ptr [esp+08]
wait
lea esi, dword ptr [ebx+38]
fld qword ptr [esp]
call 004027EC
fld qword ptr [esp+08]
call 004027EC
add edi, dword ptr [esi]
add ebp, dword ptr [esi+04]
mov dword ptr [esi+0C], ebp
mov eax, ebx
:00423A27 FF5128
:00423A2A EB40
call [ecx+28]
jmp 00423A6C
|:004239BD(C)
|
:00423A2C 8D4338
:00423A2F 50
:00423A30 8B4304
:00423A33 E8C8540000
:00423A38 50

push eax
call 00428F00
push eax

|
:00423A39 E81228FEFF
Call 00406250
:00423A3E 8B4304
:00423A41 80B88001000000
:00423A48 7422
je 00423A6C
:00423A4A 83B83C01000000
:00423A51 7419
je 00423A6C
:00423A53 8A5348
:00423A56 52
push edx
:00423A57 8D5338
:00423A5A 52
push edx
:00423A5B 8B803C010000
:00423A61 8B4B4C
:00423A64 8B5330
:00423A67 8B18
:00423A69 FF5324
call [ebx+24]
|:00423A2A(U), :00423A48(C), :00423A51(C)
|
:00423A6C 83C414
add esp, 00000014
:00423A6F 5D
pop ebp
:00423A70 5F
pop edi
:00423A71 5E
pop esi
:00423A72 5B
pop ebx
:00423A73 C3
ret
:00423A74
:00423A75
:00423A77
:00423A78
:00423A79
:00423A7A
:00423A7C
:00423A7E
:00423A80
:00423A82
:00423A86
:00423A8B
:00423A8C
:00423A8D
:00423A8E
:00423A8F
55
8BEC
53
56
57
8BFA
8BF0
8BD7
8BC6
66BBD8FF
E869F3FDFF
5F
5E
5B
5D
C20400
:00423A92 8BC0
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov edx, edi
mov eax, esi
mov bx, FFD8
call 00402DF4
pop edi
pop esi
pop ebx
pop ebp
ret 0004
mov eax, eax
:00423A94
:00423A95
:00423A97
:00423A98
:00423AA0
:00423AA2
:00423AA3
:00423AA6
:00423AA7
:00423AA9
:00423AAB
:00423AAD
:00423AB3
55
8BEC
53
6683B8EE00000000
7417
51
8B4D08
51
8BD8
8BCA
8BD0
8B83F0000000
FF93EC000000
push ebp
mov ebp, esp
push ebx
cmp word ptr [eax+000000EE], 0000
je 00423AB9
push ecx
push ecx
mov ebx, eax
mov ecx, edx
mov edx, eax
call dword ptr [ebx+000000EC]

|:00423AA0(C)
|
:00423AB9 5B
pop ebx
:00423ABA 5D
pop ebp
:00423ABB C20400
ret 0004
:00423ABE
:00423AC0
:00423AC1
:00423AC9
:00423ACB
:00423ACD
:00423ACF
:00423AD1
:00423AD7
8BC0
53
6683B8E600000000
7412
8BCA
8BD8
8BD0
8B83E8000000
FF93E4000000
mov eax, eax

push ebx
cmp word ptr [eax+000000E6], 0000
je 00423ADD
mov ecx, edx
mov ebx, eax
mov edx, eax
call dword ptr [ebx+000000E4]

|:00423AC9(C)
|
:00423ADD 5B
pop ebx
:00423ADE C3
ret
:00423ADF
:00423AE0
:00423AE1
:00423AE3
:00423AE6
:00423AE7
:00423AE8
:00423AE9
:00423AEC
:00423AEE
:00423AF0
:00423AF2
:00423AF5
:00423AF7
:00423AFB
:00423AFD
:00423AFE
:00423B01
:00423B04
:00423B09
:00423B0A
90
55
8BEC
83C4E0
53
56
57
884DFF
8BF2
8BC6
8B10
FF5234
8BD8
807DFF00
7411
56
83C650
8D7DE0
B904000000
F3
A5
nop
push ebp
mov ebp, esp
add esp, FFFFFFE0
push ebx
push esi
push edi
mov esi, edx
mov eax, esi
call [edx+34]
mov ebx, eax
je 00423B0E
push esi
add esi, 00000050
mov ecx, 00000004
repz
movsd
:00423B0B 5E
:00423B0C EB0F
pop esi
jmp 00423B1D
|:00423AFB(C)
|
:00423B0E 56
:00423B0F 83C638
:00423B12 8D7DE0
:00423B15 B904000000
:00423B1A F3
:00423B1B A5
:00423B1C 5E

push esi
add esi, 00000038
mov ecx, 00000004
repz
movsd
pop esi

|:00423B0C(U)
|
|
:00423B1D E83626FEFF
Call 00406158
:00423B22 8945F8
:00423B25 6802040000
push 00000402
:00423B2A 6A00
push 00000000
:00423B2C 8B45F8
:00423B2F 50
push eax
|
:00423B30 E81B26FEFF
Call 00406150
:00423B35 8945F4
:00423B38 33C0
xor eax, eax
:00423B3A 55
push ebp
:00423B3B 68013C4200
push 00423C01
:00423B40 64FF30
:00423B43 648920
:00423B46 8B4634
:00423B49 E8720CFFFF
call 004147C0
:00423B4E 50
push eax
:00423B4F 8B45F4
:00423B52 50
push eax
|
:00423B53 E81024FEFF
Call 00405F68
:00423B58 8945F0
:00423B5B 6849005A00
push 005A0049
:00423B60 53
push ebx
:00423B61 8B45E8
:00423B64 8B75E0
:00423B67 2BC6
sub eax, esi
:00423B69 2BC3
sub eax, ebx
:00423B6B 50
push eax
:00423B6C 8B7DE4
mov edi, dword ptr [ebp-1C]
:00423B6F 57
push edi
:00423B70 8BC6
mov eax, esi
:00423B72 03C3
add eax, ebx
:00423B74 50
push eax
:00423B75 8B45F4
:00423B78 50
push eax

|
:00423B79 E8B223FEFF
Call 00405F30
:00423B7E 6849005A00
push 005A0049
:00423B83 8B45EC
:00423B86 2BC7
sub eax, edi
:00423B88 2BC3
sub eax, ebx
:00423B8A 50
push eax
:00423B8B 53
push ebx
:00423B8C 8BC7
mov eax, edi
:00423B8E 03C3
add eax, ebx
:00423B90 50
push eax
:00423B91 8B45E8
:00423B94 2BC3
sub eax, ebx
:00423B96 50
push eax
:00423B97 8B45F4
:00423B9A 50
push eax
|
:00423B9B E89023FEFF
Call 00405F30
:00423BA0 6849005A00
push 005A0049
:00423BA5 53
push ebx
:00423BA6 8B45E8
mov eax, dword
:00423BA9 2B45E0
sub eax, dword
:00423BAC 2BC3
sub eax, ebx
:00423BAE 50
push eax
:00423BAF 8B45EC
mov eax, dword
:00423BB2 2BC3
sub eax, ebx
:00423BB4 50
push eax
:00423BB5 56
push esi
:00423BB6 8B45F4
mov eax, dword
:00423BB9 50
push eax
ptr [ebp-18]
ptr [ebp-20]
ptr [ebp-14]
ptr [ebp-0C]

|
:00423BBA E87123FEFF
Call 00405F30
:00423BBF 6849005A00
push 005A0049
:00423BC4 8B45EC
:00423BC7 2B45E4
:00423BCA 2BC3
sub eax, ebx
:00423BCC 50
push eax
:00423BCD 53
push ebx
:00423BCE 57
push edi
:00423BCF 56
push esi
:00423BD0 8B45F4
:00423BD3 50
push eax
|
:00423BD4 E85723FEFF
Call 00405F30
:00423BD9 8B45F0
:00423BDC 50
push eax
:00423BDD 8B45F4
:00423BE0 50
push eax
|
:00423BE1 E88223FEFF
Call 00405F68
:00423BE6
:00423BE8
:00423BE9
:00423BEA
:00423BEB
33C0
5A
59
59
648910
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:00423BEE 68083C4200
push 00423C08
|:00423C06(U)
|
:00423BF3 8B45F4
:00423BF6 50
push eax
:00423BF7 8B45F8
:00423BFA 50
push eax
|
:00423BFB E86027FEFF
Call 00406360
:00423C00 C3
ret
:00423C01
:00423C06
:00423C08
:00423C09
:00423C0A
:00423C0B
:00423C0D
:00423C0E
E972F6FDFF
EBEB
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:00423C0F
:00423C10
:00423C11
:00423C13
:00423C17
:00423C1C
:00423C1D
90
53
33C9
66BBEAFF
E8D8F1FDFF
5B
C3
nop
push ebx
xor ecx, ecx
mov bx, FFEA
call 00402DF4
pop ebx
ret
:00423C1E
:00423C20
:00423C21
:00423C23
:00423C27
:00423C2C
:00423C2D
8BC0
53
B101
66BBEAFF
E8C8F1FDFF
5B
C3
mov eax, eax

push ebx
mov cl, 01
mov bx, FFEA
call 00402DF4
pop ebx
ret
:00423C2E 8BC0
00403278
00423BF3
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:0042861E
|
:00423C30 53
push ebx
:00423C31 56
push esi
:00423C32 57
push edi
:00423C33
:00423C34
:00423C37
:00423C39
:00423C3C
:00423C3F
:00423C42
:00423C44
:00423C4A
:00423C4F
:00423C51
:00423C58
:00423C5A
:00423C5C
:00423C5E
:00423C60
:00423C66
:00423C6B
55
83C4F0
8BEA
890424
8B7D08
8B7708
8BC6
8B159CEA4100
E841F1FDFF
8BD8
803D3837440000
7414
84DB
7510
8BC6
8B1514EA4100
E83DF1FDFF
8B7030
push ebp
add esp, FFFFFFF0
mov ebp, edx
mov eax, esi
call 00402D90
mov ebx, eax
cmp byte ptr [00443738], 00
je 00423C6E
test bl, bl
jne 00423C6E
mov eax, esi
mov edx, dword ptr [0041EA14]
call 00402DA8
|:00423C58(C), :00423C5C(C)
|
:00423C6E 8D4C2408
:00423C72 8BD7
:00423C74 8B0424
:00423C77 E878F0FFFF
:00423C7C 8A4504
:00423C7F 2C03
:00423C81 7207
:00423C83 745C
:00423C85 E98C000000
|:00423C81(C)
|
:00423C8A C644240401
:00423C8F 84DB
:00423C91 7422
:00423C93 8B44240C
:00423C97 50
:00423C98 8A4504
:00423C9B 50
:00423C9C 8D44240C
:00423CA0 50
:00423CA1 8B4C2414
:00423CA5 8BD6
:00423CA7 8B470C
:00423CAA 66BBCCFF
:00423CAE E841F1FDFF
:00423CB3 EB21
|:00423C91(C)
|
:00423CB5 8B44240C
:00423CB9 50
:00423CBA 8A4504
:00423CBD 50
:00423CBE 8D44240C
:00423CC2 50

mov edx, edi
call 00422CF4
sub al, 03
jb 00423C8A
je 00423CE1
jmp 00423D16
mov [esp+04], 01
test bl, bl
je 00423CB5
push eax
push eax
push eax
mov edx, esi
mov bx, FFCC
call 00402DF4
jmp 00423CD6

push eax
push eax
push eax
:00423CC3
:00423CC7
:00423CC9
:00423CCD
:00423CD1
8B4C2414
8BD6
8B44240C
66BBE4FF
E81EF1FDFF

mov edx, esi
mov bx, FFE4
call 00402DF4
|:00423CB3(U)
|
:00423CD6 33C0
:00423CD8 8A442404
:00423CDC 89450C
:00423CDF EB35
|:00423C83(C)
|
:00423CE1 84DB
:00423CE3 7419
:00423CE5 8B44240C
:00423CE9 50
:00423CEA 8B4C240C
:00423CEE 8BD6
:00423CF0 8B470C
:00423CF3 66BBBDFF
:00423CF7 E8F8F0FDFF
:00423CFC EB18
|:00423CE3(C)
|
:00423CFE 8B44240C
:00423D02 50
:00423D03 8B4C240C
:00423D07 8BD6
:00423D09 8B442404
:00423D0D 66BBD1FF
:00423D11 E8DEF0FDFF
xor
mov
mov
jmp
eax, eax
dword ptr [ebp+0C], eax
00423D16
test bl, bl
je 00423CFE
push eax
mov edx, esi
mov bx, FFBD
call 00402DF4
jmp 00423D16

push eax
mov edx, esi
mov bx, FFD1
call 00402DF4

|:00423C85(U), :00423CDF(U), :00423CFC(U)
|
:00423D16 83C410
add esp, 00000010
:00423D19 5D
pop ebp
:00423D1A 5F
pop edi
:00423D1B 5E
pop esi
:00423D1C 5B
pop ebx
:00423D1D C3
ret
:00423D1E 8BC0
mov eax, eax

|:0042AD42 , :0042B980 , :0042CC15
|
:00423D20 55
push ebp
:00423D21 8BEC
mov ebp, esp
:00423D23 83C4CC
add esp, FFFFFFCC
:00423D26 53
push ebx
:00423D27 56
push esi
:00423D28
:00423D29
:00423D2C
:00423D2E
:00423D30
:00423D32
:00423D34
:00423D37
57
894DFC
8BFA
8BF0
85FF
7409
83FFFF
0F85C2000000
|:00423D32(C)
|
:00423D3D 8B868C000000
:00423D43 85C0
:00423D45 743D
:00423D47 80B88001000000
:00423D4E 7434
:00423D50 83B83C01000000
:00423D57 742B
:00423D59 8D4DE4
:00423D5C 8B803C010000
:00423D62 8BD6
:00423D64 8B18
:00423D66 FF5314
:00423D69 6A02
:00423D6B 8D45E4
:00423D6E 50
:00423D6F 6A00
:00423D71 8B868C000000
:00423D77 E884510000
:00423D7C 50
push edi
mov edi, edx
mov esi, eax
test edi, edi
je 00423D3D
cmp edi, FFFFFFFF
jne 00423DFF
test eax, eax
je 00423D84
je 00423D84
je 00423D84
mov edx, esi
call [ebx+14]
push 00000002
push eax
push 00000000
call 00428F00
push eax

|
:00423D7D E87E25FEFF
Call 00406300
:00423D82 EB3A
jmp 00423DBE
|:00423D45(C), :00423D4E(C), :00423D57(C)
|
:00423D84 8D4DDC
:00423D87 8B5634
:00423D8A 8B4630
:00423D8D E8EE83FEFF
call 0040C180
:00423D92 8B45DC
:00423D95 8945E4
:00423D98 8B45E0
:00423D9B 8945E8
:00423D9E 8B5E24
:00423DA1 85DB
test ebx, ebx
:00423DA3 7419
je 00423DBE
:00423DA5 8D4DDC
:00423DA8 8D55E4
:00423DAB 8BC3
mov eax, ebx
:00423DAD E816EFFFFF
call 00422CC8
:00423DB2 8B45DC
:00423DB5 8945E4
:00423DB8 8B45E0
:00423DBB 8945E8
|:00423D82(U), :00423DA3(C)
|
:00423DBE 8BC6
:00423DC0 E847F3FFFF
:00423DC5 50
:00423DC6 8D45CC
:00423DC9 50
:00423DCA 8BC6
:00423DCC E84FF3FFFF
:00423DD1 8BC8
:00423DD3 8B55E8
:00423DD6 8B45E4
:00423DD9 E8D683FEFF
:00423DDE 56
:00423DDF 8D75CC
:00423DE2 8D7DE4
:00423DE5 B904000000
:00423DEA F3
:00423DEB A5
:00423DEC 5E
:00423DED 8D55E4
:00423DF0 8BC6
:00423DF2 E81D010000
:00423DF7 8845FB
:00423DFA E906010000
|:00423D37(C)
|
:00423DFF 8BC6
:00423E01 E8C2030000
:00423E06 8BC6
:00423E08 8B10
:00423E0A FF5254
:00423E0D 84C0
:00423E0F 7524
:00423E11 83BE8C00000000
:00423E18 7417
:00423E1A 8B868C000000
:00423E20 8BCE
:00423E22 8BD7
:00423E24 66BBC3FF
:00423E28 E8C7EFFDFF
:00423E2D 84C0
:00423E2F 7504
mov eax, esi

call 0042310C
push eax
push eax
mov eax, esi
call 00423120
mov ecx, eax
call 0040C1B4
push esi
mov ecx, 00000004
repz
movsd
pop esi
mov eax, esi
call 00423F14
jmp 00423F05
mov eax, esi

call 004241C8
mov eax, esi
call [edx+54]
test al, al
jne 00423E35
je 00423E31
mov ecx, esi
mov edx, edi
mov bx, FFC3
call 00402DF4
test al, al
jne 00423E35

|:00423E18(C)
|
:00423E31 33C0
xor eax, eax
:00423E33 EB02
jmp 00423E37
|:00423E0F(C), :00423E2F(C)
|
:00423E35 B001
mov al, 01
|:00423E33(U)
|
:00423E37
:00423E3A
:00423E3E
:00423E44
:00423E46
:00423E48
:00423E4D
:00423E52
:00423E55
:00423E57
:00423E58
:00423E5D
:00423E60
:00423E63
:00423E69
:00423E6B
:00423E6D
:00423E72
:00423E74
8845FB
807DFB00
0F84C1000000
8BCE
B201
A19CEA4100
E8A2CDFFFF
8945F4
33D2
55
68FE3E4200
64FF32
648922
8B868C000000
85C0
7409
E88E500000
8BD8
EB02

je 00423F05
mov ecx, esi
mov dl, 01
mov eax, dword ptr [0041EA9C]
call 00420BF4
xor edx, edx
push ebp
push 00423EFE
test eax, eax
je 00423E76
call 00428F00
mov ebx, eax
jmp 00423E78

|:00423E6B(C)
|
:00423E76 33DB
xor ebx, ebx
|:00423E74(U)
|
:00423E78 8D55E4
:00423E7B 8BC6
:00423E7D E8D6ECFFFF
:00423E82 85DB
:00423E84 740E
:00423E86 6A02
:00423E88 8D45E4
:00423E8B 50
:00423E8C 6A00
:00423E8E 53

mov eax, esi
call 00422B58
test ebx, ebx
je 00423E94
push 00000002
push eax
push 00000000
push ebx

|
:00423E8F E86C24FEFF
Call 00406300
|:00423E84(C)
|
:00423E94 8B45F4
:00423E97 897804
:00423E9A 8B45F4
:00423E9D 8A5508
:00423EA0 885048
:00423EA3 8B45F4
:00423EA6 8B55FC
:00423EA9 89504C
:00423EAC 8B45F4
:00423EAF 57
:00423EB0 8D7838
:00423EB3 8D75E4
:00423EB6 B904000000

push edi
lea esi, dword ptr [ebp-1C]
mov ecx, 00000004
:00423EBB
:00423EBC
:00423EBD
:00423EBE
:00423EC0
:00423EC3
:00423EC4
:00423EC6
:00423ECB
:00423ECC
F3
A5
5F
6A01
8D45E4
50
8BC7
E835500000
50
6A00
repz
movsd
pop edi
push 00000001
push eax
mov eax, edi
call 00428F00
push eax
push 00000000

|
:00423ECE E82D24FEFF
Call 00406300
:00423ED3 8B45E8
:00423ED6 50
push eax
:00423ED7 8B4DE4
:00423EDA 8B55F4
:00423EDD 8BC7
mov eax, edi
:00423EDF 66BBBDFF
mov bx, FFBD
:00423EE3 E80CEFFDFF
call 00402DF4
:00423EE8 33C0
xor eax, eax
:00423EEA 5A
pop edx
:00423EEB 59
pop ecx
:00423EEC 59
pop ecx
:00423EED 648910
:00423EF0 68053F4200
push 00423F05
|:00423F03(U)
|
:00423EF5 8B45F4
:00423EF8 E823EDFDFF
:00423EFD C3
:00423EFE E975F3FDFF
:00423F03 EBF0
jmp 00403278
jmp 00423EF5
|:00423DFA(U), :00423E3E(C)
|
:00423F05 8A45FB
:00423F08 5F
:00423F09 5E
:00423F0A 5B
:00423F0B 8BE5
:00423F0D 5D
:00423F0E C20400
:00423F11 8D4000

call 00402C20
ret
mov
pop
pop
pop
mov
pop
ret

edi
esi
ebx
esp, ebp
ebp
0004

|:00423DF2
|
:00423F14 53
push ebx
:00423F15 56
push esi
:00423F16 57
push edi
:00423F17 83C4DC
add esp, FFFFFFDC
:00423F1A
:00423F1C
:00423F20
:00423F25
:00423F26
:00423F27
:00423F29
:00423F2F
:00423F31
:00423F33
:00423F35
:00423F37
:00423F39
:00423F3D
:00423F42
:00423F44
:00423F46
:00423F48
8BF2
8D7C2404
B904000000
F3
A5
8BF0
8BBE8C000000
85FF
7417
8BCE
33D2
8BC7
66BBC3FF
E8B2EEFDFF
84C0
7504
33C0
EB02
mov esi, edx

mov ecx, 00000004
repz
movsd
mov esi, eax
test edi, edi
je 00423F4A
mov ecx, esi
xor edx, edx
mov eax, edi
mov bx, FFC3
call 00402DF4
test al, al
jne 00423F4A
xor eax, eax
jmp 00423F4C

|:00423F31(C), :00423F44(C)
|
:00423F4A B001
mov al, 01
|:00423F48(U)
|
:00423F4C 880424
:00423F4F 803C2400
:00423F53 7454
:00423F55 8D542404
:00423F59 8BC6
:00423F5B E8C80C0000
:00423F60 8BF8
:00423F62 85FF
:00423F64 7432
:00423F66 8BC7
:00423F68 E88BECFFFF
:00423F6D 50
:00423F6E 8D442418
:00423F72 50
:00423F73 8BC7
:00423F75 E83AECFFFF
:00423F7A 8BC8
:00423F7C 33D2
:00423F7E 33C0
:00423F80 E81382FEFF
:00423F85 8D4C2414
:00423F89 8BD7
:00423F8B 8BC6
:00423F8D 66BBD2FF
:00423F91 E85EEEFDFF
:00423F96 EB11
|:00423F64(C)
|
:00423F98 8D4C2404
:00423F9C 8BD7
:00423F9E 8BC6

je 00423FA9
mov eax, esi
call 00424C28
mov edi, eax
test edi, edi
je 00423F98
mov eax, edi
call 00422BF8
push eax
push eax
mov eax, edi
call 00422BB4
mov ecx, eax
xor edx, edx
xor eax, eax
call 0040C198
mov edx, edi
mov eax, esi
mov bx, FFD2
call 00402DF4
jmp 00423FA9

mov edx, edi
mov eax, esi
:00423FA0 66BBD2FF
:00423FA4 E84BEEFDFF
mov bx, FFD2

call 00402DF4
|:00423F53(C), :00423F96(U)
|
:00423FA9 8A0424
:00423FAC 83C424
:00423FAF 5F
:00423FB0 5E
:00423FB1 5B
:00423FB2 C3
:00423FB3
:00423FB4
:00423FB5
:00423FB9
:00423FBE
:00423FBF
nop
push ebx
mov bx, FFEF
call 00402DF4
pop ebx
ret
90
53
66BBEFFF
E836EEFDFF
5B
C3
mov
add
pop
pop
pop
ret
al, byte ptr [esp]

esp, 00000024
edi
esi
ebx
:00423FC0 B001
:00423FC2 C3
mov al, 01
ret
:00423FC3 90
nop

|:004295C0
|
:00423FC4 53
push ebx
:00423FC5 51
push ecx
:00423FC6 C6042401
:00423FCA 6683B8A600000000
cmp word ptr [eax+000000A6], 0000
:00423FD2 7418
je 00423FEC
:00423FD4 51
push ecx
:00423FD5 8D4C2404
:00423FD9 51
push ecx
:00423FDA 8BCA
mov ecx, edx
:00423FDC 8BD8
mov ebx, eax
:00423FDE 8BD0
mov edx, eax
:00423FE0 8B83A8000000
mov eax, dword ptr [ebx+000000A8]
:00423FE6 FF93A4000000
call dword ptr [ebx+000000A4]
|:00423FD2(C)
|
:00423FEC 8A0424
:00423FEF 5A
pop edx
:00423FF0 5B
pop ebx
:00423FF1 C3
ret
:00423FF2 8BC0
mov eax, eax

|:00424743
|
:00423FF4 53
push ebx
:00423FF5
:00423FF6
:00423FF9
:00423FFD
:00424000
:00424002
:00424006
:00424008
:0042400B
:0042400D
:00424011
:00424015
:00424017
:0042401B
:0042401F
:00424023
:00424025
:00424027
:0042402A
:0042402D
:0042402F
:00424031
:00424033
:00424036
:00424039
56
83C4F0
894C2404
891424
8BF0
807E4B05
744D
8B0424
8B00
89442408
8B442404
8B00
8944240C
8D4C240C
8D542408
8BC6
8B18
FF5338
8A564B
8BCA
84C9
7408
80C1FD
80E902
7309
push esi
add esp, FFFFFFF0
mov esi, eax
cmp byte ptr [esi+4B], 05
je 00424055
mov eax, esi
call [ebx+38]
mov dl, byte ptr [esi+4B]
mov ecx, edx
test cl, cl
je 0042403B
add cl, FD
sub cl, 02
jnb 00424044
|:00424031(C)
|
:0042403B 8B0C24
:0042403E 8B5C2408
:00424042 8919
|:00424039(C)
|
:00424044 80EA03
:00424047 730E
:00424049 8B542404
:0042404D 8B4C240C
:00424051 890A
:00424053 EB02

mov dword ptr [ecx], ebx
sub
jnb
mov
mov
mov
jmp
dl, 03
00424057
ecx, dword ptr [esp+0C]
00424057

|:00424006(C)
|
:00424055 B001
mov al, 01
|:00424047(C), :00424053(U)
|
:00424057 83C410
:0042405A 5E
:0042405B 5B
:0042405C C3
:0042405D 8D4000
add esp, 00000010

pop esi
pop ebx
ret
|:0042471B , :00424769
|
:00424060 53
:00424061 56
:00424062 57
:00424063 51
:00424064 890C24
:00424067 8BFA
:00424069 8BF0
:0042406B 8B0C24
:0042406E 8BD7
:00424070 8BC6
:00424072 8B18
:00424074 FF5334
:00424077 8BD8
:00424079 84DB
:0042407B 740C
:0042407D 8B0C24
:00424080 8BD7
:00424082 8BC6
:00424084 E837000000
push ebx
push esi
push edi
push ecx
mov edi, edx
mov esi, eax
mov edx, edi
mov eax, esi
call [ebx+34]
mov ebx, eax
test bl, bl
je 00424089
mov edx, edi
mov eax, esi
call 004240C0

|:0042407B(C)
|
:00424089 8BC3
mov eax, ebx
:0042408B 5A
pop edx
:0042408C 5F
pop edi
:0042408D 5E
pop esi
:0042408E 5B
pop ebx
:0042408F C3
ret

|:00429A41
|
:00424090 55
push ebp
:00424091 8BEC
mov ebp, esp
:00424093 53
push ebx
:00424094 6683B8AE00000000
cmp word ptr [eax+000000AE], 0000
:0042409C 741B
je 004240B9
:0042409E 51
push ecx
:0042409F 8B4D0C
:004240A2 51
push ecx
:004240A3 8B4D08
:004240A6 51
push ecx
:004240A7 8BCA
mov ecx, edx
:004240A9 8BD8
mov ebx, eax
:004240AB 8BD0
mov edx, eax
:004240AD 8B83B0000000
mov eax, dword ptr [ebx+000000B0]
:004240B3 FF93AC000000
call dword ptr [ebx+000000AC]
|:0042409C(C)
|
:004240B9 5B
pop ebx
:004240BA 5D
pop ebp
:004240BB C20800
ret 0008
:004240BE 8BC0
mov eax, eax

|:00424084
|
:004240C0 53
push ebx
:004240C1 56
push esi
:004240C2 57
push edi
:004240C3 83C4F0
add esp, FFFFFFF0
:004240C6 8BF9
mov edi, ecx
:004240C8 8BF2
mov esi, edx
:004240CA 8B5068
:004240CD 8B5214
:004240D0 85D2
test edx, edx
:004240D2 7605
jbe 004240D9
:004240D4 891424
:004240D7 EB05
jmp 004240DE
|:004240D2(C)
|
:004240D9 33D2
xor edx, edx
:004240DB 891424
|:004240D7(U)
|
:004240DE 8B5068
:004240E1 8B5210
:004240E4 85D2
:004240E6 7606
:004240E8 89542404
:004240EC EB06

test edx, edx
jbe 004240EE
jmp 004240F4

|:004240E6(C)
|
:004240EE 33D2
xor edx, edx
:004240F0 89542404
|:004240EC(U)
|
:004240F4 8B5068
:004240F7 8B520C
:004240FA 85D2
:004240FC 7606
:004240FE 89542408
:00424102 EB06

test edx, edx
jbe 00424104
jmp 0042410A

|:004240FC(C)
|
:00424104 33D2
xor edx, edx
:00424106 89542408
|:00424102(U)
|
:0042410A
:0042410D
:00424110
:00424112
:00424114
:00424118
8B5068
8B5208
85D2
7606
8954240C
EB06

test edx, edx
jbe 0042411A
jmp 00424120

|:00424112(C)
|
:0042411A 33D2
xor edx, edx
:0042411C 8954240C
|:00424118(U)
|
:00424120 8D542408
:00424124 52
:00424125 8D542410
:00424129 52
:0042412A 8D4C240C
:0042412E 8D542408
:00424132 8B18
:00424134 FF533C
:00424137 837C240800
:0042413C 7E10
:0042413E 8B06
:00424140 3B442408
:00424144 7E08
:00424146 8B442408
:0042414A 8906
:0042414C EB12
|:0042413C(C), :00424144(C)
|
:0042414E 833C2400
:00424152 7E0C
:00424154 8B06
:00424156 3B0424
:00424159 7D05
:0042415B 8B0424
:0042415E 8906

push edx
push edx
call [ebx+3C]
jle 0042414E
jle 0042414E
jmp 00424160
cmp
jle
mov
cmp
jge
mov
mov
dword ptr [esp], 00000000

00424160
00424160

|:0042414C(U), :00424152(C), :00424159(C)
|
:00424160 837C240C00
:00424165 7E10
jle 00424177
:00424167 8B07
:00424169 3B44240C
cmp eax, dword ptr [esp+0C]
:0042416D 7E08
jle 00424177
:0042416F 8B44240C
:00424173 8907
:00424175 EB15
jmp 0042418C
|:00424165(C), :0042416D(C)
|
:00424177 837C240400
:0042417C
:0042417E
:00424180
:00424184
:00424186
:0042418A
7E0E
8B07
3B442404
7D06
8B442404
8907
jle
mov
cmp
jge
mov
mov
0042418C
eax, dword ptr [edi]
0042418C
dword ptr [edi], eax

|:00424175(U), :0042417C(C), :00424184(C)
|
:0042418C 83C410
add esp, 00000010
:0042418F 5F
pop edi
:00424190 5E
pop esi
:00424191 5B
pop ebx
:00424192 C3
ret
:00424193 90
|:0041E4D5 , :00421B49
|:004227B0 , :004227C0
|:00422DC0 , :004230C4
|:0042318D , :0042319D
|:00423306 , :00423329
|:004233A7 , :00423897
|:00425560 , :00425CC6
|:00425F60 , :00425F70
|:0042603A , :00426449
|:004269C6 , :00426B17
|:004271CF , :004271E4
|:0042780A , :00427E56
|:004284D4 , :0042851C
|:004287D8 , :00428831
|:004288D5 , :0042890F
|:0042905E , :0042908D
|:00438D1C , :0043A8D2
|:0043AA16 , :0043C648
|:0043F37F , :0043F4D4
|:0043FE07 , :00440741
|
:00424194 55
:00424195 8BEC
:00424197 83C4F0
:0042419A 53
:0042419B 8955F0
:0042419E 894DF4
:004241A1 8B5508
:004241A4 8955F8
:004241A7 33D2
:004241A9 8955FC
:004241AC 85C0
:004241AE 740B
:004241B0 8D55F0
:004241B3 8BD8
:004241B5 8B432C
:004241B8 FF5328
nop
Addresses:
, :00422546
, :004227D0
, :004230E9
, :0042324D
, :00423345
, :00424A0B
, :00425F1D
, :00425F91
, :0042668E
, :00426C7F
, :004271F5
, :00427EC9
, :00428749
, :0042885E
, :00428D7D
, :00429181
, :0043A8EF
, :0043C8D6
, :0043F788
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:00422790
:00422934
:004230F9
:00423289
:0042336B
:00424C01
:00425F40
:00425FC5
:00426797
:00426EEA
:00427205
:004280A3
:004287A7
:0042887B
:00428DA8
:004379CD
:0043A981
:0043E669
:0043FBF8
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:004227A0
:00422DA1
:00423106
:004232DF
:0042338B
:00424C19
:00425F50
:00425FE5
:00426929
:004270E0
:00427729
:00428154
:004287BB
:004288B8
:00429037
:0043882F
:0043A9AD
:0043F358
:0043FDEB
push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
xor edx, edx
test eax, eax
je 004241BB
mov ebx, eax
call [ebx+28]

|:004241AE(C)
|
:004241BB
:004241BE
:004241BF
:004241C1
:004241C2
8B45FC
5B
8BE5
5D
C20400
:004241C5 8D4000
mov
pop
mov
pop
ret

ebx
esp, ebp
ebp
0004

|:0042383F , :00423E01 , :00424AB6
|
:004241C8 53
push ebx
:004241C9 8BD8
mov ebx, eax
:004241CB 8BC3
mov eax, ebx
:004241CD 8B10
:004241CF FF5254
call [edx+54]
:004241D2 84C0
test al, al
:004241D4 7414
je 004241EA
:004241D6 8B433C
:004241D9 898394000000
:004241DF 8B4338
:004241E2 898390000000
:004241E8 5B
pop ebx
:004241E9 C3
ret
|:004241D4(C)
|
:004241EA 83BB8C00000000
:004241F1 7443
:004241F3 80BB8800000002
:004241FA 740E
:004241FC 8B838C000000
:00424202 8A404B
:00424205 48
:00424206 2C02
:00424208 730B
|:004241FA(C)
|
:0042420A 8B433C
:0042420D 89839C000000
:00424213 EB21
|:00424208(C)
|
:00424215 80BB8800000001
:0042421C 740F
:0042421E 8B838C000000
:00424224 8A404B
:00424227 04FD
:00424229 2C02
:0042422B 7309

je 00424236
je 0042420A
mov al, byte ptr [eax+4B]
dec eax
sub al, 02
jnb 00424215

jmp 00424236

je 0042422D
add al, FD
sub al, 02
jnb 00424236

|:0042421C(C)
|
:0042422D 8B4338
:00424230 898398000000
|:004241F1(C), :00424213(U), :0042422B(C)
|
:00424236 5B
pop ebx
:00424237 C3
ret

|:00422B2F , :0042A458
|
:00424238 53
push ebx
:00424239 56
push esi
:0042423A 57
push edi
:0042423B 8BDA
mov ebx, edx
:0042423D 8BF0
mov esi, eax
:0042423F 8B4B0C
:00424242 2B4B04
sub ecx, dword ptr [ebx+04]
:00424245 8B5308
:00424248 2B13
sub edx, dword ptr [ebx]
:0042424A 8BC6
mov eax, esi
:0042424C 8B38
:0042424E FF5730
call [edi+30]
:00424251 8B03
:00424253 894630
:00424256 8B4304
:00424259 894634
:0042425C 8B4308
:0042425F 2B03
sub eax, dword ptr [ebx]
:00424261 894638
:00424264 8B430C
:00424267 2B4304
sub eax, dword ptr [ebx+04]
:0042426A 89463C
:0042426D 5F
pop edi
:0042426E 5E
pop esi
:0042426F 5B
pop ebx
:00424270 C3
ret
:00424271 8D4000
:00424274 C3

ret
:00424275 8D4000

|:00426A63 , :00426B82
|
:00424278 53
push ebx
:00424279 56
push esi
:0042427A 57
push edi
:0042427B 8BF2
mov esi, edx
:0042427D 8BD8
mov ebx, eax
:0042427F F6432010
test [ebx+20], 10
:00424283
:00424285
:00424287
:0042428C
:0042428E
:00424290
:00424296
:0042429D
:004242A3
:004242A5
:004242AB
:004242AD
:004242AF
:004242B2
:004242B4
:004242BA
743A
8BC3
E884290100
8BF8
85FF
0F84ED000000
83BF3002000000
0F84E0000000
8BCE
8B8730020000
8BD3
8B38
FF5724
84C0
0F85D2000000
E9C4000000
je 004242BF
mov eax, ebx
call 00436C10
mov edi, eax
test edi, edi
je 00424383
cmp dword ptr [edi+00000230], 00000000
je 00424383
mov ecx, esi
mov edx, ebx
call [edi+24]
test al, al
jne 0042438C
jmp 00424383
|:00424283(C)
|
:004242BF 8B06
:004242C1 3D00010000
:004242C6 7233
:004242C8 3D08010000
:004242CD 772C
:004242CF 8BC3
:004242D1 E83A290100
:004242D6 8BF8
:004242D8 85FF
:004242DA 0F84A3000000
:004242E0 8BCE
:004242E2 8BD3
:004242E4 8BC7
:004242E6 8B38
:004242E8 FF97D0000000
:004242EE 84C0
:004242F0 0F8596000000
:004242F6 E988000000
|:004242C6(C), :004242CD(C)
|
:004242FB 8B06
:004242FD 3D00020000
:00424302 7268
:00424304 3D0A020000
:00424309 7761
:0042430B F6434080
:0042430F 7514
:00424311 2D03020000
:00424316 740A
:00424318 83E803
:0042431B 7405
:0042431D 83E803
:00424320 7503

cmp eax, 00000100
jb 004242FB
cmp eax, 00000108
ja 004242FB
mov eax, ebx
call 00436C10
mov edi, eax
test edi, edi
je 00424383
mov ecx, esi
mov edx, ebx
mov eax, edi
call dword ptr [edi+000000D0]
test al, al
jne 0042438C
jmp 00424383

cmp eax, 00000200
jb 0042436C
cmp eax, 0000020A
ja 0042436C
test [ebx+40], 80
jne 00424325
sub eax, 00000203
je 00424322
sub eax, 00000003
je 00424322
sub eax, 00000003
jne 00424325

|:00424316(C), :0042431B(C)
|
:00424322 832E02
sub dword ptr [esi], 00000002
|:0042430F(C), :00424320(C)
|
:00424325 8B06
:00424327 2D00020000
:0042432C 740B
:0042432E 48
:0042432F 741A
:00424331 48
:00424332 7431
:00424334 48
:00424335 7414
:00424337 EB4A
|:0042432C(C)
|
:00424339 8BCE
:0042433B A1302C4400
:00424340 8B00
:00424342 8BD3
:00424344 E88BB30100
:00424349 EB38
|:0042432F(C), :00424335(C)
|
:0042434B 807B4D01
:0042434F 750D
:00424351 8BC3
:00424353 66BBEEFF
:00424357 E898EAFDFF
:0042435C EB2E

sub eax, 00000200
je 00424339
dec eax
je 0042434B
dec eax
je 00424365
dec eax
je 0042434B
jmp 00424383
mov ecx, esi

mov edx, ebx
call 0043F6D4
jmp 00424383
cmp byte ptr [ebx+4D], 01

jne 0042435E
mov eax, ebx
mov bx, FFEE
call 00402DF4
jmp 0042438C

|:0042434F(C)
|
:0042435E 66834B4401
:00424363 EB1E
jmp 00424383
|:00424332(C)
|
:00424365 66836344FE
and word ptr [ebx+44], FFFE
:0042436A EB17
jmp 00424383
|:00424302(C), :00424309(C)
|
:0042436C 3D0BB00000
:00424371 7510
:00424373 8B5608
:00424376 52
:00424377 8B4E04
:0042437A 8BD0
:0042437C 8BC3
:0042437E E8CDE9FFFF

cmp eax, 0000B00B
jne 00424383
push edx
mov edx, eax
mov eax, ebx
call 00422D50
|:00424290(C), :0042429D(C), :004242BA(U), :004242DA(C), :004242F6(U)

|:00424337(U), :00424349(U), :00424363(U), :0042436A(U), :00424371(C)
|
:00424383 8BD6
mov edx, esi
:00424385 8BC3
mov eax, ebx
:00424387 8B08
:00424389 FF51EC
call [ecx-14]
|:004242B4(C), :004242F0(C), :0042435C(U)
|
:0042438C 5F
pop edi
:0042438D 5E
pop esi
:0042438E 5B
pop ebx
:0042438F C3
ret

|:00426C51
|
:00424390 53
push ebx
:00424391 56
push esi
:00424392 57
push edi
:00424393 8BDA
mov ebx, edx
:00424395 8BF0
mov esi, eax
:00424397 8B03
:00424399 83E80C
sub eax, 0000000C
:0042439C 744A
je 004243E8
:0042439E 48
dec eax
:0042439F 7405
je 004243A6
:004243A1 48
dec eax
:004243A2 742A
je 004243CE
:004243A4 EB67
jmp 0042440D
|:0042439F(C)
|
:004243A6 8B4654
:004243A9 85C0
test eax, eax
:004243AB 7404
je 004243B1
:004243AD 8BF8
mov edi, eax
:004243AF EB05
jmp 004243B6
|:004243AB(C)
|
:004243B1 BF14444200
mov edi, 00424414
|:004243AF(U)
|
:004243B6 8B4B04
:004243B9 49
:004243BA 8B4308
:004243BD 8BD7
:004243BF E8B435FEFF
:004243C4 E8F334FEFF
:004243C9 89430C
:004243CC EB3F

dec ecx
mov edx, edi
call 00407978
call 004078BC
jmp 0042440D

|:004243A2(C)
|
:004243CE 8B7E54
:004243D1 85FF
test edi, edi
:004243D3 7507
jne 004243DC
:004243D5 33C0
xor eax, eax
:004243D7 89430C
:004243DA EB31
jmp 0042440D
|:004243D3(C)
|
:004243DC 8BC7
:004243DE E8D934FEFF
:004243E3 89430C
:004243E6 EB25
|:0042439C(C)
|
:004243E8 8B4308
:004243EB E80037FEFF
:004243F0 8BF8
:004243F2 8B4654
:004243F5 E82237FEFF
:004243FA 897E54
:004243FD 8B4308
:00424400 50
:00424401 8B4B04
:00424404 8B13
:00424406 8BC6
:00424408 E843E9FFFF
mov eax, edi

call 004078BC
jmp 0042440D

call 00407AF0
mov edi, eax
call 00407B1C
push eax
mov eax, esi
call 00422D50

|:004243A4(U), :004243CC(U), :004243DA(U), :004243E6(U)
|
:0042440D 5F
pop edi
:0042440E 5E
pop esi
:0042440F 5B
pop ebx
:00424410 C3
ret
:00424411 00000000000000
BYTE 7 DUP(0)
:00424418
:00424419
:0042441A
:0042441C
:0042441E
:00424420
:00424425
:00424428
:00424429
:0042442A
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 0040F838
mov byte ptr [ebx+4E], al
pop esi
pop ebx
ret
53
56
8BF2
8BD8
8BC6
E813B4FEFF
88434E
5E
5B
C3
:0042442B 90
nop
:0042442C
:0042442F
:00424430
:00424435
8A404E
92
E867CFFEFF
C3
:00424436 8BC0
mov al, byte ptr [eax+4E]

xchg eax,edx
call 0041139C
ret
mov eax, eax

|:00424488
|
:00424438 55
push ebp
:00424439 8BEC
mov ebp, esp
:0042443B 8B4508
:0042443E 8B40FC
:00424441 8B401C
:00424444 85C0
test eax, eax
:00424446 7414
je 0042445C
:00424448 8B5508
:0042444B 8A404E
:0042444E 8B5508
:00424451 8B52F8
:00424454 3A424E
cmp al, byte ptr [edx+4E]
:00424457 0F95C0
setne al
:0042445A 5D
pop ebp
:0042445B C3
ret

|:00424446(C)
|
:0042445C 8B4508
:0042445F 8B40F8
:00424462 8A404E
:00424465 5D
pop ebp
:00424466 C3
ret
:00424467 90
nop

|:00438867
|
:00424468 55
push ebp
:00424469 8BEC
mov ebp, esp
:0042446B 83C4F8
add esp, FFFFFFF8
:0042446E 53
push ebx
:0042446F 8955FC
:00424472 8945F8
:00424475 8B45F8
:00424478 50
push eax
:00424479 6818444200
push 00424418
:0042447E 8B45F8
:00424481 50
push eax
:00424482 682C444200
push 0042442C
:00424487 55
push ebp
:00424488 E8ABFFFFFF
call 00424438
:0042448D 59
pop ecx
:0042448E 8BC8
mov ecx, eax
* Possible StringData Ref from Code Obj ->"IsControl"

|
:00424490 BAAC444200
mov edx, 004244AC
:00424495 8B45FC
:00424498 8B18
:0042449A FF13
:0042449C 5B
pop ebx
:0042449D 59
pop ecx
:0042449E 59
pop ecx
:0042449F 5D
pop ebp
:004244A0 C3
ret
:004244A1 000000
BYTE 3 DUP(0)
:004244A4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004244A8
:004244AA
:004244AC
:004244AD
:004244AF
:004244B0
:004244B1
:004244B3
:004244B4
:004244B5

dec ecx
jnb 004244F2
outsd
outsb
je 00424525
outsd
insb
BYTE 3 DUP(0)
0900
0000
49
7343
6F
6E
7472
6F
6C
000000

|:0041E448
|
:004244B8 53
push ebx
:004244B9 8BD8
mov ebx, eax
:004244BB 6683BB0601000000
cmp word ptr [ebx+00000106], 0000
:004244C3 742D
je 004244F2
:004244C5 8BC3
mov eax, ebx
:004244C7 E8A4E1FFFF
call 00422670
:004244CC 85C0
test eax, eax
:004244CE 7422
je 004244F2
:004244D0 8BC3
mov eax, ebx
:004244D2 E899E1FFFF
call 00422670
:004244D7 8B402C
:004244DA 3B8304010000
:004244E0 7410
je 004244F2
:004244E2 8BD3
mov edx, ebx
:004244E4 8B8308010000
:004244EA FF9304010000
:004244F0 5B
pop ebx
:004244F1 C3
ret

|:004244AD(C), :004244C3(C), :004244CE(C), :004244E0(C)
|
:004244F2
:004244F6
:004244F8
:004244FC
:004244FE
:00424501
:00424505
:0042450A
F6432010
7514
837B5C00
740E
8B435C
66BBFFFF
E8EAE8FDFF
EB18
|:004244F6(C), :004244FC(C)
|
:0042450C 6683BB0601000000
:00424514 740E
:00424516 8BD3
:00424518 8B8308010000
:0042451E FF9304010000
test [ebx+20], 10
jne 0042450C
je 0042450C
mov bx, FFFF
call 00402DF4
jmp 00424524
cmp word ptr [ebx+00000106], 0000
je 00424524
mov edx, ebx

|:0042450A(U), :00424514(C)
|
:00424524 5B
pop ebx
|:004244B1(C)
|
:00424525 C3
:00424526 8BC0
:00424528 53
:00424529 6683B80E01000000
:00424531 7410
:00424533 8BD8
:00424535 8BD0
:00424537 8B8310010000
:0042453D FF930C010000

ret
mov eax, eax
push ebx
je 00424543
mov ebx, eax
mov edx, eax
call dword ptr [ebx+0000010C]

|:00424531(C)
|
:00424543 5B
pop ebx
:00424544 C3
ret
:00424545
:00424548
:00424549
:0042454B
:0042454C
:0042454D
:00424550
:00424558
:0042455A
:0042455D
:0042455E
:00424561
:00424562
:00424565
:00424566
:00424568
:0042456A
8D4000
55
8BEC
51
53
884DFF
6683B8B600000000
741E
8A4DFF
51
8B4D0C
51
8B4D08
51
8BD8
8BCA
8BD0

push ebp
mov ebp, esp
push ecx
push ebx
cmp word ptr [eax+000000B6], 0000
je 00424578
push ecx
push ecx
push ecx
mov ebx, eax
mov ecx, edx
mov edx, eax
:0042456C 8B83B8000000
:00424572 FF93B4000000

call dword ptr [ebx+000000B4]

|:00424558(C)
|
:00424578 5B
pop ebx
:00424579 59
pop ecx
:0042457A 5D
pop ebp
:0042457B C20800
ret 0008
:0042457E 8BC0
mov eax, eax

|:00424602 , :00424671 , :004247AF , :004247D7 , :004247FF
|:00424827
|
:00424580 55
push ebp
:00424581 8BEC
mov ebp, esp
:00424583 51
push ecx
:00424584 53
push ebx
:00424585 56
push esi
:00424586 57
push edi
:00424587 884DFF
:0042458A 8BFA
mov edi, edx
:0042458C 8BF0
mov esi, eax
:0042458E F6464110
test [esi+41], 10
:00424592 7526
jne 004245BA
:00424594 0FBF4708
movsx eax, word ptr [edi+08]
:00424598 50
push eax
:00424599 0FBF470A
movsx eax, word ptr [edi+0A]
:0042459D 50
push eax
:0042459E 668B4704
mov ax, word ptr [edi+04]
:004245A2 E8ED240100
call 00436A94
:004245A7 8BC8
mov ecx, eax
:004245A9 0A4D08
or cl, byte ptr [ebp+08]
:004245AC 8A55FF
:004245AF 8BC6
mov eax, esi
:004245B1 66BBDBFF
mov bx, FFDB
:004245B5 E83AE8FDFF
call 00402DF4
|:00424592(C)
|
:004245BA 5F
pop edi
:004245BB 5E
pop esi
:004245BC 5B
pop ebx
:004245BD 59
pop ecx
:004245BE 5D
pop ebp
:004245BF C20400
ret 0004
:004245C2
:004245C4
:004245C5
:004245C6
:004245C8
:004245CA
:004245CC
8BC0
53
56
8BF2
8BD8
8BD3
8BC3
mov eax,
push ebx
push esi
mov esi,
mov ebx,
mov edx,
mov eax,
eax
edx
eax
ebx
ebx
:004245CE
:004245D3
:004245D5
:004245D7
:004245D9
:004245DC
:004245E0
:004245E2
:004245E4
:004245E6
E84DE7FFFF
8BD6
8BC3
8B08
FF51F0
F6434002
7409
B201
8BC3
E8D5EDFFFF
call 00422D20
mov edx, esi
mov eax, ebx
call [ecx-10]
test [ebx+40], 02
je 004245EB
mov dl, 01
mov eax, ebx
call 004233C0
|:004245E0(C)
|
:004245EB F6434008
:004245EF 7405
:004245F1 66834B4402
|:004245EF(C)
|
:004245F6 A00C464200
:004245FB 50
:004245FC 8BD6
:004245FE 33C9
:00424600 8BC3
:00424602 E879FFFFFF
:00424607 5E
:00424608 5B
:00424609 C3
:0042460A 000000000000
BYTE 6 DUP(0)
test [ebx+40], 08
je 004245F6

push eax
mov edx, esi
xor ecx, ecx
mov eax, ebx
call 00424580
pop esi
pop ebx
ret

|:0043B004
|
:00424610 53
push ebx
:00424611 56
push esi
:00424612 8BF2
mov esi, edx
:00424614 8BD8
mov ebx, eax
:00424616 8BD3
mov edx, ebx
:00424618 8BC3
mov eax, ebx
:0042461A E801E7FFFF
call 00422D20
:0042461F 8BD6
mov edx, esi
:00424621 8BC3
mov eax, ebx
:00424623 8B08
:00424625 FF51F0
call [ecx-10]
:00424628 5E
pop esi
:00424629 5B
pop ebx
:0042462A C3
ret
:0042462B
:0042462C
:0042462D
:0042462E
:0042462F
90
53
56
57
8BFA
nop
push ebx
push esi
push edi
mov edi, edx
:00424631
:00424633
:00424635
:00424637
:0042463C
:0042463E
:00424640
:00424642
:00424645
:00424649
:0042464B
:0042464D
:0042464F
8BF0
8BD6
8BC6
E8E4E6FFFF
8BD7
8BC6
8B08
FF51F0
F6464002
7409
B201
8BC6
E86CEDFFFF
mov esi, eax

mov edx, esi
mov eax, esi
call 00422D20
mov edx, edi
mov eax, esi
call [ecx-10]
test [esi+40], 02
je 00424654
mov dl, 01
mov eax, esi
call 004233C0
|:00424649(C)
|
:00424654 F6464008
:00424658 740B
:0042465A 8BC6
:0042465C 66BBEBFF
:00424660 E88FE7FDFF
|:00424658(C)
|
:00424665 A07C464200
:0042466A 50
:0042466B 8BD7
:0042466D 33C9
:0042466F 8BC6
:00424671 E80AFFFFFF
:00424676 5F
:00424677 5E
:00424678 5B
:00424679 C3
:0042467A 0000
BYTE 2 DUP(0)
:0042467C 40
:0042467D 000000
inc eax
BYTE 3 DUP(0)
:00424680 8B4070
:00424683 C3

ret
test [esi+40], 08
je 00424665
mov eax, esi
mov bx, FFEB
call 00402DF4

push eax
mov edx, edi
xor ecx, ecx
mov eax, esi
call 00424580
pop edi
pop esi
pop ebx
ret

|:004249B1 , :00427D09
|
:00424684 53
push ebx
:00424685 56
push esi
:00424686 57
push edi
:00424687 83C4EC
add esp, FFFFFFEC
:0042468A 891424
:0042468D 8BF8
mov edi, eax
:0042468F F6472010
test [edi+20], 10
:00424693
:00424695
:00424697
:00424699
755C
8BF7
85F6
7456
|:004246EF(C)
|
:0042469B 8BC6
:0042469D 66BBDCFF
:004246A1 E84EE7FDFF
:004246A6 8BD8
:004246A8 85DB
:004246AA 743E
:004246AC 807B5100
:004246B0 743F
:004246B2 33D2
:004246B4 8BC7
:004246B6 E865E6FFFF
:004246BB 897354
:004246BE 8D54240C
:004246C2 8B0424
:004246C5 E83A1EFEFF
:004246CA 8D54240C
:004246CE 8D4C2404
:004246D2 8BC7
:004246D4 E8EFE5FFFF
:004246D9 8B4C2408
:004246DD 8B542404
:004246E1 8BC3
:004246E3 8B18
:004246E5 FF533C
:004246E8 EB07
jne 004246F1
mov esi, edi
test esi, esi
je 004246F1
mov eax, esi
mov bx, FFDC
call 00402DF4
mov ebx, eax
test ebx, ebx
je 004246EA
je 004246F1
xor edx, edx
mov eax, edi
call 00422D20
call 00406504
mov eax, edi
call 00422CC8
mov eax, ebx
call [ebx+3C]
jmp 004246F1

|:004246AA(C)
|
:004246EA 8B7624
mov esi, dword ptr [esi+24]
:004246ED 85F6
test esi, esi
:004246EF 75AA
jne 0042469B
|:00424693(C), :00424699(C), :004246B0(C), :004246E8(U)
|
:004246F1 83C414
add esp, 00000014
:004246F4 5F
pop edi
:004246F5 5E
pop esi
:004246F6 5B
pop ebx
:004246F7 C3
ret

|:004228CE , :00427412
|
:004246F8 53
push ebx
:004246F9 56
push esi
:004246FA 57
push edi
:004246FB 55
push ebp
:004246FC 83C4F0
add esp, FFFFFFF0
:004246FF
:00424701
:00424703
:00424705
:00424707
:00424709
:0042470C
:0042470F
:00424713
:00424717
:00424719
:0042471B
:00424720
:00424722
:00424724
:00424727
:0042472B
:0042472F
:00424733
:00424737
:00424739
:0042473D
:00424741
:00424743
:00424748
:0042474A
:0042474C
:00424750
:00424753
:00424755
:00424759
:0042475D
8BE9
8BFA
8BF0
33DB
8B07
890424
8B4500
89442404
8D4C2404
8BD4
8BC6
E840F9FFFF
84C0
7465
8B0424
89442408
8B442404
8944240C
807E4C00
743D
8D4C240C
8D542408
8BC6
E8ACF8FFFF
84C0
7413
8B442408
3B0424
750A
8B44240C
3B442404
7417
|:0042474A(C), :00424753(C)
|
:0042475F 8D4C240C
:00424763 8D542408
:00424767 8BC6
:00424769 E8F2F8FFFF
:0042476E 84C0
:00424770 7504
:00424772 33DB
:00424774 EB02
mov ebp, ecx

mov edi, edx
mov esi, eax
xor ebx, ebx
mov edx, esp
mov eax, esi
call 00424060
test al, al
je 00424789
je 00424776
mov eax, esi
call 00423FF4
test al, al
je 0042475F
jne 0042475F
je 00424776
mov eax, esi
call 00424060
test al, al
jne 00424776
xor ebx, ebx
jmp 00424778

|:00424737(C), :0042475D(C), :00424770(C)
|
:00424776 B301
mov bl, 01
|:00424774(U)
|
:00424778 84DB
:0042477A 740D
:0042477C 8B442408
:00424780 8907
:00424782 8B44240C
:00424786 894500

test bl, bl
je 00424789
|:00424722(C), :0042477A(C)
|
:00424789 8BC3
:0042478B 83C410
:0042478E 5D
:0042478F 5F
:00424790 5E
:00424791 5B
:00424792 C3
:00424793
:00424794
:00424795
:00424796
:00424798
:0042479A
:0042479C
:0042479E
:004247A0
:004247A3
:004247A8
:004247A9
:004247AB
:004247AD
:004247AF
:004247B4
:004247B5
:004247B6
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call [ecx-10]
push eax
mov edx, esi
mov cl, 01
mov eax, ebx
call 00424580
pop esi
pop ebx
ret
90
53
56
8BF2
8BD8
8BD6
8BC3
8B08
FF51F0
A0B8474200
50
8BD6
B101
8BC3
E8CCFDFFFF
5E
5B
C3
mov
add
pop
pop
pop
pop
ret
eax, ebx
esp, 00000010
ebp
edi
esi
ebx
:004247B7 0000000000
BYTE 5 DUP(0)
:004247BC
:004247BD
:004247BE
:004247C0
:004247C2
:004247C4
:004247C6
:004247C8
:004247CB
:004247D0
:004247D1
:004247D3
:004247D5
:004247D7
:004247DC
:004247DD
:004247DE
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call [ecx-10]
mov al, byte ptr [004247E0]
push eax
mov edx, esi
mov cl, 01
mov eax, ebx
call 00424580
pop esi
pop ebx
ret
53
56
8BF2
8BD8
8BD6
8BC3
8B08
FF51F0
A0E0474200
50
8BD6
B101
8BC3
E8A4FDFFFF
5E
5B
C3
:004247DF 00
BYTE 0
:004247E0 40
:004247E1 000000
inc eax
BYTE 3 DUP(0)
:004247E4
:004247E5
:004247E6
:004247E8
:004247EA
:004247EC
:004247EE
:004247F0
:004247F3
:004247F8
:004247F9
:004247FB
:004247FD
:004247FF
:00424804
:00424805
:00424806
53
56
8BF2
8BD8
8BD6
8BC3
8B08
FF51F0
A008484200
50
8BD6
B102
8BC3
E87CFDFFFF
5E
5B
C3
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call [ecx-10]
push eax
mov edx, esi
mov cl, 02
mov eax, ebx
call 00424580
pop esi
pop ebx
ret
:00424807 0000000000
BYTE 5 DUP(0)
:0042480C
:0042480D
:0042480E
:00424810
:00424812
:00424814
:00424816
:00424818
:0042481B
:00424820
:00424821
:00424823
:00424825
:00424827
:0042482C
:0042482D
:0042482E
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call [ecx-10]
push eax
mov edx, esi
mov cl, 02
mov eax, ebx
call 00424580
pop esi
pop ebx
ret
53
56
8BF2
8BD8
8BD6
8BC3
8B08
FF51F0
A030484200
50
8BD6
B102
8BC3
E854FDFFFF
5E
5B
C3
:0042482F 00
BYTE 0
:00424830 40
:00424831 000000
inc eax
BYTE 3 DUP(0)
:00424834
:00424835
:00424837
:00424838
:00424839
:0042483C
:00424844
:00424846
:00424847
:0042484A
:0042484B
push ebp
mov ebp, esp
push ecx
push ebx
cmp word ptr [eax+000000BE], 0000
je 0042485E
push ecx
push edx
mov ebx, eax
55
8BEC
51
53
8855FF
6683B8BE00000000
7418
51
8B5508
52
8BD8
:0042484D
:0042484F
:00424852
:00424858
8BD0
8A4DFF
8B83C0000000
FF93BC000000
mov edx, eax

mov eax, dword ptr [ebx+000000C0]
call dword ptr [ebx+000000BC]

|:00424844(C)
|
:0042485E 5B
pop ebx
:0042485F 59
pop ecx
:00424860 5D
pop ebp
:00424861 C20400
ret 0004
:00424864
:00424865
:00424866
:00424867
:00424869
:0042486B
:0042486D
:0042486F
:00424871
:00424874
:00424878
:0042487A
:0042487E
:0042487F
:00424883
:00424888
:0042488A
:0042488E
:00424890
:00424894
53
56
57
8BFA
8BF0
8BD7
8BC6
8B08
FF51F0
F6464110
751F
0FBF470A
50
668B4704
E80C220100
8BD0
0FBF4F08
8BC6
66BBDAFF
E85BE5FDFF
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov edx, edi
mov eax, esi
call [ecx-10]
test [esi+41], 10
jne 00424899
push eax
call 00436A94
mov edx, eax
movsx ecx, word ptr [edi+08]
mov eax, esi
mov bx, FFDA
call 00402DF4

|:00424878(C)
|
:00424899 5F
pop edi
:0042489A 5E
pop esi
:0042489B 5B
pop ebx
:0042489C C3
ret
:0042489D
:004248A0
:004248A1
:004248A3
:004248A4
:004248A5
:004248A8
:004248B0
:004248B2
:004248B5
:004248B6
:004248B9
:004248BA
:004248BD
:004248BE
:004248C0
8D4000
55
8BEC
51
53
884DFF
6683B8C600000000
741E
8A4DFF
51
8B4D0C
51
8B4D08
51
8BD8
8BCA

push ebp
mov ebp, esp
push ecx
push ebx
cmp word ptr [eax+000000C6], 0000
je 004248D0
push ecx
push ecx
push ecx
mov ebx, eax
mov ecx, edx
:004248C2 8BD0
:004248C4 8B83C8000000
:004248CA FF93C4000000
mov edx, eax

call dword ptr [ebx+000000C4]

|:004248B0(C)
|
:004248D0 5B
pop ebx
:004248D1 59
pop ecx
:004248D2 5D
pop ebp
:004248D3 C20800
ret 0008
:004248D6 8BC0
mov eax, eax

|:0042497D , :004249A1 , :004249D1
|
:004248D8 53
push ebx
:004248D9 56
push esi
:004248DA 57
push edi
:004248DB 51
push ecx
:004248DC 880C24
mov byte ptr [esp], cl
:004248DF 8BFA
mov edi, edx
:004248E1 8BF0
mov esi, eax
:004248E3 F6464110
test [esi+41], 10
:004248E7 7524
jne 0042490D
:004248E9 0FBF4708
:004248ED 50
push eax
:004248EE 0FBF470A
:004248F2 50
push eax
:004248F3 668B4704
:004248F7 E898210100
call 00436A94
:004248FC 8BC8
mov ecx, eax
:004248FE 8A542408
mov dl, byte ptr [esp+08]
:00424902 8BC6
mov eax, esi
:00424904 66BBD9FF
mov bx, FFD9
:00424908 E8E7E4FDFF
call 00402DF4
|:004248E7(C)
|
:0042490D 5A
pop edx
:0042490E 5F
pop edi
:0042490F 5E
pop esi
:00424910 5B
pop ebx
:00424911 C3
ret
:00424912
:00424914
:00424915
:00424916
:00424917
:0042491A
:0042491C
:0042491E
:00424920
:00424922
:00424924
8BC0
53
56
57
83C4E8
8BFA
8BF0
8BD7
8BC6
8B08
FF51F0
mov eax, eax

push ebx
push esi
push edi
add esp, FFFFFFE8
mov edi, edx
mov esi, eax
mov edx, edi
mov eax, esi
call [ecx-10]
:00424927
:0042492B
:0042492D
:0042492F
:00424931
F6464002
7409
33D2
8BC6
E88AEAFFFF
|:0042492B(C)
|
:00424936 F6464402
:0042493A 743B
:0042493C 66836644FD
:00424941 8BD4
:00424943 8B4708
:00424946 E8B91BFEFF
:0042494B FF742404
:0042494F FF742404
:00424953 8D542410
:00424957 8BC6
:00424959 8B08
:0042495B FF5144
:0042495E 8D442410
:00424962 50
test [esi+40], 02
je 00424936
xor edx, edx
mov eax, esi
call 004233C0
test [esi+44], 02
je 00424977
and word ptr [esi+44], FFFD
mov edx, esp
call 00406504
push [esp+04]
push [esp+04]
mov eax, esi
call [ecx+44]
push eax

|
:00424963 E8D019FEFF
Call 00406338
:00424968 85C0
test eax, eax
:0042496A 740B
je 00424977
:0042496C 8BC6
mov eax, esi
:0042496E 66BBECFF
mov bx, FFEC
:00424972 E87DE4FDFF
call 00402DF4
|:0042493A(C), :0042496A(C)
|
:00424977 8BD7
:00424979 33C9
:0042497B 8BC6
:0042497D E856FFFFFF
:00424982 83C418
:00424985 5F
:00424986 5E
:00424987 5B
:00424988 C3
:00424989
:0042498C
:0042498D
:0042498E
:00424990
:00424992
:00424994
:00424996
:00424998
:0042499B
:0042499D
:0042499F
:004249A1

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call [ecx-10]
mov edx, esi
mov cl, 01
mov eax, ebx
call 004248D8
8D4000
53
56
8BF2
8BD8
8BD6
8BC3
8B08
FF51F0
8BD6
B101
8BC3
E832FFFFFF
mov edx, edi

xor ecx, ecx
mov eax, esi
call 004248D8
add esp, 00000018
pop edi
pop esi
pop ebx
ret
:004249A6
:004249AA
:004249AC
:004249AF
:004249B1
837E0C00
750A
8B5608
8BC3
E8CEFCFFFF

jne 004249B6
mov eax, ebx
call 00424684

|:004249AA(C)
|
:004249B6 5E
pop esi
:004249B7 5B
pop ebx
:004249B8 C3
ret
:004249B9
:004249BC
:004249BD
:004249BE
:004249C0
:004249C2
:004249C4
:004249C6
:004249C8
:004249CB
:004249CD
:004249CF
:004249D1
:004249D6
:004249D7
:004249D8
8D4000
53
56
8BF2
8BD8
8BD6
8BC3
8B08
FF51F0
8BD6
B102
8BC3
E802FFFFFF
5E
5B
C3

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call [ecx-10]
mov edx, esi
mov cl, 02
mov eax, ebx
call 004248D8
pop esi
pop ebx
ret
:004249D9
:004249DC
:004249DD
:004249DF
:004249E1
:004249E3
:004249E6
:004249E8
:004249ED
:004249EF
:004249F1
:004249F3
:004249F5
:004249FA
:004249FE
:00424A00
:00424A02
:00424A04
:00424A09
:00424A0B
:00424A10
:00424A11
8D4000
56
8BF0
8BC6
8B08
FF51F0
8BC6
E8C3E9FFFF
84C0
7421
33D2
8BC6
E8C6E9FFFF
F6464401
7417
6AFF
33C9
BA02020000
8BC6
E884F7FFFF
5E
C3

push esi
mov esi, eax
mov eax, esi
call [ecx-10]
mov eax, esi
call 004233B0
test al, al
je 00424A12
xor edx, edx
mov eax, esi
call 004233C0
test [esi+44], 01
je 00424A17
push FFFFFFFF
xor ecx, ecx
mov edx, 00000202
mov eax, esi
call 00424194
pop esi
ret

|:004249EF(C)
|
:00424A12 66836644FE
and word ptr [esi+44], FFFE

|:004249FE(C)
|
:00424A17 5E
pop esi
:00424A18 C3
ret
:00424A19 8D4000

|:004273BE
|
:00424A1C 53
push ebx
:00424A1D 56
push esi
:00424A1E 8BF2
mov esi, edx
:00424A20 8BD8
mov ebx, eax
:00424A22 8BD6
mov edx, esi
:00424A24 8BC3
mov eax, ebx
:00424A26 8B08
:00424A28 FF51F0
call [ecx-10]
:00424A2B A0C04A4200
mov al, byte ptr [00424AC0]
:00424A30 224320
:00424A33 8A15C44A4200
mov dl, byte ptr [00424AC4]
:00424A39 3AD0
cmp dl, al
:00424A3B 757E
jne 00424ABB
:00424A3D 8B4368
:00424A40 8B500C
:00424A43 85D2
test edx, edx
:00424A45 760D
jbe 00424A54
:00424A47 3B5338
:00424A4A 7D08
jge 00424A54
:00424A4C 8B5338
:00424A4F 89500C
:00424A52 EB12
jmp 00424A66
|:00424A45(C), :00424A4A(C)
|
:00424A54 8B5014
:00424A57 85D2
:00424A59 760B
:00424A5B 3B5338
:00424A5E 7E06
:00424A60 8B5338
:00424A63 895014

test edx, edx
jbe 00424A66
jle 00424A66

|:00424A52(U), :00424A59(C), :00424A5E(C)
|
:00424A66 8B5008
:00424A69 85D2
test edx, edx
:00424A6B 760D
jbe 00424A7A
:00424A6D 3B533C
cmp edx, dword ptr [ebx+3C]
:00424A70 7D08
jge 00424A7A
:00424A72 8B533C
:00424A75 895008
:00424A78 EB12
jmp 00424A8C
|:00424A6B(C), :00424A70(C)
|
:00424A7A 8B5010
:00424A7D 85D2
:00424A7F 760B
:00424A81 3B533C
:00424A84 7E06
:00424A86 8B533C
:00424A89 895010

test edx, edx
jbe 00424A8C
jle 00424A8C

|:00424A78(U), :00424A7F(C), :00424A84(C)
|
:00424A8C 8B4608
:00424A8F 85C0
test eax, eax
:00424A91 7428
je 00424ABB
:00424A93 83BB8C00000000
:00424A9A 741F
je 00424ABB
:00424A9C F6434504
test [ebx+45], 04
:00424AA0 7519
jne 00424ABB
:00424AA2 F6401801
test [eax+18], 01
:00424AA6 7513
jne 00424ABB
:00424AA8 83781000
:00424AAC 740D
je 00424ABB
:00424AAE 83781400
:00424AB2 7407
je 00424ABB
:00424AB4 8BC3
mov eax, ebx
:00424AB6 E80DF7FFFF
call 004241C8
|:00424A3B(C), :00424A91(C), :00424A9A(C), :00424AA0(C), :00424AA6(C)
|:00424AAC(C), :00424AB2(C)
|
:00424ABB 5E
pop esi
:00424ABC 5B
pop ebx
:00424ABD C3
ret
:00424ABE 0000
BYTE 2 DUP(0)
:00424AC0 0300
:00424AC2 000000000000

BYTE 6 DUP(0)
:00424AC8
:00424ACC
:00424ACE
:00424AD2
test [eax+20], 10
je 00424AD4
test [eax+41], 04
je 00424AED
F6402010
7406
F6404104
7419
|:00424ACC(C)
|
:00424AD4 80784700
:00424AD8 7406
:00424ADA F6404040
:00424ADE 7504

je 00424AE0
test [eax+40], 40
jne 00424AE4
|:00424AD8(C)
|
:00424AE0 33C9
:00424AE2 EB02
xor ecx, ecx

jmp 00424AE6

|:00424ADE(C)
|
:00424AE4 B101
mov cl, 01
|:00424AE2(U)
|
:00424AE6 B201
mov dl, 01
:00424AE8 E8E3EAFFFF
call 004235D0
|:00424AD2(C)
|
:00424AED C3
ret
:00424AEE 8BC0
mov eax, eax
:00424AF0 8B10
:00424AF2 FF5278
call [edx+78]
:00424AF5 C3
ret
:00424AF6 8BC0
mov eax, eax

|:0041D7FA , :004284B1
|
:00424AF8 8B10
:00424AFA FF5278
call [edx+78]
:00424AFD C3
ret
:00424AFE 8BC0
mov eax, eax

|:00428489
|
:00424B00 8B10
:00424B02 FF5278
call [edx+78]
:00424B05 C3
ret
:00424B06
:00424B08
:00424B09
:00424B0B
:00424B0F
:00424B11
:00424B15
:00424B17
:00424B1A
:00424B1C
:00424B21
8BC0
53
8BD8
807B4A00
7423
837A0400
740C
8B5208
8BC3
E80FE8FFFF
EB0D
mov eax, eax

push ebx
mov ebx, eax
cmp byte ptr [ebx+4A], 00
je 00424B34
cmp dword ptr [edx+04], 00000000
je 00424B23
mov eax, ebx
call 00423330
jmp 00424B30

|:00424B15(C)
|
:00424B23
:00424B26
:00424B29
:00424B2B
8B4324
8B5064
8BC3
E800E8FFFF

mov eax, ebx
call 00423330

|:00424B21(U)
|
:00424B30 C6434A01
mov [ebx+4A], 01
|:00424B0F(C)
|
:00424B34 5B
pop ebx
:00424B35 C3
ret
:00424B36
:00424B38
:00424B39
:00424B3B
:00424B3F
:00424B41
:00424B44
:00424B46
:00424B48
:00424B4B
:00424B4D
:00424B4F
8BC0
53
8BD8
807B5000
7415
8B4324
85C0
740A
8A504F
8BC3
8B08
FF516C
mov eax, eax

push ebx
mov ebx, eax
je 00424B56
test eax, eax
je 00424B52
mov dl, byte ptr [eax+4F]
mov eax, ebx
call [ecx+6C]

|:00424B46(C)
|
:00424B52 C6435001
mov [ebx+50], 01
|:00424B3F(C)
|
:00424B56 5B
pop ebx
:00424B57 C3
ret

|:0042833E
|
:00424B58 8B0D502D4400
mov ecx, dword ptr [00442D50]
:00424B5E 80790900
cmp byte ptr [ecx+09], 00
:00424B62 740B
je 00424B6F
:00424B64 837A0400
:00424B68 7505
jne 00424B6F
:00424B6A 8B10
:00424B6C FF5278
call [edx+78]
|:00424B62(C), :00424B68(C)
|
:00424B6F C3
ret
:00424B70 53
push ebx
:00424B71
:00424B73
:00424B7A
:00424B7C
:00424B7F
:00424B85
:00424B87
:00424B8C
8BD8
80BB8600000000
7417
8B4324
8A9085000000
8BC3
E85CE7FFFF
C6838600000001
mov ebx, eax

je 00424B93
mov eax, ebx
call 004232E8

|:00424B7A(C)
|
:00424B93 5B
pop ebx
:00424B94 C3
ret
:00424B95
:00424B98
:00424B99
:00424B9B
:00424B9F
:00424BA1
:00424BA5
:00424BA7
:00424BAA
:00424BAC
:00424BB1
8D4000
53
8BD8
807B4900
7423
837A0400
740C
8B5208
8BC3
E8DFE6FFFF
EB0D
|:00424BA5(C)
|
:00424BB3 8B4324
:00424BB6 8B5058
:00424BB9 8BC3
:00424BBB E8D0E6FFFF

push ebx
mov ebx, eax
je 00424BC4
je 00424BB3
mov eax, ebx
call 00423290
jmp 00424BC0
mov eax, ebx
call 00423290

|:00424BB1(U)
|
:00424BC0 C6434901
mov [ebx+49], 01
|:00424B9F(C)
|
:00424BC4 5B
pop ebx
:00424BC5 C3
ret
:00424BC6 8BC0
mov eax, eax

|:0042866E
|
:00424BC8 53
push ebx
:00424BC9 8BD8
mov ebx, eax
:00424BCB 807B4600
:00424BCF 7415
je 00424BE6
:00424BD1 A1382D4400
:00424BD6 8B00
:00424BD8 8B5074
:00424BDB 8BC3
:00424BDD E8AEE6FFFF
:00424BE2 C6434601
mov eax, ebx

call 00423290
mov [ebx+46], 01

|:00424BCF(C)
|
:00424BE6 5B
pop ebx
:00424BE7 C3
ret
:00424BE8 C7420C01000000
:00424BEF C3
mov [edx+0C], 00000001

ret
:00424BF0
:00424BF3
:00424BF5
:00424BF7
:00424BF8
:00424BFA
:00424BFC
:00424C01

test edx, edx
je 00424C06
push eax
xor ecx, ecx
mov eax, edx
mov edx, 0000B013
call 00424194
8B5024
85D2
740F
50
33C9
8BC2
BA13B00000
E88EF5FFFF
|:00424BF5(C)
|
:00424C06 C3
:00424C07 90
:00424C08 8B5024
:00424C0B 85D2
:00424C0D 740F
:00424C0F 50
:00424C10 33C9
:00424C12 8BC2
:00424C14 BA14B00000
:00424C19 E876F5FFFF

ret
nop
test edx, edx
je 00424C1E
push eax
xor ecx, ecx
mov eax, edx
mov edx, 0000B014
call 00424194

|:00424C0D(C)
|
:00424C1E C3
ret
:00424C1F 90
nop
|:0042839B
|
:00424C20 33C0
xor eax, eax
:00424C22 89420C
:00424C25 C3
ret
:00424C26 8BC0
mov eax, eax

|:00423F5B , :00424D73
|
:00424C28 53
push ebx
:00424C29 56
push esi
:00424C2A 57
push edi
:00424C2B
:00424C2E
:00424C30
:00424C33
:00424C38
:00424C39
:00424C3A
:00424C3C
:00424C3E
:00424C40
:00424C42
:00424C45
:00424C47
:00424C49
:00424C4B
:00424C4D
:00424C50
:00424C52
:00424C54
:00424C59
:00424C5B
:00424C5D
:00424C5F
:00424C61
:00424C64
:00424C6A
:00424C6C
:00424C6E
:00424C71
:00424C73
:00424C77
:00424C79
:00424C7E
:00424C81
:00424C83
:00424C88
:00424C8C
:00424C8F
:00424C91
:00424C96
:00424C9A
:00424C9E
:00424CA0
83C4F0
8BF2
8D3C24
B904000000
F3
A5
8BD8
33F6
8BC3
8B10
FF5258
85C0
745C
8BC3
8B10
FF5258
8BF8
8BC3
E80FDFFDFF
3BF8
7448
8BC3
8B10
FF5258
8B0D302C4400
8B09
B201
FF502C
8BF0
8B542404
8BC6
E806DDFFFF
8B1424
8BC6
E8D8DCFFFF
8B542408
2B1424
8BC6
E836DFFFFF
8B54240C
2B542404
8BC6
E86BDFFFFF
add esp, FFFFFFF0

mov esi, edx
lea edi, dword ptr
mov ecx, 00000004
repz
movsd
mov ebx, eax
xor esi, esi
mov eax, ebx
mov edx, dword ptr
call [edx+58]
test eax, eax
je 00424CA5
mov eax, ebx
mov edx, dword ptr
call [edx+58]
mov edi, eax
mov eax, ebx
call 00402B68
cmp edi, eax
je 00424CA5
mov eax, ebx
mov edx, dword ptr
call [edx+58]
mov ecx, dword ptr
mov ecx, dword ptr
mov dl, 01
call [eax+2C]
mov esi, eax
mov edx, dword ptr
mov eax, esi
call 00422984
mov edx, dword ptr
mov eax, esi
call 00422960
mov edx, dword ptr
sub edx, dword ptr
mov eax, esi
call 00422BCC
mov edx, dword ptr
sub edx, dword ptr
mov eax, esi
call 00422C10
[esp]
[eax]
[eax]
[eax]
[00442C30]
[ecx]
[esp+04]
[esp]
[esp+08]
[esp]
[esp+0C]
[esp+04]
|:00424C47(C), :00424C5B(C)
|
:00424CA5 8BC6
:00424CA7 83C410
:00424CAA 5F
:00424CAB 5E
:00424CAC 5B
:00424CAD C3
:00424CAE 8BC0
mov eax, eax

|:00424D5F
|
mov
add
pop
pop
pop
ret
eax, esi
esp, 00000010
edi
esi
ebx
:00424CB0
:00424CB1
:00424CB3
:00424CB6
:00424CB7
:00424CB8
:00424CB9
:00424CBC
:00424CBF
:00424CC2
:00424CC4
:00424CC7
:00424CC9
:00424CCC
:00424CD1
:00424CD4
:00424CD7
:00424CD9
:00424CDC
:00424CE1
:00424CE4
:00424CE7
:00424CEA
:00424CED
:00424CF0
:00424CF3
:00424CF5
:00424CF8
:00424CFB
:00424CFD
:00424D00
:00424D01
:00424D04
:00424D05
:00424D08
:00424D0A
:00424D0D
:00424D0F
:00424D12
:00424D15
:00424D18
:00424D1B
:00424D1E
:00424D20
:00424D23
:00424D28
:00424D2B
:00424D2D
:00424D32
:00424D33
:00424D34
:00424D35
:00424D37
:00424D38
55
8BEC
83C4E0
53
56
57
8B7D08
83C7FC
8D4DF0
8B07
8B5034
8B07
8B4030
E8AF74FEFF
8D55F0
8D4DF8
8B07
8B4024
E8E7DFFFFF
8B4508
8B40F8
8B4008
8D5838
8B430C
2B4304
8B17
8B7224
03463C
8B17
2B423C
50
8D45E0
50
8B4B08
2B0B
034E38
8B07
2B4838
8B5634
035304
2B55FC
8B4630
0303
2B45F8
E88C74FEFF
8D55E0
8BC6
E846DEFFFF
5F
5E
5B
8BE5
5D
C3
:00424D39 8D4000
push ebp
mov ebp, esp
add esp, FFFFFFE0
push ebx
push esi
push edi
mov edi, dword ptr
add edi, FFFFFFFC
lea ecx, dword ptr
mov eax, dword ptr
mov edx, dword ptr
mov eax, dword ptr
mov eax, dword ptr
call 0040C180
lea edx, dword ptr
lea ecx, dword ptr
mov eax, dword ptr
mov eax, dword ptr
call 00422CC8
mov eax, dword ptr
mov eax, dword ptr
mov eax, dword ptr
lea ebx, dword ptr
mov eax, dword ptr
sub eax, dword ptr
mov edx, dword ptr
mov esi, dword ptr
add eax, dword ptr
mov edx, dword ptr
sub eax, dword ptr
push eax
lea eax, dword ptr
push eax
mov ecx, dword ptr
sub ecx, dword ptr
add ecx, dword ptr
mov eax, dword ptr
sub ecx, dword ptr
mov edx, dword ptr
add edx, dword ptr
sub edx, dword ptr
mov eax, dword ptr
add eax, dword ptr
sub eax, dword ptr
call 0040C1B4
lea edx, dword ptr
mov eax, esi
call 00422B78
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret
[ebp+08]
[ebp-10]
[edi]
[eax+34]
[edi]
[eax+30]
[ebp-10]
[ebp-08]
[edi]
[eax+24]
[ebp+08]
[eax-08]
[eax+08]
[eax+38]
[ebx+0C]
[ebx+04]
[edi]
[edx+24]
[esi+3C]
[edi]
[edx+3C]
[ebp-20]
[ebx+08]
[ebx]
[esi+38]
[edi]
[eax+38]
[esi+34]
[ebx+04]
[ebp-04]
[esi+30]
[ebx]
[ebp-08]
[ebp-20]

|:00427B8A
|
:00424D3C
:00424D3D
:00424D3F
:00424D42
:00424D43
:00424D46
:00424D49
:00424D4C
:00424D4E
:00424D51
:00424D53
:00424D55
:00424D58
:00424D5C
:00424D5E
:00424D5F
:00424D64
:00424D65
55
8BEC
83C4F8
53
8955F8
8945FC
8B45FC
8B10
FF5254
84C0
7412
8B45FC
83782400
7409
55
E84CFFFFFF
59
EB30
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
call [edx+54]
test al, al
je 00424D67
je 00424D67
push ebp
call 00424CB0
pop ecx
jmp 00424D97
|:00424D53(C), :00424D5C(C)
|
:00424D67 8B45F8
:00424D6A 8B4008
:00424D6D 8D5038
:00424D70 8B45FC
:00424D73 E8B0FEFFFF
:00424D78 8BD8
:00424D7A 85DB
:00424D7C 7419
:00424D7E 8B45F8
:00424D81 8B4008
:00424D84 895804
:00424D87 8BC3
:00424D89 E872410000
:00424D8E 8B55F8
:00424D91 8B5208
:00424D94 894208
|:00424D65(U), :00424D7C(C)
|
:00424D97 5B
:00424D98 59
:00424D99 59
:00424D9A 5D
:00424D9B C3

call 00424C28
mov ebx, eax
test ebx, ebx
je 00424D97
mov eax, ebx
call 00428F00
pop
pop
pop
pop
ret
ebx
ecx
ecx
ebp

|:00429A5F
|
:00424D9C 55
push ebp
:00424D9D 8BEC
mov ebp, esp
:00424D9F 6A00
push 00000000
:00424DA1 53
push ebx
:00424DA2 56
push esi
:00424DA3 57
push edi
:00424DA4
:00424DA6
:00424DA8
:00424DAA
:00424DAC
:00424DAD
:00424DB2
:00424DB5
:00424DB8
:00424DBA
:00424DC0
:00424DC5
:00424DC7
:00424DCD
:00424DCF
:00424DD1
:00424DD4
:00424DD6
:00424DDB
:00424DDF
8BD9
8BFA
8BF0
33C0
55
68634E4200
64FF30
648920
8BC7
8B15F4D74200
E8CBDFFDFF
84C0
0F8480000000
84DB
7410
8D55FC
8BC6
E8C9E3FFFF
837DFC00
750A
mov ebx, ecx

mov edi, edx
mov esi, eax
xor eax, eax
push ebp
push 00424E63
mov eax, edi
call 00402D90
test al, al
je 00424E4D
test bl, bl
je 00424DE1
mov eax, esi
call 004231A4
jne 00424DEB
|:00424DCF(C)
|
:00424DE1 8B574C
:00424DE4 8BC6
:00424DE6 E8E9E3FFFF

mov eax, esi
call 004231D4

|:00424DDF(C)
|
:00424DEB 84DB
test bl, bl
:00424DED 740B
je 00424DFA
:00424DEF 8BC6
mov eax, esi
:00424DF1 8B10
:00424DF3 FF5250
call [edx+50]
:00424DF6 3C01
cmp al, 01
:00424DF8 750A
jne 00424E04
|:00424DED(C)
|
:00424DFA 8A5751
:00424DFD 8BC6
mov eax, esi
:00424DFF 8B08
:00424E01 FF5160
call [ecx+60]
|:00424DF8(C)
|
:00424E04 84DB
:00424E06 7406
:00424E08 837E7400
:00424E0C 750B

test bl, bl
je 00424E0E
jne 00424E19

|:00424E06(C)
|
:00424E0E 8D4674
:00424E11 8B5758
:00424E14 E8F3E9FDFF
call 0040380C
|:00424E0C(C)
|
:00424E19 84DB
:00424E1B 7406
:00424E1D 807E4701
:00424E21 750A
|:00424E1B(C)
|
:00424E23 8A5762
:00424E26 8BC6
:00424E28 E867E2FFFF
|:00424E21(C)
|
:00424E2D 84DB
:00424E2F 740A
:00424E31 6683BE0601000000
:00424E39 7512
|:00424E2F(C)
|
:00424E3B 8B472C
:00424E3E 898604010000
:00424E44 8B4730
:00424E47 898608010000
|:00424DC7(C), :00424E39(C)
|
:00424E4D 33C0
:00424E4F 5A
:00424E50 59
:00424E51 59
:00424E52 648910
test bl, bl
je 00424E23
jne 00424E2D

mov eax, esi
call 00423094
test bl, bl
je 00424E3B
cmp word ptr [esi+00000106], 0000
jne 00424E4D
mov
mov
mov
mov
xor
pop
pop
pop
mov
eax, dword ptr [edi+2C]

eax, dword ptr [edi+30]
eax, eax
edx
ecx
ecx

|
:00424E55 686A4E4200
push 00424E6A
|:00424E68(U)
|
:00424E5A 8D45FC
:00424E5D E856E9FDFF
:00424E62 C3
:00424E63
:00424E68
:00424E6A
:00424E6B
:00424E6C
:00424E6D
jmp
jmp
pop
pop
pop
pop
E910E4FDFF
EBF0
5F
5E
5B
59

call 004037B8
ret
00403278
00424E5A
edi
esi
ebx
ecx
:00424E6E 5D
:00424E6F C3
pop ebp
ret
:00424E70
:00424E71
:00424E72
:00424E74
:00424E76
:00424E78
:00424E7D
:00424E7F
:00424E81
:00424E83
:00424E85
:00424E87
:00424E8B
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 00422670
cmp esi, eax
jne 00424E90
xor ecx, ecx
mov edx, esi
mov eax, ebx
mov bx, FFF0
call 00402DF4
53
56
8BF2
8BD8
8BC3
E8F3D7FFFF
3BF0
750F
33C9
8BD6
8BC3
66BBF0FF
E864DFFDFF

|:00424E7F(C)
|
:00424E90 5E
pop esi
:00424E91 5B
pop ebx
:00424E92 C3
ret
:00424E93 90
nop
* Possible StringData Ref from Code Obj ->"T!B"

|
:00424E94 A1D0EB4100
mov eax, dword ptr [0041EBD0]
:00424E99 C3
ret
:00424E9A
:00424E9C
:00424E9D
:00424E9E
:00424EA0
:00424EA3
:00424EA5
:00424EA7
:00424EA9
:00424EAB
:00424EAE
:00424EB0
:00424EB2
:00424EB4
:00424EB5
:00424EB6
8BC0
53
56
8BD8
8B735C
85F6
7410
8BC6
8B10
FF521C
84C0
7405
33C0
5E
5B
C3
|:00424EA5(C), :00424EB0(C)
|
:00424EB7 B001
:00424EB9 5E
:00424EBA 5B
:00424EBB C3
mov eax, eax

push ebx
push esi
mov ebx, eax
test esi, esi
je 00424EB7
mov eax, esi
call [edx+1C]
test al, al
je 00424EB7
xor eax, eax
pop esi
pop ebx
ret

mov al, 01
pop esi
pop ebx
ret
:00424EBC
:00424EBD
:00424EBE
:00424EC0
:00424EC3
:00424EC5
:00424EC7
:00424EC9
:00424ECB
:00424ECE
:00424ED0
:00424ED2
:00424ED4
:00424ED5
:00424ED6
53
56
8BD8
8B735C
85F6
7410
8BC6
8B10
FF5224
84C0
7405
33C0
5E
5B
C3
push ebx
push esi
mov ebx, eax
test esi, esi
je 00424ED7
mov eax, esi
call [edx+24]
test al, al
je 00424ED7
xor eax, eax
pop esi
pop ebx
ret
|:00424EC5(C), :00424ED0(C)
|
:00424ED7 B001
:00424ED9 5E
:00424EDA 5B
:00424EDB C3
:00424EDC
:00424EDD
:00424EDE
:00424EE0
:00424EE3
:00424EE5
:00424EE7
:00424EE9
:00424EEB
:00424EEE
:00424EF0
:00424EF2
:00424EF4
:00424EF5
:00424EF6
push ebx
push esi
mov ebx, eax
test esi, esi
je 00424EF7
mov eax, esi
call [edx+2C]
test al, al
je 00424EF7
xor eax, eax
pop esi
pop ebx
ret
53
56
8BD8
8B735C
85F6
7410
8BC6
8B10
FF522C
84C0
7405
33C0
5E
5B
C3
mov al, 01
pop esi
pop ebx
ret
|:00424EE5(C), :00424EF0(C)
|
:00424EF7 B001
:00424EF9 5E
:00424EFA 5B
:00424EFB C3
:00424EFC
:00424EFD
:00424EFE
:00424F00
push ebx
push esi
mov ebx, eax
53
56
8BD8
8B735C
mov al, 01
pop esi
pop ebx
ret
:00424F03
:00424F05
:00424F07
:00424F09
:00424F0B
:00424F0E
:00424F10
:00424F12
:00424F14
:00424F15
:00424F16
85F6
7410
8BC6
8B10
FF5238
84C0
7405
33C0
5E
5B
C3
test esi, esi

je 00424F17
mov eax, esi
call [edx+38]
test al, al
je 00424F17
xor eax, eax
pop esi
pop ebx
ret
|:00424F05(C), :00424F10(C)
|
:00424F17 B001
:00424F19 5E
:00424F1A 5B
:00424F1B C3
:00424F1C
:00424F1D
:00424F1E
:00424F20
:00424F23
:00424F25
:00424F27
:00424F29
:00424F2B
:00424F2E
:00424F30
:00424F32
:00424F34
:00424F35
:00424F36
push ebx
push esi
mov ebx, eax
test esi, esi
je 00424F37
mov eax, esi
call [edx+08]
test al, al
je 00424F37
xor eax, eax
pop esi
pop ebx
ret
53
56
8BD8
8B735C
85F6
7410
8BC6
8B10
FF5208
84C0
7405
33C0
5E
5B
C3
|:00424F25(C), :00424F30(C)
|
:00424F37 B001
:00424F39 5E
:00424F3A 5B
:00424F3B C3
mov al, 01
pop esi
pop ebx
ret

mov al, 01
pop esi
pop ebx
ret

|:0041D5E9 , :00438522
|
:00424F3C 53
push ebx
:00424F3D 8BD8
mov ebx, eax
:00424F3F 8BC3
mov eax, ebx
:00424F41 E862C9FEFF
call 004118A8
:00424F46 8BC3
mov eax, ebx
:00424F48 E823D7FFFF
call 00422670
:00424F4D
:00424F4F
:00424F51
:00424F53
:00424F58
:00424F5A
:00424F5C
:00424F5E
:00424F62
85C0
7416
8BC3
E818D7FFFF
8BD0
B101
8BC3
66BBF0FF
E88DDEFDFF
test eax, eax

je 00424F67
mov eax, ebx
call 00422670
mov edx, eax
mov cl, 01
mov eax, ebx
mov bx, FFF0
call 00402DF4

|:00424F4F(C)
|
:00424F67 5B
pop ebx
:00424F68 C3
ret
:00424F69 8D4000

|:00429AC2
|
:00424F6C 55
push ebp
:00424F6D 8BEC
mov ebp, esp
:00424F6F 6A00
push 00000000
:00424F71 53
push ebx
:00424F72 56
push esi
:00424F73 57
push edi
:00424F74 8BF2
mov esi, edx
:00424F76 8BD8
mov ebx, eax
:00424F78 33C0
xor eax, eax
:00424F7A 55
push ebp
:00424F7B 6805504200
push 00425005
:00424F80 64FF30
:00424F83 648920
:00424F86 8BC6
mov eax, esi
:00424F88 8B15F4D74200
:00424F8E E8FDDDFDFF
call 00402D90
:00424F93 84C0
test al, al
:00424F95 744F
je 00424FE6
:00424F97 8BC3
mov eax, ebx
:00424F99 8B10
:00424F9B FF5250
call [edx+50]
:00424F9E 8BD0
mov edx, eax
:00424FA0 8BFE
mov edi, esi
:00424FA2 8BC7
mov eax, edi
:00424FA4 E89B910000
call 0042E144
:00424FA9 8B5374
:00424FAC 8BC7
mov eax, edi
:00424FAE E841920000
call 0042E1F4
:00424FB3 8D55FC
:00424FB6 8BC3
mov eax, ebx
:00424FB8 E8E7E1FFFF
call 004231A4
:00424FBD 8B55FC
:00424FC0 8BC7
mov eax, edi
:00424FC2 E8BD900000
call 0042E084
:00424FC7 8A5347
:00424FCA 8BC7
mov eax, edi
:00424FCC E83F930000
call 0042E310
:00424FD1 FFB308010000
push dword ptr [ebx+00000108]
:00424FD7
:00424FDD
:00424FDF
:00424FE1
:00424FE4
FFB304010000
8BC7
8B10
FF5234
EB09
|:00424F95(C)
|
:00424FE6 8BD6
:00424FE8 8BC3
:00424FEA E81D83FEFF
push dword ptr [ebx+00000104]

mov eax, edi
call [edx+34]
jmp 00424FEF
mov edx, esi
mov eax, ebx
call 0040D30C

|:00424FE4(U)
|
:00424FEF 33C0
xor eax, eax
:00424FF1 5A
pop edx
:00424FF2 59
pop ecx
:00424FF3 59
pop ecx
:00424FF4 648910
|
:00424FF7 680C504200
push 0042500C
|:0042500A(U)
|
:00424FFC 8D45FC
:00424FFF E8B4E7FDFF
:00425004 C3
:00425005
:0042500A
:0042500C
:0042500D
:0042500E
:0042500F
:00425010
:00425011
jmp
jmp
pop
pop
pop
pop
pop
ret
E96EE2FDFF
EBF0
5F
5E
5B
59
5D
C3
:00425012 8BC0

call 004037B8
ret
00403278
00424FFC
edi
esi
ebx
ecx
ebp
mov eax, eax

|:004250D3
|
:00425014 55
push ebp
:00425015 8BEC
mov ebp, esp
:00425017 51
push ecx
:00425018 53
push ebx
:00425019 56
push esi
:0042501A 8945FC
:0042501D 33DB
xor ebx, ebx
:0042501F 8BCA
mov ecx, edx
:00425021 85C9
test ecx, ecx
:00425023 7E21
jle 00425046
:00425025 BE01000000
mov esi, 00000001
:0042502A 8B55FC
:0042502D 83C208

add edx, 00000008

|:00425044(C)
|
:00425030 DD02
fld qword ptr [edx]
:00425032 8B45FC
:00425035 DC1CD8
fcomp qword ptr [eax+8*ebx]
:00425038 DFE0
fstsw ax
:0042503A 9E
sahf
:0042503B 7302
jnb 0042503F
:0042503D 8BDE
mov ebx, esi
|:0042503B(C)
|
:0042503F 46
inc esi
:00425040 83C208
add edx, 00000008
:00425043 49
dec ecx
:00425044 75EA
jne 00425030
|:00425023(C)
|
:00425046 8BC3
mov eax, ebx
:00425048 5E
pop esi
:00425049 5B
pop ebx
:0042504A 59
pop ecx
:0042504B 5D
pop ebp
:0042504C C3
ret
:0042504D
:00425050
:00425051
:00425052
:00425053
:00425054
:00425057
:00425059
:0042505C
:0042505D
:0042505E
:00425060
:00425063
:00425066
:00425069
:0042506B
:0042506D
:0042506F
8D4000
53
56
57
55
83C4C8
8BF2
8D3C24
A5
A5
33DB
8B7038
8B783C
8B0424
85C0
7F07
B303
E981000000
lea eax, dword ptr

push ebx
push esi
push edi
push ebp
add esp, FFFFFFC8
mov esi, edx
lea edi, dword ptr
movsd
movsd
xor ebx, ebx
mov esi, dword ptr
mov edi, dword ptr
mov eax, dword ptr
test eax, eax
jg 00425074
mov bl, 03
jmp 004250F5
[eax+00]
[esp]
[eax+38]
[eax+3C]
[esp]

|:0042506B(C)
|
:00425074 3BF0
cmp esi, eax
:00425076 7F04
jg 0042507C
:00425078 B304
mov bl, 04
:0042507A EB79
jmp 004250F5
|:00425076(C)
|
:0042507C 8B542404
:00425080 85D2
:00425082 7F04
:00425084 B301
:00425086 EB6D

test edx, edx
jg 00425088
mov bl, 01
jmp 004250F5

|:00425082(C)
|
:00425088 3BFA
cmp edi, edx
:0042508A 7F04
jg 00425090
:0042508C B302
mov bl, 02
:0042508E EB65
jmp 004250F5
|:0042508A(C)
|
:00425090 8BEA
:00425092 2BFA
:00425094 89442408
:00425098 2BF0
:0042509A DB442408
:0042509E DD5C240C
:004250A2 9B
:004250A3 8974242C
:004250A7 DB44242C
:004250AB DD5C2414
:004250AF 9B
:004250B0 896C2430
:004250B4 DB442430
:004250B8 DD5C241C
:004250BC 9B
:004250BD 897C2434
:004250C1 DB442434
:004250C5 DD5C2424
:004250C9 9B
:004250CA 8D44240C
:004250CE BA03000000
:004250D3 E83CFFFFFF
:004250D8 83E801
:004250DB 720A
:004250DD 740C
:004250DF 48
:004250E0 740D
:004250E2 48
:004250E3 740E
:004250E5 EB0E

mov ebp, edx
sub edi, edx
sub esi, eax
fstp qword ptr [esp+0C]
wait
mov dword ptr [esp+2C], esi
fild dword ptr [esp+2C]
wait
mov dword ptr [esp+30], ebp
fstp qword ptr [esp+1C]
wait
wait
mov edx, 00000003
call 00425014
sub eax, 00000001
jb 004250E7
je 004250EB
dec eax
je 004250EF
dec eax
je 004250F3
jmp 004250F5

|:004250DB(C)
|
:004250E7 B303
mov bl, 03
:004250E9 EB0A
jmp 004250F5
|:004250DD(C)
|
:004250EB B304
:004250ED EB06
mov bl, 04
jmp 004250F5

|:004250E0(C)
|
:004250EF B301
mov bl, 01
:004250F1 EB02
jmp 004250F5
|:004250E3(C)
|
:004250F3 B302
mov bl, 02
|:0042506F(U), :0042507A(U), :00425086(U), :0042508E(U), :004250E5(U)
|:004250E9(U), :004250ED(U), :004250F1(U)
|
:004250F5 8BC3
mov eax, ebx
:004250F7 83C438
add esp, 00000038
:004250FA 5D
pop ebp
:004250FB 5F
pop edi
:004250FC 5E
pop esi
:004250FD 5B
pop ebx
:004250FE C3
ret
:004250FF
:00425100
:00425101
:00425103
:0042510A
:0042510C
:0042510E
:00425110
:00425113
:00425115
:0042511B
:00425120
:00425122
90
53
8BD8
83BB8C00000000
7418
8BC3
8B10
FF5258
8BD0
8B838C000000
E870DCFDFF
84C0
7504
nop
push ebx
mov ebx, eax
je 00425124
mov eax, ebx
call [edx+58]
mov edx, eax
call 00402D90
test al, al
jne 00425128

|:0042510A(C)
|
:00425124 33C0
xor eax, eax
:00425126 5B
pop ebx
:00425127 C3
ret

|:00425122(C)
|
:00425128 B001
mov al, 01
:0042512A 5B
pop ebx
:0042512B C3
ret
:0042512C 8B80A0000000
:00425132 C3
mov eax, dword ptr [eax+000000A0]

ret
:00425133
:00425134
:00425135
:00425139
:0042513B
:0042513E
:0042513F
:00425142
:00425143
:00425146
:00425149
:0042514B
90
53
F6402001
7516
8B5038
52
8B503C
52
8B4834
8B5030
8B18
FF9380000000
nop
push ebx
test [eax+20],
jne 00425151
mov edx, dword
push edx
mov edx, dword
push edx
mov ecx, dword
mov edx, dword
mov ebx, dword
call dword ptr
01
ptr [eax+38]
ptr [eax+3C]
ptr [eax+34]
ptr [eax+30]
ptr [eax]
[ebx+00000080]

|:00425139(C)
|
:00425151 5B
pop ebx
:00425152 C3
ret
:00425153 90
nop

|:0041D3E1
|
:00425154 53
push ebx
:00425155 56
push esi
:00425156 57
push edi
:00425157 8BF8
mov edi, eax
:00425159 8BF2
mov esi, edx
:0042515B 8BC7
mov eax, edi
:0042515D 66BBCFFF
mov bx, FFCF
:00425161 E88EDCFDFF
call 00402DF4
:00425166 84C0
test al, al
:00425168 741A
je 00425184
:0042516A 8BC6
mov eax, esi
:0042516C 83E002
and eax, 00000002
:0042516F 83F802
cmp eax, 00000002
:00425172 7505
jne 00425179
:00425174 83E6FD
and esi, FFFFFFFD
:00425177 EB0B
jmp 00425184
|:00425172(C)
|
:00425179 8BC6
mov eax, esi
:0042517B 83E001
and eax, 00000001
:0042517E 48
dec eax
:0042517F 7403
je 00425184
:00425181 83CE02
or esi, 00000002
|:00425168(C), :00425177(U), :0042517F(C)
|
:00425184 8BC7
mov eax, edi
:00425186 E809000000
call 00425194
:0042518B 0BF0
or esi, eax
:0042518D 8BC6
mov eax, esi
:0042518F
:00425190
:00425191
:00425192
5F
5E
5B
C3
:00425193 90
pop edi
pop esi
pop ebx
ret
nop

|:00425186 , :0042A2B7 , :0042A575 , :00440E05
|
:00425194 53
push ebx
:00425195 8BD8
mov ebx, eax
:00425197 8BC3
mov eax, ebx
:00425199 E8DEE5FFFF
call 0042377C
:0042519E 84C0
test al, al
:004251A0 7407
je 004251A9
:004251A2 B800000200
mov eax, 00020000
:004251A7 5B
pop ebx
:004251A8 C3
ret
, :00440EAB

|:004251A0(C)
|
:004251A9 33C0
xor eax, eax
:004251AB 5B
pop ebx
:004251AC C3
ret
:004251AD
:004251B0
:004251B3
:004251B5
:004251B7
:004251B9
:004251BB
8D4000
8B505C
85D2
7407
8BC2
8B10
FF5218
|:004251B5(C)
|
:004251BE C3
:004251BF 90
:004251C0 53
:004251C1 56
:004251C2 57
:004251C3 8BFA
:004251C5 8BD8
:004251C7 8B735C
:004251CA 85F6
:004251CC 7418
:004251CE 8B4708
:004251D1 8D5038
:004251D4 8BC6
:004251D6 8B08
:004251D8 FF515C
:004251DB 84C0
:004251DD 7507
:004251DF C7470C01000000

test edx, edx
je 004251BE
mov eax, edx
call [edx+18]
ret
nop
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
test esi, esi
je 004251E6
mov eax, esi
call [ecx+5C]
test al, al
jne 004251E6
mov [edi+0C], 00000001
|:004251CC(C), :004251DD(C)
|
:004251E6 5F
:004251E7 5E
:004251E8 5B
:004251E9 C3
:004251EA 8BC0
mov eax, eax
pop edi
pop esi
pop ebx
ret

|:0042919B
|
:004251EC 899080000000
:004251F2 89487C
:004251F5 C3
ret
:004251F6 8BC0
mov eax, eax

|:0041E206
|
:004251F8 53
push ebx
:004251F9 56
push esi
:004251FA 8BF2
mov esi, edx
:004251FC 8BD8
mov ebx, eax
:004251FE 8BD6
mov edx, esi
:00425200 8BC3
mov eax, ebx
:00425202 E84DCFFFFF
call 00422154
:00425207 8BC6
mov eax, esi
:00425209 8B15CCF94100
:0042520F E894DBFDFF
call 00402DA8
:00425214 894314
:00425217 5E
pop esi
:00425218 5B
pop ebx
:00425219 C3
ret
:0042521A
:0042521C
:0042521D
:0042521F
:00425221
:00425226
:00425228
:0042522A
:0042522D
:00425233
:00425238
:0042523B
:0042523E
:00425244
8BC0
53
8BD8
8BC3
E8DE8C0000
84C0
741C
8B430C
8B15F4D74200
E870DBFDFF
8B4054
8B5314
3B8244010000
7404
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 0042DF04
test al, al
je 00425246
mov eax, dword
mov edx, dword
call 00402DA8
mov eax, dword
mov edx, dword
cmp eax, dword
je 0042524A
ptr [ebx+0C]
ptr [0042D7F4]
ptr [eax+54]
ptr [ebx+14]
ptr [edx+00000144]

|:00425228(C)
|
:00425246 33C0
xor eax, eax
:00425248 5B
:00425249 C3
pop ebx
ret

|:00425244(C)
|
:0042524A B001
mov al, 01
:0042524C 5B
pop ebx
:0042524D C3
ret
:0042524E
:00425250
:00425251
:00425252
:00425254
:00425256
:00425258
:0042525A
:0042525D
:0042525F
:00425261
:00425264
8BC0
53
56
8BF2
8BD8
8BC3
8B10
FF5228
84C0
7409
8B4314
89B044010000
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+28]
test al, al
je 0042526A

|:0042525F(C)
|
:0042526A 5E
pop esi
:0042526B 5B
pop ebx
:0042526C C3
ret
:0042526D 8D4000

|:0041D8BA , :0041E2D2 , :0042A8DB , :004377EE
|
:00425270 55
push ebp
:00425271 8BEC
mov ebp, esp
:00425273 51
push ecx
:00425274 53
push ebx
:00425275 56
push esi
:00425276 84D2
test dl, dl
:00425278 7408
je 00425282
:0042527A 83C4F0
add esp, FFFFFFF0
:0042527D E882DCFDFF
call 00402F04
|:00425278(C)
|
:00425282 8855FF
:00425285 8BD8
:00425287 33D2
:00425289 8BC3
:0042528B E8A8D1FFFF
:00425290 53
:00425291 680C684200
:00425296 E859160100

mov ebx, eax
xor edx, edx
mov eax, ebx
call 00422438
push ebx
push 0042680C
call 004368F4
:0042529B
:004252A1
:004252A3
:004252A8
:004252AD
:004252AF
:004252B5
:004252B8
:004252BA
:004252BF
:004252C6
:004252D0
:004252D7
:004252DC
:004252E1
:004252E3
:004252E9
:004252EE
898360010000
B201
A1382B4100
E833F3FEFF
8BF0
89B324010000
8B5364
8BC6
E8CDF4FEFF
C6836401000001
C78374010000FFFFFFFF
C6834801000003
A1502D4400
6683780411
750D
8D834C010000
E8CAE4FDFF
EB16

mov dl, 01
call 004145E0
mov esi, eax
mov eax, esi
call 0041478C
mov dword ptr [ebx+00000174], FFFFFFFF
jne 004252F0
call 004037B8
jmp 00425306
|:004252E1(C)
|
:004252F0 8D834C010000
:004252F6 8B15382D4400
:004252FC 8B12
:004252FE 8B522C
:00425301 E806E5FDFF
|:004252EE(U)
|
:00425306 C6838001000000
:0042530D A050534200
:00425312 888316010000
:00425318 C6831701000002
:0042531F C6831801000001
:00425326 C7831C01000001000000
:00425330 8BC3
:00425332 807DFF00
:00425336 740F
:00425338 E81FDCFDFF
:0042533D 648F0500000000
:00425344 83C40C
lea eax, dword

mov edx, dword
mov edx, dword
mov edx, dword
call 0040380C
ptr
ptr
ptr
ptr
[ebx+0000014C]
[00442D38]
[edx]
[edx+2C]

mov dword ptr [ebx+0000011C], 00000001
mov eax, ebx
je 00425347
call 00402F5C
add esp, 0000000C

|:00425336(C)
|
:00425347 8BC3
mov eax, ebx
:00425349 5E
pop esi
:0042534A 5B
pop ebx
:0042534B 59
pop ecx
:0042534C 5D
pop ebp
:0042534D C3
ret
:0042534E 0000
BYTE 2 DUP(0)
:00425350 0F0000
:00425353 00

BYTE 00h

|:0042A939 , :00437868
|
:00425354 53
push ebx
:00425355 56
push esi
:00425356 51
push ecx
:00425357 E808DCFDFF
call 00402F64
:0042535C 881424
:0042535F 8BD8
mov ebx, eax
:00425361 8BC3
mov eax, ebx
:00425363 E8C8C3FEFF
call 00411730
:00425368 80BB3801000000
:0042536F 7410
je 00425381
:00425371 C6833801000000
:00425378 33D2
xor edx, edx
:0042537A 8BC3
mov eax, ebx
:0042537C E8B3BDFFFF
call 00421134
|:0042536F(C)
|
:00425381 8D833C010000
:00425387 E8F0FAFDFF
:0042538C 8B8334010000
:00425392 E889D8FDFF
:00425397 837B2400
:0042539B 7409
:0042539D B201
:0042539F 8BC3
:004253A1 E8A20A0000
|:0042539B(C)
|
:004253A6 83BB4001000000
:004253AD 740A
:004253AF 8BC3
:004253B1 8B10
:004253B3 FF92A0000000
|:004253AD(C)
|
:004253B9 8BC3
:004253BB E8C80C0000
:004253C0 85C0
:004253C2 7429
|:004253EB(C)
|
:004253C4 8BD0
:004253C6 4A
:004253C7 8BC3
:004253C9 E87E0C0000
:004253CE 8BF0
:004253D0 8BD6
:004253D2 8BC3

call 00404E7C
call 00402C20
je 004253A6
mov dl, 01
mov eax, ebx
call 00425E48
cmp dword ptr [ebx+00000140], 00000000

je 004253B9
mov eax, ebx
call dword ptr [edx+000000A0]
mov eax, ebx

call 00426088
test eax, eax
je 004253ED
mov edx, eax

dec edx
mov eax, ebx
call 0042604C
mov esi, eax
mov edx, esi
mov eax, ebx
:004253D4
:004253D9
:004253DB
:004253DD
:004253DF
:004253E2
:004253E4
:004253E9
:004253EB
E8DB0A0000
B201
8BC6
8B08
FF51FC
8BC3
E89F0C0000
85C0
75D7
call 00425EB4
mov dl, 01
mov eax, esi
call [ecx-04]
mov eax, ebx
call 00426088
test eax, eax
jne 004253C4
|:004253C2(C)
|
:004253ED 8B8324010000
:004253F3 E828D8FDFF
:004253F8 8B8360010000
:004253FE 85C0
:00425400 7405
:00425402 E885150100
|:00425400(C)
|
:00425407 8A1424
:0042540A 80E2FC
:0042540D 8BC3
:0042540F E8F4D0FFFF
:00425414 803C2400
:00425418 7E07
:0042541A 8BC3
:0042541C E833DBFDFF

call 00402C20
test eax, eax
je 00425407
call 0043698C

and dl, FC
mov eax, ebx
call 00422508
jle 00425421
mov eax, ebx
call 00402F54

|:00425418(C)
|
:00425421 5A
pop edx
:00425422 5E
pop esi
:00425423 5B
pop ebx
:00425424 C3
ret
:00425425 8D4000

|:00425546
|
:00425428 55
push ebp
:00425429 8BEC
mov ebp, esp
:0042542B 83C4F4
add esp, FFFFFFF4
:0042542E 53
push ebx
:0042542F 56
push esi
:00425430 8945FC
:00425433 8B45FC
:00425436 83B88401000000
cmp dword ptr [eax+00000184], 00000000
:0042543D 0F84B0000000
je 004254F3
:00425443 B201
mov dl, 01
:00425445 A154B54000
:0042544A E8A1D7FDFF
call 00402BF0
:0042544F 8945F4
:00425452 33C9
xor ecx, ecx
:00425454
:00425455
:0042545A
:0042545D
:00425460
:00425463
:00425469
:0042546C
:0042546F
:00425472
:00425475
:0042547A
:0042547D
:0042547E
:00425480
:00425482
:00425483
55
68EC544200
64FF31
648921
8B45FC
8B8084010000
8B4008
8945F8
8B55F8
8B45F4
E85E79FEFF
8B5DF8
4B
85DB
7C30
43
33F6
push ebp
push 004254EC
call 0040CDD8
dec ebx
test ebx, ebx
jl 004254B2
inc ebx
xor esi, esi
|:004254B0(C)
|
:00425485 8B45FC
:00425488 8B8084010000
:0042548E 8BD6
:00425490 E8E376FEFF
:00425495 8B9074010000
:0042549B 85D2
:0042549D 7C0F
:0042549F 3B55F8
:004254A2 7D0A
:004254A4 8BC8
:004254A6 8B45F4
:004254A9 E82E78FEFF
|:0042549D(C), :004254A2(C)
|
:004254AE 46
:004254AF 4B
:004254B0 75D3
mov eax, dword

mov eax, dword
mov edx, esi
call 0040CB78
mov edx, dword
test edx, edx
jl 004254AE
cmp edx, dword
jge 004254AE
mov ecx, eax
mov eax, dword
call 0040CCDC
ptr [ebp-04]
ptr [eax+00000184]
ptr [eax+00000174]
ptr [ebp-08]
ptr [ebp-0C]
inc esi
dec ebx
jne 00425485

|:00425480(C)
|
:004254B2 8B5DF8
:004254B5 4B
dec ebx
:004254B6 85DB
test ebx, ebx
:004254B8 7C1C
jl 004254D6
:004254BA 43
inc ebx
:004254BB 33F6
xor esi, esi
|:004254D4(C)
|
:004254BD 8BD6
:004254BF 8B45F4
:004254C2 E8B176FEFF
:004254C7 85C0
:004254C9 7407
:004254CB 8BD6

mov edx, esi
call 0040CB78
test eax, eax
je 004254D2
mov edx, esi
:004254CD E8E63B0000
call 004290B8

|:004254C9(C)
|
:004254D2 46
inc esi
:004254D3 4B
dec ebx
:004254D4 75E7
jne 004254BD
|:004254B8(C)
|
:004254D6 33C0
:004254D8 5A
:004254D9 59
:004254DA 59
:004254DB 648910
:004254DE 68F3544200
|:004254F1(U)
|
:004254E3 8B45F4
:004254E6 E835D7FDFF
:004254EB C3
:004254EC E987DDFDFF
:004254F1 EBF0
jmp 00403278
jmp 004254E3
xor eax, eax

pop edx
pop ecx
pop ecx
push 004254F3

call 00402C20
ret

|:0042543D(C)
|
:004254F3 5E
pop esi
:004254F4 5B
pop ebx
:004254F5 8BE5
mov esp, ebp
:004254F7 5D
pop ebp
:004254F8 C3
ret
:004254F9 8D4000

|:004386A3
|
:004254FC 55
push ebp
:004254FD 8BEC
mov ebp, esp
:004254FF 51
push ecx
:00425500 53
push ebx
:00425501 8BDA
mov ebx, edx
:00425503 8945FC
:00425506 8B45FC
:00425509 E8CE060000
call 00425BDC
:0042550E 33C0
xor eax, eax
:00425510 55
push ebp
:00425511 683C554200
push 0042553C
:00425516 64FF30
:00425519 648920
:0042551C 8BD3
mov edx, ebx
:0042551E 8B45FC
:00425521
:00425526
:00425528
:00425529
:0042552A
:0042552B
:0042552E
E822D2FFFF
33C0
5A
59
59
648910
6843554200
call 00422748
xor eax, eax
pop edx
pop ecx
pop ecx
push 00425543
|:00425541(U)
|
:00425533 8B45FC
:00425536 E8A9060000
:0042553B C3
:0042553C
:00425541
:00425543
:00425546
:0042554B
:0042554E
:00425552
:00425554
:00425556
:00425558
:0042555D
:00425560
jmp 00403278
jmp 00425533
call 00425428
je 00425565
push 00000000
xor ecx, ecx
mov edx, 0000B011
call 00424194
E937DDFDFF
EBF0
8B45FC
E8DDFEFFFF
8B45FC
83782400
7411
6A00
33C9
BA11B00000
8B45FC
E82FECFFFF

call 00425BE4
ret
|:00425552(C)
|
:00425565 8B45FC
:00425568 E85F120000
:0042556D 5B
:0042556E 59
:0042556F 5D
:00425570 C3
:00425571 8D4000

call 004267CC
pop ebx
pop ecx
pop ebp
ret

|:00437EDA
|
:00425574 C3
ret
:00425575 8D4000
|:0042599B
|
:00425578 55
push ebp
:00425579 8BEC
mov ebp, esp
:0042557B 51
push ecx
:0042557C 53
push ebx
:0042557D 884DFF
:00425580 33C9
xor ecx, ecx
:00425582 8A5DFF
:00425585 FECB
dec bl
:00425587 740E
je 00425597
:00425589
:0042558B
:0042558D
:0042558F
:00425591
:00425593
:00425595
FECB
7415
FECB
7424
FECB
742B
EB3A
dec bl
je 004255A2
dec bl
je 004255B5
dec bl
je 004255C0
jmp 004255D1

|:00425587(C)
|
:00425597 8B5234
:0042559A 3B5034
:0042559D 0F9FC1
setg cl
:004255A0 EB2F
jmp 004255D1
|:0042558B(C)
|
:004255A2 8B4A34
:004255A5 034A3C
:004255A8 8B5034
:004255AB 03503C
add edx, dword ptr [eax+3C]
:004255AE 3BCA
cmp ecx, edx
:004255B0 0F9CC1
setl cl
:004255B3 EB1C
jmp 004255D1
|:0042558F(C)
|
:004255B5 8B5230
:004255B8 3B5030
:004255BB 0F9FC1
setg cl
:004255BE EB11
jmp 004255D1
|:00425593(C)
|
:004255C0 8B4A30
:004255C3 034A38
:004255C6 8B5030
:004255C9 035038
:004255CC 3BCA
cmp ecx, edx
:004255CE 0F9CC1
setl cl
|:00425595(U), :004255A0(U), :004255B3(U), :004255BE(U)
|
:004255D1 8BC1
mov eax, ecx
:004255D3 5B
pop ebx
:004255D4 59
pop ecx
:004255D5 5D
pop ebp
:004255D6 C3
ret
:004255D7 90
|:004259E4
|
nop
:004255D8
:004255D9
:004255DB
:004255DE
:004255DF
:004255E0
:004255E1
:004255E4
:004255E6
:004255EA
:004255F0
:004255F3
:004255F9
:004255FF
:00425605
:00425608
:0042560B
:0042560E
:00425610
:00425615
:00425619
:0042561B
:0042561F
:00425621
:00425623
:00425626
:0042562C
:0042562E
:00425630
55
8BEC
83C4E4
53
56
57
8855FF
8BD8
807DFF00
0F85DF000000
8B4324
8BB058010000
03B380000000
8B805C010000
03437C
8945F4
8D55E4
8BC3
E843D5FFFF
F6436001
753B
F6436004
751E
6A00
8B4324
8B8058010000
D1F8
7903
83D000
push ebp
mov ebp, esp
add esp, FFFFFFE4
push ebx
push esi
push edi
mov ebx, eax
jne 004256CF
add esi, dword ptr [ebx+00000080]
mov eax, ebx
call 00422B58
test [ebx+60], 01
jne 00425656
test [ebx+60], 04
jne 0042563F
push 00000000
sar eax, 1
jns 00425633
adc eax, 00000000

|:0042562E(C)
|
:00425633 50
push eax
:00425634 8D45E4
:00425637 50
push eax
|
:00425638 E8DB0CFEFF
Call 00406318
:0042563D EB25
jmp 00425664
|:0042561F(C)
|
:0042563F 6A00
:00425641 8B4324
:00425644 8B8058010000
:0042564A 50
:0042564B 8D45E4
:0042564E 50

push 00000000
push eax
push eax

|
:0042564F E8C40CFEFF
Call 00406318
:00425654 EB0E
jmp 00425664
|:00425619(C)
|
:00425656
:0042565A
:0042565C
:0042565F
:00425661
F6436004
7408
8B45E4
03C6
8945EC
test [ebx+60], 04
je 00425664
add eax, esi

|:0042563D(U), :00425654(U), :0042565A(C)
|
:00425664 F6436002
test [ebx+60], 02
:00425668 753B
jne 004256A5
:0042566A F6436008
test [ebx+60], 08
:0042566E 751E
jne 0042568E
:00425670 8B4324
:00425673 8B805C010000
:00425679 D1F8
sar eax, 1
:0042567B 7903
jns 00425680
:0042567D 83D000
adc eax, 00000000
|:0042567B(C)
|
:00425680 50
push eax
:00425681 6A00
push 00000000
:00425683 8D45E4
:00425686 50
push eax
|
:00425687 E88C0CFEFF
Call 00406318
:0042568C EB26
jmp 004256B4
|:0042566E(C)
|
:0042568E 8B4324
:00425691 8B805C010000
:00425697 50
:00425698 6A00
:0042569A 8D45E4
:0042569D 50

push eax
push 00000000
push eax

|
:0042569E E8750CFEFF
Call 00406318
:004256A3 EB0F
jmp 004256B4
|:00425668(C)
|
:004256A5 F6436008
:004256A9 7409
:004256AB 8B45E8
:004256AE 0345F4
:004256B1 8945F0

test [ebx+60], 08
je 004256B4
add eax, dword ptr [ebp-0C]

|:0042568C(U), :004256A3(U), :004256A9(C)
|
:004256B4 8D55E4
:004256B7
:004256B9
:004256BE
:004256C4
:004256C7
:004256CA
8BC3
E8BAD4FFFF
89B380000000
8B45F4
89437C
E9DE010000
mov eax, ebx

call 00422B78
jmp 004258AD

|:004255EA(C)
|
:004256CF 8B4508
:004256D2 8B70FC
:004256D5 8B7608
:004256D8 8B4508
:004256DB 8B40FC
:004256DE 2B30
sub esi, dword ptr [eax]
:004256E0 85F6
test esi, esi
:004256E2 7C09
jl 004256ED
:004256E4 8A45FF
:004256E7 04FD
add al, FD
:004256E9 2C02
sub al, 02
:004256EB 7303
jnb 004256F0
|:004256E2(C)
|
:004256ED 8B7338
|:004256EB(C)
|
:004256F0 8B4508
:004256F3 8B40FC
:004256F6 8B400C
:004256F9 8B5508
:004256FC 8B52FC
:004256FF 2B4204
:00425702 8945F4
:00425705 837DF400
:00425709 7C08
:0042570B 8A45FF
:0042570E 48
:0042570F 2C02
:00425711 7306

sub eax, dword ptr [edx+04]
jl 00425713
dec eax
sub al, 02
jnb 00425719

|:00425709(C)
|
:00425713 8B433C
:00425716 8945F4
|:00425711(C)
|
:00425719 8B4508
:0042571C 8B78FC
mov edi, dword ptr [eax-04]
:0042571F 8B3F
:00425721 8B4508
:00425724 8B40FC
:00425727 8B4004
:0042572A
:0042572D
:00425730
:00425732
:00425734
:00425736
:00425738
:0042573A
:0042573C
:0042573E
:00425744
8945F8
8A45FF
FEC8
7415
FEC8
7437
FEC8
7478
FEC8
0F848C000000
E9C3000000

dec al
je 00425749
dec al
je 0042576F
dec al
je 004257B4
dec al
je 004257D0
jmp 0042580C
|:00425732(C)
|
:00425749 F6436008
:0042574D 740F
:0042574F 8B4508
:00425752 8B40F8
:00425755 8B805C010000
:0042575B 0145F4
|:0042574D(C)
|
:0042575E 8B4508
:00425761 8B40FC
:00425764 8B55F4
:00425767 015004
:0042576A E99D000000
|:00425736(C)
|
:0042576F F6436002
:00425773 7425
:00425775 8B4508
:00425778 8B40F8
:0042577B E878D4FFFF
:00425780 8B5508
:00425783 8B52F8
:00425786 8B925C010000
:0042578C 8B4D08
:0042578F 8B49FC
:00425792 03510C
:00425795 2BD0
:00425797 0155F4
test [ebx+60], 08
je 0042575E
add dword ptr [ebp-0C], eax
mov
mov
mov
add
jmp
eax, dword ptr [ebp+08]

eax, dword ptr [eax-04]
edx, dword ptr [ebp-0C]
0042580C
test [ebx+60], 02
je 0042579A
call 00422BF8
add edx, dword ptr [ecx+0C]
sub edx, eax
add dword ptr [ebp-0C], edx

|:00425773(C)
|
:0042579A 8B4508
:0042579D 8B40FC
:004257A0 8B55F4
:004257A3 29500C
sub dword ptr [eax+0C], edx
:004257A6 8B4508
:004257A9 8B40FC
:004257AC 8B400C
:004257AF 8945F8
:004257B2 EB58
jmp 0042580C
|:0042573A(C)
|
:004257B4 F6436004
:004257B8 740C
:004257BA 8B4508
:004257BD 8B40F8
:004257C0 03B058010000

test [ebx+60],
je 004257C6
mov eax, dword
mov eax, dword
add esi, dword
04
ptr [ebp+08]
ptr [eax-08]
ptr [eax+00000158]

|:004257B8(C)
|
:004257C6 8B4508
:004257C9 8B40FC
:004257CC 0130
add dword ptr [eax], esi
:004257CE EB3C
jmp 0042580C
|:0042573E(C)
|
:004257D0 F6436001
:004257D4 7424
:004257D6 8B4508
:004257D9 8B40F8
:004257DC E8D3D3FFFF
:004257E1 8B5508
:004257E4 8B52F8
:004257E7 8B9258010000
:004257ED 8B4D08
:004257F0 8B49FC
:004257F3 035108
:004257F6 2BD0
:004257F8 03F2

test [ebx+60],
je 004257FA
mov eax, dword
mov eax, dword
call 00422BB4
mov edx, dword
mov edx, dword
mov edx, dword
mov ecx, dword
mov ecx, dword
add edx, dword
sub edx, eax
add esi, edx
01
ptr [ebp+08]
ptr [eax-08]
ptr
ptr
ptr
ptr
ptr
ptr
[ebp+08]
[edx-08]
[edx+00000158]
[ebp+08]
[ecx-04]
[ecx+08]

|:004257D4(C)
|
:004257FA 8B4508
:004257FD 8B40FC
:00425800 297008
sub dword ptr [eax+08], esi
:00425803 8B4508
:00425806 8B78FC
mov edi, dword ptr [eax-04]
:00425809 8B7F08
mov edi, dword ptr [edi+08]
|:00425744(U), :0042576A(U), :004257B2(U), :004257CE(U)
|
:0042580C 56
push esi
:0042580D 8B45F4
:00425810 50
push eax
:00425811 8B4DF8
:00425814 8BD7
mov edx, edi
:00425816 8BC3
mov eax, ebx
:00425818 8B38
:0042581A FF9780000000
call dword ptr [edi+00000080]
:00425820 8B4338
:00425823 3BF0
cmp esi, eax
:00425825 7508
jne 0042582F
:00425827 8B533C
:0042582A 3B55F4
:0042582D 747E
cmp edx, dword ptr [ebp-0C]

je 004258AD
|:00425825(C)
|
:0042582F 33D2
:00425831 8A55FF
:00425834 83FA05
:00425837 7774
:00425839 FF249540584200
:00425840
:00425844
:00425848
:0042584C
:00425850
:00425854
AD584200
58584200
69584200
7A584200
86584200
93584200
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00425858
:0042585B
:0042585E
:00425861
:00425864
:00425867
:00425869
:0042586C
:0042586F
:00425872
:00425875
:00425878
:0042587A
:0042587C
:0042587F
:00425882
:00425884
:00425886
:00425888
:0042588B
:0042588E
:00425891
:00425893
:00425895
:00425898
:0042589B
:0042589E
:004258A1
:004258A4
:004258A7
:004258AA
8B45F4
2B433C
8B5508
8B52FC
294204
EB44
8B45F4
2B433C
8B5508
8B52FC
01420C
EB33
2BF0
8B4508
8B40FC
2930
EB27
2BF0
8B4508
8B40FC
017008
EB1A
2BF0
8B4508
8B40FC
017008
8B45F4
2B433C
8B5508
8B52FC
01420C
mov
sub
mov
mov
sub
jmp
mov
sub
mov
mov
add
jmp
sub
mov
mov
sub
jmp
sub
mov
mov
add
jmp
sub
mov
mov
add
mov
sub
mov
mov
add
xor edx, edx

cmp edx, 00000005
ja 004258AD
jmp dword ptr [4*edx+00425840]
004258AD
00425858
00425869
0042587A
00425886
00425893

edx, dword ptr [ebp+08]
edx, dword ptr [edx-04]
004258AD
004258AD
esi, eax
004258AD
esi, eax
dword ptr [eax+08], esi
004258AD
esi, eax

|:004256CA(U), :0042582D(C), :00425837(C), :00425878(U), :00425884(U)
|:00425891(U)
|
:004258AD 5F
pop edi
:004258AE 5E
pop esi
:004258AF 5B
pop ebx
:004258B0 8BE5
mov esp, ebp
:004258B2 5D
:004258B3 C3
pop ebp
ret

|:00425ACE , :00425AD7 , :00425AE0 , :00425AE9 , :00425AF2
|:00425AFB
|
:004258B4 55
push ebp
:004258B5 8BEC
mov ebp, esp
:004258B7 83C4F8
add esp, FFFFFFF8
:004258BA 53
push ebx
:004258BB 56
push esi
:004258BC 57
push edi
:004258BD 8845FF
:004258C0 8B4508
:004258C3 8B40F4
:004258C6 66BBFFFF
mov bx, FFFF
:004258CA E825D5FDFF
call 00402DF4
:004258CF 8B4508
:004258D2 8378F000
:004258D6 7449
je 00425921
:004258D8 807DFF00
:004258DC 7424
je 00425902
:004258DE 8B4508
:004258E1 8B40F0
:004258E4 80784700
:004258E8 7518
jne 00425902
:004258EA 8B4508
:004258ED 8B40F0
:004258F0 F6402010
test [eax+20], 10
:004258F4 742B
je 00425921
:004258F6 8B4508
:004258F9 8B40F0
:004258FC F6404104
test [eax+41], 04
:00425900 751F
jne 00425921
|:004258DC(C), :004258E8(C)
|
:00425902 8B4508
:00425905 8B40F0
:00425908 8A404B
:0042590B 3A45FF
:0042590E 7511
:00425910 8B4508
:00425913 8B50F0
:00425916 8B4508
:00425919 8B40F4
:0042591C E83F71FEFF

cmp al, byte ptr [ebp-01]
jne 00425921
call 0040CA60

|:004258D6(C), :004258F4(C), :00425900(C), :0042590E(C)
|
:00425921 8B4508
:00425924 8B40F8
:00425927 E85C070000
call 00426088
:0042592C 8BF8
mov edi, eax
:0042592E 4F
dec edi
:0042592F
:00425931
:00425937
:00425938
85FF
0F8C82000000
47
C745F800000000
test edi, edi

jl 004259B9
inc edi
mov [ebp-08], 00000000
|:004259B7(C)
|
:0042593F 8B4508
:00425942 8B40F8
:00425945 8B55F8
:00425948 E8FF060000
:0042594D 8BD8
:0042594F 8A434B
:00425952 3A45FF
:00425955 755C
:00425957 807DFF00
:0042595B 7412
:0042595D 807B4700
:00425961 750C
:00425963 F6432010
:00425967 744A
:00425969 F6434104
:0042596D 7544
|:0042595B(C), :00425961(C)
|
:0042596F 8B4508
:00425972 3B58F0
:00425975 743C
:00425977 33F6
:00425979 EB01

call 0042604C
mov ebx, eax
jne 004259B3
je 0042596F
jne 0042596F
test [ebx+20], 10
je 004259B3
test [ebx+41], 04
jne 004259B3

cmp ebx, dword ptr [eax-10]
je 004259B3
xor esi, esi
jmp 0042597C

|:004259A2(C)
|
:0042597B 46
inc esi
|:00425979(U)
|
:0042597C 8B4508
:0042597F 8B40F4
:00425982 3B7008
:00425985 7D1D
:00425987 8B4508
:0042598A 8B40F4
:0042598D 8BD6
:0042598F E8E471FEFF
:00425994 8BD0
:00425996 8A4DFF
:00425999 8BC3
:0042599B E8D8FBFFFF
:004259A0 84C0
:004259A2 74D7

jge 004259A4
mov edx, esi
call 0040CB78
mov edx, eax
mov eax, ebx
call 00425578
test al, al
je 0042597B

|:00425985(C)
|
:004259A4
:004259A7
:004259AA
:004259AC
:004259AE
8B4508
8B40F4
8BCB
8BD6
E87D72FEFF

mov ecx, ebx
mov edx, esi
call 0040CC30

|:00425955(C), :00425967(C), :0042596D(C), :00425975(C)
|
:004259B3 FF45F8
inc [ebp-08]
:004259B6 4F
dec edi
:004259B7 7586
jne 0042593F
|:00425931(C)
|
:004259B9 8B4508
:004259BC 8B40F4
:004259BF 8B7808
:004259C2 4F
:004259C3 85FF
:004259C5 7C29
:004259C7 47
:004259C8 C745F800000000
|:004259EE(C)
|
:004259CF 8B4508
:004259D2 50
:004259D3 8B4508
:004259D6 8B40F4
:004259D9 8B55F8
:004259DC E89771FEFF
:004259E1 8A55FF
:004259E4 E8EFFBFFFF
:004259E9 59
:004259EA FF45F8
:004259ED 4F
:004259EE 75DF

dec edi
test edi, edi
jl 004259F0
inc edi
mov [ebp-08], 00000000

push eax
call 0040CB78
call 004255D8
pop ecx
inc [ebp-08]
dec edi
jne 004259CF

|:004259C5(C)
|
:004259F0 5F
pop edi
:004259F1 5E
pop esi
:004259F2 5B
pop ebx
:004259F3 59
pop ecx
:004259F4 59
pop ecx
:004259F5 5D
pop ebp
:004259F6 C3
ret
:004259F7 90
nop

|:00425A96
|
:004259F8 55
push ebp
:004259F9 8BEC
mov ebp, esp
:004259FB
:004259FC
:004259FD
:004259FE
:00425A01
:00425A04
:00425A06
:00425A08
:00425A0D
:00425A0F
:00425A10
:00425A13
53
56
57
8B7D08
83C7F8
B301
8B07
E87B060000
8BF0
4E
83FE00
7C29
|:00425A3C(C)
|
:00425A15 8B07
:00425A17 8BD6
:00425A19 E82E060000
:00425A1E 80784B00
:00425A22 751C
:00425A24 8B07
:00425A26 8BD6
:00425A28 E81F060000
:00425A2D 8A15485A4200
:00425A33 3A5060
:00425A36 7508
:00425A38 4E
:00425A39 83FEFF
:00425A3C 75D7
push ebx
push esi
push edi
add edi, FFFFFFF8
mov bl, 01
call 00426088
mov esi, eax
dec esi
cmp esi, 00000000
jl 00425A3E
mov edx, esi
call 0042604C
cmp byte ptr [eax+4B], 00
jne 00425A40
mov edx, esi
call 0042604C
jne 00425A40
dec esi
cmp esi, FFFFFFFF
jne 00425A15

|:00425A13(C)
|
:00425A3E 33DB
xor ebx, ebx
|:00425A22(C), :00425A36(C)
|
:00425A40 8BC3
:00425A42 5F
:00425A43 5E
:00425A44 5B
:00425A45 5D
:00425A46 C3
:00425A47 00
BYTE 0
:00425A48 0300
:00425A4A 0000

mov
pop
pop
pop
pop
ret
eax, ebx
edi
esi
ebx
ebp

|:004378CE
|
:00425A4C 55
push ebp
:00425A4D 8BEC
mov ebp, esp
:00425A4F 83C4F0
add esp, FFFFFFF0
:00425A52 53
push ebx
:00425A53
:00425A56
:00425A59
:00425A5C
:00425A5F
:00425A66
:00425A68
:00425A6B
:00425A72
:00425A74
:00425A77
:00425A7E
:00425A80
:00425A83
:00425A89
:00425A8B
:00425A8D
:00425A90
894DFC
8955F0
8945F8
8B45F8
80B83801000000
742D
8B45F8
80B88001000000
7421
8B45F8
83B83C01000000
7415
8B45F8
8B803C010000
33D2
8B08
FF512C
E989000000

je 00425A95
je 00425A95
je 00425A95
xor edx, edx
call [ecx+2C]
jmp 00425B1E

|:00425A66(C), :00425A72(C), :00425A7E(C)
|
:00425A95 55
push ebp
:00425A96 E85DFFFFFF
call 004259F8
:00425A9B 59
pop ecx
:00425A9C 84C0
test al, al
:00425A9E 747E
je 00425B1E
:00425AA0 8B55FC
:00425AA3 8B45F8
:00425AA6 8B08
:00425AA8 FF9188000000
call dword ptr [ecx+00000088]
:00425AAE B201
mov dl, 01
:00425AB0 A154B54000
:00425AB5 E836D1FDFF
call 00402BF0
:00425ABA 8945F4
:00425ABD 33C0
xor eax, eax
:00425ABF 55
push ebp
:00425AC0 68175B4200
push 00425B17
:00425AC5 64FF30
:00425AC8 648920
:00425ACB 55
push ebp
:00425ACC B001
mov al, 01
:00425ACE E8E1FDFFFF
call 004258B4
:00425AD3 59
pop ecx
:00425AD4 55
push ebp
:00425AD5 B002
mov al, 02
:00425AD7 E8D8FDFFFF
call 004258B4
:00425ADC 59
pop ecx
:00425ADD 55
push ebp
:00425ADE B003
mov al, 03
:00425AE0 E8CFFDFFFF
call 004258B4
:00425AE5 59
pop ecx
:00425AE6 55
push ebp
:00425AE7 B004
mov al, 04
:00425AE9 E8C6FDFFFF
call 004258B4
:00425AEE 59
pop ecx
:00425AEF 55
push ebp
:00425AF0 B005
mov al, 05
:00425AF2 E8BDFDFFFF
call 004258B4
:00425AF7 59
pop ecx
:00425AF8
:00425AF9
:00425AFB
:00425B00
:00425B01
:00425B03
:00425B04
:00425B05
:00425B06
:00425B09
55
33C0
E8B4FDFFFF
59
33C0
5A
59
59
648910
681E5B4200
push ebp
xor eax, eax
call 004258B4
pop ecx
xor eax, eax
pop edx
pop ecx
pop ecx
push 00425B1E
|:00425B1C(U)
|
:00425B0E 8B45F4
:00425B11 E80AD1FDFF
:00425B16 C3
:00425B17 E95CD7FDFF
:00425B1C EBF0
jmp 00403278
jmp 00425B0E
|:00425A90(U), :00425A9E(C)
|
:00425B1E 8B45F8
:00425B21 33D2
:00425B23 899058010000
:00425B29 8B45F8
:00425B2C 33D2
:00425B2E 89905C010000
:00425B34 8B45F8
:00425B37 66BBEFFF
:00425B3B E8B4D2FDFF
:00425B40 5B
:00425B41 8BE5
:00425B43 5D
:00425B44 C3
:00425B45 8D4000

call 00402C20
ret

xor edx, edx
xor edx, edx
mov bx, FFEF
call 00402DF4
pop ebx
mov esp, ebp
pop ebp
ret

|:00422720 , :00425C1A , :00425FB5
|
:00425B48 55
push ebp
:00425B49 8BEC
mov ebp, esp
:00425B4B 83C4EC
add esp, FFFFFFEC
:00425B4E 53
push ebx
:00425B4F 8BDA
mov ebx, edx
:00425B51 8945FC
:00425B54 8B45FC
:00425B57 E884370000
call 004292E0
:00425B5C 84C0
test al, al
:00425B5E 7476
je 00425BD6
:00425B60 8B45FC
:00425B63 F6402008
test [eax+20], 08
:00425B67 756D
jne 00425BD6
:00425B69 8B45FC
:00425B6C 6683B81401000000
cmp word ptr [eax+00000114], 0000
:00425B74
:00425B76
:00425B79
:00425B7E
740A
8B45FC
6683484410
EB56
je 00425B80
jmp 00425BD6
|:00425B74(C)
|
:00425B80 8B45FC
:00425B83 E854000000
:00425B88 33C0
:00425B8A 55
:00425B8B 68CF5B4200
:00425B90 64FF30
:00425B93 648920
:00425B96 8D55EC
:00425B99 8B45FC
:00425B9C 8B08
:00425B9E FF5144
:00425BA1 8D4DEC
:00425BA4 8BD3
:00425BA6 8B45FC
:00425BA9 8B18
:00425BAB FF938C000000
:00425BB1 33C0
:00425BB3 5A
:00425BB4 59
:00425BB5 59
:00425BB6 648910
:00425BB9 68D65B4200
|:00425BD4(U)
|
:00425BBE 8B45FC
:00425BC1 66836044EF
:00425BC6 8B45FC
:00425BC9 E816000000
:00425BCE C3
:00425BCF E9A4D6FDFF
:00425BD4 EBE8
jmp 00403278
jmp 00425BBE

call 00425BDC
xor eax, eax
push ebp
push 00425BCF
call [ecx+44]
mov edx, ebx
xor eax, eax
pop edx
pop ecx
pop ecx
push 00425BD6

and word ptr [eax+44], FFEF
call 00425BE4
ret

|:00425B5E(C), :00425B67(C), :00425B7E(U)
|
:00425BD6 5B
pop ebx
:00425BD7 8BE5
mov esp, ebp
:00425BD9 5D
pop ebp
:00425BDA C3
ret
:00425BDB 90
nop

|:00425509 , :00425B83 , :00425D25 , :00427A44 , :00428A64
|:00429B5E , :00438656
|
:00425BDC 66FF8014010000
inc word ptr [eax+00000114]
:00425BE3 C3
ret

|:00425536 , :00425BC9 , :00425DD5 , :00427ABB , :00428A9F
|:00429C0E , :00438844
|
:00425BE4 53
push ebx
:00425BE5 8BD8
mov ebx, eax
:00425BE7 66FF8B14010000
dec word ptr [ebx+00000114]
:00425BEE 6683BB1401000000
cmp word ptr [ebx+00000114], 0000
:00425BF6 751D
jne 00425C15
:00425BF8 F6434410
test [ebx+44], 10
:00425BFC 7407
je 00425C05
:00425BFE 8BC3
mov eax, ebx
:00425C00 E813000000
call 00425C18
|:00425BFC(C)
|
:00425C05 33C0
:00425C07 898358010000
:00425C0D 33C0
:00425C0F 89835C010000

xor
mov
xor
mov
eax, eax
eax, eax

|:00425BF6(C)
|
:00425C15 5B
pop ebx
:00425C16 C3
ret
:00425C17 90
nop

|:00425C00 , :00426041 , :0042744C , :00428B7F
|
:00425C18 33D2
xor edx, edx
:00425C1A E829FFFFFF
call 00425B48
:00425C1F C3
ret
:00425C20
:00425C21
:00425C23
:00425C26
:00425C27
:00425C28
:00425C29
:00425C2C
:00425C2E
:00425C33
:00425C38
:00425C3B
:00425C3D
:00425C3E
:00425C43
:00425C46
:00425C49
55
8BEC
83C4F4
53
56
57
8945FC
B201
A154B54000
E8B8CFFDFF
8945F4
33C0
55
68E55C4200
64FF30
648920
8B45FC
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
push edi
mov dl, 01
call 00402BF0
xor eax, eax
push ebp
push 00425CE5
:00425C4C
:00425C51
:00425C54
:00425C57
:00425C5C
:00425C5E
:00425C5F
:00425C61
:00425C63
:00425C64
E863CFFFFF
8945F8
8B45FC
E82C040000
8BD8
4B
85DB
7C42
43
33F6
|:00425CA3(C)
|
:00425C66 8BD6
:00425C68 8B45FC
:00425C6B E8DC030000
:00425C70 8BF8
:00425C72 8B4704
:00425C75 8B55FC
:00425C78 3B4204
:00425C7B 7524
:00425C7D 8BD6
:00425C7F 8B45FC
:00425C82 E8C5030000
:00425C87 8BD0
:00425C89 8B45F4
:00425C8C E8CF6DFEFF
:00425C91 8B55F8
:00425C94 2B5738
:00425C97 2B5730
:00425C9A 8BC7
:00425C9C E8BFCCFFFF
call 00422BB4
call 00426088
mov ebx, eax
dec ebx
test ebx, ebx
jl 00425CA5
inc ebx
xor esi, esi
mov edx, esi
mov eax, dword
call 0042604C
mov edi, eax
mov eax, dword
mov edx, dword
cmp eax, dword
jne 00425CA1
mov edx, esi
mov eax, dword
call 0042604C
mov edx, eax
mov eax, dword
call 0040CA60
mov edx, dword
sub edx, dword
sub edx, dword
mov eax, edi
call 00422960
ptr [ebp-04]
ptr [edi+04]
ptr [ebp-04]
ptr [edx+04]
ptr [ebp-04]
ptr [ebp-0C]
ptr [ebp-08]
ptr [edi+38]
ptr [edi+30]

|:00425C7B(C)
|
:00425CA1 46
inc esi
:00425CA2 4B
dec ebx
:00425CA3 75C1
jne 00425C66
|:00425C61(C)
|
:00425CA5 8B45F4
:00425CA8 8B5808
:00425CAB 4B
dec ebx
:00425CAC 85DB
test ebx, ebx
:00425CAE 7C1F
jl 00425CCF
:00425CB0 43
inc ebx
:00425CB1 33F6
xor esi, esi
|:00425CCD(C)
|
:00425CB3 6A00
:00425CB5 8BD6
:00425CB7 8B45F4
:00425CBA E8B96EFEFF
:00425CBF 33C9

push 00000000
mov edx, esi
call 0040CB78
xor ecx, ecx
:00425CC1
:00425CC6
:00425CCB
:00425CCC
:00425CCD
BA3EB00000
E8C9E4FFFF
46
4B
75E4
mov edx, 0000B03E

call 00424194
inc esi
dec ebx
jne 00425CB3

|:00425CAE(C)
|
:00425CCF 33C0
xor eax, eax
:00425CD1 5A
pop edx
:00425CD2 59
pop ecx
:00425CD3 59
pop ecx
:00425CD4 648910
|
:00425CD7 68EC5C4200
push 00425CEC
|:00425CEA(U)
|
:00425CDC 8B45F4
:00425CDF E83CCFFDFF
:00425CE4 C3
:00425CE5
:00425CEA
:00425CEC
:00425CED
:00425CEE
:00425CEF
:00425CF1
:00425CF2
E98ED5FDFF
EBF0
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:00425CF3
:00425CF4
:00425CF5
:00425CF7
:00425CFA
:00425CFB
:00425CFC
:00425CFD
:00425D00
:00425D03
:00425D06
:00425D0B
:00425D0D
:00425D13
:00425D15
:00425D1A
:00425D1F
:00425D22
:00425D25
:00425D2A
:00425D2C
:00425D2D
:00425D32
90
55
8BEC
83C4F4
53
56
57
8855FB
8945FC
8B45FC
E87D030000
85C0
0F8419010000
B201
A154B54000
E8D1CEFDFF
8945F4
8B45FC
E8B2FEFFFF
33D2
55
68DB5D4200
64FF32
nop
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
push edi
call 00426088
test eax, eax
je 00425E2C
mov dl, 01
call 00402BF0
call 00425BDC
xor edx, edx
push ebp
push 00425DDB

call 00402C20
ret
00403278
00425CDC
edi
esi
ebx
esp, ebp
ebp
:00425D35
:00425D38
:00425D3B
:00425D40
:00425D42
:00425D43
:00425D45
:00425D47
:00425D48
648922
8B45FC
E848030000
8BF8
4F
85FF
7C2E
47
33F6
|:00425D73(C)
|
:00425D4A 8BD6
:00425D4C 8B45FC
:00425D4F E8F8020000
:00425D54 8A404B
:00425D57 04FD
:00425D59 2C02
:00425D5B 7314
:00425D5D 8BD6
:00425D5F 8B45FC
:00425D62 E8E5020000
:00425D67 8BD0
:00425D69 8B45F4
:00425D6C E8EF6CFEFF

call 00426088
mov edi, eax
dec edi
test edi, edi
jl 00425D75
inc edi
xor esi, esi
mov edx, esi
call 0042604C
add al, FD
sub al, 02
jnb 00425D71
mov edx, esi
call 0042604C
mov edx, eax
call 0040CA60

|:00425D5B(C)
|
:00425D71 46
inc esi
:00425D72 4F
dec edi
:00425D73 75D5
jne 00425D4A
|:00425D45(C)
|
:00425D75 8B45FC
:00425D78 66BBC8FF
:00425D7C E873D0FDFF
:00425D81 33C0
:00425D83 5A
:00425D84 59
:00425D85 59
:00425D86 648910
:00425D89 68E25D4200
:00425D8E EB30
|:00425DC8(C)
|
:00425D90 8BD3
:00425D92 4A
:00425D93 8B45F4
:00425D96 E8DD6DFEFF
:00425D9B 80784B03
:00425D9F 7509
:00425DA1 B204
:00425DA3 E878CAFFFF
:00425DA8 EB07

mov bx, FFC8
call 00402DF4
xor eax, eax
pop edx
pop ecx
pop ecx
push 00425DE2
jmp 00425DC0
mov edx, ebx

dec edx
call 0040CB78
jne 00425DAA
mov dl, 04
call 00422820
jmp 00425DB1

|:00425D9F(C)
|
:00425DAA B203
mov dl, 03
:00425DAC E86FCAFFFF
call 00422820
|:00425DA8(U)
|
:00425DB1 8B45F4
:00425DB4 8B5008
:00425DB7 4A
:00425DB8 8B45F4
:00425DBB E8DC6CFEFF
|:00425D8E(U), :00425DE0(U)
|
:00425DC0 8B45F4
:00425DC3 8B5808
:00425DC6 85DB
:00425DC8 7FC6
:00425DCA 8B45F4
:00425DCD E84ECEFDFF
:00425DD2 8B45FC
:00425DD5 E80AFEFFFF
:00425DDA C3
:00425DDB
:00425DE0
:00425DE2
:00425DE6
:00425DE8
:00425DEB
:00425DF0
:00425DF2
:00425DF3
:00425DF5
:00425DF7
:00425DF8
jmp 00403278
jmp 00425DC0
je 00425E2C
call 00426088
mov edi, eax
dec edi
test edi, edi
jl 00425E2C
inc edi
xor esi, esi
E998D4FDFF
EBDE
807DFB00
7444
8B45FC
E898020000
8BF8
4F
85FF
7C35
47
33F6
|:00425E2A(C)
|
:00425DFA 8BD6
:00425DFC 8B45FC
:00425DFF E848020000
:00425E04 8B15CCF94100
:00425E0A E881CFFDFF
:00425E0F 84C0
:00425E11 7415
:00425E13 8BD6
:00425E15 8B45FC
:00425E18 E82F020000
:00425E1D B201
:00425E1F 66BBBCFF
:00425E23 E8CCCFFDFF

dec edx
call 0040CA9C
mov eax, dword

mov ebx, dword
test ebx, ebx
jg 00425D90
mov eax, dword
call 00402C20
mov eax, dword
call 00425BE4
ret
ptr [ebp-0C]
ptr [eax+08]
ptr [ebp-0C]
ptr [ebp-04]

mov edx, esi
call 0042604C
call 00402D90
test al, al
je 00425E28
mov edx, esi
call 0042604C
mov dl, 01
mov bx, FFBC
call 00402DF4

|:00425E11(C)
|
:00425E28 46
inc esi
:00425E29 4F
dec edi
:00425E2A 75CE
jne 00425DFA
|:00425D0D(C), :00425DE6(C), :00425DF5(C)
|
:00425E2C 5F
pop edi
:00425E2D 5E
pop esi
:00425E2E 5B
pop ebx
:00425E2F 8BE5
mov esp, ebp
:00425E31 5D
pop ebp
:00425E32 C3
ret
:00425E33 90
nop

|:0043A64D , :0043A667 , :0043A84D
|
:00425E34 EB03
jmp 00425E39
|:00425E3F(C)
|
:00425E36 8B5224
|:00425E34(U)
|
:00425E39 85D2
test edx, edx
:00425E3B 7404
je 00425E41
:00425E3D 3BC2
cmp eax, edx
:00425E3F 75F5
jne 00425E36
|:00425E3B(C)
|
:00425E41 85D2
test edx, edx
:00425E43 0F95C0
setne al
:00425E46 C3
ret
:00425E47 90
nop

|:004253A1 , :00426001 , :004283F7 , :00428454
|
:00425E48 53
push ebx
:00425E49 56
push esi
:00425E4A 8BDA
mov ebx, edx
:00425E4C 8BF0
mov esi, eax
:00425E4E 8BC6
mov eax, esi
:00425E50 E8BB0D0100
call 00436C10
:00425E55 85C0
test eax, eax
:00425E57 7409
je 00425E62
:00425E59 8BCB
mov ecx, ebx
:00425E5B 8BD6
:00425E5D E8D6470100
mov edx, esi

call 0043A638

|:00425E57(C)
|
:00425E62 5E
pop esi
:00425E63 5B
pop ebx
:00425E64 C3
ret
:00425E65 8D4000

|:00425F26
|
:00425E68 53
push ebx
:00425E69 56
push esi
:00425E6A 8BDA
mov ebx, edx
:00425E6C 8BF0
mov esi, eax
:00425E6E 85DB
test ebx, ebx
:00425E70 743D
je 00425EAF
:00425E72 8BC3
mov eax, ebx
:00425E74 8B15CCF94100
:00425E7A E811CFFDFF
call 00402D90
:00425E7F 84C0
test al, al
:00425E81 741C
je 00425E9F
:00425E83 8D8684010000
:00425E89 8BD3
mov edx, ebx
:00425E8B E84CBEFFFF
call 00421CDC
:00425E90 8D8670010000
:00425E96 8BD3
mov edx, ebx
:00425E98 E83FBEFFFF
call 00421CDC
:00425E9D EB0D
jmp 00425EAC
|:00425E81(C)
|
:00425E9F 8D8628010000
:00425EA5 8BD3
:00425EA7 E830BEFFFF

mov edx, ebx
call 00421CDC

|:00425E9D(U)
|
:00425EAC 897324
|:00425E70(C)
|
:00425EAF 5E
pop esi
:00425EB0 5B
pop ebx
:00425EB1 C3
ret
:00425EB2 8BC0
mov eax, eax

|:004253D4 , :0042602A
|
:00425EB4
:00425EB5
:00425EB6
:00425EB8
:00425EBA
:00425EBC
:00425EC2
:00425EC7
:00425EC9
:00425ECB
:00425ED1
:00425ED3
:00425ED8
:00425EDE
:00425EE0
:00425EE5
53
56
8BDA
8BF0
8BC3
8B15CCF94100
E8C9CEFDFF
84C0
741C
8D8670010000
8BD3
E82CBEFFFF
8D8684010000
8BD3
E81FBEFFFF
EB0D
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, ebx
call 00402D90
test al, al
je 00425EE7
mov edx, ebx
call 00421D04
mov edx, ebx
call 00421D04
jmp 00425EF4
|:00425EC9(C)
|
:00425EE7 8D8628010000
:00425EED 8BD3
:00425EEF E810BEFFFF

mov edx, ebx
call 00421D04

|:00425EE5(U)
|
:00425EF4 33C0
xor eax, eax
:00425EF6 894324
:00425EF9 5E
pop esi
:00425EFA 5B
pop ebx
:00425EFB C3
ret

|:0042306B
|
:00425EFC 53
push ebx
:00425EFD 56
push esi
:00425EFE 57
push edi
:00425EFF 8BF2
mov esi, edx
:00425F01 8BF8
mov edi, eax
:00425F03 8BD7
mov edx, edi
:00425F05 8BC6
mov eax, esi
:00425F07 66BBF6FF
mov bx, FFF6
:00425F0B E8E4CEFDFF
call 00402DF4
:00425F10 6A01
push 00000001
:00425F12 8BDE
mov ebx, esi
:00425F14 8BCB
mov ecx, ebx
:00425F16 BA2CB00000
mov edx, 0000B02C
:00425F1B 8BC7
mov eax, edi
:00425F1D E872E2FFFF
call 00424194
:00425F22 8BD6
mov edx, esi
:00425F24 8BC7
mov eax, edi
:00425F26 E83DFFFFFF
call 00425E68
:00425F2B F6464408
test [esi+44], 08
:00425F2F 0F8585000000
jne 00425FBA
:00425F35 6A00
push 00000000
:00425F37 33C9
xor ecx, ecx
:00425F39
:00425F3E
:00425F40
:00425F45
:00425F47
:00425F49
:00425F4E
:00425F50
:00425F55
:00425F57
:00425F59
:00425F5E
:00425F60
:00425F65
:00425F67
:00425F69
:00425F6E
:00425F70
:00425F75
:00425F77
:00425F7D
:00425F82
:00425F84
:00425F86
:00425F88
:00425F8A
:00425F8F
:00425F91
:00425F96
:00425F98
:00425F9D
BA09B00000
8BC6
E84FE2FFFF
6A00
33C9
BA08B00000
8BC6
E83FE2FFFF
6A00
33C9
BA23B00000
8BC6
E82FE2FFFF
6A00
33C9
BA3DB00000
8BC6
E81FE2FFFF
8BC6
8B15CCF94100
E80ECEFDFF
84C0
7419
6A00
33C9
BA11B00000
8BC6
E8FEE1FFFF
8BC7
E82F080000
EB12
mov edx, 0000B009

mov eax, esi
call 00424194
push 00000000
xor ecx, ecx
mov edx, 0000B008
mov eax, esi
call 00424194
push 00000000
xor ecx, ecx
mov edx, 0000B023
mov eax, esi
call 00424194
push 00000000
xor ecx, ecx
mov edx, 0000B03D
mov eax, esi
call 00424194
mov eax, esi
call 00402D90
test al, al
je 00425F9F
push 00000000
xor ecx, ecx
mov edx, 0000B011
mov eax, esi
call 00424194
mov eax, edi
call 004267CC
jmp 00425FB1
|:00425F84(C)
|
:00425F9F 8BC7
:00425FA1 E83A330000
:00425FA6 84C0
:00425FA8 7407
:00425FAA 8BC6
:00425FAC 8B10
:00425FAE FF5278
|:00425F9D(U), :00425FA8(C)
|
:00425FB1 8BD6
:00425FB3 8BC7
:00425FB5 E88EFBFFFF
|:00425F2F(C)
|
:00425FBA 6A01
:00425FBC 8BCB
:00425FBE BA36B00000
:00425FC3 8BC7
:00425FC5 E8CAE1FFFF
:00425FCA 5F
:00425FCB 5E
mov eax, edi

call 004292E0
test al, al
je 00425FB1
mov eax, esi
call [edx+78]
mov edx, esi

mov eax, edi
call 00425B48
push 00000001
mov ecx, ebx
mov edx, 0000B036
mov eax, edi
call 00424194
pop edi
pop esi
:00425FCC 5B
:00425FCD C3
pop ebx
ret
:00425FCE 8BC0
mov eax, eax

|:0042305E
|
:00425FD0 53
push ebx
:00425FD1 56
push esi
:00425FD2 57
push edi
:00425FD3 55
push ebp
:00425FD4 8BDA
mov ebx, edx
:00425FD6 8BF0
mov esi, eax
:00425FD8 6A00
push 00000000
:00425FDA 8BFB
mov edi, ebx
:00425FDC 8BCF
mov ecx, edi
:00425FDE BA36B00000
mov edx, 0000B036
:00425FE3 8BC6
mov eax, esi
:00425FE5 E8AAE1FFFF
call 00424194
:00425FEA 8BC3
mov eax, ebx
:00425FEC 8B15CCF94100
:00425FF2 E899CDFDFF
call 00402D90
:00425FF7 84C0
test al, al
:00425FF9 7414
je 0042600F
:00425FFB B201
mov dl, 01
:00425FFD 8BEB
mov ebp, ebx
:00425FFF 8BC5
mov eax, ebp
:00426001 E842FEFFFF
call 00425E48
:00426006 8BC5
mov eax, ebp
:00426008 E827060000
call 00426634
:0042600D EB17
jmp 00426026
|:00425FF9(C)
|
:0042600F 8BC6
:00426011 E8CA320000
:00426016 84C0
:00426018 740C
:0042601A 33C9
:0042601C 8A5347
:0042601F 8BC3
:00426021 E8AAD5FFFF
|:0042600D(U), :00426018(C)
|
:00426026 8BD3
:00426028 8BC6
:0042602F 6A00
:00426031 8BCF
:00426033 BA2CB00000
:00426038 8BC6
:0042603A E855E1FFFF
:0042603F 8BC6
:00426041 E8D2FBFFFF
:00426046 5D
mov eax, esi

call 004292E0
test al, al
je 00426026
xor ecx, ecx
mov eax, ebx
call 004235D0
mov edx, ebx

mov eax, esi
call 00425EB4
push 00000000
mov ecx, edi
mov edx, 0000B02C
mov eax, esi
call 00424194
mov eax, esi
call 00425C18
pop ebp
:00426047
:00426048
:00426049
:0042604A
5F
5E
5B
C3
pop edi
pop esi
pop ebx
ret
:0042604B 90
|:004253C9 , :00425948
|:00425C82 , :00425D4F
|:004260C9 , :0042806B
|:00428F45 , :0042955D
|:0042BD45 , :00436EF5
|:0043C1F5 , :0043C33D
|
:0042604C 53
:0042604D 56
:0042604E 57
:0042604F 55
:00426050 8BFA
:00426052 8BD8
:00426054 8BAB28010000
:0042605A 85ED
:0042605C 7405
:0042605E 8B7508
:00426061 EB02
nop
Addresses:
, :00425A19
, :00425D62
, :004282AD
, :00429749
, :00436F0B
, :0043C43D
,
,
,
,
,
,
:00425A28
:00425DFF
:00428A31
:00429B8E
:0043797D
:0043C7AC
,
,
,
,
,
:00425C6B
:00425E18
:00428B18
:0042AFB0
:00437989
push ebx
push esi
push edi
push ebp
mov edi, edx
mov ebx, eax
test ebp, ebp
je 00426063
jmp 00426065

|:0042605C(C)
|
:00426063 33F6
xor esi, esi
|:00426061(U)
|
:00426065 3BF7
:00426067 7E0B
:00426069 8BD7
:0042606B 8BC5
:0042606D E8066BFEFF
:00426072 EB0F
|:00426067(C)
|
:00426074 8BD7
:00426076 2BD6
:00426078 8B8384010000
:0042607E E8F56AFEFF
cmp esi, edi

jle 00426074
mov edx, edi
mov eax, ebp
call 0040CB78
jmp 00426083
mov edx, edi

sub edx, esi
call 0040CB78

|:00426072(U)
|
:00426083 5D
pop ebp
:00426084 5F
pop edi
:00426085 5E
pop esi
:00426086 5B
pop ebx
:00426087 C3
ret
|:004253BB , :004253E4
|:00425D06 , :00425D3B
|:00428057 , :00428293
|:00429549 , :0042966E
|:0042AF9A , :0042BD26
|:0043C1E1 , :0043C329
|
:00426088 33D2
:0042608A 8B8828010000
:00426090 85C9
:00426092 7403
:00426094 035108
Addresses:
, :00425927
, :00425DEB
, :00428A1E
, :0042972C
, :00436ED4
, :0043C429
|:00426092(C)
|
:00426097 8B8884010000
:0042609D 85C9
:0042609F 7403
:004260A1 035108
,
,
,
,
,
,
:00425A08
:004260B5
:00428B05
:00429B27
:00437969
:0043C78F
,
,
,
,
,
:00425C57
:0042703C
:00428F32
:00429B74
:00438C9C
xor edx, edx

test ecx, ecx
je 00426097
add edx, dword ptr [ecx+08]
test ecx, ecx
je 004260A4
add edx, dword ptr [ecx+08]

|:0042609F(C)
|
:004260A4 8BC2
mov eax, edx
:004260A6 C3
ret
:004260A7 90
nop

|:00426105 , :004283CC , :004283D4 , :004283DC , :004285D8
|:004285E0 , :004285E8 , :004285F0 , :00428677
|
:004260A8 53
push ebx
:004260A9 56
push esi
:004260AA 57
push edi
:004260AB 55
push ebp
:004260AC 51
push ecx
:004260AD 8BF2
mov esi, edx
:004260AF 890424
:004260B2 8B0424
:004260B5 E8CEFFFFFF
call 00426088
:004260BA 8BD8
mov ebx, eax
:004260BC 4B
dec ebx
:004260BD 85DB
test ebx, ebx
:004260BF 7C21
jl 004260E2
:004260C1 43
inc ebx
:004260C2 33FF
xor edi, edi
|:004260E0(C)
|
:004260C4 8BD7
:004260C6 8B0424
:004260C9 E87EFFFFFF
:004260CE 8BE8

mov edx, edi
call 0042604C
mov ebp, eax
:004260D0
:004260D2
:004260D5
:004260D8
:004260DC
:004260DE
:004260DF
:004260E0
8BD6
8B452C
FF5528
837E0C00
7504
47
4B
75E2
|:004260BF(C), :004260DC(C)
|
:004260E2 5A
:004260E3 5D
:004260E4 5F
:004260E5 5E
:004260E6 5B
:004260E7 C3
mov edx, esi

call [ebp+28]
jne 004260E2
inc edi
dec ebx
jne 004260C4
pop
pop
pop
pop
pop
ret
edx
ebp
edi
esi
ebx

|:0042832C , :00428361 , :004284A2 , :004284DF , :0042858F
|
:004260E8 83C4F0
add esp, FFFFFFF0
:004260EB 0FB7D2
movzx edx, dx
:004260EE 891424
:004260F1 33D2
xor edx, edx
:004260F3 89542404
:004260F7 33D2
xor edx, edx
:004260F9 89542408
:004260FD 33D2
xor edx, edx
:004260FF 8954240C
:00426103 8BD4
mov edx, esp
:00426105 E89EFFFFFF
call 004260A8
:0042610A 83C410
add esp, 00000010
:0042610D C3
ret
:0042610E 8BC0
mov eax, eax

|:0041DDA4 , :0041E4F4
|
:00426110 53
push ebx
:00426111 56
push esi
:00426112 57
push edi
:00426113 8BF1
mov esi, ecx
:00426115 8BDA
mov ebx, edx
:00426117 85F6
test esi, esi
:00426119 745E
je 00426179
:0042611B 8B7B34
mov edi, dword
:0042611E 8D4324
lea eax, dword
:00426121 50
push eax
:00426122 56
push esi
:00426123 A1E02B4400
mov eax, dword
:00426128 8B00
mov eax, dword
:0042612A 50
push eax
ptr [ebx+34]
ptr [ebx+24]
ptr [00442BE0]
ptr [eax]
:0042612B
:00426130
:00426132
:00426134
:00426137
:00426138
:00426139
E8F0FFFDFF
85C0
7534
8D4324
50
56
6A00
|
Call 00406120
test eax, eax
jne 00426168
push eax
push esi
push 00000000

|
:0042613B E8E0FFFDFF
Call 00406120
:00426140 85C0
test eax, eax
:00426142 7524
jne 00426168
:00426144 8D4324
:00426147 50
push eax
:00426148 56
push esi
:00426149 A1142B4400
:0042614E 8B00
:00426150 50
push eax
|
:00426151 E8CAFFFDFF
Call 00406120
:00426156 85C0
test eax, eax
:00426158 750E
jne 00426168
:0042615A 8D4324
:0042615D 50
push eax
:0042615E 56
push esi
:0042615F 8B4334
:00426162 50
push eax
|
:00426163 E8B8FFFDFF
Call 00406120
|:00426132(C), :00426142(C), :00426158(C)
|
:00426168 897B34
:0042616B 8B4324
:0042616E 251FBFFFFF
and eax, FFFFBF1F
:00426173 83C803
or eax, 00000003
:00426176 894324
|:00426119(C)
|
:00426179 5F
pop edi
:0042617A 5E
pop esi
:0042617B 5B
pop ebx
:0042617C C3
ret
:0042617D 8D4000

|:0042622A , :0042A1E2 , :004395E1 , :0043A1C0
|
:00426180 53
push ebx
, :0043A204
:00426181
:00426182
:00426183
:00426185
:00426187
:00426189
:0042618E
:00426190
:00426192
56
57
8BFA
8BF0
8BC6
E8EED5FFFF
84C0
7406
810F00200000
push esi
push edi
mov edi, edx
mov esi, eax
mov eax, esi
call 0042377C
test al, al
je 00426198
or dword ptr [edi], 00002000
|:00426190(C)
|
:00426198 8BC6
:0042619A E80DD6FFFF
:0042619F 84C0
:004261A1 7406
:004261A3 810F00400000
|:004261A1(C)
|
:004261A9 8BC6
:004261AB 66BBCFFF
:004261AF E840CCFDFF
:004261B4 84C0
:004261B6 7429
:004261B8 8BC6
:004261BA 66BBD0FF
:004261BE E831CCFDFF
:004261C3 84C0
:004261C5 7508
:004261C7 810F00100000
:004261CD EB12
|:004261C5(C)
|
:004261CF 8BC6
:004261D1 66BBD0FF
:004261D5 E81ACCFDFF
:004261DA 3C01
:004261DC 7503
:004261DE 830F00
mov eax, esi

call 004237AC
test al, al
je 004261A9
mov eax, esi

mov bx, FFCF
call 00402DF4
test al, al
je 004261E1
mov eax, esi
mov bx, FFD0
call 00402DF4
test al, al
jne 004261CF
jmp 004261E1
mov eax, esi

mov bx, FFD0
call 00402DF4
cmp al, 01
jne 004261E1

|:004261B6(C), :004261CD(U), :004261DC(C)
|
:004261E1 5F
pop edi
:004261E2 5E
pop esi
:004261E3 5B
pop ebx
:004261E4 C3
ret
:004261E5 8D4000

|:0041DD96 , :0041E4E6 , :0042A1BA , :00437881
|
:004261E8 55
push ebp
:004261E9
:004261EB
:004261F1
:004261F2
:004261F3
:004261F4
:004261F6
:004261F9
:004261FB
:004261FD
:004261FF
:00426200
:00426205
:00426208
:0042620B
:0042620D
:0042620F
:00426214
:00426219
:0042621C
:0042621E
:00426225
:00426228
:0042622A
:0042622F
:00426233
:00426235
:0042623C
8BEC
81C4FCFEFFFF
53
56
57
33C9
894DFC
8BDA
8BF0
33C0
55
6808634200
64FF30
648920
8BC3
33C9
BA8C000000
E81FC7FDFF
8B4654
8903
C7430400000044
8D5308
8BC6
E851FFFFFF
F6464001
740E
814B0400000002
814B0800000100
mov ebp, esp

add esp, FFFFFEFC
push ebx
push esi
push edi
xor ecx, ecx
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push 00426308
mov eax, ebx
xor ecx, ecx
mov edx, 0000008C
call 00402938
mov [ebx+04], 44000000
mov eax, esi
call 00426180
test [esi+40], 01
je 00426243
|:00426233(C)
|
:00426243 F6462010
:00426247 7512
:00426249 8BC6
:0042624B 8B10
:0042624D FF5250
:00426250 84C0
:00426252 7507
:00426254 814B0400000008
|:00426247(C), :00426252(C)
|
:0042625B 80BE7801000000
:00426262 7407
:00426264 814B0400000100
test [esi+20], 10
jne 0042625B
mov eax, esi
call [edx+50]
test al, al
jne 0042625B

je 0042626B

|:00426262(C)
|
:0042626B 8B4630
:0042626E 89430C
:00426271 8B4634
:00426274 894310
:00426277 8B4638
:0042627A 894314
:0042627D 8B463C
:00426280 894318
:00426283 8B7E24
:00426286
:00426288
:0042628A
:0042628C
:00426291
:00426294
85FF
740C
8BC7
E86F2C0000
89431C
EB09
test edi, edi

je 00426296
mov eax, edi
call 00428F00
jmp 0042629F

|:00426288(C)
|
:00426296 8B8668010000
:0042629C 89431C
|:00426294(U)
|
:0042629F C743240B000000
:004262A6 B860604000
:004262AB 894328
:004262AE 68007F0000
:004262B3 6A00

mov [ebx+24], 0000000B
mov eax, 00406060
push 00007F00
push 00000000

|
:004262B5 E82600FEFF
Call 004062E0
:004262BA 89433C
:004262BD 33C0
xor eax, eax
:004262BF 894340
:004262C2 A1E02B4400
:004262C7 8B00
:004262C9 894334
:004262CC 8D95FCFEFFFF
:004262D2 8B06
:004262D4 E893C8FDFF
call 00402B6C
:004262DF 8D45FC
:004262E2 E8F1D6FDFF
call 004039D8
:004262E7 8B55FC
:004262EA 8D434C
:004262ED E8BA16FEFF
call 004079AC
:004262F2 33C0
xor eax, eax
:004262F4 5A
pop edx
:004262F5 59
pop ecx
:004262F6 59
pop ecx
:004262F7 648910
|
:004262FA 680F634200
push 0042630F
|:0042630D(U)
|
:004262FF 8D45FC
:00426302 E8B1D4FDFF
:00426307 C3
:00426308 E96BCFFDFF
:0042630D EBF0
jmp 00403278
jmp 004262FF

call 004037B8
ret
:0042630F
:00426310
:00426311
:00426312
:00426314
:00426315
5F
5E
5B
8BE5
5D
C3
:00426316 8BC0
pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:0041DEDA , :0041E51D , :00437891
|
:00426318 55
push ebp
:00426319 8BEC
mov ebp, esp
:0042631B 81C440FFFFFF
add esp, FFFFFF40
:00426321 53
push ebx
:00426322 33D2
xor edx, edx
:00426324 899540FFFFFF
mov dword ptr [ebp+FFFFFF40], edx
:0042632A 8BD8
mov ebx, eax
:0042632C 33C0
xor eax, eax
:0042632E 55
push ebp
:0042632F 6878644200
push 00426478
:00426334 64FF30
:00426337 648920
:0042633A 8D9574FFFFFF
:00426340 8BC3
mov eax, ebx
:00426342 8B08
:00426344 FF9194000000
:0042634A 837D9000
:0042634E 7549
jne 00426399
:00426350 F6857BFFFFFF40
test byte ptr [ebp+FFFFFF7B], 40
:00426357 7440
je 00426399
:00426359 8B4308
:0042635C 898544FFFFFF
mov dword ptr [ebp+FFFFFF44], eax
:00426362 C68548FFFFFF0B
mov byte ptr [ebp+FFFFFF48], 0B
:00426369 8D8544FFFFFF
:0042636F 50
push eax
:00426370 6A00
push 00000000
:00426372 8D9540FFFFFF
:00426378 A1582C4400
:0042637D E8A2EAFDFF
call 00404E24
:00426382 8B8D40FFFFFF
mov ecx, dword ptr [ebp+FFFFFF40]
:00426388 B201
mov dl, 01
:0042638A A1F4B44000
:0042638F E81425FEFF
call 004088A8
:00426394 E817CFFDFF
call 004032B0
|:0042634E(C), :00426357(C)
|
:00426399 8B459C
:0042639C 898330010000
:004263A2 8D854CFFFFFF
:004263A8 50
:004263A9 8D45C0
:004263AC 50
:004263AD 8B45A8
:004263B0 50

push eax
push eax
push eax

|
:004263B1 E86AFDFDFF
Call 00406120
:004263B6 F7D8
neg eax
:004263B8 1BC0
sbb eax, eax
:004263BA F7D8
neg eax
:004263BC 84C0
test al, al
:004263BE 740D
je 004263CD
:004263C0 BAC4034200
mov edx, 004203C4
:004263C5 3B9550FFFFFF
cmp edx, dword ptr [ebp+FFFFFF50]
:004263CB 7431
je 004263FE
|:004263BE(C)
|
:004263CD 84C0
test al, al
:004263CF 740D
je 004263DE
:004263D1 8B45A8
:004263D4 50
push eax
:004263D5 8D45C0
:004263D8 50
push eax
|
:004263D9 E89200FEFF
Call 00406470
|:004263CF(C)
|
:004263DE C7459CC4034200
:004263E5 8D45C0
:004263E8 8945BC
:004263EB 8D4598
:004263EE 50

mov [ebp-64], 004203C4
push eax

|
:004263EF E84CFFFDFF
Call 00406340
:004263F4 6685C0
test ax, ax
:004263F7 7505
jne 004263FE
:004263F9 E8D632FEFF
call 004096D4
|:004263CB(C), :004263F7(C)
|
:004263FE 891D08264400
:00426404 8D9574FFFFFF
:0042640A 8BC3
:0042640C 8B08
:0042640E FF9198000000
:00426414 83BB4001000000
:0042641B 7505
:0042641D E8B232FEFF
|:0042641B(C)
|
:00426422 8B4354
:00426425 E8F216FEFF
:0042642A 33C0
mov dword ptr [00442608], ebx

mov eax, ebx
cmp dword ptr [ebx+00000140], 00000000
jne 00426422
call 004096D4

call 00407B1C
xor eax, eax
:0042642C
:0042642F
:00426431
:00426436
:00426438
:0042643B
:00426440
:00426442
:00426447
:00426449
:0042644E
:00426452
:00426454
:00426456
:0042645A
894354
8BC3
E8B62E0000
6A01
8B4358
E89CDBFEFF
8BC8
BA30000000
8BC3
E846DDFFFF
807B4C00
740B
8BC3
66BBEFFF
E895C9FDFF

mov eax, ebx
call 004292EC
push 00000001
call 00413FDC
mov ecx, eax
mov edx, 00000030
mov eax, ebx
call 00424194
je 0042645F
mov eax, ebx
mov bx, FFEF
call 00402DF4
|:00426452(C)
|
:0042645F 33C0
:00426461 5A
:00426462 59
:00426463 59
:00426464 648910
:00426467 687F644200
|:0042647D(U)
|
:0042646C 8D8540FFFFFF
:00426472 E841D3FDFF
:00426477 C3
:00426478
:0042647D
:0042647F
:00426480
:00426482
:00426483
jmp
jmp
pop
mov
pop
ret
E9FBCDFDFF
EBED
5B
8BE5
5D
C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 0042647F

call 004037B8
ret
00403278
0042646C
ebx
esp, ebp
ebp

|:0041DE85 , :0041DEA7 , :0043A4B2
|
:00426484 53
push ebx
:00426485 56
push esi
:00426486 8BDA
mov ebx, edx
:00426488 8BF0
mov esi, eax
:0042648A 8B4320
mov eax, dword
:0042648D 50
push eax
:0042648E 8B4334
mov eax, dword
:00426491 50
push eax
:00426492 6A00
push 00000000
:00426494 8B431C
mov eax, dword
:00426497 50
push eax
:00426498 8B4318
mov eax, dword
:0042649B 50
push eax
:0042649C 8B4314
mov eax, dword
ptr [ebx+20]
ptr [ebx+34]
ptr [ebx+1C]
ptr [ebx+18]
ptr [ebx+14]
:0042649F
:004264A0
:004264A3
:004264A4
:004264A7
:004264A8
:004264AB
:004264AC
:004264AE
:004264AF
:004264B2
:004264B3
:004264B6
50
8B4310
50
8B430C
50
8B4304
50
8B03
50
8D434C
50
8B4308
50
push eax
mov eax,
push eax
mov eax,
push eax
mov eax,
push eax
mov eax,
push eax
lea eax,
push eax
mov eax,
push eax
dword ptr [ebx+10]

dword ptr [ebx+0C]
dword ptr [ebx+04]
dword ptr [ebx]
dword ptr [ebx+4C]
dword ptr [ebx+08]

|
:004264B7 E88CFBFDFF
Call 00406048
:004264BC 898640010000
:004264C2 5E
pop esi
:004264C3 5B
pop ebx
:004264C4 C3
ret
:004264C5 8D4000

|:0041DF6E
|
:004264C8 53
push ebx
:004264C9 56
push esi
:004264CA 57
push edi
:004264CB 8BD8
mov ebx, eax
:004264CD 8BC3
mov eax, ebx
:004264CF E81CCCFFFF
call 004230F0
:004264D4 8BF0
mov esi, eax
:004264D6 83FE01
cmp esi, 00000001
:004264D9 7D0F
jge 004264EA
:004264DB B81C654200
mov eax, 0042651C
:004264E0 E80B16FEFF
call 00407AF0
:004264E5 894354
:004264E8 EB1F
jmp 00426509
|:004264D9(C)
|
:004264EA 8D4601
:004264ED E8DE15FEFF
:004264F2 8BF8
:004264F4 897B54
:004264F7 8BC7
:004264F9 E8E615FEFF
:004264FE 8BC8
:00426500 8BD7
:00426502 8BC3
:00426504 E8F7CBFFFF

call 00407AD0
mov edi, eax
mov eax, edi
call 00407AE4
mov ecx, eax
mov edx, edi
mov eax, ebx
call 00423100

|:004264E8(U)
|
:00426509 E802B9FFFF
call 00421E10
:0042650E
:00426510
:00426512
:00426518
:00426519
:0042651A
:0042651B
8BC3
8B10
FF92A0000000
5F
5E
5B
C3
:0042651C 00000000
mov eax, ebx

pop edi
pop esi
pop ebx
ret
BYTE 4 DUP(0)

|:0043A513
|
:00426520 55
push ebp
:00426521 8BEC
mov ebp, esp
:00426523 51
push ecx
:00426524 8945FC
:00426527 8B45FC
:0042652A 668148440002
:00426530 33C0
xor eax, eax
:00426532 55
push ebp
:00426533 6864654200
push 00426564
:00426538 64FF30
:0042653B 648920
:0042653E 8B45FC
:00426541 8B8040010000
:00426547 50
push eax
|
:00426548 E83BFBFDFF
Call 00406088
:0042654D 33C0
xor eax, eax
:0042654F 5A
pop edx
:00426550 59
pop ecx
:00426551 59
pop ecx
:00426552 648910
:00426555 686B654200
push 0042656B
|:00426569(U)
|
:0042655A 8B45FC
:0042655D 66816044FFFD
:00426563 C3
:00426564
:00426569
:0042656B
:0042656E
:00426570
:00426576
:00426577
:00426578
jmp
jmp
mov
xor
mov
pop
pop
ret
E90FCDFDFF
EBEF
8B45FC
33D2
899040010000
59
5D
C3
:00426579 8D4000

and word ptr [eax+44], FDFF
ret
00403278
0042655A
edx, edx
ecx
ebp

|:0042661C
|
:0042657C 53
push ebx
:0042657D 56
push esi
:0042657E 57
push edi
:0042657F 8BDA
mov ebx, edx
:00426581 8BF8
mov edi, eax
:00426583 8B8784010000
:00426589 8BD3
mov edx, ebx
:0042658B E88066FEFF
call 0040CC10
:00426590 8BF0
mov esi, eax
:00426592 46
inc esi
:00426593 8B8784010000
:00426599 8B5808
:0042659C 4B
dec ebx
:0042659D 2BDE
sub ebx, esi
:0042659F 7C1C
jl 004265BD
:004265A1 43
inc ebx
|:004265BB(C)
|
:004265A2 8B8784010000
:004265A8 8BD6
:004265AA E8C965FEFF
:004265AF 8B8040010000
:004265B5 85C0
:004265B7 7506
:004265B9 46
:004265BA 4B
:004265BB 75E5

mov edx, esi
call 0040CB78
test eax, eax
jne 004265BF
inc esi
dec ebx
jne 004265A2

|:0042659F(C)
|
:004265BD 33C0
xor eax, eax
|:004265B7(C)
|
:004265BF 5F
pop edi
:004265C0 5E
pop esi
:004265C1 5B
pop ebx
:004265C2 C3
ret
:004265C3
:004265C4
:004265C5
:004265C6
:004265C8
:004265CF
:004265D1
:004265D3
:004265D5
:004265DB
:004265DD
:004265DE
90
53
56
8BD8
83BB4001000000
755D
8BC3
8B10
FF929C000000
8BF3
56
0FB7052E374400
nop
push ebx
push esi
mov ebx, eax
cmp dword ptr [ebx+00000140], 00000000
jne 0042662E
mov eax, ebx
call dword ptr [edx+0000009C]
mov esi, ebx
push esi
:004265E5 50
:004265E6 8B8340010000
:004265EC 50
push eax
push eax

|
:004265ED E8D6FDFDFF
Call 004063C8
:004265F2 56
push esi
:004265F3 0FB7052C374400
:004265FA 50
push eax
:004265FB 8B8340010000
:00426601 50
push eax
|
:00426602 E8C1FDFDFF
Call 004063C8
:00426607 8B7324
:0042660A 85F6
test esi, esi
:0042660C 7420
je 0042662E
:0042660E 6A13
push 00000013
:00426610 6A00
push 00000000
:00426612 6A00
push 00000000
:00426614 6A00
push 00000000
:00426616 6A00
push 00000000
:00426618 8BD3
mov edx, ebx
:0042661A 8BC6
mov eax, esi
:0042661C E85BFFFFFF
call 0042657C
:00426621 50
push eax
:00426622 8B8340010000
:00426628 50
push eax
|
:00426629 E8DAFDFDFF
Call 00406408
|:004265CF(C), :0042660C(C)
|
:0042662E 5E
:0042662F 5B
:00426630 C3
:00426631 8D4000
pop esi
pop ebx
ret

|:00426008 , :00426664 , :004266A7 , :0042A374 , :00438E47
|:00439965 , :0043BAED
|
:00426634 53
push ebx
:00426635 56
push esi
:00426636 57
push edi
:00426637 8BD8
mov ebx, eax
:00426639 83BB4001000000
cmp dword ptr [ebx+00000140], 00000000
:00426640 7435
je 00426677
:00426642 8B8384010000
:00426648 85C0
test eax, eax
:0042664A 7421
je 0042666D
:0042664C 8B7008
:0042664F 4E
dec esi
:00426650
:00426652
:00426654
:00426655
85F6
7C19
46
33FF
test esi, esi

jl 0042666D
inc esi
xor edi, edi
|:0042666B(C)
|
:00426657 8BD7
:00426659 8B8384010000
:0042665F E81465FEFF
:00426664 E8CBFFFFFF
:00426669 47
:0042666A 4E
:0042666B 75EA
|:0042664A(C), :00426652(C)
|
:0042666D 8BC3
:0042666F 8B10
:00426671 FF92A4000000
mov edx, edi

call 0040CB78
call 00426634
inc edi
dec esi
jne 00426657
mov eax, ebx


|:00426640(C)
|
:00426677 5F
pop edi
:00426678 5E
pop esi
:00426679 5B
pop ebx
:0042667A C3
ret
:0042667B 90
nop

|:0041D99A , :0041D9B2 , :0041D9C6 , :0041DA0A , :0041E12E
|:00428356 , :00438036 , :00438073 , :004396E7 , :00439720
|:00439763 , :00439C90
|
:0042667C 83B84001000000
cmp dword ptr [eax+00000140], 00000000
:00426683 740E
je 00426693
:00426685 6A00
push 00000000
:00426687 33C9
xor ecx, ecx
:00426689 BA33B00000
mov edx, 0000B033
:0042668E E801DBFFFF
call 00424194
|:00426683(C)
|
:00426693 C3
:00426694 53
:00426695 56
:00426696 8BF0
:00426698 8BC6
:0042669A 66BBBBFF
:0042669E E851C7FDFF
:004266A3 8BD8
:004266A5 8BC6
:004266A7 E888FFFFFF
:004266AC 8BC6

ret
push ebx
push esi
mov esi, eax
mov eax, esi
mov bx, FFBB
call 00402DF4
mov ebx, eax
mov eax, esi
call 00426634
mov eax, esi
:004266AE
:004266B3
:004266B5
:004266B7
:004266BE
:004266C0
:004266C6
E819010000
84DB
7415
83BE4001000000
740C
8B8640010000
50
call 004267CC
test bl, bl
je 004266CC
cmp dword ptr [esi+00000140], 00000000
je 004266CC
push eax

|
:004266C7 E8DCFCFDFF
Call 004063A8
|:004266B5(C), :004266BE(C)
|
:004266CC 5E
:004266CD 5B
:004266CE C3
:004266CF 90
nop
pop esi
pop ebx
ret

|:0042674E , :00426802
|
:004266D0 55
push ebp
:004266D1 8BEC
mov ebp, esp
:004266D3 83C4F8
add esp, FFFFFFF8
:004266D6 53
push ebx
:004266D7 56
push esi
:004266D8 57
push edi
:004266D9 8945FC
:004266DC 8B45FC
:004266DF 80784700
:004266E3 7512
jne 004266F7
:004266E5 8B45FC
:004266E8 F6402010
test [eax+20], 10
:004266EC 7412
je 00426700
:004266EE 8B45FC
:004266F1 F6404104
test [eax+41], 04
:004266F5 7509
jne 00426700
|:004266E3(C)
|
:004266F7 8B45FC
:004266FA F6404408
:004266FE 7404

test [eax+44], 08
je 00426704

|:004266EC(C), :004266F5(C)
|
:00426700 33C0
xor eax, eax
:00426702 EB02
jmp 00426706
|:004266FE(C)
|
:00426704 B001
mov al, 01
|:00426702(U)
|
:00426706 8845FB
:00426709 807DFB00
:0042670D 7448
:0042670F 8B45FC
:00426712 83B84001000000
:00426719 750B
:0042671B 8B45FC
:0042671E 8B10
:00426720 FF9290000000
|:00426719(C)
|
:00426726 8B45FC
:00426729 8B8084010000
:0042672F 85C0
:00426731 7424
:00426733 8B5808
:00426736 4B
:00426737 85DB
:00426739 7C1C
:0042673B 43
:0042673C 33F6
|:00426755(C)
|
:0042673E 8B45FC
:00426741 8B8084010000
:00426747 8BD6
:00426749 E82A64FEFF
:00426753 46
:00426754 4B
:00426755 75E7

je 00426757
cmp dword ptr [eax+00000140], 00000000
jne 00426726

test eax, eax
je 00426757
dec ebx
test ebx, ebx
jl 00426757
inc ebx
xor esi, esi

mov edx, esi
call 0040CB78
call 004266D0
inc esi
dec ebx
jne 0042673E

|:0042670D(C), :00426731(C), :00426739(C)
|
:00426757 8B45FC
:0042675A 83B84001000000
cmp dword ptr [eax+00000140], 00000000
:00426761 7460
je 004267C3
:00426763 8B45FC
:00426766 8A806C010000
:0042676C 3A45FB
:0042676F 7452
je 004267C3
:00426771 8B45FC
:00426774 8A55FB
:00426777 88906C010000
:0042677D 33C0
xor eax, eax
:0042677F 55
push ebp
:00426780 68A6674200
push 004267A6
:00426785 64FF30
:00426788 648920
:0042678B 6A00
push 00000000
:0042678D 33C9
xor ecx, ecx
:0042678F BA19B00000
mov edx, 0000B019
:00426794
:00426797
:0042679C
:0042679E
:0042679F
:004267A0
:004267A1
:004267A4
:004267A6
:004267AB
:004267AE
:004267B0
:004267B3
:004267B9
:004267BE
8B45FC
E8F8D9FFFF
33C0
5A
59
59
648910
EB1D
E9C5C8FDFF
8A45FB
3401
8B55FC
88826C010000
E80ECBFDFF
E85DCBFDFF

call 00424194
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 004267C3
jmp 00403070
xor al, 01
mov byte ptr [edx+0000016C], al
call 004032CC
call 00403320

|:00426761(C), :0042676F(C), :004267A4(U)
|
:004267C3 5F
pop edi
:004267C4 5E
pop esi
:004267C5 5B
pop ebx
:004267C6 59
pop ecx
:004267C7 59
pop ecx
:004267C8 5D
pop ebp
:004267C9 C3
ret
:004267CA 8BC0
mov eax, eax

|:00425568 , :00425F98 , :004266AE , :0042840A
|:004399A0
|
:004267CC 53
push ebx
:004267CD 56
push esi
:004267CE 8BF0
mov esi, eax
:004267D0 8BDE
mov ebx, esi
:004267D2 EB0B
jmp 004267DF
, :00438E5D
|:004267E4(C)
|
:004267D4 8BD8
:004267D6 80BB6C01000000
:004267DD 7428
|:004267D2(U)
|
:004267DF 8B4324
:004267E2 85C0
:004267E4 75EE
:004267E6 8BC3
:004267E8 8B153C504300
:004267EE E89DC5FDFF
:004267F3 84C0
:004267F5 7509
:004267F7 83BB6801000000
:004267FE 7407
mov ebx, eax

je 00426807

test eax, eax
jne 004267D4
mov eax, ebx
call 00402D90
test al, al
jne 00426800
cmp dword ptr [ebx+00000168], 00000000
je 00426807

|:004267F5(C)
|
:00426800 8BC6
mov eax, esi
:00426802 E8C9FEFFFF
call 004266D0
|:004267DD(C), :004267FE(C)
|
:00426807 5E
:00426808 5B
:00426809 C3
:0042680A
:0042680C
:0042680D
:0042680F
:00426810
:00426811
:00426812
:00426813
:00426816
:00426818
:00426819
:0042681E
:00426821
:00426824
:00426826
:00426827
:0042682C
:0042682F
:00426832
:00426835
:00426838
:0042683B
:0042683D
:0042683E
:0042683F
:00426840
:00426843
mov eax, eax

push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
xor eax, eax
push ebp
push 00426864
xor eax, eax
push ebp
push 00426853
call [ebx+28]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042685A
8BC0
55
8BEC
51
53
56
57
8945FC
33C0
55
6864684200
64FF30
648920
33C0
55
6853684200
64FF30
648920
8B5DFC
8B432C
FF5328
33C0
5A
59
59
648910
685A684200
pop esi
pop ebx
ret
|:00426858(U)
|
:00426848 E8C3B5FFFF
:0042684D E85215FFFF
:00426852 C3
:00426853
:00426858
:0042685A
:0042685C
:0042685D
:0042685E
:0042685F
:00426862
:00426864
jmp
jmp
xor
pop
pop
pop
mov
jmp
jmp
E920CAFDFF
EBEE
33C0
5A
59
59
648910
EB19
E907C8FDFF
call 00421E10
call 00417DA4
ret
00403278
00426848
eax, eax
edx
ecx
ecx
0042687D
00403070
:00426869
:0042686E
:00426870
:00426873
:00426878
A1302C4400
8B00
8B55FC
E8EC850100
E8A3CAFDFF

call 0043EE64
call 00403320

|:00426862(U)
|
:0042687D 5F
pop edi
:0042687E 5E
pop esi
:0042687F 5B
pop ebx
:00426880 59
pop ecx
:00426881 5D
pop ebp
:00426882 C3
ret
:00426883 90
nop

|:00421CC5 , :00426995 , :00426A9D , :004274E0 , :00428636
|:0042B85D , :004305BA
|
:00426884 53
push ebx
:00426885 56
push esi
:00426886 57
push edi
:00426887 55
push ebp
:00426888 83C4E4
add esp, FFFFFFE4
:0042688B 880C24
:0042688E 8BEA
mov ebp, edx
:00426890 8BF8
mov edi, eax
:00426892 8B8728010000
:00426898 85C0
test eax, eax
:0042689A 0F849C000000
je 0042693C
:004268A0 8B7008
:004268A3 4E
dec esi
:004268A4 83FE00
cmp esi, 00000000
:004268A7 0F8C8F000000
jl 0042693C
|:00426936(C)
|
:004268AD 8B8728010000
:004268B3 8BD6
:004268B5 E8BE62FEFF
:004268BA 8BD8
:004268BC 8D4C2404
:004268C0 8B5504
:004268C3 2B5334
:004268C6 8B4500
:004268C9 2B4330
:004268CC E8AF58FEFF
:004268D1 FF742408
:004268D5 FF742408
:004268D9 8D542414
:004268DD 8BC3
:004268DF 8B08
:004268E1 FF5144
:004268E4 8D442414
:004268E8 50

mov eax, dword
mov edx, esi
call 0040CB78
mov ebx, eax
lea ecx, dword
mov edx, dword
sub edx, dword
mov eax, dword
sub eax, dword
call 0040C180
push [esp+08]
push [esp+08]
lea edx, dword
mov eax, ebx
mov ecx, dword
call [ecx+44]
lea eax, dword
push eax
ptr [edi+00000128]
ptr
ptr
ptr
ptr
ptr
[esp+04]
[ebp+04]
[ebx+34]
[ebp+00]
[ebx+30]
ptr [esp+14]
ptr [eax]
ptr [esp+14]

|
:004268E9 E84AFAFDFF
Call 00406338
:004268EE 85C0
test eax, eax
:004268F0 7440
je 00426932
:004268F2 F6432010
test [ebx+20], 10
:004268F6 740C
je 00426904
:004268F8 807B4700
:004268FC 7540
jne 0042693E
:004268FE F6434104
test [ebx+41], 04
:00426902 743A
je 0042693E
|:004268F6(C)
|
:00426904 807B4700
:00426908 7428
:0042690A 8BC3
:0042690C 8B10
:0042690E FF5250
:00426911 0A0424
:00426914 741C
:00426916 8D442404
:0042691A E8F9FBFDFF
:0042691F 50
:00426920 33C9
:00426922 BA0AB00000
:00426927 8BC3
:00426929 E866D8FFFF
:0042692E 85C0
:00426930 750C

je 00426932
mov eax, ebx
call [edx+50]
or al, byte ptr [esp]
je 00426932
call 00406518
push eax
xor ecx, ecx
mov edx, 0000B00A
mov eax, ebx
call 00424194
test eax, eax
jne 0042693E

|:004268F0(C), :00426908(C), :00426914(C)
|
:00426932 4E
dec esi
:00426933 83FEFF
cmp esi, FFFFFFFF
:00426936 0F8571FFFFFF
jne 004268AD
|:0042689A(C), :004268A7(C)
|
:0042693C 33DB
xor ebx, ebx
|:004268FC(C), :00426902(C), :00426930(C)
|
:0042693E 8BC3
mov eax, ebx
:00426940 83C41C
add esp, 0000001C
:00426943 5D
pop ebp
:00426944 5F
pop edi
:00426945 5E
pop esi
:00426946 5B
pop ebx
:00426947 C3
ret

|:00426ABA , :0042838E
|
:00426948
:00426949
:0042694A
:0042694B
:0042694E
:00426950
:00426952
:00426954
:00426959
53
56
57
83C4F0
8BFA
8BF0
8BC6
E8A7250000
8BD8
push ebx
push esi
push edi
add esp, FFFFFFF0
mov edi, edx
mov esi, eax
mov eax, esi
call 00428F00
mov ebx, eax

|
:0042695B E8B8F7FDFF
Call 00406118
:00426960 3BD8
cmp ebx, eax
:00426962 751D
jne 00426981
:00426964 33DB
xor ebx, ebx
:00426966 833DC426440000
cmp dword ptr [004426C4], 00000000
:0042696D 742D
je 0042699C
:0042696F A1C4264400
:00426974 3B7024
:00426977 7523
jne 0042699C
:00426979 8B1DC4264400
mov ebx, dword ptr [004426C4]
:0042697F EB1B
jmp 0042699C
|:00426962(C)
|
:00426981 8D542408
:00426985 8B4708
:00426988 E877FBFDFF
:0042698D 8D542408
:00426991 33C9
:00426993 8BC6
:00426995 E8EAFEFFFF
:0042699A 8BD8

call 00406504
xor ecx, ecx
mov eax, esi
call 00426884
mov ebx, eax

|:0042696D(C), :00426977(C), :0042697F(U)
|
:0042699C 33C0
xor eax, eax
:0042699E 85DB
test ebx, ebx
:004269A0 742B
je 004269CD
:004269A2 0FBF4708
:004269A6 2B4330
:004269A9 890424
:004269AC 0FBF470A
:004269B0 2B4334
:004269B3 89442404
:004269B7 8BC4
mov eax, esp
:004269B9 E85AFBFDFF
call 00406518
:004269BE 50
push eax
:004269BF 8B4F04
:004269C2 8B17
:004269C4 8BC3
mov eax, ebx
:004269C6 E8C9D7FFFF
call 00424194
:004269CB B001
mov al, 01
|:004269A0(C)
|
:004269CD
:004269D0
:004269D1
:004269D2
:004269D3
83C410
5F
5E
5B
C3
add
pop
pop
pop
ret
esp, 00000010
edi
esi
ebx

|:0041E3BC , :00438FCC , :004393FE
|
:004269D4 55
push ebp
:004269D5 8BEC
mov ebp, esp
:004269D7 81C4E0FEFFFF
add esp, FFFFFEE0
:004269DD 53
push ebx
:004269DE 56
push esi
:004269DF 57
push edi
:004269E0 8BF2
mov esi, edx
:004269E2 8BD8
mov ebx, eax
:004269E4 8B06
:004269E6 3D84000000
cmp eax, 00000084
:004269EB 7F18
jg 00426A05
:004269ED 7470
je 00426A5F
:004269EF 83E807
sub eax, 00000007
:004269F2 7432
je 00426A26
:004269F4 48
dec eax
:004269F5 7459
je 00426A50
:004269F7 83E817
sub eax, 00000017
:004269FA 0F84E0000000
je 00426AE0
:00426A00 E919010000
jmp 00426B1E
|:004269EB(C)
|
:00426A05 0500FFFFFF
:00426A0A 83E809
:00426A0D 0F82B9000000
:00426A13 0509FFFFFF
:00426A18 83E80B
:00426A1B 0F8295000000
:00426A21 E9F8000000
|:004269F2(C)
|
:00426A26 8BC3
:00426A28 E8E3010100
:00426A2D 8BF8
:00426A2F 85FF
:00426A31 0F8447010000
:00426A37 8BD3
:00426A39 8BC7
:00426A3B 8B08
:00426A3D FF91C8000000
:00426A43 84C0
:00426A45 0F843C010000
:00426A4B E92E010000
add eax, FFFFFF00

sub eax, 00000009
jb 00426ACC
add eax, FFFFFF09
sub eax, 0000000B
jb 00426AB6
jmp 00426B1E
mov eax, ebx

call 00436C10
mov edi, eax
test edi, edi
je 00426B7E
mov edx, ebx
mov eax, edi
test al, al
je 00426B87
jmp 00426B7E
|:004269F5(C)
|
:00426A50 F6434420
:00426A54 0F852D010000
:00426A5A E91F010000
test [ebx+44], 20
jne 00426B87
jmp 00426B7E
|:004269ED(C)
|
:00426A5F 8BD6
:00426A61 8BC3
:00426A63 E810D8FFFF
:00426A68 837E0CFF
:00426A6C 0F8515010000
:00426A72 8D95E0FEFFFF
:00426A78 8B4608
:00426A7B E884FAFDFF
:00426A86 8D8DE8FEFFFF
:00426A8C 8BC3
:00426A8E E861C2FFFF
:00426A99 33C9
:00426A9B 8BC3
:00426A9D E8E2FDFFFF
:00426AA2 85C0
:00426AA4 0F84DD000000
:00426AAA C7460C01000000
:00426AB1 E9D1000000
|:00426A1B(C)
|
:00426AB6 8BD6
:00426AB8 8BC3
:00426ABA E889FEFFFF
:00426ABF 84C0
:00426AC1 0F85C0000000
:00426AC7 E9B2000000
|:00426A0D(C)
|
:00426ACC 8BC3
:00426ACE E811CEFFFF
:00426AD3 84C0
:00426AD5 0F85AC000000
:00426ADB E99E000000
|:004269FA(C)
|
:00426AE0 8BC3
:00426AE2 E819240000
:00426AE7 8BF8
mov edx, esi

mov eax, ebx
call 00424278
cmp dword ptr [esi+0C], FFFFFFFF
jne 00426B87
call 00406504
lea ecx, dword ptr [ebp+FFFFFEE8]
mov eax, ebx
call 00422CF4
xor ecx, ecx
mov eax, ebx
call 00426884
test eax, eax
je 00426B87
mov [esi+0C], 00000001
jmp 00426B87
mov edx, esi

mov eax, ebx
call 00426948
test al, al
jne 00426B87
jmp 00426B7E
mov eax, ebx

call 004238E4
test al, al
jne 00426B87
jmp 00426B7E
mov eax, ebx

call 00428F00
mov edi, eax

|
:00426AE9 E82AF6FDFF
Call 00406118
:00426AEE 3BF8
cmp edi, eax
:00426AF0
:00426AF6
:00426AFD
:00426AFF
:00426B04
:00426B07
:00426B09
:00426B0B
:00426B0D
:00426B12
:00426B17
:00426B1C
0F8588000000
833DC426440000
747F
A1C4264400
3B5824
7575
6A00
33C9
BA1F000000
A1C4264400
E878D6FFFF
EB60
jne 00426B7E
cmp dword ptr [004426C4], 00000000
je 00426B7E
jne 00426B7E
push 00000000
xor ecx, ecx
mov edx, 0000001F
call 00424194
jmp 00426B7E
|:00426A00(U), :00426A21(U)
|
:00426B1E A120374400
:00426B23 80782000
:00426B27 7455
:00426B29 A120374400
:00426B2E 83781C00
:00426B32 744A
:00426B34 8B06
:00426B36 8B1520374400
:00426B3C 3B421C
:00426B3F 753D
:00426B41 8D85F0FEFFFF
:00426B47 50

je 00426B7E
je 00426B7E
jne 00426B7E
push eax
* Reference To: user32.GetKeyboardState, Ord:0000h

|
:00426B48 E84BF6FDFF
Call 00406198
:00426B4D 8B06
:00426B4F 8945F0
:00426B52 8D85F0FEFFFF
:00426B58 E8C7FF0000
call 00436B24
:00426B5D 8845F4
mov byte ptr [ebp-0C], al
:00426B60 668B4604
:00426B64 668945F6
mov word ptr [ebp-0A], ax
:00426B68 8B4608
:00426B6B 8945F8
:00426B6E 8D55F0
:00426B71 8BC3
mov eax, ebx
:00426B73 66BBB9FF
mov bx, FFB9
:00426B77 E878C2FDFF
call 00402DF4
:00426B7C EB09
jmp 00426B87
|:00426A31(C), :00426A4B(U), :00426A5A(U), :00426AC7(U), :00426ADB(U)
|:00426AF0(C), :00426AFD(C), :00426B07(C), :00426B1C(U), :00426B27(C)
|:00426B32(C), :00426B3F(C)
|
:00426B7E 8BD6
mov edx, esi
:00426B80 8BC3
mov eax, ebx
:00426B82 E8F1D6FFFF
call 00424278
|:00426A45(C), :00426A54(C), :00426A6C(C), :00426AA4(C), :00426AB1(U)
|:00426AC1(C), :00426AD5(C), :00426B7C(U)
|
:00426B87
:00426B88
:00426B89
:00426B8A
:00426B8C
:00426B8D
5F
5E
5B
8BE5
5D
C3
:00426B8E 8BC0
pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:0041E0C1 , :0043A57E
|
:00426B90 53
push ebx
:00426B91 56
push esi
:00426B92 57
push edi
:00426B93 55
push ebp
:00426B94 8BDA
mov ebx, edx
:00426B96 8BF0
mov esi, eax
:00426B98 8BAE40010000
:00426B9E 85ED
test ebp, ebp
:00426BA0 0F84A7000000
je 00426C4D
:00426BA6 8B3B
:00426BA8 8BC7
mov eax, edi
:00426BAA 05CEFEFFFF
add eax, FFFFFECE
:00426BAF 83E807
sub eax, 00000007
:00426BB2 720C
jb 00426BC0
:00426BB4 050744FFFF
add eax, FFFF4407
:00426BB9 83E807
sub eax, 00000007
:00426BBC 721C
jb 00426BDA
:00426BBE EB59
jmp 00426C19
|:00426BB2(C)
|
:00426BC0 8B6B08
:00426BC3 55
:00426BC4 8B4304
:00426BC7 50
:00426BC8 81C700BC0000
:00426BCE 57
:00426BCF 55

push ebp
push eax
add edi, 0000BC00
push edi
push ebp

|
:00426BD0 E8B3F7FDFF
Call 00406388
:00426BD5 89430C
:00426BD8 EB5A
jmp 00426C34
|:00426BBC(C)
|
:00426BDA 8B4658
:00426BDD 8B4014
:00426BE0 E823CFFEFF
:00426BE5 50
:00426BE6 8B4304
:00426BE9 50

call 00413B08
push eax
push eax
:00426BEA
:00426BEF
:00426BF5
:00426BFA
:00426BFF
:00426C00
:00426C03
E8C9F3FDFF
8B8624010000
E88ADBFEFF
E809CFFEFF
50
8B4304
50
|
Call 00405FB8
call 00414784
call 00413B08
push eax
push eax

|
:00426C04 E86FF3FDFF
Call 00405F78
:00426C09 8B8624010000
:00426C0F E8ACDBFEFF
call 004147C0
:00426C14 89430C
:00426C17 EB1B
jmp 00426C34
|:00426BBE(U)
|
:00426C19 8B4308
:00426C1C 50
:00426C1D 8B4304
:00426C20 50
:00426C21 8B03
:00426C23 50
:00426C24 55
:00426C25 8B8630010000
:00426C2B 50

mov eax,
push eax
mov eax,
push eax
mov eax,
push eax
push ebp
mov eax,
push eax
dword ptr [ebx+08]

dword ptr [ebx+04]
dword ptr [ebx]
dword ptr [esi+00000130]

|
:00426C2C E8DFF3FDFF
Call 00406010
:00426C31 89430C
|:00426BD8(U), :00426C17(U)
|
:00426C34 8B03
:00426C36 83F80C
:00426C39 751B
:00426C3B 8B5308
:00426C3E 52
:00426C3F 8B4B04
:00426C42 8BD0
:00426C44 8BC6
:00426C46 E805C1FFFF
:00426C4B EB09
|:00426BA0(C)
|
:00426C4D 8BD3
:00426C4F 8BC6
:00426C51 E83AD7FFFF

cmp eax, 0000000C
jne 00426C56
push edx
mov edx, eax
mov eax, esi
call 00422D50
jmp 00426C56
mov edx, ebx

mov eax, esi
call 00424390

|:00426C39(C), :00426C4B(U)
|
:00426C56 5D
pop ebp
:00426C57
:00426C58
:00426C59
:00426C5A
5F
5E
5B
C3
:00426C5B 90
pop edi
pop esi
pop ebx
ret
nop

|:00427183 , :004271A5 , :00427217 , :00427237 , :0042725A
|:0042727E , :004272A2 , :004272C6 , :00428197 , :004281C8
|:004281EB
|
:00426C5C 53
push ebx
:00426C5D 56
push esi
:00426C5E 57
push edi
:00426C5F 8BF2
mov esi, edx
:00426C61 33DB
xor ebx, ebx
:00426C63 E81498FFFF
call 0042047C
:00426C68 8BF8
mov edi, eax
:00426C6A 85FF
test edi, edi
:00426C6C 741B
je 00426C89
:00426C6E 8B4608
:00426C71 50
push eax
:00426C72 8B4E04
:00426C75 8B16
:00426C77 81C200BC0000
add edx, 0000BC00
:00426C7D 8BC7
mov eax, edi
:00426C7F E810D5FFFF
call 00424194
:00426C84 89460C
:00426C87 B301
mov bl, 01
|:00426C6C(C)
|
:00426C89 8BC3
mov eax, ebx
:00426C8B 5F
pop edi
:00426C8C 5E
pop esi
:00426C8D 5B
pop ebx
:00426C8E C3
ret
:00426C8F 90
nop

|:00427057
|
:00426C90 55
push ebp
:00426C91 8BEC
mov ebp, esp
:00426C93 83C4B0
add esp, FFFFFFB0
:00426C96 53
push ebx
:00426C97 56
push esi
:00426C98 57
push edi
:00426C99 8955F8
:00426C9C 8945FC
:00426C9F 8B5DF8
:00426CA2 8B5B04
:00426CA5 85DB
test ebx, ebx
:00426CA7 7514
jne 00426CBD
:00426CA9 8D45B0
:00426CAC
:00426CAD
:00426CB0
:00426CB5
50
8B45FC
E84B220000
50
push eax
call 00428F00
push eax

|
:00426CB6 E845F3FDFF
Call 00406000
:00426CBB 8BD8
mov ebx, eax
|:00426CA7(C)
|
:00426CBD 33D2
:00426CBF 55
:00426CC0 68B06D4200
:00426CC5 64FF32
:00426CC8 648922
:00426CCB 8B45FC
:00426CCE 83B82801000000
:00426CD5 7512
:00426CD7 8BD3
:00426CD9 8B45FC
:00426CDC 8B08
:00426CDE FF91AC000000
:00426CE4 E992000000

xor edx, edx
push ebp
push 00426DB0
cmp dword ptr [eax+00000128], 00000000
jne 00426CE9
mov edx, ebx
call dword ptr [ecx+000000AC]
jmp 00426D7B

|:00426CD5(C)
|
:00426CE9 53
push ebx
|
:00426CEA E871F2FDFF
Call 00405F60
:00426CEF 8945F0
:00426CF2 C745F402000000
mov [ebp-0C], 00000002
:00426CF9 8B45FC
:00426CFC 8B8028010000
:00426D02 8B7808
:00426D05 4F
dec edi
:00426D06 85FF
test edi, edi
:00426D08 7C54
jl 00426D5E
:00426D0A 47
inc edi
:00426D0B 33F6
xor esi, esi
|:00426D5C(C)
|
:00426D0D 8B45FC
:00426D10 8B8028010000
:00426D16 8BD6
:00426D18 E85B5EFEFF
:00426D1D 80784700
:00426D21 750C
:00426D23 F6402010
:00426D27 7431
:00426D29 F6404104
:00426D2D 752B

mov edx, esi
call 0040CB78
jne 00426D2F
test [eax+20], 10
je 00426D5A
test [eax+41], 04
jne 00426D5A
|:00426D21(C)
|
:00426D2F F6404040
:00426D33 7425
:00426D35 8B5034
:00426D38 03503C
:00426D3B 52
:00426D3C 8B5030
:00426D3F 035038
:00426D42 52
:00426D43 8B5034
:00426D46 52
:00426D47 8B4030
:00426D4A 50
:00426D4B 53

test [eax+40],
je 00426D5A
mov edx, dword
add edx, dword
push edx
mov edx, dword
add edx, dword
push edx
mov edx, dword
push edx
mov eax, dword
push eax
push ebx
40
ptr [eax+34]
ptr [eax+3C]
ptr [eax+30]
ptr [eax+38]
ptr [eax+34]
ptr [eax+30]

|
:00426D4C E817F1FDFF
Call 00405E68
:00426D51 8945F4
:00426D54 837DF401
:00426D58 7404
je 00426D5E
|:00426D27(C), :00426D2D(C), :00426D33(C)
|
:00426D5A 46
inc esi
:00426D5B 4F
dec edi
:00426D5C 75AF
jne 00426D0D
|:00426D08(C), :00426D58(C)
|
:00426D5E 837DF401
:00426D62 740D
:00426D64 8BD3
:00426D66 8B45FC
:00426D69 8B08
:00426D6B FF91AC000000

je 00426D71
mov edx, ebx
call dword ptr [ecx+000000AC]

|:00426D62(C)
|
:00426D71 8B45F0
:00426D74 50
push eax
:00426D75 53
push ebx
|
:00426D76 E8DDF1FDFF
Call 00405F58
|:00426CE4(U)
|
:00426D7B 33C9
:00426D7D 8BD3
:00426D7F 8B45FC
:00426D82 E861000000
:00426D87 33C0

xor ecx, ecx
mov edx, ebx
call 00426DE8
xor eax, eax
:00426D89
:00426D8A
:00426D8B
:00426D8C
5A
59
59
648910
pop
pop
pop
mov
edx
ecx
ecx

|
:00426D8F 68B76D4200
push 00426DB7
|:00426DB5(U)
|
:00426D94 8B45F8
:00426D97 83780400
:00426D9B 7512
:00426D9D 8D45B0
:00426DA0 50
:00426DA1 8B45FC
:00426DA4 E857210000
:00426DA9 50

jne 00426DAF
push eax
call 00428F00
push eax

|
:00426DAA E829F3FDFF
Call 004060D8
|:00426D9B(C)
|
:00426DAF C3
:00426DB0 E9C3C4FDFF
:00426DB5 EBDD
:00426DB7 5F
:00426DB8 5E
:00426DB9 5B
:00426DBA 8BE5
:00426DBC 5D
:00426DBD C3
:00426DBE
:00426DC0
:00426DC3
:00426DCA
:00426DCE
:00426DD0
:00426DD4
:00426DD6
:00426DDA
:00426DDC
:00426DDE
:00426DE1
:00426DE4
mov eax, eax

add esp, FFFFFFF0
mov dword ptr [esp], 0000000F
xor edx, edx
xor edx, edx
mov edx, esp
call [ecx-10]
add esp, 00000010
ret
8BC0
83C4F0
C704240F000000
89542404
33D2
89542408
33D2
8954240C
8BD4
8B08
FF51F0
83C410
C3
:00426DE5 8D4000
ret
jmp
jmp
pop
pop
pop
mov
pop
ret
00403278
00426D94
edi
esi
ebx
esp, ebp
ebp

|:00423731 , :00426D82
|
:00426DE8 53
push ebx
:00426DE9
:00426DEA
:00426DEB
:00426DEC
:00426DEF
:00426DF1
:00426DF3
:00426DF5
:00426DFC
:00426DFE
:00426E05
:00426E07
:00426E0E
:00426E10
:00426E16
:00426E18
:00426E1A
56
57
55
83C4E0
8BD9
8BEA
8BF0
80BE3801000000
741F
80BE8001000000
7416
83BE3C01000000
740D
8B863C010000
8BD5
8B08
FF5120
push esi
push edi
push ebp
add esp, FFFFFFE0
mov ebx, ecx
mov ebp, edx
mov esi, eax
je 00426E1D
je 00426E1D
je 00426E1D
mov edx, ebp
call [ecx+20]

|:00426DFC(C), :00426E05(C), :00426E0E(C)
|
:00426E1D 8B8628010000
:00426E23 85C0
test eax, eax
:00426E25 0F84DF000000
je 00426F0A
:00426E2B 33FF
xor edi, edi
:00426E2D 85DB
test ebx, ebx
:00426E2F 740F
je 00426E40
:00426E31 8BD3
mov edx, ebx
:00426E33 E8D85DFEFF
call 0040CC10
:00426E38 8BF8
mov edi, eax
:00426E3A 85FF
test edi, edi
:00426E3C 7D02
jge 00426E40
:00426E3E 33FF
xor edi, edi
|:00426E2F(C), :00426E3C(C)
|
:00426E40 8B8628010000
:00426E46 8B4008
:00426E49 890424
:00426E4C 3B3C24
:00426E4F 0F8DB5000000
|:00426F04(C)
|
:00426E55 8B8628010000
:00426E5B 8BD7
:00426E5D E8165DFEFF
:00426E62 8BD8
:00426E64 807B4700
:00426E68 7514
:00426E6A F6432010
:00426E6E 0F848C000000
:00426E74 F6434104
:00426E78 0F8582000000
mov
mov
mov
cmp
jnl

dword ptr [esp], eax
edi, dword ptr [esp]
00426F0A

mov edx, edi
call 0040CB78
mov ebx, eax
jne 00426E7E
test [ebx+20], 10
je 00426F00
test [ebx+41], 04
jne 00426F00

|:00426E68(C)
|
:00426E7E
:00426E81
:00426E84
:00426E85
:00426E89
:00426E8A
:00426E8D
:00426E90
:00426E93
:00426E96
:00426E9B
:00426E9F
:00426EA0
8B4334
03433C
50
8D442414
50
8B4B30
034B38
8B5334
8B4330
E8FD52FEFF
8D442410
50
55
mov eax, dword

add eax, dword
push eax
lea eax, dword
push eax
mov ecx, dword
add ecx, dword
mov edx, dword
mov eax, dword
call 0040C198
lea eax, dword
push eax
push ebp
ptr [ebx+34]
ptr [ebx+3C]
ptr [esp+14]
ptr
ptr
ptr
ptr
[ebx+30]
[ebx+38]
[ebx+34]
[ebx+30]
ptr [esp+10]
* Reference To: gdi32.RectVisible, Ord:0000h

|
:00426EA1 E8A2F0FDFF
Call 00405F48
:00426EA6 85C0
test eax, eax
:00426EA8 7456
je 00426F00
:00426EAA F6464480
test [esi+44], 80
:00426EAE 7406
je 00426EB6
:00426EB0 66814B448000
|:00426EAE(C)
|
:00426EB6 55
push ebp
|
:00426EB7 E8A4F0FDFF
Call 00405F60
:00426EBC 89442404
:00426EC0 8B4B34
:00426EC3 8B5330
:00426EC6 8BC5
mov eax, ebp
:00426EC8 E857AEFFFF
call 00421D24
:00426ECD 8B433C
:00426ED0 50
push eax
:00426ED1 8B4338
:00426ED4 50
push eax
:00426ED5 6A00
push 00000000
:00426ED7 6A00
push 00000000
:00426ED9 55
push ebp
|
:00426EDA E831F0FDFF
Call 00405F10
:00426EDF 6A00
push 00000000
:00426EE1 8BCD
mov ecx, ebp
:00426EE3 BA0F000000
mov edx, 0000000F
:00426EE8 8BC3
mov eax, ebx
:00426EEA E8A5D2FFFF
call 00424194
:00426EEF 8B442404
:00426EF3 50
push eax
:00426EF4 55
push ebp
|
:00426EF5 E85EF0FDFF
Call 00405F58
:00426EFA 668163447FFF
and word ptr [ebx+44], FF7F

|:00426E6E(C), :00426E78(C), :00426EA8(C)
|
:00426F00 47
inc edi
:00426F01 3B3C24
cmp edi, dword ptr [esp]
:00426F04 0F8C4BFFFFFF
jl 00426E55
|:00426E25(C), :00426E4F(C)
|
:00426F0A 8B8684010000
:00426F10 85C0
:00426F12 0F84F8000000
:00426F18 8B4008
:00426F1B 48
:00426F1C 85C0
:00426F1E 0F8CEC000000
:00426F24 40
:00426F25 8944240C
:00426F29 33FF
|:0042700A(C)
|
:00426F2B 8B8684010000
:00426F31 8BD7
:00426F33 E8405CFEFF
:00426F38 8BD8
:00426F3A 80BB2C01000000
:00426F41 0F84BE000000
:00426F47 F6434010
:00426F4B 0F84B4000000
:00426F51 807B4700
:00426F55 7514
:00426F57 F6432010
:00426F5B 0F84A4000000
:00426F61 F6434104
:00426F65 0F859A000000
|:00426F55(C)
|
:00426F6B B810000080
:00426F70 E893CBFEFF
:00426F75 50

test eax, eax
je 00427010
dec eax
test eax, eax
jl 00427010
inc eax
xor edi, edi

mov edx, edi
call 0040CB78
mov ebx, eax
je 00427005
test [ebx+40], 10
je 00427005
jne 00426F6B
test [ebx+20], 10
je 00427005
test [ebx+41], 04
jne 00427005
mov eax, 80000010

call 00413B08
push eax

|
:00426F76 E8BDEEFDFF
Call 00405E38
:00426F7B 89442408
:00426F7F 8B442408
:00426F83 50
push eax
:00426F84 8B4334
:00426F87 03433C
:00426F8A 50
push eax
:00426F8B 8D442418
:00426F8F 50
push eax
:00426F90 8B4B30
:00426F93 034B38
:00426F96
:00426F99
:00426F9A
:00426F9D
:00426F9E
:00426FA3
:00426FA7
:00426FA8
8B5334
4A
8B4330
48
E8F551FEFF
8D442414
50
55

dec edx
dec eax
call 0040C198
push eax
push ebp

|
:00426FA9 E85AF1FDFF
Call 00406108
:00426FAE 8B442408
:00426FB2 50
push eax
|
:00426FB3 E898EEFDFF
Call 00405E50
:00426FB8 B814000080
mov eax, 80000014
:00426FBD E846CBFEFF
call 00413B08
:00426FC2 50
push eax
|
:00426FC3 E870EEFDFF
Call 00405E38
:00426FC8 89442408
:00426FCC 8B442408
:00426FD0 50
push eax
:00426FD1 8B4334
:00426FD4 03433C
:00426FD7 40
inc eax
:00426FD8 50
push eax
:00426FD9 8D442418
:00426FDD 50
push eax
:00426FDE 8B4B30
:00426FE1 034B38
:00426FE4 41
inc ecx
:00426FE5 8B5334
:00426FE8 8B4330
:00426FEB E8A851FEFF
call 0040C198
:00426FF0 8D442414
:00426FF4 50
push eax
:00426FF5 55
push ebp
|
:00426FF6 E80DF1FDFF
Call 00406108
:00426FFB 8B442408
:00426FFF 50
push eax
|
:00427000 E84BEEFDFF
Call 00405E50
|:00426F41(C), :00426F4B(C), :00426F5B(C), :00426F65(C)
|
:00427005 47
inc edi
:00427006 FF4C240C
dec [esp+0C]
:0042700A 0F851BFFFFFF
jne 00426F2B
|:00426F12(C), :00426F1E(C)
|
:00427010 83C420
:00427013 5D
:00427014 5F
:00427015 5E
:00427016 5B
:00427017 C3

add
pop
pop
pop
pop
ret
esp, 00000020
ebp
edi
esi
ebx

|:004270EF , :0042A95C , :0043AD58
|
:00427018 55
push ebp
:00427019 8BEC
mov ebp, esp
:0042701B 83C494
add esp, FFFFFF94
:0042701E 53
push ebx
:0042701F 56
push esi
:00427020 57
push edi
:00427021 8BF2
mov esi, edx
:00427023 8BD8
mov ebx, eax
:00427025 80BBE801000000
cmp byte ptr [ebx+000001E8], 00
:0042702C 7406
je 00427034
:0042702E 837E0400
:00427032 742D
je 00427061
|:0042702C(C)
|
:00427034 F6434501
:00427038 7519
:0042703A 8BC3
:0042703C E847F0FFFF
:00427041 85C0
:00427043 750E
:00427045 8BD6
:00427047 8BC3
:00427049 8B08
:0042704B FF51F0
:0042704E E91E010000
|:00427038(C), :00427043(C)
|
:00427053 8BD6
:00427055 8BC3
:00427057 E834FCFFFF
:0042705C E910010000
test [ebx+45], 01
jne 00427053
mov eax, ebx
call 00426088
test eax, eax
jne 00427053
mov edx, esi
mov eax, ebx
call [ecx-10]
jmp 00427171
mov edx, esi

mov eax, ebx
call 00426C90
jmp 00427171

|:00427032(C)
|
:00427061 6A00
push 00000000
|
:00427063 E8E0F0FDFF
Call 00406148
:00427068
:0042706A
:0042706D
:0042706F
:00427071
:00427074
:00427077
:00427078
:0042707B
:0042707D
:0042707F
:00427082
:00427085
:00427086
8BF8
8D55A4
8BC3
8B08
FF5144
8B45B0
50
8D5594
8BC3
8B08
FF5144
8B459C
50
57
mov edi, eax

lea edx, dword
mov eax, ebx
mov ecx, dword
call [ecx+44]
mov eax, dword
push eax
lea edx, dword
mov eax, ebx
mov ecx, dword
call [ecx+44]
mov eax, dword
push eax
push edi
ptr [ebp-5C]
ptr [eax]
ptr [ebp-50]
ptr [ebp-6C]
ptr [eax]
ptr [ebp-64]

|
:00427087 E864EDFDFF
Call 00405DF0
:0042708C 8945F8
:0042708F 57
push edi
:00427090 6A00
push 00000000
|
:00427092 E8C9F2FDFF
Call 00406360
:00427097 6A00
push 00000000
|
:00427099 E85AEDFDFF
Call 00405DF8
:0042709E 8945FC
:004270A1 8B45F8
:004270A4 50
push eax
:004270A5 8B45FC
:004270A8 50
push eax
|
:004270A9 E8BAEEFDFF
Call 00405F68
:004270AE 8945F4
:004270B1 33C0
xor eax, eax
:004270B3 55
push ebp
:004270B4 686A714200
push 0042716A
:004270B9 64FF30
:004270BC 648920
:004270BF 8D45B4
:004270C2 50
push eax
:004270C3 8BC3
mov eax, ebx
:004270C5 E8361E0000
call 00428F00
:004270CA 50
push eax
|
:004270CB E830EFFDFF
Call 00406000
:004270D0 8BF8
mov edi, eax
:004270D2 8B45FC
:004270D5 50
push eax
:004270D6 8B4DFC
:004270D9 BA14000000
mov edx, 00000014
:004270DE 8BC3
mov eax, ebx
:004270E0
:004270E5
:004270E8
:004270EB
:004270ED
:004270EF
:004270F4
:004270F6
:004270F9
:004270FE
:00427100
:00427102
:00427105
:00427106
:00427109
:0042710B
:0042710D
:00427110
:00427113
:00427114
:00427117
:00427119
:0042711B
:0042711E
:00427121
:00427122
:00427124
:00427126
E8AFD0FFFF
8B45FC
894604
8BD6
8BC3
E824FFFFFF
33C0
894604
682000CC00
6A00
6A00
8B45FC
50
8D55A4
8BC3
8B08
FF5144
8B45B0
50
8D5594
8BC3
8B08
FF5144
8B459C
50
6A00
6A00
57
call 00424194
mov edx, esi
mov eax, ebx
call 00427018
xor eax, eax
push 00CC0020
push 00000000
push 00000000
push eax
mov eax, ebx
call [ecx+44]
push eax
mov eax, ebx
call [ecx+44]
push eax
push 00000000
push 00000000
push edi

|
:00427127 E8A4ECFDFF
Call 00405DD0
:0042712C 8D45B4
:0042712F 50
push eax
:00427130 8BC3
mov eax, ebx
:00427132 E8C91D0000
call 00428F00
:00427137 50
push eax
|
:00427138 E89BEFFDFF
Call 004060D8
:0042713D 33C0
xor eax, eax
:0042713F 5A
pop edx
:00427140 59
pop ecx
:00427141 59
pop ecx
:00427142 648910
|
:00427145 6871714200
push 00427171
|:0042716F(U)
|
:0042714A 8B45F4
:0042714D 50
push eax
:0042714E 8B45FC
:00427151 50
push eax
:00427152 E811EEFDFF
:00427157 8B45FC
:0042715A 50
|
Call 00405F68
push eax

|
:0042715B E8E0ECFDFF
Call 00405E40
:00427160 8B45F8
:00427163 50
push eax
|
:00427164 E8E7ECFDFF
Call 00405E50
:00427169 C3
ret
:0042716A E909C1FDFF
:0042716F EBD9
jmp 00403278
jmp 0042714A
|:0042704E(U), :0042705C(U)
|
:00427171 5F
:00427172 5E
:00427173 5B
:00427174 8BE5
:00427176 5D
:00427177 C3

pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp

|:0043B098
|
:00427178 53
push ebx
:00427179 56
push esi
:0042717A 8BDA
mov ebx, edx
:0042717C 8BF0
mov esi, eax
:0042717E 8BD3
mov edx, ebx
:00427180 8B4308
:00427183 E8D4FAFFFF
call 00426C5C
:00427188 84C0
test al, al
:0042718A 7509
jne 00427195
:0042718C 8BD3
mov edx, ebx
:0042718E 8BC6
mov eax, esi
:00427190 8B08
:00427192 FF51F0
call [ecx-10]
|:0042718A(C)
|
:00427195 5E
pop esi
:00427196 5B
pop ebx
:00427197 C3
ret
:00427198 53
:00427199 56
:0042719A 8BDA
push ebx
push esi
mov ebx, edx
:0042719C
:0042719E
:004271A0
:004271A3
:004271A5
:004271AA
:004271AC
:004271AE
:004271B0
:004271B2
:004271B4
8BF0
8BD3
8B4308
8B00
E8B2FAFFFF
84C0
7509
8BD3
8BC6
8B08
FF51F0
mov esi, eax

mov edx, ebx
call 00426C5C
test al, al
jne 004271B7
mov edx, ebx
mov eax, esi
call [ecx-10]

|:004271AC(C)
|
:004271B7 5E
pop esi
:004271B8 5B
pop ebx
:004271B9 C3
ret
:004271BA
:004271BC
:004271BD
:004271BF
:004271C4
:004271C6
:004271C8
:004271CD
:004271CF
:004271D4
:004271D5
8BC0
53
8BD8
E840C5FEFF
6A00
33C9
BA24B00000
8BC3
E8C0CFFFFF
5B
C3
:004271D6 8BC0
mov eax, eax

push ebx
mov ebx, eax
call 00413704
push 00000000
xor ecx, ecx
mov edx, 0000B024
mov eax, ebx
call 00424194
pop ebx
ret
mov eax, eax

|:0043C2C6
|
:004271D8 8B4A08
:004271DB 51
push ecx
:004271DC 8B4A04
:004271DF BA25B00000
mov edx, 0000B025
:004271E4 E8ABCFFFFF
call 00424194
:004271E9 C3
ret
:004271EA
:004271EC
:004271EE
:004271F0
:004271F5
:004271FA
8BC0
6A00
33C9
BA26B00000
E89ACFFFFF
C3
mov eax, eax

push 00000000
xor ecx, ecx
mov edx, 0000B026
call 00424194
ret
:004271FB
:004271FC
:004271FE
:00427200
:00427205
:0042720A
90
6A00
33C9
BA27B00000
E88ACFFFFF
C3
nop
push 00000000
xor ecx, ecx
mov edx, 0000B027
call 00424194
ret
:0042720B 90
nop

|:00437E4A
|
:0042720C 53
push ebx
:0042720D 56
push esi
:0042720E 8BDA
mov ebx, edx
:00427210 8BF0
mov esi, eax
:00427212 8BD3
mov edx, ebx
:00427214 8B4308
:00427217 E840FAFFFF
call 00426C5C
:0042721C 84C0
test al, al
:0042721E 7509
jne 00427229
:00427220 8BD3
mov edx, ebx
:00427222 8BC6
mov eax, esi
:00427224 8B08
:00427226 FF51F0
call [ecx-10]
|:0042721E(C)
|
:00427229 5E
pop esi
:0042722A 5B
pop ebx
:0042722B C3
ret

|:00437E6E
|
:0042722C 53
push ebx
:0042722D 56
push esi
:0042722E 8BDA
mov ebx, edx
:00427230 8BF0
mov esi, eax
:00427232 8BD3
mov edx, ebx
:00427234 8B4308
:00427237 E820FAFFFF
call 00426C5C
:0042723C 84C0
test al, al
:0042723E 7509
jne 00427249
:00427240 8BD3
mov edx, ebx
:00427242 8BC6
mov eax, esi
:00427244 8B08
:00427246 FF51F0
call [ecx-10]
|:0042723E(C)
|
:00427249 5E
pop esi
:0042724A 5B
pop ebx
:0042724B C3
ret
:0042724C
:0042724D
:0042724E
:00427250
:00427252
53
56
8BDA
8BF0
8BD3
push ebx
push esi
mov ebx, edx
mov esi, eax
mov edx, ebx
:00427254
:00427257
:0042725A
:0042725F
:00427261
:00427263
:00427265
:00427267
:00427269
8B4308
8B4004
E8FDF9FFFF
84C0
7509
8BD3
8BC6
8B08
FF51F0

call 00426C5C
test al, al
jne 0042726C
mov edx, ebx
mov eax, esi
call [ecx-10]

|:00427261(C)
|
:0042726C 5E
pop esi
:0042726D 5B
pop ebx
:0042726E C3
ret
:0042726F
:00427270
:00427271
:00427272
:00427274
:00427276
:00427278
:0042727B
:0042727E
:00427283
:00427285
:00427287
:00427289
:0042728B
:0042728D
90
53
56
8BDA
8BF0
8BD3
8B4308
8B4004
E8D9F9FFFF
84C0
7509
8BD3
8BC6
8B08
FF51F0
nop
push ebx
push esi
mov ebx, edx
mov esi, eax
mov edx, ebx
call 00426C5C
test al, al
jne 00427290
mov edx, ebx
mov eax, esi
call [ecx-10]

|:00427285(C)
|
:00427290 5E
pop esi
:00427291 5B
pop ebx
:00427292 C3
ret
:00427293
:00427294
:00427295
:00427296
:00427298
:0042729A
:0042729C
:0042729F
:004272A2
:004272A7
:004272A9
:004272AB
:004272AD
:004272AF
:004272B1
90
53
56
8BDA
8BF0
8BD3
8B4308
8B4004
E8B5F9FFFF
84C0
7509
8BD3
8BC6
8B08
FF51F0
nop
push ebx
push esi
mov ebx, edx
mov esi, eax
mov edx, ebx
call 00426C5C
test al, al
jne 004272B4
mov edx, ebx
mov eax, esi
call [ecx-10]

|:004272A9(C)
|
:004272B4 5E
:004272B5 5B
:004272B6 C3
pop esi
pop ebx
ret
:004272B7
:004272B8
:004272B9
:004272BA
:004272BC
:004272BE
:004272C0
:004272C3
:004272C6
:004272CB
:004272CD
:004272CF
:004272D1
:004272D3
:004272D5
nop
push ebx
push esi
mov ebx, edx
mov esi, eax
mov edx, ebx
call 00426C5C
test al, al
jne 004272D8
mov edx, ebx
mov eax, esi
call [ecx-10]
90
53
56
8BDA
8BF0
8BD3
8B4308
8B4004
E891F9FFFF
84C0
7509
8BD3
8BC6
8B08
FF51F0

|:004272CD(C)
|
:004272D8 5E
pop esi
:004272D9 5B
pop ebx
:004272DA C3
ret
:004272DB 90
nop

|:0043AE27
|
:004272DC 53
push ebx
:004272DD 56
push esi
:004272DE 83C4F0
add esp, FFFFFFF0
:004272E1 8BDA
mov ebx, edx
:004272E3 8BF0
mov esi, eax
:004272E5 80BEE801000000
cmp byte ptr [esi+000001E8], 00
:004272EC 7408
je 004272F6
:004272EE 8B4304
:004272F1 3B4308
:004272F4 7525
jne 0042731B
|:004272EC(C)
|
:004272F6 8B8624010000
:004272FC E8BFD4FEFF
:00427301 50
:00427302 8D542404
:00427306 8BC6
:00427308 8B08
:0042730A FF5144
:0042730D 8D442404
:00427311 50
:00427312 8B4304
:00427315 50

mov eax, dword
call 004147C0
push eax
lea edx, dword
mov eax, esi
mov ecx, dword
call [ecx+44]
lea eax, dword
push eax
mov eax, dword
push eax
ptr [esi+00000124]
ptr [esp+04]
ptr [eax]
ptr [esp+04]
ptr [ebx+04]

|
:00427316 E8DDEDFDFF
Call 004060F8
|:004272F4(C)
|
:0042731B C7430C01000000
:00427322 83C410
:00427325 5E
:00427326 5B
:00427327 C3
:00427328
:00427329
:0042732A
:0042732B
:0042732C
:0042732E
:00427330
:00427337
:00427339
:0042733D
:0042733F
:00427343
:00427345
:00427348
:0042734C
push ebx
push esi
push edi
push ecx
mov esi, edx
mov edi, eax
cmp byte ptr [edi+0000012C], 00
je 0042734E
test [edi+40], 10
je 0042734E
je 0042734E
test [eax+18], 08
je 00427352
53
56
57
51
8BF2
8BF8
80BF2C01000000
7415
F6474010
740F
837F2400
7409
8B4608
F6401808
7404
mov
add
pop
pop
ret
[ebx+0C], 00000001
esp, 00000010
esi
ebx

|:00427337(C), :0042733D(C), :00427343(C)
|
:0042734E 33DB
xor ebx, ebx
:00427350 EB02
jmp 00427354
|:0042734C(C)
|
:00427352 B301
mov bl, 01
|:00427350(U)
|
:00427354 8B4608
:00427357 F6401802
:0042735B 7510
:0042735D 8B8740010000
:00427363 50

test [eax+18], 02
jne 0042736D
push eax

|
:00427364 E857EFFDFF
Call 004062C0
:00427369 85C0
test eax, eax
:0042736B 7504
jne 00427371
|:0042735B(C)
|
:0042736D 33C0
:0042736F EB02
xor eax, eax

jmp 00427373

|:0042736B(C)
|
:00427371 B001
mov al, 01
|:0042736F(U)
|
:00427373 880424
:00427376 8B4608
:00427379 F6401801
:0042737D 7510
:0042737F 8B8740010000
:00427385 50

test [eax+18], 01
jne 0042738F
push eax

|
:00427386 E835EFFDFF
Call 004062C0
:0042738B 85C0
test eax, eax
:0042738D 7504
jne 00427393
|:0042737D(C)
|
:0042738F 33C0
xor eax, eax
:00427391 EB02
jmp 00427395
|:0042738D(C)
|
:00427393 B001
mov al, 01
|:00427391(U)
|
:00427395 88442401
:00427399 84DB
:0042739B 7410
:0042739D 8A0424
:004273A0 0A442401
:004273A4 7407
:004273A6 8BC7
:004273A8 E85B1A0000
|:0042739B(C), :004273A4(C)
|
:004273AD F6474502
:004273B1 7507
:004273B3 8BC7
:004273B5 E8321F0000

test bl, bl
je 004273AD
or al, byte ptr [esp+01]
je 004273AD
mov eax, edi
call 00428E08
test [edi+45], 02
jne 004273BA
mov eax, edi
call 004292EC

|:004273B1(C)
|
:004273BA 8BD6
mov edx, esi
:004273BC 8BC7
mov eax, edi
:004273BE
:004273C3
:004273C5
:004273C7
:004273CA
:004273CE
:004273D0
:004273D3
:004273D7
E859D6FFFF
84DB
7419
8A0424
0A442401
7509
8B4608
F64018C0
7407
call 00424A1C
test bl, bl
je 004273E0
jne 004273D9
test [eax+18], C0
je 004273E0

|:004273CE(C)
|
:004273D9 8BC7
mov eax, edi
:004273DB E8281A0000
call 00428E08
|:004273C5(C), :004273D7(C)
|
:004273E0 5A
:004273E1 5F
:004273E2 5E
:004273E3 5B
:004273E4 C3
:004273E5 8D4000
pop
pop
pop
pop
ret
edx
edi
esi
ebx

|:0043B66E
|
:004273E8 53
push ebx
:004273E9 56
push esi
:004273EA 57
push edi
:004273EB 8BFA
mov edi, edx
:004273ED 8BD8
mov ebx, eax
:004273EF A02C744200
:004273F4 224320
:004273F7 8A1530744200
mov dl, byte ptr [00427430]
:004273FD 3AD0
cmp dl, al
:004273FF 751E
jne 0042741F
:00427401 8B7708
:00427404 F6461801
test [esi+18], 01
:00427408 7515
jne 0042741F
:0042740A 8D4E14
lea ecx, dword ptr [esi+14]
:0042740D 8D5610
:00427410 8BC3
mov eax, ebx
:00427412 E8E1D2FFFF
call 004246F8
:00427417 84C0
test al, al
:00427419 7504
jne 0042741F
:0042741B 834E1801
|:004273FF(C), :00427408(C), :00427419(C)
|
:0042741F 8BD7
mov edx, edi
:00427421 8BC3
mov eax, ebx
:00427423 8B08
:00427425 FF51F0
call [ecx-10]
:00427428 5F
pop edi
:00427429 5E
:0042742A 5B
:0042742B C3
pop esi
pop ebx
ret
:0042742C 0A00
:0042742E 000000000000

BYTE 6 DUP(0)

|:00437DDD
|
:00427434 53
push ebx
:00427435 56
push esi
:00427436 8BF2
mov esi, edx
:00427438 8BD8
mov ebx, eax
:0042743A 8BC3
mov eax, ebx
:0042743C E8AB1E0000
call 004292EC
:00427441 8BD6
mov edx, esi
:00427443 8BC3
mov eax, ebx
:00427445 8B08
:00427447 FF51F0
call [ecx-10]
:0042744A 8BC3
mov eax, ebx
:0042744C E8C7E7FFFF
call 00425C18
:00427451 F6432001
test [ebx+20], 01
:00427455 750B
jne 00427462
:00427457 8BC3
mov eax, ebx
:00427459 66BBD5FF
mov bx, FFD5
:0042745D E892B9FDFF
call 00402DF4
|:00427455(C)
|
:00427462 5E
pop esi
:00427463 5B
pop ebx
:00427464 C3
ret
:00427465
:00427468
:00427469
:0042746B
:0042746D
:0042746F
:00427472
:00427474
:00427479
:0042747A
8D4000
56
8BF0
8BC6
8B08
FF51F0
8BC6
E8731E0000
5E
C3

push esi
mov esi, eax
mov eax, esi
call [ecx-10]
mov eax, esi
call 004292EC
pop esi
ret
:0042747B
:0042747C
:0042747D
:0042747E
:0042747F
:00427482
:00427484
:00427486
:00427489
90
53
56
57
83C4F0
8BF2
8BD8
8B4604
3B8340010000
nop
push ebx
push esi
push edi
add esp,
mov esi,
mov ebx,
mov eax,
cmp eax,
FFFFFFF0
edx
eax
dword ptr [esi+04]
dword ptr [ebx+00000140]
:0042748F
:00427495
:00427499
:0042749D
:0042749F
:004274A3
:004274A9
:004274AD
:004274AF
:004274B3
0F85C2000000
668B4608
6683E8FE
747A
6683E803
0F85AE000000
F6432010
7406
66BFFEFF
EB41
|:004274AD(C)
|
:004274B5 A1382D4400
:004274BA 8B00
:004274BC 668B7838
:004274C0 6685FF
:004274C3 7531
:004274C5 54
jne 00427557
sub ax, FFFE
je 00427519
sub ax, 0003
jne 00427557
test [ebx+20], 10
je 004274B5
mov di, FFFE
jmp 004274F6
mov di, word ptr [eax+38]
test di, di
jne 004274F6
push esp

|
:004274C6 E875ECFDFF
Call 00406140
:004274CB 8D4C2408
:004274CF 8BD4
mov edx, esp
:004274D1 8BC3
mov eax, ebx
:004274D3 E81CB8FFFF
call 00422CF4
:004274D8 8D542408
:004274DC 33C9
xor ecx, ecx
:004274DE 8BC3
mov eax, ebx
:004274E0 E89FF3FFFF
call 00426884
:004274E5 85C0
test eax, eax
:004274E7 7404
je 004274ED
:004274E9 668B786C
mov di, word ptr [eax+6C]
|:004274E7(C)
|
:004274ED 6685FF
:004274F0 7504
:004274F2 668B7B6C

test di, di
jne 004274F6
mov di, word ptr [ebx+6C]

|:004274B3(U), :004274C3(C), :004274F0(C)
|
:004274F6 6685FF
test di, di
:004274F9 745C
je 00427557
:004274FB 0FBFD7
movsx edx, di
:004274FE A1382D4400
:00427503 8B00
:00427505 E8225D0100
call 0043D22C
:0042750A 50
push eax
|
:0042750B E890EEFDFF
Call 004063A0
:00427510 C7460C01000000
mov [esi+0C], 00000001
:00427517 EB47
jmp 00427560
|:0042749D(C)
|
:00427519 66817E0A0102
:0042751F 7536
:00427521 A1302C4400
:00427526 8B00
:00427528 83782400
:0042752C 7429
:0042752E A1302C4400
:00427533 8B00
:00427535 8B4024
:00427538 50

cmp word ptr [esi+0A], 0201
jne 00427557
je 00427557
push eax

|
:00427539 E862ECFDFF
Call 004061A0
:0042753E 8BF8
mov edi, eax
* Reference To: user32.GetForegroundWindow, Ord:0000h
|
:00427540 E823ECFDFF
Call 00406168
:00427545 3BF8
cmp edi, eax
:00427547 740E
je 00427557
:00427549 A1302C4400
:0042754E 8B00
:00427550 E897730100
call 0043E8EC
:00427555 EB09
jmp 00427560
|:0042748F(C), :004274A3(C), :004274F9(C), :0042751F(C), :0042752C(C)
|:00427547(C)
|
:00427557 8BD6
mov edx, esi
:00427559 8BC3
mov eax, ebx
:0042755B 8B08
:0042755D FF51F0
call [ecx-10]
|:00427517(U), :00427555(U)
|
:00427560 83C410
:00427563 5F
:00427564 5E
:00427565 5B
:00427566 C3
:00427567
:00427568
:00427569
:0042756B
:0042756D
:0042756F
:00427572
:00427574
:00427579
:0042757A
nop
push esi
mov esi, eax
mov eax, esi
call [ecx-10]
mov eax, esi
call 004275B8
pop esi
ret
90
56
8BF0
8BC6
8B08
FF51F0
8BC6
E83F000000
5E
C3
add
pop
pop
pop
ret
esp, 00000010
edi
esi
ebx
:0042757B
:0042757C
:0042757D
:0042757F
:00427581
:00427583
:00427586
:00427588
:0042758D
:0042758E
90
56
8BF0
8BC6
8B08
FF51F0
8BC6
E8D3000000
5E
C3
nop
push esi
mov esi, eax
mov eax, esi
call [ecx-10]
mov eax, esi
call 00427660
pop esi
ret
:0042758F
:00427590
:00427591
:00427593
:0042759A
:0042759C
:0042759E
:004275A1
:004275A2
90
56
8BF0
C686E901000001
8BC6
8B08
FF51F0
5E
C3
nop
push esi
mov esi, eax
mov byte ptr [esi+000001E9], 01
mov eax, esi
call [ecx-10]
pop esi
ret
:004275A3
:004275A4
:004275A5
:004275A7
:004275AE
:004275B0
:004275B2
:004275B5
:004275B6
90
56
8BF0
C686E901000000
8BC6
8B08
FF51F0
5E
C3
nop
push esi
mov esi, eax
mov byte ptr [esi+000001E9], 00
mov eax, esi
call [ecx-10]
pop esi
ret
:004275B7 90
nop

|:00427574
|
:004275B8 53
push ebx
:004275B9 56
push esi
:004275BA 57
push edi
:004275BB 8BD8
mov ebx, eax
:004275BD A1502D4400
:004275C2 80780800
:004275C6 0F8490000000
je 0042765C
:004275CC 83BB4C01000000
:004275D3 7475
je 0042764A
:004275D5 A1382D4400
:004275DA 8B00
:004275DC 8B502C
:004275DF 8B834C010000
:004275E5 E88AFFFDFF
call 00407574
:004275EA 85C0
test eax, eax
:004275EC 745C
je 0042764A
:004275EE A1382D4400
:004275F3 8B00
:004275F5 8B4028
:004275F8 8B10
:004275FA FF5214
call [edx+14]
:004275FD
:004275FF
:00427601
:00427606
:00427608
:0042760B
:00427612
:00427614
:00427619
:0042761B
:0042761E
:00427624
:00427626
:00427629
:0042762B
:0042762D
:0042762F
:00427634
:00427636
:00427639
:0042763B
:0042763D
:00427640
85C0
7449
A1382D4400
8B00
8B7030
80BB4801000000
742E
A1382D4400
8B00
8B4028
8B934C010000
8B08
FF5150
8BF8
85FF
7C13
A1382D4400
8B00
8B4028
8BD7
8B08
FF5118
8BF0
test eax, eax

je 0042764A
je 00427642
call [ecx+50]
mov edi, eax
test edi, edi
jl 00427642
mov edx, edi
call [ecx+18]
mov esi, eax

|:00427612(C), :0042762D(C)
|
:00427642 6A01
push 00000001
:00427644 56
push esi
|
:00427645 E89EE9FDFF
Call 00405FE8
|:004275D3(C), :004275EC(C), :004275FF(C)
|
:0042764A 8BC3
mov eax, ebx
:0042764C E8AF180000
call 00428F00
:00427651 8A9348010000
:00427657 E8B05C0000
call 0042D30C
|:004275C6(C)
|
:0042765C 5F
pop edi
:0042765D 5E
pop esi
:0042765E 5B
pop ebx
:0042765F C3
ret

|:00427588
|
:00427660 53
push ebx
:00427661 8BD8
mov ebx, eax
:00427663 A1502D4400
:00427668 80780800
:0042766C 744B
je 004276B9
:0042766E
:00427675
:00427677
:0042767C
:0042767E
:00427681
:00427687
:0042768C
:0042768E
:00427690
:00427692
:00427697
:00427699
:0042769C
83BB4C01000000
742B
A1382D4400
8B00
8B502C
8B834C010000
E8E8FEFDFF
85C0
7412
6A01
A1382D4400
8B00
8B4030
50

je 004276A2
call 00407574
test eax, eax
je 004276A2
push 00000001
push eax

|
:0042769D E846E9FDFF
Call 00405FE8
|:00427675(C), :0042768E(C)
|
:004276A2 80BB4801000000
:004276A9 750E
:004276AB 8BC3
:004276AD E84E180000
:004276B2 B201
:004276B4 E83B5C0000

jne 004276B9
mov eax, ebx
call 00428F00
mov dl, 01
call 0042D2F4

|:0042766C(C), :004276A9(C)
|
:004276B9 5B
pop ebx
:004276BA C3
ret
:004276BB 90
nop

|:0043C721
|
:004276BC 92
xchg eax,edx
:004276BD 8B08
:004276BF FF5164
call [ecx+64]
:004276C2 C3
ret
:004276C3 90
nop

|:0043C769
|
:004276C4 C3
ret
:004276C5 8D4000
:004276C8 53
push ebx
:004276C9 6683B89A01000000
:004276D1 7410
je 004276E3
:004276D3 8BD8
mov ebx, eax
:004276D5 8BD0
mov edx, eax
:004276D7 8B839C010000
:004276DD FF9398010000

|:004276D1(C)
|
:004276E3 5B
pop ebx
:004276E4 C3
ret
:004276E5
:004276E8
:004276E9
:004276F1
:004276F3
:004276F5
:004276F7
:004276FD
8D4000
53
6683B8A201000000
7410
8BD8
8BD0
8B83A4010000
FF93A0010000

push ebx
je 00427703
mov ebx, eax
mov edx, eax

|:004276F1(C)
|
:00427703 5B
pop ebx
:00427704 C3
ret
:00427705
:00427708
:00427709
:0042770B
:0042770C
:0042770D
:0042770E
:00427710
:00427712
:00427714
:00427718
:0042771A
:0042771F
:00427720
:00427722
:00427727
:00427729
:0042772E
:00427730
:00427732
:0042773A
:0042773C
:0042773D
:00427740
:00427741
:00427743
:00427745
:0042774B
8D4000
55
8BEC
53
56
57
8BF9
8BF2
8BD8
668B5508
8BC7
E8694AFEFF
50
8BCE
BA38B00000
8BC3
E866CAFFFF
85C0
7C1F
6683BB8A01000000
7415
57
8B4508
50
8BCE
8BD3
8B838C010000
FF9388010000
|:00427730(C), :0042773A(C)
|
:00427751 5F
:00427752 5E
:00427753 5B

push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov dx, word ptr [ebp+08]
mov eax, edi
call 0040C188
push eax
mov ecx, esi
mov edx, 0000B038
mov eax, ebx
call 00424194
test eax, eax
jl 00427751
je 00427751
push edi
push eax
mov ecx, esi
mov edx, ebx
pop edi
pop esi
pop ebx
:00427754 5D
:00427755 C20400
pop ebp
ret 0004
:00427758
:00427759
:0042775B
:0042775C
:00427764
:00427766
:00427767
:0042776A
:0042776B
:0042776E
:0042776F
:00427772
:00427773
:00427775
:00427777
:00427779
:0042777F
push ebp
mov ebp, esp
push ebx
cmp word ptr [eax+00000192], 0000
je 00427785
push ecx
push ecx
mov cl, byte ptr [ebp+0C]
push ecx
push ecx
mov ebx, eax
mov ecx, edx
mov edx, eax
55
8BEC
53
6683B89201000000
741F
51
8B4D10
51
8A4D0C
51
8B4D08
51
8BD8
8BCA
8BD0
8B8394010000
FF9390010000

|:00427764(C)
|
:00427785 5B
pop ebx
:00427786 5D
pop ebp
:00427787 C20C00
ret 000C
:0042778A
:0042778C
:0042778D
:0042778F
:00427790
:00427791
:00427792
:00427793
:00427796
:00427798
:0042779A
:0042779C
:0042779E
:004277A2
:004277A7
:004277AA
:004277AB
:004277AE
:004277AF
:004277B2
:004277B3
:004277B6
:004277B8
:004277BA
:004277BE
:004277C3
:004277C4
:004277C5
:004277C6
:004277C7
8BC0
55
8BEC
51
53
56
57
894DFC
8BFA
8BF0
8BD7
8BC6
66BBD8FF
E84DB6FDFF
8B4510
50
8A450C
50
8B4508
50
8B4DFC
8BD7
8BC6
66BBCBFF
E831B6FDFF
5F
5E
5B
59
5D
mov eax, eax

push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov edx, edi
mov eax, esi
mov bx, FFD8
call 00402DF4
push eax
push eax
push eax
mov edx, edi
mov eax, esi
mov bx, FFCB
call 00402DF4
pop edi
pop esi
pop ebx
pop ecx
pop ebp
:004277C8 C20C00
ret 000C
:004277CB
:004277CC
:004277CD
:004277CE
:004277CF
:004277D0
:004277D2
:004277D4
:004277D6
:004277DA
:004277E2
:004277E4
:004277E5
:004277E9
:004277EA
:004277EC
:004277EE
:004277F4
nop
push ebx
push esi
push edi
push ecx
mov edi, ecx
mov esi, edx
mov ebx, eax
cmp word ptr [ebx+000001E2], 0000
je 004277FA
push esi
push eax
mov ecx, edi
mov edx, ebx
90
53
56
57
51
8BF9
8BF2
8BD8
C6042401
6683BBE201000000
7416
56
8D442404
50
8BCF
8BD3
8B83E4010000
FF93E0010000
|:004277E2(C)
|
:004277FA 803C2400
:004277FE 7413
:00427800 57
:00427801 8BCE
:00427803 BA39B00000
:00427808 8BC3
:0042780A E885C9FFFF
:0042780F 85C0
:00427811 7404

je 00427813
push edi
mov ecx, esi
mov edx, 0000B039
mov eax, ebx
call 00424194
test eax, eax
je 00427817

|:004277FE(C)
|
:00427813 33C0
xor eax, eax
:00427815 EB02
jmp 00427819
|:00427811(C)
|
:00427817 B001
mov al, 01
|:00427815(U)
|
:00427819 880424
:0042781C 8A0424
:0042781F 5A
pop edx
:00427820 5F
pop edi
:00427821 5E
pop esi
:00427822 5B
pop ebx
:00427823 C3
ret
:00427824 53
:00427825 56
push ebx
push esi
:00427826
:00427827
:00427829
:0042782B
:0042782D
:0042782F
:00427832
57
8BF9
8BF2
8BD8
8BD6
8B4304
E859A1FEFF
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov edx, esi
call 00411990

|
:00427837 8B15BCF44100
:0042783D E866B5FDFF
call 00402DA8
:00427842 8907
:00427844 5F
pop edi
:00427845 5E
pop esi
:00427846 5B
pop ebx
:00427847 C3
ret
|:004210A3 , :004212ED
|:0042C538 , :0042C7C0
|:0043C7E5 , :0043C852
|
:00427848 8B9034010000
:0042784E 85D2
:00427850 7404
:00427852 8B4208
:00427855 C3
Addresses:
, :004212F8
, :0042CD67
, :0043C9D4
, :0042C2C5
, :0043C6DA
, :0042C34F
, :0043C770

test edx, edx
je 00427856
ret

|:00427850(C)
|
:00427856 33C0
xor eax, eax
:00427858 C3
ret
:00427859 8D4000

|:00421341 , :0042C54F , :0043C892 , :0043C9E7
|
:0042785C 53
push ebx
:0042785D 56
push esi
:0042785E 57
push edi
:0042785F 8BFA
mov edi, edx
:00427861 8BD8
mov ebx, eax
:00427863 8BB334010000
:00427869 85F6
test esi, esi
:0042786B 740B
je 00427878
:0042786D 8BD7
mov edx, edi
:0042786F 8BC6
mov eax, esi
:00427871 E80253FEFF
call 0040CB78
:00427876 EB02
jmp 0042787A
|:0042786B(C)
|
:00427878 33C0
xor eax, eax

|:00427876(U)
|
:0042787A 5F
pop edi
:0042787B 5E
pop esi
:0042787C 5B
pop ebx
:0042787D C3
ret
:0042787E
:00427880
:00427881
:00427883
:00427886
:00427887
:00427888
:00427889
:0042788C
:0042788F
:00427890
:00427891
:00427893
:00427895
:00427897
:00427898
:0042789A
:0042789F
8BC0
55
8BEC
83C4F8
53
56
57
8B750C
8D7DF8
A5
A5
8BF1
8BFA
8BD8
56
8BC3
E861160000
50
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
movsd
movsd
mov esi, ecx
mov edi, edx
mov ebx, eax
push esi
mov eax, ebx
call 00428F00
push eax

|
:004278A0 E8ABE9FDFF
Call 00406250
:004278A5 6A0A
push 0000000A
:004278A7 6A0A
push 0000000A
:004278A9 56
push esi
|
:004278AA E8C1E9FDFF
Call 00406270
:004278AF 6683BBAA01000000
cmp word ptr [ebx+000001AA], 0000
:004278B7 7419
je 004278D2
:004278B9 56
push esi
:004278BA 8D45F8
:004278BD 50
push eax
:004278BE 8B4508
:004278C1 50
push eax
:004278C2 8BCF
mov ecx, edi
:004278C4 8BD3
mov edx, ebx
:004278C6 8B83AC010000
mov eax, dword ptr [ebx+000001AC]
:004278CC FF93A8010000
|:004278B7(C)
|
:004278D2 5F
pop edi
:004278D3 5E
pop esi
:004278D4 5B
pop ebx
:004278D5 59
pop ecx
:004278D6 59
:004278D7 5D
:004278D8 C20800
pop ecx
pop ebp
ret 0008
:004278DB
:004278DC
:004278DD
:004278DE
:004278E0
:004278E2
:004278E9
:004278EB
:004278F2
:004278F4
:004278FB
:004278FD
:004278FF
:00427901
:00427906
:0042790B
:0042790D
:0042790F
:00427911
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
jne 0042791D
je 0042791D
je 0042791D
mov ecx, ebx
mov dl, 01
mov eax, dword ptr [004202DC]
call 0042AEE4
mov edx, eax
test edx, edx
je 00427914
sub edx, FFFFFF90
90
53
56
8BF2
8BD8
83BB3C01000000
7532
80BB3801000000
7429
80BB8001000000
7420
8BCB
B201
A1DC024200
E8D9350000
8BD0
85D2
7403
83EA90
|:0042790F(C)
|
:00427914 8BC6
:00427916 E879D5FDFF
:0042791B EB0D

mov eax, esi
call 00404E94
jmp 0042792A

|:004278E9(C), :004278F2(C), :004278FB(C)
|
:0042791D 8BC6
mov eax, esi
:0042791F 8B933C010000
:00427925 E86AD5FDFF
call 00404E94
|:0042791B(U)
|
:0042792A 80BBE801000000
:00427931 7509
:00427933 833E00
:00427936 7504
:00427938 33C0
:0042793A EB02

cmp
jne
cmp
jne
xor
jmp
byte ptr [ebx+000001E8], 00

0042793C
dword ptr [esi], 00000000
0042793C
eax, eax
0042793E

|:00427931(C), :00427936(C)
|
:0042793C B001
mov al, 01
|:0042793A(U)
|
:0042793E 8883E8010000
:00427944 5E
:00427945 5B

mov byte ptr [ebx+000001E8], al
pop esi
pop ebx
:00427946 C3
ret
:00427947 90
nop

|:0043C68F
|
:00427948 55
push ebp
:00427949 8BEC
mov ebp, esp
:0042794B 6A00
push 00000000
:0042794D 53
push ebx
:0042794E 56
push esi
:0042794F 8BDA
mov ebx, edx
:00427951 8BF0
mov esi, eax
:00427953 33C0
xor eax, eax
:00427955 55
push ebp
:00427956 68EF794200
push 004279EF
:0042795B 64FF30
:0042795E 648920
:00427961 3A9E38010000
:00427967 7470
je 004279D9
:00427969 889E38010000
:0042796F F6462010
test [esi+20], 10
:00427973 7564
jne 004279D9
:00427975 8BD3
mov edx, ebx
:00427977 8BC6
mov eax, esi
:00427979 E8B697FFFF
call 00421134
:0042797E 84DB
test bl, bl
:00427980 7520
jne 004279A2
:00427982 8B8634010000
:00427988 E893B2FDFF
call 00402C20
:0042798D 33C0
xor eax, eax
:0042798F 898634010000
:00427995 8D863C010000
lea eax, dword ptr [esi+0000013C]
:0042799B E8DCD4FDFF
call 00404E7C
:004279A0 EB37
jmp 004279D9
|:00427980(C)
|
:004279A2 83BE3401000000
:004279A9 7512
:004279AB B201
:004279AD A154B54000
:004279B2 E839B2FDFF
:004279B7 898634010000
|:004279A9(C)
|
:004279BD 8D55FC
:004279C0 8BC6
:004279C2 66BBCEFF
:004279C6 E829B4FDFF
:004279CB 8B55FC
:004279CE 8D863C010000
:004279D4 E8BBD4FDFF
cmp dword ptr [esi+00000134], 00000000

jne 004279BD
mov dl, 01
call 00402BF0

mov eax, esi
mov bx, FFCE
call 00402DF4
call 00404E94
|:00427967(C), :00427973(C), :004279A0(U)

|
:004279D9 33C0
xor eax, eax
:004279DB 5A
pop edx
:004279DC 59
pop ecx
:004279DD 59
pop ecx
:004279DE 648910
|
:004279E1 68F6794200
push 004279F6
|:004279F4(U)
|
:004279E6 8D45FC
:004279E9 E88ED4FDFF
:004279EE C3
:004279EF
:004279F4
:004279F6
:004279F7
:004279F8
:004279F9
:004279FA
E984B8FDFF
EBF0
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
ret
:004279FB
:004279FC
:004279FD
:004279FF
:00427A02
:00427A03
:00427A04
:00427A05
:00427A08
:00427A0B
:00427A0E
:00427A12
:00427A18
:00427A1B
:00427A1E
:00427A21
:00427A24
:00427A29
:00427A2A
:00427A2B
:00427A2D
:00427A30
:00427A31
:00427A34
:00427A39
:00427A3A
90
55
8BEC
83C4E8
53
56
57
8955F8
8945FC
8B45F8
83780C00
0F85CB000000
8B45F8
8B4004
8D7038
8D7DE8
B904000000
F3
A5
6A02
8D45E8
50
8B45FC
E8C7140000
50
6A00
nop
push ebp
mov ebp, esp
add esp, FFFFFFE8
push ebx
push esi
push edi
jne 00427AE3
mov ecx, 00000004
repz
movsd
push 00000002
push eax
call 00428F00
push eax
push 00000000

call 00404E7C
ret
00403278
004279E6
esi
ebx
ecx
ebp

|
:00427A3C E8BFE8FDFF
Call 00406300
:00427A41 8B45FC
:00427A44
:00427A49
:00427A4B
:00427A4C
:00427A51
:00427A54
:00427A57
:00427A5A
:00427A5D
:00427A60
:00427A63
:00427A66
:00427A6A
:00427A6F
:00427A72
:00427A79
:00427A7B
:00427A7E
:00427A85
:00427A87
:00427A8A
:00427A8D
:00427A90
:00427A91
:00427A94
:00427A97
:00427A9A
:00427A9D
:00427AA0
:00427AA6
:00427AA8
E893E1FFFF
33D2
55
68C17A4200
64FF32
648922
8B45F8
8B4004
8B4030
8D4DE8
8B55FC
66BBD2FF
E885B3FDFF
8B45FC
80B88001000000
7430
8B45FC
83B83C01000000
7424
8B45F8
8B4004
8B504C
52
8B55F8
8A4848
8B55F8
8B5030
8B45FC
8B803C010000
8B18
FF5318
call 00425BDC
xor edx, edx
push ebp
push 00427AC1
mov bx, FFD2
call 00402DF4
je 00427AAB
je 00427AAB
push edx
call [ebx+18]
|:00427A79(C), :00427A85(C)
|
:00427AAB 33C0
:00427AAD 5A
:00427AAE 59
:00427AAF 59
:00427AB0 648910
:00427AB3 68C87A4200
|:00427AC6(U)
|
:00427AB8 8B45FC
:00427ABB E824E1FFFF
:00427AC0 C3
:00427AC1
:00427AC6
:00427AC8
:00427ACB
:00427AD0
:00427AD2
:00427AD4
jmp 00403278
jmp 00427AB8
call 00436C10
test eax, eax
je 00427AD9
call 004233E8
E9B2B7FDFF
EBF0
8B45FC
E840F10000
85C0
7405
E80FB9FFFF
xor eax, eax

pop edx
pop ecx
pop ecx
push 00427AC8

call 00425BE4
ret

|:00427AD2(C)
|
:00427AD9 8B45F8
:00427ADC C7400C01000000

mov [eax+0C], 00000001

|:00427A12(C)
|
:00427AE3 5F
pop edi
:00427AE4 5E
pop esi
:00427AE5 5B
pop ebx
:00427AE6 8BE5
mov esp, ebp
:00427AE8 5D
pop ebp
:00427AE9 C3
ret
:00427AEA 8BC0
mov eax, eax

|:0043C9AD
|
:00427AEC 33C9
xor ecx, ecx
:00427AEE 894A0C
:00427AF1 80B88001000000
:00427AF8 7417
je 00427B11
:00427AFA 83B83C01000000
:00427B01 740E
je 00427B11
:00427B03 8B5208
:00427B06 8B803C010000
:00427B0C 8B08
:00427B0E FF5128
call [ecx+28]
|:00427AF8(C), :00427B01(C)
|
:00427B11 C3
:00427B12 8BC0
:00427B14 55
:00427B15 8BEC
:00427B17 83C4F8
:00427B1A 53
:00427B1B 56
:00427B1C 8BF2
:00427B1E 8945FC
:00427B21 8B45FC
:00427B24 8B10
:00427B26 FF5258
:00427B29 8BD8
:00427B2B 8B45FC
:00427B2E E835B0FDFF
:00427B33 3BD8
:00427B35 754E
:00427B37 8B45FC
:00427B3A 8A4047
:00427B3D 8845FB
:00427B40 33C0
:00427B42 55
:00427B43 687E7B4200
:00427B48 64FF30
:00427B4B 648920
:00427B4E 8B4608

ret
mov eax, eax
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
mov esi, edx
call [edx+58]
mov ebx, eax
call 00402B68
cmp ebx, eax
jne 00427B85
xor eax, eax
push ebp
push 00427B7E
:00427B51
:00427B54
:00427B56
:00427B59
:00427B5D
:00427B62
:00427B64
:00427B65
:00427B66
:00427B67
8D4838
33D2
8B45FC
66BBD2FF
E892B2FDFF
33C0
5A
59
59
648910
lea ecx, dword ptr [eax+38]

xor edx, edx
mov bx, FFD2
call 00402DF4
xor eax, eax
pop edx
pop ecx
pop ecx

|
:00427B6A 688F7B4200
push 00427B8F
|:00427B83(U)
|
:00427B6F 807DFB00
:00427B73 7408
:00427B75 8B45FC
:00427B78 E86BB8FFFF
|:00427B73(C)
|
:00427B7D C3
:00427B7E E9F5B6FDFF
:00427B83 EBEA
|:00427B35(C)
|
:00427B85 8BD6
:00427B87 8B45FC
:00427B8A E8ADD1FFFF
:00427B8F 5E
:00427B90 5B
:00427B91 59
:00427B92 59
:00427B93 5D
:00427B94 C3
:00427B95
:00427B98
:00427B99
:00427B9A
:00427B9D
:00427BA5
:00427BA7
:00427BAA
:00427BAB
:00427BAD
:00427BAF
:00427BB1
:00427BB7

push ebx
push ecx
je 00427BBD
push ecx
mov ecx, edx
mov ebx, eax
mov edx, eax
8D4000
53
51
880C24
6683B8B201000000
7416
8A0C24
51
8BCA
8BD8
8BD0
8B83B4010000
FF93B0010000

je 00427B7D
call 004233E8
ret
jmp 00403278
jmp 00427B6F
mov edx, esi

call 00424D3C
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
ret

|:00427BA5(C)
|
:00427BBD 5A
:00427BBE 5B
:00427BBF C3
pop edx
pop ebx
ret

|:00427BEA , :00427C32 , :00427C52
|
:00427BC0 53
push ebx
:00427BC1 56
push esi
:00427BC2 57
push edi
:00427BC3 51
push ecx
:00427BC4 8BFA
mov edi, edx
:00427BC6 8BF0
mov esi, eax
:00427BC8 C6042401
:00427BCC 8BC6
mov eax, esi
:00427BCE E83DF00000
call 00436C10
:00427BD3 8BD8
mov ebx, eax
:00427BD5 85DB
test ebx, ebx
:00427BD7 741A
je 00427BF3
:00427BD9 3BF3
cmp esi, ebx
:00427BDB 7416
je 00427BF3
:00427BDD 80BB0D02000000
:00427BE4 740D
je 00427BF3
:00427BE6 8BD7
mov edx, edi
:00427BE8 8BC3
mov eax, ebx
:00427BEA E8D1FFFFFF
call 00427BC0
:00427BEF 84C0
test al, al
:00427BF1 752B
jne 00427C1E
|:00427BD7(C), :00427BDB(C), :00427BE4(C)
|
:00427BF3 8B4708
:00427BF6 E8EDEE0000
call 00436AE8
:00427BFB 8BD8
mov ebx, eax
:00427BFD F6464110
test [esi+41], 10
:00427C01 7517
jne 00427C1A
:00427C03 8D5704
:00427C06 8BCB
mov ecx, ebx
:00427C08 8BC6
mov eax, esi
:00427C0A 66BBC1FF
mov bx, FFC1
:00427C0E E8E1B1FDFF
call 00402DF4
:00427C13 66837F0400
cmp word ptr [edi+04], 0000
:00427C18 7404
je 00427C1E
|:00427C01(C)
|
:00427C1A C6042400
|:00427BF1(C), :00427C18(C)
|
:00427C1E 8A0424
:00427C21 5A
:00427C22 5F
:00427C23 5E

mov
pop
pop
pop
al, byte ptr [esp]

edx
edi
esi
:00427C24 5B
:00427C25 C3
pop ebx
ret
:00427C26
:00427C28
:00427C29
:00427C2A
:00427C2C
:00427C2E
:00427C30
:00427C32
:00427C37
:00427C39
:00427C3B
:00427C3D
:00427C3F
:00427C41
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00427BC0
test al, al
jne 00427C44
mov edx, esi
mov eax, ebx
call [ecx-10]
8BC0
53
56
8BF2
8BD8
8BD6
8BC3
E889FFFFFF
84C0
7509
8BD6
8BC3
8B08
FF51F0

|:00427C39(C)
|
:00427C44 5E
pop esi
:00427C45 5B
pop ebx
:00427C46 C3
ret
:00427C47
:00427C48
:00427C49
:00427C4A
:00427C4C
:00427C4E
:00427C50
:00427C52
:00427C57
:00427C59
:00427C5B
:00427C5D
:00427C5F
:00427C61
90
53
56
8BF2
8BD8
8BD6
8BC3
E869FFFFFF
84C0
7509
8BD6
8BC3
8B08
FF51F0
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00427BC0
test al, al
jne 00427C64
mov edx, esi
mov eax, ebx
call [ecx-10]

|:00427C59(C)
|
:00427C64 5E
pop esi
:00427C65 5B
pop ebx
:00427C66 C3
ret
:00427C67
:00427C68
:00427C69
:00427C6A
:00427C6D
:00427C75
:00427C77
:00427C7A
:00427C7B
:00427C7D
90
53
51
880C24
6683B8C201000000
7416
8A0C24
51
8BCA
8BD8
nop
push ebx
push ecx
je 00427C8D
push ecx
mov ecx, edx
mov ebx, eax
:00427C7F 8BD0
:00427C81 8B83C4010000
:00427C87 FF93C0010000
mov edx, eax


|:00427C75(C)
|
:00427C8D 5A
pop edx
:00427C8E 5B
pop ebx
:00427C8F C3
ret

|:00427CBA , :00427D26 , :00427D46
|
:00427C90 53
push ebx
:00427C91 56
push esi
:00427C92 57
push edi
:00427C93 51
push ecx
:00427C94 8BFA
mov edi, edx
:00427C96 8BF0
mov esi, eax
:00427C98 C6042401
:00427C9C 8BC6
mov eax, esi
:00427C9E E86DEF0000
call 00436C10
:00427CA3 8BD8
mov ebx, eax
:00427CA5 85DB
test ebx, ebx
:00427CA7 741A
je 00427CC3
:00427CA9 3BF3
cmp esi, ebx
:00427CAB 7416
je 00427CC3
:00427CAD 80BB0D02000000
:00427CB4 740D
je 00427CC3
:00427CB6 8BD7
mov edx, edi
:00427CB8 8BC3
mov eax, ebx
:00427CBA E8D1FFFFFF
call 00427C90
:00427CBF 84C0
test al, al
:00427CC1 754F
jne 00427D12
|:00427CA7(C), :00427CAB(C), :00427CB4(C)
|
:00427CC3 8B4708
:00427CC6 E81DEE0000
call 00436AE8
:00427CCB 88442401
:00427CCF F6464110
test [esi+41], 10
:00427CD3 7519
jne 00427CEE
:00427CD5 8D5704
:00427CD8 8A4C2401
:00427CDC 8BC6
mov eax, esi
:00427CDE 66BBC0FF
mov bx, FFC0
:00427CE2 E80DB1FDFF
call 00402DF4
:00427CE7 66837F0400
:00427CEC 7424
je 00427D12
|:00427CD3(C)
|
:00427CEE 66837F045D
:00427CF3 7519
:00427CF5 F644240102

cmp word ptr [edi+04], 005D
jne 00427D0E
test [esp+01], 02
:00427CFA
:00427CFC
:00427CFE
:00427D00
:00427D05
:00427D07
:00427D09
7512
33D2
33C0
E88344FEFF
8BD0
8BC6
E876C9FFFF
jne 00427D0E
xor edx, edx
xor eax, eax
call 0040C188
mov edx, eax
mov eax, esi
call 00424684

|:00427CF3(C), :00427CFA(C)
|
:00427D0E C6042400
|:00427CC1(C), :00427CEC(C)
|
:00427D12 8A0424
:00427D15 5A
:00427D16 5F
:00427D17 5E
:00427D18 5B
:00427D19 C3
:00427D1A
:00427D1C
:00427D1D
:00427D1E
:00427D20
:00427D22
:00427D24
:00427D26
:00427D2B
:00427D2D
:00427D2F
:00427D31
:00427D33
:00427D35
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00427C90
test al, al
jne 00427D38
mov edx, esi
mov eax, ebx
call [ecx-10]
8BC0
53
56
8BF2
8BD8
8BD6
8BC3
E865FFFFFF
84C0
7509
8BD6
8BC3
8B08
FF51F0
mov
pop
pop
pop
pop
ret
al, byte ptr [esp]

edx
edi
esi
ebx

|:00427D2D(C)
|
:00427D38 5E
pop esi
:00427D39 5B
pop ebx
:00427D3A C3
ret
:00427D3B
:00427D3C
:00427D3D
:00427D3E
:00427D40
:00427D42
:00427D44
:00427D46
:00427D4B
:00427D4D
:00427D4F
:00427D51
:00427D53
90
53
56
8BF2
8BD8
8BD6
8BC3
E845FFFFFF
84C0
7509
8BD6
8BC3
8B08
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00427C90
test al, al
jne 00427D58
mov edx, esi
mov eax, ebx
:00427D55 FF51F0
call [ecx-10]

|:00427D4D(C)
|
:00427D58 5E
pop esi
:00427D59 5B
pop ebx
:00427D5A C3
ret
:00427D5B
:00427D5C
:00427D5D
:00427D65
:00427D67
:00427D69
:00427D6B
:00427D6D
:00427D73
90
53
6683B8BA01000000
7412
8BCA
8BD8
8BD0
8B83BC010000
FF93B8010000
nop
push ebx
cmp word ptr [eax+000001BA], 0000
je 00427D79
mov ecx, edx
mov ebx, eax
mov edx, eax
mov eax, dword ptr [ebx+000001BC]

|:00427D65(C)
|
:00427D79 5B
pop ebx
:00427D7A C3
ret
:00427D7B 90
nop

|:00427DA6 , :00427DF2
|
:00427D7C 53
push ebx
:00427D7D 56
push esi
:00427D7E 57
push edi
:00427D7F 51
push ecx
:00427D80 8BFA
mov edi, edx
:00427D82 8BF0
mov esi, eax
:00427D84 C6042401
:00427D88 8BC6
mov eax, esi
:00427D8A E881EE0000
call 00436C10
:00427D8F 8BD8
mov ebx, eax
:00427D91 85DB
test ebx, ebx
:00427D93 741A
je 00427DAF
:00427D95 3BF3
cmp esi, ebx
:00427D97 7416
je 00427DAF
:00427D99 80BB0D02000000
:00427DA0 740D
je 00427DAF
:00427DA2 8BD7
mov edx, edi
:00427DA4 8BC3
mov eax, ebx
:00427DA6 E8D1FFFFFF
call 00427D7C
:00427DAB 84C0
test al, al
:00427DAD 7530
jne 00427DDF
|:00427D93(C), :00427D97(C), :00427DA0(C)
|
:00427DAF F6464110
test [esi+41], 10
:00427DB3 7526
jne 00427DDB
:00427DB5 8A4704
:00427DB8
:00427DBC
:00427DC0
:00427DC2
:00427DC6
:00427DCB
:00427DCD
:00427DD1
:00427DD5
:00427DD9
88442401
8D542401
8BC6
66BBBFFF
E829B0FDFF
33C0
8A442401
66894704
807F0400
7404

mov eax, esi
mov bx, FFBF
call 00402DF4
xor eax, eax
mov word ptr [edi+04], ax
je 00427DDF

|:00427DB3(C)
|
:00427DDB C6042400
|:00427DAD(C), :00427DD9(C)
|
:00427DDF 8A0424
:00427DE2 5A
:00427DE3 5F
:00427DE4 5E
:00427DE5 5B
:00427DE6 C3
:00427DE7
:00427DE8
:00427DE9
:00427DEA
:00427DEC
:00427DEE
:00427DF0
:00427DF2
:00427DF7
:00427DF9
:00427DFB
:00427DFD
:00427DFF
:00427E01
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00427D7C
test al, al
jne 00427E04
mov edx, esi
mov eax, ebx
call [ecx-10]
90
53
56
8BF2
8BD8
8BD6
8BC3
E885FFFFFF
84C0
7509
8BD6
8BC3
8B08
FF51F0
mov
pop
pop
pop
pop
ret
al, byte ptr [esp]

edx
edi
esi
ebx

|:00427DF9(C)
|
:00427E04 5E
pop esi
:00427E05 5B
pop ebx
:00427E06 C3
ret
:00427E07
:00427E08
:00427E09
:00427E0A
:00427E0B
:00427E0E
:00427E10
:00427E12
:00427E14
:00427E17
90
53
56
57
83C4F8
8BF2
8BF8
33C0
89460C
8BD4
nop
push ebx
push esi
push edi
add esp, FFFFFFF8
mov esi, edx
mov edi, eax
xor eax, eax
mov edx, esp
:00427E19
:00427E1C
:00427E21
:00427E22
:00427E26
:00427E29
:00427E2B
:00427E2F
:00427E34
:00427E36
:00427E38
:00427E3F
8B4608
E8E3E6FDFF
54
0FBF4E06
8A5604
8BC7
66BBC7FF
E8C0AFFDFF
84C0
7409
C7460C01000000
EB1D

call 00406504
push esp
movsx ecx, word ptr [esi+06]
mov eax, edi
mov bx, FFC7
call 00402DF4
test al, al
je 00427E41
mov [esi+0C], 00000001
jmp 00427E5E
|:00427E36(C)
|
:00427E41 8B5F24
:00427E44 85DB
:00427E46 7416
:00427E48 8B4608
:00427E4B 50
:00427E4C 8B4E04
:00427E4F BA43B00000
:00427E54 8BC3
:00427E56 E839C3FFFF
:00427E5B 89460C
|:00427E3F(U), :00427E46(C)
|
:00427E5E 59
:00427E5F 5A
:00427E60 5F
:00427E61 5E
:00427E62 5B
:00427E63 C3
:00427E64
:00427E65
:00427E66
:00427E67
:00427E69
:00427E6B
:00427E6F
:00427E74
:00427E77
:00427E79
:00427E7B
:00427E7F
:00427E84
:00427E88
:00427E8A
:00427E8C
:00427E8E
:00427E90
push ebx
push esi
push edi
mov esi, edx
mov edi, eax
call 00436A94
mov edx, esi
mov eax, edi
mov bx, FFB9
call 00402DF4
jne 00427E93
mov edx, esi
mov eax, edi
call [ecx-10]
53
56
57
8BF2
8BF8
668B4604
E820EC0000
884604
8BD6
8BC7
66BBB9FF
E870AFFDFF
837E0C00
7509
8BD6
8BC7
8B08
FF51F0

test ebx, ebx
je 00427E5E
push eax
mov edx, 0000B043
mov eax, ebx
call 00424194
pop
pop
pop
pop
pop
ret
ecx
edx
edi
esi
ebx

|:00427E88(C)
|
:00427E93
:00427E94
:00427E95
:00427E96
5F
5E
5B
C3
pop edi
pop esi
pop ebx
ret
:00427E97
:00427E98
:00427E99
:00427E9A
:00427E9B
:00427E9D
:00427E9F
:00427EA1
:00427EA6
:00427EA8
:00427EAA
:00427EAC
:00427EAE
:00427EB0
:00427EB4
:00427EB9
90
53
56
57
8BFA
8BD8
8BC3
E86AED0000
8BF0
85F6
740F
8BD7
8BC6
66BBB9FF
E83BAFFDFF
EB16
nop
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
mov eax, ebx
call 00436C10
mov esi, eax
test esi, esi
je 00427EBB
mov edx, edi
mov eax, esi
mov bx, FFB9
call 00402DF4
jmp 00427ED1
|:00427EAA(C)
|
:00427EBB 8B4708
:00427EBE 50
:00427EBF 8B4F04
:00427EC2 BA43B00000
:00427EC7 8BC3
:00427EC9 E8C6C2FFFF
:00427ECE 89470C

push eax
mov edx, 0000B043
mov eax, ebx
call 00424194
mov dword ptr [edi+0C], eax

|:00427EB9(U)
|
:00427ED1 5F
pop edi
:00427ED2 5E
pop esi
:00427ED3 5B
pop ebx
:00427ED4 C3
ret
:00427ED5
:00427ED8
:00427ED9
:00427EDB
:00427EDE
:00427EDF
:00427EE0
:00427EE1
:00427EE4
:00427EE7
:00427EE8
:00427EE9
:00427EEB
:00427EEE
:00427EF0
:00427EF4
:00427EFC
8D4000
55
8BEC
83C4F0
53
56
57
8B7508
8D7DF4
A5
A5
8BD9
8855FF
8BF0
C645F300
6683BECA01000000
741A

push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi
movsd
movsd
mov ebx, ecx
mov esi, eax
mov [ebp-0D], 00
cmp word ptr [esi+000001CA], 0000
je 00427F18
:00427EFE
:00427EFF
:00427F02
:00427F03
:00427F06
:00427F07
:00427F0A
:00427F0C
:00427F12
53
8D45F4
50
8D45F3
50
8A4DFF
8BD6
8B86CC010000
FF96C8010000
push ebx
push eax
push eax
mov edx, esi
mov eax, dword ptr [esi+000001CC]
call dword ptr [esi+000001C8]
|:00427EFC(C)
|
:00427F18 807DF300
:00427F1C 7571
:00427F1E 019E7C010000
:00427F24 EB57
|:00427F8D(C)
|
:00427F26 85C9
:00427F28 0F9CC0
:00427F2B 8BC8
:00427F2D 8B867C010000
:00427F33 99
:00427F34 33C2
:00427F36 2BC2
:00427F38 8BD8
:00427F3A 83EB78
:00427F3D 899E7C010000
:00427F43 84C9
:00427F45 7422
:00427F47 85DB
:00427F49 7408
:00427F4B F7DB
:00427F4D 899E7C010000
|:00427F49(C)
|
:00427F53 8D4DF4
:00427F56 8A55FF
:00427F59 8BC6
:00427F5B 66BBC6FF
:00427F5F E890AEFDFF
:00427F64 8845F3
:00427F67 EB14
|:00427F45(C)
|
:00427F69 8D4DF4
:00427F6C 8A55FF
:00427F6F 8BC6
:00427F71 66BBC5FF
:00427F75 E87AAEFDFF
:00427F7A 8845F3
cmp
jne
add
jmp
byte ptr [ebp-0D], 00

00427F8F
dword ptr [esi+0000017C], ebx
00427F7D
test ecx, ecx

setl al
mov ecx, eax
cdq
xor eax, edx
sub eax, edx
mov ebx, eax
sub ebx, 00000078
test cl, cl
je 00427F69
test ebx, ebx
je 00427F53
neg ebx

mov eax, esi
mov bx, FFC6
call 00402DF4
mov byte ptr [ebp-0D], al
jmp 00427F7D

mov eax, esi
mov bx, FFC5
call 00402DF4
mov byte ptr [ebp-0D], al
|:00427F24(U), :00427F67(U)
|
:00427F7D 8B8E7C010000
:00427F83 8BC1
:00427F85 99
:00427F86 33C2
:00427F88 2BC2
:00427F8A 83F878
:00427F8D 7D97
mov
mov
cdq
xor
sub
cmp
jge
ecx, dword ptr [esi+0000017C]

eax, ecx
eax, edx
eax, edx
eax, 00000078
00427F26

|:00427F1C(C)
|
:00427F8F 8A45F3
mov al, byte ptr [ebp-0D]
:00427F92 5F
pop edi
:00427F93 5E
pop esi
:00427F94 5B
pop ebx
:00427F95 8BE5
mov esp, ebp
:00427F97 5D
pop ebp
:00427F98 C20400
ret 0004
:00427F9B
:00427F9C
:00427F9D
:00427F9E
:00427F9F
:00427FA2
:00427FA4
:00427FA8
:00427FA9
:00427FAA
:00427FAD
:00427FB2
:00427FBA
:00427FBC
:00427FC0
:00427FC1
:00427FC5
:00427FC6
:00427FC8
:00427FCC
:00427FCE
:00427FD4
90
53
56
57
83C4F0
8BF1
8D7C2404
A5
A5
881424
C644240C00
6683B8D201000000
741E
8D542404
52
8D542410
52
8BD8
8A4C2408
8BD0
8B83D4010000
FF93D0010000
nop
push ebx
push esi
push edi
add esp, FFFFFFF0
mov esi, ecx
movsd
movsd
mov [esp+0C], 00
cmp word ptr [eax+000001D2], 0000
je 00427FDA
push edx
push edx
mov ebx, eax
mov edx, eax
|:00427FBA(C)
|
:00427FDA 8A44240C
:00427FDE 83C410
:00427FE1 5F
:00427FE2 5E
:00427FE3 5B
:00427FE4 C3
:00427FE5
:00427FE8
:00427FE9
:00427FEA

push ebx
push esi
push edi
8D4000
53
56
57
mov
add
pop
pop
pop
ret
al, byte ptr [esp+0C]

esp, 00000010
edi
esi
ebx
:00427FEB
:00427FEE
:00427FF0
:00427FF4
:00427FF5
:00427FF6
:00427FF9
:00427FFE
:00428006
:00428008
:0042800C
:0042800D
:00428011
:00428012
:00428014
:00428018
:0042801A
:00428020
83C4F0
8BF1
8D7C2404
A5
A5
881424
C644240C00
6683B8DA01000000
741E
8D542404
52
8D542410
52
8BD8
8A4C2408
8BD0
8B83DC010000
FF93D8010000
add esp, FFFFFFF0

mov esi, ecx
movsd
movsd
mov [esp+0C], 00
cmp word ptr [eax+000001DA], 0000
je 00428026
push edx
push edx
mov ebx, eax
mov edx, eax
mov eax, dword ptr [ebx+000001DC]
|:00428006(C)
|
:00428026 8A44240C
:0042802A 83C410
:0042802D 5F
:0042802E 5E
:0042802F 5B
:00428030 C3
:00428031 8D4000
mov
add
pop
pop
pop
ret
al, byte ptr [esp+0C]

esp, 00000010
edi
esi
ebx

|:004280C3 , :00428172
|
:00428034 55
push ebp
:00428035 8BEC
mov ebp, esp
:00428037 83C4F8
add esp, FFFFFFF8
:0042803A 53
push ebx
:0042803B 56
push esi
:0042803C 57
push edi
:0042803D 8945FC
:00428040 C645FB00
mov [ebp-05], 00
:00428044 8B45FC
:00428047 80B86C01000000
:0042804E 0F8483000000
je 004280D7
:00428054 8B45FC
:00428057 E82CE0FFFF
call 00426088
:0042805C 8BF0
mov esi, eax
:0042805E 4E
dec esi
:0042805F 85F6
test esi, esi
:00428061 7C74
jl 004280D7
:00428063 46
inc esi
:00428064 33FF
xor edi, edi
|:004280D5(C)
|
:00428066 8BD7
mov edx, edi
:00428068 8B45FC
:0042806B
:00428070
:00428072
:00428076
:00428078
:0042807A
:0042807C
:0042807F
:00428081
:00428083
:00428087
:00428089
:0042808C
:0042808F
:00428092
:00428093
:00428096
:00428099
:0042809C
:004280A1
:004280A3
:004280A8
:004280AA
E8DCDFFFFF
8BD8
807B4700
745B
8BC3
8B10
FF5250
84C0
7450
F6434201
7423
8B4508
8B40FC
8B4008
50
8B4508
8B48FC
8B4904
BA12010000
8BC3
E8ECC0FFFF
85C0
7521
|:00428087(C)
|
:004280AC 8BC3
:004280AE 8B15CCF94100
:004280B4 E8D7ACFDFF
:004280B9 84C0
:004280BB 7416
:004280BD 8B4508
:004280C0 50
:004280C1 8BC3
:004280C3 E86CFFFFFF
:004280C8 59
:004280C9 84C0
:004280CB 7406
call 0042604C
mov ebx, eax
je 004280D3
mov eax, ebx
call [edx+50]
test al, al
je 004280D3
test [ebx+42], 01
je 004280AC
push eax
mov edx, 00000112
mov eax, ebx
call 00424194
test eax, eax
jne 004280CD
mov eax, ebx
call 00402D90
test al, al
je 004280D3
push eax
mov eax, ebx
call 00428034
pop ecx
test al, al
je 004280D3

|:004280AA(C)
|
:004280CD C645FB01
mov [ebp-05], 01
:004280D1 EB04
jmp 004280D7
|:00428076(C), :00428081(C), :004280BB(C), :004280CB(C)
|
:004280D3 47
inc edi
:004280D4 4E
dec esi
:004280D5 758F
jne 00428066
|:0042804E(C), :00428061(C), :004280D1(U)
|
:004280D7 8A45FB
:004280DA 5F
pop edi
:004280DB 5E
pop esi
:004280DC 5B
pop ebx
:004280DD
:004280DE
:004280DF
:004280E0
59
59
5D
C3
:004280E1 8D4000
pop ecx
pop ecx
pop ebp
ret

|:0043B2E7
|
:004280E4 55
push ebp
:004280E5 8BEC
mov ebp, esp
:004280E7 51
push ecx
:004280E8 53
push ebx
:004280E9 56
push esi
:004280EA 8955FC
:004280ED 8BD8
mov ebx, eax
:004280EF 8B45FC
:004280F2 8B4004
:004280F5 25F0FF0000
and eax, 0000FFF0
:004280FA 3D00F10000
cmp eax, 0000F100
:004280FF 755C
jne 0042815D
:00428101 8B45FC
:00428104 6683780820
:00428109 7452
je 0042815D
:0042810B 8B45FC
:0042810E 668378082D
cmp word ptr [eax+08], 002D
:00428113 7448
je 0042815D
:00428115 8B8340010000
:0042811B 50
push eax
|
:0042811C E887E1FDFF
Call 004062A8
:00428121 85C0
test eax, eax
:00428123 7538
jne 0042815D
|
:00428125 E8EEDFFDFF
Call 00406118
:0042812A 85C0
test eax, eax
:0042812C 752F
jne 0042815D
:0042812E A1302C4400
mov eax, dword ptr
:00428133 8B00
mov eax, dword ptr
:00428135 3B5830
cmp ebx, dword ptr
:00428138 7423
je 0042815D
:0042813A 8BC3
mov eax, ebx
:0042813C E8CFEA0000
call 00436C10
:00428141 8BF0
mov esi, eax
:00428143 85F6
test esi, esi
:00428145 7416
je 0042815D
:00428147 8B45FC
mov eax, dword ptr
:0042814A 50
push eax
:0042814B 33C9
xor ecx, ecx
:0042814D BA17B00000
mov edx, 0000B017
:00428152 8BC6
mov eax, esi
:00428154 E83BC0FFFF
call 00424194
:00428159 85C0
test eax, eax
:0042815B 7529
jne 00428186
[00442C30]
[eax]
[eax+30]
[ebp-04]

|:004280FF(C), :00428109(C), :00428113(C), :00428123(C), :0042812C(C)
|:00428138(C), :00428145(C)
|
:0042815D 8B45FC
:00428160 8B4004
:00428163 25F0FF0000
and eax, 0000FFF0
:00428168 3D00F10000
cmp eax, 0000F100
:0042816D 750D
jne 0042817C
:0042816F 55
push ebp
:00428170 8BC3
mov eax, ebx
:00428172 E8BDFEFFFF
call 00428034
:00428177 59
pop ecx
:00428178 84C0
test al, al
:0042817A 750A
jne 00428186
|:0042816D(C)
|
:0042817C 8B55FC
:0042817F 8BC3
mov eax, ebx
:00428181 8B08
:00428183 FF51F0
call [ecx-10]
|:0042815B(C), :0042817A(C)
|
:00428186 5E
:00428187 5B
:00428188 59
:00428189 5D
:0042818A C3
:0042818B
:0042818C
:0042818D
:0042818E
:00428190
:00428192
:00428194
:00428197
:0042819C
:0042819E
:004281A0
:004281A2
:004281A4
:004281A6
nop
push ebx
push esi
mov ebx, edx
mov esi, eax
mov edx, ebx
call 00426C5C
test al, al
jne 004281A9
mov edx, ebx
mov eax, esi
call [ecx-10]
90
53
56
8BDA
8BF0
8BD3
8B4308
E8C0EAFFFF
84C0
7509
8BD3
8BC6
8B08
FF51F0
pop
pop
pop
pop
ret
esi
ebx
ecx
ebp

|:0042819E(C)
|
:004281A9 5E
pop esi
:004281AA 5B
pop ebx
:004281AB C3
ret
:004281AC 53
:004281AD 56
push ebx
push esi
:004281AE
:004281AF
:004281B1
:004281B3
:004281B7
:004281BB
:004281BD
:004281C1
57
8BDA
8BF8
668B7304
6683FE01
7406
6683FE02
750E
|:004281BB(C)
|
:004281C3 8BD3
:004281C5 8B4308
:004281C8 E88FEAFFFF
:004281CD 84C0
:004281CF 7509
push edi
mov ebx, edx
mov edi, eax
mov si, word ptr [ebx+04]
cmp si, 0001
je 004281C3
cmp si, 0002
jne 004281D1
mov edx, ebx
call 00426C5C
test al, al
jne 004281DA

|:004281C1(C)
|
:004281D1 8BD3
mov edx, ebx
:004281D3 8BC7
mov eax, edi
:004281D5 8B08
:004281D7 FF51F0
call [ecx-10]
|:004281CF(C)
|
:004281DA 5F
pop edi
:004281DB 5E
pop esi
:004281DC 5B
pop ebx
:004281DD C3
ret
:004281DE
:004281E0
:004281E1
:004281E2
:004281E4
:004281E6
:004281E8
:004281EB
:004281F0
:004281F2
:004281F4
:004281F6
:004281F8
:004281FA
8BC0
53
56
8BDA
8BF0
8BD3
8B4308
E86CEAFFFF
84C0
7509
8BD3
8BC6
8B08
FF51F0
mov eax, eax

push ebx
push esi
mov ebx, edx
mov esi, eax
mov edx, ebx
call 00426C5C
test al, al
jne 004281FD
mov edx, ebx
mov eax, esi
call [ecx-10]

|:004281F2(C)
|
:004281FD 5E
pop esi
:004281FE 5B
pop ebx
:004281FF C3
ret
|:0043B064
|
:00428200 56
:00428201 8BF0
:00428203 8BC6
:00428205 8B08
:00428207 FF51F0
:0042820A 0FB7052E374400
:00428211 50
:00428212 8B8640010000
:00428218 50
push esi
mov esi, eax
mov eax, esi
call [ecx-10]
push eax
push eax

|
:00428219 E852E1FDFF
Call 00406370
:0042821E 0FB7052C374400
:00428225 50
push eax
:00428226 8B8640010000
:0042822C 50
push eax
|
:0042822D E83EE1FDFF
Call 00406370
:00428232 5E
pop esi
:00428233 C3
ret
:00428234
:00428235
:00428237
:00428239
:0042823B
:0042823E
:00428240
:00428246
:0042824D
:0042824E
56
8BF0
8BC6
8B08
FF51F0
33C0
898640010000
C6866C01000000
5E
C3
:0042824F 90
push esi
mov esi, eax
mov eax, esi
call [ecx-10]
xor eax, eax
mov byte ptr [esi+0000016C], 00
pop esi
ret
nop

|:0043C806
|
:00428250 56
push esi
:00428251 8BF0
mov esi, eax
:00428253 F6462010
test [esi+20], 10
:00428257 740F
je 00428268
:00428259 837E2400
:0042825D 7409
je 00428268
:0042825F C7420C01000000
mov [edx+0C], 00000001
:00428266 5E
pop esi
:00428267 C3
ret

|:00428257(C), :0042825D(C)
|
:00428268 8BC6
mov eax, esi
:0042826A
:0042826C
:0042826F
:00428270
8B08
FF51F0
5E
C3
:00428271 8D4000

call [ecx-10]
pop esi
ret

|:0043AD15
|
:00428274 53
push ebx
:00428275 56
push esi
:00428276 57
push edi
:00428277 51
push ecx
:00428278 881424
:0042827B 8BF8
mov edi, eax
:0042827D 8A1424
:00428280 8BC7
mov eax, edi
:00428282 E86DA3FFFF
call 004225F4
:00428287 88442401
:0042828B 807F4700
:0042828F 743B
je 004282CC
:00428291 8BC7
mov eax, edi
:00428293 E8F0DDFFFF
call 00426088
:00428298 8BF0
mov esi, eax
:0042829A 4E
dec esi
:0042829B 83FE00
cmp esi, 00000000
:0042829E 7C2C
jl 004282CC
|:004282CA(C)
|
:004282A0 8A0424
:004282A3 22442401
:004282A7 7523
:004282A9 8BD6
:004282AB 8BC7
:004282AD E89ADDFFFF
:004282B2 8A1424
:004282B5 66BBD7FF
:004282B9 E836ABFDFF
:004282BE 0A442401
:004282C2 88442401
:004282C6 4E
:004282C7 83FEFF
:004282CA 75D4

and al, byte ptr [esp+01]
jne 004282CC
mov edx, esi
mov eax, edi
call 0042604C
mov bx, FFD7
call 00402DF4
dec esi
cmp esi, FFFFFFFF
jne 004282A0

|:0042828F(C), :0042829E(C), :004282A7(C)
|
:004282CC 8A442401
:004282D0 5A
pop edx
:004282D1 5F
pop edi
:004282D2 5E
pop esi
:004282D3 5B
pop ebx
:004282D4 C3
ret
:004282D5 8D4000
:004282D8
:004282D9
:004282DA
:004282DB
:004282DD
:004282DF
:004282E4
:004282E6
:004282E8
:004282EC
:004282F1
:004282F4
:004282F7
:004282F8
:004282F9
:004282FA
53
56
57
8BFA
8BF0
66834E4404
B201
8BC6
66BBD7FF
E803ABFDFF
83E07F
89470C
5F
5E
5B
C3
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
or word ptr [esi+44], 0004
mov dl, 01
mov eax, esi
mov bx, FFD7
call 00402DF4
and eax, 0000007F
pop edi
pop esi
pop ebx
ret
:004282FB
:004282FC
:004282FD
:004282FE
:004282FF
:00428301
:00428303
:00428305
:00428307
:0042830B
:00428310
:00428313
:00428316
:00428317
:00428318
:00428319
90
53
56
57
8BFA
8BF0
33D2
8BC6
66BBD7FF
E8E4AAFDFF
83E07F
89470C
5F
5E
5B
C3
nop
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
xor edx, edx
mov eax, esi
mov bx, FFD7
call 00402DF4
and eax, 0000007F
pop edi
pop esi
pop ebx
ret
:0042831A
:0042831C
:0042831D
:0042831F
:00428321
:00428323
:00428326
:0042832A
:0042832C
:00428331
:00428332
8BC0
56
8BF0
8BC6
8B08
FF51F0
66BA23B0
8BC6
E8B7DDFFFF
5E
C3
mov eax, eax

push esi
mov esi, eax
mov eax, esi
call [ecx-10]
mov dx, B023
mov eax, esi
call 004260E8
pop esi
ret
:00428333 90
nop

|:00437F2D
|
:00428334 53
push ebx
:00428335 56
push esi
:00428336 8BF2
mov esi, edx
:00428338 8BD8
mov ebx, eax
:0042833A 8BD6
mov edx, esi
:0042833C 8BC3
mov eax, ebx
:0042833E
:00428343
:00428348
:0042834C
:0042834E
:00428352
:00428354
:00428356
E815C8FFFF
A1502D4400
80780900
740D
837E0400
7507
8BC3
E821E3FFFF
call 00424B58
je 0042835B
jne 0042835B
mov eax, ebx
call 0042667C
|:0042834C(C), :00428352(C)
|
:0042835B 66BA3DB0
:0042835F 8BC3
:00428361 E882DDFFFF
:00428366 5E
:00428367 5B
:00428368 C3
:00428369 8D4000
mov dx, B03D

mov eax, ebx
call 004260E8
pop esi
pop ebx
ret

|:0041E1BB
|
:0042836C 53
push ebx
:0042836D 66BBCAFF
mov bx, FFCA
:00428371 E87EAAFDFF
call 00402DF4
:00428376 5B
pop ebx
:00428377 C3
ret
:00428378
:00428379
:0042837D
:00428382
:00428383
53
66BBC9FF
E872AAFDFF
5B
C3
push ebx
mov bx, FFC9
call 00402DF4
pop ebx
ret
:00428384
:00428385
:00428386
:00428388
:0042838A
:0042838C
:0042838E
:00428393
:00428395
:00428397
:00428399
:0042839B
53
56
8BF2
8BD8
8BD6
8BC3
E8B5E5FFFF
84C0
7509
8BD6
8BC3
E880C8FFFF
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00426948
test al, al
jne 004283A0
mov edx, esi
mov eax, ebx
call 00424C20

|:00428395(C)
|
:004283A0 5E
pop esi
:004283A1 5B
pop ebx
:004283A2 C3
ret
:004283A3
:004283A4
:004283A5
:004283A8
:004283AA
:004283AC
:004283AE
:004283B1
90
53
8B4824
85C9
7408
8BD9
8B432C
FF5328
nop
push ebx
test ecx, ecx
je 004283B4
mov ebx, ecx
call [ebx+28]

|:004283AA(C)
|
:004283B4 5B
pop ebx
:004283B5 C3
ret
:004283B6
:004283B8
:004283B9
:004283BC
:004283BE
:004283C0
:004283C2
:004283C5
8BC0
53
8B4824
85C9
7408
8BD9
8B432C
FF5328
mov eax, eax

push ebx
test ecx, ecx
je 004283C8
mov ebx, ecx
call [ebx+28]

|:004283BE(C)
|
:004283C8 5B
pop ebx
:004283C9 C3
ret
:004283CA 8BC0
mov eax, eax

|:0041E5A0 , :0043B74A
|
:004283CC E8D7DCFFFF
call 004260A8
:004283D1 C3
ret
:004283D2 8BC0
mov eax, eax

|:0041E602
|
:004283D4 E8CFDCFFFF
call 004260A8
:004283D9 C3
ret
:004283DA 8BC0
mov eax, eax

|:0041E674
|
:004283DC E8C7DCFFFF
call 004260A8
:004283E1 C3
ret
:004283E2 8BC0
mov eax, eax

|:0043C9C7
|
:004283E4 53
push ebx
:004283E5 8BD8
mov ebx, eax
:004283E7 807B4700
:004283EB 750F
jne 004283FC
:004283ED 837B2400
:004283F1 7409
je 004283FC
:004283F3 33D2
xor edx, edx
:004283F5 8BC3
mov eax, ebx
:004283F7 E84CDAFFFF
call 00425E48
|:004283EB(C), :004283F1(C)
|
:004283FC F6432010
:00428400 7406
:00428402 F6434104
:00428406 7407

test [ebx+20], 10
je 00428408
test [ebx+41], 04
je 0042840F

|:00428400(C)
|
:00428408 8BC3
mov eax, ebx
:0042840A E8BDE3FFFF
call 004267CC
|:00428406(C)
|
:0042840F 5B
pop ebx
:00428410 C3
ret
:00428411
:00428414
:00428416
:0042841C
:00428424
:00428425
:00428427
:00428429
:0042842B
:0042842D
:0042842F
:00428435
8D4000
33D2
8A906C010000
0FB71455C8264400
52
6A00
6A00
6A00
6A00
6A00
8B8040010000
50

xor edx, edx
mov dl, byte ptr [eax+0000016C]
movzx edx, word ptr [2*edx+004426C8]
push edx
push 00000000
push 00000000
push 00000000
push 00000000
push 00000000
push eax

|
:00428436 E8CDDFFDFF
Call 00406408
:0042843B C3
ret
:0042843C
:0042843D
:0042843F
:00428441
:00428443
:00428446
53
8BD8
8BC3
8B10
FF5250
84C0
push ebx
mov ebx, eax
mov eax, ebx
call [edx+50]
test al, al
:00428448
:0042844A
:0042844E
:00428450
:00428452
:00428454
750F
837B2400
7409
33D2
8BC3
E8EFD9FFFF
|:00428448(C), :0042844E(C)
|
:00428459 8BC3
:0042845B E8800E0000
:00428460 84C0
:00428462 741E
:00428464 F6432010
:00428468 7518
:0042846A 8BC3
:0042846C 8B10
:0042846E FF5250
:00428471 F6D8
:00428473 1BC0
:00428475 50
:00428476 8B8340010000
:0042847C 50
jne 00428459
je 00428459
xor edx, edx
mov eax, ebx
call 00425E48
mov eax, ebx
call 004292E0
test al, al
je 00428482
test [ebx+20], 10
jne 00428482
mov eax, ebx
call [edx+50]
neg al
sbb eax, eax
push eax
push eax

|
:0042847D E84EDCFDFF
Call 004060D0
|:00428462(C), :00428468(C)
|
:00428482 5B
pop ebx
:00428483 C3
ret

|:00439CD9
|
:00428484 53
push ebx
:00428485 8BD8
mov ebx, eax
:00428487 8BC3
mov eax, ebx
:00428489 E872C6FFFF
call 00424B00
:0042848E 8B5364
:00428491 8B8324010000
:00428497 E8F0C2FEFF
call 0041478C
:0042849C 66BA09B0
mov dx, B009
:004284A0 8BC3
mov eax, ebx
:004284A2 E841DCFFFF
call 004260E8
:004284A7 5B
pop ebx
:004284A8 C3
ret
:004284A9 8D4000

|:0041E145 , :00439D5D
|
:004284AC 53
push ebx
:004284AD
:004284AF
:004284B1
:004284B6
:004284B8
:004284BD
:004284BF
:004284C1
:004284C3
:004284C6
:004284CB
:004284CD
:004284D2
:004284D4
8BD8
8BC3
E842C6FFFF
8BC3
E8230E0000
84C0
7418
6A00
8B4358
E811BBFEFF
8BC8
BA30000000
8BC3
E8BBBCFFFF
mov ebx, eax

mov eax, ebx
call 00424AF8
mov eax, ebx
call 004292E0
test al, al
je 004284D9
push 00000000
call 00413FDC
mov ecx, eax
mov edx, 00000030
mov eax, ebx
call 00424194
|:004284BF(C)
|
:004284D9 66BA08B0
:004284DD 8BC3
:004284DF E804DCFFFF
:004284E4 5B
:004284E5 C3
:004284E6
:004284E8
:004284E9
:004284EC
mov eax, eax

push ebx
add esp, FFFFFFF8
mov ebx, eax
8BC0
53
83C4F8
8BD8
mov dx, B008

mov eax, ebx
call 004260E8
pop ebx
ret

|
:004284EE E825DCFDFF
Call 00406118
:004284F3 85C0
test eax, eax
:004284F5 752A
jne 00428521
:004284F7 54
push esp
|
:004284F8 E843DCFDFF
Call 00406140
:004284FD 8BC4
mov eax, esp
:004284FF 33D2
xor edx, edx
:00428501 E89297FFFF
call 00421C98
:00428506 3BD8
cmp ebx, eax
:00428508 7517
jne 00428521
:0042850A 6A01
push 00000001
:0042850C 8BC3
mov eax, ebx
:0042850E E8ED090000
call 00428F00
:00428513 8BC8
mov ecx, eax
:00428515 BA20000000
mov edx, 00000020
:0042851A 8BC3
mov eax, ebx
:0042851C E873BCFFFF
call 00424194
|:004284F5(C), :00428508(C)
|
:00428521 59
:00428522 5A
:00428523 5B
:00428524 C3

pop ecx
pop edx
pop ebx
ret
:00428525
:00428528
:00428529
:0042852B
:0042852D
:0042852F
:00428532
:00428534
:00428539
:0042853B
:0042853D
:0042853F
:00428541
:00428543
:00428545
:00428547
:00428549
:0042854B
:00428550
8D4000
56
8BF0
8BC6
8B08
FF51F0
8BC6
E8A70D0000
84C0
7419
6A37
6A00
6A00
6A00
6A00
6A00
8BC6
E8B0090000
50

push esi
mov esi, eax
mov eax, esi
call [ecx-10]
mov eax, esi
call 004292E0
test al, al
je 00428556
push 00000037
push 00000000
push 00000000
push 00000000
push 00000000
push 00000000
mov eax, esi
call 00428F00
push eax

|
:00428551 E8B2DEFDFF
Call 00406408
|:0042853B(C)
|
:00428556 5E
pop esi
:00428557 C3
ret

|:0041E137 , :0043807C , :00439D15
|
:00428558 53
push ebx
:00428559 8BD8
mov ebx, eax
:0042855B F6434010
test [ebx+40], 10
:0042855F 7428
je 00428589
:00428561 837B2400
:00428565 7422
je 00428589
:00428567 8BC3
mov eax, ebx
:00428569 E8720D0000
call 004292E0
:0042856E 84C0
test al, al
:00428570 7417
je 00428589
:00428572 8B8340010000
:00428578 50
push eax
|
:00428579 E842DDFDFF
Call 004062C0
:0042857E 85C0
test eax, eax
:00428580 7407
je 00428589
:00428582 8BC3
mov eax, ebx
:00428584 E87F080000
call 00428E08
|:0042855F(C), :00428565(C), :00428570(C), :00428580(C)
|
:00428589
:0042858D
:0042858F
:00428594
:00428595
66BA11B0
8BC3
E854DBFFFF
5B
C3
mov dx, B011

mov eax, ebx
call 004260E8
pop ebx
ret
:00428596
:00428598
:00428599
:0042859B
:004285A2
:004285A4
:004285A8
:004285AA
:004285AE
:004285B1
:004285B3
:004285B5
:004285BA
8BC0
53
8BD8
80BB6401000000
742F
837A0400
7412
837A0800
0F95C0
8BD0
8BC3
E8860A0000
EB10
mov eax, eax

push ebx
mov ebx, eax
je 004285D3
je 004285BC
setne al
mov edx, eax
mov eax, ebx
call 00429040
jmp 004285CC
|:004285A8(C)
|
:004285BC 8B4324
:004285BF 8A902C010000
:004285C5 8BC3
:004285C7 E8740A0000

mov dl, byte ptr [eax+0000012C]
mov eax, ebx
call 00429040

|:004285BA(U)
|
:004285CC C6836401000001
|:004285A2(C)
|
:004285D3 5B
pop ebx
:004285D4 C3
ret
:004285D5 8D4000
:004285D8 E8CBDAFFFF
:004285DD C3

call 004260A8
ret
:004285DE 8BC0
:004285E0 E8C3DAFFFF
:004285E5 C3
mov eax, eax

call 004260A8
ret
:004285E6 8BC0
:004285E8 E8BBDAFFFF
:004285ED C3
mov eax, eax

call 004260A8
ret
:004285EE 8BC0
:004285F0 E8B3DAFFFF
:004285F5 C3
mov eax, eax

call 004260A8
ret
:004285F6
:004285F8
:004285F9
:004285FA
:004285FB
:004285FC
:004285FF
:00428601
:00428603
:00428606
:00428609
:0042860B
:0042860D
:0042860F
:00428611
8BC0
53
56
57
55
83C4F8
8BDA
8BF0
8B7B08
8A4304
2C04
7206
FEC8
7414
EB34
mov eax, eax

push ebx
push esi
push edi
push ebp
add esp, FFFFFFF8
mov ebx, edx
mov esi, eax
sub al, 04
jb 00428613
dec al
je 00428625
jmp 00428647
|:0042860B(C)
|
:00428613 837F0C00
:00428617 742E
:00428619 8BD3
:0042861B 8B470C
:0042861E E80DB6FFFF
:00428623 EB22
|:0042860F(C)
|
:00428625 8BCC
:00428627 8BD7
:00428629 8BC6
:0042862B E8C4A6FFFF
:00428630 8BD4
:00428632 33C9
:00428634 8BC6
:00428636 E849E2FFFF
:0042863B 8BE8
:0042863D 896B0C
:00428640 85ED
:00428642 7503
:00428644 89730C
cmp dword ptr [edi+0C], 00000000

je 00428647
mov edx, ebx
call 00423C30
jmp 00428647
mov ecx, esp

mov edx, edi
mov eax, esi
call 00422CF4
mov edx, esp
xor ecx, ecx
mov eax, esi
call 00426884
mov ebp, eax
mov dword ptr [ebx+0C], ebp
test ebp, ebp
jne 00428647

|:00428611(U), :00428617(C), :00428623(U), :00428642(C)
|
:00428647 59
pop ecx
:00428648 5A
pop edx
:00428649 5D
pop ebp
:0042864A 5F
pop edi
:0042864B 5E
pop esi
:0042864C 5B
pop ebx
:0042864D C3
ret
:0042864E 8BC0
mov eax, eax
|:0043C8BE
|
:00428650 53
:00428651 8B4824
:00428654 85C9
:00428656 7408
:00428658 8BD9
:0042865A 8B432C
:0042865D FF5328
push ebx
test ecx, ecx
je 00428660
mov ebx, ecx
call [ebx+28]

|:00428656(C)
|
:00428660 5B
pop ebx
:00428661 C3
ret
:00428662
:00428664
:00428665
:00428666
:00428668
:0042866A
:0042866C
:0042866E
:00428673
:00428675
:00428677
:0042867C
:0042867D
:0042867E
8BC0
53
56
8BF2
8BD8
8BD6
8BC3
E855C5FFFF
8BD6
8BC3
E82CDAFFFF
5E
5B
C3
:0042867F 90
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00424BC8
mov edx, esi
mov eax, ebx
call 004260A8
pop esi
pop ebx
ret
nop

|:00428726 , :0042889D
|
:00428680 53
push ebx
:00428681 56
push esi
:00428682 57
push edi
:00428683 55
push ebp
:00428684 83C4F8
add esp, FFFFFFF8
:00428687 8BEA
mov ebp, edx
:00428689 890424
:0042868C C644240401
mov [esp+04], 01
:00428691 8B0424
:00428694 F6402010
test [eax+20], 10
:00428698 7555
jne 004286EF
:0042869A 8B3424
mov esi, dword ptr [esp]
:0042869D 85F6
test esi, esi
:0042869F 742F
je 004286D0
|:004286CE(C)
|
:004286A1 8BC6
:004286A3 66BBDCFF
:004286A7 E848A7FDFF
:004286AC 8BF8

mov eax, esi
mov bx, FFDC
call 00402DF4
mov edi, eax
:004286AE
:004286B0
:004286B2
:004286B6
:004286B8
:004286BA
:004286BC
:004286C0
:004286C5
:004286C7
85FF
7417
837F2C00
7411
8BD5
8BC7
66BBF0FF
E82FA7FDFF
84C0
7540
test edi, edi

je 004286C9
je 004286C9
mov edx, ebp
mov eax, edi
mov bx, FFF0
call 00402DF4
test al, al
jne 00428709
|:004286B0(C), :004286B6(C)
|
:004286C9 8B7624
:004286CC 85F6
:004286CE 75D1
|:0042869F(C)
|
:004286D0 8B0424
:004286D3 E838E50000
:004286D8 8BF0
:004286DA 85F6
:004286DC 7411
:004286DE 8BD5
:004286E0 8BC6
:004286E2 66BBB1FF
:004286E6 E809A7FDFF
:004286EB 84C0
:004286ED 751A
|:00428698(C), :004286DC(C)
|
:004286EF 8B4D08
:004286F2 0FB75504
:004286F6 B816B00000
:004286FB E8987DFFFF
:00428700 85C0
:00428702 7505
:00428704 C644240400

test esi, esi
jne 004286A1

call 00436C10
mov esi, eax
test esi, esi
je 004286EF
mov edx, ebp
mov eax, esi
mov bx, FFB1
call 00402DF4
test al, al
jne 00428709

movzx edx, word ptr [ebp+04]
mov eax, 0000B016
call 00420498
test eax, eax
jne 00428709
mov [esp+04], 00

|:004286C7(C), :004286ED(C), :00428702(C)
|
:00428709 8A442404
:0042870D 59
pop ecx
:0042870E 5A
pop edx
:0042870F 5D
pop ebp
:00428710 5F
pop edi
:00428711 5E
pop esi
:00428712 5B
pop ebx
:00428713 C3
ret
:00428714 53
:00428715 56
:00428716 57
push ebx
push esi
push edi
:00428717
:00428719
:0042871B
:00428722
:00428724
:00428726
:0042872B
:0042872D
:00428733
:00428737
:0042873D
:0042873E
:00428742
:00428747
:00428749
:0042874E
:00428750
:00428756
:00428758
:0042875C
:0042875F
:00428761
:00428763
:00428766
:00428768
:0042876B
:0042876D
:00428770
:00428772
8BF2
8BD8
C7460C01000000
8BD6
8BC3
E855FFFFFF
84C0
0F85B3000000
F6432010
0F85A4000000
53
0FB74E04
BA2EB00000
8BC3
E846BAFFFF
85C0
0F8590000000
33FF
0FB74604
83F81B
7F13
742E
83E803
7429
83E806
7416
83E804
741F
EB22
mov esi, edx

mov ebx, eax
mov [esi+0C], 00000001
mov edx, esi
mov eax, ebx
call 00428680
test al, al
jne 004287E6
test [ebx+20], 10
jne 004287E1
push ebx
mov edx, 0000B02E
mov eax, ebx
call 00424194
test eax, eax
jne 004287E6
xor edi, edi
movzx eax, word ptr [esi+04]
cmp eax, 0000001B
jg 00428774
je 00428791
sub eax, 00000003
je 00428791
sub eax, 00000006
je 00428783
sub eax, 00000004
je 00428791
jmp 00428796

|:0042875F(C)
|
:00428774 83C0DB
add eax, FFFFFFDB
:00428777 83E804
sub eax, 00000004
:0042877A 720E
jb 0042878A
:0042877C 83E802
sub eax, 00000002
:0042877F 7410
je 00428791
:00428781 EB13
jmp 00428796
|:0042876B(C)
|
:00428783 BF02000000
mov edi, 00000002
:00428788 EB0C
jmp 00428796
|:0042877A(C)
|
:0042878A BF01000000
mov edi, 00000001
:0042878F EB05
jmp 00428796
|:00428761(C), :00428766(C), :00428770(C), :0042877F(C)
|
:00428791 BF04000000
mov edi, 00000004
|:00428772(U), :00428781(U), :00428788(U), :0042878F(U)
|
:00428796
:00428798
:0042879A
:0042879C
:004287A0
:004287A5
:004287A7
:004287AC
:004287AE
:004287B0
:004287B2
:004287B4
:004287B9
:004287BB
:004287C0
:004287C2
:004287C4
:004287C7
:004287C8
:004287CA
:004287CF
:004287D3
:004287D8
:004287DD
:004287DF
85FF
7447
6A00
0FB74E04
BA1EB00000
8BC3
E8E8B9FFFF
85C0
7531
6A00
33C9
BA87000000
8BC3
E8D4B9FFFF
85F8
751D
8B4608
50
8BC3
E841E40000
0FB74E04
BA05B00000
E8B7B9FFFF
85C0
7505
test edi, edi

je 004287E1
push 00000000
mov edx, 0000B01E
mov eax, ebx
call 00424194
test eax, eax
jne 004287E1
push 00000000
xor ecx, ecx
mov edx, 00000087
mov eax, ebx
call 00424194
test eax, edi
jne 004287E1
push eax
mov eax, ebx
call 00436C10
mov edx, 0000B005
call 00424194
test eax, eax
jne 004287E6

|:00428737(C), :00428798(C), :004287AE(C), :004287C2(C)
|
:004287E1 33C0
xor eax, eax
:004287E3 89460C
|:0042872D(C), :00428750(C), :004287DF(C)
|
:004287E6 5F
pop edi
:004287E7 5E
pop esi
:004287E8 5B
pop ebx
:004287E9 C3
ret
:004287EA
:004287EC
:004287ED
:004287EE
:004287EF
:004287F1
:004287F3
:004287F7
:004287F9
:004287FD
:00428800
:00428803
:00428805
:00428807
:0042880A
:0042880C
:0042880F
:00428811
:00428814
8BC0
53
56
57
8BF2
8BD8
F6432010
7540
668B7E04
0FB7C7
83F81B
7F13
741E
83E803
7419
83E806
7414
83E804
740F
mov eax, eax

push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
test [ebx+20], 10
jne 00428839
mov di, word ptr [esi+04]
movzx eax, di
cmp eax, 0000001B
jg 00428818
je 00428825
sub eax, 00000003
je 00428825
sub eax, 00000006
je 00428825
sub eax, 00000004
je 00428825
:00428816 EB21
jmp 00428839

|:00428803(C)
|
:00428818 83C0DB
add eax, FFFFFFDB
:0042881B 83E804
sub eax, 00000004
:0042881E 7205
jb 00428825
:00428820 83E802
sub eax, 00000002
:00428823 7514
jne 00428839
|:00428805(C), :0042880A(C), :0042880F(C), :00428814(C), :0042881E(C)
|
:00428825 6A00
push 00000000
:00428827 0FB7CF
movzx ecx, di
:0042882A BA1EB00000
mov edx, 0000B01E
:0042882F 8BC3
mov eax, ebx
:00428831 E85EB9FFFF
call 00424194
:00428836 89460C
|:004287F7(C), :00428816(U), :00428823(C)
|
:00428839 5F
pop edi
:0042883A 5E
pop esi
:0042883B 5B
pop ebx
:0042883C C3
ret
:0042883D
:00428840
:00428841
:00428842
:00428844
:00428846
:0042884A
:0042884C
:00428853
:00428855
:00428857
:0042885C
:0042885E
:00428863
:00428865
:00428867
:0042886A
:0042886B
:0042886D
:00428872
:00428876
:0042887B
:00428880
:00428882
8D4000
53
56
8BF2
8BD8
F6432010
753D
C7460C01000000
6A00
33C9
BA87000000
8BC3
E831B9FFFF
A880
751D
8B4608
50
8BC3
E89EE30000
0FB74E04
BA06B00000
E814B9FFFF
85C0
7505

push ebx
push esi
mov esi, edx
mov ebx, eax
test [ebx+20], 10
jne 00428889
mov [esi+0C], 00000001
push 00000000
xor ecx, ecx
mov edx, 00000087
mov eax, ebx
call 00424194
test al, 80
jne 00428884
push eax
mov eax, ebx
call 00436C10
mov edx, 0000B006
call 00424194
test eax, eax
jne 00428889

|:00428865(C)
|
:00428884 33C0
xor eax, eax
:00428886 89460C
|:0042884A(C), :00428882(C)
|
:00428889 5E
:0042888A 5B
:0042888B C3
:0042888C
:0042888D
:0042888E
:00428890
:00428892
:00428899
:0042889B
:0042889D
:004288A2
:004288A4
:004288A6
:004288AA
:004288AC
:004288AD
:004288B1
:004288B6
:004288B8
:004288BD
:004288BF
:004288C1
:004288C4
:004288C5
:004288C7
:004288CC
:004288D0
:004288D5
:004288DA
:004288DC
push ebx
push esi
mov esi, edx
mov ebx, eax
mov [esi+0C], 00000001
mov edx, esi
mov eax, ebx
call 00428680
test al, al
jne 004288E3
test [ebx+20], 10
jne 004288DE
push ebx
mov edx, 0000B02E
mov eax, ebx
call 00424194
test eax, eax
jne 004288E3
push eax
mov eax, ebx
call 00436C10
mov edx, 0000B005
call 00424194
test eax, eax
jne 004288E3
53
56
8BF2
8BD8
C7460C01000000
8BD6
8BC3
E8DEFDFFFF
84C0
753D
F6432010
7532
53
0FB74E04
BA2EB00000
8BC3
E8D7B8FFFF
85C0
7522
8B4608
50
8BC3
E844E30000
0FB74E04
BA05B00000
E8BAB8FFFF
85C0
7505
pop esi
pop ebx
ret

|:004288AA(C)
|
:004288DE 33C0
xor eax, eax
:004288E0 89460C
|:004288A4(C), :004288BF(C), :004288DC(C)
|
:004288E3 5E
pop esi
:004288E4 5B
pop ebx
:004288E5 C3
ret
:004288E6
:004288E8
:004288E9
:004288EA
:004288EC
:004288EE
:004288F2
:004288F4
8BC0
53
56
8BF2
8BD8
F6432010
7523
66837E0420
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
test [ebx+20], 10
jne 00428917
:004288F9
:004288FB
:004288FE
:004288FF
:00428901
:00428906
:0042890A
:0042890F
:00428914
741C
8B4608
50
8BC3
E80AE30000
0FB74E04
BA06B00000
E880B8FFFF
89460C
je 00428917
push eax
mov eax, ebx
call 00436C10
mov edx, 0000B006
call 00424194
|:004288F2(C), :004288F9(C)
|
:00428917 5E
:00428918 5B
:00428919 C3
:0042891A
:0042891C
:0042891D
:0042891F
:00428922
:00428923
:00428924
:00428925
:00428928
:0042892B
:0042892D
:00428930
:00428933
:00428936
:00428938
:0042893B
:0042893E
:00428940
:00428943
:00428945
:00428948
:0042894B
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFBC
push ebx
push esi
push edi
mov esi, eax
jne 00428951
jne 00428951
cmp ebx, dword ptr [esi+38]
jne 00428951
cmp eax, dword ptr [esi+3C]
je 00428A02
8BC0
55
8BEC
83C4BC
53
56
57
894DF8
8955FC
8BF0
8B5D0C
8B45FC
3B4630
7519
8B45F8
3B4634
7511
3B5E38
750C
8B4508
3B463C
0F84B1000000
pop esi
pop ebx
ret

|:00428936(C), :0042893E(C), :00428943(C)
|
:00428951 8BC6
mov eax, esi
:00428953 E888090000
call 004292E0
:00428958 84C0
test al, al
:0042895A 742F
je 0042898B
:0042895C 8B8640010000
:00428962 50
push eax
|
:00428963 E840D9FDFF
Call 004062A8
:00428968 85C0
test eax, eax
:0042896A 751F
jne 0042898B
:0042896C 6A14
push 00000014
:0042896E 8B4508
:00428971 50
push eax
:00428972 53
push ebx
:00428973
:00428976
:00428977
:0042897A
:0042897B
:0042897D
:00428983
8B45F8
50
8B45FC
50
6A00
8B8640010000
50

push eax
push eax
push 00000000
push eax

|
:00428984 E87FDAFDFF
Call 00406408
:00428989 EB6C
jmp 004289F7
|:0042895A(C), :0042896A(C)
|
:0042898B 8B4D08
:0042898E 8BD3
:00428990 8BC6
:00428992 8B38
:00428994 FF5730
:00428997 8B45FC
:0042899A 894630
:0042899D 8B45F8
:004289A0 894634
:004289A3 895E38
:004289A6 8B4508
:004289A9 89463C
:004289AC 8BC6
:004289AE E82D090000
:004289B3 84C0
:004289B5 7440
:004289B7 C745CC2C000000
:004289BE 8D45CC
:004289C1 50
:004289C2 8B8640010000
:004289C8 50

mov edx, ebx
mov eax, esi
call [edi+30]
mov eax, esi
call 004292E0
test al, al
je 004289F7
mov [ebp-34], 0000002C
push eax
push eax

|
:004289C9 E87AD8FDFF
Call 00406248
:004289CE 8D55BC
lea edx, dword ptr
:004289D1 8BC6
mov eax, esi
:004289D3 E880A1FFFF
call 00422B58
:004289D8 56
push esi
:004289D9 8D75BC
lea esi, dword ptr
:004289DC 8D7DE8
lea edi, dword ptr
:004289DF B904000000
mov ecx, 00000004
:004289E4 F3
repz
:004289E5 A5
movsd
:004289E6 5E
pop esi
:004289E7 8D45CC
lea eax, dword ptr
:004289EA 50
push eax
:004289EB 8B8640010000
mov eax, dword ptr
:004289F1 50
push eax
* Reference To: user32.SetWindowPlacement, Ord:0000h
|
:004289F2 E809DAFDFF
Call 00406400
[ebp-44]
[ebp-44]
[ebp-18]
[ebp-34]
[esi+00000140]
|:00428989(U), :004289B5(C)
|
:004289F7 8BC6
:004289F9 66BBD6FF
:004289FD E8F2A3FDFF

mov eax, esi
mov bx, FFD6
call 00402DF4

|:0042894B(C)
|
:00428A02 5F
pop edi
:00428A03 5E
pop esi
:00428A04 5B
pop ebx
:00428A05 8BE5
mov esp, ebp
:00428A07 5D
pop ebp
:00428A08 C20800
ret 0008
:00428A0B 90
nop

|:00428A7E , :0043875B , :0043881E , :004389BB
|
:00428A0C 53
push ebx
:00428A0D 56
push esi
:00428A0E 57
push edi
:00428A0F 55
push ebp
:00428A10 83C4F8
add esp, FFFFFFF8
:00428A13 894C2404
:00428A17 891424
:00428A1A 8BE8
mov ebp, eax
:00428A1C 8BC5
mov eax, ebp
:00428A1E E865D6FFFF
call 00426088
:00428A23 8BF0
mov esi, eax
:00428A25 4E
dec esi
:00428A26 85F6
test esi, esi
:00428A28 7C20
jl 00428A4A
:00428A2A 46
inc esi
:00428A2B 33FF
xor edi, edi
|:00428A48(C)
|
:00428A2D 8BD7
:00428A2F 8BC5
:00428A31 E816D6FFFF
:00428A36 8B4C2404
:00428A3A 8B1424
:00428A3D 66BBEDFF
:00428A41 E8AEA3FDFF
:00428A46 47
:00428A47 4E
:00428A48 75E3

mov edx, edi
mov eax, ebp
call 0042604C
mov bx, FFED
call 00402DF4
inc edi
dec esi
jne 00428A2D

|:00428A28(C)
|
:00428A4A 59
pop ecx
:00428A4B 5A
pop edx
:00428A4C 5D
pop ebp
:00428A4D
:00428A4E
:00428A4F
:00428A50
5F
5E
5B
C3
:00428A51 8D4000
pop edi
pop esi
pop ebx
ret

|:00437DB2
|
:00428A54 55
push ebp
:00428A55 8BEC
mov ebp, esp
:00428A57 51
push ecx
:00428A58 53
push ebx
:00428A59 56
push esi
:00428A5A 8BF1
mov esi, ecx
:00428A5C 8BDA
mov ebx, edx
:00428A5E 8945FC
:00428A61 8B45FC
:00428A64 E873D1FFFF
call 00425BDC
:00428A69 33C0
xor eax, eax
:00428A6B 55
push ebp
:00428A6C 68A58A4200
push 00428AA5
:00428A71 64FF30
:00428A74 648920
:00428A77 8BCE
mov ecx, esi
:00428A79 8BD3
mov edx, ebx
:00428A7B 8B45FC
:00428A7E E889FFFFFF
call 00428A0C
:00428A83 8BCE
mov ecx, esi
:00428A85 8BD3
mov edx, ebx
:00428A87 8B45FC
:00428A8A E839A3FFFF
call 00422DC8
:00428A8F 33C0
xor eax, eax
:00428A91 5A
pop edx
:00428A92 59
pop ecx
:00428A93 59
pop ecx
:00428A94 648910
|
:00428A97 68AC8A4200
push 00428AAC
|:00428AAA(U)
|
:00428A9C 8B45FC
:00428A9F E840D1FFFF
:00428AA4 C3
:00428AA5
:00428AAA
:00428AAC
:00428AAD
:00428AAE
:00428AAF
:00428AB0
jmp
jmp
pop
pop
pop
pop
ret
E9CEA7FDFF
EBF0
5E
5B
59
5D
C3

call 00425BE4
ret
00403278
00428A9C
esi
ebx
ecx
ebp
:00428AB1 8D4000

|:004374B6 , :004374C6
|
:00428AB4 53
push ebx
:00428AB5 56
push esi
:00428AB6 57
push edi
:00428AB7 55
push ebp
:00428AB8 83C4F4
add esp, FFFFFFF4
:00428ABB 894C2404
:00428ABF 891424
:00428AC2 8BF8
mov edi, eax
:00428AC4 8B9F40010000
:00428ACA 85DB
test ebx, ebx
:00428ACC 740A
je 00428AD8
:00428ACE 53
push ebx
|
:00428ACF E8ECD7FDFF
Call 004062C0
:00428AD4 85C0
test eax, eax
:00428AD6 7504
jne 00428ADC
|:00428ACC(C)
|
:00428AD8 33C0
xor eax, eax
:00428ADA EB02
jmp 00428ADE
|:00428AD6(C)
|
:00428ADC B001
mov al, 01
|:00428ADA(U)
|
:00428ADE 88442408
:00428AE2 807C240800
:00428AE7 741A
:00428AE9 6A00
:00428AEB 6A00
:00428AED 8B44240C
:00428AF1 50
:00428AF2 8B44240C
:00428AF6 50
:00428AF7 8B8740010000
:00428AFD 50

je 00428B03
push 00000000
push 00000000
push eax
push eax
push eax
* Reference To: user32.ScrollWindow, Ord:0000h

|
:00428AFE E87DD8FDFF
Call 00406380
|:00428AE7(C)
|
:00428B03 8BC7
mov eax, edi
:00428B05 E87ED5FFFF
call 00426088
:00428B0A
:00428B0C
:00428B0D
:00428B0F
:00428B11
:00428B12
8BF0
4E
85F6
7C6C
46
33ED
mov esi, eax

dec esi
test esi, esi
jl 00428B7D
inc esi
xor ebp, ebp
|:00428B7B(C)
|
:00428B14 8BD5
:00428B16 8BC7
:00428B18 E82FD5FFFF
:00428B1D 8BD8
:00428B1F 8BC3
:00428B21 8B15CCF94100
:00428B27 E864A2FDFF
:00428B2C 84C0
:00428B2E 7409
:00428B30 83BB4001000000
:00428B37 750F
|:00428B2E(C)
|
:00428B39 8B0424
:00428B3C 014330
:00428B3F 8B442404
:00428B43 014334
:00428B46 EB31
|:00428B37(C)
|
:00428B48 807C240800
:00428B4D 752A
:00428B4F 6A14
:00428B51 8BC3
:00428B53 8B503C
:00428B56 52
:00428B57 8B5038
:00428B5A 52
:00428B5B 8B5034
:00428B5E 03542410
:00428B62 52
:00428B63 8B5030
:00428B66 03542410
:00428B6A 52
:00428B6B 6A00
:00428B6D 8B8040010000
:00428B73 50
mov edx, ebp

mov eax, edi
call 0042604C
mov ebx, eax
mov eax, ebx
call 00402D90
test al, al
je 00428B39
cmp dword ptr [ebx+00000140], 00000000
jne 00428B48
mov
add
mov
add
jmp

00428B79

jne 00428B79
push 00000014
mov eax, ebx
push edx
push edx
add edx, dword ptr [esp+10]
push edx
add edx, dword ptr [esp+10]
push edx
push 00000000
push eax

|
:00428B74 E88FD8FDFF
Call 00406408
|:00428B46(U), :00428B4D(C)
|
:00428B79 45
inc ebp
:00428B7A 4E
:00428B7B 7597
dec esi
jne 00428B14
|:00428B0F(C)
|
:00428B7D 8BC7
:00428B7F E894D0FFFF
:00428B84 83C40C
:00428B87 5D
:00428B88 5F
:00428B89 5E
:00428B8A 5B
:00428B8B C3
:00428B8C
:00428B8D
:00428B90
:00428B92
:00428B94
:00428B96
:00428B98
:00428B9A
push esi
test esi, esi
je 00428BA0
mov edx, eax
mov eax, esi
56
8B7024
85F6
740C
8BD0
8BC6
8B08
FF91B0000000
mov eax, edi

call 00425C18
add esp, 0000000C
pop ebp
pop edi
pop esi
pop ebx
ret

|:00428B92(C)
|
:00428BA0 5E
pop esi
:00428BA1 C3
ret
:00428BA2 8BC0
mov eax, eax

|:00428CAA , :0042959B
|
:00428BA4 53
push ebx
:00428BA5 56
push esi
:00428BA6 57
push edi
:00428BA7 55
push ebp
:00428BA8 8BF2
mov esi, edx
:00428BAA 8BD8
mov ebx, eax
:00428BAC 8B4324
:00428BAF 85C0
test eax, eax
:00428BB1 0F84BF000000
je 00428C76
:00428BB7 8B9028010000
:00428BBD 85D2
test edx, edx
:00428BBF 7403
je 00428BC4
:00428BC1 2B7208
sub esi, dword ptr [edx+08]
|:00428BBF(C)
|
:00428BC4 8B8084010000
:00428BCA 8BD3
:00428BCC E83F40FEFF
:00428BD1 8BF8
:00428BD3 85FF
:00428BD5 7C38

mov edx, ebx
call 0040CC10
mov edi, eax
test edi, edi
jl 00428C0F
:00428BD7
:00428BDA
:00428BE0
:00428BE3
:00428BE5
:00428BE7
8B4324
8B9084010000
8B4208
85F6
7D02
33F6

test esi, esi
jge 00428BE9
xor esi, esi

|:00428BE5(C)
|
:00428BE9 3BC6
cmp eax, esi
:00428BEB 7F03
jg 00428BF0
:00428BED 8BF0
mov esi, eax
:00428BEF 4E
dec esi
|:00428BEB(C)
|
:00428BF0 3BFE
:00428BF2 741B
:00428BF4 8BC2
:00428BF6 8BD7
:00428BF8 E89F3EFEFF
:00428BFD 8B4324
:00428C00 8B8084010000
:00428C06 8BCB
:00428C08 8BD6
:00428C0A E82140FEFF
|:00428BD5(C), :00428BF2(C)
|
:00428C0F 83BB4001000000
:00428C16 745E
:00428C18 85F6
:00428C1A 7507
:00428C1C B801000000
:00428C21 EB3C
|:00428C1A(C)
|
:00428C23 8B4324
:00428C26 8BA884010000
:00428C2C 8B4508
:00428C2F 48
:00428C30 3BF0
:00428C32 7504
:00428C34 33C0
:00428C36 EB27
|:00428C32(C)
|
:00428C38 3BFE
:00428C3A 7D11
:00428C3C 8D5601
:00428C3F 8BC5
:00428C41 E8323FFEFF
:00428C46 E8B5020000
cmp edi, esi

je 00428C0F
mov eax, edx
mov edx, edi
call 0040CA9C
mov ecx, ebx
mov edx, esi
call 0040CC30
cmp dword ptr [ebx+00000140], 00000000

je 00428C76
test esi, esi
jne 00428C23
mov eax, 00000001
jmp 00428C5F
mov
mov
mov
dec
cmp
jne
xor
jmp

ebp, dword ptr [eax+00000184]
eax
esi, eax
00428C38
eax, eax
00428C5F
cmp edi, esi

jge 00428C4D
mov eax, ebp
call 0040CB78
call 00428F00
:00428C4B EB12
jmp 00428C5F
|:00428C3A(C)
|
:00428C4D 3BFE
:00428C4F 7E25
:00428C51 8BC5
:00428C53 8BD6
:00428C55 E81E3FFEFF
:00428C5A E8A1020000

cmp edi, esi
jle 00428C76
mov eax, ebp
mov edx, esi
call 0040CB78
call 00428F00

|:00428C21(U), :00428C36(U), :00428C4B(U)
|
:00428C5F 6A03
push 00000003
:00428C61 6A00
push 00000000
:00428C63 6A00
push 00000000
:00428C65 6A00
push 00000000
:00428C67 6A00
push 00000000
:00428C69 50
push eax
:00428C6A 8B8340010000
:00428C70 50
push eax
|
:00428C71 E892D7FDFF
Call 00406408
|:00428BB1(C), :00428C16(C), :00428C4F(C)
|
:00428C76 5D
pop ebp
:00428C77 5F
pop edi
:00428C78 5E
pop esi
:00428C79 5B
pop ebx
:00428C7A C3
ret
:00428C7B
:00428C7C
:00428C7D
:00428C7E
:00428C81
:00428C83
:00428C85
:00428C87
:00428C89
:00428C8F
:00428C92
:00428C93
90
53
56
8B5824
85DB
742D
84D2
740C
8B9384010000
8B4A08
49
EB02
nop
push ebx
push esi
test ebx, ebx
je 00428CB2
test dl, dl
je 00428C95
dec ecx
jmp 00428C97

|:00428C87(C)
|
:00428C95 33C9
xor ecx, ecx
|:00428C93(U)
|
:00428C97 33D2
xor edx, edx
:00428C99
:00428C9F
:00428CA1
:00428CA3
8BB328010000
85F6
7403
8B5608

test esi, esi
je 00428CA6
|:00428CA1(C)
|
:00428CA6 03CA
:00428CA8 8BD1
:00428CAA E8F5FEFFFF
:00428CAF 5E
:00428CB0 5B
:00428CB1 C3
|:00428C83(C)
|
:00428CB2 8B8840010000
:00428CB8 85C9
:00428CBA 741C
:00428CBC 6A03
:00428CBE 6A00
:00428CC0 6A00
:00428CC2 6A00
:00428CC4 6A00
:00428CC6 83E27F
:00428CC9 0FB71455CC264400
:00428CD1 52
:00428CD2 51
add ecx, edx

mov edx, ecx
call 00428BA4
pop esi
pop ebx
ret

test ecx, ecx
je 00428CD8
push 00000003
push 00000000
push 00000000
push 00000000
push 00000000
and edx, 0000007F
movzx edx, word ptr [2*edx+004426CC]
push edx
push ecx

|
:00428CD3 E830D7FDFF
Call 00406408
|:00428CBA(C)
|
:00428CD8 5E
pop esi
:00428CD9 5B
pop ebx
:00428CDA C3
ret
:00428CDB
:00428CDC
:00428CDD
:00428CDF
:00428CE1
:00428CE2
:00428CE3
:00428CE4
:00428CE6
:00428CE8
:00428CEA
:00428CEB
:00428CF0
:00428CF3
:00428CF6
90
55
8BEC
6A00
53
56
57
8BFA
8BD8
33C0
55
68638D4200
64FF30
648920
F6432010
nop
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, edx
mov ebx, eax
xor eax, eax
push ebp
push 00428D63
test [ebx+20], 10
:00428CFA
:00428CFC
:00428CFE
:00428D00
:00428D02
:00428D07
7415
6A12
6A00
8BC3
E8F9010000
50
je 00428D11
push 00000012
push 00000000
mov eax, ebx
call 00428F00
push eax

|
:00428D08 E843D4FDFF
Call 00406150
:00428D0D 8BF0
mov esi, eax
:00428D0F EB0F
jmp 00428D20
|:00428CFA(C)
|
:00428D11 8BC3
:00428D13 E8E8010000
:00428D18 50

mov eax, ebx
call 00428F00
push eax

|
:00428D19 E82AD4FDFF
Call 00406148
:00428D1E 8BF0
mov esi, eax
|:00428D0F(U)
|
:00428D20 85F6
:00428D22 7521
:00428D24 8D55FC
:00428D27 A11C2C4400
:00428D2C E8F3C0FDFF
:00428D31 8B4DFC
:00428D34 B201
:00428D36 A198B44000
:00428D3B E82CFBFDFF
:00428D40 E86BA5FDFF
|:00428D22(C)
|
:00428D45 8B8340010000
:00428D4B 8907
:00428D4D 33C0
:00428D4F 5A
:00428D50 59
:00428D51 59
:00428D52 648910
:00428D55 686A8D4200
|:00428D68(U)
|
:00428D5A 8D45FC
:00428D5D E856AAFDFF
:00428D62 C3
:00428D63 E910A5FDFF
jmp 00403278
test esi, esi

jne 00428D45
lea edx, dword
mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-04]
ptr [00442C1C]
ptr [ebp-04]
ptr [0040B498]

xor eax, eax
pop edx
pop ecx
pop ecx
push 00428D6A

call 004037B8
ret
:00428D68
:00428D6A
:00428D6C
:00428D6D
:00428D6E
:00428D6F
:00428D70
:00428D71
EBF0
8BC6
5F
5E
5B
59
5D
C3
jmp
mov
pop
pop
pop
pop
pop
ret
:00428D72
:00428D74
:00428D76
:00428D78
:00428D7D
:00428D82
8BC0
6A00
33C9
BA34B00000
E812B4FFFF
C3
mov eax, eax

push 00000000
xor ecx, ecx
mov edx, 0000B034
call 00424194
ret
:00428D83
:00428D84
:00428D85
:00428D86
:00428D88
:00428D8A
:00428D8C
:00428D91
:00428D93
:00428D95
:00428D98
:00428D9A
:00428D9C
:00428D9E
:00428DA3
:00428DA8
90
53
56
8BF2
8BD8
8BC3
E84F050000
84C0
743A
8B4324
85C0
7411
6A00
B901000000
BA34B00000
E8E7B3FFFF
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 004292E0
test al, al
je 00428DCF
test eax, eax
je 00428DAD
push 00000000
mov ecx, 00000001
mov edx, 0000B034
call 00424194
|:00428D9A(C)
|
:00428DAD 837E0400
:00428DB1 751C
:00428DB3 F6434040
:00428DB7 0F95C0
:00428DBA 3401
:00428DBC F6D8
:00428DBE 1BC0
:00428DC0 50
:00428DC1 6A00
:00428DC3 8B8340010000
:00428DC9 50
00428D5A
eax, esi
edi
esi
ebx
ecx
ebp

jne 00428DCF
test [ebx+40], 40
setne al
xor al, 01
neg al
sbb eax, eax
push eax
push 00000000
push eax

|
:00428DCA E8C1D4FDFF
Call 00406290
|:00428D93(C), :00428DB1(C)
|
:00428DCF 5E
:00428DD0 5B
:00428DD1 C3

pop esi
pop ebx
ret
:00428DD2
:00428DD4
:00428DD5
:00428DD7
:00428DD9
:00428DDE
:00428DE0
:00428DE2
:00428DE8
8BC0
53
8BD8
8BC3
E802050000
84C0
740C
8B8340010000
50
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 004292E0
test al, al
je 00428DEE
push eax
* Reference To: user32.UpdateWindow, Ord:0000h

|
:00428DE9 E88AD6FDFF
Call 00406478
|:00428DE0(C)
|
:00428DEE 5B
pop ebx
:00428DEF C3
ret
:00428DF0
:00428DF1
:00428DF3
:00428DF5
:00428DF7
:00428DFA
:00428DFC
:00428DFE
:00428E04
:00428E05
53
8BD8
8BC3
8B10
FF5278
8BC3
8B10
FF9284000000
5B
C3
:00428E06 8BC0
push ebx
mov ebx, eax
mov eax, ebx
call [edx+78]
mov eax, ebx
pop ebx
ret
mov eax, eax

|:004273A8 , :004273DB , :00428584
|
:00428E08 53
push ebx
:00428E09 83C4F0
add esp, FFFFFFF0
:00428E0C 8BD8
mov ebx, eax
:00428E0E 8BD4
mov edx, esp
:00428E10 8BC3
mov eax, ebx
:00428E12 E8419DFFFF
call 00422B58
:00428E17 6A01
push 00000001
:00428E19 6A01
push 00000001
:00428E1B 8D442408
:00428E1F 50
push eax
|
:00428E20 E84BD4FDFF
Call 00406270
:00428E25 6AFF
push FFFFFFFF
:00428E27 8D442404
:00428E2B 50
push eax
:00428E2C 8B4324
:00428E2F 8B8040010000
:00428E35 50
push eax

|
:00428E36 E855D4FDFF
Call 00406290
:00428E3B 83C410
add esp, 00000010
:00428E3E 5B
pop ebx
:00428E3F C3
ret

|:0041D868 , :0041E57E , :0041E5E1 , :004294B2 , :0043853D
|:0043A5C4
|
:00428E40 53
push ebx
:00428E41 56
push esi
:00428E42 51
push ecx
:00428E43 8BD8
mov ebx, eax
:00428E45 C6042400
:00428E49 8BC3
mov eax, ebx
:00428E4B E8C0DD0000
call 00436C10
:00428E50 8BF0
mov esi, eax
:00428E52 85F6
test esi, esi
:00428E54 7420
je 00428E76
:00428E56 3BF3
cmp esi, ebx
:00428E58 7418
je 00428E72
|:00428E70(C)
|
:00428E5A 807B4700
:00428E5E 7416
:00428E60 8BC3
:00428E62 8B10
:00428E64 FF5250
:00428E67 84C0
:00428E69 740B
:00428E6B 8B5B24
:00428E6E 3BF3
:00428E70 75E8

je 00428E76
mov eax, ebx
call [edx+50]
test al, al
je 00428E76
cmp esi, ebx
jne 00428E5A

|:00428E58(C)
|
:00428E72 C6042401
|:00428E54(C), :00428E5E(C), :00428E69(C)
|
:00428E76 8A0424
:00428E79 5A
pop edx
:00428E7A 5E
pop esi
:00428E7B 5B
pop ebx
:00428E7C C3
ret
:00428E7D
:00428E80
:00428E81
:00428E83
8D4000
53
8BD8
8BC3

push ebx
mov ebx, eax
mov eax, ebx
:00428E85
:00428E8A
:00428E8C
:00428E8E
:00428E90
:00428E95
:00428E96
E886DD0000
85C0
7409
8BD3
E8F3170100
5B
C3
|:00428E8C(C)
|
:00428E97 83BB6801000000
:00428E9E 740F
:00428EA0 8BC3
:00428EA2 E859000000
:00428EA7 50
call 00436C10
test eax, eax
je 00428E97
mov edx, ebx
call 0043A688
pop ebx
ret

cmp dword ptr [ebx+00000168], 00000000
je 00428EAF
mov eax, ebx
call 00428F00
push eax

|
:00428EA8 E8FBD4FDFF
Call 004063A8
:00428EAD EB07
jmp 00428EB6
|:00428E9E(C)
|
:00428EAF 8BC3
mov eax, ebx
:00428EB1 E882DD0000
call 00436C38
|:00428EAD(U)
|
:00428EB6 5B
pop ebx
:00428EB7 C3
ret
:00428EB8
:00428EB9
:00428EBB
:00428EC2
53
8BD8
83BB4001000000
740D
push ebx
mov ebx, eax
cmp dword ptr [ebx+00000140], 00000000
je 00428ED1

|
:00428EC4 E897D2FDFF
Call 00406160
:00428EC9 3B8340010000
:00428ECF 7404
je 00428ED5
|:00428EC2(C)
|
:00428ED1 33C0
xor eax, eax
:00428ED3 5B
pop ebx
:00428ED4 C3
ret

|:00428ECF(C)
|
:00428ED5 B001
:00428ED7 5B
:00428ED8 C3
mov al, 01
pop ebx
ret
:00428ED9 8D4000

|:00428EEF , :00428F05 , :0043ED8B
|
:00428EDC 53
push ebx
:00428EDD 8BD8
mov ebx, eax
:00428EDF 83BB4001000000
cmp dword ptr [ebx+00000140], 00000000
:00428EE6 7516
jne 00428EFE
:00428EE8 8B4324
:00428EEB 85C0
test eax, eax
:00428EED 7405
je 00428EF4
:00428EEF E8E8FFFFFF
call 00428EDC
|:00428EED(C)
|
:00428EF4 8BC3
:00428EF6 8B10
:00428EF8 FF9290000000

mov eax, ebx

|:00428EE6(C)
|
:00428EFE 5B
pop ebx
:00428EFF C3
ret
* Referenced
|:0041D95C
|:0041DB56
|:0041DC0B
|:0041E0FE
|:0041E496
|:00420EFC
|:0042127A
|:00423A33
|:0042628C
|:004270C5
|:00427A34
|:00428D02
|:00429007
|:00429E65
|:0042BF77
|:00436DEC
|:004374F8
|:00437681
|:00438A61
|:00438FBC
|:004390D8
|:004395EE
|:00439B99
|:0043A2D2
|:0043A545
by a CALL at
, :0041DA30
, :0041DB77
, :0041DC26
, :0041E1A1
, :00420761
, :00420F21
, :00421886
, :00423D77
, :00426954
, :00427132
, :0042850E
, :00428D13
, :00429D72
, :00429FA7
, :0042C705
, :00436F63
, :00437516
, :004376AF
, :00438B50
, :00438FD7
, :004390F3
, :004398A0
, :00439BA6
, :0043A2EA
, :0043A569
Addresses:
, :0041DA67
, :0041DB9F
, :0041DC46
, :0041E1DE
, :00420832
, :00420FBE
, :0042364A
, :00423E6D
, :00426AE2
, :0042764C
, :0042854B
, :00428EA2
, :00429D95
, :0042A200
, :0042C719
, :00436F9B
, :004375EE
, :0043777D
, :00438B71
, :00439048
, :00439308
, :004399F8
, :00439BCE
, :0043A344
, :0043A799
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0041DAC1
:0041DBD2
:0041DF44
:0041E38C
:00420EA9
:00420FCA
:004236E0
:00423EC6
:00426CB0
:004276AD
:00428C46
:00428FBA
:00429DA7
:0042A25B
:0042CD53
:00437044
:0043761F
:004378A3
:00438B90
:0043905B
:004393E6
:00439A21
:00439BEA
:0043A3C4
:0043A7CD
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
:0041DB35
:0041DBF5
:0041E0E4
:0041E477
:00420ECA
:00421078
:0042374D
:00424D89
:00426DA4
:0042789A
:00428C5A
:00428FD1
:00429DBB
:0042A4EE
:00436DC7
:00437105
:00437650
:00438A52
:00438F9E
:0043907F
:004395C0
:00439B7C
:00439DC5
:0043A4F0
:0043A80F
|:0043A872 , :0043A959
|:0043AD37 , :0043AD72
|:0043AFA5 , :0043AFC2
|:0043B331 , :0043B34B
|:0043B9E7 , :0043BA09
|:0043BB27 , :0043BB3A
|:0043BF1A , :0043C057
|:0043C869 , :0043C883
|:0043E627 , :0043E64A
|:0043F1BA , :0043F1F8
|:0043F841 , :00440753
|
:00428F00 53
:00428F01 8BD8
:00428F03 8BC3
:00428F05 E8D2FFFFFF
:00428F0A 8B8340010000
:00428F10 5B
:00428F11 C3
:00428F12
:00428F14
:00428F15
:00428F16
:00428F17
:00428F18
:00428F1A
:00428F1C
:00428F1E
:00428F1F
:00428F21
:00428F26
:00428F2B
:00428F30
:00428F32
:00428F37
:00428F39
:00428F3A
:00428F3C
:00428F3E
:00428F3F
,
,
,
,
,
,
,
,
,
,
:0043A966
:0043AD94
:0043AFDC
:0043B391
:0043BA2D
:0043BB4C
:0043C0BE
:0043DF1E
:0043E8C5
:0043F2D6
8BC0
53
56
57
55
8BDA
8BF8
6A00
53
33C9
BAFFFFFF7F
B8FFFFFF7F
E86832FEFF
8BC7
E851D1FFFF
8BF0
4E
85F6
7C64
46
33ED
|:00428FA0(C)
|
:00428F41 8BD5
:00428F43 8BC7
:00428F45 E802D1FFFF
:00428F4A 80784700
:00428F4E 750C
:00428F50 F6402010
:00428F54 7448
:00428F56 F6404104
:00428F5A 7542
,
,
,
,
,
,
,
,
,
,
:0043AB28
:0043AE14
:0043B027
:0043B3CE
:0043BA7C
:0043BB6E
:0043C0CC
:0043E603
:0043EA77
:0043F2E7
,
,
,
,
,
,
,
,
,
,
:0043AB3A
:0043AE9D
:0043B048
:0043B9C3
:0043BB15
:0043BB86
:0043C841
:0043E612
:0043EB3A
:0043F82D
push ebx
mov ebx, eax
mov eax, ebx
call 00428EDC
pop ebx
ret
mov eax, eax
push ebx
push esi
push edi
push ebp
mov ebx, edx
mov edi, eax
push 00000000
push ebx
xor ecx, ecx
mov edx, 7FFFFFFF
mov eax, 7FFFFFFF
call 0040C198
mov eax, edi
call 00426088
mov esi, eax
dec esi
test esi, esi
jl 00428FA2
inc esi
xor ebp, ebp
mov edx, ebp
mov eax, edi
call 0042604C
jne 00428F5C
test [eax+20], 10
je 00428F9E
test [eax+41], 04
jne 00428F9E

|:00428F4E(C)
|
:00428F5C 8B13
:00428F5E
:00428F61
:00428F63
:00428F66
3B5030
7E05
8B5030
8913
cmp
jle
mov
mov

00428F68

|:00428F61(C)
|
:00428F68 8B5304
:00428F6B 3B5034
:00428F6E 7E06
jle 00428F76
:00428F70 8B5034
:00428F73 895304
|:00428F6E(C)
|
:00428F76 8B5030
:00428F79 035038
:00428F7C 3B5308
:00428F7F 7E09
jle 00428F8A
:00428F81 8B5030
:00428F84 035038
:00428F87 895308
|:00428F7F(C)
|
:00428F8A 8B5034
:00428F8D 03503C
:00428F90 3B530C
:00428F93 7E09
jle 00428F9E
:00428F95 8B5034
:00428F98 03503C
:00428F9B 89530C
|:00428F54(C), :00428F5A(C), :00428F93(C)
|
:00428F9E 45
inc ebp
:00428F9F 4E
dec esi
:00428FA0 759F
jne 00428F41
|:00428F3C(C)
|
:00428FA2 5D
pop ebp
:00428FA3 5F
pop edi
:00428FA4 5E
pop esi
:00428FA5 5B
pop ebx
:00428FA6 C3
ret
:00428FA7
:00428FA8
:00428FA9
:00428FAA
:00428FAC
:00428FAE
:00428FB0
90
53
56
8BDA
8BF0
33C0
8903
nop
push ebx
push esi
mov ebx, edx
mov esi, eax
xor eax, eax
:00428FB2
:00428FB4
:00428FB7
:00428FB8
:00428FBA
:00428FBF
33C0
894304
53
8BC6
E841FFFFFF
50
xor eax, eax

push ebx
mov eax, esi
call 00428F00
push eax

|
:00428FC0 E863D0FDFF
Call 00406028
:00428FC5 5E
pop esi
:00428FC6 5B
pop ebx
:00428FC7 C3
ret

|:00438BC6
|
:00428FC8 53
push ebx
:00428FC9 56
push esi
:00428FCA 8BF2
mov esi, edx
:00428FCC 8BD8
mov ebx, eax
:00428FCE 56
push esi
:00428FCF 8BC3
mov eax, ebx
:00428FD1 E82AFFFFFF
call 00428F00
:00428FD6 50
push eax
|
:00428FD7 E84CD1FDFF
Call 00406128
:00428FDC 5E
pop esi
:00428FDD 5B
pop ebx
:00428FDE C3
ret
:00428FDF
:00428FE0
:00428FE1
:00428FE2
:00428FE4
:00428FE8
:00428FEA
:00428FEC
:00428FF1
:00428FF3
:00428FF5
:00428FF7
:00428FFA
:00428FFB
:00428FFE
:00428FFF
:00429001
:00429003
:00429005
:00429007
:0042900C
90
53
56
8BF0
F6462001
7533
8BC6
E8EF020000
84C0
7428
6A16
8B463C
50
8B4638
50
6A00
6A00
6A00
8BC6
E8F4FEFFFF
50
nop
push ebx
push esi
mov esi, eax
test [esi+20], 01
jne 0042901D
mov eax, esi
call 004292E0
test al, al
je 0042901D
push 00000016
push eax
push eax
push 00000000
push 00000000
push 00000000
mov eax, esi
call 00428F00
push eax

|
:0042900D
:00429012
:00429014
:00429018
E8F6D3FDFF
8BC6
66BBD6FF
E8D79DFDFF
Call 00406408
mov eax, esi
mov bx, FFD6
call 00402DF4
|:00428FE8(C), :00428FF3(C)
|
:0042901D 5E
:0042901E 5B
:0042901F C3
:00429020
:00429026
:00429028
:0042902E
:00429030
:00429032
:00429037

je 0042903C
push 00000000
xor ecx, ecx
mov edx, 0000B03B
call 00424194
3B9020010000
7414
899020010000
6A00
33C9
BA3BB00000
E858B1FFFF
pop esi
pop ebx
ret

|:00429026(C)
|
:0042903C C3
ret
:0042903D 8D4000
|:004285B5 , :004285C7 , :0043828D
|
:00429040 3A902C010000
:00429046 741B
je 00429063
:00429048 88902C010000
:0042904E C6806401000000
:00429055 6A00
push 00000000
:00429057 33C9
xor ecx, ecx
:00429059 BA10B00000
mov edx, 0000B010
:0042905E E831B1FFFF
call 00424194
|:00429046(C)
|
:00429063 C3
:00429064 8A8064010000
:0042906A 3401
:0042906C C3
:0042906D
:00429070
:00429076
:00429078
:0042907E
:00429082
:00429084
:00429086
:00429088
:0042908D

je 00429092
je 00429092
push 00000000
xor ecx, ecx
mov edx, 0000B011
call 00424194
8D4000
3A9064010000
741A
889064010000
83782400
740E
6A00
33C9
BA11B00000
E802B1FFFF
ret
xor al, 01
ret
|:00429076(C), :00429082(C)
|
:00429092 C3
:00429093 90
ret
nop

|:004290C2
|
:00429094 53
push ebx
:00429095 56
push esi
:00429096 8BD8
mov ebx, eax
:00429098 8B7324
:0042909B 85F6
test esi, esi
:0042909D 7410
je 004290AF
:0042909F 8B8670010000
:004290A5 8BD3
mov edx, ebx
:004290A7 E8643BFEFF
call 0040CC10
:004290AC 5E
pop esi
:004290AD 5B
pop ebx
:004290AE C3
ret

|:0042909D(C)
|
:004290AF 83C8FF
or eax, FFFFFFFF
:004290B2 5E
pop esi
:004290B3 5B
pop ebx
:004290B4 C3
ret
:004290B5 8D4000

|:004254CD , :00429124
|
:004290B8 53
push ebx
:004290B9 56
push esi
:004290BA 57
push edi
:004290BB 55
push ebp
:004290BC 8BF2
mov esi, edx
:004290BE 8BD8
mov ebx, eax
:004290C0 8BC3
mov eax, ebx
:004290C2 E8CDFFFFFF
call 00429094
:004290C7 0FBFC0
movsx eax, ax
:004290CA 85C0
test eax, eax
:004290CC 7C3E
jl 0042910C
:004290CE 8B5324
:004290D1 8BAA70010000
mov ebp, dword ptr [edx+00000170]
:004290D7 8B5508
:004290DA 6685F6
test si, si
:004290DD 7D02
jge 004290E1
:004290DF 33F6
xor esi, esi
|:004290DD(C)
|
:004290E1 0FBFCE
movsx ecx, si
:004290E4 3BD1
cmp edx, ecx
:004290E6 7F03
:004290E8 8BF2
:004290EA 4E
jg 004290EB
mov esi, edx
dec esi
|:004290E6(C)
|
:004290EB 0FBFFE
:004290EE 3BC7
:004290F0 741A
:004290F2 8BD5
:004290F4 92
:004290F5 E8A239FEFF
:004290FA 8BD7
:004290FC 8B4324
:004290FF 8B8070010000
:00429105 8BCB
:00429107 E8243BFEFF
|:004290CC(C), :004290F0(C)
|
:0042910C 5D
:0042910D 5F
:0042910E 5E
:0042910F 5B
:00429110 C3
:00429111
:00429114
:00429118
:0042911A
:0042911D
:00429123

test [eax+44], 08
je 00429124
movsx edx, dx
ret
8D4000
F6404408
740A
0FBFD2
899074010000
C3
movsx edi, si
cmp eax, edi
je 0042910C
mov edx, ebp
xchg eax,edx
call 0040CA9C
mov edx, edi
mov ecx, ebx
call 0040CC30
pop
pop
pop
pop
ret
ebp
edi
esi
ebx

|:00429118(C)
|
call 004290B8
:00429129 C3
ret
:0042912A 8BC0
mov eax, eax

|:0041D8F7 , :0041E407
|
:0042912C 53
push ebx
:0042912D 56
push esi
:0042912E 8BDA
mov ebx, edx
:00429130 8BF0
mov esi, eax
:00429132 3A9E78010000
:00429138 744C
je 00429186
:0042913A 889E78010000
:00429140 8BC6
mov eax, esi
:00429142 E899010000
call 004292E0
:00429147 84C0
test al, al
:00429149
:0042914B
:0042914D
:00429153
742B
6AF0
8B8640010000
50
je 00429176
push FFFFFFF0
push eax

|
:00429154 E8E7D0FDFF
Call 00406240
:00429159 25FFFFFEFF
and eax, FFFEFFFF
:0042915E 84DB
test bl, bl
:00429160 7405
je 00429167
:00429162 0D00000100
or eax, 00010000
|:00429160(C)
|
:00429167 50
:00429168 6AF0
:0042916A 8B8640010000
:00429170 50

push eax
push FFFFFFF0
push eax

|
:00429171 E882D2FDFF
Call 004063F8
|:00429149(C)
|
:00429176 6A00
:00429178 33C9
:0042917A BA28B00000
:0042917F 8BC6
:00429181 E80EB0FFFF

push 00000000
xor ecx, ecx
mov edx, 0000B028
mov eax, esi
call 00424194

|:00429138(C)
|
:00429186 5E
pop esi
:00429187 5B
pop ebx
:00429188 C3
ret
:00429189
:0042918C
:0042918D
:0042918E
:0042918F
:00429191
:00429193
:00429195
:00429197
:00429199
:0042919B
:004291A0
:004291A3
:004291A9
:004291AF
:004291B1
:004291B7
:004291B9
8D4000
53
56
57
8BF9
8BF2
8BD8
8BCF
8BD6
8BC3
E84CC0FFFF
8A4320
220568924200
8A156C924200
3AD0
0F85AB000000
8BC3
E822010000

push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call 004251EC
and al, byte ptr [00429268]
mov dl, byte ptr [0042926C]
cmp dl, al
jne 00429262
mov eax, ebx
call 004292E0
:004291BE
:004291C0
:004291C6
:004291C8
:004291CB
:004291CD
:004291CF
:004291D5
84C0
0F849C000000
8BC6
2B4338
85C0
7408
018358010000
EB30
test al, al
je 00429262
mov eax, esi
test eax, eax
je 004291D7
jmp 00429207
|:004291CD(C)
|
:004291D7 8BB350010000
:004291DD 85F6
:004291DF 7E26
:004291E1 8BC3
:004291E3 E8CC99FFFF
:004291E8 3BF0
:004291EA 741B
:004291EC 8BC3
:004291EE E8C199FFFF
:004291F3 8B9350010000
:004291F9 039358010000
:004291FF 2BC2
:00429201 018358010000

test esi, esi
jle 00429207
mov eax, ebx
call 00422BB4
cmp esi, eax
je 00429207
mov eax, ebx
call 00422BB4
add edx, dword ptr [ebx+00000158]
sub eax, edx

|:004291D5(U), :004291DF(C), :004291EA(C)
|
:00429207 8BC7
mov eax, edi
:00429209 2B433C
sub eax, dword ptr [ebx+3C]
:0042920C 85C0
test eax, eax
:0042920E 7408
je 00429218
:00429210 01835C010000
add dword ptr [ebx+0000015C], eax
:00429216 EB30
jmp 00429248
|:0042920E(C)
|
:00429218 8BB354010000
:0042921E 85F6
:00429220 7E26
:00429222 8BC3
:00429224 E8CF99FFFF
:00429229 3BF0
:0042922B 741B
:0042922D 8BC3
:0042922F E8C499FFFF
:00429234 8B9354010000
:0042923A 03935C010000
:00429240 2BC2
:00429242 01835C010000

test esi, esi
jle 00429248
mov eax, ebx
call 00422BF8
cmp esi, eax
je 00429248
mov eax, ebx
call 00422BF8
sub eax, edx
add dword ptr [ebx+0000015C], eax

|:00429216(U), :00429220(C), :0042922B(C)
|
:00429248 8BC3
mov eax, ebx
:0042924A E86599FFFF
call 00422BB4
:0042924F 898350010000
:00429255 8BC3
mov eax, ebx
:00429257 E89C99FFFF
:0042925C 898354010000
call 00422BF8
|:004291B1(C), :004291C0(C)
|
:00429262 5F
:00429263 5E
:00429264 5B
:00429265 C3
:00429266 0000
BYTE 2 DUP(0)
:00429268 0300
:0042926A 000000000000

BYTE 6 DUP(0)
:00429270
:00429271
:00429273
:00429275
:00429276
:00429277
:00429279
:0042927B
:0042927C
:00429281
:00429284
:00429287
:0042928D
:0042928F
:00429295
:00429299
:0042929C
:0042929E
:004292A0
:004292A2
:004292A5
:004292A7
:004292AB
:004292B0
:004292B3
:004292B9
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, eax
xor eax, eax
push ebp
push 004292D4
cmp dl, byte ptr [esi+00000180]
je 004292BE
mov byte ptr [esi+00000180], dl
test [esi+20], 10
setne al
xor al, 01
test al, dl
je 004292BE
mov eax, esi
mov bx, FFCE
call 00402DF4
call 00404E94
55
8BEC
6A00
53
56
8BF0
33C0
55
68D4924200
64FF30
648920
3A9680010000
742F
889680010000
F6462010
0F95C0
3401
84D0
741C
8D55FC
8BC6
66BBCEFF
E8449BFDFF
8B55FC
8D863C010000
E8D6BBFDFF
|:0042928D(C), :004292A0(C)
|
:004292BE 33C0
:004292C0 5A
:004292C1 59
:004292C2 59
:004292C3 648910
pop edi
pop esi
pop ebx
ret

xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:004292C6 68DB924200
push 004292DB
|:004292D9(U)
|
:004292CB 8D45FC
:004292CE E8A9BBFDFF
:004292D3 C3

call 00404E7C
ret
:004292D4
:004292D9
:004292DB
:004292DC
:004292DD
:004292DE
:004292DF
jmp
jmp
pop
pop
pop
pop
ret
E99F9FFDFF
EBF0
5E
5B
59
5D
C3
|:0041D9E2 , :0041DA1C
|:0041E1D1 , :0041E45E
|:00425B57 , :00425FA1
|:00428534 , :00428569
|:00428DD9 , :00428FEC
|:00429B01 , :00436DBB
|:004383D6 , :00438A2F
|:00439BC1 , :00439BDD
|:00440724
|
:004292E0 83B84001000000
:004292E7 0F95C0
:004292EA C3
:004292EB 90
Addresses:
, :0041DA50
, :0041E4B3
, :00426011
, :00428953
, :00429142
, :00436DE0
, :00438F3E
, :0043F1A6
00403278
004292CB
esi
ebx
ecx
ebp
,
,
,
,
,
,
,
,
:0041DAA6
:00423604
:0042845B
:004289AE
:004291B9
:00437AAA
:004395B3
:0043F2CB
,
,
,
,
,
,
,
,
:0041DB1E
:004236C0
:004284B8
:00428D8C
:0042965F
:00437F53
:00439B60
:0043F821
cmp dword ptr [eax+00000140], 00000000

setne al
ret
nop

|:00426431 , :004273B5 , :0042743C , :00427474
|
:004292EC 53
push ebx
:004292ED 56
push esi
:004292EE 57
push edi
:004292EF 83C4C4
add esp, FFFFFFC4
:004292F2 8BD8
mov ebx, eax
:004292F4 8B8340010000
:004292FA 50
push eax
|
:004292FB E8A8CFFDFF
Call 004062A8
:00429300 85C0
test eax, eax
:00429302 7428
je 0042932C
:00429304 C74424102C000000
mov [esp+10], 0000002C
:0042930C 8D442410
:00429310 50
push eax
:00429311 8B8340010000
:00429317 50
push eax
|
:00429318 E82BCFFDFF
Call 00406248
:0042931D
:00429321
:00429323
:00429328
:00429329
:0042932A
8D74242C
8BFC
B904000000
F3
A5
EB0D
|:00429302(C)
|
:0042932C 54
:0042932D 8B8340010000
:00429333 50
lea esi, dword ptr [esp+2C]

mov edi, esp
mov ecx, 00000004
repz
movsd
jmp 00429339
push esp
push eax

|
:00429334 E817CFFDFF
Call 00406250
|:0042932A(U)
|
:00429339 6AF0
:0042933B 8B8340010000
:00429341 50

push FFFFFFF0
push eax

|
:00429342 E8F9CEFDFF
Call 00406240
:00429347 A900000040
test eax, 40000000
:0042934C 7426
je 00429374
:0042934E 6AF8
push FFFFFFF8
:00429350 8B8340010000
:00429356 50
push eax
|
:00429357 E8E4CEFDFF
Call 00406240
:0042935C 8BF0
mov esi, eax
:0042935E 85F6
test esi, esi
:00429360 7412
je 00429374
:00429362 54
push esp
:00429363 56
push esi
|
:00429364 E80FD0FDFF
Call 00406378
:00429369 8D442408
:0042936D 50
push eax
:0042936E 56
push esi
|
:0042936F E804D0FDFF
Call 00406378
|:0042934C(C), :00429360(C)
|
:00429374 8B4C240C
:00429378 2B4C2404
:0042937C 8B542408

sub ecx, dword ptr [esp+04]
:00429380
:00429383
:00429385
:00429387
:0042938A
:0042938D
:00429390
:00429394
:00429397
:0042939B
:0042939E
:004293A1
:004293A5
:004293A9
:004293AC
:004293AF
:004293B0
:004293B1
:004293B2
2B1424
8BC3
8B30
FF5630
8B0424
894330
8B442404
894334
8B442408
2B0424
894338
8B44240C
2B442404
89433C
83C43C
5F
5E
5B
C3
sub edx, dword ptr [esp]

mov eax, ebx
call [esi+30]
add esp, 0000003C
pop edi
pop esi
pop ebx
ret
:004293B3
:004293B4
:004293B5
:004293B6
:004293B7
:004293B8
:004293B9
:004293BB
:004293BD
:004293C3
:004293C5
:004293C7
:004293CA
:004293CB
:004293CD
:004293CF
:004293D0
90
53
56
57
55
51
8BEA
8BF8
8B8770010000
85C0
743C
8B7008
4E
85F6
7C34
46
C7042400000000
nop
push ebx
push esi
push edi
push ebp
push ecx
mov ebp, edx
mov edi, eax
test eax, eax
je 00429403
dec esi
test esi, esi
jl 00429403
inc esi
|:00429401(C)
|
:004293D7 8B8770010000
:004293DD 8B1424
:004293E0 E89337FEFF
:004293E5 8BD8
:004293E7 8BD3
:004293E9 8BC5
:004293EB E87036FEFF
:004293F0 8BD5
:004293F2 8BC3
:004293F4 66BBBAFF
:004293F8 E8F799FDFF
:004293FD FF0424
:00429400 4E
:00429401 75D4

call 0040CB78
mov ebx, eax
mov edx, ebx
mov eax, ebp
call 0040CA60
mov edx, ebp
mov eax, ebx
mov bx, FFBA
call 00402DF4
inc dword ptr [esp]
dec esi
jne 004293D7

|:004293C5(C), :004293CD(C)
|
:00429403
:00429404
:00429405
:00429406
:00429407
:00429408
5A
5D
5F
5E
5B
C3
:00429409 8D4000
pop
pop
pop
pop
pop
ret
edx
ebp
edi
esi
ebx

|:0042951C , :0043A9CF
|
:0042940C 55
push ebp
:0042940D 8BEC
mov ebp, esp
:0042940F 83C4F0
add esp, FFFFFFF0
:00429412 53
push ebx
:00429413 56
push esi
:00429414 57
push edi
:00429415 884DFF
:00429418 8BF2
mov esi, edx
:0042941A 8BF8
mov edi, eax
:0042941C 33C0
xor eax, eax
:0042941E 8945F8
:00429421 B201
mov dl, 01
:00429423 A154B54000
:00429428 E8C397FDFF
call 00402BF0
:0042942D 8945F0
:00429430 33C0
xor eax, eax
:00429432 55
push ebp
:00429433 68F9944200
push 004294F9
:00429438 64FF30
:0042943B 648920
:0042943E 8B55F0
:00429441 8BC7
mov eax, edi
:00429443 66BBBAFF
mov bx, FFBA
:00429447 E8A899FDFF
call 00402DF4
:0042944C 8B45F0
:0042944F 83780800
:00429453 0F8E8A000000
jle 004294E3
:00429459 8BD6
mov edx, esi
:0042945B 8B45F0
:0042945E E8AD37FEFF
call 0040CC10
:00429463 8945F4
:00429466 837DF4FF
cmp dword ptr [ebp-0C], FFFFFFFF
:0042946A 7517
jne 00429483
:0042946C 807DFF00
:00429470 740C
je 0042947E
:00429472 8B45F0
:00429475 8B4008
:00429478 48
dec eax
:00429479 8945F4
:0042947C EB05
jmp 00429483
|:00429470(C)
|
:0042947E 33C0
xor eax, eax
:00429480 8945F4

|:0042946A(C), :0042947C(U)
|
:00429483 8B5DF4
|:004294E1(C)
|
:00429486 807DFF00
:0042948A 740D
:0042948C 43
:0042948D 8B45F0
:00429490 3B5808
:00429493 750F
:00429495 33DB
:00429497 EB0B

je 00429499
inc ebx
jne 004294A4
xor ebx, ebx
jmp 004294A4

|:0042948A(C)
|
:00429499 85DB
test ebx, ebx
:0042949B 7506
jne 004294A3
:0042949D 8B45F0
:004294A0 8B5808
|:0042949B(C)
|
:004294A3 4B
dec ebx
|:00429493(C), :00429497(U)
|
:004294A4 8BD3
:004294A6 8B45F0
:004294A9 E8CA36FEFF
:004294AE 8BF0
:004294B0 8BC6
:004294B2 E889F9FFFF
:004294B7 84C0
:004294B9 741D
:004294BB 807D0C00
:004294BF 7409
:004294C1 80BE7801000000
:004294C8 740E
|:004294BF(C)
|
:004294CA 807D0800
:004294CE 7405
:004294D0 3B7E24
:004294D3 7503
mov edx, ebx

call 0040CB78
mov esi, eax
mov eax, esi
call 00428E40
test al, al
je 004294D8
je 004294CA
je 004294D8

je 004294D5
jne 004294D8

|:004294CE(C)
|
:004294D5 8975F8
|:004294B9(C), :004294C8(C), :004294D3(C)

|
:004294D8 837DF800
:004294DC 7505
jne 004294E3
:004294DE 3B5DF4
cmp ebx, dword ptr [ebp-0C]
:004294E1 75A3
jne 00429486
|:00429453(C), :004294DC(C)
|
:004294E3 33C0
:004294E5 5A
:004294E6 59
:004294E7 59
:004294E8 648910
:004294EB 6800954200
|:004294FE(U)
|
:004294F0 8B45F0
:004294F3 E82897FDFF
:004294F8 C3
:004294F9
:004294FE
:00429500
:00429503
:00429504
:00429505
:00429506
:00429508
:00429509
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
E97A9DFDFF
EBF0
8B45F8
5F
5E
5B
8BE5
5D
C20800
xor eax, eax

pop edx
pop ecx
pop ecx
push 00429500

call 00402C20
ret
00403278
004294F0
edi
esi
ebx
esp, ebp
ebp
0008

|:0043B42F , :0043B702 , :0043B737
|
:0042950C 55
push ebp
:0042950D 8BEC
mov ebp, esp
:0042950F 56
push esi
:00429510 8BF2
mov esi, edx
:00429512 8B5508
:00429515 52
push edx
:00429516 80F201
xor dl, 01
:00429519 52
push edx
:0042951A 8BD6
mov edx, esi
:0042951C E8EBFEFFFF
call 0042940C
:00429521 8BF0
mov esi, eax
:00429523 85F6
test esi, esi
:00429525 740A
je 00429531
:00429527 8BC6
mov eax, esi
:00429529 8B10
:0042952B FF92B4000000
|:00429525(C)
|
:00429531 5E
:00429532 5D
:00429533 C20400
pop esi
pop ebp
ret 0004
:00429536 8BC0
mov eax, eax

|:00438BE7
|
:00429538 55
push ebp
:00429539 8BEC
mov ebp, esp
:0042953B 83C4F8
add esp, FFFFFFF8
:0042953E 53
push ebx
:0042953F 56
push esi
:00429540 8955F8
:00429543 8945FC
:00429546 8B45FC
:00429549 E83ACBFFFF
call 00426088
:0042954E 8BD8
mov ebx, eax
:00429550 4B
dec ebx
:00429551 85DB
test ebx, ebx
:00429553 7C21
jl 00429576
:00429555 43
inc ebx
:00429556 33F6
xor esi, esi
|:00429574(C)
|
:00429558 8BD6
:0042955A 8B45FC
:0042955D E8EACAFFFF
:00429562 8B5004
:00429565 3B55F8
:00429568 7508
:0042956A 8BD0
:0042956C 8B450C
:0042956F FF5508

mov edx, esi
mov eax, dword
call 0042604C
mov edx, dword
cmp edx, dword
jne 00429572
mov edx, eax
mov eax, dword
call [ebp+08]
ptr [ebp-04]
ptr [eax+04]
ptr [ebp-08]
ptr [ebp+0C]

|:00429568(C)
|
:00429572 46
inc esi
:00429573 4B
dec ebx
:00429574 75E2
jne 00429558
|:00429553(C)
|
:00429576 5E
pop esi
:00429577 5B
pop ebx
:00429578 59
pop ecx
:00429579 59
pop ecx
:0042957A 5D
pop ebp
:0042957B C20800
ret 0008
:0042957E 8BC0
mov eax, eax
|:00438C93
|
:00429580 53
:00429581 56
:00429582 8BF1
:00429584 8BDA
:00429586 8BC3
:00429588 8B15CCF94100
:0042958E E8FD97FDFF
:00429593 84C0
:00429595 740C
:00429597 8BD6
:00429599 8BC3
:0042959B E804F6FFFF
:004295A0 5E
:004295A1 5B
:004295A2 C3
push ebx
push esi
mov esi, ecx
mov ebx, edx
mov eax, ebx
call 00402D90
test al, al
je 004295A3
mov edx, esi
mov eax, ebx
call 00428BA4
pop esi
pop ebx
ret

|:00429595(C)
|
:004295A3 8BC3
mov eax, ebx
|
:004295A5 8B15BCF44100
:004295AB E8E097FDFF
call 00402D90
:004295B0 84C0
test al, al
:004295B2 7409
je 004295BD
:004295B4 8BD6
mov edx, esi
:004295B6 8BC3
mov eax, ebx
:004295B8 E83B9EFFFF
call 004233F8
|:004295B2(C)
|
:004295BD 5E
pop esi
:004295BE 5B
pop ebx
:004295BF C3
ret
:004295C0 E8FFA9FFFF
:004295C5 C3
call 00423FC4
ret
:004295C6 8BC0
mov eax, eax

|:0042977A
|
:004295C8 55
push ebp
:004295C9 8BEC
mov ebp, esp
:004295CB 53
push ebx
:004295CC 56
push esi
:004295CD 57
push edi
:004295CE 8BFA
mov edi, edx
:004295D0 8BF0
mov esi, eax
:004295D2 8B4668
:004295D5
:004295D9
:004295DB
:004295DE
:004295E1
:004295E3
83781400
760A
8B5668
8B5214
8917
EB04
cmp
jbe
mov
mov
mov
jmp
dword ptr [eax+14], 00000000

004295E5
edx, dword ptr [esi+68]
edx, dword ptr [edx+14]
dword ptr [edi], edx
004295E9

|:004295D9(C)
|
:004295E5 33D2
xor edx, edx
:004295E7 8917
|:004295E3(U)
|
:004295E9 83781000
:004295ED 760A
:004295EF 8B5668
:004295F2 8B5210
:004295F5 8911
:004295F7 EB04

cmp
jbe
mov
mov
mov
jmp
dword ptr [eax+10], 00000000

004295F9
edx, dword ptr [edx+10]
dword ptr [ecx], edx
004295FD

|:004295ED(C)
|
:004295F9 33D2
xor edx, edx
:004295FB 8911
mov dword ptr [ecx], edx
|:004295F7(U)
|
:004295FD 83780C00
:00429601 760D
:00429603 8B5668
:00429606 8B520C
:00429609 8B5D0C
:0042960C 8913
:0042960E EB07

cmp
jbe
mov
mov
mov
mov
jmp
dword ptr [eax+0C], 00000000

00429610
edx, dword ptr [edx+0C]
ebx, dword ptr [ebp+0C]
00429617

|:00429601(C)
|
:00429610 8B550C
:00429613 33DB
xor ebx, ebx
:00429615 891A
mov dword ptr [edx], ebx
|:0042960E(U)
|
:00429617 83780800
:0042961B 760D
:0042961D 8B4668
:00429620 8B4008
:00429623 8B5508
:00429626 8902
:00429628 EB07

cmp
jbe
mov
mov
mov
mov
jmp
dword ptr [eax+08], 00000000

0042962A
00429631

|:0042961B(C)
|
:0042962A 8B4508
:0042962D 33D2
:0042962F 8910

xor edx, edx

|:00429628(U)
|
:00429631 8B450C
:00429634 50
push eax
:00429635 8B4508
:00429638 50
push eax
:00429639 8BD7
mov edx, edi
:0042963B 8BC6
mov eax, esi
:0042963D 8B18
:0042963F FF533C
call [ebx+3C]
:00429642 5F
pop edi
:00429643 5E
pop esi
:00429644 5B
pop ebx
:00429645 5D
pop ebp
:00429646 C20800
ret 0008
:00429649 8D4000

|:00429A2E
|
:0042964C 55
push ebp
:0042964D 8BEC
mov ebp, esp
:0042964F 83C4A0
add esp, FFFFFFA0
:00429652 53
push ebx
:00429653 56
push esi
:00429654 57
push edi
:00429655 894DF8
:00429658 8955FC
:0042965B 8BF0
mov esi, eax
:0042965D 8BC6
mov eax, esi
:0042965F E87CFCFFFF
call 004292E0
:00429664 84C0
test al, al
:00429666 0F8495030000
je 00429A01
:0042966C 8BC6
mov eax, esi
:0042966E E815CAFFFF
call 00426088
:00429673 85C0
test eax, eax
:00429675 0F8486030000
je 00429A01
:0042967B 8D55A0
:0042967E 8BC6
mov eax, esi
:00429680 8B08
:00429682 FF5144
call [ecx+44]
:00429685 8D55A0
:00429688 8BC6
mov eax, esi
:0042968A 8B08
:0042968C FF9188000000
:00429692 8B4638
:00429695 8B55A8
:00429698 2B55A0
:0042969B 2BC2
sub eax, edx
:0042969D 8945F4
:004296A0 8B563C
:004296A3 8B4DAC
:004296A6
:004296A9
:004296AB
:004296AE
:004296B1
:004296B4
:004296B7
:004296BA
:004296BC
:004296BF
:004296C2
2B4DA4
2BD1
8955F0
8945EC
8955E8
8B45FC
833800
7E08
8B45FC
8B55F4
2910
sub
sub
mov
mov
mov
mov
cmp
jle
mov
mov
sub
ecx, dword ptr [ebp-5C]

edx, ecx
dword ptr [eax], 00000000
004296C4

|:004296BA(C)
|
:004296C4 8B45F8
:004296C7 833800
:004296CA 7E08
jle 004296D4
:004296CC 8B45F8
:004296CF 8B55F0
:004296D2 2910
sub dword ptr [eax], edx
|:004296CA(C)
|
:004296D4 8B450C
:004296D7 833800
:004296DA 7E08
jle 004296E4
:004296DC 8B450C
:004296DF 8B55EC
:004296E2 2910
|:004296DA(C)
|
:004296E4 8B4508
:004296E7 833800
:004296EA 7E08
jle 004296F4
:004296EC 8B4508
:004296EF 8B55E8
:004296F2 2910
|:004296EA(C)
|
:004296F4 33C9
:004296F6 55
:004296F7 68FA994200
:004296FC 64FF31
:004296FF 648921
:00429702 33C0
:00429704 8945E0
:00429707 33C0
:00429709 8945D0
:0042970C 33C0
:0042970E 8945DC
:00429711 33C0
:00429713 8945CC
:00429716 33C0
:00429718 8945D8

xor ecx, ecx
push ebp
push 004299FA
mov dword ptr fs:[ecx],
xor eax, eax
xor eax, eax
xor eax, eax
xor eax, eax
xor eax, eax
esp
eax
eax
eax
eax
eax
:0042971B
:0042971D
:00429720
:00429722
:00429725
:00429727
:0042972A
:0042972C
:00429731
:00429733
:00429734
:00429736
:0042973C
:0042973D
33C0
8945C8
33C0
8945D4
33C0
8945C4
8BC6
E857C9FFFF
8BF8
4F
85FF
0F8CE8010000
47
C745E400000000
xor eax, eax

mov dword ptr
xor eax, eax
mov dword ptr
xor eax, eax
mov dword ptr
mov eax, esi
call 00426088
mov edi, eax
dec edi
test edi, edi
jl 00429924
inc edi
mov [ebp-1C],
[ebp-38], eax
[ebp-2C], eax
[ebp-3C], eax
00000000
|:0042991E(C)
|
:00429744 8B55E4
:00429747 8BC6
:00429749 E8FEC8FFFF
:0042974E 8BD8
:00429750 807B4700
:00429754 7514
:00429756 F6432010
:0042975A 0F84BA010000
:00429760 F6434104
:00429764 0F85B0010000
|:00429754(C)
|
:0042976A 8D45BC
:0042976D 50
:0042976E 8D45B4
:00429771 50
:00429772 8D4DB8
:00429775 8D55C0
:00429778 8BC3
:0042977F 8A434B
:00429782 2C01
:00429784 7216
:00429786 2C02
:00429788 7206
:0042978A 2C02
:0042978C 7408
:0042978E EB55

mov eax, esi
call 0042604C
mov ebx, eax
jne 0042976A
test [ebx+20], 10
je 0042991A
test [ebx+41], 04
jne 0042991A

push eax
push eax
mov eax, ebx
call 004295C8
sub al, 01
jb 0042979C
sub al, 02
jb 00429790
sub al, 02
je 00429796
jmp 004297E5

|:00429788(C)
|
:00429790 C645B301
mov [ebp-4D], 01
:00429794 EB53
jmp 004297E9
|:0042978C(C)
|
:00429796 C645B302
mov [ebp-4D], 02
:0042979A EB4D
jmp 004297E9
|:00429784(C)
|
:0042979C 8A4360
:0042979F 22050C9A4200
:004297A5 8A150C9A4200
:004297AB 3AD0
:004297AD 7530
:004297AF C645B301
:004297B3 837DC000
:004297B7 7E0F
:004297B9 8B45A8
:004297BC 2B45A0
:004297BF 2B4338
:004297C2 2B45C0
:004297C5 8945C0
|:004297B7(C)
|
:004297C8 837DBC00
:004297CC 7E1B
:004297CE 8B45A8
:004297D1 2B45A0
:004297D4 0345BC
:004297D7 2B4338
:004297DA 8945BC
:004297DD EB0A
mov
and
mov
cmp
jne
mov
cmp
jle
mov
sub
sub
sub
mov
cmp
jle
mov
sub
add
sub
mov
jmp
al, byte ptr [ebx+60]

al, byte ptr [00429A0C]
dl, byte ptr [00429A0C]
dl, al
004297DF
[ebp-4D], 01
dword ptr [ebp-40], 00000000
004297C8
dword ptr [ebp-44], 00000000

004297E9
004297E9

|:004297AD(C)
|
:004297DF C645B300
mov [ebp-4D], 00
:004297E3 EB04
jmp 004297E9
|:0042978E(U)
|
:004297E5 C645B303
mov [ebp-4D], 03
|:00429794(U), :0042979A(U), :004297CC(C), :004297DD(U), :004297E3(U)
|
:004297E9 8A434B
:004297EC 2C01
sub al, 01
:004297EE 7212
jb 00429802
:004297F0 04FE
add al, FE
:004297F2 2C02
sub al, 02
:004297F4 7204
jb 004297FA
:004297F6 7406
je 004297FE
:004297F8 EB4D
jmp 00429847
|:004297F4(C)
|
:004297FA B001
mov al, 01
:004297FC EB4B
jmp 00429849
|:004297F6(C)
|
:004297FE B002
:00429800 EB47
mov al, 02
jmp 00429849
|:004297EE(C)
|
:00429802 8A4360
:00429805 2205109A4200
:0042980B 8A15109A4200
:00429811 3AD0
:00429813 752E
:00429815 B001
:00429817 837DB800
:0042981B 7E0F
:0042981D 8B55AC
:00429820 2B55A4
:00429823 2B533C
:00429826 2B55B8
:00429829 8955B8
|:0042981B(C)
|
:0042982C 837DB400
:00429830 7E17
:00429832 8B55AC
:00429835 2B55A4
:00429838 0355B4
:0042983B 2B533C
:0042983E 8955B4
:00429841 EB06
mov
and
mov
cmp
jne
mov
cmp
jle
mov
sub
sub
sub
mov
cmp
jle
mov
sub
add
sub
mov
jmp

al, byte ptr [00429A10]
dl, byte ptr [00429A10]
dl, al
00429843
al, 01
dword ptr [ebp-48], 00000000
0042982C
edx, dword ptr [ebp-54]
edx, dword ptr [ebx+3C]
dword ptr [ebp-4C], 00000000

00429849
edx, dword ptr [ebx+3C]
dword ptr [ebp-4C], edx
00429849

|:00429813(C)
|
:00429843 33C0
xor eax, eax
:00429845 EB02
jmp 00429849
|:004297F8(U)
|
:00429847 B003
mov al, 03
|:004297FC(U), :00429800(U), :00429830(C), :00429841(U), :00429845(U)
|
:00429849 8A55B3
mov dl, byte ptr [ebp-4D]
:0042984C FECA
dec dl
:0042984E 740A
je 0042985A
:00429850 FECA
dec dl
:00429852 7438
je 0042988C
:00429854 FECA
dec dl
:00429856 7452
je 004298AA
:00429858 EB59
jmp 004298B3
|:0042984E(C)
|
:0042985A
:0042985E
:00429860
:00429863
:00429865
:00429868
:0042986A
:0042986D
:00429870
837DC000
7E12
8B55FC
8B12
3B55C0
7D08
8B55FC
8B4DC0
890A
cmp
jle
mov
mov
cmp
jge
mov
mov
mov
dword ptr [ebp-40], 00000000

00429872
edx, dword ptr [edx]
00429872
|:0042985E(C), :00429868(C)
|
:00429872 837DBC00
:00429876 7E3B
:00429878 8B550C
:0042987B 8B12
:0042987D 3B55BC
:00429880 7E31
:00429882 8B550C
:00429885 8B4DBC
:00429888 890A
:0042988A EB27
|:00429852(C)
|
:0042988C 8B55C0
:0042988F 0155E0
:00429892 837DBC00
:00429896 7E08
:00429898 8B55BC
:0042989B 0155DC
:0042989E EB13
cmp
jle
mov
mov
cmp
jle
mov
mov
mov
jmp
mov
add
cmp
jle
mov
add
jmp
dword ptr [ebp-44], 00000000

004298B3
edx, dword ptr [ebp+0C]
edx, dword ptr [edx]
004298B3
edx, dword ptr [ebp+0C]
004298B3

dword ptr [ebp-44], 00000000
004298A0
004298B3

|:00429896(C)
|
:004298A0 8B550C
:004298A3 8B12
:004298A5 8955DC
:004298A8 EB09
jmp 004298B3
|:00429856(C)
|
:004298AA 8B5338
:004298AD 0155D0
add dword ptr [ebp-30], edx
:004298B0 0155CC
add dword ptr [ebp-34], edx
|:00429858(U), :00429876(C), :00429880(C), :0042988A(U), :0042989E(U)
|:004298A8(U)
|
:004298B3 FEC8
dec al
:004298B5 740A
je 004298C1
:004298B7 FEC8
dec al
:004298B9 7438
je 004298F3
:004298BB FEC8
dec al
:004298BD 7452
je 00429911
:004298BF EB59
jmp 0042991A
|:004298B5(C)
|
:004298C1 837DB800
:004298C5 7E12
:004298C7 8B45F8
:004298CA 8B00
:004298CC 3B45B8
:004298CF 7D08
:004298D1 8B45F8
:004298D4 8B55B8
:004298D7 8910
|:004298C5(C), :004298CF(C)
|
:004298D9 837DB400
:004298DD 7E3B
:004298DF 8B4508
:004298E2 8B00
:004298E4 3B45B4
:004298E7 7E31
:004298E9 8B4508
:004298EC 8B55B4
:004298EF 8910
:004298F1 EB27
|:004298B9(C)
|
:004298F3 8B45B8
:004298F6 0145D8
:004298F9 837DB400
:004298FD 7E08
:004298FF 8B45B4
:00429902 0145D4
:00429905 EB13
cmp
jle
mov
mov
cmp
jge
mov
mov
mov
cmp
jle
mov
mov
cmp
jle
mov
mov
mov
jmp
mov
add
cmp
jle
mov
add
jmp
dword ptr [ebp-48], 00000000

004298D9
004298D9

0042991A
0042991A
0042991A

00429907
0042991A

|:004298FD(C)
|
:00429907 8B4508
:0042990A 8B00
:0042990C 8945D4
:0042990F EB09
jmp 0042991A
|:004298BD(C)
|
:00429911 8B433C
:00429914 0145C8
:00429917 0145C4
|:0042975A(C), :00429764(C), :004298BF(U), :004298DD(C), :004298E7(C)
|:004298F1(U), :00429905(U), :0042990F(U)
|
:0042991A FF45E4
inc [ebp-1C]
:0042991D 4F
:0042991E 0F8520FEFFFF
dec edi
jne 00429744
|:00429736(C)
|
:00429924 837DE000
:00429928 7E18
:0042992A 8B45E0
:0042992D 0345D0
:00429930 8B55FC
:00429933 3B02
:00429935 7E0B
:00429937 8B45E0
:0042993A 0345D0
:0042993D 8B55FC
:00429940 8902
|:00429928(C), :00429935(C)
|
:00429942 837DDC00
:00429946 7E20
:00429948 8B450C
:0042994B 833800
:0042994E 740D
:00429950 8B45DC
:00429953 0345CC
:00429956 8B550C
:00429959 3B02
:0042995B 7D0B
cmp
jle
mov
add
mov
cmp
jle
mov
add
mov
mov
dword ptr [ebp-20], 00000000

00429942
eax, dword ptr [edx]
00429942

jle 00429968
je 0042995D
cmp eax, dword ptr [edx]
jge 00429968

|:0042994E(C)
|
:0042995D 8B45DC
:00429960 0345CC
:00429963 8B550C
:00429966 8902
|:00429946(C), :0042995B(C)
|
:00429968 837DD800
:0042996C 7E18
:0042996E 8B45D8
:00429971 0345C8
:00429974 8B55F8
:00429977 3B02
:00429979 7E0B
:0042997B 8B45D8
:0042997E 0345C8
:00429981 8B55F8
:00429984 8902

cmp
jle
mov
add
mov
cmp
jle
mov
add
mov
mov
dword ptr [ebp-28], 00000000

00429986
00429986

|:0042996C(C), :00429979(C)
|
:00429986 837DD400
:0042998A 7E20
jle 004299AC
:0042998C
:0042998F
:00429992
:00429994
:00429997
:0042999A
:0042999D
:0042999F
8B4508
833800
740D
8B45D4
0345C4
8B5508
3B02
7D0B

je 004299A1
cmp eax, dword ptr [edx]
jge 004299AC

|:00429992(C)
|
:004299A1 8B45D4
:004299A4 0345C4
:004299A7 8B5508
:004299AA 8902
|:0042998A(C), :0042999F(C)
|
:004299AC 33C0
:004299AE 5A
:004299AF 59
:004299B0 59
:004299B1 648910

xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:004299B4 68019A4200
push 00429A01
|:004299FF(U)
|
:004299B9 8B45FC
:004299BC 833800
:004299BF 7E08
jle 004299C9
:004299C1 8B45FC
:004299C4 8B55F4
:004299C7 0110
add dword ptr [eax], edx
|:004299BF(C)
|
:004299C9 8B45F8
:004299CC 833800
:004299CF 7E08
jle 004299D9
:004299D1 8B45F8
:004299D4 8B55F0
:004299D7 0110
|:004299CF(C)
|
:004299D9 8B450C
:004299DC 833800
:004299DF 7E08
jle 004299E9
:004299E1 8B450C
:004299E4 8B55EC
:004299E7 0110

|:004299DF(C)
|
:004299E9 8B4508
:004299EC 833800
:004299EF 7E08
jle 004299F9
:004299F1 8B4508
:004299F4 8B55E8
:004299F7 0110
|:004299EF(C)
|
:004299F9 C3
:004299FA E97998FDFF
:004299FF EBB8
|:00429666(C), :00429675(C)
|
:00429A01 5F
:00429A02 5E
:00429A03 5B
:00429A04 8BE5
:00429A06 5D
:00429A07 C20800
:00429A0A 0000
BYTE 2 DUP(0)
:00429A0C 050000000A
:00429A11 000000
add eax, 0A000000

BYTE 3 DUP(0)
:00429A14
:00429A15
:00429A17
:00429A18
:00429A19
:00429A1A
:00429A1C
:00429A1E
:00429A20
:00429A23
:00429A24
:00429A27
:00429A28
:00429A2A
:00429A2C
:00429A2E
:00429A33
:00429A36
:00429A37
:00429A3A
:00429A3B
:00429A3D
:00429A3F
:00429A41
:00429A46
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov eax, dword
push eax
mov eax, dword
push eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call 0042964C
mov eax, dword
push eax
mov eax, dword
push eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call 00424090
pop edi
55
8BEC
53
56
57
8BF9
8BF2
8BD8
8B450C
50
8B4508
50
8BCF
8BD6
8BC3
E819FCFFFF
8B450C
50
8B4508
50
8BCF
8BD6
8BC3
E84AA6FFFF
5F
ret
jmp 00403278
jmp 004299B9
pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp
0008
ptr [ebp+0C]
ptr [ebp+08]
ptr [ebp+0C]
ptr [ebp+08]
:00429A47
:00429A48
:00429A49
:00429A4A
5E
5B
5D
C20800
:00429A4D 8D4000
pop
pop
pop
ret
esi
ebx
ebp
0008

|:0041E307
|
:00429A50 53
push ebx
:00429A51 56
push esi
:00429A52 57
push edi
:00429A53 8BD9
mov ebx, ecx
:00429A55 8BF2
mov esi, edx
:00429A57 8BF8
mov edi, eax
:00429A59 8BCB
mov ecx, ebx
:00429A5B 8BD6
mov edx, esi
:00429A5D 8BC7
mov eax, edi
:00429A5F E838B3FFFF
call 00424D9C
:00429A64 8BC6
mov eax, esi
:00429A66 8B15F4D74200
:00429A6C E81F93FDFF
call 00402D90
:00429A71 84C0
test al, al
:00429A73 7416
je 00429A8B
:00429A75 84DB
test bl, bl
:00429A77 7409
je 00429A82
:00429A79 83BF4401000000
cmp dword ptr [edi+00000144], 00000000
:00429A80 7509
jne 00429A8B
|:00429A77(C)
|
:00429A82 8B4654
:00429A85 898744010000
|:00429A73(C), :00429A80(C)
|
:00429A8B 5F
:00429A8C 5E
:00429A8D 5B
:00429A8E C3
:00429A8F 90
:00429A90 A120F84100
:00429A95 C3
nop
ret
:00429A96
:00429A98
:00429A99
:00429A9A
:00429A9C
:00429A9F
:00429AA1
:00429AA3
:00429AA5
mov eax, eax

push ebx
push esi
mov ebx, eax
test esi, esi
je 00429AB3
mov eax, esi
8BC0
53
56
8BD8
8B735C
85F6
7410
8BC6
8B10
pop edi
pop esi
pop ebx
ret
:00429AA7
:00429AAA
:00429AAC
:00429AAE
:00429AB0
:00429AB1
:00429AB2
FF5228
84C0
7405
33C0
5E
5B
C3
call [edx+28]
test al, al
je 00429AB3
xor eax, eax
pop esi
pop ebx
ret
|:00429AA1(C), :00429AAC(C)
|
:00429AB3 B001
:00429AB5 5E
:00429AB6 5B
:00429AB7 C3
:00429AB8
:00429AB9
:00429ABA
:00429ABC
:00429ABE
:00429AC0
:00429AC2
:00429AC7
:00429AC9
:00429ACF
:00429AD4
:00429AD6
:00429AD8
:00429ADE
:00429AE0
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00424F6C
mov eax, esi
call 00402D90
test al, al
je 00429AE5
mov eax, esi
call 0042E19C
53
56
8BF2
8BD8
8BD6
8BC3
E8A5B4FFFF
8BC6
8B15F4D74200
E8BC92FDFF
84C0
740D
8B9344010000
8BC6
E8B7460000
mov al, 01
pop esi
pop ebx
ret

|:00429AD6(C)
|
:00429AE5 5E
pop esi
:00429AE6 5B
pop ebx
:00429AE7 C3
ret
:00429AE8
:00429AE9
:00429AEB
:00429AEE
:00429AEF
:00429AF0
:00429AF1
:00429AF4
:00429AF7
:00429AFA
:00429AFE
:00429B01
:00429B06
:00429B08
:00429B0E
:00429B11
:00429B15
55
8BEC
83C4CC
53
56
57
894DF4
8955F8
8945FC
C645F301
8B45FC
E8DAF7FFFF
84C0
0F8499010000
8B45FC
80784B05
0F848C010000
push ebp
mov ebp, esp
add esp, FFFFFFCC
push ebx
push esi
push edi
mov [ebp-0D], 01
call 004292E0
test al, al
je 00429CA7
je 00429CA7
:00429B1B
:00429B1E
:00429B22
:00429B24
:00429B27
:00429B2C
:00429B2E
8B45FC
F6402010
7410
8B45FC
E85CC5FFFF
85C0
0F8E73010000

test [eax+20], 10
je 00429B34
call 00426088
test eax, eax
jle 00429CA7
|:00429B22(C)
|
:00429B34 8D55DC
:00429B37 8B45FC
:00429B3A 8B08
:00429B3C FF91A8000000
:00429B42 8D55CC
:00429B45 8B45FC
:00429B48 8B08
:00429B4A FF5144
:00429B4D 8D55CC
:00429B50 8B45FC
:00429B53 8B08
:00429B55 FF9188000000
:00429B5B 8B45FC
:00429B5E E879C0FFFF
:00429B63 33D2
:00429B65 55
:00429B66 68149C4200
:00429B6B 64FF32
:00429B6E 648922
:00429B71 8B45FC
:00429B74 E80FC5FFFF
:00429B79 8BD8
:00429B7B 4B
:00429B7C 85DB
:00429B7E 7C76
:00429B80 43
:00429B81 C745EC00000000
|:00429BF4(C)
|
:00429B88 8B55EC
:00429B8B 8B45FC
:00429B8E E8B9C4FFFF
:00429B93 80784700
:00429B97 750C
:00429B99 F6402010
:00429B9D 7451
:00429B9F F6404104
:00429BA3 754B

call dword ptr [ecx+000000A8]
call [ecx+44]
call 00425BDC
xor edx, edx
push ebp
push 00429C14
call 00426088
mov ebx, eax
dec ebx
test ebx, ebx
jl 00429BF6
inc ebx
mov [ebp-14], 00000000

call 0042604C
jne 00429BA5
test [eax+20], 10
je 00429BF0
test [eax+41], 04
jne 00429BF0

|:00429B97(C)
|
:00429BA5 8B55FC
:00429BA8 8A524B
mov dl, byte ptr [edx+4B]
:00429BAB 84D2
test dl, dl
:00429BAD 7408
je 00429BB7
:00429BAF 80C2FD
add dl, FD
:00429BB2 80EA02
:00429BB5 7308
sub dl, 02
jnb 00429BBF

|:00429BAD(C)
|
:00429BB7 8B75DC
:00429BBA 2B75CC
:00429BBD EB02
jmp 00429BC1
|:00429BB5(C)
|
:00429BBF 33F6
xor esi, esi
|:00429BBD(U)
|
:00429BC1 8B55FC
:00429BC4 8A524B
mov dl, byte ptr [edx+4B]
:00429BC7 80EA03
sub dl, 03
:00429BCA 7308
jnb 00429BD4
:00429BCC 8B7DE0
:00429BCF 2B7DD0
sub edi, dword ptr [ebp-30]
:00429BD2 EB02
jmp 00429BD6
|:00429BCA(C)
|
:00429BD4 33FF
xor edi, edi
|:00429BD2(U)
|
:00429BD6 8B5038
:00429BD9 52
:00429BDA 8B503C
:00429BDD 52
:00429BDE 8B4834
:00429BE1 2BCF
:00429BE3 8B5030
:00429BE6 2BD6
:00429BE8 8B30
:00429BEA FF9680000000
|:00429B9D(C), :00429BA3(C)
|
:00429BF0 FF45EC
:00429BF3 4B
:00429BF4 7592
mov edx, dword

push edx
mov edx, dword
push edx
mov ecx, dword
sub ecx, edi
mov edx, dword
sub edx, esi
mov esi, dword
call dword ptr
ptr [eax+38]
ptr [eax+3C]
ptr [eax+34]
ptr [eax+30]
ptr [eax]
[esi+00000080]
inc [ebp-14]
dec ebx
jne 00429B88

|:00429B7E(C)
|
:00429BF6 33C0
xor eax, eax
:00429BF8 5A
pop edx
:00429BF9 59
pop ecx
:00429BFA 59
pop ecx
:00429BFB 648910
:00429BFE 681B9C4200
push 00429C1B
|:00429C19(U)
|
:00429C03 8B45FC
:00429C06 66836044EF
:00429C0B 8B45FC
:00429C0E E8D1BFFFFF
:00429C13 C3
:00429C14
:00429C19
:00429C1B
:00429C1E
:00429C21
:00429C23
:00429C25
:00429C27
:00429C29
:00429C2B
jmp 00403278
jmp 00429C03
mov dl, byte ptr [eax+4B]
mov eax, edx
test al, al
je 00429C2D
add al, FD
sub al, 02
jnb 00429C64
E95F96FDFF
EBE8
8B45FC
8A504B
8BC2
84C0
7406
04FD
2C02
7337
|:00429C25(C)
|
:00429C2D 8B45E4
:00429C30 2B45DC
:00429C33 85C0
:00429C35 7E26
:00429C37 8B4DFC
:00429C3A 034138
:00429C3D 8B4DD4
:00429C40 2B4DCC
:00429C43 2BC1
:00429C45 8B4DF8
:00429C48 8901
:00429C4A 80FA04
:00429C4D 7515
:00429C4F 8B45FC
:00429C52 66BBD6FF
:00429C56 E89991FDFF
:00429C5B EB07

and word ptr [eax+44], FFEF
call 00425BE4
ret

test eax, eax
jle 00429C5D
add eax, dword ptr [ecx+38]
sub ecx, dword ptr [ebp-34]
sub eax, ecx
cmp dl, 04
jne 00429C64
mov bx, FFD6
call 00402DF4
jmp 00429C64

|:00429C35(C)
|
:00429C5D 8B45F8
:00429C60 33D2
xor edx, edx
:00429C62 8910
|:00429C2B(C), :00429C4D(C), :00429C5B(U)
|
:00429C64 8B45FC
:00429C67 8A504B
mov dl, byte ptr [eax+4B]
:00429C6A 8BC2
mov eax, edx
:00429C6C 2C03
sub al, 03
:00429C6E 7337
jnb 00429CA7
:00429C70 8B45E8
:00429C73
:00429C76
:00429C78
:00429C7A
:00429C7D
:00429C80
:00429C83
:00429C86
:00429C88
:00429C8B
:00429C8D
:00429C90
:00429C92
:00429C95
:00429C99
:00429C9E
2B45E0
85C0
7E26
8B4DFC
03413C
8B4DD8
2B4DD0
2BC1
8B4DF4
8901
80FA02
7515
8B45FC
66BBD6FF
E85691FDFF
EB07

test eax, eax
jle 00429CA0
add eax, dword ptr [ecx+3C]
sub ecx, dword ptr [ebp-30]
sub eax, ecx
cmp dl, 02
jne 00429CA7
mov bx, FFD6
call 00402DF4
jmp 00429CA7

|:00429C78(C)
|
:00429CA0 8B45F4
:00429CA3 33D2
xor edx, edx
:00429CA5 8910
|:00429B08(C), :00429B15(C), :00429B2E(C), :00429C6E(C), :00429C90(C)
|:00429C9E(U)
|
:00429CA7 8A45F3
mov al, byte ptr [ebp-0D]
:00429CAA 5F
pop edi
:00429CAB 5E
pop esi
:00429CAC 5B
pop ebx
:00429CAD 8BE5
mov esp, ebp
:00429CAF 5D
pop ebp
:00429CB0 C3
ret
:00429CB1
:00429CB4
:00429CB5
:00429CB6
:00429CB7
:00429CB9
:00429CBB
:00429CBD
:00429CBF
:00429CC1
:00429CC4
:00429CC7
:00429CC9
:00429CCF
:00429CD1
:00429CD2
:00429CD8
:00429CDA
:00429CDB
:00429CDD
8D4000
53
56
57
8BF2
8BD8
8BD6
8BC3
8B08
FF51F0
8B4608
8BF0
8B8320010000
F7D8
50
8B9320010000
F7DA
50
8BFE
57
lea eax, dword

push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
mov ecx, dword
call [ecx-10]
mov eax, dword
mov esi, eax
mov eax, dword
neg eax
push eax
mov edx, dword
neg edx
push eax
mov edi, esi
push edi

|
ptr [eax+00]
ptr [eax]
ptr [esi+08]
ptr [ebx+00000120]
ptr [ebx+00000120]
:00429CDE
:00429CE3
:00429CEA
:00429CEC
:00429CEE
:00429CF5
:00429CF7
E88DC5FDFF
80BB1901000000
7451
33C0
80BB1701000000
7406
03831C010000
Call 00406270
je 00429D3D
xor eax, eax
je 00429CFD
|:00429CF5(C)
|
:00429CFD 80BB1801000000
:00429D04 7406
:00429D06 03831C010000
|:00429D04(C)
|
:00429D0C 8BF7
:00429D0E F6831601000001
:00429D15 7402
:00429D17 0106
|:00429D15(C)
|
:00429D19 F6831601000002
:00429D20 7403
:00429D22 014604
|:00429D20(C)
|
:00429D25 F6831601000004
:00429D2C 7403
:00429D2E 294608
|:00429D2C(C)
|
:00429D31 F6831601000008
:00429D38 7403
:00429D3A 29460C
|:00429CEA(C), :00429D38(C)
|
:00429D3D 5F
:00429D3E 5E
:00429D3F 5B
:00429D40 C3
:00429D41
:00429D44
:00429D45
:00429D47
:00429D4A
:00429D4B
:00429D4C

push ebp
mov ebp, esp
add esp, FFFFFFC4
push ebx
push esi
push edi
8D4000
55
8BEC
83C4C4
53
56
57

je 00429D0C
mov esi, edi

test byte ptr [ebx+00000116], 01
je 00429D19

je 00429D25

je 00429D31
sub dword ptr [esi+08], eax

je 00429D3D
sub dword ptr [esi+0C], eax
pop edi
pop esi
pop ebx
ret
:00429D4D
:00429D50
:00429D53
:00429D56
:00429D5D
:00429D5F
:00429D62
:00429D69
8955F8
8945FC
8B45FC
80B81901000000
7510
8B45FC
83B82001000000
0F864B020000
|:00429D5D(C)
|
:00429D6F 8B45FC
:00429D72 E889F1FFFF
:00429D77 50
mov
mov
mov
cmp
jne
mov
cmp
jbe

byte ptr [eax+00000119], 00
00429D6F
dword ptr [eax+00000120], 00000000
00429FBA

call 00428F00
push eax

|
:00429D78 E8BBC4FDFF
Call 00406238
:00429D7D 8945F4
:00429D80 33D2
xor edx, edx
:00429D82 55
push ebp
:00429D83 68B39F4200
push 00429FB3
:00429D88 64FF32
:00429D8B 648922
:00429D8E 8D45E4
:00429D91 50
push eax
:00429D92 8B45FC
:00429D95 E866F1FFFF
call 00428F00
:00429D9A 50
push eax
|
:00429D9B E888C3FDFF
Call 00406128
:00429DA0 8D45D4
:00429DA3 50
push eax
:00429DA4 8B45FC
:00429DA7 E854F1FFFF
call 00428F00
:00429DAC 50
push eax
|
:00429DAD E89EC4FDFF
Call 00406250
:00429DB2 6A02
push 00000002
:00429DB4 8D45D4
:00429DB7 50
push eax
:00429DB8 8B45FC
:00429DBB E840F1FFFF
call 00428F00
:00429DC0 50
push eax
:00429DC1 6A00
push 00000000
|
:00429DC3 E838C5FDFF
Call 00406300
:00429DC8 8B45D8
:00429DCB F7D8
neg eax
:00429DCD 50
push eax
:00429DCE 8B45D4
:00429DD1 F7D8
neg eax
:00429DD3 50
push eax
:00429DD4 8D45E4
:00429DD7 50

push eax

|
:00429DD8 E83BC5FDFF
Call 00406318
:00429DDD 8B45F0
mov eax, dword
:00429DE0 50
push eax
:00429DE1 8B45EC
mov eax, dword
:00429DE4 50
push eax
:00429DE5 8B45E8
mov eax, dword
:00429DE8 50
push eax
:00429DE9 8B45E4
mov eax, dword
:00429DEC 50
push eax
:00429DED 8B45F4
mov eax, dword
:00429DF0 50
push eax
ptr [ebp-10]
ptr [ebp-14]
ptr [ebp-18]
ptr [ebp-1C]
ptr [ebp-0C]

|
:00429DF1 E872C0FDFF
Call 00405E68
:00429DF6 8D75D4
lea esi, dword ptr
:00429DF9 8D7DC4
lea edi, dword ptr
:00429DFC B904000000
mov ecx, 00000004
:00429E01 F3
repz
:00429E02 A5
movsd
:00429E03 8B45FC
mov eax, dword ptr
:00429E06 8B8020010000
mov eax, dword ptr
:00429E0C 50
push eax
:00429E0D 50
push eax
:00429E0E 8D45E4
lea eax, dword ptr
:00429E11 50
push eax
[ebp-2C]
[ebp-3C]
[ebp-04]
[eax+00000120]
[ebp-1C]

|
:00429E12 E859C4FDFF
Call 00406270
:00429E17 8D75E4
lea esi, dword ptr [ebp-1C]
:00429E1A 8D7DD4
:00429E1D B904000000
mov ecx, 00000004
:00429E22 F3
repz
:00429E23 A5
movsd
:00429E24 8B45FC
:00429E27 80B81901000000
:00429E2E 0F8408010000
je 00429F3C
:00429E34 33DB
xor ebx, ebx
:00429E36 8B45FC
:00429E39 80B81701000000
:00429E40 7409
je 00429E4B
:00429E42 8B45FC
:00429E45 03981C010000
add ebx, dword ptr [eax+0000011C]
|:00429E40(C)
|
:00429E4B 8B45FC
:00429E4E 80B81801000000
:00429E55 7409
:00429E57 8B45FC
:00429E5A 03981C010000

je 00429E60
add ebx, dword ptr [eax+0000011C]
|:00429E55(C)
|
:00429E60 6AF0
:00429E62 8B45FC
:00429E65 E896F0FFFF
:00429E6A 50
push FFFFFFF0
call 00428F00
push eax

|
:00429E6B E8D0C3FDFF
Call 00406240
:00429E70 8BF0
mov esi, eax
:00429E72 8B45FC
:00429E75 F6801601000001
test byte ptr [eax+00000116], 01
:00429E7C 7403
je 00429E81
:00429E7E 295DD4
sub dword ptr [ebp-2C], ebx
|:00429E7C(C)
|
:00429E81 8B45FC
:00429E84 F6801601000002
:00429E8B 7403
:00429E8D 295DD8
|:00429E8B(C)
|
:00429E90 8B45FC
:00429E93 F6801601000004
:00429E9A 7403
:00429E9C 015DDC
|:00429E9A(C)
|
:00429E9F F7C600002000
:00429EA5 740E
:00429EA7 6A14
:00429EA9 A1302B4400
:00429EAE 8B00
:00429EB0 FFD0
:00429EB2 0145DC
|:00429EA5(C)
|
:00429EB5 8B45FC
:00429EB8 F6801601000008
:00429EBF 7403
:00429EC1 015DE0
|:00429EBF(C)
|
:00429EC4 F7C600001000
:00429ECA 740E
:00429ECC 6A15
:00429ECE A1302B4400
:00429ED3 8B00
:00429ED5 FFD0

je 00429E90
sub dword ptr [ebp-28], ebx

je 00429E9F
add dword ptr [ebp-24], ebx
test esi, 00200000

je 00429EB5
push 00000014
call eax

je 00429EC4
add dword ptr [ebp-20], ebx
test esi, 00100000

je 00429EDA
push 00000015
call eax
:00429ED7 0145E0
|:00429ECA(C)
|
:00429EDA 8B45FC
:00429EDD 0FB68016010000
:00429EE4 8B55FC
:00429EE7 0FB69219010000
:00429EEE 0B0495F0264400
:00429EF5 8B55FC
:00429EF8 0FB6922C010000
:00429EFF 0B049500274400
:00429F06 0D00200000
:00429F0B 50
:00429F0C 8B45FC
:00429F0F 0FB68017010000
:00429F16 8B0485D0264400
:00429F1D 8B55FC
:00429F20 0FB69218010000
:00429F27 0B0495E0264400
:00429F2E 50
:00429F2F 8D45D4
:00429F32 50
:00429F33 8B45F4
:00429F36 50

movzx edx, byte ptr [edx+00000119]
movzx edx, byte ptr [edx+0000012C]
or eax, dword ptr [4*edx+00442700]
or eax, 00002000
push eax
or eax, dword ptr [4*edx+004426E0]
push eax
push eax
push eax

|
:00429F37 E85CC1FDFF
Call 00406098
|:00429E2E(C)
|
:00429F3C 8B45E0
:00429F3F 50
push eax
:00429F40 8B45DC
:00429F43 50
push eax
:00429F44 8B45D8
:00429F47 50
push eax
:00429F48 8B45D4
:00429F4B 50
push eax
:00429F4C 8B45F4
:00429F4F 50
push eax
|
:00429F50 E8BBBFFDFF
Call 00405F10
:00429F55 8D75C4
lea esi, dword ptr
:00429F58 8D7DD4
lea edi, dword ptr
:00429F5B B904000000
mov ecx, 00000004
:00429F60 F3
repz
:00429F61 A5
movsd
:00429F62 8B45D8
mov eax, dword ptr
:00429F65 F7D8
neg eax
:00429F67 50
push eax
:00429F68 8B45D4
mov eax, dword ptr
:00429F6B F7D8
neg eax
:00429F6D 50
push eax
:00429F6E 8D45D4
lea eax, dword ptr
[ebp-3C]
[ebp-2C]
[ebp-28]
[ebp-2C]
[ebp-2C]
:00429F71 50
push eax

|
:00429F72 E8A1C3FDFF
Call 00406318
:00429F77 8B45FC
mov eax, dword
:00429F7A 8B8024010000
mov eax, dword
:00429F80 E83BA8FEFF
call 004147C0
:00429F85 50
push eax
:00429F86 8D45D4
lea eax, dword
:00429F89 50
push eax
:00429F8A 8B45F4
mov eax, dword
:00429F8D 50
push eax
ptr [ebp-04]
ptr [eax+00000124]
ptr [ebp-2C]
ptr [ebp-0C]

|
:00429F8E E865C1FDFF
Call 004060F8
:00429F93 33C0
xor eax, eax
:00429F95 5A
pop edx
:00429F96 59
pop ecx
:00429F97 59
pop ecx
:00429F98 648910
:00429F9B 68BA9F4200
push 00429FBA
|:00429FB8(U)
|
:00429FA0 8B45F4
:00429FA3 50
:00429FA4 8B45FC
:00429FA7 E854EFFFFF
:00429FAC 50

push eax
call 00428F00
push eax

|
:00429FAD E8AEC3FDFF
Call 00406360
:00429FB2 C3
ret
:00429FB3 E9C092FDFF
:00429FB8 EBE6
jmp 00403278
jmp 00429FA0

|:00429D69(C)
|
:00429FBA 8B55F8
:00429FBD 8B45FC
:00429FC0 8B08
:00429FC2 FF51F0
call [ecx-10]
:00429FC5 5F
pop edi
:00429FC6 5E
pop esi
:00429FC7 5B
pop ebx
:00429FC8 8BE5
mov esp, ebp
:00429FCA 5D
pop ebp
:00429FCB C3
ret

|:0041D306 , :004404AF
|
:00429FCC
:00429FCD
:00429FCF
:00429FD0
:00429FD1
:00429FD2
:00429FD4
:00429FD6
:00429FD9
55
8BEC
51
53
56
84D2
7408
83C4F0
E8268FFDFF
|:00429FD4(C)
|
:00429FDE 8855FF
:00429FE1 8BD8
:00429FE3 33D2
:00429FE5 8BC3
:00429FE7 E84C84FFFF
:00429FEC B201
:00429FEE A130EB4100
:00429FF3 E8E4A8FEFF
:00429FF8 8BF0
:00429FFA 89B314010000
:0042A000 8BD3
:0042A002 8BC6
:0042A004 E8BB7FFFFF
:0042A009 8BC3
:0042A00B 807DFF00
:0042A00F 740F
:0042A011 E8468FFDFF
:0042A016 648F0500000000
:0042A01D 83C40C
push ebp
mov ebp, esp
push ecx
push ebx
push esi
test dl, dl
je 00429FDE
add esp, FFFFFFF0
call 00402F04
mov ebx, eax
xor edx, edx
mov eax, ebx
call 00422438
mov dl, 01
mov eax, dword ptr [0041EB30]
call 004148DC
mov esi, eax
mov edx, ebx
mov eax, esi
call 00421FC4
mov eax, ebx
je 0042A020
call 00402F5C
add esp, 0000000C

|:0042A00F(C)
|
:0042A020 8BC3
mov eax, ebx
:0042A022 5E
pop esi
:0042A023 5B
pop ebx
:0042A024 59
pop ecx
:0042A025 5D
pop ebp
:0042A026 C3
ret
:0042A027 90
nop

|:00440545
|
:0042A028 53
push ebx
:0042A029 56
push esi
:0042A02A E8358FFDFF
call 00402F64
:0042A02F 8BDA
mov ebx, edx
:0042A031 8BF0
mov esi, eax
:0042A033 8B8614010000
:0042A039 E8E28BFDFF
call 00402C20
:0042A03E 8BD3
mov edx, ebx
:0042A040 80E2FC
and dl, FC
:0042A043 8BC6
mov eax, esi
:0042A045
:0042A04A
:0042A04C
:0042A04E
:0042A050
E8BE84FFFF
84DB
7E07
8BC6
E8FF8EFDFF
call 00422508
test bl, bl
jle 0042A055
mov eax, esi
call 00402F54

|:0042A04C(C)
|
:0042A055 5E
pop esi
:0042A056 5B
pop ebx
:0042A057 C3
ret
:0042A058
:0042A059
:0042A05B
:0042A05C
:0042A05D
:0042A05F
:0042A062
:0042A066
:0042A06C
:0042A06F
:0042A075
:0042A07A
:0042A07C
:0042A07D
:0042A082
:0042A085
:0042A088
:0042A08B
:0042A08E
:0042A094
:0042A099
:0042A09B
:0042A09C
:0042A0A1
:0042A0A4
:0042A0A7
:0042A0AA
:0042A0AC
:0042A0B2
:0042A0B4
:0042A0B5
:0042A0B6
:0042A0B7
:0042A0BA
55
8BEC
51
53
8BDA
8945FC
837B0400
0F848E000000
8B45FC
8B8014010000
E82AABFEFF
33C0
55
68F3A04200
64FF30
648920
8B5304
8B45FC
8B8014010000
E847AEFEFF
33C0
55
68D0A04200
64FF30
648920
8B45FC
8B10
FF9288000000
33C0
5A
59
59
648910
68D7A04200
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, edx
je 0042A0FA
call 00414BA4
xor eax, eax
push ebp
push 0042A0F3
call 00414EE0
xor eax, eax
push ebp
push 0042A0D0
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042A0D7
|:0042A0D5(U)
|
:0042A0BF 8B45FC
:0042A0C2 8B8014010000
:0042A0C8 33D2
:0042A0CA E811AEFEFF
:0042A0CF C3
:0042A0D0 E9A391FDFF
jmp 00403278

xor edx, edx
call 00414EE0
ret
:0042A0D5
:0042A0D7
:0042A0D9
:0042A0DA
:0042A0DB
:0042A0DC
EBE8
33C0
5A
59
59
648910
jmp
xor
pop
pop
pop
mov
0042A0BF
eax, eax
edx
ecx
ecx

|
:0042A0DF 68FAA04200
push 0042A0FA
|:0042A0F8(U)
|
:0042A0E4 8B45FC
:0042A0E7 8B8014010000
:0042A0ED E866ACFEFF
:0042A0F2 C3
:0042A0F3 E98091FDFF
:0042A0F8 EBEA
jmp 00403278
jmp 0042A0E4

call 00414D58
ret

|:0042A066(C)
|
:0042A0FA 5B
pop ebx
:0042A0FB 59
pop ecx
:0042A0FC 5D
pop ebp
:0042A0FD C3
ret
:0042A0FE 8BC0
:0042A100 C3
mov eax, eax

ret
:0042A101
:0042A104
:0042A105
:0042A107
:0042A10D
:0042A10E
:0042A10F
:0042A111
:0042A113
:0042A116

push ebp
mov ebp, esp
add esp, FFFFFEAC
push ebx
push esi
test dl, dl
je 0042A11B
add esp, FFFFFFF0
call 00402F04
8D4000
55
8BEC
81C4ACFEFFFF
53
56
84D2
7408
83C4F0
E8E98DFDFF
|:0042A111(C)
|
:0042A11B 8BDA
:0042A11D 8BF0
:0042A11F 33D2
:0042A121 8BC6
:0042A123 E898070000
:0042A128 BAFFFF8000
:0042A12D 8BC6
:0042A12F E8FC91FFFF
:0042A134 C785ACFEFFFF54010000
:0042A13E 6A00

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 0042A8C0
mov edx, 0080FFFF
mov eax, esi
call 00423330
mov dword ptr [ebp+FFFFFEAC], 00000154
push 00000000
:0042A140
:0042A146
:0042A147
:0042A149
8D85ACFEFFFF
50
6A00
6A29
lea eax, dword ptr [ebp+FFFFFEAC]

push eax
push 00000000
push 00000029

|
:0042A14B E8F8C2FDFF
Call 00406448
:0042A150 85C0
test eax, eax
:0042A152 741B
je 0042A16F
:0042A154 8D4588
:0042A157 50
push eax
|
:0042A158 E8B3BCFDFF
Call 00405E10
:0042A15D 8BD0
mov edx, eax
:0042A15F 8B86EC010000
mov eax, dword ptr [esi+000001EC]
:0042A165 8B400C
:0042A168 E80BA0FEFF
call 00414178
:0042A16D EB13
jmp 0042A182
|:0042A152(C)
|
:0042A16F 8B86EC010000
:0042A175 8B400C
:0042A178 BA08000000
:0042A17D E8DAA0FEFF
|:0042A16D(U)
|
:0042A182 8B86EC010000
:0042A188 8B4014
:0042A18B B201
:0042A18D E816A7FEFF
:0042A192 8BC6
:0042A194 84DB
:0042A196 740F
:0042A198 E8BF8DFDFF
:0042A19D 648F0500000000
:0042A1A4 83C40C

mov edx, 00000008
call 0041425C

mov dl, 01
call 004148A8
mov eax, esi
test bl, bl
je 0042A1A7
call 00402F5C
add esp, 0000000C

|:0042A196(C)
|
:0042A1A7 8BC6
mov eax, esi
:0042A1A9 5E
pop esi
:0042A1AA 5B
pop ebx
:0042A1AB 8BE5
mov esp, ebp
:0042A1AD 5D
pop ebp
:0042A1AE C3
ret
:0042A1AF
:0042A1B0
:0042A1B1
:0042A1B2
:0042A1B4
90
53
56
8BDA
8BF0
nop
push ebx
push esi
mov ebx, edx
mov esi, eax
:0042A1B6
:0042A1B8
:0042A1BA
:0042A1BF
:0042A1C6
:0042A1CD
:0042A1D4
:0042A1D6
8BD3
8BC6
E829C0FFFF
C7430400008080
814B2400080000
803D2437440000
7407
C7430880000000
mov edx, ebx

mov eax, esi
call 004261E8
mov [ebx+04], 80800000
cmp byte ptr [00443724], 00
je 0042A1DD
mov [ebx+08], 00000080
|:0042A1D4(C)
|
:0042A1DD 8D5308
:0042A1E0 8BC6
:0042A1E2 E899BFFFFF
:0042A1E7 5E
:0042A1E8 5B
:0042A1E9 C3
:0042A1EA 8BC0
:0042A1EC C7420CFFFFFFFF
:0042A1F3 C3
mov eax, eax

mov [edx+0C], FFFFFFFF
ret
:0042A1F4
:0042A1F5
:0042A1F7
:0042A1FA
:0042A1FD
:0042A200
:0042A205
push ebp
mov ebp, esp
add esp, FFFFFFE8
call 00428F00
push eax
55
8BEC
83C4E8
8945FC
8B45FC
E8FBECFFFF
50

mov eax, esi
call 00426180
pop esi
pop ebx
ret

|
:0042A206 E82DC0FDFF
Call 00406238
:0042A20B 8945F8
:0042A20E 33C0
xor eax, eax
:0042A210 55
push ebp
:0042A211 6867A24200
push 0042A267
:0042A216 64FF30
:0042A219 648920
:0042A21C 8B45FC
:0042A21F 8B403C
:0042A222 50
push eax
:0042A223 8D45E8
:0042A226 50
push eax
:0042A227 8B45FC
:0042A22A 8B4838
:0042A22D 33D2
xor edx, edx
:0042A22F 33C0
xor eax, eax
:0042A231 E8621FFEFF
call 0040C198
:0042A236 6A0F
push 0000000F
:0042A238 6A01
push 00000001
:0042A23A 8D45E8
:0042A23D 50
push eax
:0042A23E 8B45F8
:0042A241 50
push eax
:0042A242
:0042A247
:0042A249
:0042A24A
:0042A24B
:0042A24C
:0042A24F
E851BEFDFF
33C0
5A
59
59
648910
686EA24200
|:0042A26C(U)
|
:0042A254 8B45F8
:0042A257 50
:0042A258 8B45FC
:0042A25B E8A0ECFFFF
:0042A260 50
|
Call 00406098
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042A26E
push eax
call 00428F00
push eax

|
:0042A261 E8FAC0FDFF
Call 00406360
:0042A266 C3
ret
:0042A267
:0042A26C
:0042A26E
:0042A270
:0042A271
E90C90FDFF
EBE6
8BE5
5D
C3
jmp
jmp
mov
pop
ret
00403278
0042A254
esp, ebp
ebp
:0042A272
:0042A274
:0042A275
:0042A277
:0042A27A
:0042A27B
:0042A27D
:0042A280
:0042A282
:0042A284
:0042A285
:0042A28A
:0042A28D
:0042A290
:0042A293
:0042A295
:0042A297
:0042A29A
:0042A29E
:0042A2A2
:0042A2A8
:0042A2AB
:0042A2B0
:0042A2B5
:0042A2B7
:0042A2BC
:0042A2C1
:0042A2C2
:0042A2C5
8BC0
55
8BEC
83C4EC
53
33D2
8955EC
8BD8
33C0
55
6802A34200
64FF30
648920
8D55F0
8BC3
8B08
FF5144
8345F002
8345F402
8B83EC010000
8B400C
BA17000080
E8139DFEFF
8BC3
E8D8AEFFFF
0D10080000
50
8D45F0
50
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFEC
push ebx
xor edx, edx
mov ebx, eax
xor eax, eax
push ebp
push 0042A302
mov eax, ebx
call [ecx+44]
add dword ptr [ebp-10], 00000002
mov eax, dword ptr [ebx+000001EC]
mov edx, 80000017
call 00413FC8
mov eax, ebx
call 00425194
or eax, 00000810
push eax
push eax
:0042A2C6
:0042A2C8
:0042A2CB
:0042A2CD
:0042A2D2
:0042A2D5
:0042A2DA
:0042A2DB
:0042A2E1
:0042A2E6
6AFF
8D55EC
8BC3
E8D28EFFFF
8B45EC
E81E99FDFF
50
8B83EC010000
E87AABFEFF
50
push FFFFFFFF
mov eax, ebx
call 004231A4
call 00403BF8
push eax
call 00414E60
push eax

|
:0042A2E7 E8CCBDFDFF
Call 004060B8
:0042A2EC 33C0
xor eax, eax
:0042A2EE 5A
pop edx
:0042A2EF 59
pop ecx
:0042A2F0 59
pop ecx
:0042A2F1 648910
:0042A2F4 6809A34200
push 0042A309
|:0042A307(U)
|
:0042A2F9 8D45EC
:0042A2FC E8B794FDFF
:0042A301 C3
:0042A302
:0042A307
:0042A309
:0042A30A
:0042A30C
:0042A30D
E9718FFDFF
EBF0
5B
8BE5
5D
C3
jmp
jmp
pop
mov
pop
ret
:0042A30E
:0042A310
:0042A311
:0042A314
:0042A319
:0042A31B
:0042A320
8BC0
56
8B4204
3D00010000
7207
3D08010000
764E
mov eax, eax

push esi
cmp eax, 00000100
jb 0042A322
cmp eax, 00000108
jbe 0042A370
|:0042A319(C)
|
:0042A322 8B4A04
:0042A325 81F900B00000
:0042A32B 7443
:0042A32D 81F901B00000
:0042A333 743B
:0042A335 817A0416B00000
:0042A33C 7432
:0042A33E 817A0417B00000
:0042A345 7429
:0042A347 817A0411010000
:0042A34E 7420
:0042A350 8B7204

call 004037B8
ret
00403278
0042A2F9
ebx
esp, ebp
ebp

cmp ecx, 0000B000
je 0042A370
cmp ecx, 0000B001
je 0042A370
cmp dword ptr [edx+04], 0000B016
je 0042A370
cmp dword ptr [edx+04], 0000B017
je 0042A370
je 0042A370
:0042A353
:0042A359
:0042A35B
:0042A361
81FE00020000
7608
81FE0A020000
760D
|:0042A359(C)
|
:0042A363 817A04A0000000
:0042A36A 7404
:0042A36C 33C0
:0042A36E 5E
:0042A36F C3
cmp
jbe
cmp
jbe
esi, 00000200
0042A363
esi, 0000020A
0042A370

cmp dword ptr [edx+04], 000000A0
je 0042A370
xor eax, eax
pop esi
ret

|:0042A320(C), :0042A32B(C), :0042A333(C), :0042A33C(C), :0042A345(C)
|:0042A34E(C), :0042A361(C), :0042A36A(C)
|
:0042A370 B001
mov al, 01
:0042A372 5E
pop esi
:0042A373 C3
ret

|:0043CF24
|
:0042A374 E8BBC2FFFF
call 00426634
:0042A379 C3
ret
:0042A37A
:0042A37C
:0042A37D
:0042A37F
:0042A381
:0042A382
:0042A384
:0042A386
:0042A387
:0042A38C
:0042A38F
:0042A392
:0042A394
:0042A396
:0042A399
:0042A3A0
:0042A3A2
:0042A3A5
:0042A3A7
:0042A3AC
:0042A3AF
:0042A3B5
:0042A3BA
:0042A3BC
:0042A3BF
:0042A3C1
:0042A3C6
8BC0
55
8BEC
6A00
56
8BF0
33C0
55
6800A44200
64FF30
648920
8BC6
8B08
FF51F0
80BEF001000000
7548
8D55FC
8BC6
E8F88DFFFF
8B55FC
8B86EC010000
E806A9FEFF
8BD0
83C206
8BC6
E8E685FFFF
8D55FC
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push esi
mov esi, eax
xor eax, eax
push ebp
push 0042A400
mov eax, esi
call [ecx-10]
cmp byte ptr [esi+000001F0], 00
jne 0042A3EA
mov eax, esi
call 004231A4
call 00414CC0
mov edx, eax
add edx, 00000006
mov eax, esi
call 004229AC
:0042A3C9
:0042A3CB
:0042A3D0
:0042A3D3
:0042A3D9
:0042A3DE
:0042A3E0
:0042A3E3
:0042A3E5
8BC6
E8D48DFFFF
8B55FC
8B86EC010000
E8FEA8FEFF
8BD0
83C204
8BC6
E8E685FFFF
mov eax, esi

call 004231A4
call 00414CDC
mov edx, eax
add edx, 00000004
mov eax, esi
call 004229D0

|:0042A3A0(C)
|
:0042A3EA 33C0
xor eax, eax
:0042A3EC 5A
pop edx
:0042A3ED 59
pop ecx
:0042A3EE 59
pop ecx
:0042A3EF 648910
|
:0042A3F2 6807A44200
push 0042A407
|:0042A405(U)
|
:0042A3F7 8D45FC
:0042A3FA E8B993FDFF
:0042A3FF C3
:0042A400
:0042A405
:0042A407
:0042A408
:0042A409
:0042A40A
E9738EFDFF
EBF0
5E
59
5D
C3
jmp
jmp
pop
pop
pop
ret
:0042A40B
:0042A40C
:0042A40D
:0042A40F
:0042A412
:0042A413
:0042A414
:0042A415
:0042A417
:0042A41A
:0042A41B
:0042A420
:0042A421
:0042A422
:0042A423
:0042A426
:0042A42C
:0042A42F
:0042A436
:0042A438
:0042A439
90
55
8BEC
83C4EC
53
56
57
8BF2
8D7DEC
51
B904000000
F3
A5
59
8945FC
8B1D382D4400
8B45FC
C680F001000001
33C0
55
6819A54200
nop
push ebp
mov ebp, esp
add esp, FFFFFFEC
push ebx
push esi
push edi
mov esi, edx
push ecx
mov ecx, 00000004
repz
movsd
pop ecx
mov ebx, dword ptr [00442D38]
xor eax, eax
push ebp
push 0042A519

call 004037B8
ret
00403278
0042A3F7
esi
ecx
ebp
:0042A43E
:0042A441
:0042A444
:0042A446
:0042A449
:0042A44E
:0042A452
:0042A455
:0042A458
:0042A45D
:0042A45F
:0042A464
:0042A467
:0042A46A
:0042A46D
:0042A46F
:0042A471
:0042A473
:0042A478
:0042A47B
:0042A47E
64FF30
648920
8BD1
8B45FC
E8868DFFFF
8345F804
8D55EC
8B45FC
E8DB9DFFFF
8B03
E880290100
8B55FC
8B523C
0355F0
3BC2
7D10
8B03
E86C290100
8B55FC
2B423C
8945F0

mov edx, ecx
call 004231D4
call 00424238
call 0043CDE4
add edx, dword ptr [ebp-10]
cmp eax, edx
jge 0042A481
call 0043CDE4
sub eax, dword ptr [edx+3C]
|:0042A46F(C)
|
:0042A481 8B03
:0042A483 E868290100
:0042A488 8B55FC
:0042A48B 8B5238
:0042A48E 0355EC
:0042A491 3BC2
:0042A493 7D10
:0042A495 8B03
:0042A497 E854290100
:0042A49C 8B55FC
:0042A49F 2B4238
:0042A4A2 8945EC
|:0042A493(C)
|
:0042A4A5 8B03
:0042A4A7 E82C290100
:0042A4AC 3B45EC
:0042A4AF 7E0A
:0042A4B1 8B03
:0042A4B3 E820290100
:0042A4B8 8945EC
|:0042A4AF(C)
|
:0042A4BB 8B03
:0042A4BD E80A290100
:0042A4C2 3B45F8
:0042A4C5 7E0A
:0042A4C7 8B03
:0042A4C9 E8FE280100
:0042A4CE 8945F8

call 0043CDF0
cmp eax, edx
jge 0042A4A5
call 0043CDF0

call 0043CDD8
jle 0042A4BB
call 0043CDD8

call 0043CDCC
jle 0042A4D1
call 0043CDCC
|:0042A4C5(C)
|
:0042A4D1 6A50
:0042A4D3 8B45FC
:0042A4D6 8B403C
:0042A4D9 50
:0042A4DA 8B45FC
:0042A4DD 8B4038
:0042A4E0 50
:0042A4E1 8B45F0
:0042A4E4 50
:0042A4E5 8B45EC
:0042A4E8 50
:0042A4E9 6AFF
:0042A4EB 8B45FC
:0042A4EE E80DEAFFFF
:0042A4F3 50

push 00000050
mov eax, dword
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
mov eax, dword
push eax
mov eax, dword
push eax
push FFFFFFFF
mov eax, dword
call 00428F00
push eax
ptr [ebp-04]
ptr [eax+3C]
ptr [ebp-04]
ptr [eax+38]
ptr [ebp-10]
ptr [ebp-14]
ptr [ebp-04]

|
:0042A4F4 E80FBFFDFF
Call 00406408
:0042A4F9 8B45FC
:0042A4FC 8B10
:0042A4FE FF5278
call [edx+78]
:0042A501 33C0
xor eax, eax
:0042A503 5A
pop edx
:0042A504 59
pop ecx
:0042A505 59
pop ecx
:0042A506 648910
|
:0042A509 6820A54200
push 0042A520
|:0042A51E(U)
|
:0042A50E 8B45FC
:0042A511 C680F001000000
:0042A518 C3
:0042A519
:0042A51E
:0042A520
:0042A521
:0042A522
:0042A523
:0042A525
:0042A526
E95A8DFDFF
EBEE
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:0042A527
:0042A528
:0042A529
:0042A52B
:0042A52E
:0042A52F
:0042A530
90
55
8BEC
83C4F0
53
56
57
nop
push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi

ret
00403278
0042A50E
edi
esi
ebx
esp, ebp
ebp
:0042A531
:0042A533
:0042A536
:0042A537
:0042A53C
:0042A53D
:0042A53E
:0042A53F
:0042A542
:0042A544
:0042A54A
:0042A54B
:0042A54C
:0042A54D
:0042A54F
:0042A550
8BF2
8D7DF0
51
B904000000
F3
A5
59
8D55F0
8B18
FF93BC000000
5F
5E
5B
8BE5
5D
C20400
mov esi, edx

push ecx
mov ecx, 00000004
repz
movsd
pop ecx
call dword ptr [ebx+000000BC]
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret 0004
:0042A553
:0042A554
:0042A555
:0042A557
:0042A558
:0042A559
:0042A55A
:0042A55B
:0042A55E
:0042A560
:0042A562
:0042A565
:0042A567
:0042A568
:0042A56A
:0042A56C
:0042A56E
:0042A573
:0042A575
:0042A57A
:0042A57F
:0042A580
:0042A581
:0042A583
:0042A586
:0042A58B
:0042A58C
:0042A592
:0042A597
90
55
8BEC
51
53
56
57
894DFC
8BFA
8BF0
8B5D08
6A00
53
8BCF
33D2
33C0
E8251CFEFF
8BC6
E81AACFFFF
0D100C0000
50
53
6AFF
8B45FC
E86D96FDFF
50
8B86EC010000
E8C9A8FEFF
50
nop
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
push 00000000
push ebx
mov ecx, edi
xor edx, edx
xor eax, eax
call 0040C198
mov eax, esi
call 00425194
or eax, 00000C10
push eax
push ebx
push FFFFFFFF
call 00403BF8
push eax
call 00414E60
push eax

|
:0042A598 E81BBBFDFF
Call 004060B8
:0042A59D 83430806
add dword ptr [ebx+08], 00000006
:0042A5A1 83430C02
add dword ptr [ebx+0C], 00000002
:0042A5A5 5F
pop edi
:0042A5A6 5E
pop esi
:0042A5A7 5B
pop ebx
:0042A5A8 59
pop ecx
:0042A5A9 5D
pop ebp
:0042A5AA C20800
ret 0008
:0042A5AD 8D4000

|:0042A7B6 , :0042A823
|
:0042A5B0 55
push ebp
:0042A5B1 8BEC
mov ebp, esp
:0042A5B3 83C4E8
add esp, FFFFFFE8
:0042A5B6 53
push ebx
:0042A5B7 56
push esi
:0042A5B8 8BD8
mov ebx, eax
:0042A5BA 8B7508
:0042A5BD 8955F8
:0042A5C0 894DFC
:0042A5C3 8D45F8
:0042A5C6 50
push eax
:0042A5C7 53
push ebx
|
:0042A5C8 E85BBAFDFF
Call 00406028
:0042A5CD 8D45E8
:0042A5D0 50
push eax
:0042A5D1 53
push ebx
|
:0042A5D2 E879BCFDFF
Call 00406250
:0042A5D7 8B45F8
:0042A5DA 2B45E8
:0042A5DD 8906
:0042A5DF 8B45FC
:0042A5E2 2B45EC
:0042A5E5 894604
:0042A5E8 5E
pop esi
:0042A5E9 5B
pop ebx
:0042A5EA 8BE5
mov esp, ebp
:0042A5EC 5D
pop ebp
:0042A5ED C20400
ret 0004

|:0042A714 , :0042A750
|
:0042A5F0 55
push ebp
:0042A5F1 8BEC
mov ebp, esp
:0042A5F3 83C4F4
add esp, FFFFFFF4
:0042A5F6 53
push ebx
:0042A5F7 8BD8
mov ebx, eax
:0042A5F9 66837B5CFF
cmp word ptr [ebx+5C], FFFF
:0042A5FE 0F84B3000000
je 0042A6B7
:0042A604 6A01
push 00000001
:0042A606 6A01
push 00000001
:0042A608 6A01
push 00000001
:0042A60A 6A0E
push 0000000E
:0042A60C A1302B4400
:0042A611 8B00
:0042A613 FFD0
call eax
:0042A615
:0042A616
:0042A618
:0042A61D
:0042A61F
:0042A621
50
6A0D
A1302B4400
8B00
FFD0
50
push eax
push 0000000D
call eax
push eax

|
:0042A622 E8E105FFFF
Call 0041AC08
:0042A627 8945FC
:0042A62A 33C0
xor eax, eax
:0042A62C 55
push ebp
:0042A62D 68B0A64200
push 0042A6B0
:0042A632 64FF30
:0042A635 648920
:0042A638 0FBF535C
movsx edx, word ptr [ebx+5C]
:0042A63C A1382D4400
:0042A641 8B00
:0042A643 E8E42B0100
call 0043D22C
:0042A648 8BD0
mov edx, eax
:0042A64A 8B45FC
:0042A64D E8EE05FFFF
call 0041AC40
:0042A652 0FBF535C
movsx edx, word ptr [ebx+5C]
:0042A656 A1382D4400
:0042A65B 8B00
:0042A65D E8CA2B0100
call 0043D22C
:0042A662 8BD0
mov edx, eax
:0042A664 8B45FC
:0042A667 E8D405FFFF
call 0041AC40
:0042A66C 6A00
push 00000000
:0042A66E 6A00
push 00000000
:0042A670 6A00
push 00000000
:0042A672 8B45FC
:0042A675 50
push eax
|
:0042A676 E81106FFFF
Call 0041AC8C
:0042A67B 8D45F4
:0042A67E 50
push eax
:0042A67F 6A00
push 00000000
* Reference To: comctl32.ImageList_GetDragImage,
|
:0042A681 E81606FFFF
Call 0041AC9C
:0042A686 8B45F8
mov eax, dword
:0042A689 50
push eax
:0042A68A 8B45F4
mov eax, dword
:0042A68D 50
push eax
:0042A68E 6A01
push 00000001
:0042A690 8B45FC
mov eax, dword
:0042A693 50
push eax
Ord:0000h
ptr [ebp-08]
ptr [ebp-0C]
ptr [ebp-04]

|
:0042A694 E8F305FFFF
Call 0041AC8C
:0042A699 33C0
xor eax, eax
:0042A69B 5A
pop edx
:0042A69C 59
pop ecx
:0042A69D 59
:0042A69E 648910
:0042A6A1 68B7A64200
pop ecx
push 0042A6B7

|:0042A6B5(U)
|
:0042A6A6 8B45FC
:0042A6A9 50
push eax
|
:0042A6AA E86105FFFF
Call 0041AC10
:0042A6AF C3
ret
:0042A6B0 E9C38BFDFF
:0042A6B5 EBEF
jmp 00403278
jmp 0042A6A6

|:0042A5FE(C)
|
:0042A6B7 5B
pop ebx
:0042A6B8 8BE5
mov esp, ebp
:0042A6BA 5D
pop ebp
:0042A6BB C3
ret

|:0042A749
|
:0042A6BC 55
push ebp
:0042A6BD 8BEC
mov ebp, esp
:0042A6BF 53
push ebx
:0042A6C0 56
push esi
:0042A6C1 57
push edi
:0042A6C2 8BF9
mov edi, ecx
:0042A6C4 8BF2
mov esi, edx
:0042A6C6 8BD8
mov ebx, eax
:0042A6C8 8BC3
mov eax, ebx
:0042A6CA E841400000
call 0042E710
:0042A6CF 84C0
test al, al
:0042A6D1 7426
je 0042A6F9
:0042A6D3 89736C
:0042A6D6 897B64
:0042A6D9 8B4508
:0042A6DC 894368
:0042A6DF 8B4508
:0042A6E2 50
push eax
:0042A6E3 57
push edi
:0042A6E4 56
push esi
:0042A6E5 8BC3
mov eax, ebx
:0042A6E7 E860410000
call 0042E84C
:0042A6EC 50
push eax
* Reference To: comctl32.ImageList_BeginDrag, Ord:0000h
|
:0042A6ED E87205FFFF
Call 0041AC64
:0042A6F2 B001
mov al, 01
:0042A6F4 88435E
:0042A6F7 EB02
mov byte ptr [ebx+5E], al

jmp 0042A6FB

|:0042A6D1(C)
|
:0042A6F9 33C0
xor eax, eax
|:0042A6F7(U)
|
:0042A6FB 5F
pop edi
:0042A6FC 5E
pop esi
:0042A6FD 5B
pop ebx
:0042A6FE 5D
pop ebp
:0042A6FF C20400
ret 0004
:0042A702 8BC0
mov eax, eax

|:004214E1 , :0042A8A8
|
:0042A704 663B505C
cmp dx, word ptr [eax+5C]
:0042A708 740F
je 0042A719
:0042A70A 6689505C
:0042A70E 80785E00
:0042A712 7405
je 0042A719
:0042A714 E8D7FEFFFF
call 0042A5F0
|:0042A708(C), :0042A712(C)
|
:0042A719 C3
ret
:0042A71A 8BC0
mov eax, eax
|:004213E2 , :00421503 , :00421771
|
:0042A71C 55
push ebp
:0042A71D 8BEC
mov ebp, esp
:0042A71F 51
push ecx
:0042A720 53
push ebx
:0042A721 56
push esi
:0042A722 57
push edi
:0042A723 894DFC
:0042A726 8BFA
mov edi, edx
:0042A728 8BF0
mov esi, eax
:0042A72A 33DB
xor ebx, ebx
:0042A72C 8BC6
mov eax, esi
:0042A72E E8DD3F0000
call 0042E710
:0042A733 84C0
test al, al
:0042A735 743B
je 0042A772
:0042A737 807E5E00
:0042A73B 7511
jne 0042A74E
:0042A73D 8B4668
:0042A740 50
push eax
:0042A741 8B4E64
:0042A744 8B566C
:0042A747 8BC6
mov eax, esi
:0042A749 E86EFFFFFF
call 0042A6BC
|:0042A73B(C)
|
:0042A74E 8BC6
:0042A750 E89BFEFFFF
:0042A755 8B4508
:0042A758 50
:0042A759 8B4DFC
:0042A75C 8BD7
:0042A75E 8BC6
:0042A760 E817000000
:0042A765 8BD8
:0042A767 84DB
:0042A769 7407
:0042A76B 6A00

mov eax, esi
call 0042A5F0
push eax
mov edx, edi
mov eax, esi
call 0042A77C
mov ebx, eax
test bl, bl
je 0042A772
push 00000000

|
:0042A76D E8B6BCFDFF
Call 00406428
|:0042A735(C), :0042A769(C)
|
:0042A772 8BC3
:0042A774 5F
:0042A775 5E
:0042A776 5B
:0042A777 59
:0042A778 5D
:0042A779 C20400

mov
pop
pop
pop
pop
pop
ret
eax, ebx
edi
esi
ebx
ecx
ebp
0004

|:0042A760
|
:0042A77C 55
push ebp
:0042A77D 8BEC
mov ebp, esp
:0042A77F 83C4F4
add esp, FFFFFFF4
:0042A782 53
push ebx
:0042A783 56
push esi
:0042A784 57
push edi
:0042A785 894DFC
:0042A788 8BF2
mov esi, edx
:0042A78A 8BF8
mov edi, eax
:0042A78C 33DB
xor ebx, ebx
:0042A78E 8BC7
mov eax, edi
:0042A790 E87B3F0000
call 0042E710
:0042A795 84C0
test al, al
:0042A797 7439
je 0042A7D2
:0042A799 3B7760
:0042A79C 7434
je 0042A7D2
:0042A79E 8BC7
mov eax, edi
:0042A7A0 E83B000000
call 0042A7E0
:0042A7A5 8BDE
mov ebx, esi
:0042A7A7 895F60
:0042A7AA 8D45F4
:0042A7AD 50
push eax
:0042A7AE
:0042A7B1
:0042A7B4
:0042A7B6
:0042A7BB
:0042A7BE
:0042A7BF
:0042A7C2
:0042A7C3
:0042A7C6
8B4D08
8B55FC
8BC3
E8F5FDFFFF
8B45F8
50
8B45F4
50
8B4760
50
mov ecx, dword

mov edx, dword
mov eax, ebx
call 0042A5B0
mov eax, dword
push eax
mov eax, dword
push eax
mov eax, dword
push eax
ptr [ebp+08]
ptr [ebp-04]
ptr [ebp-08]
ptr [ebp-0C]
ptr [edi+60]
* Reference To: comctl32.ImageList_DragEnter, Ord:0000h

|
:0042A7C7 E8A804FFFF
Call 0041AC74
:0042A7CC F7D8
neg eax
:0042A7CE 1BDB
sbb ebx, ebx
:0042A7D0 F7DB
neg ebx
|:0042A797(C), :0042A79C(C)
|
:0042A7D2 8BC3
:0042A7D4 5F
:0042A7D5 5E
:0042A7D6 5B
:0042A7D7 8BE5
:0042A7D9 5D
:0042A7DA C20400
:0042A7DD 8D4000
mov
pop
pop
pop
mov
pop
ret
eax, ebx
edi
esi
ebx
esp, ebp
ebp
0004

|:0042A7A0 , :0042A88F
|
:0042A7E0 53
push ebx
:0042A7E1 8BD8
mov ebx, eax
:0042A7E3 8BC3
mov eax, ebx
:0042A7E5 E8263F0000
call 0042E710
:0042A7EA 84C0
test al, al
:0042A7EC 7414
je 0042A802
:0042A7EE 837B6000
:0042A7F2 740E
je 0042A802
:0042A7F4 8B4360
:0042A7F7 50
push eax
* Reference To: comctl32.ImageList_DragLeave, Ord:0000h
|
:0042A7F8 E87F04FFFF
Call 0041AC7C
:0042A7FD 33C0
xor eax, eax
:0042A7FF 894360
|:0042A7EC(C), :0042A7F2(C)
|
:0042A802 5B
pop ebx
:0042A803 C3
ret

|:00421514
|
:0042A804 53
push ebx
:0042A805 56
push esi
:0042A806 57
push edi
:0042A807 83C4F8
add esp, FFFFFFF8
:0042A80A 8BF9
mov edi, ecx
:0042A80C 8BF2
mov esi, edx
:0042A80E 8BD8
mov ebx, eax
:0042A810 8BC3
mov eax, ebx
:0042A812 E8F93E0000
call 0042E710
:0042A817 84C0
test al, al
:0042A819 7424
je 0042A83F
:0042A81B 54
push esp
:0042A81C 8BCF
mov ecx, edi
:0042A81E 8BD6
mov edx, esi
:0042A820 8B4360
call 0042A5B0
:0042A828 8B442404
:0042A82C 50
push eax
:0042A82D 8B442404
:0042A831 50
push eax
* Reference To: comctl32.ImageList_DragMove, Ord:0000h
|
:0042A832 E84D04FFFF
Call 0041AC84
:0042A837 F7D8
neg eax
:0042A839 1BC0
sbb eax, eax
:0042A83B F7D8
neg eax
:0042A83D EB02
jmp 0042A841
|:0042A819(C)
|
:0042A83F 33C0
xor eax, eax
|:0042A83D(U)
|
:0042A841 59
pop ecx
:0042A842 5A
pop edx
:0042A843 5F
pop edi
:0042A844 5E
pop esi
:0042A845 5B
pop ebx
:0042A846 C3
ret
:0042A847 90
nop

|:00420BEB
|
:0042A848 53
push ebx
:0042A849 8BD8
mov ebx, eax
:0042A84B 8BC3
mov eax, ebx
:0042A84D E8BE3E0000
call 0042E710
:0042A852 84C0
test al, al
:0042A854 7407
je 0042A85D
:0042A856 6AFF
push FFFFFFFF

|
:0042A858 E83704FFFF
Call 0041AC94
|:0042A854(C)
|
:0042A85D 5B
pop ebx
:0042A85E C3
ret
:0042A85F 90
nop

|:00420BCB
|
:0042A860 53
push ebx
:0042A861 8BD8
mov ebx, eax
:0042A863 8BC3
mov eax, ebx
:0042A865 E8A63E0000
call 0042E710
:0042A86A 84C0
test al, al
:0042A86C 7407
je 0042A875
:0042A86E 6A00
push 00000000
|
:0042A870 E81F04FFFF
Call 0041AC94
|:0042A86C(C)
|
:0042A875 5B
pop ebx
:0042A876 C3
ret
:0042A877 90
nop

|:00421520 , :00421B5E
|
:0042A878 53
push ebx
:0042A879 56
push esi
:0042A87A 8BF0
mov esi, eax
:0042A87C 8BC6
mov eax, esi
:0042A87E E88D3E0000
call 0042E710
:0042A883 84C0
test al, al
:0042A885 742F
je 0042A8B6
:0042A887 807E5E00
:0042A88B 7429
je 0042A8B6
:0042A88D 8BC6
mov eax, esi
:0042A88F E84CFFFFFF
call 0042A7E0
* Reference To: comctl32.ImageList_EndDrag, Ord:0000h
|
:0042A894 E8D303FFFF
Call 0041AC6C
:0042A899 F7D8
neg eax
:0042A89B 1BDB
sbb ebx, ebx
:0042A89D F7DB
neg ebx
:0042A89F C6465E00
mov [esi+5E], 00
:0042A8A3
:0042A8A6
:0042A8A8
:0042A8AD
83CAFF
8BC6
E857FEFFFF
6AFF
or edx, FFFFFFFF
mov eax, esi
call 0042A704
push FFFFFFFF

|
:0042A8AF E874BBFDFF
Call 00406428
:0042A8B4 EB02
jmp 0042A8B8
|:0042A885(C), :0042A88B(C)
|
:0042A8B6 33DB
xor ebx, ebx
|:0042A8B4(U)
|
:0042A8B8 8BC3
mov eax, ebx
:0042A8BA 5E
pop esi
:0042A8BB 5B
pop ebx
:0042A8BC C3
ret
:0042A8BD 8D4000

|:0042A123
|
:0042A8C0 55
push ebp
:0042A8C1 8BEC
mov ebp, esp
:0042A8C3 51
push ecx
:0042A8C4 53
push ebx
:0042A8C5 56
push esi
:0042A8C6 84D2
test dl, dl
:0042A8C8 7408
je 0042A8D2
:0042A8CA 83C4F0
add esp, FFFFFFF0
:0042A8CD E83286FDFF
call 00402F04
|:0042A8C8(C)
|
:0042A8D2 8855FF
:0042A8D5 8BD8
:0042A8D7 33D2
:0042A8D9 8BC3
:0042A8DB E890A9FFFF
:0042A8E0 B201
:0042A8E2 A130EB4100
:0042A8E7 E8F09FFEFF
:0042A8EC 8BF0
:0042A8EE 89B3EC010000
:0042A8F4 8BD3
:0042A8F6 8BC6
:0042A8F8 E8C776FFFF
:0042A8FD 8BC3
:0042A8FF 807DFF00
:0042A903 740F
:0042A905 E85286FDFF
:0042A90A 648F0500000000

mov ebx, eax
xor edx, edx
mov eax, ebx
call 00425270
mov dl, 01
call 004148DC
mov esi, eax
mov dword ptr [ebx+000001EC], esi
mov edx, ebx
mov eax, esi
call 00421FC4
mov eax, ebx
je 0042A914
call 00402F5C
:0042A911 83C40C
add esp, 0000000C

|:0042A903(C)
|
:0042A914 8BC3
mov eax, ebx
:0042A916 5E
pop esi
:0042A917 5B
pop ebx
:0042A918 59
pop ecx
:0042A919 5D
pop ebp
:0042A91A C3
ret
:0042A91B
:0042A91C
:0042A91D
:0042A91E
:0042A923
:0042A925
:0042A927
:0042A92D
:0042A932
:0042A934
:0042A937
:0042A939
:0042A93E
:0042A940
:0042A942
:0042A944
90
53
56
E84186FDFF
8BDA
8BF0
8B86EC010000
E8EE82FDFF
8BD3
80E2FC
8BC6
E816AAFFFF
84DB
7E07
8BC6
E80B86FDFF
nop
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 00425354
test bl, bl
jle 0042A949
mov eax, esi
call 00402F54

|:0042A940(C)
|
:0042A949 5E
pop esi
:0042A94A 5B
pop ebx
:0042A94B C3
ret
:0042A94C
:0042A94D
:0042A94E
:0042A950
:0042A952
:0042A958
:0042A95A
:0042A95C
:0042A961
:0042A967
:0042A968
:0042A969
53
56
8BF2
8BD8
66814B440001
8BD6
8BC3
E8B7C6FFFF
66816344FFFE
5E
5B
C3
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00427018
and word ptr [ebx+44], FEFF
pop esi
pop ebx
ret
:0042A96A
:0042A96C
:0042A96D
:0042A96F
:0042A970
:0042A971
:0042A973
:0042A976
8BC0
55
8BEC
51
53
8BDA
8945FC
8B45FC
mov eax, eax

push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, edx
:0042A979
:0042A97F
:0042A984
:0042A986
:0042A987
:0042A98C
:0042A98F
:0042A992
:0042A995
:0042A99B
:0042A99D
:0042A9A2
:0042A9A4
:0042A9A5
:0042A9AA
:0042A9AD
:0042A9B0
:0042A9B3
:0042A9B9
:0042A9BE
:0042A9C1
:0042A9C3
:0042A9C9
:0042A9CB
:0042A9CC
:0042A9CD
:0042A9CE
:0042A9D1
8B80EC010000
E820A2FEFF
33C0
55
680AAA4200
64FF30
648920
8B45FC
8B80EC010000
8BD3
E83EA5FEFF
33C0
55
68E7A94200
64FF30
648920
8B45FC
8B80EC010000
E81E76FFFF
8B45FC
8B10
FF92B8000000
33C0
5A
59
59
648910
68EEA94200
mov eax, dword ptr [eax+000001EC]

call 00414BA4
xor eax, eax
push ebp
push 0042AA0A
mov edx, ebx
call 00414EE0
xor eax, eax
push ebp
push 0042A9E7
call 00421FDC
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042A9EE
|:0042A9EC(U)
|
:0042A9D6 8B45FC
:0042A9D9 8B80EC010000
:0042A9DF 33D2
:0042A9E1 E8FAA4FEFF
:0042A9E6 C3
:0042A9E7
:0042A9EC
:0042A9EE
:0042A9F0
:0042A9F1
:0042A9F2
:0042A9F3
jmp
jmp
xor
pop
pop
pop
mov
E98C88FDFF
EBE8
33C0
5A
59
59
648910

xor edx, edx
call 00414EE0
ret
00403278
0042A9D6
eax, eax
edx
ecx
ecx

|
:0042A9F6 6811AA4200
push 0042AA11
|:0042AA0F(U)
|
:0042A9FB 8B45FC
:0042A9FE 8B80EC010000
:0042AA04 E84FA3FEFF
:0042AA09 C3

call 00414D58
ret
:0042AA0A
:0042AA0F
:0042AA11
:0042AA12
:0042AA13
:0042AA14
E96988FDFF
EBEA
5B
59
5D
C3
jmp
jmp
pop
pop
pop
ret
00403278
0042A9FB
ebx
ecx
ebp
:0042AA15 8D4000
:0042AA18 C3

ret
:0042AA19 8D4000

|:0042AF4D , :0042B2DB , :0042B3A9 , :0042B437
|
:0042AA1C 84D2
test dl, dl
:0042AA1E 7408
je 0042AA28
:0042AA20 83C4F0
add esp, FFFFFFF0
:0042AA23 E8DC84FDFF
call 00402F04
|:0042AA1E(C)
|
:0042AA28 89481C
:0042AA2B 84D2
:0042AA2D 740F
:0042AA2F E82885FDFF
:0042AA34 648F0500000000
:0042AA3B 83C40C
, :0042B9CE

test dl, dl
je 0042AA3E
call 00402F5C
add esp, 0000000C

|:0042AA2D(C)
|
:0042AA3E C3
ret
:0042AA3F 90
nop
|:0042AB75 , :0042AC2D , :0042B334 , :0042B84A , :0042C0E7
|
:0042AA40 33D2
xor edx, edx
:0042AA42 8B4008
:0042AA45 85C0
test eax, eax
:0042AA47 7408
je 0042AA51
|:0042AA4F(C)
|
:0042AA49 8B400C
:0042AA4C 42
inc edx
:0042AA4D 85C0
test eax, eax
:0042AA4F 75F8
jne 0042AA49
|:0042AA47(C)
|
:0042AA51 8BC2
mov eax, edx
:0042AA53 C3
ret

|:0042ABC3 , :0042AC3F
|
:0042AA54 8B501C
:0042AA57 3B4260
:0042AA5A 7504
jne 0042AA60
:0042AA5C 8BD0
mov edx, eax
:0042AA5E EB03
jmp 0042AA63
|:0042AA5A(C)
|
:0042AA60 8B5014
|:0042AA5E(U)
|
:0042AA63 8A4A10
:0042AA66 80F901
:0042AA69 750B
:0042AA6B BA01000000
:0042AA70 E86F000000
:0042AA75 C3
|:0042AA69(C)
|
:0042AA76 80F902
:0042AA79 750C
:0042AA7B BA02000000
:0042AA80 E85F000000
:0042AA85 EB13
|:0042AA79(C)
|
:0042AA87 33C9
:0042AA89 B201
:0042AA8B A184694000
:0042AA90 E8D7DDFDFF
:0042AA95 E81688FDFF

cmp cl, 01
jne 0042AA76
mov edx, 00000001
call 0042AAE4
ret
cmp cl, 02
jne 0042AA87
mov edx, 00000002
call 0042AAE4
jmp 0042AA9A
xor ecx, ecx

mov dl, 01
call 0040886C
call 004032B0

|:0042AA85(U)
|
:0042AA9A C3
ret
:0042AA9B 90
nop
|:0042C13C , :0042C965
|
:0042AA9C 8B501C
:0042AA9F 3B4260
:0042AAA2 7504
jne 0042AAA8
:0042AAA4 8BD0
mov edx, eax
:0042AAA6 EB03
jmp 0042AAAB

|:0042AAA2(C)
|
:0042AAA8 8B5014
|:0042AAA6(U)
|
:0042AAAB 8A4A10
:0042AAAE 80F901
:0042AAB1 750B
:0042AAB3 BA01000000
:0042AAB8 E893000000
:0042AABD C3
|:0042AAB1(C)
|
:0042AABE 80F902
:0042AAC1 750C
:0042AAC3 BA02000000
:0042AAC8 E883000000
:0042AACD EB13
|:0042AAC1(C)
|
:0042AACF 33C9
:0042AAD1 B201
:0042AAD3 A184694000
:0042AAD8 E88FDDFDFF
:0042AADD E8CE87FDFF

cmp cl, 01
jne 0042AABE
mov edx, 00000001
call 0042AB50
ret
cmp cl, 02
jne 0042AACF
mov edx, 00000002
call 0042AB50
jmp 0042AAE2
xor ecx, ecx

mov dl, 01
call 0040886C
call 004032B0

|:0042AACD(U)
|
:0042AAE2 C3
ret
:0042AAE3 90
nop
|:0042AA70 , :0042AA80 , :0042AEA1 , :0042AEAF
|:0042B1E2 , :0042B6B6 , :0042B6C4 , :0042C80E
|:0042CA90 , :0042CACC
|
:0042AAE4 56
push esi
:0042AAE5 57
push edi
:0042AAE6 83C4F0
add esp, FFFFFFF0
:0042AAE9 8BFA
mov edi, edx
:0042AAEB 8BF0
mov esi, eax
:0042AAED 8BC6
mov eax, esi
:0042AAEF EB1A
jmp 0042AB0B
, :0042B1D5
, :0042C84B

|:0042AB11(C)
|
:0042AAF1 8BCF
mov ecx, edi
:0042AAF3 8B5014
:0042AAF6
:0042AAF9
:0042AAFB
:0042AAFF
:0042AB01
:0042AB04
:0042AB07
3A4A10
750E
83781800
7408
8B4018
8B4020
EB3E

jne 0042AB09
je 0042AB09
jmp 0042AB47

|:0042AAF9(C), :0042AAFF(C)
|
:0042AB09 8BC2
mov eax, edx
|:0042AAEF(U)
|
:0042AB0B 8B561C
:0042AB0E 3B4260
:0042AB11 75DE
:0042AB13 8BD4
:0042AB15 8B461C
:0042AB18 8B4014
:0042AB1B 8B08
:0042AB1D FF5144
:0042AB20 8BD4
:0042AB22 8B461C
:0042AB25 8B4014
:0042AB28 8B08
:0042AB2A FF9188000000
:0042AB30 8BC7
:0042AB32 FEC8
:0042AB34 740A
:0042AB36 FEC8
:0042AB38 750B
:0042AB3A 8B442404
:0042AB3E EB07

mov edx, dword
cmp eax, dword
jne 0042AAF1
mov edx, esp
mov eax, dword
mov eax, dword
mov ecx, dword
call [ecx+44]
mov edx, esp
mov eax, dword
mov eax, dword
mov ecx, dword
call dword ptr
mov eax, edi
dec al
je 0042AB40
dec al
jne 0042AB45
mov eax, dword
jmp 0042AB47
ptr [esi+1C]
ptr [edx+60]
ptr [esi+1C]
ptr [eax+14]
ptr [eax]
ptr [esi+1C]
ptr [eax+14]
ptr [eax]
[ecx+00000088]
ptr [esp+04]

|:0042AB34(C)
|
:0042AB40 8B0424
:0042AB43 EB02
jmp 0042AB47
|:0042AB38(C)
|
:0042AB45 33C0
xor eax, eax
|:0042AB07(U), :0042AB3E(U), :0042AB43(U)
|
:0042AB47 83C410
add esp, 00000010
:0042AB4A 5F
pop edi
:0042AB4B 5E
pop esi
:0042AB4C C3
ret
:0042AB4D 8D4000
|:0042AAB8 , :0042AAC8
|:0042ADE4 , :0042B1B6
|:0042B382 , :0042B398
|:0042C866
|
:0042AB50 53
:0042AB51 56
:0042AB52 57
:0042AB53 83C4F0
:0042AB56 8BFA
:0042AB58 8BD8
:0042AB5A 8B431C
:0042AB5D 3B5860
:0042AB60 741B
:0042AB62 8B431C
:0042AB65 8B7060
:0042AB68 3B7314
:0042AB6B 7546
:0042AB6D 837B0400
:0042AB71 7440
:0042AB73 8BC6
:0042AB75 E8C6FEFFFF
:0042AB7A 48
:0042AB7B 7536
, :0042AC11
, :0042B1C8
, :0042B719
, :0042AC21
, :0042B35A
, :0042B79A
, :0042ADD5
, :0042B370
, :0042C825
push ebx
push esi
push edi
add esp, FFFFFFF0
mov edi, edx
mov ebx, eax
je 0042AB7D
jne 0042ABB3
je 0042ABB3
mov eax, esi
call 0042AA40
dec eax
jne 0042ABB3
|:0042AB60(C)
|
:0042AB7D 8BD4
:0042AB7F 8B431C
:0042AB82 8B4014
:0042AB85 8B08
:0042AB87 FF5144
:0042AB8A 8BD4
:0042AB8C 8B431C
:0042AB8F 8B4014
:0042AB92 8B08
:0042AB94 FF9188000000
:0042AB9A 8BC7
:0042AB9C 3C01
:0042AB9E 750A
:0042ABA0 8B44240C
:0042ABA4 2B442404
:0042ABA8 EB46
|:0042AB9E(C)
|
:0042ABAA 8B442408
:0042ABAE 2B0424
:0042ABB1 EB3D
mov edx, esp

mov eax, dword
mov eax, dword
mov ecx, dword
call [ecx+44]
mov edx, esp
mov eax, dword
mov eax, dword
mov ecx, dword
call dword ptr
mov eax, edi
cmp al, 01
jne 0042ABAA
mov eax, dword
sub eax, dword
jmp 0042ABF0
ptr [ebx+1C]
ptr [eax+14]
ptr [eax]
ptr [ebx+1C]
ptr [eax+14]
ptr [eax]
[ecx+00000088]
ptr [esp+0C]
ptr [esp+04]

jmp 0042ABF0

|:0042AB6B(C), :0042AB71(C), :0042AB7B(C)
|
:0042ABB3 8BF3
mov esi, ebx
:0042ABB5 EB1C
jmp 0042ABD3
|:0042ABD9(C)
|
:0042ABB7
:0042ABB9
:0042ABBC
:0042ABBF
:0042ABC1
:0042ABC3
:0042ABC8
:0042ABC9
:0042ABCC
:0042ABCD
:0042ABCF
8BD7
8B4614
3A5010
7510
8BC6
E88CFEFFFF
50
8B4620
5A
2BC2
EB1F
mov edx, edi

jne 0042ABD1
mov eax, esi
call 0042AA54
push eax
pop edx
sub eax, edx
jmp 0042ABF0

|:0042ABBF(C)
|
:0042ABD1 8BF0
mov esi, eax
|:0042ABB5(U)
|
:0042ABD3 8B431C
:0042ABD6 3B7060
:0042ABD9 75DC
jne 0042ABB7
:0042ABDB 8BCF
mov ecx, edi
:0042ABDD 8B431C
:0042ABE0 8B5060
:0042ABE3 3A4A10
:0042ABE6 7505
jne 0042ABED
:0042ABE8 8B4064
:0042ABEB EB03
jmp 0042ABF0
|:0042ABE6(C)
|
:0042ABED 8B4220
|:0042ABA8(U), :0042ABB1(U), :0042ABCF(U), :0042ABEB(U)
|
:0042ABF0 83C410
add esp, 00000010
:0042ABF3 5F
pop edi
:0042ABF4 5E
pop esi
:0042ABF5 5B
pop ebx
:0042ABF6 C3
ret
:0042ABF7 90
nop

|:0042AFCB , :0042B58A , :0042B60B
|
:0042ABF8 53
push ebx
:0042ABF9 56
push esi
:0042ABFA 57
push edi
:0042ABFB 8BF8
mov edi, eax
:0042ABFD 8A4710
:0042AC00 FEC8
dec al
:0042AC02 7406
je 0042AC0A
:0042AC04 FEC8
dec al
:0042AC06 7412
:0042AC08 EB66
je 0042AC1A
jmp 0042AC70
|:0042AC02(C)
|
:0042AC0A BA01000000
:0042AC0F 8BC7
:0042AC11 E83AFFFFFF
:0042AC16 8BF0
:0042AC18 EB0E
|:0042AC06(C)
|
:0042AC1A BA02000000
:0042AC1F 8BC7
:0042AC21 E82AFFFFFF
:0042AC26 8BF0
|:0042AC18(U)
|
:0042AC28 8B5F08
:0042AC2B 8BC7
:0042AC2D E80EFEFFFF
:0042AC32 50
:0042AC33 8BC6
:0042AC35 5A
:0042AC36 8BCA
:0042AC38 99
:0042AC39 F7F9
:0042AC3B 8BF0
:0042AC3D 8BC3
:0042AC3F E810FEFFFF
:0042AC44 03C6
:0042AC46 894320
:0042AC49 8BC3
:0042AC4B E844010000
:0042AC50 8B5B0C
:0042AC53 85DB
:0042AC55 7419
|:0042AC6E(C)
|
:0042AC57 8B4318
:0042AC5A 8B4020
:0042AC5D 03C6
:0042AC5F 894320
:0042AC62 8BC3
:0042AC64 E82B010000
:0042AC69 8B5B0C
:0042AC6C 85DB
:0042AC6E 75E7
mov edx, 00000001

mov eax, edi
call 0042AB50
mov esi, eax
jmp 0042AC28
mov edx, 00000002

mov eax, edi
call 0042AB50
mov esi, eax

mov eax, edi
call 0042AA40
push eax
mov eax, esi
pop edx
mov ecx, edx
cdq
idiv ecx
mov esi, eax
mov eax, ebx
call 0042AA54
add eax, esi
mov eax, ebx
call 0042AD94
mov ebx, dword ptr [ebx+0C]
test ebx, ebx
je 0042AC70

add eax, esi
mov eax, ebx
call 0042AD94
mov ebx, dword ptr [ebx+0C]
test ebx, ebx
jne 0042AC57

|:0042AC08(U), :0042AC55(C)
|
:0042AC70 5F
pop edi
:0042AC71 5E
:0042AC72 5B
:0042AC73 C3
pop esi
pop ebx
ret

|:0042C486
|
:0042AC74 55
push ebp
:0042AC75 8BEC
mov ebp, esp
:0042AC77 6A00
push 00000000
:0042AC79 53
push ebx
:0042AC7A 56
push esi
:0042AC7B 57
push edi
:0042AC7C 8BF2
mov esi, edx
:0042AC7E 8BD8
mov ebx, eax
:0042AC80 33C0
xor eax, eax
:0042AC82 55
push ebp
:0042AC83 68E6AC4200
push 0042ACE6
:0042AC88 64FF30
:0042AC8B 648920
:0042AC8E 8BC6
mov eax, esi
:0042AC90 E8238BFDFF
call 004037B8
:0042AC95 8B7B04
:0042AC98 85FF
test edi, edi
:0042AC9A 7434
je 0042ACD0
:0042AC9C 837F0800
:0042ACA0 7521
jne 0042ACC3
:0042ACA2 8D55FC
:0042ACA5 A1A42B4400
:0042ACAA E875A1FDFF
call 00404E24
:0042ACAF 8B4DFC
:0042ACB2 B201
mov dl, 01
:0042ACB4 A184694000
:0042ACB9 E8AEDBFDFF
call 0040886C
:0042ACBE E8ED85FDFF
call 004032B0
|:0042ACA0(C)
|
:0042ACC3 8BC6
:0042ACC5 8B5304
:0042ACC8 8B5208
:0042ACCB E8808BFDFF

mov eax, esi
call 00403850

|:0042AC9A(C)
|
:0042ACD0 33C0
xor eax, eax
:0042ACD2 5A
pop edx
:0042ACD3 59
pop ecx
:0042ACD4 59
pop ecx
:0042ACD5 648910
|
:0042ACD8 68EDAC4200
push 0042ACED
|:0042ACEB(U)
|
:0042ACDD 8D45FC
:0042ACE0 E8D38AFDFF
:0042ACE5 C3

call 004037B8
ret
:0042ACE6
:0042ACEB
:0042ACED
:0042ACEE
:0042ACEF
:0042ACF0
:0042ACF1
:0042ACF2
jmp
jmp
pop
pop
pop
pop
pop
ret
E98D85FDFF
EBF0
5F
5E
5B
59
5D
C3
:0042ACF3 90
00403278
0042ACDD
edi
esi
ebx
ecx
ebp
nop

|:0042BA0A
|
:0042ACF4 55
push ebp
:0042ACF5 8BEC
mov ebp, esp
:0042ACF7 83C4F8
add esp, FFFFFFF8
:0042ACFA 53
push ebx
:0042ACFB 56
push esi
:0042ACFC 8BF0
mov esi, eax
:0042ACFE 33C0
xor eax, eax
:0042AD00 8945FC
:0042AD03 8B461C
:0042AD06 8945F8
:0042AD09 8D4DFC
:0042AD0C 8B45F8
:0042AD0F 8B4014
:0042AD12 66BBBEFF
mov bx, FFBE
:0042AD16 E8D980FDFF
call 00402DF4
:0042AD1B 837DFC00
:0042AD1F 7443
je 0042AD64
:0042AD21 8B45F8
:0042AD24 897038
:0042AD27 33C0
xor eax, eax
:0042AD29 55
push ebp
:0042AD2A 685DAD4200
push 0042AD5D
:0042AD2F 64FF30
:0042AD32 648920
:0042AD35 6A00
push 00000000
:0042AD37 8B45F8
:0042AD3A 8B5014
:0042AD3D 33C9
xor ecx, ecx
:0042AD3F 8B45FC
:0042AD42 E8D98FFFFF
call 00423D20
:0042AD47 33C0
xor eax, eax
:0042AD49 5A
pop edx
:0042AD4A 59
pop ecx
:0042AD4B 59
pop ecx
:0042AD4C 648910
|
:0042AD4F 6864AD4200
push 0042AD64

|:0042AD62(U)
|
:0042AD54 8B45F8
:0042AD57 33D2
xor edx, edx
:0042AD59 895038
:0042AD5C C3
ret
:0042AD5D E91685FDFF
:0042AD62 EBF0
jmp 00403278
jmp 0042AD54

|:0042AD1F(C)
|
:0042AD64 5E
pop esi
:0042AD65 5B
pop ebx
:0042AD66 59
pop ecx
:0042AD67 59
pop ecx
:0042AD68 5D
pop ebp
:0042AD69 C3
ret
:0042AD6A 8BC0
mov eax, eax

|:0042ADEC
|
:0042AD6C 55
push ebp
:0042AD6D 8BEC
mov ebp, esp
:0042AD6F 33D2
xor edx, edx
:0042AD71 8B4508
:0042AD74 8B40FC
:0042AD77 8B4014
:0042AD7A 85C0
test eax, eax
:0042AD7C 7411
je 0042AD8F
|:0042AD8D(C)
|
:0042AD7E 83780C00
:0042AD82 7404
:0042AD84 B201
:0042AD86 EB07

je 0042AD88
mov dl, 01
jmp 0042AD8F

|:0042AD82(C)
|
:0042AD88 8B4014
:0042AD8B 85C0
test eax, eax
:0042AD8D 75EF
jne 0042AD7E
|:0042AD7C(C), :0042AD86(U)
|
:0042AD8F 8BC2
:0042AD91 5D
:0042AD92 C3

mov eax, edx
pop ebp
ret
:0042AD93 90
nop

|:0042AC4B , :0042AC64 , :0042B234 , :0042C146 , :0042C245
|:0042C265 , :0042C7E4
|
:0042AD94 55
push ebp
:0042AD95 8BEC
mov ebp, esp
:0042AD97 83C4EC
add esp, FFFFFFEC
:0042AD9A 53
push ebx
:0042AD9B 56
push esi
:0042AD9C 57
push edi
:0042AD9D 8945FC
:0042ADA0 8B45FC
:0042ADA3 8B4004
:0042ADA6 85C0
test eax, eax
:0042ADA8 0F842F010000
je 0042AEDD
:0042ADAE 8B55FC
:0042ADB1 8B521C
:0042ADB4 837A6800
:0042ADB8 0F851F010000
jne 0042AEDD
:0042ADBE 8B55FC
:0042ADC1 8B5214
:0042ADC4 8A5210
:0042ADC7 889088000000
:0042ADCD BA02000000
mov edx, 00000002
:0042ADD2 8B45FC
:0042ADD5 E876FDFFFF
call 0042AB50
:0042ADDA 8BD8
mov ebx, eax
:0042ADDC BA01000000
mov edx, 00000001
:0042ADE1 8B45FC
:0042ADE4 E867FDFFFF
call 0042AB50
:0042ADE9 8BF0
mov esi, eax
:0042ADEB 55
push ebp
:0042ADEC E87BFFFFFF
call 0042AD6C
:0042ADF1 59
pop ecx
:0042ADF2 84C0
test al, al
:0042ADF4 7420
je 0042AE16
:0042ADF6 8B45FC
:0042ADF9 8B4014
:0042ADFC 80781001
:0042AE00 750B
jne 0042AE0D
:0042AE02 8B45FC
:0042AE05 8B401C
:0042AE08 2B580C
sub ebx, dword ptr [eax+0C]
:0042AE0B EB09
jmp 0042AE16
|:0042AE00(C)
|
:0042AE0D 8B45FC
:0042AE10 8B401C
:0042AE13 2B700C
sub esi, dword ptr [eax+0C]
|:0042ADF4(C), :0042AE0B(U)
|
:0042AE16 8B4DFC
:0042AE19
:0042AE1D
:0042AE1F
:0042AE22
:0042AE25
:0042AE28
:0042AE2B
:0042AE2E
:0042AE30
:0042AE33
:0042AE36
:0042AE39
:0042AE3C
:0042AE3F
:0042AE42
:0042AE45
:0042AE47
:0042AE4A
:0042AE4D
:0042AE50
83790C00
7555
8B4DFC
8B4914
8B7DFC
8B7F1C
3B4F60
7422
8B4DFC
8B4914
8A4910
8B45FC
8B401C
8B7860
3A4F10
750B
8B4DFC
8B4920
3B4864
7C22
cmp dword ptr [ecx+0C], 00000000

jne 0042AE74
mov edi, dword ptr [edi+1C]
cmp ecx, dword ptr [edi+60]
je 0042AE52
mov cl, byte ptr [ecx+10]
jne 0042AE52
jl 0042AE74
|:0042AE2E(C), :0042AE45(C)
|
:0042AE52 8B45FC
:0042AE55 8B4014
:0042AE58 8A4010
:0042AE5B 8B55FC
:0042AE5E 8B521C
:0042AE61 8B5260
:0042AE64 3A4210
:0042AE67 742B
:0042AE69 8B45FC
:0042AE6C 8B4020
:0042AE6F 3B4220
:0042AE72 7D20
|:0042AE1D(C), :0042AE50(C)
|
:0042AE74 8B45FC
:0042AE77 8B4014
:0042AE7A 80781001
:0042AE7E 750B
:0042AE80 8B45FC
:0042AE83 8B401C
:0042AE86 2B700C
:0042AE89 EB09

je 0042AE94
jge 0042AE94
mov
mov
cmp
jne
mov
mov
sub
jmp

byte ptr [eax+10], 01
0042AE8B
esi, dword ptr [eax+0C]
0042AE94

|:0042AE7E(C)
|
:0042AE8B 8B45FC
:0042AE8E 8B401C
:0042AE91 2B580C
sub ebx, dword ptr [eax+0C]
|:0042AE67(C), :0042AE72(C), :0042AE89(U)
|
:0042AE94 56
push esi
:0042AE95
:0042AE98
:0042AE99
:0042AE9E
:0042AEA1
:0042AEA6
:0042AEA7
:0042AEAC
:0042AEAF
:0042AEB4
:0042AEB6
:0042AEB7
:0042AEBC
:0042AEBF
:0042AEC2
:0042AEC5
:0042AEC8
:0042AECB
:0042AECD
:0042AECF
:0042AED2
:0042AED5
:0042AED8
8D45EC
50
BA01000000
8B45FC
E83EFCFFFF
50
BA02000000
8B45FC
E830FCFFFF
8BCB
5A
E8F812FEFF
8D4DEC
8B45FC
8B5004
8B45FC
8B401C
8B18
FF13
8D55EC
8B45FC
8B4004
E89B7CFFFF
|:0042ADA8(C), :0042ADB8(C)
|
:0042AEDD 5F
:0042AEDE 5E
:0042AEDF 5B
:0042AEE0 8BE5
:0042AEE2 5D
:0042AEE3 C3

push eax
mov edx, 00000001
call 0042AAE4
push eax
mov edx, 00000002
call 0042AAE4
mov ecx, ebx
pop edx
call 0040C1B4
call 00422B78
pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp

|:00427906
|
:0042AEE4 55
push ebp
:0042AEE5 8BEC
mov ebp, esp
:0042AEE7 83C4F4
add esp, FFFFFFF4
:0042AEEA 53
push ebx
:0042AEEB 56
push esi
:0042AEEC 57
push edi
:0042AEED 84D2
test dl, dl
:0042AEEF 7408
je 0042AEF9
:0042AEF1 83C4F0
add esp, FFFFFFF0
:0042AEF4 E80B80FDFF
call 00402F04
|:0042AEEF(C)
|
:0042AEF9 894DF4
:0042AEFC 8855FB
:0042AEFF 8945FC
:0042AF02 8B45FC
:0042AF05 C7400C04000000
:0042AF0C 8B45FC
:0042AF0F 8B55F4

mov
mov
mov
mov
mov
mov
mov
dword ptr [ebp-0C], ecx

byte ptr [ebp-05], dl
[eax+0C], 00000004
:0042AF12
:0042AF15
:0042AF18
:0042AF1F
:0042AF22
:0042AF29
:0042AF2C
:0042AF2F
:0042AF31
:0042AF33
:0042AF35
895014
8B45FC
C7406C00000400
8B45FC
C740180B000000
8B45F4
8A404B
3C01
7404
3C02
7504

mov [eax+6C], 00040000
mov [eax+18], 0000000B
cmp al, 01
je 0042AF37
cmp al, 02
jne 0042AF3B

|:0042AF31(C)
|
:0042AF37 33C0
xor eax, eax
:0042AF39 EB02
jmp 0042AF3D
|:0042AF35(C)
|
:0042AF3B B001
mov al, 01
|:0042AF39(U)
|
:0042AF3D 8B55FC
:0042AF40 88421C
:0042AF43 8B4DFC
:0042AF46 B201
:0042AF48 A190014200
:0042AF4D E8CAFAFFFF
:0042AF52 8B55FC
:0042AF55 894260
:0042AF58 B201
:0042AF5A A1382B4100
:0042AF5F E87C96FEFF
:0042AF64 8BD8
:0042AF66 8B45FC
:0042AF69 895810
:0042AF6C BAFFFFFF00
:0042AF71 33C0
:0042AF73 E888FAFEFF
:0042AF78 8BD0
:0042AF7A 8BC3
:0042AF7C E8DF97FEFF
:0042AF81 8B45FC
:0042AF84 E817010000
:0042AF89 33C0
:0042AF8B 55
:0042AF8C 68E6AF4200
:0042AF91 64FF30
:0042AF94 648920
:0042AF97 8B45F4
:0042AF9A E8E9B0FFFF
:0042AF9F 8BD8
:0042AFA1 4B
:0042AFA2 85DB
:0042AFA4 7C1F
:0042AFA6 43

mov byte ptr [edx+1C], al
mov dl, 01
call 0042AA1C
mov dl, 01
call 004145E0
mov ebx, eax
mov edx, 00FFFFFF
xor eax, eax
call 0041AA00
mov edx, eax
mov eax, ebx
call 00414760
call 0042B0A0
xor eax, eax
push ebp
push 0042AFE6
call 00426088
mov ebx, eax
dec ebx
test ebx, ebx
jl 0042AFC5
inc ebx
:0042AFA7 33F6
xor esi, esi
|:0042AFC3(C)
|
:0042AFA9 6A00
:0042AFAB 8BD6
:0042AFAD 8B45F4
:0042AFB0 E897B0FFFF
:0042AFB5 8BD0
:0042AFB7 B103
:0042AFB9 8B45FC
:0042AFBC 8B38
:0042AFBE FF5708
:0042AFC1 46
:0042AFC2 4B
:0042AFC3 75E4
|:0042AFA4(C)
|
:0042AFC5 8B45FC
:0042AFC8 8B4060
:0042AFCB E828FCFFFF
:0042AFD0 33C0
:0042AFD2 5A
:0042AFD3 59
:0042AFD4 59
:0042AFD5 648910
:0042AFD8 68EDAF4200
|:0042AFEB(U)
|
:0042AFDD 8B45FC
:0042AFE0 E8BF000000
:0042AFE5 C3
:0042AFE6
:0042AFEB
:0042AFED
:0042AFF0
:0042AFF4
:0042AFF6
:0042AFF9
:0042AFFC
:0042AFFF
:0042B002
:0042B005
:0042B008
:0042B00B
:0042B00E
:0042B011
:0042B014
:0042B017
jmp 00403278
jmp 0042AFDD
test [eax+20], 10
jne 0042B01E
mov [eax+28], 0042CB04
E98D82FDFF
EBF0
8B45F4
F6402010
7528
8B45FC
8B55FC
8B5214
8B4A28
894830
8B4A2C
894834
8B45FC
8B4014
8B55FC
89502C
C7402804CB4200
push 00000000
mov edx, esi
call 0042604C
mov edx, eax
mov cl, 03
call [edi+08]
inc esi
dec ebx
jne 0042AFA9

call 0042ABF8
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042AFED

call 0042B0A4
ret

|:0042AFF4(C)
|
:0042B01E
:0042B021
:0042B025
:0042B027
:0042B02C
:0042B033
8B45FC
807DFB00
740F
E8307FFDFF
648F0500000000
83C40C

je 0042B036
call 00402F5C
add esp, 0000000C

|:0042B025(C)
|
:0042B036 8B45FC
:0042B039 5F
pop edi
:0042B03A 5E
pop esi
:0042B03B 5B
pop ebx
:0042B03C 8BE5
mov esp, ebp
:0042B03E 5D
pop ebp
:0042B03F C3
ret
:0042B040
:0042B041
:0042B042
:0042B047
:0042B049
:0042B04B
:0042B04F
:0042B051
:0042B054
:0042B057
:0042B05A
:0042B05D
53
56
E81D7FFDFF
8BDA
8BF0
837E3000
740F
8B4614
8B5630
895028
8B5634
89502C
|:0042B04F(C)
|
:0042B060 8B5660
:0042B063 8BC6
:0042B065 E8560F0000
:0042B06A 8B4610
:0042B06D E8AE7BFDFF
:0042B072 8BD3
:0042B074 80E2FC
:0042B077 8BC6
:0042B079 E8927BFDFF
:0042B07E 84DB
:0042B080 7E07
:0042B082 8BC6
:0042B084 E8CB7EFDFF
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
je 0042B060
mov eax, esi
call 0042BFC0
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 0042B089
mov eax, esi
call 00402F54

|:0042B080(C)
|
:0042B089 5E
pop esi
:0042B08A 5B
pop ebx
:0042B08B C3
ret
:0042B08C 8B4014
:0042B08F 8A404B
:0042B092 48

dec eax
:0042B093
:0042B095
:0042B097
:0042B09A
2C02
7304
83010B
C3
sub al, 02
jnb 0042B09B
add dword ptr [ecx], 0000000B
ret

|:0042B095(C)
|
:0042B09B 8341040B
add dword ptr [ecx+04], 0000000B
:0042B09F C3
ret

|:0042AF84 , :0042B8FB
|
|:004201EC(U)
|
:0042B0A0 FF4068
inc [eax+68]
:0042B0A3 C3
ret

|:0042AFE0 , :0042BA90
|
|:004201F4(U)
|
:0042B0A4 FF4868
:0042B0A7 83786800
:0042B0AB 7F0A
:0042B0AD 33D2
:0042B0AF 895068
:0042B0B2 E8FD160000

dec [eax+68]
jg 0042B0B7
xor edx, edx
call 0042C7B4

|:0042B0AB(C)
|
:0042B0B7 C3
ret
|:0042B0E8 , :0042B104 , :0042B128
|
:0042B0B8 55
push ebp
:0042B0B9 8BEC
mov ebp, esp
:0042B0BB 53
push ebx
:0042B0BC 8BD8
mov ebx, eax
:0042B0BE 8B4508
:0042B0C1 8B40FC
:0042B0C4 3B4304
:0042B0C7 7509
jne 0042B0D2
:0042B0C9 8B4508
:0042B0CC 8958F8
mov dword ptr [eax-08], ebx
:0042B0CF 5B
pop ebx
:0042B0D0 5D
:0042B0D1 C3
pop ebp
ret
|:0042B0C7(C)
|
:0042B0D2 8B4508
:0042B0D5 8378F800
:0042B0D9 7513
:0042B0DB 837B0C00
:0042B0DF 740D
:0042B0E1 8B4508
:0042B0E4 50
:0042B0E5 8B430C
:0042B0E8 E8CBFFFFFF
:0042B0ED 59
|:0042B0D9(C), :0042B0DF(C)
|
:0042B0EE 8B4508
:0042B0F1 8378F800
:0042B0F5 7513
:0042B0F7 837B0800
:0042B0FB 740D
:0042B0FD 8B4508
:0042B100 50
:0042B101 8B4308
:0042B104 E8AFFFFFFF
:0042B109 59
|:0042B0F5(C), :0042B0FB(C)
|
:0042B10A 5B
:0042B10B 5D
:0042B10C C3
:0042B10D 8D4000

jne 0042B0EE
je 0042B0EE
push eax
call 0042B0B8
pop ecx

jne 0042B10A
je 0042B10A
push eax
call 0042B0B8
pop ecx
pop ebx
pop ebp
ret

|:0042B194 , :0042B304 , :0042B31B , :0042C016 , :0042C6C6
|:0042CA06
|
:0042B110 55
push ebp
:0042B111 8BEC
mov ebp, esp
:0042B113 83C4F8
add esp, FFFFFFF8
:0042B116 8955FC
:0042B119 33D2
xor edx, edx
:0042B11B 8955F8
:0042B11E 837DFC00
:0042B122 740A
je 0042B12E
:0042B124 55
push ebp
:0042B125 8B4060
:0042B128 E88BFFFFFF
call 0042B0B8
:0042B12D 59
pop ecx

|:0042B122(C)
|
:0042B12E 8B45F8
:0042B131 59
pop ecx
:0042B132 59
pop ecx
:0042B133 5D
pop ebp
:0042B134 C3
ret
:0042B135 8D4000

|:0042B157 , :0042B168 , :0042B181
|
:0042B138 55
push ebp
:0042B139 8BEC
mov ebp, esp
:0042B13B 53
push ebx
:0042B13C 56
push esi
:0042B13D 8BD8
mov ebx, eax
:0042B13F 8B4508
mov eax, dword
:0042B142 8D7008
lea esi, dword
:0042B145 8BD3
mov edx, ebx
:0042B147 8B4604
mov eax, dword
:0042B14A FF16
call dword ptr
:0042B14C 8B430C
mov eax, dword
:0042B14F 85C0
test eax, eax
:0042B151 740A
je 0042B15D
:0042B153 8B5508
mov edx, dword
:0042B156 52
push edx
:0042B157 E8DCFFFFFF
call 0042B138
:0042B15C 59
pop ecx
|:0042B151(C)
|
:0042B15D 8B4308
:0042B160 85C0
:0042B162 740A
:0042B164 8B5508
:0042B167 52
:0042B168 E8CBFFFFFF
:0042B16D 59
ptr [ebp+08]
ptr [eax+08]
ptr [esi+04]
[esi]
ptr [ebx+0C]
ptr [ebp+08]

test eax, eax
je 0042B16E
push edx
call 0042B138
pop ecx

|:0042B162(C)
|
:0042B16E 5E
pop esi
:0042B16F 5B
pop ebx
:0042B170 5D
pop ebp
:0042B171 C3
ret
:0042B172 8BC0
mov eax, eax

|:0042B49F , :0042B4D2 , :0042B4F2
|:0042C16E , :0042C217 , :0042C275
|:0042C7D3
|
, :0042B514
, :0042C371
, :0042B599
, :0042C7A8
:0042B174
:0042B175
:0042B177
:0042B179
:0042B17B
55
8BEC
85D2
7503
8B5060
push ebp
mov ebp, esp
test edx, edx
jne 0042B17E
|:0042B179(C)
|
:0042B17E 55
:0042B17F 8BC2
:0042B181 E8B2FFFFFF
:0042B186 59
:0042B187 5D
:0042B188 C20800
:0042B18B 90
nop
|:004201FC(U)
|
:0042B18C 53
:0042B18D 56
:0042B18E 57
:0042B18F 83C4F0
:0042B192 8BF1
:0042B199 8BD8
:0042B19B 85DB
:0042B19D 7510
:0042B19F 8BC6
:0042B1A1 33C9
:0042B1A3 BA10000000
:0042B1A8 E88B77FDFF
:0042B1AD EB4A
|:0042B19D(C)
|
:0042B1AF BA01000000
:0042B1B4 8BC3
:0042B1B6 E895F9FFFF
:0042B1BB 50
:0042B1BC 8D442404
:0042B1C0 50
:0042B1C1 BA02000000
:0042B1C6 8BC3
:0042B1C8 E883F9FFFF
:0042B1CD 50
:0042B1CE BA01000000
:0042B1D3 8BC3
:0042B1D5 E80AF9FFFF
:0042B1DA 50
:0042B1DB BA02000000
:0042B1E0 8BC3
:0042B1E2 E8FDF8FFFF
:0042B1E7 5A
:0042B1E8 59
:0042B1E9 E8C60FFEFF
push ebp
mov eax, edx
call 0042B138
pop ecx
pop ebp
ret 0008
push ebx
push esi
push edi
add esp, FFFFFFF0
mov esi, ecx
call 0042B110
mov ebx, eax
test ebx, ebx
jne 0042B1AF
mov eax, esi
xor ecx, ecx
mov edx, 00000010
call 00402938
jmp 0042B1F9
mov edx, 00000001

mov eax, ebx
call 0042AB50
push eax
push eax
mov edx, 00000002
mov eax, ebx
call 0042AB50
push eax
mov edx, 00000001
mov eax, ebx
call 0042AAE4
push eax
mov edx, 00000002
mov eax, ebx
call 0042AAE4
pop edx
pop ecx
call 0040C1B4
:0042B1EE
:0042B1F0
:0042B1F2
:0042B1F7
:0042B1F8
8BFE
8BF4
B904000000
F3
A5
mov edi, esi

mov esi, esp
mov ecx, 00000004
repz
movsd

|:0042B1AD(U)
|
:0042B1F9 83C410
add esp, 00000010
:0042B1FC 5F
pop edi
:0042B1FD 5E
pop esi
:0042B1FE 5B
pop ebx
:0042B1FF C3
ret
:0042B200
:0042B205
:0042B207
:0042B209
:0042B20C
E81B060000
85C0
7404
8B4004
C3
call 0042B820
test eax, eax
je 0042B20D
ret

|:0042B207(C)
|
:0042B20D 33C0
xor eax, eax
:0042B20F C3
ret
:0042B210
:0042B211
:0042B213
:0042B216
:0042B217
:0042B218
:0042B219
:0042B21C
:0042B21E
:0042B220
:0042B224
:0042B22A
:0042B22D
:0042B22F
:0042B231
:0042B234
:0042B239
55
8BEC
83C4D0
53
56
57
884DFF
8BF2
8BD8
807E4700
0F84EA010000
8B4338
85C0
740D
897004
E85BFBFFFF
E9CE010000
|:0042B22F(C)
|
:0042B23E 8B4360
:0042B241 83780800
:0042B245 0F85A6000000
:0042B24B 8D55E0
:0042B24E 8B4314
:0042B251 8B08
:0042B253 FF5144
:0042B256 8D55E0
push ebp
mov ebp, esp
add esp, FFFFFFD0
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
je 0042B414
test eax, eax
je 0042B23E
call 0042AD94
jmp 0042B40C
jne 0042B2F1
call [ecx+44]
:0042B259
:0042B25C
:0042B25E
:0042B264
:0042B267
:0042B26A
:0042B26D
:0042B270
:0042B273
:0042B276
:0042B27A
:0042B27C
:0042B27E
:0042B280
:0042B282
:0042B287
8B4314
8B08
FF9188000000
8B7DE8
2B7DE0
8B45EC
2B45E4
8945F0
8B4314
80784C00
741D
85FF
7509
8BC6
E8997EFFFF
8BF8

sub edi, dword ptr [ebp-20]
je 0042B299
test edi, edi
jne 0042B289
mov eax, esi
call 00423120
mov edi, eax
|:0042B27E(C)
|
:0042B289 837DF000
:0042B28D 750A
:0042B28F 8BC6
:0042B291 E8767EFFFF
:0042B296 8945F0
|:0042B27A(C), :0042B28D(C)
|
:0042B299 8B45F0
:0042B29C 50
:0042B29D 8D45D0
:0042B2A0 50
:0042B2A1 8BCF
:0042B2A3 8B55E4
:0042B2A6 8B45E0
:0042B2A9 E8060FFEFF
:0042B2AE 56
:0042B2AF 8D75D0
:0042B2B2 8D7DE0
:0042B2B5 B904000000
:0042B2BA F3
:0042B2BB A5
:0042B2BC 5E
:0042B2BD 8D4DE0
:0042B2C0 8BD6
:0042B2C2 8BC3
:0042B2C4 8B38
:0042B2C6 FF17
:0042B2C8 8D55E0
:0042B2CB 8BC6
:0042B2CD E8A678FFFF
:0042B2D2 8BCB
:0042B2D4 B201
:0042B2D6 A190014200
:0042B2DB E83CF7FFFF
:0042B2E0 8B5360
:0042B2E3 894208
:0042B2E6 895014
:0042B2E9 897004

jne 0042B299
mov eax, esi
call 0042310C

push eax
push eax
mov ecx, edi
call 0040C1B4
push esi
mov ecx, 00000004
repz
movsd
pop esi
mov edx, esi
mov eax, ebx
mov eax, esi
call 00422B78
mov ecx, ebx
mov dl, 01
call 0042AA1C
:0042B2EC E91B010000
jmp 0042B40C

|:0042B245(C)
|
:0042B2F1 8A45FF
:0042B2F4 84C0
test al, al
:0042B2F6 7404
je 0042B2FC
:0042B2F8 2C05
sub al, 05
:0042B2FA 7504
jne 0042B300
|:0042B2F6(C)
|
:0042B2FC C645FF04
mov [ebp-01], 04
|:0042B2FA(C)
|
:0042B300 8BD6
:0042B302 8BC3
:0042B309 85C0
:0042B30B 7409
:0042B30D 8BD0
:0042B30F 8BC3
:0042B311 E8320D0000
|:0042B30B(C)
|
:0042B316 8B5508
:0042B319 8BC3
:0042B31B E8F0FDFFFF
:0042B320 8945F8
:0042B323 33C0
:0042B325 8A45FF
:0042B328 8A8008274400
:0042B32E 8845F7
:0042B331 8B4360
:0042B334 E807F7FFFF
:0042B339 48
:0042B33A 7564
:0042B33C 8B7B60
:0042B33F 8A45F7
:0042B342 884710
:0042B345 8A45F7
:0042B348 FEC8
:0042B34A 7406
:0042B34C FEC8
:0042B34E 742A
:0042B350 EB4E
|:0042B34A(C)
|
:0042B352 8B4708
:0042B355 BA02000000
:0042B35A E8F1F7FFFF
:0042B35F 8B5360
mov edx, esi

mov eax, ebx
call 0042B110
test eax, eax
je 0042B316
mov edx, eax
mov eax, ebx
call 0042C048

mov eax, ebx
call 0042B110
xor eax, eax
call 0042AA40
dec eax
jne 0042B3A0
dec al
je 0042B352
dec al
je 0042B37A
jmp 0042B3A0

mov edx, 00000002
call 0042AB50
:0042B362
:0042B365
:0042B368
:0042B36B
:0042B370
:0042B375
:0042B378
894220
8B4360
8B4008
BA01000000
E8DBF7FFFF
894364
EB26
|:0042B34E(C)
|
:0042B37A 8B4708
:0042B37D BA01000000
:0042B382 E8C9F7FFFF
:0042B387 8B5360
:0042B38A 894220
:0042B38D 8B4360
:0042B390 8B4008
:0042B393 BA02000000
:0042B398 E8B3F7FFFF
:0042B39D 894364

mov edx, 00000001
call 0042AB50
jmp 0042B3A0
mov edx, 00000001
call 0042AB50
mov edx, 00000002
call 0042AB50

|:0042B33A(C), :0042B350(U), :0042B378(U)
|
:0042B3A0 8BCB
mov ecx, ebx
:0042B3A2 B201
mov dl, 01
:0042B3A4 A190014200
:0042B3A9 E86EF6FFFF
call 0042AA1C
:0042B3AE 897004
:0042B3B1 837DF800
:0042B3B5 740B
je 0042B3C2
:0042B3B7 8B55F8
:0042B3BA 8B5214
:0042B3BD 8A5210
:0042B3C0 EB06
jmp 0042B3C8
|:0042B3B5(C)
|
:0042B3C2 8B5360
:0042B3C5 8A5210
|:0042B3C0(U)
|
:0042B3C8 807DF700
:0042B3CC 7503
:0042B3CE 8855F7
|:0042B3CC(C)
|
:0042B3D1 3A55F7
:0042B3D4 751A
:0042B3D6 33D2
:0042B3D8 8A55FF
:0042B3DB 8A9210274400
:0042B3E1 52
:0042B3E2 8B4DF8

jne 0042B3D1
cmp dl, byte ptr [ebp-09]

jne 0042B3F0
xor edx, edx
push edx
:0042B3E5
:0042B3E7
:0042B3E9
:0042B3EE
8BD0
8BC3
E8BA010000
EB1C
|:0042B3D4(C)
|
:0042B3F0 8A55F7
:0042B3F3 52
:0042B3F4 33D2
:0042B3F6 8A55FF
:0042B3F9 8A9210274400
:0042B3FF 52
:0042B400 8B4DF8
:0042B403 8BD0
:0042B405 8BC3
:0042B407 E814000000
mov edx, eax

mov eax, ebx
call 0042B5A8
jmp 0042B40C
push edx
xor edx, edx
push edx
mov edx, eax
mov eax, ebx
call 0042B420

|:0042B239(U), :0042B2EC(U), :0042B3EE(U)
|
:0042B40C 8B4314
:0042B40F 8B10
:0042B411 FF5278
call [edx+78]
|:0042B224(C)
|
:0042B414 5F
pop edi
:0042B415 5E
pop esi
:0042B416 5B
pop ebx
:0042B417 8BE5
mov esp, ebp
:0042B419 5D
pop ebp
:0042B41A C20400
ret 0004
:0042B41D 8D4000

|:0042B407
|
:0042B420 55
push ebp
:0042B421 8BEC
mov ebp, esp
:0042B423 51
push ecx
:0042B424 53
push ebx
:0042B425 56
push esi
:0042B426 57
push edi
:0042B427 8BF9
mov edi, ecx
:0042B429 8955FC
:0042B42C 8BF0
mov esi, eax
:0042B42E 8BCE
mov ecx, esi
:0042B430 B201
mov dl, 01
:0042B432 A190014200
:0042B437 E8E0F5FFFF
call 0042AA1C
:0042B43C 8BD8
mov ebx, eax
:0042B43E 8A450C
:0042B441 884310
:0042B444 85FF
test edi, edi
:0042B446 0F85CF000000
jne 0042B51B
:0042B44C
:0042B44F
:0042B452
:0042B455
:0042B458
:0042B45B
:0042B45E
:0042B461
:0042B463
:0042B466
:0042B46D
:0042B471
:0042B473
:0042B476
:0042B479
:0042B47C
:0042B47F
:0042B482
:0042B485
:0042B488
:0042B48B
:0042B48E
:0042B491
:0042B494
:0042B495
:0042B49A
:0042B49D
:0042B49F
:0042B4A4
8B4664
894320
8B4660
8B4020
894664
8A450C
884644
33C0
89463C
C746400000E03F
807D0800
7433
8B4660
894308
8B4660
895814
8B55FC
89500C
8B55FC
894218
8B45FC
895814
895E60
56
6880C34200
8B5308
8BC6
E8D0FCFFFF
EB64
|:0042B471(C)
|
:0042B4A6 8B45FC
:0042B4A9 894308
:0042B4AC 8B4660
:0042B4AF 895814
:0042B4B2 8B55FC
:0042B4B5 895018
:0042B4B8 8B55FC
:0042B4BB 89420C
:0042B4BE 8B45FC
:0042B4C1 895814
:0042B4C4 895E60
:0042B4C7 56
:0042B4C8 6880C34200
:0042B4CD 8B5308
:0042B4D0 8BC6
:0042B4D2 E89DFCFFFF
:0042B4D7 8B4660
:0042B4DA 8B4020
:0042B4DD D1F8
:0042B4DF 7903
:0042B4E1 83D000

xor eax, eax
mov [esi+40], 3FE00000
je 0042B4A6
push esi
push 0042C380
mov eax, esi
call 0042B174
jmp 0042B50A
push esi
push 0042C380
mov eax, esi
call 0042B174
sar eax, 1
jns 0042B4E4
adc eax, 00000000

|:0042B4DF(C)
|
:0042B4E4 894648
:0042B4E7 56
push esi
:0042B4E8
:0042B4ED
:0042B4F0
:0042B4F2
:0042B4F7
:0042B4FA
:0042B4FD
:0042B4FF
:0042B501
68D4C64200
8B5308
8BC6
E87DFCFFFF
8B4660
8B4020
D1F8
7903
83D000
push 0042C6D4
mov eax, esi
call 0042B174
sar eax, 1
jns 0042B504
adc eax, 00000000

|:0042B4FF(C)
|
:0042B504 8B55FC
:0042B507 894220
|:0042B4A4(U)
|
:0042B50A 56
:0042B50B 68DCC74200
:0042B510 33D2
:0042B512 8BC6
:0042B514 E85BFCFFFF
:0042B519 EB6D

push esi
push 0042C7DC
xor edx, edx
mov eax, esi
call 0042B174
jmp 0042B588

|:0042B446(C)
|
:0042B51B 8B4720
:0042B51E 894320
:0042B521 8B4714
:0042B524 894314
:0042B527 8B4718
:0042B52A 894318
:0042B52D 85C0
test eax, eax
:0042B52F 7403
je 0042B534
:0042B531 89580C
|:0042B52F(C)
|
:0042B534 8B470C
:0042B537 89430C
:0042B53A 85C0
test eax, eax
:0042B53C 7403
je 0042B541
:0042B53E 895818
|:0042B53C(C)
|
:0042B541 8B4314
:0042B544 3B7808
:0042B547 7503
jne 0042B54C
:0042B549 895808
|:0042B547(C)
|
:0042B54C 8B45FC
:0042B54F
:0042B552
:0042B555
:0042B559
:0042B55B
:0042B55E
:0042B560
:0042B563
:0042B566
:0042B569
:0042B56C
:0042B56F
895814
895F14
807D0800
7416
897B08
33C0
894718
8B45FC
89470C
8B45FC
897818
EB17

je 0042B571
xor eax, eax
jmp 0042B588

|:0042B559(C)
|
:0042B571 8B45FC
:0042B574 894308
:0042B577 8B45FC
:0042B57A 894718
:0042B57D 33C0
xor eax, eax
:0042B57F 89470C
:0042B582 8B45FC
:0042B585 89780C
|:0042B519(U), :0042B56F(U)
|
:0042B588 8BC3
:0042B58A E869F6FFFF
:0042B58F 56
:0042B590 68DCC74200
:0042B595 33D2
:0042B597 8BC6
:0042B599 E8D6FBFFFF
:0042B59E 5F
:0042B59F 5E
:0042B5A0 5B
:0042B5A1 59
:0042B5A2 5D
:0042B5A3 C20800
:0042B5A6 8BC0
mov eax, eax
mov eax, ebx

call 0042ABF8
push esi
push 0042C7DC
xor edx, edx
mov eax, esi
call 0042B174
pop edi
pop esi
pop ebx
pop ecx
pop ebp
ret 0008

|:0042B3E9
|
:0042B5A8 55
push ebp
:0042B5A9 8BEC
mov ebp, esp
:0042B5AB 53
push ebx
:0042B5AC 8B5D08
:0042B5AF 85C9
test ecx, ecx
:0042B5B1 7515
jne 0042B5C8
:0042B5B3 8B4060
:0042B5B6 8B4808
:0042B5B9 84DB
test bl, bl
:0042B5BB 740B
je 0042B5C8
:0042B5BD EB02
jmp 0042B5C1

|:0042B5C6(C)
|
:0042B5BF 8BC8
mov ecx, eax
|:0042B5BD(U)
|
:0042B5C1 8B410C
mov eax, dword ptr [ecx+0C]
:0042B5C4 85C0
test eax, eax
:0042B5C6 75F7
jne 0042B5BF
|:0042B5B1(C), :0042B5BB(C)
|
:0042B5C8 84DB
:0042B5CA 741B
:0042B5CC 8B4114
:0042B5CF 894214
:0042B5D2 894A18
:0042B5D5 8B410C
:0042B5D8 89420C
:0042B5DB 85C0
:0042B5DD 7403
:0042B5DF 895018

test bl, bl
je 0042B5E7
mov eax, dword ptr [ecx+0C]
test eax, eax
je 0042B5E2

|:0042B5DD(C)
|
:0042B5E2 89510C
mov dword ptr [ecx+0C], edx
:0042B5E5 EB21
jmp 0042B608
|:0042B5CA(C)
|
:0042B5E7 894A0C
:0042B5EA 8B4118
:0042B5ED 894218
:0042B5F0 85C0
test eax, eax
:0042B5F2 7403
je 0042B5F7
:0042B5F4 89500C
|:0042B5F2(C)
|
:0042B5F7 895118
:0042B5FA 8B4114
:0042B5FD 894214
:0042B600 3B4808
:0042B603 7503
jne 0042B608
:0042B605 895008
|:0042B5E5(U), :0042B603(C)
|
:0042B608 8B4114
:0042B60B E8E8F5FFFF
:0042B610 5B
:0042B611 5D
:0042B612 C20400

call 0042ABF8
pop ebx
pop ebp
ret 0004
:0042B615 8D4000

|:0042B7F8 , :0042B814 , :0042B870
|
:0042B618 55
push ebp
:0042B619 8BEC
mov ebp, esp
:0042B61B 53
push ebx
:0042B61C 56
push esi
:0042B61D 57
push edi
:0042B61E 8BD8
mov ebx, eax
:0042B620 8B4B14
:0042B623 80791001
:0042B627 753A
jne 0042B663
:0042B629 8B4508
:0042B62C 8B40FC
:0042B62F 8B4004
:0042B632 8B5320
:0042B635 3BC2
cmp eax, edx
:0042B637 7F2A
jg 0042B663
:0042B639 8B4D08
:0042B63C 8B49FC
:0042B63F 8B4D08
:0042B642 8B49F8
:0042B645 2B510C
sub edx, dword ptr [ecx+0C]
:0042B648 3BC2
cmp eax, edx
:0042B64A 7C17
jl 0042B663
:0042B64C 8B4508
:0042B64F 8B40F4
:0042B652 C70012000000
:0042B658 8B4508
:0042B65B 8958F0
:0042B65E E97F010000
jmp 0042B7E2
|:0042B627(C), :0042B637(C), :0042B64A(C)
|
:0042B663 8B4B14
:0042B666 80791002
:0042B66A 7539
jne 0042B6A5
:0042B66C 8B4508
:0042B66F 8B40FC
:0042B672 8B00
:0042B674 8B5320
:0042B677 3BC2
cmp eax, edx
:0042B679 7F2A
jg 0042B6A5
:0042B67B 8B4D08
:0042B67E 8B49FC
:0042B681 8B4D08
:0042B684 8B49F8
:0042B687 2B510C
sub edx, dword ptr [ecx+0C]
:0042B68A 3BC2
cmp eax, edx
:0042B68C 7C17
jl 0042B6A5
:0042B68E 8B4508
:0042B691 8B40F4
:0042B694 C70012000000
:0042B69A 8B4508
:0042B69D 8958F0
:0042B6A0 E93D010000
jmp 0042B7E2

|:0042B66A(C), :0042B679(C), :0042B68C(C)
|
:0042B6A5 837B0400
:0042B6A9 0F8433010000
je 0042B7E2
:0042B6AF BA01000000
mov edx, 00000001
:0042B6B4 8BC3
mov eax, ebx
:0042B6B6 E829F4FFFF
call 0042AAE4
:0042B6BB 8BF0
mov esi, eax
:0042B6BD BA02000000
mov edx, 00000002
:0042B6C2 8BC3
mov eax, ebx
:0042B6C4 E81BF4FFFF
call 0042AAE4
:0042B6C9 8BF8
mov edi, eax
:0042B6CB 8B4508
:0042B6CE 8B40F8
:0042B6D1 80781C00
:0042B6D5 0F848E000000
je 0042B769
:0042B6DB 8B4508
:0042B6DE 8B40FC
:0042B6E1 3B7004
:0042B6E4 0F8FF8000000
jg 0042B7E2
:0042B6EA 8B4508
:0042B6ED 8B40FC
:0042B6F0 8B4004
:0042B6F3 8B5508
:0042B6F6 8B52F8
:0042B6F9 037218
add esi, dword ptr [edx+18]
:0042B6FC 3BC6
cmp eax, esi
:0042B6FE 0F8FDE000000
jg 0042B7E2
:0042B704 8B4508
:0042B707 8B40FC
:0042B70A 3B38
cmp edi, dword ptr [eax]
:0042B70C 0F8FD0000000
jg 0042B7E2
:0042B712 BA02000000
mov edx, 00000002
:0042B717 8BC3
mov eax, ebx
:0042B719 E832F4FFFF
call 0042AB50
:0042B71E 03F8
add edi, eax
:0042B720 8B4508
:0042B723 8B40FC
:0042B726 3B38
:0042B728 0F8CB4000000
jl 0042B7E2
:0042B72E 8B4508
:0042B731 8958F0
:0042B734 8B4304
:0042B737 8B5030
:0042B73A 035038
:0042B73D 83EA0F
sub edx, 0000000F
:0042B740 8B4508
:0042B743 8B40FC
:0042B746 3B10
cmp edx, dword ptr [eax]
:0042B748 7D11
jge 0042B75B
:0042B74A 8B4508
:0042B74D 8B40F4
:0042B750 C70014000000
:0042B756 E987000000
jmp 0042B7E2
|:0042B748(C)
|
:0042B75B
:0042B75E
:0042B761
:0042B767
8B4508
8B40F4
C70002000000
EB79
mov
mov
mov
jmp

eax, dword ptr [eax-0C]
dword ptr [eax], 00000002
0042B7E2
|:0042B6D5(C)
|
:0042B769 8B4508
:0042B76C 8B40FC
:0042B76F 3B38
:0042B771 7F6F
:0042B773 8B4508
:0042B776 8B40FC
:0042B779 8B00
:0042B77B 8B5508
:0042B77E 8B52F8
:0042B781 037A18
:0042B784 3BC7
:0042B786 7F5A
:0042B788 8B4508
:0042B78B 8B40FC
:0042B78E 3B7004
:0042B791 7F4F
:0042B793 BA01000000
:0042B798 8BC3
:0042B79A E8B1F3FFFF
:0042B79F 03F0
:0042B7A1 8B4508
:0042B7A4 8B40FC
:0042B7A7 3B7004
:0042B7AA 7C36
:0042B7AC 8B4508
:0042B7AF 8958F0
:0042B7B2 8B4508
:0042B7B5 8B40FC
:0042B7B8 8B4004
:0042B7BB 8B5304
:0042B7BE 8B5234
:0042B7C1 83C20F
:0042B7C4 3BC2
:0042B7C6 7D0E
:0042B7C8 8B4508
:0042B7CB 8B40F4
:0042B7CE C70014000000
:0042B7D4 EB0C
|:0042B7C6(C)
|
:0042B7D6 8B4508
:0042B7D9 8B40F4
:0042B7DC C70002000000

jg 0042B7E2
add edi, dword ptr [edx+18]
cmp eax, edi
jg 0042B7E2
jg 0042B7E2
mov edx, 00000001
mov eax, ebx
call 0042AB50
add esi, eax
jl 0042B7E2
add edx, 0000000F
cmp eax, edx
jge 0042B7D6
jmp 0042B7E2


|:0042B65E(U), :0042B6A0(U), :0042B6A9(C), :0042B6E4(C), :0042B6FE(C)
|:0042B70C(C), :0042B728(C), :0042B756(U), :0042B767(U), :0042B771(C)
|:0042B786(C), :0042B791(C), :0042B7AA(C), :0042B7D4(U)
|
:0042B7E2
:0042B7E5
:0042B7E9
:0042B7EB
:0042B7EF
:0042B7F1
:0042B7F4
:0042B7F5
:0042B7F8
:0042B7FD
8B4508
8378F000
7513
837B0C00
740D
8B4508
50
8B430C
E81BFEFFFF
59

jne 0042B7FE
je 0042B7FE
push eax
call 0042B618
pop ecx
|:0042B7E9(C), :0042B7EF(C)
|
:0042B7FE 8B4508
:0042B801 8378F000
:0042B805 7513
:0042B807 837B0800
:0042B80B 740D
:0042B80D 8B4508
:0042B810 50
:0042B811 8B4308
:0042B814 E8FFFDFFFF
:0042B819 59
|:0042B805(C), :0042B80B(C)
|
:0042B81A 5F
:0042B81B 5E
:0042B81C 5B
:0042B81D 5D
:0042B81E C3
:0042B81F 90
nop

jne 0042B81A
je 0042B81A
push eax
call 0042B618
pop ecx
pop
pop
pop
pop
ret
edi
esi
ebx
ebp

|:0042B200 , :0042CA36 , :0042CBE4 , :0042CC33 , :0042CCC8
|:0042CD7D
|
:0042B820 55
push ebp
:0042B821 8BEC
mov ebp, esp
:0042B823 83C4F0
add esp, FFFFFFF0
:0042B826 53
push ebx
:0042B827 894DF4
:0042B82A 8955FC
:0042B82D 8945F8
:0042B830 33C0
xor eax, eax
:0042B832 8945F0
:0042B835 8B45F4
:0042B838 33D2
xor edx, edx
:0042B83A 8910
:0042B83C 8B45F8
:0042B83F 8B5860
:0042B842 837B0800
:0042B846 742E
je 0042B876
:0042B848 8BC3
mov eax, ebx
:0042B84A E8F1F1FFFF
call 0042AA40
:0042B84F 48
dec eax
:0042B850
:0042B852
:0042B855
:0042B858
:0042B85B
:0042B85D
:0042B862
:0042B864
:0042B866
:0042B867
:0042B86A
:0042B86D
:0042B870
:0042B875
7C24
8B55FC
8B45F8
8B4014
33C9
E822B0FFFF
85C0
7510
55
8B45F8
8B4060
8B4008
E8A3FDFFFF
59
jl 0042B876
mov edx, dword
mov eax, dword
mov eax, dword
xor ecx, ecx
call 00426884
test eax, eax
jne 0042B876
push ebp
mov eax, dword
mov eax, dword
mov eax, dword
call 0042B618
pop ecx
ptr [ebp-04]
ptr [ebp-08]
ptr [eax+14]
ptr [ebp-08]
ptr [eax+60]
ptr [eax+08]

|:0042B846(C), :0042B850(C), :0042B864(C)
|
:0042B876 8B45F0
:0042B879 5B
pop ebx
:0042B87A 8BE5
mov esp, ebp
:0042B87C 5D
pop ebp
:0042B87D C3
ret
:0042B87E 8BC0
mov eax, eax

|:0042B942 , :0042B9F9
|
:0042B880 55
push ebp
:0042B881 8BEC
mov ebp, esp
:0042B883 51
push ecx
:0042B884 53
push ebx
:0042B885 56
push esi
:0042B886 8BD8
mov ebx, eax
:0042B888 8BC3
mov eax, ebx
:0042B88A E8297FFDFF
call 004037B8
:0042B88F 8D55FC
:0042B892 8B4508
:0042B895 8B40FC
:0042B898 B904000000
mov ecx, 00000004
:0042B89D 8B30
:0042B89F FF5604
call [esi+04]
:0042B8A2 837DFC00
:0042B8A6 7E1A
jle 0042B8C2
:0042B8A8 8BC3
mov eax, ebx
:0042B8AA 8B55FC
:0042B8AD E85684FDFF
call 00403D08
:0042B8B2 8B13
:0042B8B4 8B4508
:0042B8B7 8B40FC
:0042B8BA 8B4DFC
:0042B8BD 8B18
:0042B8BF FF5304
call [ebx+04]
|:0042B8A6(C)
|
:0042B8C2 5E
pop esi
:0042B8C3
:0042B8C4
:0042B8C5
:0042B8C6
5B
59
5D
C3
pop ebx
pop ecx
pop ebp
ret
:0042B8C7
:0042B8C8
:0042B8C9
:0042B8CB
:0042B8CE
:0042B8CF
:0042B8D0
:0042B8D1
:0042B8D3
:0042B8D6
:0042B8D9
:0042B8DC
:0042B8DE
:0042B8DF
:0042B8E4
:0042B8E7
:0042B8EA
:0042B8ED
:0042B8F0
:0042B8F3
:0042B8F8
:0042B8FB
:0042B900
:0042B902
:0042B903
:0042B908
:0042B90B
:0042B90E
:0042B911
:0042B916
:0042B919
:0042B91B
:0042B91E
:0042B921
:0042B926
:0042B929
:0042B92B
:0042B92E
:0042B931
:0042B932
:0042B934
:0042B936
:0042B937
90
55
8BEC
83C4E0
53
56
57
33C9
894DF4
8955FC
8945F8
33C0
55
68B3BA4200
64FF30
648920
8B45F8
8B5060
8B45F8
E8C8060000
8B45F8
E8A0F7FFFF
33D2
55
6896BA4200
64FF32
648922
8D55E4
B904000000
8B45FC
8B18
FF5304
8D55E0
B904000000
8B45FC
8B18
FF5304
8B75E0
4E
85F6
7C55
46
C745E400000000
nop
push ebp
mov ebp, esp
add esp, FFFFFFE0
push ebx
push esi
push edi
xor ecx, ecx
xor eax, eax
push ebp
push 0042BAB3
call 0042BFC0
call 0042B0A0
xor edx, edx
push ebp
push 0042BA96
mov ecx, 00000004
call [ebx+04]
mov ecx, 00000004
call [ebx+04]
dec esi
test esi, esi
jl 0042B98B
inc esi
mov [ebp-1C], 00000000
|:0042B989(C)
|
:0042B93E 55
:0042B93F 8D45F4
:0042B947 59
:0042B948 837DF400
:0042B94C 7437
:0042B94E 8D4DF0

push ebp
call 0042B880
pop ecx
je 0042B985
:0042B951
:0042B954
:0042B957
:0042B95A
:0042B95E
:0042B963
:0042B967
:0042B969
:0042B96B
:0042B96E
:0042B973
:0042B975
:0042B978
:0042B97B
:0042B97D
:0042B980
8B45F8
8B4014
8B55F4
66BBBEFF
E89174FDFF
837DF000
741C
33D2
8B45F0
E82177FFFF
6A00
8B45F8
8B5014
33C9
8B45F0
E89B83FFFF

mov bx, FFBE
call 00402DF4
je 0042B985
xor edx, edx
call 00423094
push 00000000
xor ecx, ecx
call 00423D20
|:0042B94C(C), :0042B967(C)
|
:0042B985 FF45E4
:0042B988 4E
:0042B989 75B3
|:0042B934(C)
|
:0042B98B 8B45F8
:0042B98E 8D5064
:0042B991 B904000000
:0042B996 8B45FC
:0042B999 8B18
:0042B99B FF5304
:0042B99E 33C0
:0042B9A0 8945E8
:0042B9A3 33F6
|:0042BA7B(U)
|
:0042B9A5 8D55EC
:0042B9A8 B904000000
:0042B9AD 8B45FC
:0042B9B0 8B18
:0042B9B2 FF5304
:0042B9B5 8B45EC
:0042B9B8 3B0518274400
:0042B9BE 0F84BC000000
:0042B9C4 8B4DF8
:0042B9C7 B201
:0042B9C9 A190014200
:0042B9CE E849F0FFFF
:0042B9D3 8BD8
:0042B9D5 8D5310
:0042B9D8 B901000000
:0042B9DD 8B45FC
:0042B9E0 8B38
:0042B9E2 FF5704
:0042B9E5 8D5320
:0042B9E8 B904000000
inc [ebp-1C]
dec esi
jne 0042B93E

mov ecx, 00000004
call [ebx+04]
xor eax, eax
xor esi, esi
lea edx, dword ptr

mov ecx, 00000004
mov eax, dword ptr
mov ebx, dword ptr
call [ebx+04]
mov eax, dword ptr
cmp eax, dword ptr
je 0042BA80
mov ecx, dword ptr
mov dl, 01
mov eax, dword ptr
call 0042AA1C
mov ebx, eax
lea edx, dword ptr
mov ecx, 00000001
mov eax, dword ptr
mov edi, dword ptr
call [edi+04]
lea edx, dword ptr
mov ecx, 00000004
[ebp-14]
[ebp-04]
[eax]
[ebp-14]
[00442718]
[ebp-08]
[00420190]
[ebx+10]
[ebp-04]
[eax]
[ebx+20]
:0042B9ED
:0042B9F0
:0042B9F2
:0042B9F5
:0042B9F6
:0042B9F9
:0042B9FE
:0042B9FF
:0042BA03
:0042BA05
:0042BA08
:0042BA0A
8B45FC
8B38
FF5704
55
8D45F4
E882FEFFFF
59
837DF400
740A
8B55F4
8BC3
E8E5F2FFFF
|:0042BA03(C)
|
:0042BA0F 837DEC00
:0042BA13 7508
:0042BA15 8B45F8
:0042BA18 895860
:0042BA1B EB56

call [edi+04]
push ebp
call 0042B880
pop ecx
je 0042BA0F
mov eax, ebx
call 0042ACF4
cmp
jne
mov
mov
jmp
dword ptr [ebp-14], 00000000

0042BA1D
dword ptr [eax+60], ebx
0042BA73

|:0042BA13(C)
|
:0042BA1D 8B45EC
:0042BA20 3B45E8
:0042BA23 750E
jne 0042BA33
:0042BA25 895E0C
:0042BA28 897318
:0042BA2B 8B4614
:0042BA2E 894314
:0042BA31 EB40
jmp 0042BA73
|:0042BA23(C)
|
:0042BA33 8B45EC
:0042BA36 3B45E8
:0042BA39 7E08
jle 0042BA43
:0042BA3B 895E08
:0042BA3E 897314
:0042BA41 EB30
jmp 0042BA73
|:0042BA39(C)
|
:0042BA43 8B45EC
:0042BA46 3B45E8
:0042BA49 7D28
:0042BA4B 8BC6
:0042BA4D 8B75E8
:0042BA50 2B75EC
:0042BA53 85F6
:0042BA55 7E10
:0042BA57 C745E401000000

jge 0042BA73
mov eax, esi
test esi, esi
jle 0042BA67
mov [ebp-1C], 00000001

|:0042BA65(C)
|
:0042BA5E
:0042BA61
:0042BA64
:0042BA65
8B4014
FF45E4
4E
75F7
mov
inc
dec
jne

[ebp-1C]
esi
0042BA5E

|:0042BA55(C)
|
:0042BA67 89580C
:0042BA6A 894318
:0042BA6D 8B4014
:0042BA70 894314
|:0042BA1B(U), :0042BA31(U), :0042BA41(U), :0042BA49(C)
|
:0042BA73 8B45EC
:0042BA76 8945E8
:0042BA79 8BF3
mov esi, ebx
:0042BA7B E925FFFFFF
jmp 0042B9A5
|:0042B9BE(C)
|
:0042BA80 33C0
:0042BA82 5A
:0042BA83 59
:0042BA84 59
:0042BA85 648910
:0042BA88 689DBA4200
|:0042BA9B(U)
|
:0042BA8D 8B45F8
:0042BA90 E80FF6FFFF
:0042BA95 C3
:0042BA96
:0042BA9B
:0042BA9D
:0042BA9F
:0042BAA0
:0042BAA1
:0042BAA2
jmp
jmp
xor
pop
pop
pop
mov
E9DD77FDFF
EBF0
33C0
5A
59
59
648910
xor eax, eax

pop edx
pop ecx
pop ecx
push 0042BA9D

call 0042B0A4
ret
00403278
0042BA8D
eax, eax
edx
ecx
ecx

|
:0042BAA5 68BABA4200
push 0042BABA
|:0042BAB8(U)
|
:0042BAAA 8D45F4
:0042BAAD E8067DFDFF
:0042BAB2 C3
:0042BAB3 E9C077FDFF
jmp 00403278

call 004037B8
ret
:0042BAB8
:0042BABA
:0042BABB
:0042BABC
:0042BABD
:0042BABF
:0042BAC0
EBF0
5F
5E
5B
8BE5
5D
C3
:0042BAC1 8D4000
jmp
pop
pop
pop
mov
pop
ret
0042BAAA
edi
esi
ebx
esp, ebp
ebp

|:0042BC44 , :0042BC5A , :0042BC92 , :0042BCA8
|
:0042BAC4 55
push ebp
:0042BAC5 8BEC
mov ebp, esp
:0042BAC7 53
push ebx
:0042BAC8 56
push esi
:0042BAC9 57
push edi
:0042BACA 8BD8
mov ebx, eax
:0042BACC 8B7D08
mov edi, dword ptr
:0042BACF 83C7EC
add edi, FFFFFFEC
:0042BAD2 8B7508
mov esi, dword ptr
:0042BAD5 83C6FC
add esi, FFFFFFFC
:0042BAD8 8B06
mov eax, dword ptr
:0042BADA 8B4010
mov eax, dword ptr
:0042BADD BA14000080
mov edx, 80000014
:0042BAE2 E8C189FEFF
call 004144A8
:0042BAE7 84DB
test bl, bl
:0042BAE9 745F
je 0042BB4A
:0042BAEB 8B4F04
mov ecx, dword ptr
:0042BAEE 8B17
mov edx, dword ptr
:0042BAF0 83C202
add edx, 00000002
:0042BAF3 8B06
mov eax, dword ptr
:0042BAF5 E8D290FEFF
call 00414BCC
:0042BAFA 8B4F04
mov ecx, dword ptr
:0042BAFD 8B17
mov edx, dword ptr
:0042BAFF 8B06
mov eax, dword ptr
:0042BB01 E86690FEFF
call 00414B6C
:0042BB06 8B4F0C
mov ecx, dword ptr
:0042BB09 41
inc ecx
:0042BB0A 8B17
mov edx, dword ptr
:0042BB0C 8B06
mov eax, dword ptr
:0042BB0E E85990FEFF
call 00414B6C
:0042BB13 8B06
mov eax, dword ptr
:0042BB15 8B4010
mov eax, dword ptr
:0042BB18 BA10000080
mov edx, 80000010
:0042BB1D E88689FEFF
call 004144A8
:0042BB22 8B4F04
mov ecx, dword ptr
:0042BB25 8B5708
mov edx, dword ptr
:0042BB28 8B06
mov eax, dword ptr
:0042BB2A E89D90FEFF
call 00414BCC
:0042BB2F 8B4F0C
mov ecx, dword ptr
:0042BB32 8B5708
mov edx, dword ptr
:0042BB35 8B06
mov eax, dword ptr
:0042BB37 E83090FEFF
call 00414B6C
:0042BB3C 8B4F0C
mov ecx, dword ptr
:0042BB3F 8B17
mov edx, dword ptr
:0042BB41 8B06
mov eax, dword ptr
:0042BB43 E82490FEFF
call 00414B6C
[ebp+08]
[ebp+08]
[esi]
[eax+10]
[edi+04]
[edi]
[esi]
[edi+04]
[edi]
[esi]
[edi+0C]
[edi]
[esi]
[esi]
[eax+10]
[edi+04]
[edi+08]
[esi]
[edi+0C]
[edi+08]
[esi]
[edi+0C]
[edi]
[esi]
:0042BB48 EB5E
jmp 0042BBA8
|:0042BAE9(C)
|
:0042BB4A 8B4F04
:0042BB4D 83C102
:0042BB50 8B17
:0042BB52 8B06
:0042BB54 E87390FEFF
:0042BB59 8B4F04
:0042BB5C 8B17
:0042BB5E 8B06
:0042BB60 E80790FEFF
:0042BB65 8B4F04
:0042BB68 8B5708
:0042BB6B 42
:0042BB6C 8B06
:0042BB6E E8F98FFEFF
:0042BB73 8B06
:0042BB75 8B4010
:0042BB78 BA10000080
:0042BB7D E82689FEFF
:0042BB82 8B4F0C
:0042BB85 8B17
:0042BB87 8B06
:0042BB89 E83E90FEFF
:0042BB8E 8B4F0C
:0042BB91 8B5708
:0042BB94 8B06
:0042BB96 E8D18FFEFF
:0042BB9B 8B4F04
:0042BB9E 8B5708
:0042BBA1 8B06
:0042BBA3 E8C48FFEFF

mov ecx, dword ptr
add ecx, 00000002
mov edx, dword ptr
mov eax, dword ptr
call 00414BCC
mov ecx, dword ptr
mov edx, dword ptr
mov eax, dword ptr
call 00414B6C
mov ecx, dword ptr
mov edx, dword ptr
inc edx
mov eax, dword ptr
call 00414B6C
mov eax, dword ptr
mov eax, dword ptr
mov edx, 80000010
call 004144A8
mov ecx, dword ptr
mov edx, dword ptr
mov eax, dword ptr
call 00414BCC
mov ecx, dword ptr
mov edx, dword ptr
mov eax, dword ptr
call 00414B6C
mov ecx, dword ptr
mov edx, dword ptr
mov eax, dword ptr
call 00414B6C
[edi+04]
[edi]
[esi]
[edi+04]
[edi]
[esi]
[edi+04]
[edi+08]
[esi]
[esi]
[eax+10]
[edi+0C]
[edi]
[esi]
[edi+0C]
[edi+08]
[esi]
[edi+04]
[edi+08]
[esi]

|:0042BB48(U)
|
:0042BBA8 5F
pop edi
:0042BBA9 5E
pop esi
:0042BBAA 5B
pop ebx
:0042BBAB 5D
pop ebp
:0042BBAC C3
ret
:0042BBAD 8D4000

|:0042BC63 , :0042BCB1
|
:0042BBB0 55
push ebp
:0042BBB1 8BEC
mov ebp, esp
:0042BBB3 53
push ebx
:0042BBB4 8B5D08
:0042BBB7 83C3EC
add ebx, FFFFFFEC
:0042BBBA 84C0
test al, al
:0042BBBC 7416
je 0042BBD4
:0042BBBE 832B05
sub dword ptr [ebx], 00000005
:0042BBC1 83430803
add dword ptr [ebx+08], 00000003
:0042BBC5
:0042BBC8
:0042BBCB
:0042BBCE
:0042BBD2
8B4304
83E803
89430C
836B040F
EB14
mov
sub
mov
sub
jmp

eax, 00000003
dword ptr [ebx+04], 0000000F
0042BBE8
|:0042BBBC(C)
|
:0042BBD4 836B0405
:0042BBD8 83430C03
:0042BBDC 8B4308
:0042BBDF 83C003
:0042BBE2 8903
:0042BBE4 8343080F
|:0042BBD2(U)
|
:0042BBE8 6A00
:0042BBEA 6A01
:0042BBEC 53
:0042BBED 8B4508
:0042BBF0 8B40FC
:0042BBF3 E86892FEFF
:0042BBF8 50
sub
add
mov
add
mov
add
dword ptr [ebx+04], 00000005

dword ptr [ebx+0C], 00000003
eax, 00000003
dword ptr [ebx], eax
dword ptr [ebx+08], 0000000F
push 00000000
push 00000001
push ebx
call 00414E60
push eax
* Reference To: user32.DrawFrameControl, Ord:0000h

|
:0042BBF9 E8A2A4FDFF
Call 004060A0
:0042BBFE 5B
pop ebx
:0042BBFF 5D
pop ebp
:0042BC00 C3
ret
:0042BC01
:0042BC04
:0042BC05
:0042BC07
:0042BC0A
:0042BC0B
:0042BC0C
:0042BC0F
:0042BC12
:0042BC15
:0042BC18
:0042BC19
:0042BC1B
:0042BC1D
:0042BC20
:0042BC21
:0042BC22
:0042BC25
:0042BC26
:0042BC28
:0042BC2B
:0042BC2D
:0042BC30
:0042BC33
:0042BC36
8D4000
55
8BEC
83C4EC
53
56
8955FC
8B5D08
8B4014
8A404B
48
2C02
734E
8B430C
40
50
8D45EC
50
8B33
83C602
8BCE
83C102
8B5304
83C202
8BC6

push ebp
mov ebp, esp
add esp, FFFFFFEC
push ebx
push esi
dec eax
sub al, 02
jnb 0042BC6B
inc eax
push eax
push eax
mov esi, dword ptr [ebx]
add esi, 00000002
mov ecx, esi
add ecx, 00000002
add edx, 00000002
mov eax, esi
:0042BC38
:0042BC3D
:0042BC41
:0042BC42
:0042BC44
:0042BC49
:0042BC4A
:0042BC4C
:0042BC4E
:0042BC51
E85B05FEFF
8345F00F
55
B001
E87BFEFFFF
59
6A00
6A03
8D45EC
50
call 0040C198
add dword ptr [ebp-10], 0000000F
push ebp
mov al, 01
call 0042BAC4
pop ecx
push 00000000
push 00000003
push eax

|
:0042BC52 E8C1A6FDFF
Call 00406318
:0042BC57 55
push ebp
:0042BC58 B001
mov al, 01
:0042BC5A E865FEFFFF
call 0042BAC4
:0042BC5F 59
pop ecx
:0042BC60 55
push ebp
:0042BC61 B001
mov al, 01
:0042BC63 E848FFFFFF
call 0042BBB0
:0042BC68 59
pop ecx
:0042BC69 EB4C
jmp 0042BCB7
|:0042BC1B(C)
|
:0042BC6B 8B7304
:0042BC6E 83C602
:0042BC71 8BC6
:0042BC73 83C002
:0042BC76 50
:0042BC77 8D45EC
:0042BC7A 50
:0042BC7B 8B4B08
:0042BC7E 41
:0042BC7F 8BD6
:0042BC81 8B03
:0042BC83 83C002
:0042BC86 E80D05FEFF
:0042BC8B 836DF40F
:0042BC8F 55
:0042BC90 33C0
:0042BC92 E82DFEFFFF
:0042BC97 59
:0042BC98 6A03
:0042BC9A 6A00
:0042BC9C 8D45EC
:0042BC9F 50

add esi, 00000002
mov eax, esi
add eax, 00000002
push eax
push eax
inc ecx
mov edx, esi
add eax, 00000002
call 0040C198
sub dword ptr [ebp-0C], 0000000F
push ebp
xor eax, eax
call 0042BAC4
pop ecx
push 00000003
push 00000000
push eax

|
:0042BCA0 E873A6FDFF
Call 00406318
:0042BCA5 55
push ebp
:0042BCA6 33C0
xor eax, eax
:0042BCA8 E817FEFFFF
call 0042BAC4
:0042BCAD 59
pop ecx
:0042BCAE 55
push ebp
:0042BCAF 33C0
xor eax, eax
:0042BCB1 E8FAFEFFFF
call 0042BBB0
:0042BCB6 59
pop ecx

|:0042BC69(U)
|
:0042BCB7 5E
pop esi
:0042BCB8 5B
pop ebx
:0042BCB9 8BE5
mov esp, ebp
:0042BCBB 5D
pop ebp
:0042BCBC C20400
ret 0004
:0042BCBF
:0042BCC0
:0042BCC1
:0042BCC3
:0042BCC6
:0042BCC7
:0042BCC8
:0042BCC9
:0042BCCB
:0042BCCD
:0042BCCF
:0042BCD4
:0042BCD9
:0042BCDC
:0042BCDE
:0042BCDF
:0042BCE4
:0042BCE7
:0042BCEA
:0042BCED
:0042BCF0
:0042BCF5
:0042BCF8
:0042BCFD
:0042BCFF
:0042BD00
:0042BD05
:0042BD08
:0042BD0B
:0042BD0D
:0042BD10
:0042BD15
:0042BD17
:0042BD18
:0042BD1D
:0042BD20
:0042BD23
:0042BD26
:0042BD2B
:0042BD2C
:0042BD2E
:0042BD34
:0042BD35
:0042BD38
90
55
8BEC
83C4E4
53
56
57
8BDA
8BF0
B201
A130EB4100
E8038CFEFF
8945FC
33C0
55
6807BE4200
64FF30
648920
8B5614
8B45FC
E8CF62FFFF
8B45FC
E8A78EFEFF
33C0
55
68EABD4200
64FF30
648920
8BD3
8B45FC
E8CB91FEFF
33C0
55
68CDBD4200
64FF30
648920
8B4614
E85DA3FFFF
48
85C0
0F8C81000000
40
8945F4
C745F800000000
nop
push ebp
mov ebp, esp
add esp, FFFFFFE4
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
mov dl, 01
call 004148DC
xor eax, eax
push ebp
push 0042BE07
call 00421FC4
call 00414BA4
xor eax, eax
push ebp
push 0042BDEA
mov edx, ebx
call 00414EE0
xor eax, eax
push ebp
push 0042BDCD
call 00426088
dec eax
test eax, eax
jl 0042BDB5
inc eax
mov [ebp-08], 00000000

|:0042BDB3(C)
|
:0042BD3F
:0042BD42
:0042BD45
:0042BD4A
:0042BD4C
:0042BD50
:0042BD52
:0042BD55
:0042BD57
:0042BD5C
:0042BD5F
:0042BD61
:0042BD63
:0042BD65
:0042BD67
:0042BD6A
:0042BD6D
:0042BD6F
:0042BD72
:0042BD75
:0042BD78
:0042BD7A
:0042BD7D
:0042BD80
:0042BD83
:0042BD86
:0042BD88
:0042BD8A
:0042BD8D
:0042BD90
:0042BD93
:0042BD96
:0042BD98
:0042BD9A
:0042BD9D
:0042BDA0
:0042BDA1
:0042BDA3
:0042BDA6
:0042BDA8
:0042BDAA
8B4614
8B55F8
E802A3FFFF
8BD8
807B4700
745B
8D55E4
8BC3
E8FC6DFFFF
8D4DE4
8BD3
8BC6
8B38
FF17
8B45E4
2B4330
03C0
2945E4
8B45E8
2B4334
03C0
2945E8
8B4338
8B55EC
2B55E4
2BC2
03C0
2945EC
8B433C
8B55F0
2B55E8
2BC2
03C0
2945F0
8D45E4
50
8BCB
8B55FC
8BC6
8B18
FF5310

call 0042604C
mov ebx, eax
je 0042BDAD
mov eax, ebx
call 00422B58
mov edx, ebx
mov eax, esi
add eax, eax
sub dword ptr [ebp-1C], eax
add eax, eax
sub dword ptr [ebp-18], eax
sub edx, dword ptr [ebp-1C]
sub eax, edx
add eax, eax
sub eax, edx
add eax, eax
push eax
mov ecx, ebx
mov eax, esi
call [ebx+10]

|:0042BD50(C)
|
:0042BDAD FF45F8
inc [ebp-08]
:0042BDB0 FF4DF4
dec [ebp-0C]
:0042BDB3 758A
jne 0042BD3F
|:0042BD2E(C)
|
:0042BDB5 33C0
:0042BDB7 5A
:0042BDB8 59
:0042BDB9 59
:0042BDBA 648910
:0042BDBD 68D4BD4200

xor eax, eax
pop edx
pop ecx
pop ecx
push 0042BDD4
|:0042BDD2(U)
|
:0042BDC2 33D2
:0042BDC4 8B45FC
:0042BDC7 E81491FEFF
:0042BDCC C3
xor edx, edx

call 00414EE0
ret
:0042BDCD
:0042BDD2
:0042BDD4
:0042BDD6
:0042BDD7
:0042BDD8
:0042BDD9
:0042BDDC
jmp 00403278
jmp 0042BDC2
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042BDF1
E9A674FDFF
EBEE
33C0
5A
59
59
648910
68F1BD4200
|:0042BDEF(U)
|
:0042BDE1 8B45FC
:0042BDE4 E86F8FFEFF
:0042BDE9 C3
:0042BDEA
:0042BDEF
:0042BDF1
:0042BDF3
:0042BDF4
:0042BDF5
:0042BDF6
jmp
jmp
xor
pop
pop
pop
mov
E98974FDFF
EBF0
33C0
5A
59
59
648910

call 00414D58
ret
00403278
0042BDE1
eax, eax
edx
ecx
ecx

|
:0042BDF9 680EBE4200
push 0042BE0E
|:0042BE0C(U)
|
:0042BDFE 8B45FC
:0042BE01 E81A6EFDFF
:0042BE06 C3
:0042BE07
:0042BE0C
:0042BE0E
:0042BE0F
:0042BE10
:0042BE11
:0042BE13
:0042BE14
E96C74FDFF
EBF0
5F
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
pop
mov
pop
ret
:0042BE15
:0042BE18
:0042BE19
:0042BE1B
:0042BE1E
8D4000
55
8BEC
83C4DC
53

push ebp
mov ebp, esp
add esp, FFFFFFDC
push ebx

call 00402C20
ret
00403278
0042BDFE
edi
esi
ebx
esp, ebp
ebp
:0042BE1F
:0042BE20
:0042BE21
:0042BE23
:0042BE26
:0042BE28
:0042BE2B
:0042BE2E
:0042BE30
:0042BE36
:0042BE39
:0042BE3E
:0042BE3F
:0042BE42
:0042BE43
:0042BE46
:0042BE4B
:0042BE4D
:0042BE4F
:0042BE51
:0042BE56
:0042BE57
:0042BE59
:0042BE5C
:0042BE61
:0042BE62
:0042BE63
:0042BE64
:0042BE67
:0042BE6A
:0042BE6C
:0042BE6E
:0042BE70
:0042BE72
:0042BE74
:0042BE76
:0042BE78
:0042BE7A
56
57
8BF9
8955FC
8BD8
8B7508
8B450C
85FF
0F85B9000000
8B4314
E8BA6DFFFF
50
8D45DC
50
8B4314
E8696DFFFF
8BC8
33D2
33C0
E84203FEFF
56
8BFE
8D75DC
B904000000
F3
A5
5E
8B7B14
8A474B
FEC8
7448
FEC8
7454
FEC8
7409
FEC8
7415
E9F0000000
push esi
push edi
mov edi, ecx
mov ebx, eax
test edi, edi
jne 0042BEEF
call 00422BF8
push eax
push eax
call 00422BB4
mov ecx, eax
xor edx, edx
xor eax, eax
call 0040C198
push esi
mov edi, esi
mov ecx, 00000004
repz
movsd
pop esi
mov al, byte ptr [edi+4B]
dec al
je 0042BEB6
dec al
je 0042BEC6
dec al
je 0042BE7F
dec al
je 0042BE8F
jmp 0042BF6F
|:0042BE74(C)
|
:0042BE7F 8B45FC
:0042BE82 E8C172FFFF
:0042BE87 894608
:0042BE8A E9E0000000
|:0042BE78(C)
|
:0042BE8F 8BC7
:0042BE91 E81E6DFFFF
:0042BE96 50
:0042BE97 8B45FC
:0042BE9A E8A972FFFF
:0042BE9F 5A
:0042BEA0 2BD0
:0042BEA2 8916
:0042BEA4 8B45FC
:0042BEA7 E89C72FFFF

call 00423148
jmp 0042BF6F
mov eax, edi

call 00422BB4
push eax
call 00423148
pop edx
sub edx, eax
call 00423148
:0042BEAC 0306
:0042BEAE 894608
:0042BEB1 E9B9000000
add eax, dword ptr [esi]

jmp 0042BF6F
|:0042BE6C(C)
|
:0042BEB6 8B45FC
:0042BEB9 E87672FFFF
:0042BEBE 89460C
:0042BEC1 E9A9000000
|:0042BE70(C)
|
:0042BEC6 8BC7
:0042BEC8 E82B6DFFFF
:0042BECD 50
:0042BECE 8B45FC
:0042BED1 E85E72FFFF
:0042BED6 5A
:0042BED7 2BD0
:0042BED9 895604
:0042BEDC 8B45FC
:0042BEDF E85072FFFF
:0042BEE4 034604
:0042BEE7 89460C
:0042BEEA E980000000

call 00423134
jmp 0042BF6F
mov eax, edi

call 00422BF8
push eax
call 00423134
pop edx
sub edx, eax
call 00423134
jmp 0042BF6F

|:0042BE30(C)
|
:0042BEEF 8B5730
:0042BEF2 8955F8
:0042BEF5 8B5734
:0042BEF8 8955F4
:0042BEFB 8B5738
:0042BEFE 8955F0
:0042BF01 8B573C
:0042BF04 8955EC
:0042BF07 8BD0
mov edx, eax
:0042BF09 80C2FD
add dl, FD
:0042BF0C 80EA02
sub dl, 02
:0042BF0F 730F
jnb 0042BF20
:0042BF11 8B5738
:0042BF14 D1FA
sar edx, 1
:0042BF16 7903
jns 0042BF1B
:0042BF18 83D200
adc edx, 00000000
|:0042BF16(C)
|
:0042BF1B 8955F0
:0042BF1E EB15
jmp 0042BF35
|:0042BF0F(C)
|
:0042BF20 8BD0
mov edx, eax
:0042BF22 4A
dec edx
:0042BF23
:0042BF26
:0042BF28
:0042BF2B
:0042BF2D
:0042BF2F
80EA02
730D
8B573C
D1FA
7903
83D200
sub
jnb
mov
sar
jns
adc
dl, 02
0042BF35
edx, dword ptr [edi+3C]
edx, 1
0042BF32
edx, 00000000

|:0042BF2D(C)
|
:0042BF32 8955EC
|:0042BF1E(U), :0042BF26(C)
|
:0042BF35 2C02
:0042BF37 740C
:0042BF39 2C02
:0042BF3B 750E
:0042BF3D 8B45F0
:0042BF40 0145F8
:0042BF43 EB06

sub al, 02
je 0042BF45
sub al, 02
jne 0042BF4B
jmp 0042BF4B

|:0042BF37(C)
|
:0042BF45 8B45EC
:0042BF48 0145F4
|:0042BF3B(C), :0042BF43(U)
|
:0042BF4B 8B45EC
:0042BF4E 50
:0042BF4F 8D45DC
:0042BF52 50
:0042BF53 8B4DF0
:0042BF56 8B55F4
:0042BF59 8B45F8
:0042BF5C E85302FEFF
:0042BF61 56
:0042BF62 8BFE
:0042BF64 8D75DC
:0042BF67 B904000000
:0042BF6C F3
:0042BF6D A5
:0042BF6E 5E

mov eax, dword ptr
push eax
lea eax, dword ptr
push eax
mov ecx, dword ptr
mov edx, dword ptr
mov eax, dword ptr
call 0040C1B4
push esi
mov edi, esi
lea esi, dword ptr
mov ecx, 00000004
repz
movsd
pop esi
[ebp-14]
[ebp-24]
[ebp-10]
[ebp-0C]
[ebp-08]
[ebp-24]

|:0042BE7A(U), :0042BE8A(U), :0042BEB1(U), :0042BEC1(U), :0042BEEA(U)
|
:0042BF6F 6A02
push 00000002
:0042BF71 56
push esi
:0042BF72 6A00
push 00000000
:0042BF74 8B4314
:0042BF77 E884CFFFFF
call 00428F00
:0042BF7C 50
push eax
|
:0042BF7D
:0042BF82
:0042BF83
:0042BF84
:0042BF85
:0042BF87
:0042BF88
E87EA3FDFF
5F
5E
5B
8BE5
5D
C20800
:0042BF8B 90
Call 00406300
pop edi
pop esi
pop ebx
mov esp, ebp
pop ebp
ret 0008
nop

|:0042BF9D , :0042BFAE , :0042BFD2
|
:0042BF8C 55
push ebp
:0042BF8D 8BEC
mov ebp, esp
:0042BF8F 53
push ebx
:0042BF90 8BD8
mov ebx, eax
:0042BF92 8B430C
:0042BF95 85C0
test eax, eax
:0042BF97 740A
je 0042BFA3
:0042BF99 8B5508
:0042BF9C 52
push edx
:0042BF9D E8EAFFFFFF
call 0042BF8C
:0042BFA2 59
pop ecx
|:0042BF97(C)
|
:0042BFA3 8B4308
:0042BFA6 85C0
:0042BFA8 740A
:0042BFAA 8B5508
:0042BFAD 52
:0042BFAE E8D9FFFFFF
:0042BFB3 59
|:0042BFA8(C)
|
:0042BFB4 8BC3
:0042BFB6 E8656CFDFF
:0042BFBB 5B
:0042BFBC 5D
:0042BFBD C3
:0042BFBE 8BC0
mov eax, eax

test eax, eax
je 0042BFB4
push edx
call 0042BF8C
pop ecx
mov eax, ebx

call 00402C20
pop ebx
pop ebp
ret

|:0042B065 , :0042B8F3
|
:0042BFC0 55
push ebp
:0042BFC1 8BEC
mov ebp, esp
:0042BFC3 53
push ebx
:0042BFC4 8BDA
mov ebx, edx
:0042BFC6 85DB
test ebx, ebx
:0042BFC8 743E
je 0042C008
:0042BFCA 8B4308
:0042BFCD 85C0
test eax, eax
:0042BFCF
:0042BFD1
:0042BFD2
:0042BFD7
7407
55
E8B5FFFFFF
59
je 0042BFD8
push ebp
call 0042BF8C
pop ecx

|:0042BFCF(C)
|
:0042BFD8 8B4318
:0042BFDB 85C0
test eax, eax
:0042BFDD 7408
je 0042BFE7
:0042BFDF 8B530C
:0042BFE2 89500C
:0042BFE5 EB0D
jmp 0042BFF4
|:0042BFDD(C)
|
:0042BFE7 8B4314
:0042BFEA 85C0
test eax, eax
:0042BFEC 7406
je 0042BFF4
:0042BFEE 8B530C
:0042BFF1 895008
|:0042BFE5(U), :0042BFEC(C)
|
:0042BFF4 8B430C
:0042BFF7 85C0
:0042BFF9 7406
:0042BFFB 8B5318
:0042BFFE 895018

test eax, eax
je 0042C001

|:0042BFF9(C)
|
:0042C001 8BC3
mov eax, ebx
:0042C003 E8186CFDFF
call 00402C20
|:0042BFC8(C)
|
:0042C008 5B
pop ebx
:0042C009 5D
pop ebp
:0042C00A C3
ret
:0042C00B
:0042C00C
:0042C00D
:0042C00E
:0042C010
:0042C012
:0042C014
:0042C016
:0042C01B
:0042C01D
:0042C01F
:0042C022
:0042C024
90
53
56
8BF2
8BD8
8BD6
8BC3
E8F5F0FFFF
85C0
7424
3B4338
7507
33D2
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 0042B110
test eax, eax
je 0042C043
jne 0042C02B
xor edx, edx
:0042C026 895004
:0042C029 EB09

jmp 0042C034
|:0042C022(C)
|
:0042C02B 8BD0
:0042C02D 8BC3
:0042C02F E814000000
|:0042C029(U)
|
:0042C034 C6868800000000
:0042C03B 8B4314
:0042C03E 8B10
:0042C040 FF5278
mov edx, eax

mov eax, ebx
call 0042C048

call [edx+78]

|:0042C01D(C)
|
:0042C043 5E
pop esi
:0042C044 5B
pop ebx
:0042C045 C3
ret
:0042C046 8BC0
mov eax, eax

|:0042B311 , :0042C02F
|
:0042C048 55
push ebp
:0042C049 8BEC
mov ebp, esp
:0042C04B 6A00
push 00000000
:0042C04D 6A00
push 00000000
:0042C04F 53
push ebx
:0042C050 56
push esi
:0042C051 57
push edi
:0042C052 8BDA
mov ebx, edx
:0042C054 8BF0
mov esi, eax
:0042C056 33C0
xor eax, eax
:0042C058 55
push ebp
:0042C059 689CC24200
push 0042C29C
:0042C05E 64FF30
:0042C061 648920
:0042C064 85DB
test ebx, ebx
:0042C066 753B
jne 0042C0A3
:0042C068 8D55FC
:0042C06B A13C2B4400
:0042C070 E8AF8DFDFF
call 00404E24
:0042C075 8D45FC
:0042C078 50
push eax
:0042C079 8D55F8
:0042C07C A1742A4400
:0042C081 E89E8DFDFF
call 00404E24
:0042C086 8B55F8
:0042C089 58
pop eax
:0042C08A E8AD79FDFF
call 00403A3C
:0042C08F 8B4DFC
:0042C092 B201
mov dl, 01
:0042C094 A184694000
:0042C099 E8CEC7FDFF
:0042C09E E80D72FDFF

call 0040886C
call 004032B0
|:0042C066(C)
|
:0042C0A3 837B0400
:0042C0A7 753B
:0042C0A9 8D55FC
:0042C0AC A13C2B4400
:0042C0B1 E86E8DFDFF
:0042C0B6 8D45FC
:0042C0B9 50
:0042C0BA 8D55F8
:0042C0BD A1782C4400
:0042C0C2 E85D8DFDFF
:0042C0C7 8B55F8
:0042C0CA 58
:0042C0CB E86C79FDFF
:0042C0D0 8B4DFC
:0042C0D3 B201
:0042C0D5 A184694000
:0042C0DA E88DC7FDFF
:0042C0DF E8CC71FDFF
|:0042C0A7(C)
|
:0042C0E4 8B4314
:0042C0E7 E854E9FFFF
:0042C0EC 83F801
:0042C0EF 7511
:0042C0F1 8B4660
:0042C0F4 33D2
:0042C0F6 895008
:0042C0F9 C6401000
:0042C0FD E978010000
|:0042C0EF(C)
|
:0042C102 83F802
:0042C105 0F8522010000
:0042C10B 8B4318
:0042C10E 85C0
:0042C110 7505
:0042C112 8B7B0C
:0042C115 EB02

jne 0042C0E4
call 00404E24
push eax
call 00404E24
pop eax
call 00403A3C
mov dl, 01
call 0040886C
call 004032B0

call 0042AA40
cmp eax, 00000001
jne 0042C102
xor edx, edx
mov [eax+10], 00
jmp 0042C27A
cmp eax, 00000002

jne 0042C22D
test eax, eax
jne 0042C117
jmp 0042C119

|:0042C110(C)
|
:0042C117 8BF8
mov edi, eax
|:0042C115(U)
|
:0042C119 837F0400
:0042C11D 7459
je 0042C178
:0042C11F
:0042C122
:0042C125
:0042C127
:0042C129
:0042C12C
:0042C12F
:0042C131
:0042C134
:0042C136
:0042C139
:0042C13C
:0042C141
:0042C144
:0042C146
:0042C14B
8B5660
8B4314
3BD0
7524
8B4660
897808
33C0
894718
33C0
89470C
8B4660
E85BE9FFFF
894720
8BC7
E849ECFFFF
EB16

cmp edx, eax
jne 0042C14D
xor eax, eax
xor eax, eax
call 0042AA9C
mov eax, edi
call 0042AD94
jmp 0042C163
|:0042C127(C)
|
:0042C14D C6401000
:0042C151 8B5704
:0042C154 895004
:0042C157 33D2
:0042C159 895008
:0042C15C 8BC7
:0042C15E E8BD6AFDFF
|:0042C14B(U)
|
:0042C163 56
:0042C164 68DCC74200
:0042C169 8B5314
:0042C16C 8BC6
:0042C16E E801F0FFFF
:0042C173 E902010000
|:0042C11D(C)
|
:0042C178 8B4314
:0042C17B 3B4660
:0042C17E 7535
:0042C180 8B4664
:0042C183 894720
:0042C186 8B4660
:0042C189 8B4020
:0042C18C 894664
:0042C18F 8B4660
:0042C192 E8896AFDFF
:0042C197 897E60
:0042C19A 33C0
:0042C19C 89470C
:0042C19F 33C0
:0042C1A1 894718
:0042C1A4 33C0
:0042C1A6 894714
:0042C1A9 8BC6
:0042C1AB E804060000
mov [eax+10], 00
xor edx, edx
mov eax, edi
call 00402C20
push esi
push 0042C7DC
mov eax, esi
call 0042B174
jmp 0042C27A

jne 0042C1B5
call 00402C20
xor eax, eax
xor eax, eax
xor eax, eax
mov eax, esi
call 0042C7B4
:0042C1B0 E9C5000000
jmp 0042C27A

|:0042C17E(C)
|
:0042C1B5 8B4314
:0042C1B8 8B4018
:0042C1BB 8B5708
:0042C1BE 894218
:0042C1C1 85C0
test eax, eax
:0042C1C3 750E
jne 0042C1D3
:0042C1C5 8B4708
:0042C1C8 8B5314
:0042C1CB 8B5214
:0042C1CE 894208
:0042C1D1 EB06
jmp 0042C1D9
|:0042C1C3(C)
|
:0042C1D3 8B5708
:0042C1D6 89500C
|:0042C1D1(U)
|
:0042C1D9 8B4708
:0042C1DC 8B5314
:0042C1DF 8B5214
:0042C1E2 895014
|:0042C1F5(C)
|
:0042C1E5 8B400C
:0042C1E8 8B5314
:0042C1EB 8B5214
:0042C1EE 895014
:0042C1F1 83780C00
:0042C1F5 75EE
:0042C1F7 8B5314
:0042C1FA 8B520C
:0042C1FD 89500C
:0042C200 83780C00
:0042C204 7406
:0042C206 8B500C
:0042C209 894218
|:0042C204(C)
|
:0042C20C 56
:0042C20D 68DCC74200
:0042C212 8B5014
:0042C215 8BC6
:0042C217 E858EFFFFF
:0042C21C 8B4314
:0042C21F E8FC69FDFF
:0042C224 8BC7
:0042C226 E8F569FDFF

jne 0042C1E5
je 0042C20C
push esi
push 0042C7DC
mov eax, esi
call 0042B174
call 00402C20
mov eax, edi
call 00402C20
:0042C22B EB4D
jmp 0042C27A
|:0042C105(C)
|
:0042C22D 8B4318
:0042C230 85C0
:0042C232 7518
:0042C234 8B4314
:0042C237 8B530C
:0042C23A 895008
:0042C23D 8B430C
:0042C240 33D2
:0042C242 895018
:0042C245 E84AEBFFFF
:0042C24A EB1E

test eax, eax
jne 0042C24C
xor edx, edx
call 0042AD94
jmp 0042C26A

|:0042C232(C)
|
:0042C24C 8B530C
:0042C24F 89500C
:0042C252 8B530C
:0042C255 85D2
test edx, edx
:0042C257 7403
je 0042C25C
:0042C259 894218
|:0042C257(C)
|
:0042C25C 8B4318
:0042C25F 8B5320
:0042C262 895020
:0042C265 E82AEBFFFF
|:0042C24A(U)
|
:0042C26A 56
:0042C26B 68DCC74200
:0042C270 8B5314
:0042C273 8BC6
:0042C275 E8FAEEFFFF

call 0042AD94
push esi
push 0042C7DC
mov eax, esi
call 0042B174

|:0042C0FD(U), :0042C173(U), :0042C1B0(U), :0042C22B(U)
|
:0042C27A 8BC3
mov eax, ebx
:0042C27C E89F69FDFF
call 00402C20
:0042C281 33C0
xor eax, eax
:0042C283 5A
pop edx
:0042C284 59
pop ecx
:0042C285 59
pop ecx
:0042C286 648910
|
:0042C289 68A3C24200
push 0042C2A3
|:0042C2A1(U)
|
:0042C28E 8D45F8
:0042C291 BA02000000
:0042C296 E84175FDFF
:0042C29B C3

mov edx, 00000002
call 004037DC
ret
:0042C29C
:0042C2A1
:0042C2A3
:0042C2A4
:0042C2A5
:0042C2A6
:0042C2A7
:0042C2A8
:0042C2A9
E9D76FFDFF
EBEB
5F
5E
5B
59
59
5D
C3
jmp
jmp
pop
pop
pop
pop
pop
pop
ret
:0042C2AA
:0042C2AC
:0042C2AD
:0042C2AE
:0042C2AF
:0042C2B2
:0042C2B4
:0042C2B6
:0042C2B9
:0042C2BD
:0042C2C3
:0042C2C5
:0042C2CA
:0042C2CC
:0042C2D2
:0042C2D4
:0042C2D7
:0042C2D9
:0042C2DC
:0042C2DE
:0042C2E1
:0042C2E3
:0042C2E9
:0042C2EB
:0042C2ED
:0042C2F0
:0042C2F2
:0042C2F7
:0042C2FC
:0042C2FE
8BC0
53
56
57
83C4F0
8BDA
8BF8
8B7714
F6462001
0F85B3000000
8BC6
E87EB5FFFF
85C0
0F8EA4000000
8BD4
8B4714
8B08
FF5144
8BD4
8B4714
8B08
FF9188000000
84DB
7513
8D5720
8BC4
B910000000
E8D0B1FDFF
84C0
7576
mov eax, eax

push ebx
push esi
push edi
add esp, FFFFFFF0
mov ebx, edx
mov edi, eax
test [esi+20], 01
jne 0042C376
mov eax, esi
call 00427848
test eax, eax
jle 0042C376
mov edx, esp
call [ecx+44]
mov edx, esp
test bl, bl
jne 0042C300
mov eax, esp
mov ecx, 00000010
call 004074CC
test al, al
jne 0042C376
|:0042C2EB(C)
|
:0042C300 57
:0042C301 8D742404
:0042C305 83C720
:0042C308 B904000000
:0042C30D F3
:0042C30E A5
:0042C30F 5F
00403278
0042C28E
edi
esi
ebx
ecx
ecx
ebp

push edi
lea esi, dword ptr [esp+04]
add edi, 00000020
mov ecx, 00000004
repz
movsd
pop edi
:0042C310
:0042C313
:0042C316
:0042C318
:0042C31A
:0042C31C
:0042C31E
8B4760
8A5010
FECA
7406
FECA
7419
EB2C

dec dl
je 0042C320
dec dl
je 0042C337
jmp 0042C34C
|:0042C318(C)
|
:0042C320 8B542408
:0042C324 2B1424
:0042C327 895020
:0042C32A 8B44240C
:0042C32E 2B442404
:0042C332 894764
:0042C335 EB15
|:0042C31C(C)
|
:0042C337 8B54240C
:0042C33B 2B542404
:0042C33F 895020
:0042C342 8B442408
:0042C346 2B0424
:0042C349 894764
|:0042C31E(U), :0042C335(U)
|
:0042C34C 8B4714
:0042C34F E8F4B4FFFF
:0042C354 85C0
:0042C356 7E1E
:0042C358 33D2
:0042C35A 8BC7
:0042C35C E82F030000
:0042C361 837F6800
:0042C365 750F
:0042C367 57
:0042C368 68DCC74200
:0042C36D 33D2
:0042C36F 8BC7
:0042C371 E8FEEDFFFF
mov
sub
mov
mov
sub
mov
jmp
mov
sub
mov
mov
sub
mov

edx, dword ptr [esp]
dword ptr [edi+64], eax
0042C34C
edx, dword ptr [esp+0C]

dword ptr [edi+64], eax

call 00427848
test eax, eax
jle 0042C376
xor edx, edx
mov eax, edi
call 0042C690
jne 0042C376
push edi
push 0042C7DC
xor edx, edx
mov eax, edi
call 0042B174

|:0042C2BD(C), :0042C2CC(C), :0042C2FE(C), :0042C356(C), :0042C365(C)
|
:0042C376 83C410
add esp, 00000010
:0042C379 5F
pop edi
:0042C37A 5E
pop esi
:0042C37B 5B
pop ebx
:0042C37C C3
ret
:0042C37D 8D4000
:0042C380 53
:0042C381 56

push ebx
push esi
:0042C382
:0042C384
:0042C386
:0042C388
:0042C38A
:0042C38C
:0042C38E
:0042C391
:0042C394
:0042C397
:0042C399
:0042C39C
:0042C39F
:0042C3A4
8BDA
8BF0
85DB
741D
85DB
7419
8B4314
8A4010
3A4644
750E
DB4320
DC4E3C
E84864FDFF
894320
mov ebx, edx

mov esi, eax
test ebx, ebx
je 0042C3A7
test ebx, ebx
je 0042C3A7
cmp al, byte ptr [esi+44]
jne 0042C3A7
fild dword ptr [ebx+20]
fmul qword ptr [esi+3C]
call 004027EC

|:0042C388(C), :0042C38C(C), :0042C397(C)
|
:0042C3A7 5E
pop esi
:0042C3A8 5B
pop ebx
:0042C3A9 C3
ret
:0042C3AA 8BC0
mov eax, eax

|:0042C48E , :0042C5A8
|
:0042C3AC 55
push ebp
:0042C3AD 8BEC
mov ebp, esp
:0042C3AF 83C4F8
add esp, FFFFFFF8
:0042C3B2 53
push ebx
:0042C3B3 8945FC
:0042C3B6 8B45FC
:0042C3B9 E82A78FDFF
call 00403BE8
:0042C3BE 33C0
xor eax, eax
:0042C3C0 55
push ebp
:0042C3C1 6817C44200
push 0042C417
:0042C3C6 64FF30
:0042C3C9 648920
:0042C3CC 8B45FC
:0042C3CF E86076FDFF
call 00403A34
:0042C3D4 8945F8
:0042C3D7 8D55F8
:0042C3DA 8B4508
:0042C3DD 8B40FC
:0042C3E0 B904000000
mov ecx, 00000004
:0042C3E5 8B18
:0042C3E7 FF5308
call [ebx+08]
:0042C3EA 837DF800
:0042C3EE 7E11
jle 0042C401
:0042C3F0 8B55FC
:0042C3F3 8B4508
:0042C3F6 8B40FC
:0042C3F9 8B4DF8
:0042C3FC 8B18
:0042C3FE FF5308
call [ebx+08]
|:0042C3EE(C)
|
:0042C401
:0042C403
:0042C404
:0042C405
:0042C406
33C0
5A
59
59
648910
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0042C409 681EC44200
push 0042C41E
|:0042C41C(U)
|
:0042C40E 8D45FC
:0042C411 E8A273FDFF
:0042C416 C3
:0042C417
:0042C41C
:0042C41E
:0042C41F
:0042C420
:0042C421
:0042C422
jmp
jmp
pop
pop
pop
pop
ret
E95C6EFDFF
EBF0
5B
59
59
5D
C3
:0042C423 90

call 004037B8
ret
00403278
0042C40E
ebx
ecx
ecx
ebp
nop

|:0042C4A3 , :0042C4B7 , :0042C5EB
|
:0042C424 55
push ebp
:0042C425 8BEC
mov ebp, esp
:0042C427 83C4F8
add esp, FFFFFFF8
:0042C42A 53
push ebx
:0042C42B 56
push esi
:0042C42C 33C9
xor ecx, ecx
:0042C42E 894DF8
:0042C431 8955FC
:0042C434 8BD8
mov ebx, eax
:0042C436 33C0
xor eax, eax
:0042C438 55
push ebp
:0042C439 68D3C44200
push 0042C4D3
:0042C43E 64FF30
:0042C441 648920
:0042C444 8D55FC
:0042C447 8B4508
:0042C44A 8B40FC
:0042C44D B904000000
mov ecx, 00000004
:0042C452 8B30
:0042C454 FF5608
call [esi+08]
:0042C457 8D5310
:0042C45A 8B4508
:0042C45D 8B40FC
:0042C460 B901000000
mov ecx, 00000001
:0042C465 8B30
:0042C467 FF5608
call [esi+08]
:0042C46A 8D5320
:0042C46D
:0042C470
:0042C473
:0042C478
:0042C47A
:0042C47D
:0042C480
:0042C481
:0042C484
:0042C486
:0042C48B
:0042C48E
:0042C493
:0042C494
:0042C497
:0042C499
:0042C49B
:0042C49E
:0042C49F
:0042C4A2
:0042C4A3
:0042C4A8
8B4508
8B40FC
B904000000
8B30
FF5608
8B4508
50
8D55F8
8BC3
E8E9E7FFFF
8B45F8
E819FFFFFF
59
8B4308
85C0
740E
8B5508
52
8B55FC
42
E87CFFFFFF
59
|:0042C499(C)
|
:0042C4A9 8B430C
:0042C4AC 85C0
:0042C4AE 740D
:0042C4B0 8B5508
:0042C4B3 52
:0042C4B4 8B55FC
:0042C4B7 E868FFFFFF
:0042C4BC 59
mov eax, dword ptr

mov eax, dword ptr
mov ecx, 00000004
mov esi, dword ptr
call [esi+08]
mov eax, dword ptr
push eax
lea edx, dword ptr
mov eax, ebx
call 0042AC74
mov eax, dword ptr
call 0042C3AC
pop ecx
mov eax, dword ptr
test eax, eax
je 0042C4A9
mov edx, dword ptr
push edx
mov edx, dword ptr
inc edx
call 0042C424
pop ecx
[ebp+08]
[eax-04]
[eax]
[ebp+08]
[ebp-08]
[ebp-08]
[ebx+08]
[ebp+08]
[ebp-04]

test eax, eax
je 0042C4BD
push edx
call 0042C424
pop ecx

|:0042C4AE(C)
|
:0042C4BD 33C0
xor eax, eax
:0042C4BF 5A
pop edx
:0042C4C0 59
pop ecx
:0042C4C1 59
pop ecx
:0042C4C2 648910
|
:0042C4C5 68DAC44200
push 0042C4DA
|:0042C4D8(U)
|
:0042C4CA 8D45F8
:0042C4CD E8E672FDFF
:0042C4D2 C3
:0042C4D3
:0042C4D8
:0042C4DA
:0042C4DB
jmp
jmp
pop
pop
E9A06DFDFF
EBF0
5E
5B

call 004037B8
ret
00403278
0042C4CA
esi
ebx
:0042C4DC
:0042C4DD
:0042C4DE
:0042C4DF
59
59
5D
C3
pop ecx
pop ecx
pop ebp
ret
:0042C4E0
:0042C4E1
:0042C4E3
:0042C4E6
:0042C4E7
:0042C4E8
:0042C4E9
:0042C4EB
:0042C4EE
:0042C4F1
:0042C4F4
:0042C4F6
:0042C4F7
:0042C4FC
:0042C4FF
:0042C502
:0042C505
:0042C508
:0042C50D
:0042C510
:0042C512
:0042C515
:0042C517
:0042C51C
:0042C521
:0042C524
:0042C526
:0042C527
:0042C52C
:0042C52F
:0042C532
:0042C535
:0042C538
:0042C53D
:0042C53F
:0042C540
:0042C542
:0042C544
:0042C545
55
8BEC
83C4EC
53
56
57
33C9
894DEC
8955FC
8945F8
33C0
55
6819C64200
64FF30
648920
8B45F8
8D506C
B904000000
8B45FC
8B18
FF5308
B201
A154B84000
E8CF66FDFF
8945F0
33C0
55
68C8C54200
64FF30
648920
8B45F8
8B4014
E80BB3FFFF
8BD8
4B
85DB
7C2D
43
33F6
push ebp
mov ebp, esp
add esp, FFFFFFEC
push ebx
push esi
push edi
xor ecx, ecx
xor eax, eax
push ebp
push 0042C619
lea edx, dword ptr [eax+6C]
mov ecx, 00000004
call [ebx+08]
mov dl, 01
call 00402BF0
xor eax, eax
push ebp
push 0042C5C8
call 00427848
mov ebx, eax
dec ebx
test ebx, ebx
jl 0042C571
inc ebx
xor esi, esi
|:0042C56F(C)
|
:0042C547 8B45F8
:0042C54A 8B4014
:0042C54D 8BD6
:0042C54F E808B3FFFF
:0042C554 8BF8
:0042C556 807F4700
:0042C55A 7511
:0042C55C 837F0800
:0042C560 740B
:0042C562 8B5708
:0042C565 8B45F0

mov edx, esi
call 0042785C
mov edi, eax
jne 0042C56D
je 0042C56D
:0042C568 8B08
:0042C56A FF5134

call [ecx+34]
|:0042C55A(C), :0042C560(C)
|
:0042C56D 46
:0042C56E 4B
:0042C56F 75D6
|:0042C542(C)
|
:0042C571 8B45F0
:0042C574 8B10
:0042C576 FF5214
:0042C579 8945F4
:0042C57C 8D55F4
:0042C57F B904000000
:0042C584 8B45FC
:0042C587 8B18
:0042C589 FF5308
:0042C58C 8B5DF4
:0042C58F 4B
:0042C590 85DB
:0042C592 7C1E
:0042C594 43
:0042C595 33F6
|:0042C5B0(C)
|
:0042C597 55
:0042C598 8D4DEC
:0042C59B 8BD6
:0042C59D 8B45F0
:0042C5A0 8B38
:0042C5A2 FF570C
:0042C5A5 8B45EC
:0042C5A8 E8FFFDFFFF
:0042C5AD 59
:0042C5AE 46
:0042C5AF 4B
:0042C5B0 75E5
|:0042C592(C)
|
:0042C5B2 33C0
:0042C5B4 5A
:0042C5B5 59
:0042C5B6 59
:0042C5B7 648910
:0042C5BA 68CFC54200
inc esi
dec ebx
jne 0042C547

call [edx+14]
mov ecx, 00000004
call [ebx+08]
dec ebx
test ebx, ebx
jl 0042C5B2
inc ebx
xor esi, esi
push ebp
lea ecx, dword
mov edx, esi
mov eax, dword
mov edi, dword
call [edi+0C]
mov eax, dword
call 0042C3AC
pop ecx
inc esi
dec ebx
jne 0042C597
ptr [ebp-14]
ptr [ebp-10]
ptr [eax]
ptr [ebp-14]
xor eax, eax

pop edx
pop ecx
pop ecx
push 0042C5CF

|:0042C5CD(U)
|
:0042C5BF 8B45F0
:0042C5C2 E85966FDFF
call 00402C20
:0042C5C7 C3
ret
:0042C5C8
:0042C5CD
:0042C5CF
:0042C5D2
:0042C5D5
:0042C5DA
:0042C5DD
:0042C5DF
:0042C5E2
:0042C5E3
:0042C5E6
:0042C5E9
:0042C5EB
:0042C5F0
:0042C5F1
:0042C5F6
:0042C5FB
:0042C5FE
:0042C600
:0042C603
:0042C605
:0042C606
:0042C607
:0042C608
jmp 00403278
jmp 0042C5BF
mov ecx, 00000004
call [ebx+08]
push ebp
xor edx, edx
call 0042C424
pop ecx
mov edx, 00442718
mov ecx, 00000004
call [ebx+08]
xor eax, eax
pop edx
pop ecx
pop ecx
E9AB6CFDFF
EBF0
8B45F8
8D5064
B904000000
8B45FC
8B18
FF5308
55
8B45F8
8B4060
33D2
E834FEFFFF
59
BA18274400
B904000000
8B45FC
8B18
FF5308
33C0
5A
59
59
648910

|
:0042C60B 6820C64200
push 0042C620
|:0042C61E(U)
|
:0042C610 8D45EC
:0042C613 E8A071FDFF
:0042C618 C3
:0042C619
:0042C61E
:0042C620
:0042C621
:0042C622
:0042C623
:0042C625
:0042C626
jmp
jmp
pop
pop
pop
mov
pop
ret
E95A6CFDFF
EBF0
5F
5E
5B
8BE5
5D
C3
:0042C627 90

call 004037B8
ret
00403278
0042C610
edi
esi
ebx
esp, ebp
ebp
nop

|:0042C675 , :0042C686 , :0042C6A7
|
:0042C628 55
push ebp
:0042C629 8BEC
mov ebp, esp
:0042C62B 53
push ebx
:0042C62C 8BD8
mov ebx, eax
:0042C62E 85DB
test ebx, ebx
:0042C630
:0042C632
:0042C636
:0042C638
:0042C63B
:0042C63E
:0042C641
:0042C643
:0042C646
:0042C649
:0042C64C
:0042C64F
:0042C651
:0042C653
:0042C656
:0042C659
:0042C65C
:0042C65F
745A
837B0C00
7532
8B4508
8B40FC
3B5860
7427
8B5508
8B52FC
8B5260
8B4314
3BD0
750E
8B4508
8B40FC
8B4064
894320
EB09
je 0042C68C
jne 0042C66A
je 0042C66A
cmp edx, eax
jne 0042C661
jmp 0042C66A

|:0042C651(C)
|
:0042C661 8B4014
:0042C664 8B4020
:0042C667 894320
|:0042C636(C), :0042C641(C), :0042C65F(U)
|
:0042C66A 8B4308
:0042C66D 85C0
test eax, eax
:0042C66F 740A
je 0042C67B
:0042C671 8B5508
:0042C674 52
push edx
:0042C675 E8AEFFFFFF
call 0042C628
:0042C67A 59
pop ecx
|:0042C66F(C)
|
:0042C67B 8B430C
:0042C67E 85C0
:0042C680 740A
:0042C682 8B5508
:0042C685 52
:0042C686 E89DFFFFFF
:0042C68B 59
|:0042C630(C), :0042C680(C)
|
:0042C68C 5B
:0042C68D 5D
:0042C68E C3
:0042C68F 90
nop

test eax, eax
je 0042C68C
push edx
call 0042C628
pop ecx
pop ebx
pop ebp
ret

|:0042C35C , :0042C795
|
:0042C690
:0042C691
:0042C693
:0042C694
:0042C697
:0042C699
:0042C69B
:0042C69E
:0042C6A1
55
8BEC
51
8945FC
85D2
7509
8B45FC
8B4060
8B5008
push ebp
mov ebp, esp
push ecx
test edx, edx
jne 0042C6A4
|:0042C699(C)
|
:0042C6A4 55
:0042C6A5 8BC2
:0042C6A7 E87CFFFFFF
:0042C6AC 59
:0042C6AD 8B45FC
:0042C6B0 8B4014
:0042C6B3 8B10
:0042C6B5 FF5278
:0042C6B8 59
:0042C6B9 5D
:0042C6BA C3
:0042C6BB 90
nop
|:0042025F(U)
|
:0042C6BC 53
:0042C6BD 56
:0042C6BE 8BF2
:0042C6C0 8BD8
:0042C6C2 8BD6
:0042C6C4 8BC3
:0042C6C6 E845EAFFFF
:0042C6CB 894338
:0042C6CE 5E
:0042C6CF 5B
:0042C6D0 C3
:0042C6D1
:0042C6D4
:0042C6D6
:0042C6D8
:0042C6DB
:0042C6DD
:0042C6E0
:0042C6E3
:0042C6E6
:0042C6E8
:0042C6EB

test edx, edx
je 0042C6EE
je 0042C6EE
mov cl, byte ptr [ecx+10]
cmp cl, byte ptr [eax+44]
jne 0042C6EE
add dword ptr [edx+20], eax
8D4000
85D2
7416
3B5060
7411
8B4A14
8A4910
3A4844
7506
8B4048
014220
push ebp
mov eax, edx
call 0042C628
pop ecx
call [edx+78]
pop ecx
pop ebp
ret
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 0042B110
pop esi
pop ebx
ret

|:0042C6D6(C), :0042C6DB(C), :0042C6E6(C)
|
:0042C6EE C3
:0042C6EF 90
ret
nop

|:0042CC50
|
:0042C6F0 53
push ebx
:0042C6F1 56
push esi
:0042C6F2 57
push edi
:0042C6F3 83C4F8
add esp, FFFFFFF8
:0042C6F6 8BF1
mov esi, ecx
:0042C6F8 8D3C24
:0042C6FB A5
movsd
:0042C6FC A5
movsd
:0042C6FD 8BD8
mov ebx, eax
:0042C6FF 89535C
:0042C702 8B4314
:0042C705 E8F6C7FFFF
call 00428F00
:0042C70A 8BD0
mov edx, eax
:0042C70C A120374400
:0042C711 E8EA080000
call 0042D000
:0042C716 8B4314
:0042C719 E8E2C7FFFF
call 00428F00
:0042C71E 8BF0
mov esi, eax
:0042C720 897358
:0042C723 6812040000
push 00000412
:0042C728 6A00
push 00000000
:0042C72A 56
push esi
|
:0042C72B E8209AFDFF
Call 00406150
:0042C730 894354
:0042C733 8B0424
:0042C736 89434C
:0042C739 8B442404
:0042C73D 894350
:0042C740 8BC3
mov eax, ebx
:0042C742 E8A5000000
call 0042C7EC
:0042C747 59
pop ecx
:0042C748 5A
pop edx
:0042C749 5F
pop edi
:0042C74A 5E
pop esi
:0042C74B 5B
pop ebx
:0042C74C C3
ret
:0042C74D 8D4000

|:0042CD12
|
:0042C750 53
push ebx
:0042C751 8BD8
mov ebx, eax
:0042C753 33D2
xor edx, edx
:0042C755 A120374400
:0042C75A E8A1080000
call 0042D000
:0042C75F 8BC3
mov eax, ebx
:0042C761 E886000000
call 0042C7EC
:0042C766 8B4354
:0042C769 50
:0042C76A 8B4358
:0042C76D 50
push eax
push eax

|
:0042C76E E8ED9BFDFF
Call 00406360
:0042C773 8B435C
:0042C776 8B5014
:0042C779 807A1001
:0042C77D 7508
jne 0042C787
:0042C77F 8B5350
:0042C782 895020
:0042C785 EB06
jmp 0042C78D
|:0042C77D(C)
|
:0042C787 8B534C
:0042C78A 895020
|:0042C785(U)
|
:0042C78D 8B435C
:0042C790 8B5014
:0042C793 8BC3
:0042C795 E8F6FEFFFF
:0042C79A 53
:0042C79B 68DCC74200
:0042C7A0 8B435C
:0042C7A3 8B5014
:0042C7A6 8BC3
:0042C7A8 E8C7E9FFFF
:0042C7AD 33C0
:0042C7AF 89435C
:0042C7B2 5B
:0042C7B3 C3

mov eax, ebx
call 0042C690
push ebx
push 0042C7DC
mov eax, ebx
call 0042B174
xor eax, eax
pop ebx
ret

|:0042B0B2 , :0042C1AB
|
:0042C7B4 53
push ebx
:0042C7B5 8BD8
mov ebx, eax
:0042C7B7 837B6800
:0042C7BB 751B
jne 0042C7D8
:0042C7BD 8B4314
:0042C7C0 E883B0FFFF
call 00427848
:0042C7C5 85C0
test eax, eax
:0042C7C7 7E0F
jle 0042C7D8
:0042C7C9 53
push ebx
:0042C7CA 68DCC74200
push 0042C7DC
:0042C7CF 33D2
xor edx, edx
:0042C7D1 8BC3
mov eax, ebx
:0042C7D3 E89CE9FFFF
call 0042B174
|:0042C7BB(C), :0042C7C7(C)
|
:0042C7D8 5B
:0042C7D9 C3
pop ebx
ret
:0042C7DA
:0042C7DC
:0042C7E0
:0042C7E2
:0042C7E4
mov eax, eax

jne 0042C7E9
mov eax, edx
call 0042AD94
8BC0
83786800
7507
8BC2
E8ABE5FFFF

|:0042C7E0(C)
|
:0042C7E9 C3
ret
:0042C7EA 8BC0
mov eax, eax
|:0042C742 , :0042C761 , :0042CB9D , :0042CBC6
|
:0042C7EC 53
push ebx
:0042C7ED 56
push esi
:0042C7EE 83C4F0
add esp, FFFFFFF0
:0042C7F1 8BD8
mov ebx, eax
:0042C7F3 8B735C
:0042C7F6 85F6
test esi, esi
:0042C7F8 0F84B9000000
je 0042C8B7
:0042C7FE 8B4614
:0042C801 80781001
:0042C805 7537
jne 0042C83E
:0042C807 BA02000000
mov edx, 00000002
:0042C80C 8BC6
mov eax, esi
:0042C80E E8D1E2FFFF
call 0042AAE4
:0042C813 890424
:0042C816 8B4350
:0042C819 89442404
:0042C81D BA02000000
mov edx, 00000002
:0042C822 8B435C
:0042C825 E826E3FFFF
call 0042AB50
:0042C82A 030424
:0042C82D 89442408
:0042C831 8B442404
:0042C835 83C004
add eax, 00000004
:0042C838 8944240C
:0042C83C EB35
jmp 0042C873
|:0042C805(C)
|
:0042C83E 8B434C
:0042C841 890424
:0042C844 BA01000000
:0042C849 8BC6
:0042C84B E894E2FFFF
:0042C850 89442404
:0042C854 8B0424
:0042C857 83C004
:0042C85A 89442408
:0042C85E BA01000000
:0042C863 8B435C

mov edx, 00000001
mov eax, esi
call 0042AAE4
add eax, 00000004
mov edx, 00000001
:0042C866 E8E5E2FFFF
:0042C86B 03442404
:0042C86F 8944240C
call 0042AB50
|:0042C83C(U)
|
:0042C873 8B4310
:0042C876 E8457FFEFF
:0042C87B 50
:0042C87C 8B4354
:0042C87F 50

call 004147C0
push eax
push eax

|
:0042C880 E8E396FDFF
Call 00405F68
:0042C885 8BF0
mov esi, eax
:0042C887 6849005A00
push 005A0049
:0042C88C 8B4C2410
mov ecx, dword
:0042C890 8B542408
mov edx, dword
:0042C894 2BCA
sub ecx, edx
:0042C896 51
push ecx
:0042C897 8B4C2410
mov ecx, dword
:0042C89B 8B442408
mov eax, dword
:0042C89F 2BC8
sub ecx, eax
:0042C8A1 51
push ecx
:0042C8A2 52
push edx
:0042C8A3 50
push eax
:0042C8A4 8B4354
mov eax, dword
:0042C8A7 50
push eax
ptr [esp+10]
ptr [esp+08]
ptr [esp+10]
ptr [esp+08]
ptr [ebx+54]

|
:0042C8A8 E88396FDFF
Call 00405F30
:0042C8AD 56
push esi
:0042C8AE 8B4354
:0042C8B1 50
push eax
|
:0042C8B2 E8B196FDFF
Call 00405F68
|:0042C7F8(C)
|
:0042C8B7 83C410
add esp, 00000010
:0042C8BA 5E
pop esi
:0042C8BB 5B
pop ebx
:0042C8BC C3
ret
:0042C8BD 8D4000

|:0042C914
|
:0042C8C0 3BD0
cmp edx, eax
:0042C8C2 7D02
jge 0042C8C6
:0042C8C4 8BC2
mov eax, edx

|:0042C8C2(C)
|
:0042C8C6 C3
ret
:0042C8C7 90
nop
|:0042C92A , :0042C93B , :0042C97A
|
:0042C8C8 55
push ebp
:0042C8C9 8BEC
mov ebp, esp
:0042C8CB 53
push ebx
:0042C8CC 8BD8
mov ebx, eax
:0042C8CE 8B5508
:0042C8D1 3B5AFC
cmp ebx, dword ptr [edx-04]
:0042C8D4 7449
je 0042C91F
:0042C8D6 8B5314
:0042C8D9 8A5210
:0042C8DC 8B4D08
:0042C8DF 8B49FC
:0042C8E2 8B4914
:0042C8E5 3A5110
cmp dl, byte ptr [ecx+10]
:0042C8E8 7535
jne 0042C91F
:0042C8EA 8B5508
:0042C8ED 8B52FC
:0042C8F0 8B5220
:0042C8F3 3B5320
:0042C8F6 7D27
jge 0042C91F
:0042C8F8 837B0400
:0042C8FC 740D
je 0042C90B
:0042C8FE 8B4304
:0042C901 85C0
test eax, eax
:0042C903 741A
je 0042C91F
:0042C905 80784700
:0042C909 7414
je 0042C91F
|:0042C8FC(C)
|
:0042C90B 8B4508
:0042C90E 8B40F8
:0042C911 8B5320
:0042C914 E8A7FFFFFF
:0042C919 8B5508
:0042C91C 8942F8

call 0042C8C0

|:0042C8D4(C), :0042C8E8(C), :0042C8F6(C), :0042C903(C), :0042C909(C)
|
:0042C91F 8B430C
:0042C922 85C0
test eax, eax
:0042C924 740A
je 0042C930
:0042C926 8B5508
:0042C929 52
push edx
call 0042C8C8
:0042C92F 59
pop ecx
|:0042C924(C)
|
:0042C930
:0042C933
:0042C935
:0042C937
:0042C93A
:0042C93B
:0042C940
8B4308
85C0
740A
8B5508
52
E888FFFFFF
59

test eax, eax
je 0042C941
push edx
call 0042C8C8
pop ecx

|:0042C935(C)
|
:0042C941 5B
pop ebx
:0042C942 5D
pop ebp
:0042C943 C3
ret

|:0042CAAD , :0042CAE9
|
:0042C944 55
push ebp
:0042C945 8BEC
mov ebp, esp
:0042C947 83C4F8
add esp, FFFFFFF8
:0042C94A 53
push ebx
:0042C94B 8955FC
:0042C94E 8BD8
mov ebx, eax
:0042C950 8B45FC
:0042C953 8B400C
:0042C956 85C0
test eax, eax
:0042C958 7408
je 0042C962
:0042C95A 8B4020
:0042C95D 8945F8
:0042C960 EB11
jmp 0042C973
|:0042C958(C)
|
:0042C962 8B45FC
:0042C965 E832E1FFFF
:0042C96A 8B55FC
:0042C96D 034220
:0042C970 8945F8
|:0042C960(U)
|
:0042C973 55
:0042C974 8B4360
:0042C977 8B4008
:0042C97F 59
:0042C980 8B45F8
:0042C983 5B
:0042C984 59
:0042C985 59
:0042C986 5D
:0042C987 C3

call 0042AA9C
add eax, dword ptr [edx+20]
push ebp
call 0042C8C8
pop ecx
pop ebx
pop ecx
pop ecx
pop ebp
ret

|:0042CA4B
|
:0042C988 55
push ebp
:0042C989 8BEC
mov ebp, esp
:0042C98B 83C4E0
add esp, FFFFFFE0
:0042C98E 53
push ebx
:0042C98F 56
push esi
:0042C990 57
push edi
:0042C991 8BF2
mov esi, edx
:0042C993 8BF8
mov edi, eax
:0042C995 B304
mov bl, 04
:0042C997 85F6
test esi, esi
:0042C999 744E
je 0042C9E9
:0042C99B 8D55F0
:0042C99E 8BC7
mov eax, edi
:0042C9A0 E8B361FFFF
call 00422B58
:0042C9A5 8D55E0
:0042C9A8 8BC6
mov eax, esi
:0042C9AA E8A961FFFF
call 00422B58
:0042C9AF 8B45E4
:0042C9B2 0345EC
:0042C9B5 D1F8
sar eax, 1
:0042C9B7 7903
jns 0042C9BC
:0042C9B9 83D000
adc eax, 00000000
|:0042C9B7(C)
|
:0042C9BC 3B45F4
:0042C9BF 7F02
jg 0042C9C3
:0042C9C1 B302
mov bl, 02
|:0042C9BF(C)
|
:0042C9C3 8B45F4
:0042C9C6 3B45E4
:0042C9C9 7F0C
jg 0042C9D7
:0042C9CB 8B45F8
:0042C9CE 3B45E8
:0042C9D1 7C04
jl 0042C9D7
:0042C9D3 B301
mov bl, 01
:0042C9D5 EB12
jmp 0042C9E9
|:0042C9C9(C), :0042C9D1(C)
|
:0042C9D7 8B45F0
:0042C9DA 3B45E0
:0042C9DD 7F0A
:0042C9DF 8B45FC
:0042C9E2 3B45EC
:0042C9E5 7C02
:0042C9E7 B303

mov eax, dword
cmp eax, dword
jg 0042C9E9
mov eax, dword
cmp eax, dword
jl 0042C9E9
mov bl, 03
ptr [ebp-10]
ptr [ebp-20]
ptr [ebp-04]
ptr [ebp-14]

|:0042C999(C), :0042C9D5(U), :0042C9DD(C), :0042C9E5(C)
|
:0042C9E9 8BC3
mov eax, ebx
:0042C9EB
:0042C9EC
:0042C9ED
:0042C9EE
:0042C9F0
:0042C9F1
5F
5E
5B
8BE5
5D
C3
:0042C9F2 8BC0
pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:0042CB83
|
:0042C9F4 53
push ebx
:0042C9F5 56
push esi
:0042C9F6 57
push edi
:0042C9F7 83C4EC
add esp, FFFFFFEC
:0042C9FA 8BFA
mov edi, edx
:0042C9FC 8BF0
mov esi, eax
:0042C9FE 84C9
test cl, cl
:0042CA00 745B
je 0042CA5D
:0042CA02 8BD7
mov edx, edi
:0042CA04 8BC6
mov eax, esi
:0042CA06 E805E7FFFF
call 0042B110
:0042CA0B 85C0
test eax, eax
:0042CA0D 7557
jne 0042CA66
:0042CA0F 8D4C240C
:0042CA13 8B5734
:0042CA16 8B4730
:0042CA19 E862F7FDFF
call 0040C180
:0042CA1E 8D54240C
:0042CA22 8D4C2404
:0042CA26 8B4614
:0042CA29 E89A62FFFF
call 00422CC8
:0042CA2E 8D542404
:0042CA32 8BCC
mov ecx, esp
:0042CA34 8BC6
mov eax, esi
:0042CA36 E8E5EDFFFF
call 0042B820
:0042CA3B 85C0
test eax, eax
:0042CA3D 7405
je 0042CA44
:0042CA3F 8B5804
:0042CA42 EB02
jmp 0042CA46
|:0042CA3D(C)
|
:0042CA44 33DB
xor ebx, ebx
|:0042CA42(U)
|
:0042CA46 53
:0042CA47 8BD3
:0042CA49 8BC7
:0042CA4B E838FFFFFF
:0042CA50 8BC8
:0042CA52 8BD7
:0042CA54 8BC6
:0042CA56 8B18
:0042CA58 FF5308

push ebx
mov edx, ebx
mov eax, edi
call 0042C988
mov ecx, eax
mov edx, edi
mov eax, esi
call [ebx+08]
:0042CA5B EB09
jmp 0042CA66

|:0042CA00(C)
|
:0042CA5D 8BD7
mov edx, edi
:0042CA5F 8BC6
mov eax, esi
:0042CA61 8B08
:0042CA63 FF5118
call [ecx+18]
|:0042CA0D(C), :0042CA5B(U)
|
:0042CA66 83C414
:0042CA69 5F
:0042CA6A 5E
:0042CA6B 5B
:0042CA6C C3
:0042CA6D 8D4000
add
pop
pop
pop
ret
esp, 00000014
edi
esi
ebx

|:0042CBBD
|
:0042CA70 55
push ebp
:0042CA71 8BEC
mov ebp, esp
:0042CA73 53
push ebx
:0042CA74 56
push esi
:0042CA75 8B5D08
:0042CA78 83C3FC
add ebx, FFFFFFFC
:0042CA7B 8B03
:0042CA7D 8B705C
:0042CA80 8B4614
:0042CA83 80781001
:0042CA87 753C
jne 0042CAC5
:0042CA89 8BC6
mov eax, esi
:0042CA8B BA02000000
mov edx, 00000002
:0042CA90 E84FE0FFFF
call 0042AAE4
:0042CA95 8B13
:0042CA97 03420C
add eax, dword ptr [edx+0C]
:0042CA9A 8B13
:0042CA9C 3B4250
:0042CA9F 7C05
jl 0042CAA6
:0042CAA1 8B13
:0042CAA3 894250
|:0042CA9F(C)
|
:0042CAA6 8B03
:0042CAA8 8B505C
:0042CAAB 8B03
:0042CAAD E892FEFFFF
:0042CAB2 8B13
:0042CAB4 2B420C
:0042CAB7 8B13
:0042CAB9 3B4250
:0042CABC 7F41
:0042CABE 8B13

mov eax, dword
mov edx, dword
mov eax, dword
call 0042C944
mov edx, dword
sub eax, dword
mov edx, dword
cmp eax, dword
jg 0042CAFF
mov edx, dword
ptr [ebx]
ptr [eax+5C]
ptr [ebx]
ptr
ptr
ptr
ptr
[ebx]
[edx+0C]
[ebx]
[edx+50]
ptr [ebx]
:0042CAC0 894250
:0042CAC3 EB3A

jmp 0042CAFF
|:0042CA87(C)
|
:0042CAC5 8BC6
:0042CAC7 BA01000000
:0042CACC E813E0FFFF
:0042CAD1 8B13
:0042CAD3 03420C
:0042CAD6 8B13
:0042CAD8 3B424C
:0042CADB 7C05
:0042CADD 8B13
:0042CADF 89424C
|:0042CADB(C)
|
:0042CAE2 8B03
:0042CAE4 8B505C
:0042CAE7 8B03
:0042CAE9 E856FEFFFF
:0042CAEE 8B13
:0042CAF0 2B420C
:0042CAF3 8B13
:0042CAF5 3B424C
:0042CAF8 7F05
:0042CAFA 8B13
:0042CAFC 89424C
mov eax, esi

mov edx, 00000001
call 0042AAE4
add eax, dword ptr [edx+0C]
jl 0042CAE2

call 0042C944
sub eax, dword ptr [edx+0C]
jg 0042CAFF

|:0042CABC(C), :0042CAC3(U), :0042CAF8(C)
|
:0042CAFF 5E
pop esi
:0042CB00 5B
pop ebx
:0042CB01 5D
pop ebp
:0042CB02 C3
ret
:0042CB03
:0042CB04
:0042CB05
:0042CB07
:0042CB0A
:0042CB0B
:0042CB0C
:0042CB0D
:0042CB0F
:0042CB12
:0042CB14
:0042CB17
:0042CB19
:0042CB1A
:0042CB1F
:0042CB22
:0042CB25
:0042CB27
:0042CB2C
90
55
8BEC
83C4D4
53
56
57
33C9
894DD4
8BDA
8945FC
33C0
55
68B1CE4200
64FF30
648920
8B03
3D02020000
7F22
nop
push ebp
mov ebp, esp
add esp, FFFFFFD4
push ebx
push esi
push edi
xor ecx, ecx
mov ebx, edx
xor eax, eax
push ebp
push 0042CEB1
cmp eax, 00000202
jg 0042CB50
:0042CB2E
:0042CB34
:0042CB37
:0042CB3D
:0042CB42
:0042CB44
:0042CB45
:0042CB4B
0F8477010000
83E820
0F84DF010000
2DE0010000
7449
48
0F84D4000000
E940030000
je 0042CCAB
sub eax, 00000020
je 0042CD1C
sub eax, 000001E0
je 0042CB8D
dec eax
je 0042CC1F
jmp 0042CE90
|:0042CB2C(C)
|
:0042CB50 2D03020000
:0042CB55 7479
:0042CB57 2D2DAE0000
:0042CB5C 0F8461020000
:0042CB62 83E812
:0042CB65 0F8525030000
:0042CB6B 8B4308
:0042CB6E 81380BB00000
:0042CB74 0F8516030000
:0042CB7A 8A4804
:0042CB7D 8B5304
:0042CB80 8B45FC
:0042CB83 E86CFEFFFF
:0042CB88 E903030000
|:0042CB42(C)
|
:0042CB8D 8B45FC
:0042CB90 83785C00
:0042CB94 0F84F6020000
:0042CB9A 8B45FC
:0042CB9D E84AFCFFFF
:0042CBA2 8D55D8
:0042CBA5 8B4308
:0042CBA8 E85799FDFF
:0042CBAD 8B45FC
:0042CBB0 8B55D8
:0042CBB3 89504C
:0042CBB6 8B55DC
:0042CBB9 895050
:0042CBBC 55
:0042CBBD E8AEFEFFFF
:0042CBC2 59
:0042CBC3 8B45FC
:0042CBC6 E821FCFFFF
:0042CBCB E9C0020000
|:0042CB55(C)
|
:0042CBD0 8D55D8
:0042CBD3 8B4308
:0042CBD6 E82999FDFF
:0042CBDB 8D55D8
:0042CBDE 8D4DF0
:0042CBE1 8B45FC
:0042CBE4 E837ECFFFF
sub eax, 00000203

je 0042CBD0
sub eax, 0000AE2D
je 0042CDC3
sub eax, 00000012
jne 0042CE90
cmp dword ptr [eax], 0000B00B
jne 0042CE90
call 0042C9F4
jmp 0042CE90

je 0042CE90
call 0042C7EC
call 00406504
push ebp
call 0042CA70
pop ecx
call 0042C7EC
jmp 0042CE90
lea edx, dword

mov eax, dword
call 00406504
lea edx, dword
lea ecx, dword
mov eax, dword
call 0042B820
ptr [ebp-28]
ptr [ebx+08]
ptr [ebp-28]
ptr [ebp-10]
ptr [ebp-04]
:0042CBE9
:0042CBEB
:0042CBED
:0042CBF3
:0042CBF7
:0042CBFD
:0042CC01
:0042CC07
:0042CC0C
:0042CC0E
:0042CC10
:0042CC12
:0042CC15
:0042CC1A
8BF0
85F6
0F849D020000
837E0400
0F8493020000
837DF002
0F8589020000
E84050FFFF
6A01
33C9
33D2
8B4604
E80671FFFF
E971020000
mov esi, eax

test esi, esi
je 0042CE90
je 0042CE90
jne 0042CE90
call 00421C4C
push 00000001
xor ecx, ecx
xor edx, edx
call 00423D20
jmp 0042CE90
|:0042CB45(C)
|
:0042CC1F 8D55F4
:0042CC22 8B4308
:0042CC25 E8DA98FDFF
:0042CC2A 8D4DF0
:0042CC2D 8D55F4
:0042CC30 8B45FC
:0042CC33 E8E8EBFFFF
:0042CC38 8BF0
:0042CC3A 85F6
:0042CC3C 0F844E020000
:0042CC42 837DF012
:0042CC46 7512
:0042CC48 8D4DF4
:0042CC4B 8BD6
:0042CC4D 8B45FC
:0042CC50 E89BFAFFFF
:0042CC55 E936020000
|:0042CC46(C)
|
:0042CC5A 837DF002
:0042CC5E 0F852C020000
:0042CC64 8B5E04
:0042CC67 8BC3
:0042CC69 8B15CCF94100
:0042CC6F E81C61FDFF
:0042CC74 84C0
:0042CC76 740A
:0042CC78 8BC3
:0042CC7A 8B10
:0042CC7C FF92B4000000
|:0042CC76(C)
|
:0042CC82 8B4604
:0042CC85 80B88700000001
:0042CC8C 0F8509020000
:0042CC92 80784D01
:0042CC96 0F85FF010000
:0042CC9C 83C9FF

call 00406504
call 0042B820
mov esi, eax
test esi, esi
je 0042CE90
jne 0042CC5A
mov edx, esi
call 0042C6F0
jmp 0042CE90

jne 0042CE90
mov eax, ebx
call 00402D90
test al, al
je 0042CC82
mov eax, ebx

jne 0042CE9B
cmp byte ptr [eax+4D], 01
jne 0042CE9B
or ecx, FFFFFFFF
:0042CC9F 33D2
:0042CCA1 E83A6BFFFF
:0042CCA6 E9F0010000
xor edx, edx

call 004237E0
jmp 0042CE9B
|:0042CB2E(C)
|
:0042CCAB 8B45FC
:0042CCAE 83785C00
:0042CCB2 755B
:0042CCB4 8D55F4
:0042CCB7 8B4308
:0042CCBA E84598FDFF
:0042CCBF 8D4DF0
:0042CCC2 8D55F4
:0042CCC5 8B45FC
:0042CCC8 E853EBFFFF
:0042CCCD 8BF0
:0042CCCF 85F6
:0042CCD1 0F84B9010000
:0042CCD7 837DF014
:0042CCDB 0F85AF010000
:0042CCE1 8B7E04
:0042CCE4 8BC7
:0042CCE6 8B153C504300
:0042CCEC E89F60FDFF
:0042CCF1 84C0
:0042CCF3 740C
:0042CCF5 8BC7
:0042CCF7 E8C4EF0000
:0042CCFC E98F010000
|:0042CCF3(C)
|
:0042CD01 33D2
:0042CD03 8BC7
:0042CD05 E88A63FFFF
:0042CD0A E981010000
|:0042CCB2(C)
|
:0042CD0F 8B45FC
:0042CD12 E839FAFFFF
:0042CD17 E974010000

jne 0042CD0F
call 00406504
call 0042B820
mov esi, eax
test esi, esi
je 0042CE90
jne 0042CE90
mov eax, edi
call 00402D90
test al, al
je 0042CD01
mov eax, edi
call 0043BCC0
jmp 0042CE90
xor edx, edx

mov eax, edi
call 00423094
jmp 0042CE90

call 0042C750
jmp 0042CE90

|:0042CB37(C)
|
:0042CD1C 8D45F4
:0042CD1F 50
push eax
|
:0042CD20 E81B94FDFF
Call 00406140
:0042CD25 8D4DD8
lea ecx, dword
:0042CD28 8D55F4
lea edx, dword
:0042CD2B 8B45FC
mov eax, dword
:0042CD2E 8B4014
mov eax, dword
ptr
ptr
ptr
ptr
[ebp-28]
[ebp-0C]
[ebp-04]
[eax+14]
:0042CD31
:0042CD36
:0042CD39
:0042CD3C
:0042CD3F
:0042CD42
:0042CD47
:0042CD4D
:0042CD50
:0042CD53
:0042CD58
:0042CD5B
:0042CD61
:0042CD64
:0042CD67
:0042CD6C
:0042CD6E
:0042CD74
:0042CD77
:0042CD7A
:0042CD7D
:0042CD82
:0042CD84
:0042CD86
:0042CD8C
:0042CD90
:0042CD96
:0042CD99
:0042CD9D
:0042CDA5
:0042CDAA
:0042CDAC
:0042CDB1
E8BE5FFFFF
8B45D8
8945F4
8B45DC
8945F8
66837B0801
0F8543010000
8B45FC
8B4014
E8A8C1FFFF
3B4304
0F852F010000
8B45FC
8B4014
E8DCAAFFFF
85C0
0F8E1C010000
8D4DF0
8D55F4
8B45FC
E89EEAFFFF
8BF0
85F6
0F8404010000
837DF012
0F85FA000000
8B4614
0FB64010
0FBF14451C274400
A1382D4400
8B00
E87B040100
50
call 00422CF4
jne 0042CE90
call 00428F00
jne 0042CE90
call 00427848
test eax, eax
jle 0042CE90
call 0042B820
mov esi, eax
test esi, esi
je 0042CE90
jne 0042CE90
movsx edx, word ptr [2*eax+0044271C]
call 0043D22C
push eax

|
:0042CDB2 E8E995FDFF
Call 004063A0
:0042CDB7 C7430C01000000
mov [ebx+0C], 00000001
:0042CDBE E9D8000000
jmp 0042CE9B
|:0042CB5C(C)
|
:0042CDC3 8BD3
:0042CDC5 8B75FC
:0042CDC8 8B4634
:0042CDCB FF5630
:0042CDCE 837B0C00
:0042CDD2 0F85C3000000
:0042CDD8 8D4DF0
:0042CDDB 8B4308
:0042CDDE 8D5028
:0042CDE1 8B45FC
:0042CDE4 8B30
:0042CDE6 FF5604
:0042CDE9 8BF0
:0042CDEB 837DF012
:0042CDEF 7510
:0042CDF1 8B4308
:0042CDF4 83C038

mov edx, ebx
call [esi+30]
jne 0042CE9B
call [esi+04]
mov esi, eax
jne 0042CE01
add eax, 00000038
:0042CDF7 E8BC69FDFF
:0042CDFC E99A000000
call 004037B8
jmp 0042CE9B
|:0042CDEF(C)
|
:0042CE01 85F6
:0042CE03 0F8492000000
:0042CE09 8B45F0
:0042CE0C 83E802
:0042CE0F 7409
:0042CE11 83E812
:0042CE14 0F8581000000
|:0042CE0F(C)
|
:0042CE1A 8D55E0
:0042CE1D 8BC6
:0042CE1F E8345DFFFF
:0042CE24 8D4DE0
:0042CE27 8BD6
:0042CE29 8B45FC
:0042CE2C 8B38
:0042CE2E FF17
:0042CE30 8B45E0
:0042CE33 2B4630
:0042CE36 03C0
:0042CE38 2945E0
:0042CE3B 8B45E4
:0042CE3E 2B4634
:0042CE41 03C0
:0042CE43 2945E4
:0042CE46 8B4638
:0042CE49 8B55E8
:0042CE4C 2B55E0
:0042CE4F 2BC2
:0042CE51 03C0
:0042CE53 2945E8
:0042CE56 8B463C
:0042CE59 8B55EC
:0042CE5C 2B55E4
:0042CE5F 2BC2
:0042CE61 03C0
:0042CE63 2945EC
:0042CE66 8D55D4
:0042CE69 8BC6
:0042CE6B E83463FFFF
:0042CE70 8B55D4
:0042CE73 8B4308
:0042CE76 83C038
:0042CE79 E88E69FDFF
:0042CE7E 8B4308
:0042CE81 8D7818
:0042CE84 8D75E0
:0042CE87 B904000000
:0042CE8C F3
:0042CE8D A5
:0042CE8E EB0B
test esi, esi

je 0042CE9B
sub eax, 00000002
je 0042CE1A
sub eax, 00000012
jne 0042CE9B

mov eax, esi
call 00422B58
mov edx, esi
sub eax, dword ptr [esi+30]
add eax, eax
sub eax, dword ptr [esi+34]
add eax, eax
sub dword ptr [ebp-1C], eax
sub eax, edx
add eax, eax
sub edx, dword ptr [ebp-1C]
sub eax, edx
add eax, eax
mov eax, esi
call 004231A4
add eax, 00000038
call 0040380C
mov ecx, 00000004
repz
movsd
jmp 0042CE9B

|:0042CB4B(U), :0042CB65(C), :0042CB74(C), :0042CB88(U), :0042CB94(C)
|:0042CBCB(U), :0042CBED(C), :0042CBF7(C), :0042CC01(C), :0042CC1A(U)
|:0042CC3C(C), :0042CC55(U), :0042CC5E(C), :0042CCD1(C), :0042CCDB(C)
|:0042CCFC(U), :0042CD0A(U), :0042CD17(U), :0042CD47(C), :0042CD5B(C)
|:0042CD6E(C), :0042CD86(C), :0042CD90(C)
|
:0042CE90 8BD3
mov edx, ebx
:0042CE92 8B5DFC
:0042CE95 8B4334
:0042CE98 FF5330
call [ebx+30]
|:0042CC8C(C), :0042CC96(C), :0042CCA6(U), :0042CDBE(U), :0042CDD2(C)
|:0042CDFC(U), :0042CE03(C), :0042CE14(C), :0042CE8E(U)
|
:0042CE9B 33C0
xor eax, eax
:0042CE9D 5A
pop edx
:0042CE9E 59
pop ecx
:0042CE9F 59
pop ecx
:0042CEA0 648910
|
:0042CEA3 68B8CE4200
push 0042CEB8
|:0042CEB6(U)
|
:0042CEA8 8D45D4
:0042CEAB E80869FDFF
:0042CEB0 C3
:0042CEB1
:0042CEB6
:0042CEB8
:0042CEB9
:0042CEBA
:0042CEBB
:0042CEBD
:0042CEBE
jmp
jmp
pop
pop
pop
mov
pop
ret
E9C263FDFF
EBF0
5F
5E
5B
8BE5
5D
C3
:0042CEBF 90

call 004037B8
ret
00403278
0042CEA8
edi
esi
ebx
esp, ebp
ebp
nop

|:0042D4FC
|
:0042CEC0 53
push ebx
:0042CEC1 56
push esi
:0042CEC2 84D2
test dl, dl
:0042CEC4 7408
je 0042CECE
:0042CEC6 83C4F0
add esp, FFFFFFF0
:0042CEC9 E83660FDFF
call 00402F04
|:0042CEC4(C)
|
:0042CECE 8BDA
mov ebx, edx
:0042CED0
:0042CED2
:0042CED4
:0042CED6
:0042CEDB
:0042CEDF
:0042CEE6
:0042CEEB
:0042CEEE
:0042CEF0
:0042CEF5
:0042CEF8
8BF0
33D2
8BC6
E8155DFDFF
C6460401
C7460805000000
A14C2D4400
833802
750A
A1182B4400
833804
7D2C
|:0042CEEE(C)
|
:0042CEFA A14C2D4400
:0042CEFF 833801
:0042CF02 751E
:0042CF04 A1182B4400
:0042CF09 833804
:0042CF0C 7F18
:0042CF0E A1182B4400
:0042CF13 833804
:0042CF16 750A
:0042CF18 A1642C4400
:0042CF1D 83380A
:0042CF20 7D04
mov esi, eax

xor edx, edx
mov eax, esi
call 00402BF0
mov [esi+04], 01
mov [esi+08], 00000005
jne 0042CEFA
jge 0042CF26
jne 0042CF22
jg 0042CF26
jne 0042CF22
cmp dword ptr [eax], 0000000A
jge 0042CF26

|:0042CF02(C), :0042CF16(C)
|
:0042CF22 33C0
xor eax, eax
:0042CF24 EB02
jmp 0042CF28
|:0042CEF8(C), :0042CF0C(C), :0042CF20(C)
|
:0042CF26 B001
mov al, 01
|:0042CF24(U)
|
:0042CF28 88460D
:0042CF2B 33D2
:0042CF2D 8BC6
:0042CF2F E8F4000000
:0042CF34 8BC6
:0042CF36 84DB
:0042CF38 740F
:0042CF3A E81D60FDFF
:0042CF3F 648F0500000000
:0042CF46 83C40C

mov byte ptr [esi+0D], al
xor edx, edx
mov eax, esi
call 0042D028
mov eax, esi
test bl, bl
je 0042CF49
call 00402F5C
add esp, 0000000C

|:0042CF38(C)
|
:0042CF49 8BC6
mov eax, esi
:0042CF4B 5E
pop esi
:0042CF4C 5B
pop ebx
:0042CF4D C3
ret
:0042CF4E
:0042CF50
:0042CF51
:0042CF52
:0042CF57
:0042CF59
:0042CF5B
:0042CF5D
:0042CF5F
:0042CF64
:0042CF66
:0042CF69
:0042CF6B
:0042CF70
:0042CF72
:0042CF74
:0042CF76
mov eax, eax

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 0042D000
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 0042CF7B
mov eax, esi
call 00402F54
8BC0
53
56
E80D60FDFF
8BDA
8BF0
33D2
8BC6
E89C000000
8BD3
80E2FC
8BC6
E8A05CFDFF
84DB
7E07
8BC6
E8D95FFDFF

|:0042CF72(C)
|
:0042CF7B 5E
pop esi
:0042CF7C 5B
pop ebx
:0042CF7D C3
ret
:0042CF7E 8BC0
mov eax, eax

|:0042D008
|
|
:0042CF80 E89391FDFF
Call 00406118
:0042CF85 C3
ret
:0042CF86 8BC0
mov eax, eax

|:0042D039
|
:0042CF88 53
push ebx
:0042CF89 8BD8
mov ebx, eax
:0042CF8B 6A13
push 00000013
:0042CF8D A1302B4400
:0042CF92 8B00
:0042CF94 FFD0
call eax
:0042CF96 F7D8
neg eax
:0042CF98 1BC0
sbb eax, eax
:0042CF9A F7D8
neg eax
:0042CF9C 88430C
mov byte ptr [ebx+0C], al
:0042CF9F 5B
pop ebx
:0042CFA0 C3
ret
:0042CFA1 8D4000

|:0042D04F
|
:0042CFA4 53
push ebx
:0042CFA5 56
push esi
:0042CFA6 8BF0
mov esi, eax
:0042CFA8 6A4B
push 0000004B
:0042CFAA A1302B4400
:0042CFAF 8B00
:0042CFB1 FFD0
call eax
:0042CFB3 F7D8
neg eax
:0042CFB5 1BDB
sbb ebx, ebx
:0042CFB7 F7DB
neg ebx
:0042CFB9 885E20
:0042CFBC 84DB
test bl, bl
:0042CFBE 740F
je 0042CFCF
:0042CFC0 6A00
push 00000000
:0042CFC2 8D4610
:0042CFC5 50
push eax
:0042CFC6 6A00
push 00000000
:0042CFC8 6A68
push 00000068
|
:0042CFCA E87994FDFF
Call 00406448
|:0042CFBE(C)
|
:0042CFCF 5E
pop esi
:0042CFD0 5B
pop ebx
:0042CFD1 C3
ret
:0042CFD2 8BC0
mov eax, eax

|:0042D046
|
:0042CFD4 53
push ebx
:0042CFD5 51
push ecx
:0042CFD6 8BD8
mov ebx, eax
:0042CFD8 54
push esp
:0042CFD9 8D4310
:0042CFDC 50
push eax
:0042CFDD 8D4B14
lea ecx, dword ptr [ebx+14]
:0042CFE0 8D5324
:0042CFE3 8D431C
:0042CFE6 E87995FDFF
call 00406564
:0042CFEB 894318
:0042CFEE 8B0424
:0042CFF1 F7D8
neg eax
:0042CFF3 1BC0
sbb eax, eax
:0042CFF5 F7D8
neg eax
:0042CFF7 884320
:0042CFFA 5A
pop edx
:0042CFFB 5B
pop ebx
:0042CFFC C3
ret
:0042CFFD 8D4000

|:0042C711 , :0042C75A , :0042CF5F
|
:0042D000 53
push ebx
:0042D001 56
push esi
:0042D002 8BF2
mov esi, edx
:0042D004 8BD8
mov ebx, eax
:0042D006 8BC3
mov eax, ebx
call 0042CF80
:0042D00D 3BF0
cmp esi, eax
:0042D00F 7411
je 0042D022
:0042D011 85F6
test esi, esi
:0042D013 7507
jne 0042D01C
|
:0042D015 E83E93FDFF
Call 00406358
:0042D01A EB06
jmp 0042D022
|:0042D013(C)
|
:0042D01C 56
push esi
|
:0042D01D E87693FDFF
Call 00406398
|:0042D00F(C), :0042D01A(U)
|
:0042D022 5E
:0042D023 5B
:0042D024 C3
:0042D025 8D4000
pop esi
pop ebx
ret

|:0042CF2F , :0043E79E
|
:0042D028 53
push ebx
:0042D029 8BD8
mov ebx, eax
:0042D02B 83EA01
sub edx, 00000001
:0042D02E 7207
jb 0042D037
:0042D030 83EA67
sub edx, 00000067
:0042D033 7421
je 0042D056
:0042D035 EB50
jmp 0042D087
|:0042D02E(C)
|
:0042D037 8BC3
:0042D039 E84AFFFFFF
:0042D03E 807B0D00
:0042D042 7509

mov eax, ebx
call 0042CF88
jne 0042D04D
:0042D044 8BC3
:0042D04B EB3A
mov eax, ebx

call 0042CFD4
jmp 0042D087
|:0042D042(C)
|
:0042D04D 8BC3
:0042D04F E850FFFFFF
:0042D054 5B
:0042D055 C3
|:0042D033(C)
|
:0042D056 807B2000
:0042D05A 742B
:0042D05C 807B0D00
:0042D060 7411
:0042D062 6A00
:0042D064 8D4310
:0042D067 50
:0042D068 6A00
:0042D06A 6A68
mov eax, ebx

call 0042CFA4
pop ebx
ret

je 0042D087
je 0042D073
push 00000000
push eax
push 00000000
push 00000068

|
:0042D06C E8D793FDFF
Call 00406448
:0042D071 EB14
jmp 0042D087
|:0042D060(C)
|
:0042D073 6A00
push 00000000
:0042D075 6A00
push 00000000
:0042D077 8B4314
:0042D07A 50
push eax
:0042D07B 8B4318
:0042D07E 50
push eax
|
:0042D07F E80493FDFF
Call 00406388
:0042D084 894310
|:0042D035(U), :0042D04B(U), :0042D05A(C), :0042D071(U)
|
:0042D087 5B
pop ebx
:0042D088 C3
ret
:0042D089 8D4000

|:0042D4F0
|
:0042D08C 55
push ebp
:0042D08D
:0042D08F
:0042D090
:0042D091
:0042D096
:0042D09A
:0042D0A0
8BEC
51
53
A1502D4400
80780800
0F8459010000
6800800000
mov ebp, esp

push ecx
push ebx
je 0042D1F9
push 00008000

|
:0042D0A5 E8CE8CFDFF
Call 00405D78
:0042D0AA 8945FC
:0042D0AD 33C0
xor eax, eax
:0042D0AF 55
push ebp
:0042D0B0 68F2D14200
push 0042D1F2
:0042D0B5 64FF30
:0042D0B8 648920
:0042D0BB 833D6437440000
cmp dword ptr [00443764], 00000000
:0042D0C2 751C
jne 0042D0E0
* Possible StringData Ref from Code Obj ->"USER32"
|
:0042D0C4 6800D24200
push 0042D200
|
:0042D0C9 E8F28BFDFF
Call 00405CC0
:0042D0CE 8BD8
mov ebx, eax
* Possible StringData Ref from Code Obj ->"WINNLSEnableIME"
|
:0042D0D0 6808D24200
push 0042D208
:0042D0D5 53
push ebx
|
:0042D0D6 E8ED8BFDFF
Call 00405CC8
:0042D0DB A364374400
|:0042D0C2(C)
|
:0042D0E0 833D2427440000
cmp dword ptr [00442724], 00000000
:0042D0E7 0F85EE000000
jne 0042D1DB
* Possible StringData Ref from Code Obj ->"IMM32.DLL"
|
:0042D0ED 6818D24200
push 0042D218
|
:0042D0F2 E8518CFDFF
Call 00405D48
:0042D0F7 A324274400
:0042D0FC 833D2427440000
cmp dword ptr [00442724], 00000000
:0042D103 0F84D2000000
je 0042D1DB
* Possible StringData Ref from Code Obj ->"ImmGetContext"
|
:0042D109 6824D24200
push 0042D224
:0042D10E A124274400
:0042D113 50
push eax

|
:0042D114 E8AF8BFDFF
Call 00405CC8
:0042D119 A368374400
* Possible StringData Ref from Code Obj ->"ImmReleaseContext"
|
:0042D11E 6834D24200
push 0042D234
:0042D123 A124274400
:0042D128 50
push eax
|
:0042D129 E89A8BFDFF
Call 00405CC8
:0042D12E A36C374400
* Possible StringData Ref from Code Obj ->"ImmGetConversionStatus"
|
:0042D133 6848D24200
push 0042D248
:0042D138 A124274400
:0042D13D 50
push eax
|
:0042D13E E8858BFDFF
Call 00405CC8
:0042D143 A370374400
* Possible StringData Ref from Code Obj ->"ImmSetConversionStatus"
|
:0042D148 6860D24200
push 0042D260
:0042D14D A124274400
:0042D152 50
push eax
|
:0042D153 E8708BFDFF
Call 00405CC8
:0042D158 A374374400
* Possible StringData Ref from Code Obj ->"ImmSetOpenStatus"
|
:0042D15D 6878D24200
push 0042D278
:0042D162 A124274400
:0042D167 50
push eax
|
:0042D168 E85B8BFDFF
Call 00405CC8
:0042D16D A378374400
* Possible StringData Ref from Code Obj ->"ImmSetCompositionWindow"
|
:0042D172 688CD24200
push 0042D28C
:0042D177 A124274400
:0042D17C 50
push eax
|
:0042D17D E8468BFDFF
Call 00405CC8
:0042D182 A37C374400
* Possible StringData Ref from Code Obj ->"ImmSetCompositionFontA"

|
:0042D187 68A4D24200
push 0042D2A4
:0042D18C A124274400
:0042D191 50
push eax
|
:0042D192 E8318BFDFF
Call 00405CC8
:0042D197 A380374400
* Possible StringData Ref from Code Obj ->"ImmGetCompositionStringA"
|
:0042D19C 68BCD24200
push 0042D2BC
:0042D1A1 A124274400
:0042D1A6 50
push eax
|
:0042D1A7 E81C8BFDFF
Call 00405CC8
:0042D1AC A384374400
* Possible StringData Ref from Code Obj ->"ImmIsIME"
|
:0042D1B1 68D8D24200
push 0042D2D8
:0042D1B6 A124274400
:0042D1BB 50
push eax
|
:0042D1BC E8078BFDFF
Call 00405CC8
:0042D1C1 A388374400
* Possible StringData Ref from Code Obj ->"ImmNotifyIME"
|
:0042D1C6 68E4D24200
push 0042D2E4
:0042D1CB A124274400
:0042D1D0 50
push eax
|
:0042D1D1 E8F28AFDFF
Call 00405CC8
:0042D1D6 A38C374400
|:0042D0E7(C), :0042D103(C)
|
:0042D1DB 33C0
:0042D1DD 5A
:0042D1DE 59
:0042D1DF 59
:0042D1E0 648910

xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0042D1E3 68F9D14200
push 0042D1F9
|:0042D1F7(U)
|
:0042D1E8 8B45FC
:0042D1EB 50

push eax

|
:0042D1EC E8878BFDFF
Call 00405D78
:0042D1F1 C3
ret
:0042D1F2 E98160FDFF
:0042D1F7 EBEF
jmp 00403278
jmp 0042D1E8

|:0042D09A(C)
|
:0042D1F9 5B
pop ebx
:0042D1FA 59
pop ecx
:0042D1FB 5D
pop ebp
:0042D1FC C3
ret
:0042D1FD 000000
BYTE 3 DUP(0)
:0042D200
:0042D201
:0042D202
:0042D203
:0042D204
:0042D206
:0042D208
:0042D209
:0042D20A
:0042D20B
:0042D20C
:0042D20D
:0042D20E
:0042D20F
:0042D210
:0042D211
:0042D215
:0042D216
:0042D217
:0042D21A
:0042D21B
:0042D21D
55
53
45
52
3332
0000
57
49
4E
4E
4C
53
45
6E
61
626C6549
4D
45
00494D
4D
3332
2E
push ebp
push ebx
inc ebp
push edx
push edi
dec ecx
dec esi
dec esi
dec esp
push ebx
inc ebp
outsb
popad
dec ebp
inc ebp
add byte ptr [ecx+4D], cl
dec ebp
BYTE 02eh
:0042D21E
:0042D21F
:0042D220
:0042D221
44
4C
4C
000000
inc esp
dec esp
dec esp
BYTE 3 DUP(0)
:0042D224
:0042D225
:0042D226
:0042D227
49
6D
6D
47
dec ecx
insd
insd
inc edi
:0042D228 65
BYTE 065h
:0042D229
:0042D22B
:0042D22C
:0042D22D
:0042D22F
:0042D231
7443
6F
6E
7465
7874
000000
je 0042D26E
outsd
outsb
je 0042D294
js 0042D2A5
BYTE 3 DUP(0)
:0042D234
:0042D235
:0042D236
:0042D237
:0042D238
49
6D
6D
52
65
dec ecx
insd
insd
push edx
BYTE 065h
:0042D239 6C
:0042D23A 65
insb
BYTE 065h
:0042D23B
:0042D23C
:0042D23E
:0042D23F
:0042D240
:0042D241
:0042D243
:0042D245
61
7365
43
6F
6E
7465
7874
000000
popad
jnb 0042D2A3
inc ebx
outsd
outsb
je 0042D2A8
js 0042D2B9
BYTE 3 DUP(0)
:0042D248
:0042D249
:0042D24A
:0042D24B
:0042D24C
49
6D
6D
47
65
dec ecx
insd
insd
inc edi
BYTE 065h
:0042D24D
:0042D24F
:0042D250
:0042D251
:0042D253
:0042D255
:0042D25C
:0042D25E
:0042D260
:0042D261
:0042D262
:0042D263
:0042D264
7443
6F
6E
7665
7273
696F6E53746174
7573
0000
49
6D
6D
53
65
je 0042D292
outsd
outsb
jbe 0042D2B8
jb 0042D2C8
jne 0042D2D1
dec ecx
insd
insd
push ebx
BYTE 065h
:0042D265
:0042D267
:0042D268
:0042D269
:0042D26B
:0042D26D
7443
6F
6E
7665
7273
696F6E53746174
je 0042D2AA
outsd
outsb
jbe 0042D2D0
jb 0042D2E0
:0042D274
:0042D276
:0042D278
:0042D279
:0042D27A
:0042D27B
:0042D27C
7573
0000
49
6D
6D
53
65
jne 0042D2E9
dec ecx
insd
insd
push ebx
BYTE 065h
:0042D27D
:0042D27F
:0042D281
:0042D282
:0042D283
:0042D285
:0042D287
744F
7065
6E
53
7461
7475
7300
je 0042D2CE
jo 0042D2E6
outsb
push ebx
je 0042D2E6
je 0042D2FC
jnb 0042D289

|:0042D287(C)
|
:0042D289 000000
BYTE 3 DUP(0)
:0042D28C 49
dec ecx
:0042D28D 6D
insd
:0042D28E 6D
insd
:0042D28F 53
push ebx
:0042D290 65
BYTE 065h
:0042D291 7443
:0042D293 6F
je 0042D2D6
outsd
|:0042D22D(C)
|
:0042D294 6D
:0042D295 706F
:0042D297 7369
:0042D299 7469
:0042D29B 6F
:0042D29C 6E
:0042D29D 57
:0042D29E 696E646F770049

insd
jo 0042D306
jnb 0042D302
je 0042D304
outsd
outsb
push edi

|:0042D22F(C)
|
:0042D2A5 6D
insd
:0042D2A6 6D
insd
:0042D2A7 53
push ebx
|:0042D241(C)
|
:0042D2A8 65
BYTE 065h
:0042D2A9 7443
je 0042D2EE
:0042D2AB 6F
outsd
:0042D2AC 6D
insd
:0042D2AD 706F
jo 0042D31E
:0042D2AF 7369
jnb 0042D31A
:0042D2B1 7469
je 0042D31C
:0042D2B3
:0042D2B4
:0042D2B5
:0042D2B6
:0042D2B7
6F
6E
46
6F
6E
outsd
outsb
inc esi
outsd
outsb

|:0042D251(C)
|
:0042D2B8 7441
je 0042D2FB
:0042D2BA 0000
:0042D2BC 49
dec ecx
:0042D2BD 6D
insd
:0042D2BE 6D
insd
:0042D2BF 47
inc edi
:0042D2C0 65
BYTE 065h
:0042D2C1
:0042D2C3
:0042D2C4
:0042D2C5
:0042D2C7
:0042D2C9
:0042D2CB
:0042D2CC
:0042D2CD
7443
6F
6D
706F
7369
7469
6F
6E
53
je 0042D306
outsd
insd
jo 0042D336
jnb 0042D332
je 0042D334
outsd
outsb
push ebx

|:0042D27D(C)
|
:0042D2CE 7472
je 0042D342
|:0042D269(C)
|
:0042D2D0 696E6741000000
:0042D2D7 00496D
:0042D2DA 6D
:0042D2DB 49
:0042D2DC 7349
:0042D2DE 4D
:0042D2DF 45
|:0042D26B(C)
|
:0042D2E0 00000000
:0042D2E4 49
:0042D2E5 6D
|:0042D27F(C), :0042D283(C)
|
:0042D2E6 6D
:0042D2E7 4E
:0042D2E8 6F

add byte ptr [ecx+6D], cl
insd
dec ecx
jnb 0042D327
dec ebp
inc ebp
BYTE 4 DUP(0)
dec ecx
insd
insd
dec esi
outsd

|:0042D274(C)
|
:0042D2E9 7469
:0042D2EB 667949
|:0042D2A9(C)
|
:0042D2EE 4D
:0042D2EF 45
:0042D2F0 00000000
je 0042D354
jns 0042D337
dec ebp
inc ebp
BYTE 4 DUP(0)

|:004276B4 , :0042D336 , :0042D344
|
:0042D2F4 833D6437440000
cmp dword ptr [00443764], 00000000
|:0042D2B8(C)
|
:0042D2FB 7409
:0042D2FD 52
:0042D2FE 50
:0042D2FF FF1564374400
:0042D305 C3

je 0042D306
push edx
push eax
ret

|:0042D295(C), :0042D2C1(C), :0042D2FB(C)
|
:0042D306 33C0
xor eax, eax
:0042D308 C3
ret
:0042D309 8D4000

|:00427657
|
:0042D30C 53
push ebx
:0042D30D 56
push esi
:0042D30E 57
push edi
:0042D30F 83C4F8
add esp, FFFFFFF8
:0042D312 8BDA
mov ebx, edx
:0042D314 8BF0
mov esi, eax
:0042D316 A1502D4400
:0042D31B 80780800
:0042D31F 0F84BA000000
je 0042D3DF
:0042D325 80FB03
cmp bl, 03
:0042D328 0F84B1000000
je 0042D3DF
:0042D32E 84DB
test bl, bl
:0042D330 750E
jne 0042D340
|:0042D2C7(C)
|
:0042D332 33D2
xor edx, edx

|:0042D2C9(C)
|
:0042D334 8BC6
mov eax, esi
|:0042D2C5(C)
|
:0042D336 E8B9FFFFFF
call 0042D2F4
:0042D33B E99F000000
jmp 0042D3DF
|:0042D330(C)
|
:0042D340 B201
mov dl, 01
|:0042D2CE(C)
|
:0042D342 8BC6
:0042D344 E8ABFFFFFF
:0042D349 833D2427440000
:0042D350 0F8489000000
:0042D356 56
:0042D357 FF1568374400
:0042D35D 8BF8
:0042D35F 85FF
:0042D361 747C
:0042D363 8D442404
:0042D367 50
:0042D368 8D442404
:0042D36C 50
:0042D36D 57
:0042D36E FF1570374400
:0042D374 8BC3
:0042D376 FEC8
:0042D378 7406
:0042D37A FEC8
:0042D37C 740D
:0042D37E EB16
|:0042D378(C)
|
:0042D380 6A00
:0042D382 57
:0042D383 FF1578374400
:0042D389 EB3B
|:0042D37C(C)
|
:0042D38B 6A01
:0042D38D 57
:0042D38E FF1578374400
:0042D394 EB30
mov eax, esi

call 0042D2F4
cmp dword ptr [00442724], 00000000
je 0042D3DF
push esi
mov edi, eax
test edi, edi
je 0042D3DF
push eax
push eax
push edi
mov eax, ebx
dec al
je 0042D380
dec al
je 0042D38B
jmp 0042D396
push 00000000
push edi
jmp 0042D3C6
push 00000001
push edi
jmp 0042D3C6

|:0042D37E(U)
|
:0042D396
:0042D398
:0042D399
:0042D39F
:0042D3A3
:0042D3A4
:0042D3A8
:0042D3A9
:0042D3AA
:0042D3B0
:0042D3B3
:0042D3B6
:0042D3B8
:0042D3BA
:0042D3C1
:0042D3C3
6A01
57
FF1578374400
8D442404
50
8D442404
50
57
FF1570374400
8B0424
83E0F4
33D2
8AD3
0FB69224274400
0BC2
890424
push 00000001
push edi
push eax
push eax
push edi
and eax, FFFFFFF4
xor edx, edx
mov dl, bl
or eax, edx
|:0042D389(U), :0042D394(U)
|
:0042D3C6 8B442404
:0042D3CA 50
:0042D3CB 8B442404
:0042D3CF 50
:0042D3D0 57
:0042D3D1 FF1574374400
:0042D3D7 57
:0042D3D8 56
:0042D3D9 FF156C374400

mov eax, dword
push eax
mov eax, dword
push eax
push edi
call dword ptr
push edi
push esi
call dword ptr
ptr [esp+04]
ptr [esp+04]
[00443774]
[0044376C]

|:0042D31F(C), :0042D328(C), :0042D33B(U), :0042D350(C), :0042D361(C)
|
:0042D3DF 59
pop ecx
:0042D3E0 5A
pop edx
:0042D3E1 5F
pop edi
:0042D3E2 5E
pop esi
:0042D3E3 5B
pop ebx
:0042D3E4 C3
ret
:0042D3E5 8D4000

|:0043D07E
|
:0042D3E8 833D2427440000
cmp dword ptr [00442724], 00000000
:0042D3EF 7408
je 0042D3F9
:0042D3F1 50
push eax
:0042D3F2 FF1588374400
:0042D3F8 C3
ret

|:0042D3EF(C)
|
:0042D3F9 33C0
xor eax, eax
:0042D3FB C3
ret

|:0042D5A3
|
:0042D3FC A1302C4400
:0042D401 8B00
:0042D403 E81858FDFF
call 00402C20
:0042D408 A1302C4400
:0042D40D 33D2
xor edx, edx
:0042D40F 8910
:0042D411 A1382D4400
:0042D416 8B00
:0042D418 E80358FDFF
call 00402C20
:0042D41D A1382D4400
:0042D422 33D2
xor edx, edx
:0042D424 8910
:0042D426 A120374400
:0042D42B E8F057FDFF
call 00402C20
:0042D430 33C0
xor eax, eax
:0042D432 A320374400
:0042D437 A160374400
:0042D43C E8DF57FDFF
call 00402C20
:0042D441 66A12E374400
mov ax, word ptr [0044372E]
:0042D447 50
push eax
|
:0042D448 E8BB88FDFF
Call 00405D08
:0042D44D 66A12C374400
mov ax, word ptr [0044372C]
:0042D453 50
push eax
|
:0042D454 E8AF88FDFF
Call 00405D08
:0042D459 833D2427440000
cmp dword ptr [00442724], 00000000
:0042D460 740B
je 0042D46D
:0042D462 A124274400
:0042D467 50
push eax
|
:0042D468 E80B88FDFF
Call 00405C78
|:0042D460(C)
|
:0042D46D C3
ret
:0042D46E 8BC0
mov eax, eax
|:0042D5F1
|
:0042D470 83C4C8
add esp, FFFFFFC8
:0042D473 6A00
push 00000000
* Reference To: kernel32.GetCurrentProcessId, Ord:0000h
|
:0042D475 E81688FDFF
Call 00405C90
:0042D47A 89442424
:0042D47E C644242800
:0042D483 8D4C2424
mov [esp+28], 00
* Possible StringData Ref from Code Obj ->"Delphi%.8X"

|
:0042D487 BA60D54200
mov edx, 0042D560
:0042D48C 8D442404
:0042D490 E807ABFDFF
call 00407F9C
:0042D495 50
push eax
|
:0042D496 E85D88FDFF
Call 00405CF8
:0042D49B 66A32C374400
mov word ptr [0044372C], ax
:0042D4A1 6A01
push 00000001
:0042D4A3 A1E02B4400
:0042D4A8 8B00
:0042D4AA 8944242C
:0042D4AE C644243000
mov [esp+30], 00
|
:0042D4B3 E8E087FDFF
Call 00405C98
:0042D4B8 89442434
:0042D4BC C644243800
mov [esp+38], 00
:0042D4C1 8D4C242C
* Possible StringData Ref from Code Obj ->"ControlOfs%.8X%.8X"
|
:0042D4C5 BA6CD54200
mov edx, 0042D56C
:0042D4CA 8D442404
:0042D4CE E8C9AAFDFF
call 00407F9C
:0042D4D3 50
push eax
|
:0042D4D4 E81F88FDFF
Call 00405CF8
:0042D4D9 66A32E374400
mov word ptr [0044372E], ax
:0042D4DF B201
mov dl, 01
:0042D4E1 A1B8B54000
:0042D4E6 E87DF9FDFF
call 0040CE68
:0042D4EB A360374400
:0042D4F0 E897FBFFFF
call 0042D08C
:0042D4F5 B201
mov dl, 01
:0042D4F7 A15C034200
:0042D4FC E8BFF9FFFF
call 0042CEC0
:0042D501 A320374400
:0042D506 33C9
xor ecx, ecx
:0042D508 B201
mov dl, 01
:0042D50A A18C614300
:0042D50F E838F60000
call 0043CB4C
:0042D514 8B15382D4400
:0042D51A 8902
:0042D51C 33C9
xor ecx, ecx
:0042D51E B201
mov dl, 01
:0042D520 A164624300
:0042D525 E84E050100
call 0043DA78
:0042D52A 8B15302C4400
:0042D530 8902
:0042D532 E841910000
call 00436678
:0042D537
:0042D53C
:0042D53E
:0042D540
:0042D545
:0042D54A
:0042D54F
:0042D554
:0042D559
:0042D55C
A1302C4400
8B00
B201
E81F1D0100
B95C064200
BA6C064200
A1B0E84100
E853F1FDFF
83C438
C3

mov dl, 01
call 0043F264
mov ecx, 0042065C
mov edx, 0042066C
mov eax, dword ptr [0041E8B0]
call 0040C6AC
add esp, 00000038
ret
:0042D55D 000000
BYTE 3 DUP(0)
:0042D560 44
:0042D561 65
inc esp
BYTE 065h
:0042D562
:0042D563
:0042D565
:0042D56F
:0042D571
:0042D572
:0042D573
:0042D574
:0042D577
:0042D57B
:0042D57F
6C
7068
69252E38580000436F6E
7472
6F
6C
4F
667325
2E385825
2E385800
00
insb
jo 0042D5CD
imul esp, dword ptr [0058382E], 6E6F4300
je 0042D5E3
outsd
insb
dec edi
jnb 0042D59C
cmp byte ptr cs:[eax+25], bl
BYTE 0
:0042D580
:0042D581
:0042D583
:0042D585
:0042D586
:0042D58B
:0042D58E
:0042D591
:0042D597
:0042D599
:0042D59E
:0042D5A3
:0042D5A8
:0042D5AD
:0042D5B2
:0042D5B8
55
8BEC
33C0
55
68CBD54200
64FF30
648920
FF0528374400
7524
A158374400
E87D56FDFF
E854FEFFFF
B814264400
B916000000
8B155CC14000
E83F6AFDFF
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0042D5CB
jne 0042D5BD
call 00402C20
call 0042D3FC
mov eax, 00442614
mov ecx, 00000016
call 00403FFC
|:0042D597(C)
|
:0042D5BD 33C0
:0042D5BF 5A
:0042D5C0 59
:0042D5C1 59
:0042D5C2 648910
:0042D5C5 68D2D54200

xor eax, eax
pop edx
pop ecx
pop ecx
push 0042D5D2
|:0042D5D0(U)
|
:0042D5CA C3
:0042D5CB E9A85CFDFF
:0042D5D0 EBF8
:0042D5D2 5D
:0042D5D3 C3
ret
jmp 00403278
jmp 0042D5CA
pop ebp
ret
:0042D5D4 832D2837440001
:0042D5DB 7319
sub dword ptr [00443728], 00000001

jnb 0042D5F6

|
:0042D5DD E80687FDFF
Call 00405CE8
:0042D5E2 6625FF00
and ax, 00FF
:0042D5E6 6683F804
cmp ax, 0004
:0042D5EA 0F930524374400
setnb byte ptr [00443724]
:0042D5F1 E87AFEFFFF
call 0042D470
|:0042D5DB(C)
|
:0042D5F6 C3
:0042D5F7 90
:0042D5F8 44
:0042D5F9 D6
:0042D5FA 42
:0042D5FB 000000000000000000
:0042D604 8CD64200
:0042D608 D0D64200
DWORD 0042D68C
DWORD 0042D6D0
:0042D60C 0000000000000000
BYTE 8 DUP(0)
:0042D614 9ED64200
:0042D618 B8D64200
DWORD 0042D69E
DWORD 0042D6B8
:0042D61C 48
:0042D61D 000000
dec eax
BYTE 3 DUP(0)
:0042D620
:0042D622
:0042D623
:0042D626
:0042D627
:0042D62A
:0042D62B
:0042D62D
88C0
40
00681C
41
00342E
40
0038
2E
mov al, al
inc eax
inc ecx
inc eax
BYTE 02eh
:0042D62E 40
:0042D62F 003C2E
inc eax
ret
nop
inc esp
BYTE 0d6h
inc edx
BYTE 9 DUP(0)
:0042D632 40
:0042D633 0030
:0042D635 2E
inc eax
BYTE 02eh
:0042D636
:0042D637
:0042D63E
:0042D63F
:0042D646
:0042D647
:0042D649
:0042D64A
:0042D64B
:0042D64D
:0042D650
:0042D652
:0042D653
:0042D656
:0042D657
:0042D65A
:0042D65B
:0042D65D
:0042D660
:0042D664
:0042D666
:0042D667
:0042D66E
:0042D66F
:0042D675
:0042D676
:0042D677
:0042D67E
:0042D67F
:0042D682
:0042D683
:0042D687
:0042D68A
:0042D68B
:0042D68D
40
00B42B4000C82B
40
0094D942000CD3
40
00D4
17
41
0008
D24000
A818
41
006817
41
0004DA
42
00E0
194100
801C4100
C418
41
00BC184100881C
41
00B01D4100D8
1E
41
00841E4100401E
41
00481E
41
00441E41
0058DB
42
000E
0000000000
inc eax
inc eax
add byte ptr [ecx+8*ebx-2CF3FFBE], dl
inc eax
add ah, dl
pop ss
inc ecx
test al, 18
inc ecx
inc ecx
add byte ptr [edx+8*ebx], al
inc edx
add al, ah
sbb dword ptr [ecx+00], eax
sbb byte ptr [ecx+2*eax], 00
les ebx, dword ptr [eax]
inc ecx
add byte ptr [eax+ebx+1C880041], bh
inc ecx
add byte ptr [eax+D800411D], dh
push ds
inc ecx
inc ecx
inc ecx
inc edx
BYTE 5 DUP(0)
:0042D692
:0042D694
:0042D696
:0042D698
:0042D699
:0042D69C
:0042D69E
:0042D6A0
:0042D6A1
:0042D6A3
:0042D6A5
:0042D6A7
:0042D6A9
0100
0000
7C10
40
004000
0000
0400
F9
FFF0
FFF3
FFF2
FFD4
DA4200

jl 0042D6A8
inc eax
add al, 00
stc
push eax
push ebx
push edx
call esp
fiadd dword ptr [edx+00]
:0042D6AC 00DB4200
:0042D6B0 E4D94200
:0042D6B4 F4D94200
DWORD 0042DB00
DWORD 0042D9E4
DWORD 0042D9F4
:0042D6B8
:0042D6BC
:0042D6BD
:0042D6BF
:0042D6C6
:0042D6CD
:0042D6CE
:0042D6CF
:0042D6D1
:0042D6D5
:0042D6D6
:0042D6D8
:0042D6DF
:0042D6E6
:0042D6E8
:0042D6E9
:0042D6EB
:0042D6ED
:0042D6EE
:0042D6F2
:0042D6F9
:0042D6FA
:0042D6FD
1054436F
6E
7461
696E6564416374
696F6E8D4000D0
D6
42
0007
1054436F
6E
7461
696E6564416374
696F6E44D64200
34C1
40
0003
0008
41
63746E4C
69737401007C10
40
004000
00FF
adc byte ptr [ebx+2*eax+6F], dl

outsb
je 0042D720
imul ebp, dword ptr [edi+6E], D000408D
BYTE 0d6h
inc edx
adc byte ptr [ebx+2*eax+6F], dl
outsb
je 0042D739
imul ebp, dword ptr [edi+6E], 0042D644
xor al, C1
inc eax
inc ecx
arpl dword ptr [esi+2*ebp+4C], esi
imul esi, dword ptr [ebx+74], 107C0001
inc eax
add bh, bh
:0042D6FF 80DA4200
:0042D703 E0D94200
DWORD 0042DA80
DWORD 0042D9E0
:0042D707 000000
BYTE 3 DUP(0)
:0042D70A
:0042D70D
:0042D713
:0042D714
:0042D716
:0042D718
:0042D71A
:0042D71C
:0042D721

popad
je 0042D77B
outsd
jb 0042D793
mov eax, eax
push 000042D7
BYTE 10 DUP(0)
800000
008002000843
61
7465
676F
7279
8BC0
68D7420000
00000000000000000000
:0042D72B 00
BYTE 0
:0042D72C
:0042D72D
:0042D72E
:0042D72F
int 03
xlat
inc edx
BYTE 9 DUP(0)
CC
D7
42
000000000000000000
:0042D738 9CD74200
:0042D73C B6D74200
DWORD 0042D79C
DWORD 0042D7B6
:0042D740 48
:0042D741 000000
dec eax
BYTE 3 DUP(0)
:0042D744
:0042D746
:0042D747
:0042D74A
:0042D74B
:0042D74E
:0042D74F
:0042D751
A8BE
40
00681C
41
00342E
40
0038
2E
test al, BE
inc eax
inc ecx
inc eax
BYTE 02eh
:0042D752
:0042D753
:0042D756
:0042D757
:0042D759
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0042D75A
:0042D75B
:0042D762
:0042D763
:0042D765
:0042D768
:0042D76A
:0042D76B
:0042D76D
:0042D76E
:0042D76F
:0042D771
:0042D774
:0042D776
:0042D777
:0042D779
:0042D77C
:0042D77E
:0042D77F
:0042D781
:0042D784
:0042D788
:0042D78A
:0042D78B
:0042D792
40
00B42B4000C82B
40
0018
DC4200
0CD3
40
00D4
17
41
0008
D24000
A818
41
0020
DD4200
B418
41
00E0
194100
801C4100
C418
41
00BC184100881C
41
inc eax
inc eax
fadd qword ptr [edx+00]
or al, D3
inc eax
add ah, dl
pop ss
inc ecx
test al, 18
inc ecx
fld qword ptr [edx+00]
mov ah, 18
inc ecx
add al, ah
inc ecx
inc ecx
|:0042D718(C)
|
:0042D793 00B0DB4200A4
:0042D799 DD4200
:0042D79C 0400
:0042D79E FD
:0042D79F FF
:0042D7A0 FA
:0042D7A1 FFF4
:0042D7A3 FFF1
:0042D7A5 FF68DC
:0042D7A8 42
:0042D7A9 00B0DC420088
:0042D7AF DE4200
:0042D7B2 A8DE

add byte ptr [eax+A40042DB], dh
fld qword ptr [edx+00]
add al, 00
std
BYTE 0ffh
cli
push esp
push ecx
jmp far [eax-24]
inc edx
add byte ptr [eax+880042DC], dh
test al, DE
:0042D7B4
:0042D7B5
:0042D7B7
:0042D7B8
:0042D7B9
:0042D7BB
:0042D7BD
:0042D7BE
:0042D7BF
:0042D7C3
:0042D7C4
:0042D7C5
:0042D7CC
:0042D7CD
:0042D7D1
:0042D7D3
:0042D7D4
:0042D7D5
:0042D7D6
:0042D7DA
:0042D7DB
:0042D7DC
:0042D7E3
:0042D7E8
:0042D7EA
:0042D7EB
:0042D7EF
:0042D7F6
:0042D7F7
42
0011
54
43
7573
746F
6D
41
6374696F
6E
4C
697374CCD74200
07
11544375
7374
6F
6D
41
6374696F
6E
4C
69737468D74200
A0BF400002
0008
41
63746E4C
697374000040D8
42
000000000000000000
inc edx
push esp
inc ebx
jne 0042D82E
je 0042D82C
insd
inc ecx
outsb
dec esp
imul esi, dword ptr [ebx+74], 0042D7CC
pop es
adc dword ptr [ebx+2*eax+75], edx
jnb 0042D847
outsd
insd
inc ecx
outsb
dec esp
imul esi, dword ptr [ebx+74], 0042D768
mov al, byte ptr [020040BF]
inc ecx
arpl dword ptr [esi+2*ebp+4C], esi
imul esi, dword ptr [ebx+74], D8400000
inc edx
BYTE 9 DUP(0)
:0042D800 88D84200
:0042D804 BCD84200
DWORD 0042D888
DWORD 0042D8BC
:0042D808 0000000000000000
BYTE 8 DUP(0)
:0042D810 A2D84200
:0042D814 AAD84200
DWORD 0042D8A2
DWORD 0042D8AA
:0042D818 7400
je 0042D81A

|:0042D818(C)
|
:0042D81A 0000
:0042D81C F8
clc
:0042D81D D542
aad (base=66)
:0042D81F 00681C
:0042D822 41
inc ecx
:0042D823 00342E
:0042D826 40
inc eax
:0042D827 0038
:0042D829 2E
BYTE 02eh
:0042D82A 40
:0042D82B 003C2E
inc eax

|:0042D7B9(C)
|
:0042D82E 40
inc eax
:0042D82F 0030
:0042D831 2E
BYTE 02eh
:0042D832
:0042D833
:0042D83A
:0042D83B
:0042D83D
:0042D840
:0042D842
:0042D843
:0042D845
:0042D846
40
00B42B4000C82B
40
00D0
DF4200
08E0
42
00D4
17
41
inc eax
inc eax
add al, dl
or al, ah
inc edx
add ah, dl
pop ss
inc ecx
|:0042D7D1(C)
|
:0042D847 0008
:0042D849 D24000
:0042D84C A818
:0042D84E 41
:0042D84F 006817
:0042D852 41
:0042D853 0004DA
:0042D856 42
:0042D857 0068E3
:0042D85A 42
:0042D85B 00801C4100C4
:0042D861 184100
:0042D864 BC18410088
:0042D869 1C41
:0042D86B 0088DF4200D8
:0042D871 1E
:0042D872 41
:0042D873 00841E4100401E
:0042D87A 41
:0042D87B 00481E
:0042D87E 41
:0042D87F 00441E41
:0042D883 0058DB
:0042D886 42
:0042D887 000E
:0042D889 0000000000
:0042D88E
:0042D890
:0042D892
:0042D894
:0042D895
:0042D899
:0042D89D
add al, byte

add byte ptr
jl 0042D8A4
inc eax
add byte ptr
add byte ptr
add byte ptr
0200
0000
7C10
40
004C0000
007C1040
005800

test al, 18
inc ecx
inc ecx
add byte ptr [edx+8*ebx], al
inc edx
add byte ptr [eax-1D], ch
inc edx
mov esp, 88004118
sbb al, 41
add byte ptr [eax+D80042DF], cl
push ds
inc ecx
inc ecx
inc ecx
inc edx
BYTE 5 DUP(0)
ptr [eax]
[eax], al
[eax+eax], cl
[eax+edx+40], bh
[eax+00], bl
:0042D8A0 0000
:0042D8A2 0100

|:0042D892(C)
|
:0042D8A4 F0
:0042D8A5 FFD4
:0042D8A7 E342
:0042D8A9 000D54437573
:0042D8AF 746F
:0042D8B1 6D
:0042D8B2 41
:0042D8B3 6374696F
:0042D8B7 6E
:0042D8B8 BCD8420007
:0042D8BD 0D54437573
:0042D8C2 746F
:0042D8C4 6D
:0042D8C5 41
:0042D8C6 6374696F
:0042D8CA 6E
:0042D8CB 40D84200
:0042D8CF CCD64200
DWORD 0042D840
DWORD 0042D6CC
:0042D8D3
:0042D8D5
:0042D8D8
:0042D8DA
:0042D8DB
:0042D8E2
:0042D8E3
:0042D8ED
:0042D8F7
0300
084163
746E
4C
69737400002CD9
42
00000000000000000000
00000000000000000000
000000000000000000

je 0042D948
dec esp
imul esi, dword ptr [ebx+74], D92C0000
inc edx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
:0042D900
:0042D902
:0042D903
:0042D905
88D9
42
0010
000000
mov cl, bl
inc edx
BYTE 3 DUP(0)
:0042D908
:0042D90A
:0042D90B
:0042D90D
04C0
40
0028
2E
add al, C0
inc eax
BYTE 02eh
:0042D90E
:0042D90F
:0042D912
:0042D913
:0042D915
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0042D916 40
:0042D917 003C2E
:0042D91A 40
inc eax
inc eax
lock
call esp
jcxz 0042D8EB
add byte ptr [73754354], cl
je 0042D920
insd
inc ecx
outsb
mov esp, 070042D8
or eax, 73754354
je 0042D933
insd
inc ecx
outsb
:0042D91B 0030
:0042D91D 2E

BYTE 02eh
:0042D91E
:0042D91F
:0042D926
:0042D927
:0042D929
:0042D92E
:0042D92F
inc
add
inc
add
sbb
inc
add
40
00B42B4000C82B
40
0010
1D41000C1D
41
00441D41
eax
byte
eax
byte
eax,
ecx
byte
ptr [eax], dl
1D0C0041
|:0042D8C2(C)
|
:0042D933 00981D41006C
:0042D939 1D41009C1D
:0042D93E 41
:0042D93F 00C8
:0042D941 1C41
:0042D943 00A41D4100C8DE
:0042D94A 42
:0042D94B 00DC
:0042D94D DE4200
:0042D950
:0042D954
:0042D958
:0042D95C
:0042D960
:0042D964
:0042D968
:0042D96C
:0042D970
:0042D974
:0042D978
:0042D97C
:0042D980
:0042D984
F0DE4200
04DF4200
18DF4200
2CDF4200
40DF4200
54DF4200
68DF4200
6CDF4200
70DF4200
74DF4200
78DF4200
7CDF4200
80DF4200
84DF4200
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0042D988
:0042D98C
:0042D98E
:0042D98F
:0042D990
:0042D991
:0042D992
:0042D993
0B544163
7469
6F
6E
4C
69
6E
6B
or edx, dword ptr [ecx+2*eax+63]

je 0042D9F7
outsd
outsb
dec esp
BYTE 69h
BYTE 6eh
BYTE 6bh
add byte ptr [eax+6C00411D], bl

sbb eax, 1D9C0041
inc ecx
add al, cl
sbb al, 41
add byte ptr [ebp+ebx-2137FFBF], ah
inc edx
add ah, bl
0042DEF0
0042DF04
0042DF18
0042DF2C
0042DF40
0042DF54
0042DF68
0042DF6C
0042DF70
0042DF74
0042DF78
0042DF7C
0042DF80
0042DF84

|:0042DFF2
|
:0042D994 53
push ebx
:0042D995 56
push esi
:0042D996 E8C955FDFF
call 00402F64
:0042D99B 8BDA
mov ebx, edx
:0042D99D 8BF0
mov esi, eax
:0042D99F 8B4644
:0042D9A2
:0042D9A4
:0042D9A6
:0042D9A8
85C0
7407
8BD6
E8DB030000
|:0042D9A4(C)
|
:0042D9AD 8BD3
:0042D9AF 80E2FC
:0042D9B2 8BC6
:0042D9B4 E83B44FEFF
:0042D9B9 84DB
:0042D9BB 7E07
:0042D9BD 8BC6
:0042D9BF E89055FDFF
test eax, eax

je 0042D9AD
mov edx, esi
call 0042DD88
mov edx, ebx
and dl, FC
mov eax, esi
call 00411DF4
test bl, bl
jle 0042D9C4
mov eax, esi
call 00402F54

|:0042D9BB(C)
|
:0042D9C4 5E
pop esi
:0042D9C5 5B
pop ebx
:0042D9C6 C3
ret
:0042D9C7 90
nop

|:0042DA41
|
:0042D9C8 8B5044
:0042D9CB 85D2
test edx, edx
:0042D9CD 740A
je 0042D9D9
:0042D9CF 8B5224
:0042D9D2 92
xchg eax,edx
:0042D9D3 E838F2FDFF
call 0040CC10
:0042D9D8 C3
ret

|:0042D9CD(C)
|
:0042D9D9 83C8FF
or eax, FFFFFFFF
:0042D9DC C3
ret
:0042D9DD 8D4000
:0042D9E0 B001
:0042D9E2 C3

mov al, 01
ret
:0042D9E3
:0042D9E4
:0042D9E7
:0042D9E9
:0042D9EB
:0042D9ED
nop
test edx, edx
je 0042D9EE
mov eax, edx
ret
90
8B5044
85D2
7403
8BC2
C3

|:0042D9E9(C)
|
:0042D9EE E8953EFEFF
call 00411888
:0042D9F3 C3
ret
:0042D9F4
:0042D9F8
:0042D9FA
:0042D9FC
83784400
7403
B001
C3

je 0042D9FD
mov al, 01
ret

|:0042D9F8(C)
|
:0042D9FD E8563EFEFF
call 00411858
:0042DA02 C3
ret
:0042DA03
:0042DA04
:0042DA05
:0042DA06
:0042DA07
:0042DA09
:0042DA0B
:0042DA0D
:0042DA0F
:0042DA14
:0042DA17
:0042DA19
:0042DA1F
:0042DA24
:0042DA26
:0042DA28
:0042DA2A
:0042DA2C
90
53
56
57
8BF2
8BD8
8BD6
8BC3
E8A03EFEFF
8B7E28
8BC7
8B151CD74200
E86C53FDFF
84C0
7409
8BD7
8BC3
E87B000000
nop
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 004118B4
mov eax, edi
mov edx, dword ptr [0042D71C]
call 00402D90
test al, al
je 0042DA31
mov edx, edi
mov eax, ebx
call 0042DAAC

|:0042DA26(C)
|
:0042DA31 5F
pop edi
:0042DA32 5E
pop esi
:0042DA33 5B
pop ebx
:0042DA34 C3
ret
:0042DA35 8D4000

|:0042DCD6
|
:0042DA38 53
push ebx
:0042DA39 56
push esi
:0042DA3A 57
push edi
:0042DA3B 8BF2
mov esi, edx
:0042DA3D 8BD8
mov ebx, eax
:0042DA3F
:0042DA41
:0042DA46
:0042DA48
:0042DA4A
:0042DA4D
:0042DA50
:0042DA53
:0042DA55
:0042DA57
8BC3
E882FFFFFF
85C0
7C31
8B5344
8B7A24
8B5708
85F6
7D02
33F6
mov eax, ebx

call 0042D9C8
test eax, eax
jl 0042DA7B
test esi, esi
jge 0042DA59
xor esi, esi

|:0042DA55(C)
|
:0042DA59 3BD6
cmp edx, esi
:0042DA5B 7F03
jg 0042DA60
:0042DA5D 8BF2
mov esi, edx
:0042DA5F 4E
dec esi
|:0042DA5B(C)
|
:0042DA60 3BC6
:0042DA62 7417
:0042DA64 8BD7
:0042DA66 92
:0042DA67 E830F0FDFF
:0042DA6C 8B4344
:0042DA6F 8B4024
:0042DA72 8BCB
:0042DA74 8BD6
:0042DA76 E8B5F1FDFF
|:0042DA48(C), :0042DA62(C)
|
:0042DA7B 5F
:0042DA7C 5E
:0042DA7D 5B
:0042DA7E C3
:0042DA7F
:0042DA80
:0042DA81
:0042DA82
:0042DA84
:0042DA86
:0042DA88
:0042DA8B
:0042DA90
:0042DA92
:0042DA95
:0042DA97
:0042DA9C
:0042DA9F
:0042DAA1
:0042DAA3
:0042DAA5
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
mov edx, dword
call 00403B44
je 0042DAA8
lea eax, dword
mov edx, esi
call 0040380C
mov eax, dword
test eax, eax
je 0042DAA8
mov edx, dword
call [edx+30]
90
53
56
8BF2
8BD8
8BC6
8B5340
E8B460FDFF
7416
8D4340
8BD6
E8705DFDFF
8B4344
85C0
7405
8B10
FF5230
cmp eax, esi

je 0042DA7B
mov edx, edi
xchg eax,edx
call 0040CA9C
mov ecx, ebx
mov edx, esi
call 0040CC30
pop edi
pop esi
pop ebx
ret
ptr [ebx+40]
ptr [ebx+40]
ptr [ebx+44]
ptr [eax]
|:0042DA90(C), :0042DAA1(C)
|
:0042DAA8 5E
:0042DAA9 5B
:0042DAAA C3
:0042DAAB 90
nop
pop esi
pop ebx
ret

|:0042DA2C , :0042DAF5
|
:0042DAAC 53
push ebx
:0042DAAD 56
push esi
:0042DAAE 8BF2
mov esi, edx
:0042DAB0 8BD8
mov ebx, eax
:0042DAB2 8B4344
:0042DAB5 3BF0
cmp esi, eax
:0042DAB7 7418
je 0042DAD1
:0042DAB9 85C0
test eax, eax
:0042DABB 7407
je 0042DAC4
:0042DABD 8BD3
mov edx, ebx
:0042DABF E8C4020000
call 0042DD88
|:0042DABB(C)
|
:0042DAC4 85F6
:0042DAC6 7409
:0042DAC8 8BD3
:0042DACA 8BC6
:0042DACC E897020000
|:0042DAB7(C), :0042DAC6(C)
|
:0042DAD1 5E
:0042DAD2 5B
:0042DAD3 C3
:0042DAD4
:0042DAD5
:0042DAD6
:0042DAD8
:0042DADA
:0042DADE
:0042DAE0
:0042DAE2
:0042DAE8
:0042DAED
:0042DAEF
:0042DAF1
:0042DAF3
:0042DAF5
push ebx
push esi
mov esi, edx
mov ebx, eax
test [ebx+20], 01
jne 0042DAFA
mov eax, esi
call 00402D90
test al, al
je 0042DAFA
mov edx, esi
mov eax, ebx
call 0042DAAC
53
56
8BF2
8BD8
F6432001
751A
8BC6
8B151CD74200
E8A352FDFF
84C0
7409
8BD6
8BC3
E8B2FFFFFF
test esi, esi

je 0042DAD1
mov edx, ebx
mov eax, esi
call 0042DD68
pop esi
pop ebx
ret

|:0042DADE(C), :0042DAEF(C)
|
:0042DAFA 5E
:0042DAFB 5B
:0042DAFC C3
pop esi
pop ebx
ret
:0042DAFD 8D4000

|:0042E3E6
|
:0042DB00 53
push ebx
:0042DB01 56
push esi
:0042DB02 57
push edi
:0042DB03 8BF0
mov esi, eax
:0042DB05 8B7E44
:0042DB08 85FF
test edi, edi
:0042DB0A 7411
je 0042DB1D
:0042DB0C 8BD6
mov edx, esi
:0042DB0E 8BC7
mov eax, edi
:0042DB10 66BBF4FF
mov bx, FFF4
:0042DB14 E8DB52FDFF
call 00402DF4
:0042DB19 84C0
test al, al
:0042DB1B 7532
jne 0042DB4F
|:0042DB0A(C)
|
:0042DB1D A1302C4400
:0042DB22 8B00
:0042DB24 8BD6
:0042DB26 E82D230100
:0042DB2B 84C0
:0042DB2D 7520
:0042DB2F 8BC6
:0042DB31 E81643FEFF
:0042DB36 84C0
:0042DB38 7515
:0042DB3A 8BCE
:0042DB3C 33D2
:0042DB3E B840B00000
:0042DB43 E85029FFFF
:0042DB48 48
:0042DB49 7404
:0042DB4B 33C0
:0042DB4D EB02

mov edx, esi
call 0043FE58
test al, al
jne 0042DB4F
mov eax, esi
call 00411E4C
test al, al
jne 0042DB4F
mov ecx, esi
xor edx, edx
mov eax, 0000B040
call 00420498
dec eax
je 0042DB4F
xor eax, eax
jmp 0042DB51

|:0042DB1B(C), :0042DB2D(C), :0042DB38(C), :0042DB49(C)
|
:0042DB4F B001
mov al, 01
|:0042DB4D(U)
|
:0042DB51 5F
pop edi
:0042DB52 5E
pop esi
:0042DB53 5B
pop ebx
:0042DB54 C3
ret
:0042DB55
:0042DB58
:0042DB59
:0042DB5A
:0042DB5B
:0042DB5D
:0042DB60
:0042DB62
:0042DB64
:0042DB66
:0042DB68
:0042DB6C
:0042DB71
:0042DB73
8D4000
53
56
57
8BF0
8B7E44
85FF
7411
8BD6
8BC7
66BBF1FF
E88352FDFF
84C0
7532
|:0042DB62(C)
|
:0042DB75 A1302C4400
:0042DB7A 8B00
:0042DB7C 8BD6
:0042DB7E E8FD220100
:0042DB83 84C0
:0042DB85 7520
:0042DB87 8BC6
:0042DB89 E8DA42FEFF
:0042DB8E 84C0
:0042DB90 7515
:0042DB92 8BCE
:0042DB94 33D2
:0042DB96 B83FB00000
:0042DB9B E8F828FFFF
:0042DBA0 48
:0042DBA1 7404
:0042DBA3 33C0
:0042DBA5 EB02

push ebx
push esi
push edi
mov esi, eax
test edi, edi
je 0042DB75
mov edx, esi
mov eax, edi
mov bx, FFF1
call 00402DF4
test al, al
jne 0042DBA7
mov edx, esi
call 0043FE80
test al, al
jne 0042DBA7
mov eax, esi
call 00411E68
test al, al
jne 0042DBA7
mov ecx, esi
xor edx, edx
mov eax, 0000B03F
call 00420498
dec eax
je 0042DBA7
xor eax, eax
jmp 0042DBA9

|:0042DB73(C), :0042DB85(C), :0042DB90(C), :0042DBA1(C)
|
:0042DBA7 B001
mov al, 01
|:0042DBA5(U)
|
:0042DBA9 5F
pop edi
:0042DBAA 5E
pop esi
:0042DBAB 5B
pop ebx
:0042DBAC C3
ret
:0042DBAD
:0042DBB0
:0042DBB1
:0042DBB3
:0042DBB4
:0042DBB5
:0042DBB6
:0042DBB8
:0042DBBA
8D4000
55
8BEC
51
53
56
84D2
7408
83C4F0

push ebp
mov ebp, esp
push ecx
push ebx
push esi
test dl, dl
je 0042DBC2
add esp, FFFFFFF0
:0042DBBD E84253FDFF
call 00402F04
|:0042DBB8(C)
|
:0042DBC2 8855FF
:0042DBC5 8BD8
:0042DBC7 33D2
:0042DBC9 8BC3
:0042DBCB E8F038FEFF
:0042DBD0 B201
:0042DBD2 A154B54000
:0042DBD7 E81450FDFF
:0042DBDC 894324
:0042DBDF B201
:0042DBE1 A130E44200
:0042DBE6 E80550FDFF
:0042DBEB 8BF0
:0042DBED 897328
:0042DBF0 895E0C

mov ebx, eax
xor edx, edx
mov eax, ebx
call 004114C0
mov dl, 01
call 00402BF0
mov dl, 01
call 00402BF0
mov esi, eax
* Possible StringData Ref from Code Obj ->";P,u"

|
:0042DBF3 C7460814DD4200
mov [esi+08], 0042DD14
:0042DBFA 8BC3
mov eax, ebx
:0042DBFC 807DFF00
:0042DC00 740F
je 0042DC11
:0042DC02 E85553FDFF
call 00402F5C
:0042DC07 648F0500000000
:0042DC0E 83C40C
add esp, 0000000C
|:0042DC00(C)
|
:0042DC11 8BC3
mov eax, ebx
:0042DC13 5E
pop esi
:0042DC14 5B
pop ebx
:0042DC15 59
pop ecx
:0042DC16 5D
pop ebp
:0042DC17 C3
ret
:0042DC18
:0042DC19
:0042DC1A
:0042DC1B
:0042DC20
:0042DC22
:0042DC24
:0042DC27
:0042DC2C
53
56
57
E84453FDFF
8BDA
8BF8
8B4728
E8F44FFDFF
EB0C
|:0042DC41(C)
|
:0042DC2E 8BC6
:0042DC30 E89BF0FDFF
:0042DC35 E8E64FFDFF
push ebx
push esi
push edi
call 00402F64
mov ebx, edx
mov edi, eax
call 00402C20
jmp 0042DC3A
mov eax, esi
call 0040CCD0
call 00402C20
|:0042DC2C(U)
|
:0042DC3A 8B7724
:0042DC3D 837E0800
:0042DC41 7FEB
:0042DC43 8B4724
:0042DC46 E8D54FFDFF
:0042DC4B 8BD3
:0042DC4D 80E2FC
:0042DC50 8BC7
:0042DC52 E8B538FEFF
:0042DC57 84DB
:0042DC59 7E07
:0042DC5B 8BC7
:0042DC5D E8F252FDFF

jg 0042DC2E
call 00402C20
mov edx, ebx
and dl, FC
mov eax, edi
call 0041150C
test bl, bl
jle 0042DC62
mov eax, edi
call 00402F54

|:0042DC59(C)
|
:0042DC62 5F
pop edi
:0042DC63 5E
pop esi
:0042DC64 5B
pop ebx
:0042DC65 C3
ret
:0042DC66
:0042DC68
:0042DC69
:0042DC6B
:0042DC6E
:0042DC6F
:0042DC70
:0042DC73
:0042DC76
:0042DC79
:0042DC7C
:0042DC7F
:0042DC80
:0042DC82
:0042DC84
:0042DC85
8BC0
55
8BEC
83C4F8
53
56
8955F8
8945FC
8B45FC
8B4024
8B5808
4B
85DB
7C24
43
33F6
|:0042DCA6(C)
|
:0042DC87 8B45FC
:0042DC8A 8B4024
:0042DC8D 8BD6
:0042DC8F E8E4EEFDFF
:0042DC94 8B5004
:0042DC97 3B55F8
:0042DC9A 7508
:0042DC9C 8BD0
:0042DC9E 8B450C
:0042DCA1 FF5508
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
dec ebx
test ebx, ebx
jl 0042DCA8
inc ebx
xor esi, esi
mov eax, dword
mov eax, dword
mov edx, esi
call 0040CB78
mov edx, dword
cmp edx, dword
jne 0042DCA4
mov edx, eax
mov eax, dword
call [ebp+08]
ptr [ebp-04]
ptr [eax+24]
ptr [eax+04]
ptr [ebp-08]
ptr [ebp+0C]

|:0042DC9A(C)
|
:0042DCA4 46
inc esi
:0042DCA5 4B
:0042DCA6 75DF
dec ebx
jne 0042DC87

|:0042DC82(C)
|
:0042DCA8 5E
pop esi
:0042DCA9 5B
pop ebx
:0042DCAA 59
pop ecx
:0042DCAB 59
pop ecx
:0042DCAC 5D
pop ebp
:0042DCAD C20800
ret 0008
:0042DCB0
:0042DCB1
:0042DCB2
:0042DCB3
:0042DCB5
:0042DCB7
:0042DCB9
:0042DCBB
:0042DCBE
:0042DCC3
:0042DCC5
:0042DCC7
:0042DCC9
:0042DCCF
:0042DCD4
:0042DCD6
53
56
57
8BF9
8BF2
8BD8
8BD6
8B4324
E84DEFFDFF
85C0
7C14
8BC6
8B15F8D54200
E8D450FDFF
8BD7
E85DFDFFFF
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov edx, esi
call 0040CC10
test eax, eax
jl 0042DCDB
mov eax, esi
call 00402DA8
mov edx, edi
call 0042DA38

|:0042DCC5(C)
|
:0042DCDB 5F
pop edi
:0042DCDC 5E
pop esi
:0042DCDD 5B
pop ebx
:0042DCDE C3
ret
:0042DCDF 90
nop

|:0042DD42
|
:0042DCE0 53
push ebx
:0042DCE1 56
push esi
:0042DCE2 8BF2
mov esi, edx
:0042DCE4 8BD8
mov ebx, eax
:0042DCE6 8B432C
:0042DCE9 85C0
test eax, eax
:0042DCEB 7408
je 0042DCF5
:0042DCED 8B5328
:0042DCF0 E8F7140000
call 0042F1EC
|:0042DCEB(C)
|
:0042DCF5 8BC6
mov eax, esi
:0042DCF7 89432C
:0042DCFA
:0042DCFC
:0042DCFE
:0042DD01
:0042DD06
:0042DD08
:0042DD0B
85C0
7412
8B5328
E82A150000
8BD3
8B432C
E88038FEFF
test eax, eax

je 0042DD10
call 0042F230
mov edx, ebx
call 00411590

|:0042DCFC(C)
|
:0042DD10 5E
pop esi
:0042DD11 5B
pop ebx
:0042DD12 C3
ret
:0042DD13
:0042DD14
:0042DD17
:0042DD19
:0042DD1B
90
3B502C
7505
8B10
FF5230
nop
cmp edx, dword ptr [eax+2C]
jne 0042DD1E
call [edx+30]
|:0042DD17(C)
|
:0042DD1E C3
:0042DD1F 90
:0042DD20 53
:0042DD21 56
:0042DD22 57
:0042DD23 8BD9
:0042DD25 8BFA
:0042DD27 8BF0
:0042DD29 8BCB
:0042DD2B 8BD7
:0042DD2D 8BC6
:0042DD2F E8343AFEFF
:0042DD34 80FB01
:0042DD37 752A
:0042DD39 3B7E2C
:0042DD3C 750B
:0042DD3E 33D2
:0042DD40 8BC6
:0042DD42 E899FFFFFF
:0042DD47 EB1A
|:0042DD3C(C)
|
:0042DD49 8BC7
:0042DD4B 8B15F8D54200
:0042DD51 E83A50FDFF
:0042DD56 84C0
:0042DD58 7409
:0042DD5A 8BD7
:0042DD5C 8BC6
:0042DD5E E825000000
ret
nop
push ebx
push esi
push edi
mov ebx, ecx
mov edi, edx
mov esi, eax
mov ecx, ebx
mov edx, edi
mov eax, esi
call 00411768
cmp bl, 01
jne 0042DD63
cmp edi, dword ptr [esi+2C]
jne 0042DD49
xor edx, edx
mov eax, esi
call 0042DCE0
jmp 0042DD63
mov eax, edi

call 00402D90
test al, al
je 0042DD63
mov edx, edi
mov eax, esi
call 0042DD88

|:0042DD37(C), :0042DD47(U), :0042DD58(C)
|
:0042DD63
:0042DD64
:0042DD65
:0042DD66
5F
5E
5B
C3
:0042DD67 90
pop edi
pop esi
pop ebx
ret
nop

|:0042DACC
|
:0042DD68 53
push ebx
:0042DD69 56
push esi
:0042DD6A 8BF2
mov esi, edx
:0042DD6C 8BD8
mov ebx, eax
:0042DD6E 8BD6
mov edx, esi
:0042DD70 8B4324
:0042DD73 E8E8ECFDFF
call 0040CA60
:0042DD78 895E44
:0042DD7B 8BD3
mov edx, ebx
:0042DD7D 8BC6
mov eax, esi
:0042DD7F E80C38FEFF
call 00411590
:0042DD84 5E
pop esi
:0042DD85 5B
pop ebx
:0042DD86 C3
ret
:0042DD87 90
nop

|:0042D9A8 , :0042DABF , :0042DD5E
|
:0042DD88 53
push ebx
:0042DD89 56
push esi
:0042DD8A 8BF2
mov esi, edx
:0042DD8C 8BD8
mov ebx, eax
:0042DD8E 8BD6
mov edx, esi
:0042DD90 8B4324
:0042DD93 E8ACEFFDFF
call 0040CD44
:0042DD98 85C0
test eax, eax
:0042DD9A 7C05
jl 0042DDA1
:0042DD9C 33C0
xor eax, eax
:0042DD9E 894644
|:0042DD9A(C)
|
:0042DDA1 5E
pop esi
:0042DDA2 5B
pop ebx
:0042DDA3 C3
ret
:0042DDA4
:0042DDA5
:0042DDA6
:0042DDA7
:0042DDA9
:0042DDAE
:0042DDB0
53
56
57
8BD8
66837B3200
7408
8BD3
push ebx
push esi
push edi
mov ebx, eax
je 0042DDB8
mov edx, ebx
:0042DDB2 8B4334
:0042DDB5 FF5330

call [ebx+30]

|:0042DDAE(C)
|
:0042DDB8 8B4324
:0042DDBB 8B7008
:0042DDBE 4E
dec esi
:0042DDBF 85F6
test esi, esi
:0042DDC1 7C16
jl 0042DDD9
:0042DDC3 46
inc esi
:0042DDC4 33FF
xor edi, edi
|:0042DDD7(C)
|
:0042DDC6 8BD7
:0042DDC8 8B4324
:0042DDCB E8A8EDFDFF
:0042DDD0 8B10
:0042DDD2 FF5230
:0042DDD5 47
:0042DDD6 4E
:0042DDD7 75ED
|:0042DDC1(C)
|
:0042DDD9 F6432010
:0042DDDD 7428
:0042DDDF 8B7304
:0042DDE2 8BC6
:0042DDE4 8B1518534300
:0042DDEA E8A14FFDFF
:0042DDEF 84C0
:0042DDF1 7414
:0042DDF3 83BE3002000000
:0042DDFA 740B
:0042DDFC 8B8630020000
:0042DE02 8B10
:0042DE04 FF520C
mov edx, edi

call 0040CB78
call [edx+30]
inc edi
dec esi
jne 0042DDC6
test [ebx+20], 10
je 0042DE07
mov eax, esi
call 00402D90
test al, al
je 0042DE07
cmp dword ptr [esi+00000230], 00000000
je 0042DE07
call [edx+0C]

|:0042DDDD(C), :0042DDF1(C), :0042DDFA(C)
|
:0042DE07 5F
pop edi
:0042DE08 5E
pop esi
:0042DE09 5B
pop ebx
:0042DE0A C3
ret
:0042DE0B 90
nop

|:0043C51C
|
:0042DE0C 53
push ebx
:0042DE0D 56
push esi
:0042DE0E 57
push edi
:0042DE0F
:0042DE10
:0042DE11
:0042DE13
:0042DE15
:0042DE18
:0042DE1D
:0042DE1F
:0042DE23
:0042DE25
:0042DE2A
:0042DE2C
:0042DE2F
:0042DE32
:0042DE33
:0042DE35
:0042DE37
:0042DE38
55
51
8BF2
8BF8
8B4608
E8CB8C0000
8BD8
668B4604
8BD3
E806280000
8BE8
8B4724
8B7008
4E
85F6
7C42
46
33DB
|:0042DE77(C)
|
:0042DE3A 8B4724
:0042DE3D 8BD3
:0042DE3F E834EDFDFF
:0042DE44 663B6860
:0042DE48 752B
:0042DE4A 8B4724
:0042DE4D 8BD3
:0042DE4F E824EDFDFF
:0042DE54 8A4051
:0042DE57 880424
:0042DE5A 803C2400
:0042DE5E 741D
:0042DE60 8B4724
:0042DE63 8BD3
:0042DE65 E80EEDFDFF
:0042DE6A 66BBF0FF
:0042DE6E E8814FFDFF
:0042DE73 EB08
push ebp
push ecx
mov esi, edx
mov edi, eax
call 00436AE8
mov ebx, eax
mov edx, ebx
call 00430630
mov ebp, eax
dec esi
test esi, esi
jl 0042DE79
inc esi
xor ebx, ebx
mov edx, ebx
call 0040CB78
cmp bp, word ptr [eax+60]
jne 0042DE75
mov edx, ebx
call 0040CB78
je 0042DE7D
mov edx, ebx
call 0040CB78
mov bx, FFF0
call 00402DF4
jmp 0042DE7D

|:0042DE48(C)
|
:0042DE75 43
inc ebx
:0042DE76 4E
dec esi
:0042DE77 75C1
jne 0042DE3A
|:0042DE35(C)
|
:0042DE79 C6042400
|:0042DE5E(C), :0042DE73(U)
|
:0042DE7D 8A0424
:0042DE80 5A
:0042DE81 5D
:0042DE82 5F

mov
pop
pop
pop
al, byte ptr [esp]

edx
ebp
edi
:0042DE83 5E
:0042DE84 5B
:0042DE85 C3
pop esi
pop ebx
ret
:0042DE86
:0042DE88
:0042DE89
:0042DE8A
:0042DE8E
:0042DE93
:0042DE95
:0042DE97
:0042DE99
:0042DE9C
mov eax, eax

push ebx
push ecx
je 0042DE9F
mov ecx, esp
mov ebx, eax
call [ebx+38]
8BC0
53
51
C6042400
6683783A00
740A
8BCC
8BD8
8B433C
FF5338

|:0042DE93(C)
|
:0042DE9F 8A0424
:0042DEA2 5A
pop edx
:0042DEA3 5B
pop ebx
:0042DEA4 C3
ret
:0042DEA5
:0042DEA8
:0042DEA9
:0042DEAA
:0042DEAE
:0042DEB3
:0042DEB5
:0042DEB7
:0042DEB9
:0042DEBC
8D4000
53
51
C6042400
6683784200
740A
8BCC
8BD8
8B4344
FF5340

push ebx
push ecx
je 0042DEBF
mov ecx, esp
mov ebx, eax
call [ebx+40]

|:0042DEB3(C)
|
:0042DEBF 8A0424
:0042DEC2 5A
pop edx
:0042DEC3 5B
pop ebx
:0042DEC4 C3
ret
:0042DEC5 8D4000

|:0042226C , :00430BD1
|
:0042DEC8 53
push ebx
:0042DEC9 8BD8
mov ebx, eax
:0042DECB 8B430C
:0042DECE 8B15F4D74200
:0042DED4 E8B74EFDFF
call 00402D90
:0042DED9 5B
pop ebx
:0042DEDA C3
ret
:0042DEDB 90
nop

|:0041E225 , :00430C05
|
:0042DEDC 53
push ebx
:0042DEDD 8BD8
mov ebx, eax
:0042DEDF 8B430C
:0042DEE2 8B15F4D74200
:0042DEE8 E8A34EFDFF
call 00402D90
:0042DEED 5B
pop ebx
:0042DEEE C3
ret
:0042DEEF 90
nop

|:004222CD , :00430C35
|
:0042DEF0 53
push ebx
:0042DEF1 8BD8
mov ebx, eax
:0042DEF3 8B430C
:0042DEF6 8B15F4D74200
:0042DEFC E88F4EFDFF
call 00402D90
:0042DF01 5B
pop ebx
:0042DF02 C3
ret
:0042DF03 90
nop

|:00425221 , :00430C65
|
:0042DF04 53
push ebx
:0042DF05 8BD8
mov ebx, eax
:0042DF07 8B430C
:0042DF0A 8B15F4D74200
:0042DF10 E87B4EFDFF
call 00402D90
:0042DF15 5B
pop ebx
:0042DF16 C3
ret
:0042DF17 90
nop

|:00422301 , :00430C95
|
:0042DF18 53
push ebx
:0042DF19 8BD8
mov ebx, eax
:0042DF1B 8B430C
:0042DF1E 8B15F4D74200
:0042DF24 E8674EFDFF
call 00402D90
:0042DF29 5B
pop ebx
:0042DF2A C3
ret
:0042DF2B 90
|:00430CC9
|
nop
:0042DF2C
:0042DF2D
:0042DF2F
:0042DF32
:0042DF38
:0042DF3D
:0042DF3E
53
8BD8
8B430C
8B15F4D74200
E8534EFDFF
5B
C3
:0042DF3F 90
push ebx
mov ebx, eax
call 00402D90
pop ebx
ret
nop

|:00430CF9
|
:0042DF40 53
push ebx
:0042DF41 8BD8
mov ebx, eax
:0042DF43 8B430C
:0042DF46 8B15F4D74200
:0042DF4C E83F4EFDFF
call 00402D90
:0042DF51 5B
pop ebx
:0042DF52 C3
ret
:0042DF53 90
nop

|:00422335 , :00430D2D
|
:0042DF54 53
push ebx
:0042DF55 8BD8
mov ebx, eax
:0042DF57 8B430C
:0042DF5A 8B15F4D74200
:0042DF60 E82B4EFDFF
call 00402D90
:0042DF65 5B
pop ebx
:0042DF66 C3
ret
:0042DF67 90
:0042DF68 C3
nop
ret
:0042DF69 8D4000
:0042DF6C C3

ret
:0042DF6D 8D4000
:0042DF70 C3

ret
:0042DF71 8D4000
:0042DF74 C3

ret
:0042DF75 8D4000
:0042DF78 C3

ret
:0042DF79 8D4000
:0042DF7C C3

ret
:0042DF7D 8D4000
:0042DF80 C3

ret
:0042DF81 8D4000
:0042DF84 C3

ret
:0042DF85 8D4000

|:0041E852
|
:0042DF88 53
push ebx
:0042DF89 56
push esi
:0042DF8A 84D2
test dl, dl
:0042DF8C 7408
je 0042DF96
:0042DF8E 83C4F0
add esp, FFFFFFF0
:0042DF91 E86E4FFDFF
call 00402F04
|:0042DF8C(C)
|
:0042DF96 8BDA
:0042DF98 8BF0
:0042DF9A 33D2
:0042DF9C 8BC6
:0042DF9E E80D3EFEFF
:0042DFA3 C6464801
:0042DFA7 C6465101
:0042DFAB C7465CFFFFFFFF
:0042DFB2 C6466201
:0042DFB6 8BC6
:0042DFB8 84DB
:0042DFBA 740F
:0042DFBC E89B4FFDFF
:0042DFC1 648F0500000000
:0042DFC8 83C40C

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 00411DB0
mov [esi+48], 01
mov [esi+51], 01
mov [esi+5C], FFFFFFFF
mov [esi+62], 01
mov eax, esi
test bl, bl
je 0042DFCB
call 00402F5C
add esp, 0000000C

|:0042DFBA(C)
|
:0042DFCB 8BC6
mov eax, esi
:0042DFCD 5E
pop esi
:0042DFCE 5B
pop ebx
:0042DFCF C3
ret
:0042DFD0
:0042DFD1
:0042DFD2
:0042DFD7
:0042DFD9
:0042DFDB
:0042DFDE
:0042DFE3
:0042DFE6
:0042DFEB
:0042DFED
53
56
E88D4FFDFF
8BDA
8BF0
8B466C
E83D4CFDFF
8B4670
E8354CFDFF
8BD3
80E2FC
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
call 00402C20
call 00402C20
mov edx, ebx
and dl, FC
:0042DFF0
:0042DFF2
:0042DFF7
:0042DFF9
:0042DFFB
:0042DFFD
8BC6
E89DF9FFFF
84DB
7E07
8BC6
E8524FFDFF
mov eax, esi

call 0042D994
test bl, bl
jle 0042E002
mov eax, esi
call 00402F54

|:0042DFF9(C)
|
:0042E002 5E
pop esi
:0042E003 5B
pop ebx
:0042E004 C3
ret
:0042E005
:0042E008
:0042E009
:0042E00A
:0042E00B
:0042E00D
:0042E00F
:0042E011
:0042E017
:0042E01C
:0042E01E
:0042E020
:0042E023
:0042E025
:0042E027
:0042E02C
:0042E02F
:0042E031
:0042E036
:0042E039
:0042E03B
:0042E040
:0042E043
:0042E045
:0042E04A
:0042E04D
:0042E04F
:0042E054
:0042E057
:0042E059
:0042E05E
:0042E062
:0042E064
:0042E069
:0042E06C
:0042E06E
:0042E073
8D4000
53
56
57
8BF2
8BD8
8BC6
8B15F4D74200
E8744DFDFF
84C0
7455
8B534C
8BFE
8BC7
E858000000
8A5350
8BC7
E8B6000000
8A5351
8BC7
E804010000
8B5354
8BC7
E852010000
8B5358
8BC7
E8A0010000
8B535C
8BC7
E8FE010000
668B5360
8BC7
E84B020000
8A5362
8BC7
E89D020000
EB09
|:0042E01E(C)
|
:0042E075 8BD6
:0042E077 8BC3
:0042E079 E88EF2FDFF

push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov eax, esi
call 00402D90
test al, al
je 0042E075
mov edi, esi
mov eax, edi
call 0042E084
mov eax, edi
call 0042E0EC
mov eax, edi
call 0042E144
mov eax, edi
call 0042E19C
mov eax, edi
call 0042E1F4
mov eax, edi
call 0042E25C
mov dx, word ptr [ebx+60]
mov eax, edi
call 0042E2B4
mov eax, edi
call 0042E310
jmp 0042E07E
mov edx, esi
mov eax, ebx
call 0040D30C

|:0042E073(U)
|
:0042E07E 5F
pop edi
:0042E07F 5E
pop esi
:0042E080 5B
pop ebx
:0042E081 C3
ret
:0042E082 8BC0
mov eax, eax

|:00424FC2 , :0042E027 , :0042E3AB , :0043291F
|
:0042E084 53
push ebx
:0042E085 56
push esi
:0042E086 57
push edi
:0042E087 55
push ebp
:0042E088 8BEA
mov ebp, edx
:0042E08A 8BD8
mov ebx, eax
:0042E08C 8BC5
mov eax, ebp
:0042E08E 8B534C
:0042E091 E8AE5AFDFF
call 00403B44
:0042E096 744D
je 0042E0E5
:0042E098 8B433C
:0042E09B 8B7808
:0042E09E 4F
dec edi
:0042E09F 85FF
test edi, edi
:0042E0A1 7C31
jl 0042E0D4
:0042E0A3 47
inc edi
:0042E0A4 33F6
xor esi, esi
|:0042E0D2(C)
|
:0042E0A6 8BD6
:0042E0A8 8B433C
:0042E0AB E8C8EAFDFF
:0042E0B0 8B15E0D84200
:0042E0B6 E8D54CFDFF
:0042E0BB 84C0
:0042E0BD 7411
:0042E0BF 8BD6
:0042E0C1 8B433C
:0042E0C4 E8AFEAFDFF
:0042E0C9 8BD5
:0042E0CB 8B08
:0042E0CD FF513C

mov edx, esi
mov eax, dword
call 0040CB78
mov edx, dword
call 00402D90
test al, al
je 0042E0D0
mov edx, esi
mov eax, dword
call 0040CB78
mov edx, ebp
mov ecx, dword
call [ecx+3C]
ptr [ebx+3C]
ptr [0042D8E0]
ptr [ebx+3C]
ptr [eax]

|:0042E0BD(C)
|
:0042E0D0 46
inc esi
:0042E0D1 4F
dec edi
:0042E0D2 75D2
jne 0042E0A6
|:0042E0A1(C)
|
:0042E0D4 8D434C
:0042E0D7
:0042E0D9
:0042E0DE
:0042E0E0
:0042E0E2
8BD5
E82E57FDFF
8BC3
8B10
FF5230
mov edx, ebp

call 0040380C
mov eax, ebx
call [edx+30]

|:0042E096(C)
|
:0042E0E5 5D
pop ebp
:0042E0E6 5F
pop edi
:0042E0E7 5E
pop esi
:0042E0E8 5B
pop ebx
:0042E0E9 C3
ret
:0042E0EA 8BC0
mov eax, eax

|:0042E031
|
:0042E0EC 53
push ebx
:0042E0ED 56
push esi
:0042E0EE 57
push edi
:0042E0EF 55
push ebp
:0042E0F0 8BDA
mov ebx, edx
:0042E0F2 8BE8
mov ebp, eax
:0042E0F4 3A5D50
cmp bl, byte ptr [ebp+50]
:0042E0F7 7446
je 0042E13F
:0042E0F9 8B453C
:0042E0FC 8B7808
:0042E0FF 4F
dec edi
:0042E100 85FF
test edi, edi
:0042E102 7C31
jl 0042E135
:0042E104 47
inc edi
:0042E105 33F6
xor esi, esi
|:0042E133(C)
|
:0042E107 8BD6
:0042E109 8B453C
:0042E10C E867EAFDFF
:0042E111 8B15E0D84200
:0042E117 E8744CFDFF
:0042E11C 84C0
:0042E11E 7411
:0042E120 8BD6
:0042E122 8B453C
:0042E125 E84EEAFDFF
:0042E12A 8BD3
:0042E12C 8B08
:0042E12E FF5140

mov edx, esi
mov eax, dword
call 0040CB78
mov edx, dword
call 00402D90
test al, al
je 0042E131
mov edx, esi
mov eax, dword
call 0040CB78
mov edx, ebx
mov ecx, dword
call [ecx+40]
ptr [ebp+3C]
ptr [0042D8E0]
ptr [ebp+3C]
ptr [eax]

|:0042E11E(C)
|
:0042E131 46
inc esi
:0042E132 4F
dec edi
:0042E133 75D2
jne 0042E107

|:0042E102(C)
|
:0042E135 885D50
mov byte ptr [ebp+50], bl
:0042E138 8BC5
mov eax, ebp
:0042E13A 8B10
:0042E13C FF5230
call [edx+30]
|:0042E0F7(C)
|
:0042E13F 5D
pop ebp
:0042E140 5F
pop edi
:0042E141 5E
pop esi
:0042E142 5B
pop ebx
:0042E143 C3
ret

|:00424FA4 , :0042E03B , :004328F7 , :0043FE47
|
:0042E144 53
push ebx
:0042E145 56
push esi
:0042E146 57
push edi
:0042E147 55
push ebp
:0042E148 8BDA
mov ebx, edx
:0042E14A 8BE8
mov ebp, eax
:0042E14C 3A5D51
:0042E14F 7446
je 0042E197
:0042E151 8B453C
:0042E154 8B7808
:0042E157 4F
dec edi
:0042E158 85FF
test edi, edi
:0042E15A 7C31
jl 0042E18D
:0042E15C 47
inc edi
:0042E15D 33F6
xor esi, esi
|:0042E18B(C)
|
:0042E15F 8BD6
:0042E161 8B453C
:0042E164 E80FEAFDFF
:0042E169 8B15E0D84200
:0042E16F E81C4CFDFF
:0042E174 84C0
:0042E176 7411
:0042E178 8BD6
:0042E17A 8B453C
:0042E17D E8F6E9FDFF
:0042E182 8BD3
:0042E184 8B08
:0042E186 FF5144

mov edx, esi
mov eax, dword
call 0040CB78
mov edx, dword
call 00402D90
test al, al
je 0042E189
mov edx, esi
mov eax, dword
call 0040CB78
mov edx, ebx
mov ecx, dword
call [ecx+44]
ptr [ebp+3C]
ptr [0042D8E0]
ptr [ebp+3C]
ptr [eax]

|:0042E176(C)
|
:0042E189 46
inc esi
:0042E18A 4F
:0042E18B 75D2
dec edi
jne 0042E15F

|:0042E15A(C)
|
:0042E18D 885D51
:0042E190 8BC5
mov eax, ebp
:0042E192 8B10
:0042E194 FF5230
call [edx+30]
|:0042E14F(C)
|
:0042E197 5D
pop ebp
:0042E198 5F
pop edi
:0042E199 5E
pop esi
:0042E19A 5B
pop ebx
:0042E19B C3
ret

|:00429AE0 , :0042E045 , :00432901
|
:0042E19C 53
push ebx
:0042E19D 56
push esi
:0042E19E 57
push edi
:0042E19F 55
push ebp
:0042E1A0 8BEA
mov ebp, edx
:0042E1A2 8BD8
mov ebx, eax
:0042E1A4 3B6B54
cmp ebp, dword ptr [ebx+54]
:0042E1A7 7446
je 0042E1EF
:0042E1A9 8B433C
:0042E1AC 8B7808
:0042E1AF 4F
dec edi
:0042E1B0 85FF
test edi, edi
:0042E1B2 7C31
jl 0042E1E5
:0042E1B4 47
inc edi
:0042E1B5 33F6
xor esi, esi
|:0042E1E3(C)
|
:0042E1B7 8BD6
:0042E1B9 8B433C
:0042E1BC E8B7E9FDFF
:0042E1C1 8B15E0D84200
:0042E1C7 E8C44BFDFF
:0042E1CC 84C0
:0042E1CE 7411
:0042E1D0 8BD6
:0042E1D2 8B433C
:0042E1D5 E89EE9FDFF
:0042E1DA 8BD5
:0042E1DC 8B08
:0042E1DE FF5148

mov edx, esi
mov eax, dword
call 0040CB78
mov edx, dword
call 00402D90
test al, al
je 0042E1E1
mov edx, esi
mov eax, dword
call 0040CB78
mov edx, ebp
mov ecx, dword
call [ecx+48]
ptr [ebx+3C]
ptr [0042D8E0]
ptr [ebx+3C]
ptr [eax]

|:0042E1CE(C)
|
:0042E1E1 46
:0042E1E2 4F
:0042E1E3 75D2
inc esi
dec edi
jne 0042E1B7

|:0042E1B2(C)
|
:0042E1E5 896B54
mov dword ptr [ebx+54], ebp
:0042E1E8 8BC3
mov eax, ebx
:0042E1EA 8B10
:0042E1EC FF5230
call [edx+30]
|:0042E1A7(C)
|
:0042E1EF 5D
pop ebp
:0042E1F0 5F
pop edi
:0042E1F1 5E
pop esi
:0042E1F2 5B
pop ebx
:0042E1F3 C3
ret

|:00424FAE , :0042E04F , :0043290B , :0043F584
|
:0042E1F4 53
push ebx
:0042E1F5 56
push esi
:0042E1F6 57
push edi
:0042E1F7 55
push ebp
:0042E1F8 8BEA
mov ebp, edx
:0042E1FA 8BD8
mov ebx, eax
:0042E1FC 8BC5
mov eax, ebp
:0042E1FE 8B5358
:0042E201 E83E59FDFF
call 00403B44
:0042E206 744D
je 0042E255
:0042E208 8B433C
:0042E20B 8B7808
:0042E20E 4F
dec edi
:0042E20F 85FF
test edi, edi
:0042E211 7C31
jl 0042E244
:0042E213 47
inc edi
:0042E214 33F6
xor esi, esi
|:0042E242(C)
|
:0042E216 8BD6
:0042E218 8B433C
:0042E21B E858E9FDFF
:0042E220 8B15E0D84200
:0042E226 E8654BFDFF
:0042E22B 84C0
:0042E22D 7411
:0042E22F 8BD6
:0042E231 8B433C
:0042E234 E83FE9FDFF
:0042E239 8BD5
:0042E23B 8B08

mov edx, esi
mov eax, dword
call 0040CB78
mov edx, dword
call 00402D90
test al, al
je 0042E240
mov edx, esi
mov eax, dword
call 0040CB78
mov edx, ebp
mov ecx, dword
ptr [ebx+3C]
ptr [0042D8E0]
ptr [ebx+3C]
ptr [eax]
:0042E23D FF514C
call [ecx+4C]

|:0042E22D(C)
|
:0042E240 46
inc esi
:0042E241 4F
dec edi
:0042E242 75D2
jne 0042E216
|:0042E211(C)
|
:0042E244 8D4358
:0042E247 8BD5
:0042E249 E8BE55FDFF
:0042E24E 8BC3
:0042E250 8B10
:0042E252 FF5230

mov edx, ebp
call 0040380C
mov eax, ebx
call [edx+30]

|:0042E206(C)
|
:0042E255 5D
pop ebp
:0042E256 5F
pop edi
:0042E257 5E
pop esi
:0042E258 5B
pop ebx
:0042E259 C3
ret
:0042E25A 8BC0
mov eax, eax

|:0042E059 , :00432915
|
:0042E25C 53
push ebx
:0042E25D 56
push esi
:0042E25E 57
push edi
:0042E25F 55
push ebp
:0042E260 8BEA
mov ebp, edx
:0042E262 8BD8
mov ebx, eax
:0042E264 3B6B5C
cmp ebp, dword ptr [ebx+5C]
:0042E267 7446
je 0042E2AF
:0042E269 8B433C
:0042E26C 8B7808
:0042E26F 4F
dec edi
:0042E270 85FF
test edi, edi
:0042E272 7C31
jl 0042E2A5
:0042E274 47
inc edi
:0042E275 33F6
xor esi, esi
|:0042E2A3(C)
|
:0042E277 8BD6
:0042E279 8B433C
:0042E27C E8F7E8FDFF
:0042E281 8B15E0D84200
:0042E287 E8044BFDFF
:0042E28C 84C0
:0042E28E 7411

mov edx, esi
call 0040CB78
mov edx, dword ptr [0042D8E0]
call 00402D90
test al, al
je 0042E2A1
:0042E290
:0042E292
:0042E295
:0042E29A
:0042E29C
:0042E29E
8BD6
8B433C
E8DEE8FDFF
8BD5
8B08
FF5150
mov edx, esi

call 0040CB78
mov edx, ebp
call [ecx+50]

|:0042E28E(C)
|
:0042E2A1 46
inc esi
:0042E2A2 4F
dec edi
:0042E2A3 75D2
jne 0042E277
|:0042E272(C)
|
:0042E2A5 896B5C
mov dword ptr [ebx+5C], ebp
:0042E2A8 8BC3
mov eax, ebx
:0042E2AA 8B10
:0042E2AC FF5230
call [edx+30]
|:0042E267(C)
|
:0042E2AF 5D
pop ebp
:0042E2B0 5F
pop edi
:0042E2B1 5E
pop esi
:0042E2B2 5B
pop ebx
:0042E2B3 C3
ret

|:0042E064
|
:0042E2B4 53
push ebx
:0042E2B5 56
push esi
:0042E2B6 57
push edi
:0042E2B7 55
push ebp
:0042E2B8 8BEA
mov ebp, edx
:0042E2BA 8BD8
mov ebx, eax
:0042E2BC 663B6B60
cmp bp, word ptr [ebx+60]
:0042E2C0 7447
je 0042E309
:0042E2C2 8B433C
:0042E2C5 8B7808
:0042E2C8 4F
dec edi
:0042E2C9 85FF
test edi, edi
:0042E2CB 7C31
jl 0042E2FE
:0042E2CD 47
inc edi
:0042E2CE 33F6
xor esi, esi
|:0042E2FC(C)
|
:0042E2D0 8BD6
:0042E2D2 8B433C
:0042E2D5 E89EE8FDFF
:0042E2DA 8B15E0D84200
:0042E2E0 E8AB4AFDFF

mov edx, esi
call 0040CB78
call 00402D90
:0042E2E5
:0042E2E7
:0042E2E9
:0042E2EB
:0042E2EE
:0042E2F3
:0042E2F5
:0042E2F7
84C0
7411
8BD6
8B433C
E885E8FDFF
8BD5
8B08
FF5154
test al, al
je 0042E2FA
mov edx, esi
call 0040CB78
mov edx, ebp
call [ecx+54]

|:0042E2E7(C)
|
:0042E2FA 46
inc esi
:0042E2FB 4F
dec edi
:0042E2FC 75D2
jne 0042E2D0
|:0042E2CB(C)
|
:0042E2FE 66896B60
:0042E302 8BC3
:0042E304 8B10
:0042E306 FF5230

mov word ptr [ebx+60], bp
mov eax, ebx
call [edx+30]

|:0042E2C0(C)
|
:0042E309 5D
pop ebp
:0042E30A 5F
pop edi
:0042E30B 5E
pop esi
:0042E30C 5B
pop ebx
:0042E30D C3
ret
:0042E30E 8BC0
mov eax, eax

|:00424FCC , :0042E06E , :00432929
|
:0042E310 53
push ebx
:0042E311 56
push esi
:0042E312 57
push edi
:0042E313 55
push ebp
:0042E314 8BDA
mov ebx, edx
:0042E316 8BE8
mov ebp, eax
:0042E318 3A5D62
:0042E31B 7446
je 0042E363
:0042E31D 8B453C
:0042E320 8B7808
:0042E323 4F
dec edi
:0042E324 85FF
test edi, edi
:0042E326 7C31
jl 0042E359
:0042E328 47
inc edi
:0042E329 33F6
xor esi, esi
|:0042E357(C)
|
:0042E32B 8BD6
mov edx, esi
:0042E32D 8B453C
:0042E330
:0042E335
:0042E33B
:0042E340
:0042E342
:0042E344
:0042E346
:0042E349
:0042E34E
:0042E350
:0042E352
E843E8FDFF
8B15E0D84200
E8504AFDFF
84C0
7411
8BD6
8B453C
E82AE8FDFF
8BD3
8B08
FF5158
call 0040CB78
call 00402D90
test al, al
je 0042E355
mov edx, esi
call 0040CB78
mov edx, ebx
call [ecx+58]

|:0042E342(C)
|
:0042E355 46
inc esi
:0042E356 4F
dec edi
:0042E357 75D2
jne 0042E32B
|:0042E326(C)
|
:0042E359 885D62
:0042E35C 8BC5
mov eax, ebp
:0042E35E 8B10
:0042E360 FF5230
call [edx+30]
|:0042E31B(C)
|
:0042E363 5D
pop ebp
:0042E364 5F
pop edi
:0042E365 5E
pop esi
:0042E366 5B
pop ebx
:0042E367 C3
ret
:0042E368
:0042E369
:0042E36A
:0042E36B
:0042E36D
:0042E36F
:0042E372
:0042E375
:0042E37A
:0042E37C
:0042E37F
:0042E381
:0042E383
:0042E387
53
56
57
8BFA
8BF0
8B4608
8B564C
E8CA57FDFF
750D
8B5E04
85DB
740A
F6432001
7404
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
mov eax, dword
mov edx, dword
call 00403B44
jne 0042E389
mov ebx, dword
test ebx, ebx
je 0042E38D
test [ebx+20],
je 0042E38D
ptr [esi+08]
ptr [esi+4C]
ptr [esi+04]
01

|:0042E37A(C)
|
:0042E389 33C0
xor eax, eax
:0042E38B EB02
jmp 0042E38F
|:0042E381(C), :0042E387(C)
|
:0042E38D B001
mov al, 01
|:0042E38B(U)
|
:0042E38F 8BD8
:0042E391 8BD7
:0042E393 8BC6
:0042E395 E84636FEFF
:0042E39A 84DB
:0042E39C 7412
:0042E39E 8B463C
:0042E3A1 83780800
:0042E3A5 7509
:0042E3A7 8BD7
:0042E3A9 8BC6
:0042E3AB E8D4FCFFFF
|:0042E39C(C), :0042E3A5(C)
|
:0042E3B0 5F
:0042E3B1 5E
:0042E3B2 5B
:0042E3B3 C3
mov ebx, eax

mov edx, edi
mov eax, esi
call 004119E0
test bl, bl
je 0042E3B0
jne 0042E3B0
mov edx, edi
mov eax, esi
call 0042E084
pop edi
pop esi
pop ebx
ret

|:004221AC
|
:0042E3B4 53
push ebx
:0042E3B5 51
push ecx
:0042E3B6 C6042401
:0042E3BA 6683786600
:0042E3BF 740A
je 0042E3CB
:0042E3C1 8BCC
mov ecx, esp
:0042E3C3 8BD8
mov ebx, eax
:0042E3C5 8B4368
:0042E3C8 FF5364
call [ebx+64]
|:0042E3BF(C)
|
:0042E3CB 8A0424
:0042E3CE 5A
pop edx
:0042E3CF 5B
pop ebx
:0042E3D0 C3
ret
:0042E3D1
:0042E3D4
:0042E3D5
:0042E3D7
:0042E3D9
:0042E3DB
:0042E3DE
:0042E3E2
:0042E3E4
8D4000
53
8BD8
8BC3
8B10
FF5244
807B5100
740B
8BC3

push ebx
mov ebx, eax
mov eax, ebx
call [edx+44]
je 0042E3EF
mov eax, ebx
:0042E3E6 E815F7FFFF
:0042E3EB 84C0
:0042E3ED 7504
call 0042DB00
test al, al
jne 0042E3F3

|:0042E3E2(C)
|
:0042E3EF 33C0
xor eax, eax
:0042E3F1 5B
pop ebx
:0042E3F2 C3
ret

|:0042E3ED(C)
|
:0042E3F3 B001
mov al, 01
:0042E3F5 5B
pop ebx
:0042E3F6 C3
ret
:0042E3F7
:0042E3F8
:0042E3F9
:0042E3FB
:0042E3FD
:0042E3FE
:0042E403
:0042E406
:0042E409
:0042E40F
:0042E411
:0042E412
:0042E413
:0042E414
:0042E417
90
55
8BEC
33C0
55
681DE44200
64FF30
648920
FF0590374400
33C0
5A
59
59
648910
6824E44200
nop
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0042E41D
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042E424
|:0042E422(U)
|
:0042E41C C3
:0042E41D E9564EFDFF
:0042E422 EBF8
:0042E424 5D
:0042E425 C3
:0042E426 8BC0
:0042E428 832D9037440001
:0042E42F C3
mov eax, eax

sub dword ptr [00443790], 00000001
ret
:0042E430 7CE4
jl 0042E416
|:0042E44C(C)
|
:0042E432 42
:0042E433 00000000000000000000
:0042E43D 00000000000000000000
ret
jmp 00403278
jmp 0042E41C
pop ebp
ret
inc edx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
:0042E447 0000000000
BYTE 5 DUP(0)
:0042E44C 7CE44200
:0042E450 84E44200
DWORD 0042E47C
DWORD 0042E484
:0042E454
:0042E456
:0042E458
:0042E45A
:0042E45B
:0042E45D
1000
0000
8810
40
0028
2E
adc byte ptr

add byte ptr
mov byte ptr
inc eax
add byte ptr
BYTE 02eh
:0042E45E
:0042E45F
:0042E462
:0042E463
:0042E465
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0042E466
:0042E467
:0042E46A
:0042E46B
:0042E46D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0042E46E
:0042E46F
:0042E476
:0042E477
:0042E47E
40
00B42B4000C82B
40
00BCFA42000100
FFFF
inc eax
inc eax
add byte ptr [edx+8*edi+00010042], bh
BYTE 2 DUP(0ffh)
:0042E480
:0042E481
:0042E482
:0042E483
:0042E485
:0042E486
:0042E487
:0042E48C
:0042E48D
:0042E494
:0042E49E
F0
FA
42
000B
54
43
68616E6765
4C
696E6BDCE44200
00000000000000000000
0000
lock
cli
inc edx
push esp
inc ebx
push 65676E61
dec esp
imul ebp, dword ptr [esi+6B], 0042E4DC
BYTE 10 DUP(0)
BYTE 2 DUP(0)
[eax], al
[eax], al
[eax], dl
[eax], ch
:0042E4A0 38E5
:0042E4A2 42
:0042E4A3 000000000000000000
cmp ch, ah
inc edx
BYTE 9 DUP(0)
:0042E4AC 18E54200
:0042E4B0 20E54200
DWORD 0042E518
DWORD 0042E520
:0042E4B4 5C
:0042E4B5 000000
pop esp
BYTE 3 DUP(0)
:0042E4B8
:0042E4BA
:0042E4BB
:0042E4BE
:0042E4BF
:0042E4C2
:0042E4C3
:0042E4C5
A8BE
40
00681C
41
00342E
40
0038
2E
test al, BE
inc eax
inc ecx
inc eax
BYTE 02eh
:0042E4C6
:0042E4C7
:0042E4CA
:0042E4CB
:0042E4CD
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0042E4CE
:0042E4CF
:0042E4D6
:0042E4D7
:0042E4D9
:0042E4DB
:0042E4DE
:0042E4DF
:0042E4E1
:0042E4E2
:0042E4E3
:0042E4E9
:0042E4EC
:0042E4F1
:0042E4F4
:0042E4F6
:0042E4F7
:0042E4FD
:0042E500
:0042E505
:0042E507
:0042E50D
:0042E50F
:0042E512
:0042E513
:0042E51A
:0042E51B
:0042E522
:0042E523
:0042E525
:0042E527
:0042E528
:0042E529
:0042E52A
:0042E52B
:0042E52C
40
00B42B4000C82B
40
00EC
E542
0048F0
42
00D0
F3
42
0088EF4200A8
184100
68174100B4
184100
E019
41
00801C4100C4
184100
BC18410088
1C41
00A0E54200E8
EB42
0058E6
42
008CF142000100
F0
FF9CF142001054
43
7573
746F
6D
49
6D
61
67
65
inc eax
inc eax
add ah, ch
in ax, 42
add byte ptr [eax-10], cl
inc edx
add al, dl
repz
inc edx
add byte ptr [eax+A80042EF], cl
push B4004117
loopnz 0042E50F
inc ecx
mov esp, 88004118
sbb al, 41
add byte ptr [eax+E80042E5], ah
jmp 0042E551
add byte ptr [eax-1A], bl
inc edx
add byte ptr [ecx+8*esi+00010042], cl
lock
call far dword ptr [ecx+8*esi+54100042]
inc ebx
jne 0042E598
je 0042E596
insd
dec ecx
insd
popad
BYTE 067h
BYTE 065h
:0042E52D 4C
dec esp
:0042E52E
:0042E535
:0042E537
:0042E539
:0042E53D
:0042E53F
:0042E540
:0042E541
:0042E542
:0042E543
:0042E544
:0042E545
6973748D400038
E542
0007
10544375
7374
6F
6D
49
6D
61
67
65
imul esi, dword ptr [ebx+74], 3800408D

in ax, 42
adc byte ptr [ebx+2*eax+75], dl
jnb 0042E5B3
outsd
insd
dec ecx
insd
popad
BYTE 067h
BYTE 065h
:0042E546
:0042E547
:0042E54E
:0042E553
:0042E555
:0042E556
:0042E557
:0042E559
4C
697374DCE44200
A0BF400002
0007
49
6D
674C
69737400008BC0
dec esp
imul esi, dword ptr [ebx+74], 0042E4DC
dec ecx
insd
dec esp
imul esi, dword ptr [ebx+74], C08B0000

|:0042EB9B , :0042EC14 , :0042EC21
|
:0042E560 E8A355FEFF
call 00413B08
:0042E565 8BD0
mov edx, eax
:0042E567 81EAFFFFFF1F
sub edx, 1FFFFFFF
:0042E56D 7405
je 0042E574
:0042E56F 4A
dec edx
:0042E570 7406
je 0042E578
:0042E572 EB09
jmp 0042E57D
|:0042E56D(C)
|
:0042E574 83C8FF
or eax, FFFFFFFF
:0042E577 C3
ret

|:0042E570(C)
|
:0042E578 B8000000FF
mov eax, FF000000
|:0042E572(U)
|
:0042E57D C3
ret
:0042E57E 8BC0
mov eax, eax
|:0042EBDB , :0042F01A , :0042F0D2
|
:0042E580 8BD0
mov edx, eax
:0042E582 81EA000000FF
sub edx, FF000000
:0042E588 740E
je 0042E598
:0042E58A 81EAFFFFFF00
sub edx, 00FFFFFF
:0042E590 750B
:0042E597 C3
jne 0042E59D
mov eax, 1FFFFFFF
ret

|:0042E523(C), :0042E588(C)
|
:0042E598 B800000020
mov eax, 20000000
|:0042E590(C)
|
:0042E59D C3
:0042E59E 8BC0
:0042E5A0 53
:0042E5A1 56
:0042E5A2 84D2
:0042E5A4 7408
:0042E5A6 83C4F0
:0042E5A9 E85649FDFF
|:0042E5A4(C)
|
:0042E5AE 8BDA
:0042E5B0 8BF0
:0042E5B2 33D2
:0042E5B4 8BC6
:0042E5B6 E8052FFEFF
:0042E5BB C7462810000000
:0042E5C2 C7462410000000
:0042E5C9 8BC6
:0042E5CB 8B10
:0042E5CD FF5234
:0042E5D0 8BC6
:0042E5D2 84DB
:0042E5D4 740F
:0042E5D6 E88149FDFF
:0042E5DB 648F0500000000
:0042E5E2 83C40C
ret
mov eax, eax
push ebx
push esi
test dl, dl
je 0042E5AE
add esp, FFFFFFF0
call 00402F04
mov ebx, edx

mov esi, eax
xor edx, edx
mov eax, esi
call 004114C0
mov [esi+28], 00000010
mov [esi+24], 00000010
mov eax, esi
call [edx+34]
mov eax, esi
test bl, bl
je 0042E5E5
call 00402F5C
add esp, 0000000C

|:0042E5D4(C)
|
:0042E5E5 8BC6
mov eax, esi
:0042E5E7 5E
pop esi
:0042E5E8 5B
pop ebx
:0042E5E9 C3
ret
:0042E5EA
:0042E5EC
:0042E5ED
:0042E5EE
:0042E5EF
:0042E5F4
:0042E5F6
:0042E5F8
8BC0
53
56
57
E87049FDFF
8BDA
8BF8
EB10
mov eax, eax

push ebx
push esi
push edi
call 00402F64
mov ebx, edx
mov edi, eax
jmp 0042E60A
|:0042E611(C)
|
:0042E5FA 8BC6
:0042E5FC E8CFE6FDFF
:0042E601 8BD0
:0042E603 8BC7
:0042E605 E8E20B0000
|:0042E5F8(U)
|
:0042E60A 8B7740
:0042E60D 837E0800
:0042E611 7FE7
:0042E613 8B4744
:0042E616 E80546FDFF
:0042E61B 8BC7
:0042E61D E88E020000
:0042E622 8B4740
:0042E625 E8F645FDFF
:0042E62A 33C0
:0042E62C 894740
:0042E62F 8B4748
:0042E632 85C0
:0042E634 7405
:0042E636 E8E545FDFF
|:0042E634(C)
|
:0042E63B 8BD3
:0042E63D 80E2FC
:0042E640 8BC7
:0042E642 E8C52EFEFF
:0042E647 84DB
:0042E649 7E07
:0042E64B 8BC7
:0042E64D E80249FDFF
mov eax, esi

call 0040CCD0
mov edx, eax
mov eax, edi
call 0042F1EC

jg 0042E5FA
call 00402C20
mov eax, edi
call 0042E8B0
call 00402C20
xor eax, eax
test eax, eax
je 0042E63B
call 00402C20
mov edx, ebx

and dl, FC
mov eax, edi
call 0041150C
test bl, bl
jle 0042E652
mov eax, edi
call 00402F54

|:0042E649(C)
|
:0042E652 5F
pop edi
:0042E653 5E
pop esi
:0042E654 5B
pop ebx
:0042E655 C3
ret
:0042E656
:0042E658
:0042E659
:0042E65B
:0042E65D
:0042E65E
:0042E660
:0042E662
:0042E663
:0042E668
8BC0
55
8BEC
6A00
53
8BD8
33C0
55
6805E74200
64FF30
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push ebx
mov ebx, eax
xor eax, eax
push ebp
push 0042E705
:0042E66B
:0042E66E
:0042E670
:0042E675
:0042E67A
:0042E67D
:0042E680
:0042E683
:0042E685
:0042E68A
:0042E68C
:0042E690
648920
B201
A154B54000
E87645FDFF
894340
8B4324
83F801
7C0D
3D00800000
7F06
837B2801
7D21

mov dl, 01
call 00402BF0
cmp eax, 00000001
jl 0042E692
cmp eax, 00008000
jg 0042E692
jge 0042E6B3
|:0042E683(C), :0042E68A(C)
|
:0042E692 8D55FC
:0042E695 A1E42A4400
:0042E69A E88567FDFF
:0042E69F 8B4DFC
:0042E6A2 B201
:0042E6A4 A1F4B44000
:0042E6A9 E8BEA1FDFF
:0042E6AE E8FD4BFDFF
|:0042E690(C)
|
:0042E6B3 C7432C04000000
:0042E6BA C6433501
:0042E6BE B202
:0042E6C0 8BC3
:0042E6C2 E8A90A0000
:0042E6C7 C6433700
:0042E6CB C74338FFFFFF1F
:0042E6D2 C7433CFFFFFF1F
:0042E6D9 B201
:0042E6DB A10C314100
:0042E6E0 E847A4FEFF
:0042E6E5 894344
:0042E6E8 8BC3
:0042E6EA E835000000
:0042E6EF 33C0
:0042E6F1 5A
:0042E6F2 59
:0042E6F3 59
:0042E6F4 648910
lea edx, dword

mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-04]
ptr [00442AE4]
ptr [ebp-04]
ptr [0040B4F4]
mov [ebx+2C], 00000004

mov [ebx+35], 01
mov dl, 02
mov eax, ebx
call 0042F170
mov [ebx+37], 00
mov [ebx+38], 1FFFFFFF
mov [ebx+3C], 1FFFFFFF
mov dl, 01
call 00418B2C
mov eax, ebx
call 0042E724
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0042E6F7 680CE74200
push 0042E70C
|:0042E70A(U)
|
:0042E6FC 8D45FC
:0042E6FF E8B450FDFF
:0042E704 C3

call 004037B8
ret
:0042E705
:0042E70A
:0042E70C
:0042E70D
:0042E70E
:0042E70F
E96E4BFDFF
EBF0
5B
59
5D
C3
|:0042A6CA , :0042A72E
|:0042A84D , :0042A865
|:0042EB37 , :0042EB90
|:0042EFE6 , :0042F09E
|
:0042E710 83783000
:0042E714 0F95C0
:0042E717 C3
jmp
jmp
pop
pop
pop
ret
Addresses:
, :0042A790
, :0042A87E
, :0042EBC5
00403278
0042E6FC
ebx
ecx
ebp
, :0042A7E5
, :0042E8B5
, :0042EBFA
, :0042A812
, :0042EAD1
, :0042ED92

setne al
ret

|:0042E851 , :0042EA4C , :0042EFF1 , :0042F0A9
|
:0042E718 83783000
:0042E71C 7505
jne 0042E723
:0042E71E E8C1010000
call 0042E8E4
|:0042E71C(C)
|
:0042E723 C3
ret
|:0042E6EA , :0042E816
|
:0042E724 55
push ebp
:0042E725 8BEC
mov ebp, esp
:0042E727 83C4E8
add esp, FFFFFFE8
:0042E72A 53
push ebx
:0042E72B 8945FC
:0042E72E 6A00
push 00000000
|
:0042E730 E8137AFDFF
Call 00406148
:0042E735 8945F8
:0042E738 33C0
xor eax, eax
:0042E73A 55
push ebp
:0042E73B 68C5E74200
push 0042E7C5
:0042E740 64FF30
:0042E743 648920
:0042E746 8B45FC
:0042E749 8B5844
:0042E74C 8B45FC
:0042E74F 8B4024
:0042E752 50
push eax
:0042E753 8B45FC
:0042E756 8B4028
:0042E759 50
push eax
:0042E75A 8B45F8
:0042E75D 50

push eax

|
:0042E75E E88D76FDFF
Call 00405DF0
:0042E763 8BD0
mov edx, eax
:0042E765 8BC3
mov eax, ebx
:0042E767 E87CB2FEFF
call 004199E8
:0042E76C 8BC3
mov eax, ebx
:0042E76E E8F1A8FEFF
call 00419064
:0042E773 8B4014
:0042E776 33D2
xor edx, edx
:0042E778 E80F60FEFF
call 0041478C
:0042E77D 8BC3
mov eax, ebx
:0042E77F 8B10
:0042E781 FF5220
call [edx+20]
:0042E784 50
push eax
:0042E785 8D45E8
:0042E788 50
push eax
:0042E789 8BC3
mov eax, ebx
:0042E78B 8B10
:0042E78D FF522C
call [edx+2C]
:0042E790 8BC8
mov ecx, eax
:0042E792 33D2
xor edx, edx
:0042E794 33C0
xor eax, eax
:0042E796 E8FDD9FDFF
call 0040C198
:0042E79B 8D45E8
:0042E79E 50
push eax
:0042E79F 8BC3
mov eax, ebx
:0042E7A1 E8BEA8FEFF
call 00419064
:0042E7A6 5A
pop edx
:0042E7A7 E88463FEFF
call 00414B30
:0042E7AC 33C0
xor eax, eax
:0042E7AE 5A
pop edx
:0042E7AF 59
pop ecx
:0042E7B0 59
pop ecx
:0042E7B1 648910
:0042E7B4 68CCE74200
push 0042E7CC
|:0042E7CA(U)
|
:0042E7B9 8B45F8
:0042E7BC 50
push eax
:0042E7BD 6A00
push 00000000
|
:0042E7BF E89C7BFDFF
Call 00406360
:0042E7C4 C3
ret
:0042E7C5
:0042E7CA
:0042E7CC
:0042E7CF
:0042E7D2
:0042E7D4
:0042E7D6
E9AE4AFDFF
EBED
8B45FC
8B4048
85C0
740D
E84544FDFF
jmp 00403278
jmp 0042E7B9
test eax, eax
je 0042E7E3
call 00402C20
:0042E7DB 8B45FC
:0042E7DE 33D2
:0042E7E0 895048

xor edx, edx

|:0042E7D4(C)
|
:0042E7E3 5B
pop ebx
:0042E7E4 8BE5
mov esp, ebp
:0042E7E6 5D
pop ebp
:0042E7E7 C3
ret

|:0042E835 , :0042EFDF , :0042F097
|
:0042E7E8 53
push ebx
:0042E7E9 83C4F8
add esp, FFFFFFF8
:0042E7EC 8BD8
mov ebx, eax
:0042E7EE 8B4328
:0042E7F1 89442404
:0042E7F5 8B4324
:0042E7F8 890424
:0042E7FB 54
push esp
:0042E7FC 8D442408
:0042E800 50
push eax
:0042E801 52
push edx
* Reference To: comctl32.ImageList_GetIconSize, Ord:0000h
|
:0042E802 E8A5C4FEFF
Call 0041ACAC
:0042E807 8B442404
:0042E80B 894328
:0042E80E 8B0424
:0042E811 894324
:0042E814 8BC3
mov eax, ebx
call 0042E724
:0042E81B 59
pop ecx
:0042E81C 5A
pop edx
:0042E81D 5B
pop ebx
:0042E81E C3
ret
:0042E81F 90
nop

|:0042F709
|
:0042E820 53
push ebx
:0042E821 56
push esi
:0042E822 8BF2
mov esi, edx
:0042E824 8BD8
mov ebx, eax
:0042E826 8BC3
mov eax, ebx
:0042E828 E883000000
call 0042E8B0
:0042E82D 85F6
test esi, esi
:0042E82F 7417
je 0042E848
:0042E831 8BD6
mov edx, esi
:0042E833 8BC3
mov eax, ebx
:0042E835 E8AEFFFFFF
call 0042E7E8
:0042E83A
:0042E83D
:0042E83F
:0042E843
897330
8BC3
66BBF0FF
E8AC45FDFF

mov eax, ebx
mov bx, FFF0
call 00402DF4

|:0042E82F(C)
|
:0042E848 5E
pop esi
:0042E849 5B
pop ebx
:0042E84A C3
ret
:0042E84B 90
|:0042A6E7 , :0042E8C6
|:0042EB43 , :0042EBD0
|:0042EFD6 , :0042F002
|:0042F0C7 , :0042F710
|
:0042E84C 53
:0042E84D 8BD8
:0042E84F 8BC3
:0042E851 E8C2FEFFFF
:0042E856 8B4330
:0042E859 5B
:0042E85A C3
:0042E85B 90
nop
Addresses:
, :0042E996
, :0042EC41
, :0042F00F
, :0042E9D6
, :0042ECA7
, :0042F08E
, :0042EADC
, :0042EF74
, :0042F0BA
push ebx
mov ebx, eax
mov eax, ebx
call 0042E718
pop ebx
ret
nop

|:0042EA59 , :0042EA67
|
:0042E85C 53
push ebx
:0042E85D 56
push esi
:0042E85E 57
push edi
:0042E85F 8BF9
mov edi, ecx
:0042E861 8BDA
mov ebx, edx
:0042E863 8BF0
mov esi, eax
:0042E865 8BD3
mov edx, ebx
:0042E867 8BC6
mov eax, esi
:0042E869 E88A080000
call 0042F0F8
:0042E86E 85DB
test ebx, ebx
:0042E870 742F
je 0042E8A1
:0042E872 8BC3
mov eax, ebx
:0042E874 E84FA8FEFF
call 004190C8
:0042E879 3C01
cmp al, 01
:0042E87B 7509
jne 0042E886
:0042E87D 8BC3
mov eax, ebx
:0042E87F 8B10
:0042E881 FF5260
call [edx+60]
:0042E884 EB23
jmp 0042E8A9
|:0042E87B(C)
|
:0042E886 8BD3
mov edx, ebx
:0042E888 8BC7
mov eax, edi
:0042E88A
:0042E88C
:0042E88F
:0042E891
:0042E893
:0042E895
:0042E898
:0042E89A
:0042E89C
:0042E89F
8B08
FF5108
B201
8BC7
8B08
FF5168
8BC7
8B10
FF5260
EB08

call [ecx+08]
mov dl, 01
mov eax, edi
call [ecx+68]
mov eax, edi
call [edx+60]
jmp 0042E8A9

|:0042E870(C)
|
:0042E8A1 8B4644
:0042E8A4 8B10
:0042E8A6 FF5260
call [edx+60]
|:0042E884(U), :0042E89F(U)
|
:0042E8A9 5F
:0042E8AA 5E
:0042E8AB 5B
:0042E8AC C3
:0042E8AD 8D4000
pop edi
pop esi
pop ebx
ret

|:0042E61D , :0042E828 , :0042EF94 , :0042F788
|
:0042E8B0 53
push ebx
:0042E8B1 8BD8
mov ebx, eax
:0042E8B3 8BC3
mov eax, ebx
:0042E8B5 E856FEFFFF
call 0042E710
:0042E8BA 84C0
test al, al
:0042E8BC 7413
je 0042E8D1
:0042E8BE 807B3600
:0042E8C2 750D
jne 0042E8D1
:0042E8C4 8BC3
mov eax, ebx
:0042E8C6 E881FFFFFF
call 0042E84C
:0042E8CB 50
push eax
|
:0042E8CC E83FC3FEFF
Call 0041AC10
|:0042E8BC(C), :0042E8C2(C)
|
:0042E8D1 33C0
:0042E8D3 894330
:0042E8D6 8BC3
:0042E8D8 66BBF0FF
:0042E8DC E81345FDFF
:0042E8E1 5B
:0042E8E2 C3

xor eax, eax
mov eax, ebx
mov bx, FFF0
call 00402DF4
pop ebx
ret
:0042E8E3 90
nop

|:0042E71E
|
:0042E8E4 55
push ebp
:0042E8E5 8BEC
mov ebp, esp
:0042E8E7 6A00
push 00000000
:0042E8E9 53
push ebx
:0042E8EA 56
push esi
:0042E8EB 8BD8
mov ebx, eax
:0042E8ED 33C0
xor eax, eax
:0042E8EF 55
push ebp
:0042E8F0 6873E94200
push 0042E973
:0042E8F5 64FF30
:0042E8F8 648920
:0042E8FB 8B432C
:0042E8FE 50
push eax
:0042E8FF 6A04
push 00000004
:0042E901 33C0
xor eax, eax
:0042E903 8A4335
:0042E906 8B048530274400
:0042E90D 0DFE000000
or eax, 000000FE
:0042E912 50
push eax
:0042E913 8B4324
:0042E916 50
push eax
:0042E917 8B4328
:0042E91A 50
push eax
|
:0042E91B E8E8C2FEFF
Call 0041AC08
:0042E920 8BF0
mov esi, eax
:0042E922 897330
:0042E925 85F6
test esi, esi
:0042E927 7521
jne 0042E94A
:0042E929 8D55FC
:0042E92C A13C2C4400
:0042E931 E8EE64FDFF
call 00404E24
:0042E936 8B4DFC
:0042E939 B201
mov dl, 01
:0042E93B A1F4B44000
:0042E940 E8279FFDFF
call 0040886C
:0042E945 E86649FDFF
call 004032B0
|:0042E927(C)
|
:0042E94A 8B4338
:0042E94D 3DFFFFFF1F
:0042E952 7409
:0042E954 8BD0
:0042E956 8BC3
:0042E958 E82B020000

cmp eax, 1FFFFFFF
je 0042E95D
mov edx, eax
mov eax, ebx
call 0042EB88

|:0042E952(C)
|
:0042E95D 33C0
xor eax, eax
:0042E95F 5A
pop edx
:0042E960 59
:0042E961 59
:0042E962 648910
pop ecx
pop ecx

|
:0042E965 687AE94200
push 0042E97A
|:0042E978(U)
|
:0042E96A 8D45FC
:0042E96D E8464EFDFF
:0042E972 C3
:0042E973
:0042E978
:0042E97A
:0042E97B
:0042E97C
:0042E97D
:0042E97E
jmp
jmp
pop
pop
pop
pop
ret
E90049FDFF
EBF0
5E
5B
59
5D
C3
:0042E97F 90

call 004037B8
ret
00403278
0042E96A
esi
ebx
ecx
ebp
nop

|:0042F9F4
|
:0042E980 53
push ebx
:0042E981 83C4E0
add esp, FFFFFFE0
:0042E984 8BD8
mov ebx, eax
:0042E986 8BC3
mov eax, ebx
:0042E988 E83F010000
call 0042EACC
:0042E98D 85C0
test eax, eax
:0042E98F 7E23
jle 0042E9B4
:0042E991 54
push esp
:0042E992 6A00
push 00000000
:0042E994 8BC3
mov eax, ebx
:0042E996 E8B1FEFFFF
call 0042E84C
:0042E99B 50
push eax
|
:0042E99C E81BC3FEFF
Call 0041ACBC
:0042E9A1 85C0
test eax, eax
:0042E9A3 740F
je 0042E9B4
:0042E9A5 8B1C24
mov ebx, dword ptr [esp]
:0042E9A8 8B442404
:0042E9AC 50
push eax
|
:0042E9AD E89E74FDFF
Call 00405E50
:0042E9B2 EB02
jmp 0042E9B6
|:0042E98F(C), :0042E9A3(C)
|
:0042E9B4 33DB
xor ebx, ebx

|:0042E9B2(U)
|
:0042E9B6 8BC3
mov eax, ebx
:0042E9B8 83C420
add esp, 00000020
:0042E9BB 5B
pop ebx
:0042E9BC C3
ret
:0042E9BD 8D4000

|:0042FA0E
|
:0042E9C0 53
push ebx
:0042E9C1 83C4E0
add esp, FFFFFFE0
:0042E9C4 8BD8
mov ebx, eax
:0042E9C6 8BC3
mov eax, ebx
:0042E9C8 E8FF000000
call 0042EACC
:0042E9CD 85C0
test eax, eax
:0042E9CF 7E23
jle 0042E9F4
:0042E9D1 54
push esp
:0042E9D2 6A00
push 00000000
:0042E9D4 8BC3
mov eax, ebx
:0042E9D6 E871FEFFFF
call 0042E84C
:0042E9DB 50
push eax
|
:0042E9DC E8DBC2FEFF
Call 0041ACBC
:0042E9E1 85C0
test eax, eax
:0042E9E3 740F
je 0042E9F4
:0042E9E5 8B5C2404
:0042E9E9 8B0424
:0042E9EC 50
push eax
|
:0042E9ED E85E74FDFF
Call 00405E50
:0042E9F2 EB02
jmp 0042E9F6
|:0042E9CF(C), :0042E9E3(C)
|
:0042E9F4 33DB
xor ebx, ebx
|:0042E9F2(U)
|
:0042E9F6 8BC3
mov eax, ebx
:0042E9F8 83C420
add esp, 00000020
:0042E9FB 5B
pop ebx
:0042E9FC C3
ret
:0042E9FD 8D4000
|:0042EEFF , :0042F62F
|
:0042EA00 55
:0042EA01 8BEC
:0042EA03 83C4F0
:0042EA06 53
:0042EA07 56
:0042EA08 8BF1
:0042EA0A 8BDA
:0042EA0C 8945FC
:0042EA0F B201
:0042EA11 A10C314100
:0042EA16 E811A1FEFF
:0042EA1B 8945F4
:0042EA1E 33C0
:0042EA20 55
:0042EA21 68AFEA4200
:0042EA26 64FF30
:0042EA29 648920
:0042EA2C B201
:0042EA2E A10C314100
:0042EA33 E8F4A0FEFF
:0042EA38 8945F0
:0042EA3B 33C0
:0042EA3D 55
:0042EA3E 6892EA4200
:0042EA43 64FF30
:0042EA46 648920
:0042EA49 8B45FC
:0042EA4C E8C7FCFFFF
:0042EA51 8B4DF0
:0042EA54 8BD6
:0042EA56 8B45FC
:0042EA59 E8FEFDFFFF
:0042EA5E 50
:0042EA5F 8B4DF4
:0042EA62 8BD3
:0042EA64 8B45FC
:0042EA67 E8F0FDFFFF
:0042EA6C 50
:0042EA6D 8B45FC
:0042EA70 8B4030
:0042EA73 50
push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
mov esi, ecx
mov ebx, edx
mov dl, 01
call 00418B2C
xor eax, eax
push ebp
push 0042EAAF
mov dl, 01
call 00418B2C
xor eax, eax
push ebp
push 0042EA92
call 0042E718
mov edx, esi
call 0042E85C
push eax
mov edx, ebx
call 0042E85C
push eax
push eax
* Reference To: comctl32.ImageList_Add, Ord:0000h

|
:0042EA74 E8A7C1FEFF
Call 0041AC20
:0042EA79 8945F8
:0042EA7C 33C0
xor eax, eax
:0042EA7E 5A
pop edx
:0042EA7F 59
pop ecx
:0042EA80 59
pop ecx
:0042EA81 648910
:0042EA84 6899EA4200
push 0042EA99
|:0042EA97(U)
|
:0042EA89 8B45F0
:0042EA8C E88F41FDFF
call 00402C20
:0042EA91 C3
ret
:0042EA92
:0042EA97
:0042EA99
:0042EA9B
:0042EA9C
:0042EA9D
:0042EA9E
:0042EAA1
jmp 00403278
jmp 0042EA89
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042EAB6
E9E147FDFF
EBF0
33C0
5A
59
59
648910
68B6EA4200
|:0042EAB4(U)
|
:0042EAA6 8B45F4
:0042EAA9 E87241FDFF
:0042EAAE C3
:0042EAAF
:0042EAB4
:0042EAB6
:0042EAB9
:0042EABD
:0042EAC2
:0042EAC5
:0042EAC6
:0042EAC7
:0042EAC9
:0042EACA
jmp 00403278
jmp 0042EAA6
mov bx, FFF0
call 00402DF4
pop esi
pop ebx
mov esp, ebp
pop ebp
ret
E9C447FDFF
EBF0
8B45FC
66BBF0FF
E83243FDFF
8B45F8
5E
5B
8BE5
5D
C3
:0042EACB 90
|:0042E988 , :0042E9C8
|:0042F2B4 , :0042F2BF
|:0042F8D0 , :0042F8E0
|
:0042EACC 53
:0042EACD 8BD8
:0042EACF 8BC3
:0042EAD1 E83AFCFFFF
:0042EAD6 84C0
:0042EAD8 740F
:0042EADA 8BC3
:0042EADC E86BFDFFFF
:0042EAE1 50

call 00402C20
ret
nop
Addresses:
, :0042EB0B
, :0042F3C1
, :0042FA2B
, :0042F297
, :0042F8A6
, :00431802
, :0042F2A0
, :0042F8B5
, :0043191B
push ebx
mov ebx, eax
mov eax, ebx
call 0042E710
test al, al
je 0042EAE9
mov eax, ebx
call 0042E84C
push eax

|
:0042EAE2 E831C1FEFF
Call 0041AC18
:0042EAE7 5B
pop ebx
:0042EAE8 C3
ret

|:0042EAD8(C)
|
:0042EAE9 33C0
:0042EAEB 5B
:0042EAEC C3
xor eax, eax

pop ebx
ret
:0042EAED 8D4000

|:0042EB7F
|
:0042EAF0 55
push ebp
:0042EAF1 8BEC
mov ebp, esp
:0042EAF3 6A00
push 00000000
:0042EAF5 53
push ebx
:0042EAF6 56
push esi
:0042EAF7 8BF2
mov esi, edx
:0042EAF9 8BD8
mov ebx, eax
:0042EAFB 33C0
xor eax, eax
:0042EAFD 55
push ebp
:0042EAFE 686FEB4200
push 0042EB6F
:0042EB03 64FF30
:0042EB06 648920
:0042EB09 8BC3
mov eax, ebx
:0042EB0B E8BCFFFFFF
call 0042EACC
:0042EB10 3BF0
cmp esi, eax
:0042EB12 7C21
jl 0042EB35
:0042EB14 8D55FC
:0042EB17 A1F02A4400
:0042EB1C E80363FDFF
call 00404E24
:0042EB21 8B4DFC
:0042EB24 B201
mov dl, 01
:0042EB26 A1F4B44000
:0042EB2B E83C9DFDFF
call 0040886C
:0042EB30 E87B47FDFF
call 004032B0
|:0042EB12(C)
|
:0042EB35 8BC3
:0042EB37 E8D4FBFFFF
:0042EB3C 84C0
:0042EB3E 740E
:0042EB40 56
:0042EB41 8BC3
:0042EB43 E804FDFFFF
:0042EB48 50

mov eax, ebx
call 0042E710
test al, al
je 0042EB4E
push esi
mov eax, ebx
call 0042E84C
push eax
* Reference To: comctl32.ImageList_Remove, Ord:0000h

|
:0042EB49 E80EC1FEFF
Call 0041AC5C
|:0042EB3E(C)
|
:0042EB4E 8BC3
:0042EB50 66BBF0FF
:0042EB54 E89B42FDFF
:0042EB59 33C0
:0042EB5B 5A

mov eax, ebx
mov bx, FFF0
call 00402DF4
xor eax, eax
pop edx
:0042EB5C 59
:0042EB5D 59
:0042EB5E 648910
pop ecx
pop ecx

|
:0042EB61 6876EB4200
push 0042EB76
|:0042EB74(U)
|
:0042EB66 8D45FC
:0042EB69 E84A4CFDFF
:0042EB6E C3
:0042EB6F
:0042EB74
:0042EB76
:0042EB77
:0042EB78
:0042EB79
:0042EB7A
jmp
jmp
pop
pop
pop
pop
ret
E90447FDFF
EBF0
5E
5B
59
5D
C3
:0042EB7B 90

call 004037B8
ret
00403278
0042EB66
esi
ebx
ecx
ebp
nop

|:0042EFB3 , :0042F087
|
:0042EB7C 83CAFF
or edx, FFFFFFFF
:0042EB7F E86CFFFFFF
call 0042EAF0
:0042EB84 C3
ret
:0042EB85 8D4000

|:0042E958 , :0042F023 , :0042F0DB
|
:0042EB88 53
push ebx
:0042EB89 56
push esi
:0042EB8A 8BF2
mov esi, edx
:0042EB8C 8BD8
mov ebx, eax
:0042EB8E 8BC3
mov eax, ebx
:0042EB90 E87BFBFFFF
call 0042E710
:0042EB95 84C0
test al, al
:0042EB97 7413
je 0042EBAC
:0042EB99 8BC6
mov eax, esi
:0042EB9B E8C0F9FFFF
call 0042E560
:0042EBA0 50
push eax
:0042EBA1 8B4330
:0042EBA4 50
push eax
* Reference To: comctl32.ImageList_SetBkColor, Ord:0000h
|
:0042EBA5 E886C0FEFF
Call 0041AC30
:0042EBAA EB03
jmp 0042EBAF
|:0042EB97(C)
|
:0042EBAC 897338
|:0042EBAA(U)
|
:0042EBAF 8BC3
:0042EBB1 66BBF0FF
:0042EBB5 E83A42FDFF
:0042EBBA 5E
:0042EBBB 5B
:0042EBBC C3
:0042EBBD 8D4000
mov eax, ebx

mov bx, FFF0
call 00402DF4
pop esi
pop ebx
ret

|:0042EC1C
|
:0042EBC0 53
push ebx
:0042EBC1 8BD8
mov ebx, eax
:0042EBC3 8BC3
mov eax, ebx
:0042EBC5 E846FBFFFF
call 0042E710
:0042EBCA 84C0
test al, al
:0042EBCC 7414
je 0042EBE2
:0042EBCE 8BC3
mov eax, ebx
:0042EBD0 E877FCFFFF
call 0042E84C
:0042EBD5 50
push eax
|
:0042EBD6 E85DC0FEFF
Call 0041AC38
:0042EBDB E8A0F9FFFF
call 0042E580
:0042EBE0 5B
pop ebx
:0042EBE1 C3
ret

|:0042EBCC(C)
|
:0042EBE2 8B4338
:0042EBE5 5B
pop ebx
:0042EBE6 C3
ret
:0042EBE7
:0042EBE8
:0042EBE9
:0042EBEB
:0042EBEE
:0042EBEF
:0042EBF0
:0042EBF1
:0042EBF3
:0042EBF6
:0042EBF8
:0042EBFA
:0042EBFF
90
55
8BEC
83C4E8
53
56
57
8BF9
8955FC
8BD8
8BC3
E811FBFFFF
84C0
nop
push ebp
mov ebp, esp
add esp, FFFFFFE8
push ebx
push esi
push edi
mov edi, ecx
mov ebx, eax
mov eax, ebx
call 0042E710
test al, al
:0042EC01
:0042EC07
:0042EC0B
:0042EC0D
:0042EC10
:0042EC11
:0042EC14
:0042EC19
:0042EC1A
:0042EC1C
:0042EC21
:0042EC26
:0042EC27
:0042EC29
:0042EC2B
:0042EC2E
:0042EC2F
:0042EC32
:0042EC33
:0042EC35
:0042EC3A
:0042EC3B
:0042EC3E
:0042EC3F
:0042EC41
:0042EC46
0F8471010000
807D0800
7444
8B450C
50
8B433C
E847F9FFFF
50
8BC3
E89FFFFFFF
E83AF9FFFF
50
6A00
6A00
8B4510
50
8B4514
50
8BC7
E82662FEFF
50
8B45FC
50
8BC3
E806FCFFFF
50
je 0042ED78
je 0042EC51
push eax
call 0042E560
push eax
mov eax, ebx
call 0042EBC0
call 0042E560
push eax
push 00000000
push 00000000
push eax
push eax
mov eax, edi
call 00414E60
push eax
push eax
mov eax, ebx
call 0042E84C
push eax

|
:0042EC47 E808C0FEFF
Call 0041AC54
:0042EC4C E927010000
jmp 0042ED78
|:0042EC0B(C)
|
:0042EC51 837B4800
:0042EC55 752E
:0042EC57 B201
:0042EC59 A10C314100
:0042EC5E E8C99EFEFF
:0042EC63 8BF0
:0042EC65 897348
:0042EC68 B201
:0042EC6A 8BC6
:0042EC6C E8BFAFFEFF
:0042EC71 8B5328
:0042EC74 8BC6
:0042EC76 8B08
:0042EC78 FF5140
:0042EC7B 8B5324
:0042EC7E 8BC6
:0042EC80 8B08
:0042EC82 FF5134

jne 0042EC85
mov dl, 01
call 00418B2C
mov esi, eax
mov dl, 01
mov eax, esi
call 00419C30
mov eax, esi
call [ecx+40]
mov eax, esi
call [ecx+34]

|:0042EC55(C)
|
:0042EC85 6A10
push 00000010
:0042EC87 6A00
push 00000000
:0042EC89 6A00
push 00000000
:0042EC8B
:0042EC8D
:0042EC8F
:0042EC91
:0042EC93
:0042EC96
:0042EC9B
:0042ECA0
:0042ECA1
:0042ECA4
:0042ECA5
:0042ECA7
:0042ECAC
6A00
6A00
6A00
6A00
8B4348
E8C9A3FEFF
E8C061FEFF
50
8B45FC
50
8BC3
E8A0FBFFFF
50
push 00000000
push 00000000
push 00000000
push 00000000
call 00419064
call 00414E60
push eax
push eax
mov eax, ebx
call 0042E84C
push eax

|
:0042ECAD E8A2BFFEFF
Call 0041AC54
:0042ECB2 8B4510
:0042ECB5 034324
add eax, dword ptr [ebx+24]
:0042ECB8 50
push eax
:0042ECB9 8D45E8
:0042ECBC 50
push eax
:0042ECBD 8B4D14
:0042ECC0 034B28
:0042ECC3 8B5510
:0042ECC6 8B4514
:0042ECC9 E8CAD4FDFF
call 0040C198
:0042ECCE 8B4348
:0042ECD1 E88EA3FEFF
call 00419064
:0042ECD6 E88561FEFF
call 00414E60
:0042ECDB 8945F8
:0042ECDE 8B4714
:0042ECE1 BA14000080
mov edx, 80000014
:0042ECE6 E8A15AFEFF
call 0041478C
:0042ECEB 8BC7
mov eax, edi
:0042ECED E86E61FEFF
call 00414E60
:0042ECF2 8BF0
mov esi, eax
:0042ECF4 68FFFFFF00
push 00FFFFFF
:0042ECF9 56
push esi
|
:0042ECFA E8B972FDFF
Call 00405FB8
:0042ECFF 6A00
push 00000000
:0042ED01 56
push esi
|
:0042ED02 E87172FDFF
Call 00405F78
:0042ED07 684607E200
push 00E20746
:0042ED0C 6A00
push 00000000
:0042ED0E 6A00
push 00000000
:0042ED10 8B45F8
mov eax, dword
:0042ED13 50
push eax
:0042ED14 8B4324
mov eax, dword
:0042ED17 50
push eax
:0042ED18 8B4328
mov eax, dword
:0042ED1B 50
push eax
:0042ED1C 8B4510
mov eax, dword
:0042ED1F 40
inc eax
ptr [ebp-08]
ptr [ebx+24]
ptr [ebx+28]
ptr [ebp+10]
:0042ED20
:0042ED21
:0042ED24
:0042ED25
:0042ED26
50
8B4514
40
50
56
push eax
inc eax
push eax
push esi

|
:0042ED27 E8A470FDFF
Call 00405DD0
:0042ED2C 8B4714
:0042ED2F BA10000080
mov edx, 80000010
:0042ED34 E8535AFEFF
call 0041478C
:0042ED39 8BC7
mov eax, edi
:0042ED3B E82061FEFF
call 00414E60
:0042ED40 8BF0
mov esi, eax
:0042ED42 68FFFFFF00
push 00FFFFFF
:0042ED47 56
push esi
|
:0042ED48 E86B72FDFF
Call 00405FB8
:0042ED4D 6A00
push 00000000
:0042ED4F 56
push esi
|
:0042ED50 E82372FDFF
Call 00405F78
:0042ED55 684607E200
push 00E20746
:0042ED5A 6A00
push 00000000
:0042ED5C 6A00
push 00000000
:0042ED5E 8B45F8
mov eax, dword
:0042ED61 50
push eax
:0042ED62 8B4324
mov eax, dword
:0042ED65 50
push eax
:0042ED66 8B4328
mov eax, dword
:0042ED69 50
push eax
:0042ED6A 8B4510
mov eax, dword
:0042ED6D 50
push eax
:0042ED6E 8B4514
mov eax, dword
:0042ED71 50
push eax
:0042ED72 56
push esi
ptr [ebp-08]
ptr [ebx+24]
ptr [ebx+28]
ptr [ebp+10]
ptr [ebp+14]

|
:0042ED73 E85870FDFF
Call 00405DD0
|:0042EC01(C), :0042EC4C(U)
|
:0042ED78 5F
:0042ED79 5E
:0042ED7A 5B
:0042ED7B 8BE5
:0042ED7D 5D
:0042ED7E C21000
:0042ED81 8D4000
pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp
0010
|:0043193E
|
:0042ED84 55
:0042ED85 8BEC
:0042ED87 53
:0042ED88 56
:0042ED89 57
:0042ED8A 8BF9
:0042ED8C 8BF2
:0042ED8E 8BD8
:0042ED90 8BC3
:0042ED92 E879F9FFFF
:0042ED97 84C0
:0042ED99 742E
:0042ED9B 57
:0042ED9C 8B4510
:0042ED9F 50
:0042EDA0 33C0
:0042EDA2 8A4334
:0042EDA5 8B048538274400
:0042EDAC 33D2
:0042EDAE 8A5337
:0042EDB1 0B049548274400
:0042EDB8 50
:0042EDB9 8A4508
:0042EDBC 50
:0042EDBD 8BCE
:0042EDBF 8B550C
:0042EDC2 8BC3
:0042EDC4 8B18
:0042EDC6 FF5330
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov eax, ebx
call 0042E710
test al, al
je 0042EDC9
push edi
push eax
xor eax, eax
xor edx, edx
push eax
push eax
mov ecx, esi
mov eax, ebx
call [ebx+30]

|:0042ED99(C)
|
:0042EDC9 5F
pop edi
:0042EDCA 5E
pop esi
:0042EDCB 5B
pop ebx
:0042EDCC 5D
pop ebp
:0042EDCD C20C00
ret 000C

|:0042EF7D
|
:0042EDD0 55
push ebp
:0042EDD1 8BEC
mov ebp, esp
:0042EDD3 83C4E0
add esp, FFFFFFE0
:0042EDD6 53
push ebx
:0042EDD7 56
push esi
:0042EDD8 57
push edi
:0042EDD9 8955F8
:0042EDDC 8945FC
:0042EDDF 8B45FC
:0042EDE2 8B4024
:0042EDE5 50
push eax
:0042EDE6 8D45E0
:0042EDE9 50
push eax
:0042EDEA 8B45FC
:0042EDED
:0042EDF0
:0042EDF2
:0042EDF4
:0042EDF9
:0042EDFC
:0042EE01
:0042EE03
:0042EE04
:0042EE09
:0042EE0C
:0042EE0F
:0042EE11
:0042EE16
:0042EE1B
:0042EE1E
:0042EE20
:0042EE21
:0042EE26
:0042EE29
:0042EE2C
:0042EE2F
:0042EE32
:0042EE35
:0042EE37
:0042EE3A
:0042EE3D
:0042EE40
:0042EE43
:0042EE45
:0042EE48
:0042EE4A
:0042EE4F
:0042EE54
:0042EE57
:0042EE59
:0042EE5A
:0042EE5F
:0042EE62
:0042EE65
:0042EE67
:0042EE6A
:0042EE6F
:0042EE72
:0042EE75
:0042EE78
:0042EE7A
:0042EE7D
:0042EE80
:0042EE83
:0042EE86
:0042EE88
:0042EE8B
:0042EE8E
8B4828
33D2
33C0
E89FD3FDFF
8B45FC
E8970C0000
33C0
55
6858EF4200
64FF30
648920
B201
A10C314100
E8119DFEFF
8945F4
33C0
55
683BEF4200
64FF30
648920
8B45FC
8B5024
8B45F4
8B08
FF5134
8B45FC
8B5028
8B45F4
8B08
FF5140
B201
A10C314100
E8D89CFEFF
8945F0
33C0
55
681EEF4200
64FF30
648920
B201
8B45F0
E8C1ADFEFF
8B45FC
8B5024
8B45F0
8B08
FF5134
8B45FC
8B5028
8B45F0
8B08
FF5140
8B45F8
50

xor edx, edx
xor eax, eax
call 0040C198
call 0042FA98
xor eax, eax
push ebp
push 0042EF58
mov dl, 01
call 00418B2C
xor eax, eax
push ebp
push 0042EF3B
call [ecx+34]
call [ecx+40]
mov dl, 01
call 00418B2C
xor eax, eax
push ebp
push 0042EF1E
mov dl, 01
call 00419C30
call [ecx+34]
call [ecx+40]
push eax

|
:0042EE8F E884BDFEFF
Call 0041AC18
:0042EE94 8BF0
mov esi, eax
:0042EE96 4E
dec esi
:0042EE97
:0042EE99
:0042EE9B
:0042EE9C
85F6
7C6D
46
33DB
|:0042EF06(C)
|
:0042EE9E 8B45F4
:0042EEA1 E8BEA1FEFF
:0042EEA6 8BF8
:0042EEA8 8D55E0
:0042EEAB 8BC7
:0042EEAD E87E5CFEFF
:0042EEB2 6A00
:0042EEB4 6A00
:0042EEB6 6A00
:0042EEB8 8BC7
:0042EEBA E8A15FFEFF
:0042EEBF 50
:0042EEC0 53
:0042EEC1 8B45F8
:0042EEC4 50
test esi, esi

jl 0042EF08
inc esi
xor ebx, ebx
call 00419064
mov edi, eax
mov eax, edi
call 00414B30
push 00000000
push 00000000
push 00000000
mov eax, edi
call 00414E60
push eax
push ebx
push eax

|
:0042EEC5 E882BDFEFF
Call 0041AC4C
:0042EECA 8B45F0
:0042EECD E892A1FEFF
call 00419064
:0042EED2 8BF8
mov edi, eax
:0042EED4 8D55E0
:0042EED7 8BC7
mov eax, edi
:0042EED9 E8525CFEFF
call 00414B30
:0042EEDE 6A10
push 00000010
:0042EEE0 6A00
push 00000000
:0042EEE2 6A00
push 00000000
:0042EEE4 8BC7
mov eax, edi
:0042EEE6 E8755FFEFF
call 00414E60
:0042EEEB 50
push eax
:0042EEEC 53
push ebx
:0042EEED 8B45F8
:0042EEF0 50
push eax
|
:0042EEF1 E856BDFEFF
Call 0041AC4C
:0042EEF6 8B4DF0
:0042EEF9 8B55F4
:0042EEFC 8B45FC
:0042EEFF E8FCFAFFFF
call 0042EA00
:0042EF04 43
inc ebx
:0042EF05 4E
dec esi
:0042EF06 7596
jne 0042EE9E
|:0042EE99(C)
|
:0042EF08 33C0
xor eax, eax
:0042EF0A 5A
pop edx
:0042EF0B 59
pop ecx
:0042EF0C 59
:0042EF0D 648910
:0042EF10 6825EF4200
pop ecx
push 0042EF25
|:0042EF23(U)
|
:0042EF15 8B45F0
:0042EF18 E8033DFDFF
:0042EF1D C3
:0042EF1E
:0042EF23
:0042EF25
:0042EF27
:0042EF28
:0042EF29
:0042EF2A
:0042EF2D
jmp 00403278
jmp 0042EF15
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042EF42
E95543FDFF
EBF0
33C0
5A
59
59
648910
6842EF4200

call 00402C20
ret
|:0042EF40(U)
|
:0042EF32 8B45F4
:0042EF35 E8E63CFDFF
:0042EF3A C3
:0042EF3B
:0042EF40
:0042EF42
:0042EF44
:0042EF45
:0042EF46
:0042EF47
jmp
jmp
xor
pop
pop
pop
mov
E93843FDFF
EBF0
33C0
5A
59
59
648910

call 00402C20
ret
00403278
0042EF32
eax, eax
edx
ecx
ecx

|
:0042EF4A 685FEF4200
push 0042EF5F
|:0042EF5D(U)
|
:0042EF4F 8B45FC
:0042EF52 E8450B0000
:0042EF57 C3
:0042EF58
:0042EF5D
:0042EF5F
:0042EF60
:0042EF61
:0042EF62
:0042EF64
:0042EF65
jmp
jmp
pop
pop
pop
mov
pop
ret
E91B43FDFF
EBF0
5F
5E
5B
8BE5
5D
C3
:0042EF66 8BC0

call 0042FA9C
ret
00403278
0042EF4F
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:0042F032 , :0042F0E4
|
:0042EF68 53
push ebx
:0042EF69 56
push esi
:0042EF6A 8BF2
mov esi, edx
:0042EF6C 8BD8
mov ebx, eax
:0042EF6E 85F6
test esi, esi
:0042EF70 7410
je 0042EF82
:0042EF72 8BC6
mov eax, esi
:0042EF74 E8D3F8FFFF
call 0042E84C
:0042EF79 8BD0
mov edx, eax
:0042EF7B 8BC3
mov eax, ebx
:0042EF7D E84EFEFFFF
call 0042EDD0
|:0042EF70(C)
|
:0042EF82 5E
pop esi
:0042EF83 5B
pop ebx
:0042EF84 C3
ret
:0042EF85
:0042EF88
:0042EF89
:0042EF8A
:0042EF8C
:0042EF8E
:0042EF90
:0042EF92
:0042EF94
:0042EF99
:0042EF9A
:0042EF9B
8D4000
53
56
8BF2
8BD8
85F6
750A
8BC3
E817F9FFFF
5E
5B
C3
|:0042EF90(C)
|
:0042EF9C 8BC6
:0042EF9E 8B1590E44200
:0042EFA4 E8E73DFDFF
:0042EFA9 84C0
:0042EFAB 0F8488000000
:0042EFB1 8BC3
:0042EFB3 E8C4FBFFFF
:0042EFB8 8A4635
:0042EFBB 884335
:0042EFBE 8A4637
:0042EFC1 884337
:0042EFC4 8A5634
:0042EFC7 8BC3
:0042EFC9 E8A2010000
:0042EFCE 8A4636
:0042EFD1 884336
:0042EFD4 8BC6
:0042EFD6 E871F8FFFF

push ebx
push esi
mov esi, edx
mov ebx, eax
test esi, esi
jne 0042EF9C
mov eax, ebx
call 0042E8B0
pop esi
pop ebx
ret

mov eax, esi
call 00402D90
test al, al
je 0042F039
mov eax, ebx
call 0042EB7C
mov eax, ebx
call 0042F170
mov eax, esi
call 0042E84C
:0042EFDB
:0042EFDD
:0042EFDF
:0042EFE4
:0042EFE6
:0042EFEB
:0042EFED
:0042EFEF
:0042EFF1
:0042EFF6
8BD0
8BC3
E804F8FFFF
8BC3
E825F7FFFF
84C0
7509
8BC3
E822F7FFFF
EB15
|:0042EFED(C)
|
:0042EFF8 8B4324
:0042EFFB 50
:0042EFFC 8B4328
:0042EFFF 50
:0042F000 8BC3
:0042F002 E845F8FFFF
:0042F007 50
mov edx, eax

mov eax, ebx
call 0042E7E8
mov eax, ebx
call 0042E710
test al, al
jne 0042EFF8
mov eax, ebx
call 0042E718
jmp 0042F00D
push eax
push eax
mov eax, ebx
call 0042E84C
push eax

|
:0042F008 E8A7BCFEFF
Call 0041ACB4
|:0042EFF6(U)
|
:0042F00D 8BC6
:0042F00F E838F8FFFF
:0042F014 50

mov eax, esi
call 0042E84C
push eax

|
:0042F015 E81EBCFEFF
Call 0041AC38
:0042F01A E861F5FFFF
call 0042E580
:0042F01F 8BD0
mov edx, eax
:0042F021 8BC3
mov eax, ebx
:0042F023 E860FBFFFF
call 0042EB88
:0042F028 8B463C
:0042F02B 89433C
:0042F02E 8BD6
mov edx, esi
:0042F030 8BC3
mov eax, ebx
:0042F032 E831FFFFFF
call 0042EF68
:0042F037 EB09
jmp 0042F042
|:0042EFAB(C)
|
:0042F039 8BD6
:0042F03B 8BC3
:0042F03D E8C6E1FDFF

mov edx, esi
mov eax, ebx
call 0040D208

|:0042F037(U)
|
:0042F042 5E
pop esi
:0042F043 5B
pop ebx
:0042F044 C3
ret
:0042F045
:0042F048
:0042F049
:0042F04A
:0042F04C
:0042F04E
:0042F050
:0042F056
:0042F05B
:0042F05D
:0042F063
:0042F066
:0042F069
:0042F06C
:0042F06F
:0042F072
:0042F074
:0042F079
:0042F07C
:0042F07F
:0042F082
:0042F085
:0042F087
:0042F08C
:0042F08E
:0042F093
:0042F095
:0042F097
:0042F09C
:0042F09E
:0042F0A3
:0042F0A5
:0042F0A7
:0042F0A9
:0042F0AE
8D4000
53
56
8BDA
8BF0
8BC3
8B1590E44200
E8353DFDFF
84C0
0F8489000000
8A4635
884335
8A4637
884337
8A5634
8BC3
E8F7000000
8A4636
884336
8B463C
89433C
8BC3
E8F0FAFFFF
8BC6
E8B9F7FFFF
8BD0
8BC3
E84CF7FFFF
8BC3
E86DF6FFFF
84C0
7509
8BC3
E86AF6FFFF
EB15
|:0042F0A5(C)
|
:0042F0B0 8B4324
:0042F0B3 50
:0042F0B4 8B4328
:0042F0B7 50
:0042F0B8 8BC3
:0042F0BA E88DF7FFFF
:0042F0BF 50

push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, ebx
call 00402D90
test al, al
je 0042F0EC
mov eax, ebx
call 0042F170
mov eax, ebx
call 0042EB7C
mov eax, esi
call 0042E84C
mov edx, eax
mov eax, ebx
call 0042E7E8
mov eax, ebx
call 0042E710
test al, al
jne 0042F0B0
mov eax, ebx
call 0042E718
jmp 0042F0C5
push eax
push eax
mov eax, ebx
call 0042E84C
push eax

|
:0042F0C0 E8EFBBFEFF
Call 0041ACB4
|:0042F0AE(U)
|
:0042F0C5 8BC6
:0042F0CC 50

mov eax, esi
call 0042E84C
push eax

|
:0042F0CD E866BBFEFF
Call 0041AC38
:0042F0D2 E8A9F4FFFF
call 0042E580
:0042F0D7 8BD0
mov edx, eax
:0042F0D9 8BC3
mov eax, ebx
:0042F0DB E8A8FAFFFF
call 0042EB88
:0042F0E0 8BD6
mov edx, esi
:0042F0E2 8BC3
mov eax, ebx
:0042F0E4 E87FFEFFFF
call 0042EF68
:0042F0E9 5E
pop esi
:0042F0EA 5B
pop ebx
:0042F0EB C3
ret
|:0042F05D(C)
|
:0042F0EC 8BD3
:0042F0EE 8BC6
:0042F0F0 E817E2FDFF
:0042F0F5 5E
:0042F0F6 5B
:0042F0F7 C3

mov edx, ebx
mov eax, esi
call 0040D30C
pop esi
pop ebx
ret

|:0042E869
|
:0042F0F8 55
push ebp
:0042F0F9 8BEC
mov ebp, esp
:0042F0FB 6A00
push 00000000
:0042F0FD 53
push ebx
:0042F0FE 56
push esi
:0042F0FF 8BF2
mov esi, edx
:0042F101 8BD8
mov ebx, eax
:0042F103 33C0
xor eax, eax
:0042F105 55
push ebp
:0042F106 6864F14200
push 0042F164
:0042F10B 64FF30
:0042F10E 648920
:0042F111 85F6
test esi, esi
:0042F113 7439
je 0042F14E
:0042F115 8BC6
mov eax, esi
:0042F117 8B10
:0042F119 FF5220
call [edx+20]
:0042F11C 3B4324
:0042F11F 7C0C
jl 0042F12D
:0042F121 8BC6
mov eax, esi
:0042F123 8B10
:0042F125 FF522C
call [edx+2C]
:0042F128 3B4328
:0042F12B 7D21
jge 0042F14E
|:0042F11F(C)
|
:0042F12D 8D55FC
:0042F130
:0042F135
:0042F13A
:0042F13D
:0042F13F
:0042F144
:0042F149
A1E42A4400
E8EA5CFDFF
8B4DFC
B201
A1F4B44000
E82397FDFF
E86241FDFF
|:0042F113(C), :0042F12B(C)
|
:0042F14E 33C0
:0042F150 5A
:0042F151 59
:0042F152 59
:0042F153 648910

call 00404E24
mov dl, 01
call 0040886C
call 004032B0
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0042F156 686BF14200
push 0042F16B
|:0042F169(U)
|
:0042F15B 8D45FC
:0042F15E E85546FDFF
:0042F163 C3
:0042F164
:0042F169
:0042F16B
:0042F16C
:0042F16D
:0042F16E
:0042F16F
jmp
jmp
pop
pop
pop
pop
ret
E90F41FDFF
EBF0
5E
5B
59
5D
C3

call 004037B8
ret
00403278
0042F15B
esi
ebx
ecx
ebp

|:0042E6C2 , :0042EFC9 , :0042F074
|
:0042F170 53
push ebx
:0042F171 56
push esi
:0042F172 8BF0
mov esi, eax
:0042F174 3A5634
:0042F177 740E
je 0042F187
:0042F179 885634
:0042F17C 8BC6
mov eax, esi
:0042F17E 66BBF0FF
mov bx, FFF0
:0042F182 E86D3CFDFF
call 00402DF4
|:0042F177(C)
|
:0042F187 5E
pop esi
:0042F188 5B
pop ebx
:0042F189 C3
ret
:0042F18A
:0042F18C
:0042F18D
:0042F18F
:0042F191
:0042F193
:0042F195
:0042F19A
:0042F19B
8BC0
53
8BDA
8BCB
33D2
33C0
E8E6CFFDFF
5B
C3
mov eax, eax

push ebx
mov ebx, edx
mov ecx, ebx
xor edx, edx
xor eax, eax
call 0040C180
pop ebx
ret
:0042F19C
:0042F19D
:0042F19E
:0042F19F
:0042F1A0
:0042F1A2
:0042F1A6
:0042F1AA
:0042F1AC
:0042F1AF
:0042F1B1
:0042F1B3
:0042F1B6
:0042F1B7
:0042F1B9
:0042F1BB
:0042F1BC
53
56
57
55
8BF0
C6464C01
837E5000
7F38
8B4640
85C0
7422
8B7808
4F
85FF
7C1A
47
33ED
push ebx
push esi
push edi
push ebp
mov esi, eax
mov [esi+4C], 01
jg 0042F1E4
test eax, eax
je 0042F1D5
dec edi
test edi, edi
jl 0042F1D5
inc edi
xor ebp, ebp
|:0042F1D3(C)
|
:0042F1BE 8BD5
:0042F1C0 8B4640
:0042F1C3 E8B0D9FDFF
:0042F1C8 66BBFFFF
:0042F1CC E8233CFDFF
:0042F1D1 45
:0042F1D2 4F
:0042F1D3 75E9
|:0042F1B1(C), :0042F1B9(C)
|
:0042F1D5 66837E5600
:0042F1DA 7408
:0042F1DC 8BD6
:0042F1DE 8B4658
:0042F1E1 FF5654
|:0042F1AA(C), :0042F1DA(C)
|
:0042F1E4 5D
:0042F1E5 5F
:0042F1E6 5E
:0042F1E7 5B
:0042F1E8 C3
mov edx, ebp

call 0040CB78
mov bx, FFFF
call 00402DF4
inc ebp
dec edi
jne 0042F1BE

je 0042F1E4
mov edx, esi
call [esi+54]
pop
pop
pop
pop
ret
ebp
edi
esi
ebx
:0042F1E9 8D4000

|:0042DCF0 , :0042E605 , :0042FAD0 , :0043311C
|
:0042F1EC 53
push ebx
:0042F1ED 56
push esi
:0042F1EE 57
push edi
:0042F1EF 55
push ebp
:0042F1F0 8BEA
mov ebp, edx
:0042F1F2 8BD8
mov ebx, eax
:0042F1F4 8B4340
:0042F1F7 85C0
test eax, eax
:0042F1F9 742E
je 0042F229
:0042F1FB 8B7808
:0042F1FE 4F
dec edi
:0042F1FF 85FF
test edi, edi
:0042F201 7C26
jl 0042F229
:0042F203 47
inc edi
:0042F204 33F6
xor esi, esi
|:0042F227(C)
|
:0042F206 8BD6
:0042F208 8B4340
:0042F20B E868D9FDFF
:0042F210 3BE8
:0042F212 7511
:0042F214 33C0
:0042F216 894504
:0042F219 8BD6
:0042F21B 8B4340
:0042F21E E879D8FDFF
:0042F223 EB04

mov edx, esi
call 0040CB78
cmp ebp, eax
jne 0042F225
xor eax, eax
mov edx, esi
call 0040CA9C
jmp 0042F229

|:0042F212(C)
|
:0042F225 46
inc esi
:0042F226 4F
dec edi
:0042F227 75DD
jne 0042F206
|:0042F1F9(C), :0042F201(C), :0042F223(U)
|
:0042F229 5D
pop ebp
:0042F22A 5F
pop edi
:0042F22B 5E
pop esi
:0042F22C 5B
pop ebx
:0042F22D C3
ret
:0042F22E 8BC0
mov eax, eax

|:0042DD01 , :0043312D
|
:0042F230 894204
:0042F233 8B4840
:0042F236
:0042F238
:0042F23A
:0042F23C
85C9
7407
8BC1
E81FD8FDFF
test ecx, ecx

je 0042F241
mov eax, ecx
call 0040CA60

|:0042F238(C)
|
:0042F241 C3
ret
:0042F242 8BC0
mov eax, eax
|:0042F325
|
:0042F244 53
push ebx
:0042F245 56
push esi
:0042F246 57
push edi
:0042F247 8BF2
mov esi, edx
:0042F249 8BD8
mov ebx, eax
:0042F24B 8BC3
mov eax, ebx
:0042F24D E806F5FDFF
call 0040E758
:0042F252 8BF8
mov edi, eax
:0042F254 8BC6
mov eax, esi
:0042F256 E8FDF4FDFF
call 0040E758
:0042F25B 3BF8
cmp edi, eax
:0042F25D 7518
jne 0042F277
:0042F25F 8BC3
mov eax, ebx
:0042F261 E8F2F4FDFF
call 0040E758
:0042F266 8BC8
mov ecx, eax
:0042F268 8B5604
:0042F26B 8B4304
:0042F26E E85982FDFF
call 004074CC
:0042F273 84C0
test al, al
:0042F275 7504
jne 0042F27B
|:0042F25D(C)
|
:0042F277 33C0
xor eax, eax
:0042F279 EB02
jmp 0042F27D
|:0042F275(C)
|
:0042F27B B001
mov al, 01
|:0042F279(U)
|
:0042F27D 5F
pop edi
:0042F27E 5E
pop esi
:0042F27F 5B
pop ebx
:0042F280 C3
ret
:0042F281 8D4000
|:0042F3A9
|
:0042F284
:0042F285
:0042F287
:0042F28A
:0042F28B
:0042F28C
:0042F28D
:0042F28F
:0042F291
:0042F293
:0042F295
:0042F297
:0042F29C
:0042F29E
:0042F2A0
:0042F2A5
:0042F2A7
55
8BEC
83C4F4
53
56
57
8BF2
8BD8
85F6
7414
8BC3
E830F8FFFF
8BF8
8BC6
E827F8FFFF
3BF8
7409
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
test esi, esi
je 0042F2A9
mov eax, ebx
call 0042EACC
mov edi, eax
mov eax, esi
call 0042EACC
cmp edi, eax
je 0042F2B2

|:0042F293(C)
|
:0042F2A9 C645FF00
mov [ebp-01], 00
:0042F2AD E9B5000000
jmp 0042F367
|:0042F2A7(C)
|
:0042F2B2 8BC3
:0042F2B4 E813F8FFFF
:0042F2B9 85C0
:0042F2BB 7514
:0042F2BD 8BC6
:0042F2BF E808F8FFFF
:0042F2C4 85C0
:0042F2C6 7509
:0042F2C8 C645FF01
:0042F2CC E996000000
|:0042F2BB(C), :0042F2C6(C)
|
:0042F2D1 B201
:0042F2D3 A1FCBA4000
:0042F2D8 E81339FDFF
:0042F2DD 8945F8
:0042F2E0 33C0
:0042F2E2 55
:0042F2E3 6860F34200
:0042F2E8 64FF30
:0042F2EB 648920
:0042F2EE 8B55F8
:0042F2F1 8BC3
:0042F2F3 E898060000
:0042F2F8 B201
:0042F2FA A1FCBA4000
:0042F2FF E8EC38FDFF
:0042F304 8945F4
:0042F307 33C0
:0042F309 55
:0042F30A 6843F34200
mov eax, ebx

call 0042EACC
test eax, eax
jne 0042F2D1
mov eax, esi
call 0042EACC
test eax, eax
jne 0042F2D1
mov [ebp-01], 01
jmp 0042F367
mov dl, 01
call 00402BF0
xor eax, eax
push ebp
push 0042F360
mov eax, ebx
call 0042F990
mov dl, 01
call 00402BF0
xor eax, eax
push ebp
push 0042F343
:0042F30F
:0042F312
:0042F315
:0042F318
:0042F31A
:0042F31F
:0042F322
:0042F325
:0042F32A
:0042F32D
:0042F32F
:0042F330
:0042F331
:0042F332
:0042F335
64FF30
648920
8B55F4
8BC6
E871060000
8B55F4
8B45F8
E81AFFFFFF
8845FF
33C0
5A
59
59
648910
684AF34200

mov eax, esi
call 0042F990
call 0042F244
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042F34A
|:0042F348(U)
|
:0042F33A 8B45F4
:0042F33D E8DE38FDFF
:0042F342 C3
:0042F343
:0042F348
:0042F34A
:0042F34C
:0042F34D
:0042F34E
:0042F34F
:0042F352
jmp 00403278
jmp 0042F33A
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042F367
E9303FFDFF
EBF0
33C0
5A
59
59
648910
6867F34200

call 00402C20
ret
|:0042F365(U)
|
:0042F357 8B45F8
:0042F35A E8C138FDFF
:0042F35F C3
:0042F360 E9133FFDFF
:0042F365 EBF0
jmp 00403278
jmp 0042F357
|:0042F2AD(U), :0042F2CC(U)
|
:0042F367 8A45FF
:0042F36A 5F
:0042F36B 5E
:0042F36C 5B
:0042F36D 8BE5
:0042F36F 5D
:0042F370 C3
:0042F371 8D4000

call 00402C20
ret

|:0042F3FB
mov
pop
pop
pop
mov
pop
ret

edi
esi
ebx
esp, ebp
ebp
|
:0042F374
:0042F375
:0042F377
:0042F378
:0042F37B
:0042F37E
:0042F382
:0042F384
:0042F387
:0042F38A
:0042F38D
:0042F38F
:0042F395
:0042F39A
:0042F39C
:0042F39E
:0042F3A1
:0042F3A3
:0042F3A6
:0042F3A9
:0042F3AE
:0042F3B0
:0042F3B2
:0042F3B4
55
8BEC
53
8B4508
8B40FC
83781C00
7437
8B4508
8B40FC
8B581C
8BC3
8B1590E44200
E8F639FDFF
84C0
7418
8B4508
8BD3
8B4508
8B40F8
E8D6FEFFFF
84C0
7404
33C0
EB15
push ebp
mov ebp, esp
push ebx
je 0042F3BB
mov eax, ebx
call 00402D90
test al, al
je 0042F3B6
mov edx, ebx
call 0042F284
test al, al
je 0042F3B6
xor eax, eax
jmp 0042F3CB
|:0042F39C(C), :0042F3B0(C)
|
:0042F3B6 B001
:0042F3B8 5B
:0042F3B9 5D
:0042F3BA C3
|:0042F382(C)
|
:0042F3BB 8B4508
:0042F3BE 8B40F8
:0042F3C6 85C0
:0042F3C8 0F9FC0
mov al, 01
pop ebx
pop ebp
ret

call 0042EACC
test eax, eax
setg al

|:0042F3B4(U)
|
:0042F3CB 5B
pop ebx
:0042F3CC 5D
pop ebp
:0042F3CD C3
ret
:0042F3CE
:0042F3D0
:0042F3D1
:0042F3D3
:0042F3D6
:0042F3D7
:0042F3DA
8BC0
55
8BEC
83C4F8
53
8955FC
8945F8
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
:0042F3DD
:0042F3E0
:0042F3E3
:0042F3E8
:0042F3EB
8B55FC
8B45F8
E8EC23FEFF
8B45F8
50

call 004117D4
push eax
* Possible StringData Ref from Code Obj ->"SVW"

|
:0042F3EC 687CF74200
push 0042F77C
:0042F3F1 8B45F8
:0042F3F4 50
push eax
:0042F3F5 6890F94200
push 0042F990
:0042F3FA 55
push ebp
:0042F3FB E874FFFFFF
call 0042F374
:0042F400 59
pop ecx
:0042F401 8BC8
mov ecx, eax
* Possible StringData Ref from Code Obj ->"Bitmap"
|
:0042F403 BA20F44200
mov edx, 0042F420
:0042F408 8B45FC
:0042F40B 8B18
:0042F40D FF5304
call [ebx+04]
:0042F410 5B
pop ebx
:0042F411 59
pop ecx
:0042F412 59
pop ecx
:0042F413 5D
pop ebp
:0042F414 C3
ret
:0042F415 000000
BYTE 3 DUP(0)
:0042F418 FFFFFFFF
BYTE 4 DUP(0ffh)
:0042F41C 06
:0042F41D 000000
push es
BYTE 3 DUP(0)
:0042F420
:0042F421
:0042F422
:0042F423
:0042F424
:0042F425
:0042F426
:0042F427
inc edx
BYTE 69h
BYTE 74h
BYTE 6dh
BYTE 61h
BYTE 70h
BYTE 00h
BYTE 00h
42
69
74
6D
61
70
00
00

|:0042F7F7
|
:0042F428 55
push ebp
:0042F429 8BEC
mov ebp, esp
:0042F42B 83C4C0
add esp, FFFFFFC0
:0042F42E 53
push ebx
:0042F42F 56
push esi
:0042F430 57
push edi
:0042F431 8BDA
mov ebx, edx
:0042F433
:0042F436
:0042F439
:0042F43E
:0042F440
:0042F445
:0042F448
:0042F44D
:0042F44F
:0042F454
:0042F456
:0042F45B
:0042F460
:0042F463
:0042F465
:0042F466
:0042F46B
:0042F46E
:0042F471
:0042F473
:0042F478
:0042F47A
:0042F47C
:0042F47F
:0042F481
:0042F484
:0042F487
:0042F489
:0042F48B
:0042F490
:0042F492
:0042F497
:0042F49C
:0042F49F
:0042F4A1
:0042F4A2
:0042F4A7
:0042F4AA
:0042F4AD
:0042F4AF
:0042F4B2
:0042F4B4
:0042F4B7
:0042F4B9
:0042F4BE
:0042F4C3
:0042F4C6
:0042F4C9
:0042F4CC
:0042F4CF
:0042F4D1
:0042F4D4
:0042F4D7
:0042F4DA
:0042F4DD
:0042F4DF
:0042F4E2
:0042F4E4
:0042F4E9
:0042F4EE
8945FC
8D55E8
B904000000
8BC3
E84BF3FDFF
8D55E4
B904000000
8BC3
E83CF3FDFF
B201
A10C314100
E8CC96FEFF
8945F8
33C0
55
68A9F64200
64FF30
648920
8BC3
E8C4F2FDFF
8BF0
8BD3
8B45F8
8B08
FF5150
8B55E8
03D6
8BC3
E8BCF2FDFF
B201
A10C314100
E89096FEFF
8945F0
33C0
55
688CF64200
64FF30
648920
8BD3
8B45F0
8B08
FF5150
B201
A10C314100
E86996FEFF
8945F4
8B45FC
8B5028
8B45F4
8B08
FF5140
8B45FC
8B5024
8B45F4
8B08
FF5134
B201
A10C314100
E83E96FEFF
8945EC

mov ecx, 00000004
mov eax, ebx
call 0040E790
mov ecx, 00000004
mov eax, ebx
call 0040E790
mov dl, 01
call 00418B2C
xor eax, eax
push ebp
push 0042F6A9
mov eax, ebx
call 0040E73C
mov esi, eax
mov edx, ebx
call [ecx+50]
add edx, esi
mov eax, ebx
call 0040E74C
mov dl, 01
call 00418B2C
xor eax, eax
push ebp
push 0042F68C
mov edx, ebx
call [ecx+50]
mov dl, 01
call 00418B2C
call [ecx+40]
call [ecx+34]
mov dl, 01
call 00418B2C
:0042F4F1
:0042F4F3
:0042F4F6
:0042F4FB
:0042F4FE
:0042F501
:0042F504
:0042F506
:0042F509
:0042F50C
:0042F50F
:0042F512
:0042F514
:0042F517
:0042F51A
:0042F51D
:0042F51E
:0042F521
:0042F522
:0042F525
:0042F528
:0042F52A
:0042F52C
:0042F531
:0042F534
:0042F539
:0042F53B
:0042F53C
:0042F541
:0042F544
:0042F547
:0042F54A
:0042F54C
:0042F54F
:0042F552
:0042F555
:0042F556
:0042F558
:0042F559
:0042F55B
:0042F561
:0042F562
:0042F565
B201
8B45EC
E835A7FEFF
8B45FC
8B5028
8B45EC
8B08
FF5140
8B45FC
8B5024
8B45EC
8B08
FF5134
8B45FC
8B4024
50
8D45D0
50
8B45FC
8B4828
33D2
33C0
E867CCFDFF
8B45FC
E85F050000
33C0
55
686FF64200
64FF30
648920
8B45F8
8B10
FF5220
8B55FC
8B4A24
99
F7F9
48
85C0
0F8CE8000000
40
8945E0
33FF
|:0042F643(C)
|
:0042F567 837DE400
:0042F56B 0F84D8000000
:0042F571 8B45F8
:0042F574 8B10
:0042F576 FF522C
:0042F579 8B55FC
:0042F57C 8B4A28
:0042F57F 99
:0042F580 F7F9
:0042F582 8BF0
:0042F584 4E
:0042F585 85F6
:0042F587 0F8CB2000000
mov dl, 01
call 00419C30
call [ecx+40]
call [ecx+34]
push eax
push eax
xor edx, edx
xor eax, eax
call 0040C198
call 0042FA98
xor eax, eax
push ebp
push 0042F66F
call [edx+20]
cdq
idiv ecx
dec eax
test eax, eax
jl 0042F649
inc eax
xor edi, edi
je 0042F649
call [edx+2C]
cdq
idiv ecx
mov esi, eax
dec esi
test esi, esi
jl 0042F63F
:0042F58D 46
:0042F58E 33DB
inc esi
xor ebx, ebx
|:0042F639(C)
|
:0042F590 837DE400
:0042F594 0F84A5000000
:0042F59A 8B45FC
:0042F59D 8B4024
:0042F5A0 50
:0042F5A1 8D45C0
:0042F5A4 50
:0042F5A5 8B45FC
:0042F5A8 8B4828
:0042F5AB 8B45FC
:0042F5AE 8B5024
:0042F5B1 0FAFD7
:0042F5B4 8B45FC
:0042F5B7 8B4028
:0042F5BA 0FAFC3
:0042F5BD E8F2CBFDFF
:0042F5C2 8D45C0
:0042F5C5 50
:0042F5C6 8B45F8
:0042F5C9 E8969AFEFF
:0042F5CE 50
:0042F5CF 8B45F4
:0042F5D2 E88D9AFEFF
:0042F5D7 8D55D0
:0042F5DA 59
:0042F5DB E81C54FEFF
:0042F5E0 8B45FC
:0042F5E3 8B4024
:0042F5E6 50
:0042F5E7 8D45C0
:0042F5EA 50
:0042F5EB 8B45FC
:0042F5EE 8B4828
:0042F5F1 8B45FC
:0042F5F4 8B5024
:0042F5F7 0FAFD7
:0042F5FA 8B45FC
:0042F5FD 8B4028
:0042F600 0FAFC3
:0042F603 E8ACCBFDFF
:0042F608 8D45C0
:0042F60B 50
:0042F60C 8B45F0
:0042F60F E8509AFEFF
:0042F614 50
:0042F615 8B45EC
:0042F618 E8479AFEFF
:0042F61D 8D55D0
:0042F620 59
:0042F621 E8D653FEFF
:0042F626 8B4DEC
:0042F629 8B55F4
:0042F62C 8B45FC
:0042F62F E8CCF3FFFF

je 0042F63F
push eax
push eax
imul edx, edi
imul eax, ebx
call 0040C1B4
push eax
call 00419064
push eax
call 00419064
pop ecx
call 004149FC
push eax
push eax
imul edx, edi
imul eax, ebx
call 0040C1B4
push eax
call 00419064
push eax
call 00419064
pop ecx
call 004149FC
call 0042EA00
:0042F634
:0042F637
:0042F638
:0042F639
FF4DE4
43
4E
0F8551FFFFFF
dec
inc
dec
jne
[ebp-1C]
ebx
esi
0042F590
|:0042F587(C), :0042F594(C)
|
:0042F63F 47
:0042F640 FF4DE0
:0042F643 0F851EFFFFFF
|:0042F55B(C), :0042F56B(C)
|
:0042F649 33C0
:0042F64B 5A
:0042F64C 59
:0042F64D 59
:0042F64E 648910
:0042F651 6876F64200
|:0042F674(U)
|
:0042F656 8B45F4
:0042F659 E8C235FDFF
:0042F65E 8B45EC
:0042F661 E8BA35FDFF
:0042F666 8B45FC
:0042F669 E82E040000
:0042F66E C3
:0042F66F
:0042F674
:0042F676
:0042F678
:0042F679
:0042F67A
:0042F67B
:0042F67E
jmp 00403278
jmp 0042F656
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042F693
E9043CFDFF
EBE0
33C0
5A
59
59
648910
6893F64200
inc edi
dec [ebp-20]
jne 0042F567
xor eax, eax

pop edx
pop ecx
pop ecx
push 0042F676

call 00402C20
call 00402C20
call 0042FA9C
ret
|:0042F691(U)
|
:0042F683 8B45F0
:0042F686 E89535FDFF
:0042F68B C3
:0042F68C
:0042F691
:0042F693
:0042F695
:0042F696
:0042F697
:0042F698
jmp
jmp
xor
pop
pop
pop
mov
E9E73BFDFF
EBF0
33C0
5A
59
59
648910

call 00402C20
ret
00403278
0042F683
eax, eax
edx
ecx
ecx
:0042F69B 68B0F64200
|
push 0042F6B0
|:0042F6AE(U)
|
:0042F6A0 8B45F8
:0042F6A3 E87835FDFF
:0042F6A8 C3
:0042F6A9
:0042F6AE
:0042F6B0
:0042F6B1
:0042F6B2
:0042F6B3
:0042F6B5
:0042F6B6
jmp
jmp
pop
pop
pop
mov
pop
ret
E9CA3BFDFF
EBF0
5F
5E
5B
8BE5
5D
C3
:0042F6B7 90

call 00402C20
ret
00403278
0042F6A0
edi
esi
ebx
esp, ebp
ebp
nop

|:0042F7EC
|
:0042F6B8 55
push ebp
:0042F6B9 8BEC
mov ebp, esp
:0042F6BB 83C4F8
add esp, FFFFFFF8
:0042F6BE 53
push ebx
:0042F6BF 33C9
xor ecx, ecx
:0042F6C1 894DF8
:0042F6C4 8BD8
mov ebx, eax
:0042F6C6 33C0
xor eax, eax
:0042F6C8 55
push ebp
:0042F6C9 686DF74200
push 0042F76D
:0042F6CE 64FF30
:0042F6D1 648920
:0042F6D4 6A00
push 00000000
:0042F6D6 8BCA
mov ecx, edx
:0042F6D8 A1ECBC4000
mov eax, dword ptr [0040BCEC]
:0042F6DD B201
mov dl, 01
:0042F6DF E85428FEFF
call 00411F38
:0042F6E4 8945FC
:0042F6E7 33C0
xor eax, eax
:0042F6E9 55
push ebp
:0042F6EA 6850F74200
push 0042F750
:0042F6EF 64FF30
:0042F6F2 648920
:0042F6F5 8B45FC
:0042F6F8 85C0
test eax, eax
:0042F6FA 7403
je 0042F6FF
:0042F6FC 83E8EC
sub eax, FFFFFFEC
|:0042F6FA(C)
|
:0042F6FF 50
push eax
* Reference To: comctl32.ImageList_Read, Ord:0000h
:0042F700
:0042F705
:0042F707
:0042F709
:0042F70E
:0042F710
:0042F715
:0042F717
:0042F719
:0042F71C
:0042F721
:0042F726
:0042F729
:0042F72B
:0042F730
:0042F735
E89FB5FEFF
8BD0
8BC3
E812F1FFFF
8BC3
E837F1FFFF
85C0
7521
8D55F8
A1682C4400
E8FE56FDFF
8B4DF8
B201
A1C4B14000
E83791FDFF
E8763BFDFF
|
Call 0041ACA4
mov edx, eax
mov eax, ebx
call 0042E820
mov eax, ebx
call 0042E84C
test eax, eax
jne 0042F73A
lea edx, dword
mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-08]
ptr [00442C68]
ptr [ebp-08]
ptr [0040B1C4]
|:0042F717(C)
|
:0042F73A 33C0
:0042F73C 5A
:0042F73D 59
:0042F73E 59
:0042F73F 648910
:0042F742 6857F74200
|:0042F755(U)
|
:0042F747 8B45FC
:0042F74A E8D134FDFF
:0042F74F C3
:0042F750
:0042F755
:0042F757
:0042F759
:0042F75A
:0042F75B
:0042F75C
jmp
jmp
xor
pop
pop
pop
mov
E9233BFDFF
EBF0
33C0
5A
59
59
648910
xor eax, eax

pop edx
pop ecx
pop ecx
push 0042F757

call 00402C20
ret
00403278
0042F747
eax, eax
edx
ecx
ecx

|
:0042F75F 6874F74200
push 0042F774
|:0042F772(U)
|
:0042F764 8D45F8
:0042F767 E84C40FDFF
:0042F76C C3
:0042F76D
:0042F772
:0042F774
:0042F775
jmp
jmp
pop
pop
E9063BFDFF
EBF0
5B
59

call 004037B8
ret
00403278
0042F764
ebx
ecx
:0042F776 59
:0042F777 5D
:0042F778 C3
pop ecx
pop ebp
ret
:0042F779
:0042F77C
:0042F77D
:0042F77E
:0042F77F
:0042F782
:0042F784
:0042F786
:0042F788
:0042F78D
:0042F78F
:0042F794
:0042F798
:0042F79A
:0042F79F
:0042F7A1
:0042F7A3
:0042F7A6
:0042F7AA
:0042F7AF
:0042F7B1
:0042F7B3
:0042F7B6
:0042F7B9
:0042F7BC
:0042F7C0
:0042F7C4
:0042F7C8
:0042F7CC
:0042F7CE
:0042F7D3
:0042F7D6
:0042F7DA
:0042F7DC
:0042F7DF
:0042F7E1
:0042F7E6
:0042F7E8
:0042F7EA
:0042F7EC
:0042F7F1

push ebx
push esi
push edi
add esp, FFFFFFF0
mov edi, edx
mov esi, eax
mov eax, esi
call 0042E8B0
mov eax, edi
call 0040E73C
mov edx, esp
mov ecx, 00000004
mov eax, edi
call [ebx+04]
mov ecx, 00000004
mov eax, edi
call [ebx+04]
mov bl, byte ptr [esp]
and bl, FF
mov ax, word ptr [esp]
shr ax, 08
mov eax, edi
call 0040E74C
je 0042F7F3
cmp bl, 49
jne 0042F7F3
cmp byte ptr [esp+08], 4C
jne 0042F7F3
mov edx, edi
mov eax, esi
call 0042F6B8
jmp 0042F7FC
8D4000
53
56
57
83C4F0
8BFA
8BF0
8BC6
E823F1FFFF
8BC7
E8A8EFFDFF
8944240C
8BD4
B904000000
8BC7
8B18
FF5304
8D542404
B904000000
8BC7
8B18
FF5304
8A1C24
80E3FF
668B0424
66C1E808
88442408
8B54240C
8BC7
E879EFFDFF
8B0424
3B442404
7417
80FB49
7512
807C24084C
750B
8BD7
8BC6
E8C7FEFFFF
EB09

|:0042F7DA(C), :0042F7DF(C), :0042F7E6(C)
|
:0042F7F3 8BD7
mov edx, edi
:0042F7F5 8BC6
mov eax, esi
:0042F7F7 E82CFCFFFF
call 0042F428
|:0042F7F1(U)
|
:0042F7FC 83C410
add esp, 00000010
:0042F7FF 5F
pop edi
:0042F800 5E
pop esi
:0042F801 5B
:0042F802 C3
pop ebx
ret
:0042F803 90
nop

|:0042F9F9 , :0042FA13
|
:0042F804 55
push ebp
:0042F805 8BEC
mov ebp, esp
:0042F807 83C4E0
add esp, FFFFFFE0
:0042F80A 53
push ebx
:0042F80B 56
push esi
:0042F80C 57
push edi
:0042F80D 8BD8
mov ebx, eax
:0042F80F 85DB
test ebx, ebx
:0042F811 0F8471010000
je 0042F988
:0042F817 8D4DFC
:0042F81A 8D55F0
:0042F81D 8BC3
mov eax, ebx
:0042F81F E8F468FEFF
call 00416118
:0042F824 8B45F0
:0042F827 0345FC
:0042F82A E8652EFDFF
call 00402694
:0042F82F 8945F8
:0042F832 33C0
xor eax, eax
:0042F834 55
push ebp
:0042F835 6881F94200
push 0042F981
:0042F83A 64FF30
:0042F83D 648920
:0042F840 8B75F8
:0042F843 0375F0
add esi, dword ptr [ebp-10]
:0042F846 56
push esi
:0042F847 8B4DF8
:0042F84A 33D2
xor edx, edx
:0042F84C 8BC3
mov eax, ebx
:0042F84E E87D69FEFF
call 004161D0
:0042F853 6A00
push 00000000
:0042F855 6A00
push 00000000
:0042F857 8D45F4
:0042F85A 50
push eax
:0042F85B 6A00
push 00000000
:0042F85D 8B45F8
:0042F860 50
push eax
:0042F861 8B4508
:0042F864 8B40F8
:0042F867 50
push eax
|
:0042F868 E89365FDFF
Call 00405E00
:0042F86D 8BD0
mov edx, eax
:0042F86F 8B4508
mov eax, dword ptr
:0042F872 8B40FC
mov eax, dword ptr
:0042F875 E86EA1FEFF
call 004199E8
:0042F87A 8B55F4
mov edx, dword ptr
:0042F87D 8BC6
mov eax, esi
:0042F87F 8B4DFC
mov ecx, dword ptr
:0042F882 E8252FFDFF
call 004027AC
[ebp+08]
[eax-04]
[ebp-0C]
[ebp-04]
:0042F887
:0042F88A
:0042F88D
:0042F890
:0042F893
:0042F896
:0042F897
:0042F899
:0042F89B
:0042F89D
:0042F89F
8B75F8
8B4604
8B5508
8B52F4
8B4A28
99
F7F9
8BD8
85DB
7501
43
mov esi, dword

mov eax, dword
mov edx, dword
mov edx, dword
mov ecx, dword
cdq
idiv ecx
mov ebx, eax
test ebx, ebx
jne 0042F8A0
inc ebx
ptr
ptr
ptr
ptr
ptr
[ebp-08]
[esi+04]
[ebp+08]
[edx-0C]
[edx+28]
|:0042F89D(C)
|
:0042F8A0 8B4508
:0042F8A3 8B40F4
:0042F8A6 E821F2FFFF
:0042F8AB 3BD8
:0042F8AD 7E0D
:0042F8AF 8B4508
:0042F8B2 8B40F4
:0042F8B5 E812F2FFFF
:0042F8BA 8BD8
|:0042F8AD(C)
|
:0042F8BC 8B4508
:0042F8BF 8B40F4
:0042F8C2 8B4028
:0042F8C5 F7EB
:0042F8C7 894604
:0042F8CA 8B4508
:0042F8CD 8B40F4
:0042F8D0 E8F7F1FFFF
:0042F8D5 99
:0042F8D6 F7FB
:0042F8D8 8BF8
:0042F8DA 8B4508
:0042F8DD 8B40F4
:0042F8E0 E8E7F1FFFF
:0042F8E5 8BD7
:0042F8E7 0FAFD3
:0042F8EA 3BC2
:0042F8EC 7E01
:0042F8EE 47
mov eax, dword

mov eax, dword
call 0042EACC
cmp ebx, eax
jle 0042F8BC
mov eax, dword
mov eax, dword
call 0042EACC
mov ebx, eax
ptr [ebp+08]
ptr [eax-0C]
ptr [ebp+08]
ptr [eax-0C]

imul ebx
call 0042EACC
cdq
idiv ebx
mov edi, eax
call 0042EACC
mov edx, edi
imul edx, ebx
cmp eax, edx
jle 0042F8EF
inc edi

|:0042F8EC(C)
|
:0042F8EF 8B4508
:0042F8F2 8B40F4
:0042F8F5 8B5824
:0042F8F8 0FAFDF
imul ebx, edi
:0042F8FB 895E08
:0042F8FE 53
push ebx
:0042F8FF 8D45E0
:0042F902 50
push eax
:0042F903 8B4E04
:0042F906
:0042F908
:0042F90A
:0042F90F
:0042F911
:0042F913
:0042F916
:0042F917
:0042F919
:0042F91C
:0042F91D
:0042F920
:0042F923
33D2
33C0
E889C8FDFF
6A00
6A00
8D45F4
50
6A00
8B45F8
50
8B4508
8B40F8
50
xor edx, edx

xor eax, eax
call 0040C198
push 00000000
push 00000000
lea eax, dword
push eax
push 00000000
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
ptr [ebp-0C]
ptr [ebp-08]
ptr [ebp+08]
ptr [eax-08]

|
:0042F924 E8D764FDFF
Call 00405E00
:0042F929 8BD0
mov edx, eax
:0042F92B 8B4508
:0042F92E 8B40F0
:0042F931 E8B2A0FEFF
call 004199E8
:0042F936 8D45E0
:0042F939 50
push eax
:0042F93A 8B4508
:0042F93D 8B40FC
:0042F940 E81F97FEFF
call 00419064
:0042F945 50
push eax
:0042F946 8B4508
:0042F949 8B40F0
:0042F94C E81397FEFF
call 00419064
:0042F951 8D55E0
:0042F954 59
pop ecx
:0042F955 E8A250FEFF
call 004149FC
:0042F95A 8B4508
:0042F95D 8B50EC
:0042F960 8B4508
:0042F963 8B40F0
:0042F966 8B08
:0042F968 FF5154
call [ecx+54]
:0042F96B 33C0
xor eax, eax
:0042F96D 5A
pop edx
:0042F96E 59
pop ecx
:0042F96F 59
pop ecx
:0042F970 648910
|
:0042F973 6888F94200
push 0042F988
|:0042F986(U)
|
:0042F978 8B45F8
:0042F97B E82C2DFDFF
:0042F980 C3
:0042F981 E9F238FDFF
:0042F986 EBF0
jmp 00403278
jmp 0042F978

call 004026AC
ret

|:0042F811(C)
|
:0042F988 5F
pop edi
:0042F989 5E
pop esi
:0042F98A 5B
pop ebx
:0042F98B 8BE5
mov esp, ebp
:0042F98D 5D
pop ebp
:0042F98E C3
ret
:0042F98F 90
nop

|:0042F2F3 , :0042F31A
|
:0042F990 55
push ebp
:0042F991 8BEC
mov ebp, esp
:0042F993 83C4E8
add esp, FFFFFFE8
:0042F996 53
push ebx
:0042F997 8BDA
mov ebx, edx
:0042F999 8945F4
:0042F99C 33C0
xor eax, eax
:0042F99E 8945FC
:0042F9A1 33C0
xor eax, eax
:0042F9A3 8945F0
:0042F9A6 33C0
xor eax, eax
:0042F9A8 8945F8
:0042F9AB B201
mov dl, 01
:0042F9AD A1FCBA4000
:0042F9B2 E83932FDFF
call 00402BF0
:0042F9B7 8945EC
:0042F9BA 33C0
xor eax, eax
:0042F9BC 55
push ebp
:0042F9BD 688AFA4200
push 0042FA8A
:0042F9C2 64FF30
:0042F9C5 648920
:0042F9C8 B201
mov dl, 01
:0042F9CA A10C314100
:0042F9CF E85891FEFF
call 00418B2C
:0042F9D4 8945FC
:0042F9D7 B201
mov dl, 01
:0042F9D9 A10C314100
:0042F9DE E84991FEFF
call 00418B2C
:0042F9E3 8945F0
:0042F9E6 6A00
push 00000000
|
:0042F9E8 E85B67FDFF
Call 00406148
:0042F9ED 8945F8
:0042F9F0 55
push ebp
:0042F9F1 8B45F4
:0042F9F4 E887EFFFFF
call 0042E980
:0042F9F9 E806FEFFFF
call 0042F804
:0042F9FE 59
pop ecx
:0042F9FF 8B45EC
:0042FA02 E851EDFDFF
call 0040E758
:0042FA07 8945E8
:0042FA0A 55
push ebp
:0042FA0B
:0042FA0E
:0042FA13
:0042FA18
:0042FA19
:0042FA1C
:0042FA21
:0042FA23
:0042FA28
:0042FA2B
:0042FA30
:0042FA33
:0042FA36
:0042FA3B
:0042FA3D
:0042FA42
:0042FA45
:0042FA4A
:0042FA4C
:0042FA4F
:0042FA52
:0042FA54
:0042FA59
:0042FA5B
:0042FA5C
:0042FA5D
:0042FA5E
:0042FA61
8B45F4
E8ADEFFFFF
E8ECFDFFFF
59
8D55E8
B904000000
8BC3
E8E4EDFDFF
8B45F4
E89CF0FFFF
8945E8
8D55E8
B904000000
8BC3
E8CAEDFDFF
8B45EC
E80EEDFDFF
8BC8
8B45EC
8B5004
8BC3
E8B3EDFDFF
33C0
5A
59
59
648910
6891FA4200

call 0042E9C0
call 0042F804
pop ecx
mov ecx, 00000004
mov eax, ebx
call 0040E80C
call 0042EACC
mov ecx, 00000004
mov eax, ebx
call 0040E80C
call 0040E758
mov ecx, eax
mov eax, ebx
call 0040E80C
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042FA91

|:0042FA8F(U)
|
:0042FA66 8B45F8
:0042FA69 50
push eax
:0042FA6A 6A00
push 00000000
|
:0042FA6C E8EF68FDFF
Call 00406360
:0042FA71 8B45FC
:0042FA74 E8A731FDFF
call 00402C20
:0042FA79 8B45F0
:0042FA7C E89F31FDFF
call 00402C20
:0042FA81 8B45EC
:0042FA84 E89731FDFF
call 00402C20
:0042FA89 C3
ret
:0042FA8A
:0042FA8F
:0042FA91
:0042FA92
:0042FA94
:0042FA95
E9E937FDFF
EBD5
5B
8BE5
5D
C3
:0042FA96 8BC0
jmp
jmp
pop
mov
pop
ret
00403278
0042FA66
ebx
esp, ebp
ebp
mov eax, eax

|:0042EDFC , :0042F534
|
:0042FA98 FF4050
:0042FA9B C3
inc [eax+50]
ret

|:0042EF52 , :0042F669
|
:0042FA9C 53
push ebx
:0042FA9D 83785000
:0042FAA1 7E03
jle 0042FAA6
:0042FAA3 FF4850
dec [eax+50]
|:0042FAA1(C)
|
:0042FAA6 80784C00
:0042FAAA 740D
:0042FAAC C6404C00
:0042FAB0 66BBF0FF
:0042FAB4 E83B33FDFF

je 0042FAB9
mov [eax+4C], 00
mov bx, FFF0
call 00402DF4

|:0042FAAA(C)
|
:0042FAB9 5B
pop ebx
:0042FABA C3
ret
:0042FABB
:0042FABC
:0042FABD
:0042FABE
:0042FAC3
:0042FAC5
:0042FAC7
:0042FACA
:0042FACC
:0042FACE
:0042FAD0
90
53
56
E8A134FDFF
8BDA
8BF0
8B4604
85C0
7407
8BD6
E817F7FFFF
|:0042FACC(C)
|
:0042FAD5 8BD3
:0042FAD7 80E2FC
:0042FADA 8BC6
:0042FADC E82F31FDFF
:0042FAE1 84DB
:0042FAE3 7E07
:0042FAE5 8BC6
:0042FAE7 E86834FDFF
nop
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
test eax, eax
je 0042FAD5
mov edx, esi
call 0042F1EC
mov edx, ebx
and dl, FC
mov eax, esi
call 00402C10
test bl, bl
jle 0042FAEC
mov eax, esi
call 00402F54

|:0042FAE3(C)
|
:0042FAEC 5E
pop esi
:0042FAED 5B
pop ebx
:0042FAEE C3
ret
:0042FAEF
:0042FAF0
:0042FAF1
:0042FAF6
:0042FAF8
:0042FAFA
:0042FAFD
:0042FB00
90
53
6683780A00
740B
8BD8
8B5004
8B430C
FF5308
nop
push ebx
je 0042FB03
mov ebx, eax
call [ebx+08]

|:0042FAF6(C)
|
:0042FB03 5B
pop ebx
:0042FB04 C3
ret
:0042FB05
:0042FB08
:0042FB09
:0042FB0B
:0042FB0D
:0042FB0E
:0042FB13
:0042FB16
:0042FB19
:0042FB1F
:0042FB21
:0042FB22
:0042FB23
:0042FB24
:0042FB27
8D4000
55
8BEC
33C0
55
682DFB4200
64FF30
648920
FF0594374400
33C0
5A
59
59
648910
6834FB4200

push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0042FB2D
xor eax, eax
pop edx
pop ecx
pop ecx
push 0042FB34
|:0042FB32(U)
|
:0042FB2C C3
:0042FB2D E94637FDFF
:0042FB32 EBF8
:0042FB34 5D
:0042FB35 C3
:0042FB36 8BC0
:0042FB38 832D9437440001
:0042FB3F C3
mov eax, eax

sub dword ptr [00443794], 00000001
ret
:0042FB40
:0042FB42
:0042FB43
:0042FB4D
:0042FB57
8CFB
42
00000000000000000000
00000000000000000000
000000000000000000
mov bx,
inc edx
BYTE 10
BYTE 10
BYTE 9
:0042FB60
:0042FB62
:0042FB63
:0042FB66
8CFB
42
000C00
0000
mov
inc
add
add
ret
jmp 00403278
jmp 0042FB2C
pop ebp
ret
xx
DUP(0)
DUP(0)
DUP(0)
bx, xx
edx
byte ptr [eax], al
:0042FB68 846940
:0042FB6B 0028
:0042FB6D 2E

BYTE 02eh
:0042FB6E
:0042FB6F
:0042FB72
:0042FB73
:0042FB75
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0042FB76
:0042FB77
:0042FB7A
:0042FB7B
:0042FB7D
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0042FB7E
:0042FB7F
:0042FB86
:0042FB87
:0042FB89
:0042FB8B
:0042FB8D
:0042FB8E
:0042FB8F
40
00B42B4000C82B
40
0010
2C40
000A
45
4D
65
inc eax
inc eax
sub al, 40
inc ebp
dec ebp
BYTE 065h
:0042FB90
:0042FB91
:0042FB93
:0042FB95
:0042FB96
:0042FB98
:0042FB99
:0042FB9A
:0042FB9B
:0042FB9D
:0042FBA1
:0042FBA2
:0042FBA4
:0042FBA6
:0042FBA7
:0042FBAA
6E
7545
7272
6F
7290
9C
FB
42
0003
0A544D65
6E
7542
7265
61
6B0100
000000
outsb
jne 0042FBD8
jb 0042FC07
outsd
jb 0042FB28
pushfd
sti
inc edx
or dl, byte ptr [ebp+2*ecx+65]
outsb
jne 0042FBE6
jb 0042FC0B
popad
imul eax, dword ptr [ecx], 00000000
BYTE 3 DUP(0)
:0042FBAD
:0042FBAF
:0042FBB1
:0042FBB2
:0042FBB3
:0042FBB4
:0042FBB6
:0042FBB7
:0042FBBA
:0042FBBB
0200
0000
98
FB
42
0006
6D
624E6F
6E
65

cwde
sti
inc edx
insd
bound ecx, dword ptr [esi+6F]
outsb
BYTE 065h
:0042FBBC
:0042FBBD
:0042FBBE
:0042FBC1
07
6D
624272
65
pop es
insd
bound eax, dword ptr [edx+72]
BYTE 065h
:0042FBC2
:0042FBC3
:0042FBC6
:0042FBC9
:0042FBCB
:0042FBCD
:0042FBCE
:0042FBD5
:0042FBD9
:0042FBDA
:0042FBDC
:0042FBE1
:0042FBE2
:0042FBE4
:0042FBE5
61
6B0A6D
624261
7242
7265
61
6B90D4FB420008
10544D65
6E
7543
68616E6765
45
7665
6E
7400
popad
imul ecx, dword ptr [edx], 0000006D
bound eax, dword ptr [edx+61]
jb 0042FC0D
jb 0042FC32
popad
imul edx, dword ptr [eax+0042FBD4], 00000008
adc byte ptr [ebp+2*ecx+65], dl
outsb
jne 0042FC1F
push 65676E61
inc ebp
jbe 0042FC49
outsb
je 0042FBE7

|:0042FBE5(C)
|
:0042FBE7 0308
:0042FBE9 06
push es
:0042FBEA 53
push ebx
:0042FBEB 65
BYTE 065h
:0042FBEC 6E
:0042FBED 64
outsb
BYTE 064h
:0042FBEE 65
BYTE 065h
:0042FBEF
:0042FBF1
:0042FBF2
:0042FBF3
:0042FBF6
:0042FBFA
:0042FBFB
:0042FBFC
:0042FBFE
:0042FC01
:0042FC02
:0042FC03
jb 0042FBF8
push esp
dec edi
push ebx
outsd
jne 0042FC70
push esp
dec ebp
BYTE 065h
7207
54
4F
626A65
63740806
53
6F
7572
636509
54
4D
65
:0042FC04 6E
:0042FC05 7549
outsb
jne 0042FC50

|:0042FB93(C)
|
:0042FC07 7465
je 0042FC6E
:0042FC09 6D
insd
:0042FC0A 0007
:0042FC0C 52

push edx
|:0042FBC9(C)
|
:0042FC0D 65627569
:0042FC11 6C
:0042FC12 64
:0042FC13
:0042FC14
:0042FC15
:0042FC16
:0042FC17
:0042FC18
07
42
6F
6F
6C
65
pop es
inc edx
outsd
outsd
insb
BYTE 065h
:0042FC19
:0042FC1A
:0042FC1B
:0042FC1C
:0042FC1E
61
6E
90
20FC
42
popad
outsb
nop
and ah, bh
inc edx
|:0042FBDA(C)
|
:0042FC1F 0008
:0042FC21 12544D65
:0042FC25 6E
:0042FC26 7544
:0042FC28 7261
:0042FC2A 7749
:0042FC2C 7465
:0042FC2E 6D
:0042FC2F 45
:0042FC30 7665
bound esi, dword ptr gs:[ebp+69]

insb
BYTE 064h

adc dl, byte ptr [ebp+2*ecx+65]
outsb
jne 0042FC6C
jb 0042FC8B
ja 0042FC75
je 0042FC93
insd
inc ebp
jbe 0042FC97

|:0042FBCB(C)
|
:0042FC32 6E
outsb
:0042FC33 7400
je 0042FC35
|:0042FC33(C)
|
:0042FC35 0408
add al, 08
:0042FC37 06
push es
:0042FC38 53
push ebx
:0042FC39 65
BYTE 065h
:0042FC3A 6E
:0042FC3B 64
outsb
BYTE 064h
:0042FC3C 65
BYTE 065h
:0042FC3D
:0042FC3F
:0042FC40
:0042FC41
:0042FC44
:0042FC48
7207
54
4F
626A65
63740807
41
jb 0042FC46
push esp
dec edi
inc ecx

|:0042FBE2(C)
|
:0042FC49 43
inc ebx
:0042FC4A 61
popad
:0042FC4B 6E
outsb
:0042FC4C 7661
jbe 0042FCAF
:0042FC4E 7307
jnb 0042FC57
|:0042FC05(C)
|
:0042FC50 54
:0042FC51 43
:0042FC52 61
:0042FC53 6E
:0042FC54 7661
:0042FC56 7310
:0042FC58 0541526563
:0042FC5D 7405
:0042FC5F 54
:0042FC60 52
:0042FC61 6563740008
:0042FC66 53
:0042FC67 65

push esp
inc ebx
popad
outsb
jbe 0042FCB7
jnb 0042FC68
add eax, 63655241
je 0042FC64
push esp
push edx
push ebx
BYTE 065h

|:0042FC56(C)
|
:0042FC68 6C
insb
:0042FC69 6563746564
arpl dword ptr gs:[ebp+64], esi
|:0042FC07(C)
|
:0042FC6E 07
pop es
:0042FC6F 42
inc edx
|:0042FBFC(C)
|
:0042FC70 6F
outsd
:0042FC71 6F
outsd
:0042FC72 6C
insb
:0042FC73 65
BYTE 065h
:0042FC74 61
popad
|:0042FC2A(C)
|
:0042FC75 6E
outsb
|:0042FC78(C)
|
:0042FC76 8BC0
:0042FC78 7CFC
:0042FC7A 42
:0042FC7B 0008
:0042FC7D 15544D656E
:0042FC82 754D
:0042FC84 65
:0042FC85
:0042FC86
:0042FC88
:0042FC8A
popad
jnb 0042FCFD
jb 0042FCEF
dec ecx
61
7375
7265
49
mov eax, eax

jl 0042FC76
inc edx
adc eax, 6E654D54
jne 0042FCD1
BYTE 065h

|:0042FC28(C)
|
:0042FC8B 7465
je 0042FCF2
:0042FC8D 6D
insd
:0042FC8E 45
inc ebp
:0042FC8F 7665
jbe 0042FCF6
:0042FC91 6E
outsb
:0042FC92 7400
je 0042FC94
|:0042FC92(C)
|
:0042FC94 0408
add al, 08
:0042FC96 06
push es
|:0042FC30(C)
|
:0042FC97 53
push ebx
:0042FC98 65
BYTE 065h
:0042FC99 6E
:0042FC9A 64
outsb
BYTE 064h
:0042FC9B 65
BYTE 065h
:0042FC9C
:0042FC9E
:0042FC9F
:0042FCA0
:0042FCA3
:0042FCA7
:0042FCA8
:0042FCA9
:0042FCAA
jb 0042FCA5
push esp
dec edi
inc ecx
inc ebx
popad
outsb
7207
54
4F
626A65
63740807
41
43
61
6E
:0042FCAB 7661
:0042FCAD 7307
jbe 0042FD0E
jnb 0042FCB6

|:0042FC4C(C)
|
:0042FCAF 54
push esp
:0042FCB0 43
inc ebx
:0042FCB1 61
popad
:0042FCB2 6E
outsb
:0042FCB3 7661
jbe 0042FD16
:0042FCB5 7301
jnb 0042FCB8
|:0042FC54(C)
|
:0042FCB7 0557696474
:0042FCBC 6807496E74
:0042FCC1 67
:0042FCC2 6765
:0042FCC4 7201
:0042FCC6 06
jb 0042FCC7
push es
|:0042FCC4(C)
|
:0042FCC7 48
:0042FCC8 656967687407496E
:0042FCD0 7465
:0042FCD2 67
:0042FCD3 65
:0042FCD4
:0042FCD6
:0042FCD7
:0042FCDE
:0042FCE8
jb 0042FC63
inc eax
add byte ptr [8*edi+00000042], ah
BYTE 10 DUP(0)
BYTE 10 DUP(0)
728D
40
0024FD42000000
00000000000000000000
00000000000000000000
add eax, 74646957

push 746E4907
BYTE 067h
BYTE 065h
dec eax
je 0042FD37
BYTE 067h
BYTE 065h
|:0042FC8B(C)
|
:0042FCF2 000000000000
:0042FCF8 80FD42
:0042FCFB 001400
:0042FCFE 0000
:0042FD00 E0D8
:0042FD02 42
:0042FD03 0028
:0042FD05 2E
:0042FD06
:0042FD07
:0042FD0A
:0042FD0B
:0042FD0D
inc eax
inc eax
BYTE 02eh
40
00342E
40
0038
2E
BYTE 6 DUP(0)
cmp ch, 42
loopnz 0042FCDA
inc edx
BYTE 02eh

|:0042FCAB(C)
|
:0042FD0E 40
inc eax
:0042FD0F 003C2E
:0042FD12 40
inc eax
:0042FD13 0030
:0042FD15 2E
BYTE 02eh
|:0042FCB3(C)
|
:0042FD16 40
:0042FD17 00B42B4000C82B
:0042FD1E 40
:0042FD1F 0010
:0042FD21 1D4100B00B
:0042FD26 43
:0042FD27 00441D41
:0042FD2B 00580D
:0042FD2E 43
:0042FD2F 006C1D41
:0042FD33 007C0E43
|:0042FCD0(C)
|
:0042FD37 00C8
:0042FD39 1C41
:0042FD3B 00A41D4100CC0B
:0042FD42 43
:0042FD43 0000
:0042FD45 0C43
:0042FD47 0030
:0042FD49 0C43
:0042FD4B 00600C
:0042FD4E 43
:0042FD4F 00900C4300C4
:0042FD55 0C43
:0042FD57 00F4
:0042FD59 0C43
:0042FD5B 0028
:0042FD5D 0D43007C0D
:0042FD62 43
:0042FD63 009C0D4300BC0D
:0042FD6A 43
:0042FD6B 00DC
:0042FD6D 0D4300F80D
:0042FD72 43
:0042FD73 001C0E
:0042FD76 43
:0042FD77 003C0E
:0042FD7A 43
:0042FD7B 005C0E43
:0042FD7F 000F
:0042FD81 54
inc
add
inc
add
sbb
inc
add
add
inc
add
add
eax
byte
eax
byte
eax,
ebx
byte
byte
ebx
byte
byte
ptr [eax], dl
0BB00041
ptr [eax+0D], bl
ptr [ebp+ebx+41], ch
ptr [esi+ecx+43], bh
add al, cl
sbb al, 41
add byte ptr [ebp+ebx+0BCC0041], ah
inc ebx
or al, 43
or al, 43
add byte ptr [eax+0C], ah
inc ebx
add byte ptr [eax+C400430C], dl
or al, 43
add ah, dh
or al, 43
or eax, 0D7C0043
inc ebx
add byte ptr [ebp+ecx+0DBC0043], bl
inc ebx
add ah, bl
or eax, 0DF80043
inc ebx
add byte ptr [esi+ecx], bl
inc ebx
add byte ptr [esi+ecx], bh
inc ebx
add byte ptr [esi+ecx+43], bl
push esp
:0042FD82 4D
:0042FD83 65
dec ebp
BYTE 065h
:0042FD84
:0042FD85
:0042FD87
:0042FD8B
:0042FD8C
:0042FD8D
:0042FD94
outsb
jne 0042FDC8
outsb
dec esp
imul ebp, dword ptr [esi+6B], 0042FDDC
BYTE 8 DUP(0)
6E
7541
6374696F
6E
4C
696E6BDCFD4200
0000000000000000
:0042FD9C 1CFE4200
:0042FDA0 70FE4200
DWORD 0042FE1C
DWORD 0042FE70
:0042FDA4 0000000000000000
BYTE 8 DUP(0)
:0042FDAC 36FE4200
:0042FDB0 62FE4200
DWORD 0042FE36
DWORD 0042FE62
:0042FDB4
:0042FDB6
:0042FDB8
:0042FDBA
:0042FDBB
:0042FDBE
:0042FDBF
:0042FDC2
:0042FDC3
:0042FDC5
8C00
0000
A8BE
40
00681C
41
00342E
40
0038
2E
mov [eax], es
test al, BE
inc eax
inc ecx
inc eax
BYTE 02eh
:0042FDC6
:0042FDC7
:0042FDCA
:0042FDCB
:0042FDCD
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:0042FDCE
:0042FDCF
:0042FDD6
:0042FDD7
:0042FDD9
:0042FDDA
:0042FDDB
:0042FDDD
:0042FDE0
:0042FDE4
:0042FDE6
:0042FDE7
:0042FDE9
:0042FDEC
:0042FDED
40
00B42B4000C82B
40
00F4
0E
43
00D8
284300
C8144300
08D2
40
00EC
124300
4C
294300
inc eax
inc eax
add ah, dh
push cs
inc ebx
add al, bl
sub byte ptr [ebx+00], al
enter 4314, 00
or dl, dl
inc eax
add ah, ch
adc al, byte ptr [ebx+00]
dec esp
sub dword ptr [ebx+00], eax
:0042FDF0
:0042FDF2
:0042FDF3
:0042FDF5
:0042FDF8
:0042FDFC
:0042FDFE
:0042FDFF
:0042FE06
:0042FE07
:0042FE0E
:0042FE0F
:0042FE16
:0042FE17
:0042FE1D
B418
41
00E0
194100
801C4100
C418
41
00BC184100881C
41
00A40E4300EC16
43
00842443000C22
43
00802343000E
0000000000
mov ah, 18
inc ecx
add al, ah
inc ecx
inc ecx
add byte ptr [esi+ecx+16EC0043], ah
inc ebx
add byte ptr [esp+220C0043], al
inc ebx
BYTE 5 DUP(0)
:0042FE22
:0042FE24
:0042FE26
:0042FE28
:0042FE29
:0042FE2C
:0042FE2E
:0042FE30
:0042FE31
:0042FE35
:0042FE37
:0042FE39
:0042FE3B
:0042FE3C
:0042FE3D
:0042FE3E
:0042FE3F
0200
0000
7C10
40
002400
0000
7C10
40
004C0000
0007
00F0
FFEF
FF
FD
FF
FA
FF
add al, byte

add byte ptr
jl 0042FE38
inc eax
add byte ptr
add byte ptr
jl 0042FE40
inc eax
add byte ptr
add byte ptr
add al, dh
jmp far edi
BYTE 0ffh
std
BYTE 0ffh
cli
BYTE 0ffh
ptr [eax]
[eax], al
[eax+eax], ah
[eax], al
[eax+eax], cl
[edi], al
|:0042FE2E(C)
|
:0042FE40 F9
:0042FE41 FFF3
:0042FE43 FFF2
:0042FE45 FFB42643007820
:0042FE4C 43
:0042FE4D 005821
:0042FE50 43
:0042FE51 009021430024
:0042FE57 26
:0042FE58 43
:0042FE59 0010
:0042FE5B 26
inc ebx
BYTE 026h
:0042FE5C
:0042FE5D
:0042FE5F
:0042FE60
:0042FE61
:0042FE63
inc ebx
add ah, cl
push ds
inc ebx
push esp
43
00CC
1E
43
0009
54
stc
push ebx
push edx
push dword ptr [esi+20780043]
inc ebx
inc ebx
BYTE 026h
:0042FE64 4D
:0042FE65 65
dec ebp
BYTE 065h
:0042FE66
:0042FE67
:0042FE69
:0042FE6B
outsb
jne 0042FEB2
je 0042FED0
insd
6E
7549
7465
6D
|:0042FE6C(C)
|
:0042FE6C 70FE
:0042FE6E 42
:0042FE6F 0007
:0042FE71 09544D65
:0042FE75 6E
:0042FE76 7549
:0042FE78 7465
:0042FE7A 6D
:0042FE7B DCFD
:0042FE7D 42
:0042FE7E 00A0BF400013
:0042FE84 00054D656E75
:0042FE8A 7311
:0042FE8C 0034C1
:0042FE8F 40
:0042FE90 006820
:0042FE93 43
:0042FE94 004025
:0042FE97 43
:0042FE98 0001
:0042FE9A 000000000000
:0042FEA0
:0042FEA3
:0042FEA9
:0042FEAD
:0042FEAE
:0042FEAF
800000
008002000641
6374696F
6E
CC
314100

outsb
int 03
|:0042FE67(C)
|
:0042FEB2 18254300B025
:0042FEB8 43
:0042FEB9 0001
:0042FEBB 000000000000
|:0042FE76(C)
|
:0042FEC1 800000
:0042FEC4 008003000642
:0042FECA 69746D617098FB42
:0042FED2 003C00
:0042FED5 00FF
jo 0042FE6C
inc edx
outsb
jne 0042FEC1
je 0042FEDF
insd
fdiv st(5), st(0)
inc edx
add byte ptr [756E654D], al
jnb 0042FE9D
inc eax
inc ebx
inc ebx
BYTE 6 DUP(0)
sbb byte ptr [25B00043], ah

inc ebx
BYTE 6 DUP(0)

imul esi, dword ptr [ebp+2*ebp+61], 42FB9870
add byte ptr [eax+eax], bh
add bh, bh
:0042FED7
:0042FED9
:0042FEDA
:0042FEDC
D01E
43
0001
000000000000
rcr byte ptr [esi], 1

inc ebx
BYTE 6 DUP(0)
:0042FEE2
:0042FEE5
:0042FEE7
:0042FEE9
:0042FEEE
:0042FEF3
:0042FEF5
:0042FEF7
:0042FEFC
:0042FEFD
:0042FEFE
800000
0000
0400
0542726561
6B7C104000
2400
00FF
E81E4300B8
27
43
00000000

add al, 00
add eax, 61657242
imul edi, dword ptr [eax+edx+40], 00000000
and al, 00
add bh, bh
call B843421A
daa
inc ebx
BYTE 4 DUP(0)
:0042FF02
:0042FF05
:0042FF0B
:0042FF0C
:0042FF0E
:0042FF15
:0042FF17
:0042FF19
:0042FF1A
:0042FF1B
:0042FF1C
:0042FF1E
:0042FF1F
:0042FF20
800000
008005000743
61
7074
696F6E00104000
2C00
00FF
58
1F
43
00D8
27
43
00000000

popad
jo 0042FF82
sub al, 00
add bh, bh
pop eax
pop ds
inc ebx
add al, bl
daa
inc ebx
BYTE 4 DUP(0)
:0042FF24
:0042FF27
:0042FF29
:0042FF2A
:0042FF2C
:0042FF2D
:0042FF32
:0042FF35
:0042FF36
:0042FF38
:0042FF3A
:0042FF40
800000
0000
06
0007
43
6865636B65
640010
40
002E
0000
FFB021430001
000000000000

push es
inc ebx
push 656B6365
add byte ptr fs:[eax], dl
inc eax
BYTE 6 DUP(0)
:0042FF46
:0042FF49
:0042FF4B
:0042FF4C
:0042FF4E
:0042FF4F
:0042FF52
:0042FF54
800000
0000
07
0007
44
656661
756C
7400

pop es
inc esp
popa
jne 0042FFC0
je 0042FF56

|:0042FF54(C)
|
:0042FF56 104000
|:0042FF9B(C)
|
:0042FF59 2D0000FFAC
:0042FF5E 1F
:0042FF5F 43
:0042FF60 00F8
:0042FF62 27
:0042FF63 43
:0042FF64 00000000
:0042FF68
:0042FF6B
:0042FF6D
:0042FF6F
:0042FF70
:0042FF71
:0042FF72
:0042FF73
:0042FF77
:0042FF78
:0042FF7B
:0042FF7D
:0042FF7F
:0042FF81

pop es
inc ebp
outsb
popad
push esp
add bh, bh
and al, 20
inc ebx
800100
0000
0800
07
45
6E
61
626C6564
54
104000
3100
00FF
2420
43
sub eax, ACFF0000

pop ds
inc ebx
add al, bh
daa
inc ebx
BYTE 4 DUP(0)

|:0042FF0C(C)
|
:0042FF82 0001
:0042FF84 000000000000
BYTE 6 DUP(0)
:0042FF8A
:0042FF8D
:0042FF8F
:0042FF91
:0042FF94
:0042FF95
:0042FF97
:0042FF98
:0042FF99
800000
0000
0900
0A4772
6F
7570
49
6E
64

or al, byte ptr [edi+72]
outsd
jne 00430007
dec ecx
outsb
BYTE 064h
:0042FF9A 65
BYTE 065h
:0042FF9B
:0042FF9D
:0042FF9E
:0042FF9F
:0042FFA2
:0042FFA4
:0042FFA5
:0042FFA7
:0042FFA8
js 0042FF59
scasd
inc eax
add bh, bh
dec eax
BYTE 0ffh
cmp byte ptr [eax], ch
78BC
AF
40
004800
00FF
48
0000
FF
3828
:0042FFAA 43
:0042FFAB 00000000
inc ebx
BYTE 4 DUP(0)
:0042FFAF
:0042FFB2
:0042FFB4
:0042FFB6
:0042FFB9
:0042FFBA
:0042FFBC
:0042FFBD
:0042FFBE

or ecx, dword ptr [eax+65]
insb
jo 0042FFFF
outsd
outsb
je 00430025
800000
0000
0A00
0B4865
6C
7043
6F
6E
7465
|:0042FF52(C)
|
:0042FFC0 7874
:0042FFC2 7C10
:0042FFC4 40
:0042FFC5 004C0000
:0042FFC9 FF4C0000
:0042FFCD FF18
:0042FFCF 284300
:0042FFD2 000000
:0042FFD5
:0042FFD8
:0042FFDE
:0042FFE5
:0042FFE7
:0042FFE9
:0042FFEB
:0042FFEC
:0042FFEF
:0042FFF0

imul ebp, dword ptr [esi+74], 0040103C
xor al, 00
add bh, bh
loopnz 0043000B
inc ebx
inc ebx
BYTE 4 DUP(0)
800000
00800B000448
696E743C104000
3400
00FF
E020
43
005828
43
00000000
js 00430036
jl 0042FFD4
inc eax
dec [eax+eax]
BYTE 3 DUP(0)
:0042FFF4 80FFFF
:0042FFF7 FFFF
cmp bh, FF
BYTE 2 DUP(0ffh)
:0042FFF9
:0042FFFB
:0042FFFE
:0042FFFF
:00430000
or al, 00
or cl, byte ptr [ecx+6D]
popad
BYTE 067h
BYTE 065h
0C00
0A496D
61
67
65
:00430001 49
:00430002 6E
:00430003 64
dec ecx
outsb
BYTE 064h
:00430004 65
BYTE 065h
:00430005 7800
js 00430007
|:0042FF95(C), :00430005(C)
|
:00430007 104000
:0043000A 2F
:0043000B 0000
:0043000D FF8826430001
:00430013 000000000000
:00430019
:0043001C
:0043001E
:00430023
:0043002B
:0043002C
:0043002D
:00430031
:00430037
:0043003A
800000
0000
0D00095261
64696F4974656DD8
AF
40
00540000
FFB020430078
284300
000000

or eax, 61520900
imul ebp, dword ptr fs:[edi+49], D86D6574
scasd
inc eax
BYTE 3 DUP(0)
:0043003D
:00430040
:00430042
:00430043
:00430045
:00430046
:0043004B
:0043004D
:0043004F
:00430050
:00430052
:00430054
:00430056
:00430059
:0043005A
:0043005D
800000
0000
0E
0008
53
686F727443
7574
0010
40
0030
0000
FFC8
204300
98
284300
000000

push cs
push ebx
push 4374726F
jne 004300C1
inc eax
dec eax
and byte ptr [ebx+00], al
cwde
BYTE 3 DUP(0)
:00430060
:00430063
:00430065
:00430068
:00430069
:00430070
:00430071
:00430072
:00430076
:0043007A
:0043007B
:00430080
:00430082
:00430085
:0043008B
:0043008C
:0043008D
:0043008E
:00430095
800100
0000
0F0007
56
697369626C65F0
AF
40
00740000
FF740000
FF
B828430000
0000
800000
00801000074F
6E
43
6C
69636B1CFC4200
7C00

sldt dword ptr [edi]
push esi
scasd
inc eax
push [eax+eax]
BYTE 0ffh
mov eax, 00004328
outsb
inc ebx
insb
imul esp, dword ptr [ebx+6B], 0042FC1C
jl 00430097

das
dec dword ptr [eax+01004326]
BYTE 6 DUP(0)

|:00430095(C)
|
:00430097 00FF
add bh, bh
:00430099 7C00
jl 0043009B
|:00430099(C)
|
:0043009B 00FF
:0043009D 0100
:0043009F 0000000000
:004300A4
:004300A7
:004300AD
:004300AE
:004300AF
:004300B1
:004300B3
:004300B5
:004300B6
:004300B8
:004300B9
:004300C0
:004300C2
:004300C4
800000
008011000A4F
6E
44
7261
7749
7465
6D
78FC
42
00840000FF8400
00FF
0100
0000000000

outsb
inc esp
jb 00430112
ja 004300FC
je 0043011A
insd
js 004300B4
inc edx
add byte ptr [eax+eax+0084FF00], al
add bh, bh
BYTE 5 DUP(0)
:004300C9
:004300CC
:004300D2
:004300D3
:004300D4
800000
008012000D4F
6E
4D
65

add byte ptr [eax+4F0D0012], al
outsb
dec ebp
BYTE 065h
:004300D5
:004300D6
:004300D8
:004300DA
:004300DB
:004300DD
:004300DE
:004300E0
:004300E2
:004300E3
61
7375
7265
49
7465
6D
8BC0
2C01
43
000000000000000000
popad
jnb 0043014D
jb 0043013F
dec ecx
je 00430142
insd
mov eax, eax
sub al, 01
inc ebx
BYTE 9 DUP(0)
add bh, bh
BYTE 5 DUP(0)
:004300EC 68014300
:004300F0 98014300
DWORD 00430168
DWORD 00430198
:004300F4 0000000000000000
BYTE 8 DUP(0)
|:004300B1(C)
|
:004300FC 7A014300
:00430100 8E014300
DWORD 0043017A
DWORD 0043018E
:00430104 48
:00430105 000000
dec eax
BYTE 3 DUP(0)
:00430108
:0043010A
:0043010B
:0043010E
:0043010F
test al, BE
inc eax
inc ecx
A8BE
40
00681C
41
00342E

|:004300AF(C)
|
:00430112 40
inc eax
:00430113 0038
:00430115 2E
BYTE 02eh
:00430116 40
:00430117 003C2E
inc eax

|:004300B3(C)
|
:0043011A 40
inc eax
:0043011B 0030
:0043011D 2E
BYTE 02eh
:0043011E
:0043011F
:00430126
:00430127
:0043012A
:0043012B
:0043012E
:0043012F
:00430131
:00430132
:00430133
:00430135
40
00B42B4000C82B
40
000C2A
43
000CD3
40
00D4
17
41
0008
D24000
inc
add
inc
add
inc
add
inc
add
pop
inc
add
rol
eax
byte ptr
eax
byte ptr
ebx
byte ptr
eax
ah, dl
ss
ecx
byte ptr
byte ptr
[edx+ebp], cl
[ebx+8*edx], cl
[eax], cl
[eax+00], cl
:00430138 B0304300
:0043013C 48314300
DWORD 004330B0
DWORD 00433148
:00430140 B418
mov ah, 18

|:004300DB(C)
|
:00430142 41
inc ecx
:00430143 00E0
add al, ah
:00430145 194100
:00430148
:0043014C
:0043014E
:0043014F
:00430156
:00430157
:0043015D
801C4100
C418
41
00BC184100881C
41
008029430098
304300
sbb
les
inc
add
inc
add
xor
byte
ebx,
ecx
byte
ecx
byte
byte
ptr [ecx+2*eax], 00
dword ptr [eax]
ptr [eax+ebx+1C880041], bh
ptr [eax+98004329], al
ptr [ebx+00], al
:00430160 6C2A4300
:00430164 C8304300
DWORD 00432A6C
DWORD 004330C8
:00430168 0E
:00430169 0000000000
push cs
BYTE 5 DUP(0)
:0043016E
:00430170
:00430172
:00430174
:00430175
:00430177
0100
0000
7C10
40
0030
000000

jl 00430184
inc eax
BYTE 3 DUP(0)
:0043017A
:0043017C
:0043017D
:0043017E
:0043017F
:00430181
:00430185
:00430188
:00430189
:0043018B
:00430190
:00430191
0300
FD
FF
FA
FFF0
FF442A43
00782A
43
0030
2D43000554
4D
65

std
BYTE 0ffh
cli
push eax
inc [edx+ebp+43]
inc ebx
sub eax, 54050043
dec ebp
BYTE 065h
:00430192
:00430193
:00430195
:00430198
:00430199
:0043019E
:004301A0
:004301A3
:004301A8
:004301AE
:004301B0
:004301B4
:004301B6
:004301B8
:004301BA
6E
7598
014300
07
05544D656E
752C
014300
A0BF400003
00054D656E75
7301
006CFE42
0028
0000
FF00
000000
outsb
jne 0043012D
pop es
add eax, 6E654D54
jne 004301CC
add byte ptr [756E654D], al
jnb 004301B1
add byte ptr [esi+8*edi+42], ch
inc dword ptr [eax]
BYTE 3 DUP(0)
:004301BD 0100
:004301BF 0000000000

BYTE 5 DUP(0)
:004301C4 800000
:004301C7
:004301CD
:004301CF
:004301D0
:004301D2
:004301D3
:004301D5
:004301D8
:004301E2
008002000549
7465
6D
738D
40
0020
024300
00000000000000000000
0000

je 00430234
insd
jnb 0043015F
inc eax
add al, byte ptr [ebx+00]
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:004301E4
:004301E5
:004301E8
:004301F2
6C
024300
00000000000000000000
0000
insb
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:004301F4
:004301F5
:004301F8
:004301F9
5C
024300
50
000000
pop esp
push eax
BYTE 3 DUP(0)
:004301FC
:004301FE
:004301FF
:00430202
:00430203
:00430206
:00430207
:00430209
E000
43
00681C
41
00342E
40
0038
2E
loopnz 004301FE
inc ebx
inc ecx
inc eax
BYTE 02eh
:0043020A
:0043020B
:0043020E
:0043020F
:00430211
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00430212
:00430213
:0043021A
:0043021B
:0043021E
:0043021F
:00430222
:00430223
:00430225
:00430226
:00430227
:00430229
40
00B42B4000C82B
40
000C2A
43
000CD3
40
00D4
17
41
0008
D24000
inc
add
inc
add
inc
add
inc
add
pop
inc
add
rol
:0043022C B0304300
:00430230 48314300
eax
byte ptr
eax
byte ptr
ebx
byte ptr
eax
ah, dl
ss
ecx
byte ptr
byte ptr
[edx+ebp], cl
[ebx+8*edx], cl
[eax], cl
[eax+00], cl
DWORD 004330B0
DWORD 00433148

|:004301CD(C)
|
:00430234
:00430236
:00430237
:00430239
:0043023C
:00430240
:00430242
:00430243
:0043024A
:0043024B
:00430251
B418
41
00E0
194100
801C4100
C418
41
00BC184100881C
41
008029430098
304300
mov
inc
add
sbb
sbb
les
inc
add
inc
add
xor
ah, 18
ecx
al, ah
byte ptr [ecx+2*eax], 00
ebx, dword ptr [eax]
ecx
byte ptr [eax+ebx+1C880041], bh
ecx
byte ptr [eax+98004329], al
byte ptr [ebx+00], al
:00430254 04364300
:00430258 64354300
DWORD 00433604
DWORD 00433564
:0043025C
:00430260
:00430267
:0043026C
:0043026D
:00430271
:00430278
:0043027B
:0043027C
:0043027F
:00430281
:00430286
:00430288
:0043028A
:0043028D

imul ebp, dword ptr [esi+4D], 8B756E65
shr byte ptr [edx+eax+43], 00
pop es
imul ebp, dword ptr [esi+4D], 20756E65
xchg eax,esp
add eax, 756E654D
jnb 0043028E
dec esp
09544D61
696E4D656E758B
C06C024300
07
09544D61
696E4D656E7520
024300
94
014300
0900
054D656E75
7306
0000
104000
4C
|:00430286(C)
|
:0043028E 0000
:00430290 FF443543
:00430294 0001
:00430296 000000000000
:0043029C
:0043029F
:004302A1
:004302A3
:004302A6
:004302A8
:004302A9

or dword ptr [ecx+75], eax
je 00430317
dec ebp
BYTE 065h
800000
0000
0300
094175
746F
4D
65

inc [ebp+esi+43]
BYTE 6 DUP(0)
:004302AA 7267
:004302AC 65
jb 00430313
BYTE 065h
:004302AD
:004302AE
:004302AF
:004302B0
:004302B3
push esp
scasd
inc eax
add bh, bh
54
AF
40
002400
00FF
:004302B5 CC344300
:004302B9 AC2D4300
DWORD 004334CC
DWORD 00432DAC
:004302BD 000000
BYTE 3 DUP(0)
:004302C0
:004302C3
:004302C9
:004302D1
:004302D3
:004302D6
:004302D8
:004302DA
:004302DB
:004302DD
800000
008004000842
6944694D6F646534
E542
003C00
00FF
0C31
43
0001
000000000000

in ax, 42
add bh, bh
or al, 31
inc ebx
BYTE 6 DUP(0)
:004302E3
:004302E6
:004302EC
:004302ED
:004302EE
:004302EF
800000
008005000649
6D
61
67
65

insd
popad
BYTE 067h
BYTE 065h
:004302F0 7300
jnb 004302F2
|:004302F0(C)
|
:004302F2 104000
:004302F5 3400
:004302F7 00FF
:004302F9 D42F
:004302FB 43
:004302FC 0001
:004302FE 000000000000
:00430304
:00430307
:00430309
:0043030A
:0043030C
:0043030D
:0043030F

push es
dec edi
ja 0043037D
BYTE 065h
800000
0000
06
0009
4F
776E
65
:00430310 7244
:00430312 7261
:00430314 7700

xor al, 00
add bh, bh
aam (base47)
inc ebx
BYTE 6 DUP(0)
jb 00430356
jb 00430375
ja 00430316

|:00430314(C)
|
:00430316 104000
:00430319 350000FFE0
xor eax, E0FF0000
:0043031E 3443
:00430320 0001
:00430322 000000000000
xor al, 43
BYTE 6 DUP(0)
:00430328
:0043032B
:0043032D
:0043032E
:00430330
:00430331
:00430332
:00430334
:00430335
:00430337
:0043033F
:00430340
:00430341
:00430344
:00430346
:00430347
:00430349
:0043034B
800100
0000
07
000E
50
61
7265
6E
7442
6944694D6F6465D0
FB
42
004000
00FF
40
0000
FF01
000000000000

pop es
push eax
popad
jb 00430399
outsb
je 00430379
imul eax, dword ptr [ecx+2*ebp+4D], D065646F
sti
inc edx
add bh, bh
inc eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00430351
:00430354
:0043035A
:0043035B
:0043035C
:00430361
:00430364
:00430369
:0043036A
:0043036B
:0043036C
:0043036D
:0043036F
:00430371
:00430372
800000
00800800084F
6E
43
68616E6765
8D4000
6803430003
0F
54
50
6F
7075
7041
6C
69676E6D656E74

outsb
inc ebx
push 65676E61
push 03004303
BYTE 0fh
push esp
push eax
outsd
jo 004303E4
jo 004303B2
insb

|:00430335(C)
|
:00430379 0100
:0043037B 000000
BYTE 3 DUP(0)
:0043037E
:00430380
:00430382
:00430386
:00430387
:00430389
:0043038A
:0043038E
:00430390
:00430391
:00430398
0200
0000
64034300
06
7061
4C
65667407
7061
52
69676874087061
43

add eax, dword ptr fs:[ebx+00]
push es
jo 004303EA
dec esp
je 00430395
jo 004303F1
push edx
imul esp, dword ptr [edi+68], 61700874
inc ebx
|:00430332(C)
|
:00430399 65
:0043039A 6E
:0043039B 7465
:0043039D 728B
:0043039F C0EC03
:004303A2 43
:004303A3 00000000000000000000
:004303AD 000000
:004303B0 3C04
cmp al, 04
|:0043036F(C)
|
:004303B2 43
:004303B3 00000000000000000000
:004303BD 000000
:004303C0
:004303C2
:004303C3
:004303C7
:004303C9
:004303CC
:004303D1
sub al, 04
inc ebx
add al, ah
push 3400411C
BYTE 02eh
2C04
43
00640000
00E0
004300
681C410034
2E
BYTE 065h
outsb
je 00430402
jb 0043032A
shr ah, 03
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:004303D2 40
:004303D3 0038
:004303D5 2E
inc eax
BYTE 02eh
:004303D6
:004303D7
:004303DA
:004303DB
:004303DD
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:004303DE
:004303DF
:004303E6
:004303E7
40
00B42B4000C82B
40
00583D
inc
add
inc
add
eax
eax
byte ptr [eax+3D], bl

|:00430387(C)
|
:004303EA 43
inc ebx
:004303EB 000CD3
:004303EE 40
inc eax
:004303EF 00D4
add ah, dl
|:0043038E(C)
|
:004303F1
:004303F2
:004303F3
:004303F5
17
41
0008
D24000
pop
inc
add
rol
ss
ecx
byte ptr [eax], cl
:004303F8 B0304300
:004303FC 48314300
DWORD 004330B0
DWORD 00433148
:00430400 B418
mov ah, 18
|:0043039B(C)
|
:00430402 41
:00430403 00E0
:00430405 194100
:00430408 801C4100
:0043040C C418
:0043040E 41
:0043040F 00BC184100881C
:00430416 41
:00430417 00E8
:00430419 3C43
:0043041B 00983043006C
:00430421 2A4300
:00430424 C8304300
:00430428 443E4300
DWORD 004330C8
DWORD 00433E44
:0043042C
:00430430
:00430432
:00430434
or dl, byte ptr [eax+2*edx+6F]

jo 004304A7
jo 00430481
BYTE 065h
0A54506F
7075
704D
65
inc
add
sbb
sbb
les
inc
add
inc
add
cmp
add
sub
ecx
al, ah
byte ptr [ecx+2*eax], 00
ebx, dword ptr [eax]
ecx
byte ptr [eax+ebx+1C880041], bh
ecx
al, ch
al, 43
byte ptr [eax+6C004330], bl
|:00430447(C)
|
:00430435 6E
:00430436 7590
:00430438 3C04
:0043043A 43
:0043043B 0007
:0043043D 0A54506F
:00430441 7075
:00430443 704D
:00430445 65
:00430446
:00430447
:00430449
:0043044C
:0043044D
:00430450
:00430452
:00430457
outsb
jne 00430435
xchg eax,esp
or al, 00
add eax, 756E654D
jnb 00430462
6E
75EC
034300
94
014300
0C00
054D656E75
7309
outsb
jne 004303C8
cmp al, 04
inc ebx
or dl, byte ptr [eax+2*edx+6F]
jo 004304B8
jo 00430492
BYTE 065h
:00430459 00640343
:0043045D 005000
:00430460 00FF
add byte ptr [ebx+eax+43], ah

add bh, bh
|:00430457(C)
|
:00430462 50
:00430463 0000
:00430465 FF01
:00430467 000000000000
:0043046D
:00430470
:00430472
:00430474
:00430477
:0043047E
:00430480

or dword ptr [ecx+6C], eax
inc eax
800000
0000
0300
09416C
69676E6D656E74
0010
40
push eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
|:00430432(C)
|
:00430481 005100
:00430484 00FF
:00430486 51
:00430487 0000
:00430489 FF01
:0043048B 000000000000
:00430491
:00430494
:00430496
:00430498
:0043049B
:0043049D
:0043049E
:0043049F
:004304A1
:004304A3
:004304A4
:004304A5
:004304A8
add byte ptr

add byte ptr
add al, 00
or dword ptr
je 0043050C
push eax
outsd
jo 00430516
jo 004304F7
scasd
inc eax
add byte ptr
add bh, bh
800100
0000
0400
094175
746F
50
6F
7075
7054
AF
40
002400
00FF
add byte ptr [ecx+00], dl

add bh, bh
push ecx
inc dword ptr [ecx]
BYTE 6 DUP(0)
[ecx], 00
[eax], al
[ecx+75], eax
[eax+eax], ah
:004304AA CC344300
:004304AE AC2D4300
DWORD 004334CC
DWORD 00432DAC
:004304B2 000000
BYTE 3 DUP(0)
:004304B5 800000

|:00430441(C)
|
:004304B8 008005000842
:004304BE 6944694D6F6465BC
imul eax, dword ptr [ecx+2*ebp+4D], BC65646F
:004304C6
:004304C7
:004304C8
:004304CE
:004304D3
AF
40
00A03D4300A8
3D43000100
0000000000
scasd
inc eax
add byte ptr [eax+A800433D], ah
cmp eax, 00010043
BYTE 5 DUP(0)
:004304D8
:004304DB
:004304DD
:004304DE
:004304E0
:004304E1
800000
0000
06
000B
48
65

push es
dec eax
BYTE 065h
:004304E2
:004304E3
:004304E5
:004304E6
:004304E7
:004304E9
:004304EB
:004304ED
:004304EE
:004304F1
:004304F3
:004304F5
:004304F6
:004304F8
6C
7043
6F
6E
7465
7874
34E5
42
003C00
00FF
0C31
43
0001
000000000000
insb
jo 00430528
outsd
outsb
je 0043054E
js 0043055F
xor al, E5
inc edx
add bh, bh
or al, 31
inc ebx
BYTE 6 DUP(0)
:004304FE
:00430501
:00430507
:00430508
:00430509
:0043050A
800000
008007000649
6D
61
67
65

insd
popad
BYTE 067h
BYTE 065h
:0043050B 7300
jnb 0043050D

|:0043050B(C)
|
:0043050D 104000
:00430510 3400
xor al, 00
:00430512 00FF
add bh, bh
:00430514 D42F
aam (base47)
|:0043049F(C)
|
:00430516 43
:00430517 0001
:00430519 000000000000
:0043051F 800000
:00430522 0000
:00430524 0800

inc ebx
BYTE 6 DUP(0)
:00430526 094F77
:00430529 6E
or dword ptr [edi+77], ecx

outsb

|:0043059D(C)
|
:0043052A 65
BYTE 065h
:0043052B 7244
jb 00430571
:0043052D 7261
jb 00430590
:0043052F 7700
ja 00430531
|:0043052F(C)
|
:00430531 104000
:00430534 350000FFE0
:00430539 3443
:0043053B 0001
:0043053D 000000000000
:00430543
:00430546
:00430548
:0043054A
:0043054B
:0043054C
:0043054D
:0043054F
:00430550
:00430552
:0043055A
:0043055B
:0043055C

push cs
push eax
popad
jb 004305B4
outsb
je 00430594
imul eax, dword ptr [ecx+2*ebp+4D], D065646F
sti
inc edx
800100
0000
0900
0E
50
61
7265
6E
7442
6944694D6F6465D0
FB
42
004000

xor eax, E0FF0000
xor al, 43
BYTE 6 DUP(0)
|:004304E9(C)
|
:0043055F 00FF
:00430561 40
:00430562 0000
:00430564 FF01
:00430566 000000000000
:0043056C
:0043056F
:00430575
:00430576
:00430577
:0043057C
:0043057D
:0043057E
:0043057F
:00430583
:00430587
:00430589

outsb
inc ebx
push 65676E61
lock
scasd
inc eax
call far [eax+eax]
inc dword ptr [ecx]
BYTE 6 DUP(0)
800000
00800A00084F
6E
43
68616E6765
F0
AF
40
005C0000
FF5C0000
FF01
000000000000
:0043058F 800000
add bh, bh
inc eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00430592
:00430598
:00430599
:0043059A
:0043059B
:0043059D
:0043059F
00800B00074F
6E
50
6F
7075
708B
C0
add byte ptr [eax+4F07000B], al

outsb
push eax
outsd
jo 00430612
jo 0043052A
BYTE c0h

|:00433DC7 , :00433E10
|
:004305A0 53
push ebx
:004305A1 56
push esi
:004305A2 57
push edi
:004305A3 8BF8
mov edi, eax
:004305A5 33F6
xor esi, esi
:004305A7 8BC7
mov eax, edi
:004305A9 E8B616FFFF
call 00421C64
:004305AE 8BD8
mov ebx, eax
:004305B0 85DB
test ebx, ebx
:004305B2 7413
je 004305C7
|:0043054D(C)
|
:004305B4 8BD7
:004305B6 33C9
:004305B8 8BC3
:004305BF 8BF0
:004305C1 85F6
:004305C3 7502
:004305C5 8BF3
|:004305B2(C), :004305C3(C)
|
:004305C7 8BC6
:004305C9 5F
:004305CA 5E
:004305CB 5B
:004305CC C3
:004305CD 8D4000
mov edx, edi

xor ecx, ecx
mov eax, ebx
call 00426884
mov esi, eax
test esi, esi
jne 004305C7
mov esi, ebx
mov
pop
pop
pop
ret
eax, esi
edi
esi
ebx

|:0043060B , :004313DF
|
:004305D0 53
push ebx
:004305D1 8BD8
mov ebx, eax
:004305D3 8BCB
mov ecx, ebx
:004305D5 B201
mov dl, 01
:004305D7 A140FB4200
mov eax, dword ptr [0042FB40]
:004305DC E88B82FDFF
call 0040886C
:004305E1 E8CA2CFDFF
call 004032B0
:004305E6 5B
pop ebx
:004305E7 C3
ret

|:0043209C , :00432334
|
:004305E8 55
push ebp
:004305E9 8BEC
mov ebp, esp
:004305EB 6A00
push 00000000
:004305ED 33C0
xor eax, eax
:004305EF 55
push ebp
:004305F0 6826064300
push 00430626
:004305F5 64FF30
:004305F8 648920
:004305FB 8D55FC
:004305FE A16C2B4400
:00430603 E81C48FDFF
call 00404E24
:00430608 8B45FC
:0043060B E8C0FFFFFF
call 004305D0
:00430610 33C0
xor eax, eax
|:0043059B(C)
|
:00430612 5A
:00430613 59
:00430614 59
:00430615 648910
:00430618 682D064300
|:0043062B(U)
|
:0043061D 8D45FC
:00430620 E89331FDFF
:00430625 C3
:00430626
:0043062B
:0043062D
:0043062E
:0043062F
jmp
jmp
pop
pop
ret
E94D2CFDFF
EBF0
59
5D
C3
pop edx
pop ecx
pop ecx
push 0043062D

call 004037B8
ret
00403278
0043061D
ecx
ebp

|:0042DE25
|
:00430630 55
push ebp
:00430631 8BEC
mov ebp, esp
:00430633 51
push ecx
:00430634 8855FD
:00430637 668945FE
:0043063B 33C0
xor eax, eax
:0043063D 807DFF00
:00430641 7522
jne 00430665
:00430643 668B45FE
:00430647 F645FD01
test [ebp-03], 01
:0043064B 7404
je 00430651
:0043064D 66050020
add ax, 2000
|:0043064B(C)
|
:00430651 F645FD04
:00430655 7404
:00430657 66050040
|:00430655(C)
|
:0043065B F645FD02
:0043065F 7404
:00430661 66050080
|:00430641(C), :0043065F(C)
|
:00430665 59
:00430666 5D
:00430667 C3
test [ebp-03], 04
je 0043065B
add ax, 4000
test [ebp-03], 02
je 00430665
add ax, 8000
pop ecx
pop ebp
ret

|:00430840
|
:00430668 55
push ebp
:00430669 8BEC
mov ebp, esp
:0043066B 81C4FCFEFFFF
add esp, FFFFFEFC
:00430671 53
push ebx
:00430672 8BDA
mov ebx, edx
:00430674 668945FE
:00430678 8BC3
mov eax, ebx
:0043067A E83931FDFF
call 004037B8
:0043067F 6A00
push 00000000
:00430681 33C0
xor eax, eax
:00430683 8A45FE
:00430686 50
push eax
* Reference To: user32.MapVirtualKeyA, Ord:0000h
|
:00430687 E86C5CFDFF
Call 004062F8
:0043068C C1E010
shl eax, 10
:0043068F 85C0
test eax, eax
:00430691 7436
je 004306C9
:00430693 6800010000
push 00000100
:00430698 8D95FEFEFFFF
lea edx, dword ptr [ebp+FFFFFEFE]
:0043069E 52
push edx
:0043069F 50
push eax
* Reference To: user32.GetKeyNameTextA, Ord:0000h
|
:004306A0 E8D35AFDFF
Call 00406178
:004306A5 80BDFFFEFFFF00
cmp byte ptr [ebp+FFFFFEFF], 00
:004306AC 751B
jne 004306C9
:004306AE 80BDFEFEFFFF00
cmp byte ptr [ebp+FFFFFEFE], 00
:004306B5 7412
je 004306C9
:004306B7 8BC3
mov eax, ebx
:004306B9 8D95FEFEFFFF
lea edx, dword ptr [ebp+FFFFFEFE]
:004306BF B900010000
:004306C4 E81B33FDFF
mov ecx, 00000100

call 004039E4

|:00430691(C), :004306AC(C), :004306B5(C)
|
:004306C9 5B
pop ebx
:004306CA 8BE5
mov esp, ebp
:004306CC 5D
pop ebp
:004306CD C3
ret
:004306CE 8BC0
mov eax, eax

|:004221E8 , :004309CD , :0043101F , :00431C3C , :00431E0C
|
:004306D0 55
push ebp
:004306D1 8BEC
mov ebp, esp
:004306D3 6A00
push 00000000
:004306D5 6A00
push 00000000
:004306D7 6A00
push 00000000
:004306D9 53
push ebx
:004306DA 56
push esi
:004306DB 8BF2
mov esi, edx
:004306DD 668945FE
:004306E1 33C0
xor eax, eax
:004306E3 55
push ebp
:004306E4 68B9084300
push 004308B9
:004306E9 64FF30
:004306EC 648920
:004306EF 8A5DFE
:004306F2 33C0
xor eax, eax
:004306F4 8AC3
mov al, bl
:004306F6 83F82D
cmp eax, 0000002D
:004306F9 7D27
jge 00430722
:004306FB 83C0F8
add eax, FFFFFFF8
:004306FE 83E802
sub eax, 00000002
:00430701 7268
jb 0043076B
:00430703 83E803
sub eax, 00000003
:00430706 747B
je 00430783
:00430708 83E80E
sub eax, 0000000E
:0043070B 0F8485000000
je 00430796
:00430711 83C0FB
add eax, FFFFFFFB
:00430714 83E809
sub eax, 00000009
:00430717 0F828C000000
jb 004307A9
:0043071D E917010000
jmp 00430839
|:004306F9(C)
|
:00430722 83F841
:00430725 7D1B
:00430727 83C0D3
:0043072A 83E802
:0043072D 0F8291000000
:00430733 48
:00430734 83E80A
:00430737 0F829F000000
:0043073D E9F7000000

cmp eax, 00000041
jge 00430742
add eax, FFFFFFD3
sub eax, 00000002
jb 004307C4
dec eax
sub eax, 0000000A
jb 004307DC
jmp 00430839
|:00430725(C)
|
:00430742 83C0BF
:00430745 83E81A
:00430748 0F82A2000000
:0043074E 83C0FB
:00430751 83E80A
:00430754 0F82AA000000
:0043075A 83C0FA
:0043075D 83E818
:00430760 0F82B2000000
:00430766 E9CE000000
|:00430701(C)
|
:0043076B 8D45F8
:0043076E 33D2
:00430770 8AD3
:00430772 8B149530274400
:00430779 E8D230FDFF
:0043077E E9C2000000
|:00430706(C)
|
:00430783 8D45F8
:00430786 8B155C274400
:0043078C E8BF30FDFF
:00430791 E9AF000000
|:0043070B(C)
|
:00430796 8D45F8
:00430799 8B1558274400
:0043079F E8AC30FDFF
:004307A4 E99C000000
|:00430717(C)
|
:004307A9 8D45F8
:004307AC 80C304
:004307AF 33D2
:004307B1 8AD3
:004307B3 8B1495D0264400
:004307BA E89130FDFF
:004307BF E981000000
|:0043072D(C)
|
:004307C4 8D45F8
:004307C7 80C30D
:004307CA 33D2
:004307CC 8AD3
:004307CE 8B14959C264400
add eax, FFFFFFBF

sub eax, 0000001A
jb 004307F0
add eax, FFFFFFFB
sub eax, 0000000A
jb 00430804
add eax, FFFFFFFA
sub eax, 00000018
jb 00430818
jmp 00430839

xor edx, edx
mov dl, bl
mov edx, dword ptr [4*edx+00442730]
call 00403850
jmp 00430845

call 00403850
jmp 00430845

call 00403850
jmp 00430845

add bl, 04
xor edx, edx
mov dl, bl
mov edx, dword ptr [4*edx+004426D0]
call 00403850
jmp 00430845
lea
add
xor
mov
mov

bl, 0D
edx, edx
dl, bl
edx, dword ptr [4*edx+0044269C]
:004307D5 E87630FDFF
:004307DA EB69
call 00403850
jmp 00430845
|:00430737(C)
|
:004307DC 8D45F8
:004307DF 33D2
:004307E1 8AD3
:004307E3 83EA30
:004307E6 83C230
:004307E9 E86E31FDFF
:004307EE EB55
|:00430748(C)
|
:004307F0 8D45F8
:004307F3 33D2
:004307F5 8AD3
:004307F7 83EA41
:004307FA 83C241
:004307FD E85A31FDFF
:00430802 EB41
|:00430754(C)
|
:00430804 8D45F8
:00430807 33D2
:00430809 8AD3
:0043080B 83EA60
:0043080E 83C230
:00430811 E84631FDFF
:00430816 EB2D
|:00430760(C)
|
:00430818 33C0
:0043081A 8AC3
:0043081C 83E86F
:0043081F 8D55F4
:00430822 E8096EFDFF
:00430827 8B4DF4
:0043082A 8D45F8
:0043082D BAD0084300
:00430832 E84932FDFF
:00430837 EB0C

xor edx, edx
mov dl, bl
sub edx, 00000030
add edx, 00000030
call 0040395C
jmp 00430845

xor edx, edx
mov dl, bl
sub edx, 00000041
add edx, 00000041
call 0040395C
jmp 00430845

xor edx, edx
mov dl, bl
sub edx, 00000060
add edx, 00000030
call 0040395C
jmp 00430845
xor eax, eax

mov al, bl
sub eax, 0000006F
call 00407630
mov edx, 004308D0
call 00403A80
jmp 00430845

|:0043071D(U), :0043073D(U), :00430766(U)
|
:00430839 8D55F8
:0043083C 668B45FE
:00430840 E823FEFFFF
call 00430668
|:0043077E(U), :00430791(U), :004307A4(U), :004307BF(U), :004307DA(U)
|:004307EE(U), :00430802(U), :00430816(U), :00430837(U)
|
:00430845
:00430849
:0043084B
:0043084D
:00430852
:00430856
:00430858
:0043085A
:00430860
837DF800
744C
8BC6
E8662FFDFF
F645FF20
740D
8BC6
8B158C274400
E8D731FDFF

je 00430897
mov eax, esi
call 004037B8
test [ebp-01], 20
je 00430865
mov eax, esi
call 00403A3C
|:00430856(C)
|
:00430865 F645FF40
:00430869 740D
:0043086B 8BC6
:0043086D 8B1590274400
:00430873 E8C431FDFF
|:00430869(C)
|
:00430878 F645FF80
:0043087C 740D
:0043087E 8BC6
:00430880 8B1594274400
:00430886 E8B131FDFF
|:0043087C(C)
|
:0043088B 8BC6
:0043088D 8B55F8
:00430890 E8A731FDFF
:00430895 EB07
test [ebp-01], 40
je 00430878
mov eax, esi
call 00403A3C
test [ebp-01], 80
je 0043088B
mov eax, esi
call 00403A3C
mov eax, esi

call 00403A3C
jmp 0043089E

|:00430849(C)
|
:00430897 8BC6
mov eax, esi
:00430899 E81A2FFDFF
call 004037B8
|:00430895(U)
|
:0043089E 33C0
:004308A0 5A
:004308A1 59
:004308A2 59
:004308A3 648910
:004308A6 68C0084300
|:004308BE(U)
|
:004308AB 8D45F4
:004308AE BA02000000
:004308B3 E8242FFDFF
:004308B8 C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 004308C0

mov edx, 00000002
call 004037DC
ret
:004308B9
:004308BE
:004308C0
:004308C1
:004308C2
:004308C4
:004308C5
E9BA29FDFF
EBEB
5E
5B
8BE5
5D
C3
jmp
jmp
pop
pop
mov
pop
ret
00403278
004308AB
esi
ebx
esp, ebp
ebp
:004308C6 0000
BYTE 2 DUP(0)
:004308C8 FFFFFFFF
BYTE 4 DUP(0ffh)
:004308CC
:004308CE
:004308D0
:004308D1

inc esi
BYTE 3 DUP(0)
0100
0000
46
000000

|:00430964 , :0043097C , :00430995 , :004309AE
|
:004308D4 53
push ebx
:004308D5 56
push esi
:004308D6 57
push edi
:004308D7 8BFA
mov edi, edx
:004308D9 8BF0
mov esi, eax
:004308DB 33DB
xor ebx, ebx
:004308DD 8B06
:004308DF E85031FDFF
call 00403A34
:004308E4 50
push eax
:004308E5 8BC7
mov eax, edi
:004308E7 E84831FDFF
call 00403A34
:004308EC 5A
pop edx
:004308ED 3BD0
cmp edx, eax
:004308EF 7C39
jl 0043092A
:004308F1 8BC7
mov eax, edi
:004308F3 E83C31FDFF
call 00403A34
:004308F8 50
push eax
:004308F9 8BC7
mov eax, edi
:004308FB E8F832FDFF
call 00403BF8
:00430900 50
push eax
:00430901 8B06
:00430903 E8F032FDFF
call 00403BF8
:00430908 5A
pop edx
:00430909 59
pop ecx
:0043090A E89D6CFDFF
call 004075AC
:0043090F 85C0
test eax, eax
:00430911 7517
jne 0043092A
:00430913 B301
mov bl, 01
:00430915 8BC7
mov eax, edi
:00430917 E81831FDFF
call 00403A34
:0043091C 8BC8
mov ecx, eax
:0043091E 8BC6
mov eax, esi
:00430920 BA01000000
mov edx, 00000001
:00430925 E84E33FDFF
call 00403C78
|:004308EF(C), :00430911(C)
|
:0043092A 8BC3
:0043092C 5F
:0043092D 5E
:0043092E 5B
:0043092F C3

mov
pop
pop
pop
ret
eax, ebx
edi
esi
ebx

|:00431296
|
:00430930 55
push ebp
:00430931 8BEC
mov ebp, esp
:00430933 83C4F8
add esp, FFFFFFF8
:00430936 53
push ebx
:00430937 56
push esi
:00430938 57
push edi
:00430939 33D2
xor edx, edx
:0043093B 8955F8
:0043093E 8945FC
:00430941 8B45FC
:00430944 E89F32FDFF
call 00403BE8
:00430949 33C0
xor eax, eax
:0043094B 55
push ebp
:0043094C 680B0A4300
push 00430A0B
:00430951 64FF30
:00430954 648920
:00430957 33FF
xor edi, edi
:00430959 33F6
xor esi, esi
|:00430972(U), :0043098A(U), :004309A3(U), :004309BC(U)
|
:0043095B 8D45FC
:0043095E 8B158C274400
:00430964 E86BFFFFFF
call 004308D4
:00430969 84C0
test al, al
:0043096B 7407
je 00430974
:0043096D 6681CE0020
or si, 2000
:00430972 EBE7
jmp 0043095B
|:0043096B(C)
|
:00430974 8D45FC
:00430977 BA240A4300
:00430981 84C0
:00430983 7407
:00430985 6681CE0040
:0043098A EBCF

mov edx, 00430A24
call 004308D4
test al, al
je 0043098C
or si, 4000
jmp 0043095B

|:00430983(C)
|
:0043098C
:0043098F
:00430995
:0043099A
:0043099C
:0043099E
:004309A3
8D45FC
8B1590274400
E83AFFFFFF
84C0
7407
6681CE0040
EBB6

call 004308D4
test al, al
je 004309A5
or si, 4000
jmp 0043095B
|:0043099C(C)
|
:004309A5 8D45FC
:004309A8 8B1594274400
:004309AE E821FFFFFF
:004309B3 84C0
:004309B5 7407
:004309B7 6681CE0080
:004309BC EB9D
|:004309B5(C)
|
:004309BE 837DFC00
:004309C2 742C
:004309C4 66BB0800
|:004309EE(C)
|
:004309C8 8D55F8
:004309CB 8BC3
:004309CD E8FEFCFFFF
:004309D2 8B55F8
:004309D5 8B45FC
:004309D8 E8976BFDFF
:004309DD 85C0
:004309DF 7507
:004309E1 8BFE
:004309E3 660BFB
:004309E6 EB08
|:004309DF(C)
|
:004309E8 43
:004309E9 6681FB5602
:004309EE 75D8
|:004309C2(C), :004309E6(U)
|
:004309F0 33C0
:004309F2 5A
:004309F3 59
:004309F4 59
:004309F5 648910
:004309F8 68120A4300

call 004308D4
test al, al
je 004309BE
or si, 8000
jmp 0043095B

je 004309F0
mov bx, 0008

mov eax, ebx
call 004306D0
call 00407574
test eax, eax
jne 004309E8
mov edi, esi
or di, bx
jmp 004309F0
inc ebx
cmp bx, 0256
jne 004309C8
xor eax, eax

pop edx
pop ecx
pop ecx
push 00430A12

|:00430A10(U)
|
:004309FD
:00430A00
:00430A05
:00430A0A
8D45F8
BA02000000
E8D22DFDFF
C3

mov edx, 00000002
call 004037DC
ret
:00430A0B
:00430A10
:00430A12
:00430A14
:00430A15
:00430A16
:00430A17
:00430A18
:00430A19
:00430A1A
E96828FDFF
EBEB
8BC7
5F
5E
5B
59
59
5D
C3
jmp
jmp
mov
pop
pop
pop
pop
pop
pop
ret
00403278
004309FD
eax, edi
edi
esi
ebx
ecx
ecx
ebp
:00430A1B 00
BYTE 0
:00430A1C FFFFFFFF
BYTE 4 DUP(0ffh)
:00430A20
:00430A22
:00430A24
:00430A25

pop esi
BYTE 3 DUP(0)
0100
0000
5E
000000

|:00430EC7
|
:00430A28 53
push ebx
:00430A29 A19C374400
:00430A2E E831C7FDFF
call 0040D164
:00430A33 8BD8
mov ebx, eax
:00430A35 0FB7D3
movzx edx, bx
:00430A38 B101
mov cl, 01
:00430A3A A19C374400
:00430A3F E8F4C6FDFF
call 0040D138
:00430A44 8BC3
mov eax, ebx
:00430A46 5B
pop ebx
:00430A47 C3
ret

|:00430B31 , :00430B4C
|
:00430A48 55
push ebp
:00430A49 8BEC
mov ebp, esp
:00430A4B 83C4F4
add esp, FFFFFFF4
:00430A4E 53
push ebx
:00430A4F 56
push esi
:00430A50 894DF8
:00430A53 8BF2
mov esi, edx
:00430A55 8BD8
mov ebx, eax
:00430A57
:00430A59
:00430A5B
:00430A5F
85F6
7444
C645F700
EB2D
test esi, esi

je 00430A9F
mov [ebp-09], 00
jmp 00430A8E
|:00430A9D(C)
|
:00430A61 8B13
:00430A63 8BC6
:00430A65 E826160000
:00430A6A 8945FC
:00430A6D 8B45FC
:00430A70 8A4031
:00430A73 8B5508
:00430A76 3A42FF
:00430A79 7724
:00430A7B 8B45FC
:00430A7E 8B5508
:00430A81 FF32
:00430A83 FF55F8
:00430A86 83C404
:00430A89 8845F7
:00430A8C FF03
|:00430A5F(U)
|
:00430A8E 807DF700
:00430A92 750B
:00430A94 8BC6
:00430A96 E8E5150000
:00430A9B 3B03
:00430A9D 7FC2

mov eax, esi
call 00432090
cmp al, byte ptr [edx-01]
ja 00430A9F
push dword ptr [edx]
call [ebp-08]
add esp, 00000004
inc dword ptr [ebx]

jne 00430A9F
mov eax, esi
call 00432080
jg 00430A61

|:00430A59(C), :00430A79(C), :00430A92(C)
|
:00430A9F 8A45F7
:00430AA2 5E
pop esi
:00430AA3 5B
pop ebx
:00430AA4 8BE5
mov esp, ebp
:00430AA6 5D
pop ebp
:00430AA7 C3
ret

|:00431266 , :00432A98 , :00432AC1 , :00432B82
|
:00430AA8 55
push ebp
:00430AA9 8BEC
mov ebp, esp
:00430AAB 83C4E8
add esp, FFFFFFE8
:00430AAE 53
push ebx
:00430AAF 56
push esi
:00430AB0 57
push edi
:00430AB1 894DF4
:00430AB4 8BFA
mov edi, edx
:00430AB6 8945F8
:00430AB9 33C0
xor eax, eax
:00430ABB
:00430ABE
:00430AC0
:00430AC3
:00430AC5
:00430AC7
:00430AC9
:00430ACB
:00430ACD
:00430AD2
8945F0
33C0
8945EC
33DB
33F6
85FF
7409
8BC7
E8AE150000
8BD8
|:00430AC9(C)
|
:00430AD4 837DF400
:00430AD8 740A
:00430ADA 8B45F4
:00430ADD E89E150000
:00430AE2 8BF0

xor eax, eax
xor ebx, ebx
xor esi, esi
test edi, edi
je 00430AD4
mov eax, edi
call 00432080
mov ebx, eax
je 00430AE4
call 00432080
mov esi, eax

|:00430AD8(C)
|
:00430AE4 C645EA00
mov [ebp-16], 00
:00430AE8 E9A1000000
jmp 00430B8E
|:00430B97(C), :00430BA0(C)
|
:00430AED C645FFFF
:00430AF1 C645EBFF
:00430AF5 3B5DF0
:00430AF8 7E10
:00430AFA 8B55F0
:00430AFD 8BC7
:00430AFF E88C150000
:00430B04 8A4031
:00430B07 8845FF
|:00430AF8(C)
|
:00430B0A 3B75EC
:00430B0D 7E11
:00430B0F 8B55EC
:00430B12 8B45F4
:00430B15 E876150000
:00430B1A 8A4031
:00430B1D 8845EB
mov [ebp-01], FF
mov [ebp-15], FF
jle 00430B0A
mov eax, edi
call 00432090

jle 00430B20
call 00432090

|:00430B0D(C)
|
:00430B20 8A45FF
:00430B23 3A45EB
:00430B26 7714
ja 00430B3C
:00430B28 55
push ebp
:00430B29 8D45F0
:00430B2C 8B4DF8
:00430B2F 8BD7
mov edx, edi
:00430B31
:00430B36
:00430B37
:00430B3A
E812FFFFFF
59
8845EA
EB1E
|:00430B26(C)
|
:00430B3C 8A45EB
:00430B3F 8845FF
:00430B42 55
:00430B43 8D45EC
:00430B46 8B4DF8
:00430B49 8B55F4
:00430B4C E8F7FEFFFF
:00430B51 59
:00430B52 8845EA
:00430B55 EB03
call 00430A48
pop ecx
jmp 00430B5A
push ebp
call 00430A48
pop ecx
jmp 00430B5A

|:00430B6F(C)
|
:00430B57 FF45F0
inc [ebp-10]
|:00430B3A(U), :00430B55(U)
|
:00430B5A 3B5DF0
:00430B5D 7E17
:00430B5F 8B55F0
:00430B62 8BC7
:00430B64 E827150000
:00430B69 8A4031
:00430B6C 3A45FF
:00430B6F 76E6
:00430B71 EB03

jle 00430B76
mov eax, edi
call 00432090
jbe 00430B57
jmp 00430B76

|:00430B8C(C)
|
:00430B73 FF45EC
inc [ebp-14]
|:00430B5D(C), :00430B71(U)
|
:00430B76 3B75EC
:00430B79 7E13
:00430B7B 8B55EC
:00430B7E 8B45F4
:00430B81 E80A150000
:00430B86 8A4031
:00430B89 3A45FF
:00430B8C 76E5
|:00430AE8(U), :00430B79(C)
|
:00430B8E 807DEA00
:00430B92 7512
:00430B94 3B5DF0

jle 00430B8E
call 00432090
jbe 00430B73

jne 00430BA6
:00430B97 0F8F50FFFFFF
:00430B9D 3B75EC
:00430BA0 0F8F47FFFFFF
jg 00430AED
jg 00430AED

|:00430B92(C)
|
:00430BA6 5F
pop edi
:00430BA7 5E
pop esi
:00430BA8 5B
pop ebx
:00430BA9 8BE5
mov esp, ebp
:00430BAB 5D
pop ebp
:00430BAC C3
ret
:00430BAD
:00430BB0
:00430BB1
:00430BB2
:00430BB4
:00430BB6
:00430BB8
:00430BBE
:00430BC3
:00430BC6
:00430BC7
:00430BC8
8D4000
53
56
8BF2
8BD8
8BC6
8B1590FD4200
E8E521FDFF
894310
5E
5B
C3

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 00402DA8
pop esi
pop ebx
ret
:00430BC9
:00430BCC
:00430BCD
:00430BCF
:00430BD1
:00430BD6
:00430BD8
:00430BDA
:00430BDD
:00430BE3
:00430BE8
:00430BEB
:00430BEE
:00430BF1
:00430BF6
8D4000
53
8BD8
8BC3
E8F2D2FFFF
84C0
741E
8B430C
8B15F4D74200
E8C021FDFF
8B504C
8B4310
8B4024
E84E2FFDFF
7404
lea eax, dword

push ebx
mov ebx, eax
mov eax, ebx
call 0042DEC8
test al, al
je 00430BF8
mov eax, dword
mov edx, dword
call 00402DA8
mov edx, dword
mov eax, dword
mov eax, dword
call 00403B44
je 00430BFC
ptr [eax+00]
ptr [ebx+0C]
ptr [0042D7F4]
ptr [eax+4C]
ptr [ebx+10]
ptr [eax+24]

|:00430BD8(C)
|
:00430BF8 33C0
xor eax, eax
:00430BFA 5B
pop ebx
:00430BFB C3
ret

|:00430BF6(C)
|
:00430BFC B001
mov al, 01
:00430BFE 5B
pop ebx
:00430BFF C3
ret
:00430C00
:00430C01
:00430C03
:00430C05
:00430C0A
:00430C0C
:00430C0E
:00430C11
:00430C17
:00430C1C
:00430C1F
:00430C22
:00430C25
53
8BD8
8BC3
E8D2D2FFFF
84C0
7419
8B430C
8B15F4D74200
E88C21FDFF
8A4050
8B5310
3A422C
7404
push ebx
mov ebx, eax
mov eax, ebx
call 0042DEDC
test al, al
je 00430C27
call 00402DA8
cmp al, byte ptr [edx+2C]
je 00430C2B

|:00430C0C(C)
|
:00430C27 33C0
xor eax, eax
:00430C29 5B
pop ebx
:00430C2A C3
ret

|:00430C25(C)
|
:00430C2B B001
mov al, 01
:00430C2D 5B
pop ebx
:00430C2E C3
ret
:00430C2F
:00430C30
:00430C31
:00430C33
:00430C35
:00430C3A
:00430C3C
:00430C3E
:00430C41
:00430C47
:00430C4C
:00430C4F
:00430C52
:00430C55
90
53
8BD8
8BC3
E8B6D2FFFF
84C0
7419
8B430C
8B15F4D74200
E85C21FDFF
8A4051
8B5310
3A422D
7404
nop
push ebx
mov ebx, eax
mov eax, ebx
call 0042DEF0
test al, al
je 00430C57
call 00402DA8
cmp al, byte ptr [edx+2D]
je 00430C5B

|:00430C3C(C)
|
:00430C57 33C0
xor eax, eax
:00430C59 5B
pop ebx
:00430C5A C3
ret

|:00430C55(C)
|
:00430C5B B001
:00430C5D 5B
:00430C5E C3
mov al, 01
pop ebx
ret
:00430C5F
:00430C60
:00430C61
:00430C63
:00430C65
:00430C6A
:00430C6C
:00430C6E
:00430C71
:00430C77
:00430C7C
:00430C7F
:00430C82
:00430C85
nop
push ebx
mov ebx, eax
mov eax, ebx
call 0042DF04
test al, al
je 00430C87
mov eax, dword
mov edx, dword
call 00402DA8
mov eax, dword
mov edx, dword
cmp eax, dword
je 00430C8B
90
53
8BD8
8BC3
E89AD2FFFF
84C0
7419
8B430C
8B15F4D74200
E82C21FDFF
8B4054
8B5310
3B4248
7404
ptr [ebx+0C]
ptr [0042D7F4]
ptr [eax+54]
ptr [ebx+10]
ptr [edx+48]

|:00430C6C(C)
|
:00430C87 33C0
xor eax, eax
:00430C89 5B
pop ebx
:00430C8A C3
ret

|:00430C85(C)
|
:00430C8B B001
mov al, 01
:00430C8D 5B
pop ebx
:00430C8E C3
ret
:00430C8F
:00430C90
:00430C91
:00430C93
:00430C95
:00430C9A
:00430C9C
:00430C9E
:00430CA1
:00430CA7
:00430CAC
:00430CAF
:00430CB2
:00430CB5
:00430CBA
90
53
8BD8
8BC3
E87ED2FFFF
84C0
741E
8B430C
8B15F4D74200
E8FC20FDFF
8B5058
8B4310
8B404C
E88A2EFDFF
7404
nop
push ebx
mov ebx, eax
mov eax, ebx
call 0042DF18
test al, al
je 00430CBC
mov eax, dword
mov edx, dword
call 00402DA8
mov edx, dword
mov eax, dword
mov eax, dword
call 00403B44
je 00430CC0
ptr [ebx+0C]
ptr [0042D7F4]
ptr [eax+58]
ptr [ebx+10]
ptr [eax+4C]

|:00430C9C(C)
|
:00430CBC 33C0
xor eax, eax
:00430CBE 5B
pop ebx
:00430CBF C3
ret

|:00430CBA(C)
|
:00430CC0 B001
mov al, 01
:00430CC2 5B
pop ebx
:00430CC3 C3
ret
:00430CC4
:00430CC5
:00430CC7
:00430CC9
:00430CCE
:00430CD0
:00430CD2
:00430CD5
:00430CDB
:00430CE0
:00430CE3
:00430CE6
:00430CE9
53
8BD8
8BC3
E85ED2FFFF
84C0
7419
8B430C
8B15F4D74200
E8C820FDFF
8B405C
8B5310
3B4234
7404
push ebx
mov ebx, eax
mov eax, ebx
call 0042DF2C
test al, al
je 00430CEB
mov eax, dword
mov edx, dword
call 00402DA8
mov eax, dword
mov edx, dword
cmp eax, dword
je 00430CEF
ptr [ebx+0C]
ptr [0042D7F4]
ptr [eax+5C]
ptr [ebx+10]
ptr [edx+34]

|:00430CD0(C)
|
:00430CEB 33C0
xor eax, eax
:00430CED 5B
pop ebx
:00430CEE C3
ret

|:00430CE9(C)
|
:00430CEF B001
mov al, 01
:00430CF1 5B
pop ebx
:00430CF2 C3
ret
:00430CF3
:00430CF4
:00430CF5
:00430CF7
:00430CF9
:00430CFE
:00430D00
:00430D02
:00430D05
:00430D0B
:00430D10
:00430D14
:00430D17
:00430D1B
90
53
8BD8
8BC3
E842D2FFFF
84C0
741B
8B430C
8B15F4D74200
E89820FDFF
668B4060
8B5310
663B4254
7404
nop
push ebx
mov ebx, eax
mov eax, ebx
call 0042DF40
test al, al
je 00430D1D
call 00402DA8
cmp ax, word ptr [edx+54]
je 00430D21

|:00430D00(C)
|
:00430D1D 33C0
xor eax, eax
:00430D1F 5B
:00430D20 C3
pop ebx
ret

|:00430D1B(C)
|
:00430D21 B001
mov al, 01
:00430D23 5B
pop ebx
:00430D24 C3
ret
:00430D25
:00430D28
:00430D29
:00430D2B
:00430D2D
:00430D32
:00430D34
:00430D36
:00430D39
:00430D3F
:00430D44
:00430D47
:00430D4A
:00430D4D
8D4000
53
8BD8
8BC3
E822D2FFFF
84C0
7419
8B430C
8B15F4D74200
E86420FDFF
8A4062
8B5310
3A4230
7404

push ebx
mov ebx, eax
mov eax, ebx
call 0042DF54
test al, al
je 00430D4F
call 00402DA8
je 00430D53

|:00430D34(C)
|
:00430D4F 33C0
xor eax, eax
:00430D51 5B
pop ebx
:00430D52 C3
ret

|:00430D4D(C)
|
:00430D53 B001
mov al, 01
:00430D55 5B
pop ebx
:00430D56 C3
ret
:00430D57
:00430D58
:00430D59
:00430D5B
:00430D5D
:00430D62
:00430D64
:00430D66
:00430D69
:00430D6C
:00430D6F
:00430D72
90
53
8BD8
8BC3
E83610FEFF
84C0
740E
8B4310
8B4074
8B530C
3B422C
7404
nop
push ebx
mov ebx, eax
mov eax, ebx
call 00411D98
test al, al
je 00430D74
mov eax, dword
mov eax, dword
mov edx, dword
cmp eax, dword
je 00430D78
ptr
ptr
ptr
ptr
[ebx+10]
[eax+74]
[ebx+0C]
[edx+2C]

|:00430D64(C)
|
:00430D74 33C0
:00430D76 5B
:00430D77 C3
xor eax, eax

pop ebx
ret

|:00430D72(C)
|
:00430D78 B001
mov al, 01
:00430D7A 5B
pop ebx
:00430D7B C3
ret
:00430D7C
:00430D7D
:00430D7E
:00430D80
:00430D82
:00430D84
:00430D86
:00430D89
:00430D8B
:00430D8D
:00430D8F
:00430D92
53
56
8BF2
8BD8
8BC3
8B10
FF521C
84C0
740A
8BD6
8B4310
E851110000
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+1C]
test al, al
je 00430D97
mov edx, esi
call 00431EE8

|:00430D8B(C)
|
:00430D97 5E
pop esi
:00430D98 5B
pop ebx
:00430D99 C3
ret
:00430D9A
:00430D9C
:00430D9D
:00430D9E
:00430DA0
:00430DA2
:00430DA4
:00430DA6
:00430DA9
:00430DAB
:00430DAD
:00430DAF
:00430DB2
8BC0
53
56
8BDA
8BF0
8BC6
8B10
FF5220
84C0
740A
8BD3
8B4610
E8A1110000
mov eax, eax

push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, esi
call [edx+20]
test al, al
je 00430DB7
mov edx, ebx
call 00431F58

|:00430DAB(C)
|
:00430DB7 5E
pop esi
:00430DB8 5B
pop ebx
:00430DB9 C3
ret
:00430DBA 8BC0
:00430DBC 53
mov eax, eax

push ebx
:00430DBD
:00430DBE
:00430DC0
:00430DC2
:00430DC4
:00430DC6
:00430DC9
:00430DCB
:00430DCD
:00430DCF
:00430DD2
56
8BDA
8BF0
8BC6
8B10
FF5224
84C0
740A
8BD3
8B4610
E8D5110000
push esi
mov ebx, edx
mov esi, eax
mov eax, esi
call [edx+24]
test al, al
je 00430DD7
mov edx, ebx
call 00431FAC

|:00430DCB(C)
|
:00430DD7 5E
pop esi
:00430DD8 5B
pop ebx
:00430DD9 C3
ret
:00430DDA
:00430DDC
:00430DDD
:00430DDE
:00430DE0
:00430DE2
:00430DE4
:00430DE6
:00430DE9
:00430DEB
:00430DED
:00430DF0
8BC0
53
56
8BF2
8BD8
8BC3
8B10
FF5228
84C0
7406
8B4310
897048
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+28]
test al, al
je 00430DF3

|:00430DEB(C)
|
:00430DF3 5E
pop esi
:00430DF4 5B
pop ebx
:00430DF5 C3
ret
:00430DF6
:00430DF8
:00430DF9
:00430DFA
:00430DFC
:00430DFE
:00430E00
:00430E02
:00430E05
:00430E07
:00430E09
:00430E0C
:00430E0F
:00430E11
8BC0
53
56
8BF2
8BD8
8BC3
8B10
FF522C
84C0
740D
8B4310
83C04C
8BD6
E8F629FDFF
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+2C]
test al, al
je 00430E16
add eax, 0000004C
mov edx, esi
call 0040380C

|:00430E07(C)
|
:00430E16 5E
pop esi
:00430E17 5B
:00430E18 C3
pop ebx
ret
:00430E19
:00430E1C
:00430E1D
:00430E1E
:00430E20
:00430E22
:00430E24
:00430E26
:00430E29
:00430E2B
:00430E2D
:00430E2F
:00430E32

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+30]
test al, al
je 00430E37
mov edx, esi
call 004320E0
8D4000
53
56
8BF2
8BD8
8BC3
8B10
FF5230
84C0
740A
8BD6
8B4310
E8A9120000

|:00430E2B(C)
|
:00430E37 5E
pop esi
:00430E38 5B
pop ebx
:00430E39 C3
ret
:00430E3A
:00430E3C
:00430E3D
:00430E3E
:00430E40
:00430E42
:00430E44
:00430E46
:00430E49
:00430E4B
:00430E4D
:00430E4F
:00430E52
8BC0
53
56
8BF2
8BD8
8BC3
8B10
FF5234
84C0
740A
8BD6
8B4310
E859120000
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call [edx+34]
test al, al
je 00430E57
mov edx, esi
call 004320B0

|:00430E4B(C)
|
:00430E57 5E
pop esi
:00430E58 5B
pop ebx
:00430E59 C3
ret
:00430E5A
:00430E5C
:00430E5D
:00430E5E
:00430E60
:00430E62
:00430E64
:00430E66
:00430E69
:00430E6B
:00430E6D
:00430E6F
8BC0
53
56
8BDA
8BF0
8BC6
8B10
FF5238
84C0
740A
8BD3
8B4610
mov eax, eax

push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, esi
call [edx+38]
test al, al
je 00430E77
mov edx, ebx
:00430E72 E851120000
call 004320C8

|:00430E6B(C)
|
:00430E77 5E
pop esi
:00430E78 5B
pop ebx
:00430E79 C3
ret
:00430E7A
:00430E7C
:00430E7D
:00430E7F
:00430E80
:00430E82
:00430E84
:00430E86
:00430E89
:00430E8B
:00430E8D
:00430E90
:00430E93
:00430E96
:00430E99
8BC0
55
8BEC
53
8BD8
8BC3
8B10
FF5208
84C0
740F
8B4310
8B5508
895074
8B550C
895078
mov eax, eax

push ebp
mov ebp, esp
push ebx
mov ebx, eax
mov eax, ebx
call [edx+08]
test al, al
je 00430E9C

|:00430E8B(C)
|
:00430E9C 5B
pop ebx
:00430E9D 5D
pop ebp
:00430E9E C20800
ret 0008
:00430EA1 8D4000

|:004329A3
|
:00430EA4 53
push ebx
:00430EA5 56
push esi
:00430EA6 84D2
test dl, dl
:00430EA8 7408
je 00430EB2
:00430EAA 83C4F0
add esp, FFFFFFF0
:00430EAD E85220FDFF
call 00402F04
|:00430EA8(C)
|
:00430EB2 8BDA
:00430EB4 8BF0
:00430EB6 33D2
:00430EB8 8BC6
:00430EBA E80106FEFF
:00430EBF C6463001
:00430EC3 C6462D01
:00430EC7 E85CFBFFFF
:00430ECC 66894644
:00430ED0 C74634FFFFFFFF
:00430ED7 8BC6

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 004114C0
mov [esi+30], 01
mov [esi+2D], 01
call 00430A28
mov [esi+34], FFFFFFFF
mov eax, esi
:00430ED9
:00430EDB
:00430EDD
:00430EE2
:00430EE9
84DB
740F
E87A20FDFF
648F0500000000
83C40C
test bl, bl
je 00430EEC
call 00402F5C
add esp, 0000000C

|:00430EDB(C)
|
:00430EEC 8BC6
mov eax, esi
:00430EEE 5E
pop esi
:00430EEF 5B
pop ebx
:00430EF0 C3
ret
:00430EF1
:00430EF4
:00430EF5
:00430EF6
:00430EFB
:00430EFD
:00430EFF
:00430F02
:00430F04
:00430F06
:00430F08
:00430F0D
:00430F0F
:00430F12
8D4000
53
56
E86920FDFF
8BDA
8BF0
8B4658
85C0
741C
8BD6
E807150000
33C0
894658
EB0E

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
test eax, eax
je 00430F22
mov edx, esi
call 00432414
xor eax, eax
jmp 00430F22
|:00430F2B(C)
|
:00430F14 33D2
:00430F16 8BC6
:00430F18 E873110000
:00430F1D E8FE1CFDFF
|:00430F04(C), :00430F12(U)
|
:00430F22 8BC6
:00430F24 E857110000
:00430F29 85C0
:00430F2B 7FE7
:00430F2D 837E2800
:00430F31 7412
:00430F33 33D2
:00430F35 8BC6
:00430F37 E88C030000
:00430F3C 8B4628
:00430F3F 50
xor edx, edx

mov eax, esi
call 00432090
call 00402C20
mov eax, esi

call 00432080
test eax, eax
jg 00430F14
je 00430F45
xor edx, edx
mov eax, esi
call 004312C8
push eax
* Reference To: user32.DestroyMenu, Ord:0000h

|
:00430F40 E83B51FDFF
Call 00406080
|:00430F31(C)
|
:00430F45
:00430F48
:00430F4D
:00430F50
:00430F55
:00430F57
:00430F5A
:00430F5E
:00430F61
:00430F63
:00430F66
:00430F68
:00430F6D
8B4650
E8D31CFDFF
8B4638
E8CB1CFDFF
33C0
894638
668B4644
6685C0
740F
0FB7D0
33C9
A19C374400
E8C6C1FDFF

call 00402C20
call 00402C20
xor eax, eax
test ax, ax
je 00430F72
movzx edx, ax
xor ecx, ecx
call 0040D138
|:00430F61(C)
|
:00430F72 8B4640
:00430F75 85C0
:00430F77 7405
:00430F79 E8A21CFDFF
|:00430F77(C)
|
:00430F7E 8BD3
:00430F80 80E2FC
:00430F83 8BC6
:00430F85 E88205FEFF
:00430F8A 84DB
:00430F8C 7E07
:00430F8E 8BC6
:00430F90 E8BF1FFDFF

test eax, eax
je 00430F7E
call 00402C20
mov edx, ebx

and dl, FC
mov eax, esi
call 0041150C
test bl, bl
jle 00430F95
mov eax, esi
call 00402F54

|:00430F8C(C)
|
:00430F95 5E
pop esi
:00430F96 5B
pop ebx
:00430F97 C3
ret

|:00431226
|
:00430F98 55
push ebp
:00430F99 8BEC
mov ebp, esp
:00430F9B 83C4C0
add esp, FFFFFFC0
:00430F9E 53
push ebx
:00430F9F 56
push esi
:00430FA0 57
push edi
:00430FA1 33DB
xor ebx, ebx
:00430FA3 895DC0
:00430FA6 895DF8
:00430FA9 884DFF
:00430FAC 8BFA
mov edi, edx
:00430FAE 8BD8
mov ebx, eax
:00430FB0 33C0
xor eax, eax
:00430FB2 55
push ebp
:00430FB3
:00430FB8
:00430FBB
:00430FBE
:00430FC2
:00430FC8
:00430FCB
:00430FCE
:00430FD3
:00430FD5
:00430FDA
:00430FDC
:00430FDE
:00430FE0
:00430FE5
:00430FE8
68EC114300
64FF30
648920
807B3000
0F8406020000
8D45F8
8B5324
E87D28FDFF
8BC3
E8A6100000
85C0
7E0C
8BC3
E84F040000
8945DB
EB4A
push 004311EC
je 004311CE
call 00403850
mov eax, ebx
call 00432080
test eax, eax
jle 00430FEA
mov eax, ebx
call 00431434
jmp 00431034
|:00430FDC(C)
|
:00430FEA 66837B5400
:00430FEF 7443
:00430FF1 8B7358
:00430FF4 85F6
:00430FF6 7418
:00430FF8 837E5800
:00430FFC 7512
:00430FFE 8B4604
:00431001 8B15D4014300
:00431007 E8841DFDFF
:0043100C 84C0
:0043100E 7524
|:00430FF6(C), :00430FFC(C)
|
:00431010 FF75F8
:00431013 6804124300
:00431018 8D55C0
:0043101B 668B4354
:0043101F E8ACF6FFFF
:00431024 FF75C0
:00431027 8D45F8
:0043102A BA03000000
:0043102F E8C02AFDFF

je 00431034
test esi, esi
je 00431010
jne 00431010
call 00402D90
test al, al
jne 00431034
push [ebp-08]
push 00431204
call 004306D0
push [ebp-40]
mov edx, 00000003
call 00403AF4

|:00430FE8(U), :00430FEF(C), :0043100E(C)
|
|
:00431034 E8AF4CFDFF
Call 00405CE8
:00431039 6625FF00
and ax, 00FF
:0043103D 6683F804
cmp ax, 0004
:00431041 0F8200010000
jb 00431147
:00431047 C745C72C000000
mov [ebp-39], 0000002C
:0043104E C745CB3F000000
mov [ebp-35], 0000003F
:00431055 8BC3
mov eax, ebx
:00431057 E81C160000
call 00432678
:0043105C
:0043105E
:00431060
:00431062
:00431064
:00431069
:0043106B
8BF0
85F6
740B
8BC6
E8071C0000
84C0
7516
|:00431060(C)
|
:0043106D 837B4000
:00431071 740C
:00431073 8B4340
:00431076 8B10
:00431078 FF521C
:0043107B 84C0
:0043107D 7404
mov esi, eax

test esi, esi
je 0043106D
mov eax, esi
call 00432C70
test al, al
jne 00431083
je 0043107F
call [edx+1C]
test al, al
je 00431083

|:00431071(C)
|
:0043107F 33C0
xor eax, eax
:00431081 EB02
jmp 00431085
|:0043106B(C), :0043107D(C)
|
:00431083 B001
mov al, 01
|:00431081(U)
|
:00431085 8845F7
:00431088 8B4324
:0043108B BA10124300
:00431090 E8AF2AFDFF
:00431095 0F94C0
:00431098 83E07F
:0043109B 8B0485E8274400
:004310A2 33D2
:004310A4 8A532F
:004310A7 8B1495E0274400
:004310AE 33C9
:004310B0 8A4B3C
:004310B3 0B148DBC274400
:004310BA 0BC2
:004310BC 33D2
:004310BE 8A55FF
:004310C1 0B0495F0274400
:004310C8 33D2
:004310CA 8A55F7
:004310CD 0B0495F8274400
:004310D4 8945CF
:004310D7 33C0
:004310D9 8A432C
:004310DC 8B0485C8274400
:004310E3 33D2
:004310E5 8A532D
:004310E8 0B0495D8274400

mov edx, 00431210
call 00403B44
sete al
and eax, 0000007F
mov eax, dword ptr [4*eax+004427E8]
xor edx, edx
mov dl, byte ptr [ebx+2F]
mov edx, dword ptr [4*edx+004427E0]
xor ecx, ecx
mov cl, byte ptr [ebx+3C]
or edx, dword ptr [4*ecx+004427BC]
or eax, edx
xor edx, edx
xor edx, edx
xor eax, eax
mov al, byte ptr [ebx+2C]
mov eax, dword ptr [4*eax+004427C8]
xor edx, edx
mov dl, byte ptr [ebx+2D]
:004310EF
:004310F1
:004310F4
:004310FB
:004310FE
:00431102
:00431105
:00431107
:0043110A
:0043110C
:0043110F
:00431111
:00431114
:00431117
:0043111C
:0043111F
:00431121
:00431126
:00431128
:0043112A
:0043112C
:00431131
33D2
8A532E
0B0495D0274400
8945D3
0FB74344
8945D7
33C0
8945DB
33C0
8945DF
33C0
8945E3
8B45F8
E8DC2AFDFF
8945EB
8BC3
E85A0F0000
85C0
7E0A
8BC3
E803030000
8945DB
xor edx, edx

mov dl, byte ptr [ebx+2E]
mov dword ptr [ebp-2D], eax
xor eax, eax
xor eax, eax
xor eax, eax
mov dword ptr [ebp-1D], eax
call 00403BF8
mov eax, ebx
call 00432080
test eax, eax
jle 00431134
mov eax, ebx
call 00431434

|:00431128(C)
|
:00431134 8D45C7
:00431137 50
push eax
:00431138 6AFF
push FFFFFFFF
:0043113A 6AFF
push FFFFFFFF
:0043113C 57
push edi
* Reference To: user32.InsertMenuItemA, Ord:0000h
|
:0043113D E83E51FDFF
Call 00406280
:00431142 E987000000
jmp 004311CE
|:00431041(C)
|
:00431147 8B4324
:0043114A BA10124300
:0043114F E8F029FDFF
:00431154 0F94C0
:00431157 83E07F
:0043115A 8B3485B4274400
:00431161 33C0
:00431163 8A433C
:00431166 8B0485A8274400
:0043116D 33D2
:0043116F 8A532C
:00431172 0B049598274400
:00431179 33D2
:0043117B 8A532D
:0043117E 0B0495A0274400
:00431185 0BF0
:00431187 81CE00040000
:0043118D 8BC3
:0043118F E8EC0E0000
:00431194 85C0

mov edx, 00431210
call 00403B44
sete al
and eax, 0000007F
mov esi, dword ptr [4*eax+004427B4]
xor eax, eax
mov eax, dword ptr [4*eax+004427A8]
xor edx, edx
mov dl, byte ptr [ebx+2C]
xor edx, edx
or eax, dword ptr [4*edx+004427A0]
or esi, eax
or esi, 00000400
mov eax, ebx
call 00432080
test eax, eax
:00431196
:00431198
:0043119B
:004311A0
:004311A1
:004311A3
:004311A8
:004311A9
:004311AC
:004311AD
:004311AF
7E1F
8B4324
E8582AFDFF
50
8BC3
E88C020000
50
83CE10
56
6AFF
57
jle 004311B7
call 00403BF8
push eax
mov eax, ebx
call 00431434
push eax
or esi, 00000010
push esi
push FFFFFFFF
push edi

|
:004311B0 E8C350FDFF
Call 00406278
:004311B5 EB17
jmp 004311CE
|:00431196(C)
|
:004311B7 8B45F8
:004311BA E8392AFDFF
:004311BF 50
:004311C0 0FB74344
:004311C4 50
:004311C5 56
:004311C6 6AFF
:004311C8 57

call 00403BF8
push eax
push eax
push esi
push FFFFFFFF
push edi

|
:004311C9 E8AA50FDFF
Call 00406278
|:00430FC2(C), :00431142(U), :004311B5(U)
|
:004311CE 33C0
xor eax, eax
:004311D0 5A
pop edx
:004311D1 59
pop ecx
:004311D2 59
pop ecx
:004311D3 648910
|
:004311D6 68F3114300
push 004311F3
|:004311F1(U)
|
:004311DB 8D45C0
:004311DE E8D525FDFF
:004311E3 8D45F8
:004311E6 E8CD25FDFF
:004311EB C3
:004311EC
:004311F1
:004311F3
:004311F4
jmp
jmp
pop
pop
E98720FDFF
EBE8
5F
5E

call 004037B8
call 004037B8
ret
00403278
004311DB
edi
esi
:004311F5
:004311F6
:004311F8
:004311F9
5B
8BE5
5D
C3
pop ebx
mov esp, ebp
pop ebp
ret
:004311FA 0000
BYTE 2 DUP(0)
:004311FC FFFFFFFF
BYTE 4 DUP(0ffh)
:00431200
:00431202
:00431204
:00431206
:00431208
0100
0000
0900
0000
FFFFFFFF

BYTE 4 DUP(0ffh)
:0043120C
:0043120E
:00431210
:00431215
:00431217
:0043121A
:0043121D
:00431220
:00431223
:00431226
:0043122B
:0043122D
:0043122E
0100
0000
2D00000055
8BEC
8B5508
8A4AFB
8B5508
8B52FC
8B5228
E86DFDFFFF
33C0
5D
C3

sub eax, 55000000
mov ebp, esp
mov cl, byte ptr [edx-05]
call 00430F98
xor eax, eax
pop ebp
ret
:0043122F 90
nop

|:00431372 , :0043149D
|
:00431230 55
push ebp
:00431231 8BEC
mov ebp, esp
:00431233 83C4F8
add esp, FFFFFFF8
:00431236 53
push ebx
:00431237 8945FC
:0043123A 8B45FC
:0043123D 8B5864
:00431240 85DB
test ebx, ebx
:00431242 740B
je 0043124F
:00431244 8BC3
mov eax, ebx
:00431246 E8291F0000
call 00433174
:0043124B 84C0
test al, al
:0043124D 7504
jne 00431253
|:00431242(C)
|
:0043124F 33C0
xor eax, eax
:00431251 EB02
jmp 00431255
|:0043124D(C)
|
:00431253 B001
mov al, 01
|:00431251(U)
|
:00431255 8845FB
:00431258 8B45FC
:0043125B 8B505C
:0043125E B814124300
:00431263 8B4DFC
:00431266 E83DF8FFFF
:0043126B 5B
:0043126C 59
:0043126D 59
:0043126E 5D
:0043126F C3
:00431270
:00431271
:00431273
:00431275
:00431276
:00431277
:00431279
:0043127B
:0043127D
:0043127E
:00431283
:00431286
:00431289
:0043128C
:0043128E
:00431293
:00431296
:0043129B
:0043129D
:0043129F
:004312A4
:004312A6
:004312A7
:004312A8
:004312A9
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 004312BA
mov eax, esi
call 00410E48
call 00430930
mov edx, eax
mov eax, ebx
call 004320B0
xor eax, eax
pop edx
pop ecx
pop ecx
55
8BEC
6A00
53
56
8BF2
8BD8
33C0
55
68BA124300
64FF30
648920
8D55FC
8BC6
E8B5FBFDFF
8B45FC
E895F6FFFF
8BD0
8BC3
E80C0E0000
33C0
5A
59
59
648910

mov eax, 00431214
call 00430AA8
pop ebx
pop ecx
pop ecx
pop ebp
ret

|
:004312AC 68C1124300
push 004312C1
|:004312BF(U)
|
:004312B1 8D45FC
:004312B4 E8FF24FDFF
:004312B9 C3
:004312BA E9B91FFDFF
:004312BF EBF0
jmp 00403278
jmp 004312B1

call 004037B8
ret
:004312C1
:004312C2
:004312C3
:004312C4
:004312C5
5E
5B
59
5D
C3
:004312C6 8BC0
pop
pop
pop
pop
ret
esi
ebx
ecx
ebp
mov eax, eax

|:00430F37 , :004335AA , :004335B5 , :004335D0
|
:004312C8 53
push ebx
:004312C9 8B485C
:004312CC 3BD1
cmp edx, ecx
:004312CE 741A
je 004312EA
:004312D0 85C9
test ecx, ecx
:004312D2 7405
je 004312D9
:004312D4 33DB
xor ebx, ebx
:004312D6 895960
mov dword ptr [ecx+60], ebx
|:004312D2(C)
|
:004312D9 8BCA
mov ecx, edx
:004312DB 89485C
:004312DE 85C9
test ecx, ecx
:004312E0 7403
je 004312E5
:004312E2 894160
mov dword ptr [ecx+60], eax
|:004312E0(C)
|
:004312E5 E83E000000
call 00431328
|:004312CE(C)
|
:004312EA 5B
pop ebx
:004312EB C3
ret
:004312EC
:004312ED
:004312EE
:004312F0
:004312F2
:004312F7
:004312F9
:004312FE
:00431300
:00431302
:00431304
:00431309
:0043130B
:0043130D
:0043130F
:00431313
53
56
8BF0
8BC6
E8B105FEFF
8BC6
E86A0D0000
85C0
7416
8BC6
E85F0D0000
8BD0
B101
8BC6
66BBF0FF
E8DC1AFDFF
push ebx
push esi
mov esi, eax
mov eax, esi
call 004118A8
mov eax, esi
call 00432068
test eax, eax
je 00431318
mov eax, esi
call 00432068
mov edx, eax
mov cl, 01
mov eax, esi
mov bx, FFF0
call 00402DF4
|:00431300(C)
|
:00431318 807E6800
:0043131C 7407
:0043131E 8BC6
:00431320 E803000000

je 00431325
mov eax, esi
call 00431328

|:0043131C(C)
|
:00431325 5E
pop esi
:00431326 5B
pop ebx
:00431327 C3
ret

|:004312E5 , :00431320 , :00431344 , :004322DB
|:004324DD , :00433E7B
|
:00431328 56
push esi
:00431329 8BF0
mov esi, eax
:0043132B F6462008
test [esi+20], 08
:0043132F 754F
jne 00431380
:00431331 F6462002
test [esi+20], 02
:00431335 7406
je 0043133D
:00431337 C6466801
mov [esi+68], 01
:0043133B EB43
jmp 00431380
, :00432364
|:00431335(C)
|
:0043133D 8B4660
:00431340 85C0
:00431342 741B
:00431344 E8DFFFFFFF
:00431349 EB35
|:0043136E(C)
|
:0043134B 6800040000
:00431350 6A00
:00431352 8BC6
:00431354 E8DB000000
:00431359 50

test eax, eax
je 0043135F
call 00431328
jmp 00431380
push 00000400
push 00000000
mov eax, esi
call 00431434
push eax
* Reference To: user32.RemoveMenu, Ord:0000h

|
:0043135A E80950FDFF
Call 00406368
|:00431342(C)
|
:0043135F 8BC6
:00431361 E8CE000000
:00431366 50

mov eax, esi
call 00431434
push eax

|
:00431367
:0043136C
:0043136E
:00431370
:00431372
:00431377
:00431379
:0043137B
:0043137D
E8444EFDFF
85C0
7FDB
8BC6
E8B9FEFFFF
33D2
8BC6
8B08
FF5134
Call 004061B0
test eax, eax
jg 0043134B
mov eax, esi
call 00431230
xor edx, edx
mov eax, esi
call [ecx+34]

|:0043132F(C), :0043133B(U), :00431349(U)
|
:00431380 5E
pop esi
:00431381 C3
ret
:00431382 8BC0
mov eax, eax

|:00432046 , :004322B5
|
:00431384 55
push ebp
:00431385 8BEC
mov ebp, esp
:00431387 83C4F4
add esp, FFFFFFF4
:0043138A 53
push ebx
:0043138B 56
push esi
:0043138C 57
push edi
:0043138D 33DB
xor ebx, ebx
:0043138F 895DF4
:00431392 884DFB
:00431395 8955FC
:00431398 8BF8
mov edi, eax
:0043139A 33C0
xor eax, eax
:0043139C 55
push ebp
:0043139D 6820144300
push 00431420
:004313A2 64FF30
:004313A5 648920
:004313A8 8BC7
mov eax, edi
:004313AA E8D10C0000
call 00432080
:004313AF 8BF0
mov esi, eax
:004313B1 4E
dec esi
:004313B2 85F6
test esi, esi
:004313B4 7C54
jl 0043140A
:004313B6 46
inc esi
:004313B7 33DB
xor ebx, ebx
|:00431408(C)
|
:004313B9 3B5DFC
:004313BC 7D28
:004313BE 8BD3
:004313C0 8BC7
:004313C2 E8C90C0000
:004313C7 8A4031
:004313CA 3A45FB
:004313CD 7637
:004313CF 8D55F4
:004313D2 A19C2A4400

jge 004313E6
mov edx, ebx
mov eax, edi
call 00432090
jbe 00431406
:004313D7
:004313DC
:004313DF
:004313E4
E8483AFDFF
8B45F4
E8ECF1FFFF
EB20
|:004313BC(C)
|
:004313E6 8BD3
:004313E8 8BC7
:004313EA E8A10C0000
:004313EF 8A4031
:004313F2 3A45FB
:004313F5 730F
:004313F7 8BD3
:004313F9 8BC7
:004313FB E8900C0000
:00431400 8A55FB
:00431403 885031
call 00404E24
call 004305D0
jmp 00431406
mov edx, ebx
mov eax, edi
call 00432090
jnb 00431406
mov edx, ebx
mov eax, edi
call 00432090

|:004313CD(C), :004313E4(U), :004313F5(C)
|
:00431406 43
inc ebx
:00431407 4E
dec esi
:00431408 75AF
jne 004313B9
|:004313B4(C)
|
:0043140A 33C0
xor eax, eax
:0043140C 5A
pop edx
:0043140D 59
pop ecx
:0043140E 59
pop ecx
:0043140F 648910
|
:00431412 6827144300
push 00431427
|:00431425(U)
|
:00431417 8D45F4
:0043141A E89923FDFF
:0043141F C3
:00431420
:00431425
:00431427
:00431428
:00431429
:0043142A
:0043142C
:0043142D
jmp
jmp
pop
pop
pop
mov
pop
ret
E9531EFDFF
EBF0
5F
5E
5B
8BE5
5D
C3
:0043142E 8BC0
:00431430 C3

call 004037B8
ret
00403278
00431417
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

ret
:00431431 8D4000

|:00430FE0 , :0043112C , :004311A3 , :00431354 , :00431361
|:00431F8A , :0043200B , :00432A6F , :00433EC7 , :004399EF
|:0043A32F
|
:00431434 55
push ebp
:00431435 8BEC
mov ebp, esp
:00431437 6A00
push 00000000
:00431439 53
push ebx
:0043143A 8BD8
mov ebx, eax
:0043143C 33C0
xor eax, eax
:0043143E 55
push ebp
:0043143F 68BB144300
push 004314BB
:00431444 64FF30
:00431447 648920
:0043144A 837B2800
:0043144E 7552
jne 004314A2
:00431450 8B4304
:00431453 8B15A0034300
:00431459 E83219FDFF
call 00402D90
:0043145E 84C0
test al, al
:00431460 740A
je 0043146C
* Reference To: user32.CreatePopupMenu, Ord:0000h
|
:00431462 E8D94BFDFF
Call 00406040
:00431467 894328
:0043146A EB08
jmp 00431474
|:00431460(C)
|
* Reference To: user32.CreateMenu, Ord:0000h
|
:0043146C E8C74BFDFF
Call 00406038
:00431471 894328
|:0043146A(U)
|
:00431474 837B2800
:00431478 7521
:0043147A 8D55FC
:0043147D A1802A4400
:00431482 E89D39FDFF
:00431487 8B4DFC
:0043148A B201
:0043148C A140FB4200
:00431491 E8D673FDFF
:00431496 E8151EFDFF

jne 0043149B
call 00404E24
mov dl, 01
call 0040886C
call 004032B0

|:00431478(C)
|
:0043149B 8BC3
mov eax, ebx
:0043149D E88EFDFFFF
call 00431230
|:0043144E(C)
|
:004314A2 8B5B28
:004314A5 33C0
:004314A7 5A
:004314A8 59
:004314A9 59
:004314AA 648910
:004314AD 68C2144300
|:004314C0(U)
|
:004314B2 8D45FC
:004314B5 E8FE22FDFF
:004314BA C3
:004314BB
:004314C0
:004314C2
:004314C4
:004314C5
:004314C6
:004314C7
E9B81DFDFF
EBF0
8BC3
5B
59
5D
C3
jmp
jmp
mov
pop
pop
pop
ret
:004314C8
:004314C9
:004314CA
:004314CC
:004314CE
:004314D0
:004314D2
:004314D7
:004314D8
:004314DD
:004314DE
:004314E3
53
56
8BF2
8BD8
8BD6
8BC3
E8FD02FEFF
53
6870124300
53
6830144300
33C9
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 004117D4
push ebx
push 00431270
push ebx
push 00431430
xor ecx, ecx

xor eax, eax
pop edx
pop ecx
pop ecx
push 004314C2

call 004037B8
ret
00403278
004314B2
eax, ebx
ebx
ecx
ebp
* Possible StringData Ref from Code Obj ->"ShortCutText"

|
:004314E5 BAFC144300
mov edx, 004314FC
:004314EA 8BC6
mov eax, esi
:004314EC 8B18
:004314EE FF13
:004314F0 5E
pop esi
:004314F1 5B
pop ebx
:004314F2 C3
ret
:004314F3 00
BYTE 0
:004314F4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004314F8
:004314FA
:004314FC
:004314FD
:00431502
:00431504
:00431505
0C00
0000
53
686F727443
7574
54
65
:00431506 7874
:00431508 00000000
or al, 00
push ebx
push 4374726F
jne 00431578
push esp
BYTE 065h
js 0043157C
BYTE 4 DUP(0)

|:00431BCC , :00431C07 , :00431C4A , :00431E5A
|
:0043150C 55
push ebp
:0043150D 8BEC
mov ebp, esp
:0043150F 83C4E4
add esp, FFFFFFE4
:00431512 53
push ebx
:00431513 56
push esi
:00431514 57
push edi
:00431515 33DB
xor ebx, ebx
:00431517 895DF4
:0043151A 894DF8
:0043151D 8955FC
:00431520 8BF0
mov esi, eax
:00431522 8B5D08
:00431525 33C0
xor eax, eax
:00431527 55
push ebp
:00431528 68BD164300
push 004316BD
:0043152D 64FF30
:00431530 648920
:00431533 8BC6
mov eax, esi
:00431535 E83E110000
call 00432678
:0043153A 8BF8
mov edi, eax
:0043153C 85FF
test edi, edi
:0043153E 742E
je 0043156E
:00431540 8BC7
mov eax, edi
:00431542 E82D1C0000
call 00433174
:00431547 84C0
test al, al
:00431549 7423
je 0043156E
:0043154B F6C300
test bl, 00
:0043154E 7508
jne 00431558
:00431550 83E3FF
and ebx, FFFFFFFF
:00431553 83CB02
or ebx, 00000002
:00431556 EB10
jmp 00431568
|:0043154E(C)
|
:00431558 8BC3
mov eax, ebx
:0043155A 83E002
and eax, 00000002
:0043155D 83F802
cmp eax, 00000002
:00431560 7506
jne 00431568
:00431562 83E3FD
and ebx, FFFFFFFD
:00431565 83CB00
or ebx, 00000000
|:00431556(U), :00431560(C)
|
:00431568 81CB00000200
or ebx, 00020000
|:0043153E(C), :00431549(C)
|
:0043156E 8D45F4
:00431571 8B55F8
:00431574 E8D722FDFF
:00431579 F6C704
|:00431506(C)
|
:0043157C 7424
:0043157E 837DF400
:00431582 7411
:00431584 8B45F4
:00431587 803826
:0043158A 7516
:0043158C 8B45F4
:0043158F 80780100
:00431593 750D
|:00431582(C)
|
:00431595 8D45F4
:00431598 BAD8164300
:0043159D E89A24FDFF

call 00403850
test bh, 04
je 004315A2
je 00431595
jne 004315A2
jne 004315A2

mov edx, 004316D8
call 00403A3C

|:0043157C(C), :0043158A(C), :00431593(C)
|
:004315A2 8B45F4
:004315A5 BAE4164300
mov edx, 004316E4
:004315AA E89525FDFF
call 00403B44
:004315AF 7537
jne 004315E8
:004315B1 F6C704
test bh, 04
:004315B4 0F85ED000000
jne 004316A7
:004315BA 8B4510
:004315BD 8BF0
mov esi, eax
:004315BF 8D7DE4
:004315C2 B904000000
mov ecx, 00000004
:004315C7 F3
repz
:004315C8 A5
movsd
:004315C9 8345E804
:004315CD 6A02
push 00000002
:004315CF 6A06
push 00000006
:004315D1 8D45E4
:004315D4 50
push eax
:004315D5 8B45FC
:004315D8 E88338FEFF
call 00414E60
:004315DD 50
push eax
|
:004315DE E8B54AFDFF
Call 00406098
:004315E3 E9BF000000
jmp 004316A7
|:004315AF(C)
|
:004315E8 8B45FC
:004315EB 8B4014
:004315EE B201
:004315F0 E8B332FEFF
:004315F5 807E2E00
:004315F9 741C
:004315FB 8B45FC
:004315FE 8B780C
:00431601 8BC7
:00431603 E8742CFEFF
:00431608 8BD0
:0043160A 0A15E8164300
:00431610 8BC7
:00431612 E8712CFEFF
|:004315F9(C)
|
:00431617 807E2D00
:0043161B 7565
:0043161D 807D0C00
:00431621 754F
:00431623 6A01
:00431625 6A01
:00431627 8B4510
:0043162A 50

mov dl, 01
call 004148A8
je 00431617
mov edi, dword ptr [eax+0C]
mov eax, edi
call 0041427C
mov edx, eax
or dl, byte ptr [004316E8]
mov eax, edi
call 00414288

jne 00431682
jne 00431672
push 00000001
push 00000001
push eax

|
:0043162B E8E84CFDFF
Call 00406318
:00431630 8B45FC
mov eax, dword ptr
:00431633 8B400C
mov eax, dword ptr
:00431636 BA14000080
mov edx, 80000014
:0043163B E88829FEFF
call 00413FC8
:00431640 53
push ebx
:00431641 8B4510
mov eax, dword ptr
:00431644 50
push eax
:00431645 8B45F4
mov eax, dword ptr
:00431648 E8E723FDFF
call 00403A34
:0043164D 50
push eax
:0043164E 8B45F4
mov eax, dword ptr
:00431651 E8A225FDFF
call 00403BF8
:00431656 50
push eax
:00431657 8B45FC
mov eax, dword ptr
:0043165A E80138FEFF
call 00414E60
:0043165F 50
push eax
[ebp-04]
[eax+0C]
[ebp+10]
[ebp-0C]
[ebp-0C]
[ebp-04]

|
:00431660 E8534AFDFF
Call 004060B8
:00431665 6AFF
push FFFFFFFF
:00431667 6AFF
push FFFFFFFF
:00431669 8B4510
:0043166C 50
push eax
:0043166D E8A64CFDFF
|
Call 00406318
|:00431621(C)
|
:00431672 8B45FC
:00431675 8B400C
:00431678 BA10000080
:0043167D E84629FEFF
|:0043161B(C)
|
:00431682 53
:00431683 8B4510
:00431686 50
:00431687 8B45F4
:0043168A E8A523FDFF
:0043168F 50
:00431690 8B45F4
:00431693 E86025FDFF
:00431698 50
:00431699 8B45FC
:0043169C E8BF37FEFF
:004316A1 50

mov edx, 80000010
call 00413FC8
push ebx
mov eax, dword
push eax
mov eax, dword
call 00403A34
push eax
mov eax, dword
call 00403BF8
push eax
mov eax, dword
call 00414E60
push eax
ptr [ebp+10]
ptr [ebp-0C]
ptr [ebp-0C]
ptr [ebp-04]

|
:004316A2 E8114AFDFF
Call 004060B8
|:004315B4(C), :004315E3(U)
|
:004316A7 33C0
:004316A9 5A
:004316AA 59
:004316AB 59
:004316AC 648910

xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:004316AF 68C4164300
push 004316C4
|:004316C2(U)
|
:004316B4 8D45F4
:004316B7 E8FC20FDFF
:004316BC C3
:004316BD
:004316C2
:004316C4
:004316C5
:004316C6
:004316C7
:004316C9
:004316CA
jmp
jmp
pop
pop
pop
mov
pop
ret
E9B61BFDFF
EBF0
5F
5E
5B
8BE5
5D
C20C00

call 004037B8
ret
00403278
004316B4
edi
esi
ebx
esp, ebp
ebp
000C
:004316CD 000000
BYTE 3 DUP(0)
:004316D0 FFFFFFFF
BYTE 4 DUP(0ffh)
:004316D4
:004316D6
:004316D8
:004316DA
:004316DC
0100
0000
2000
0000
FFFFFFFF

BYTE 4 DUP(0ffh)
:004316E0
:004316E2
:004316E4
:004316E9
0100
0000
2D00000001
000000

sub eax, 01000000
BYTE 3 DUP(0)
:004316EC
:004316ED
:004316EF
:004316F2
:004316F3
:004316F4
:004316F5
:004316F7
:004316FA
:004316FC
:004316FF
:00431704
:00431705
:00431706
:00431709
:0043170C
:0043170E
:0043170F
:00431714
:00431717
:0043171A
:0043171D
:00431722
:00431724
:00431726
:00431728
:0043172A
:0043172F
:00431731
:00431733
:00431736
:0043173B
:0043173D
:00431740
:00431741
:00431744
:00431745
:00431748
:0043174B
55
8BEC
83C4BC
53
56
57
33DB
895DBC
8BF1
8D7DE0
B904000000
F3
A5
8955F8
8945FC
33C0
55
68651C4300
64FF30
648920
8B45FC
E8560F0000
8BF0
85F6
7434
8BC6
E841150000
84C0
7429
8B45FC
6683787E00
741F
8D45E0
50
8A4508
50
8B5DFC
8B4DF8
8B55FC
push ebp
mov ebp, esp
add esp, FFFFFFBC
push ebx
push esi
push edi
xor ebx, ebx
mov esi, ecx
mov ecx, 00000004
repz
movsd
xor eax, eax
push ebp
push 00431C65
call 00432678
mov esi, eax
test esi, esi
je 0043175C
mov eax, esi
call 00432C70
test al, al
je 0043175C
je 0043175C
push eax
push eax
:0043174E 8B8380000000
:00431754 FF537C
:00431757 E9F3040000

call [ebx+7C]
jmp 00431C4F

|:00431726(C), :00431731(C), :0043173B(C)
|
:0043175C 8B45FC
:0043175F 66BBF3FF
mov bx, FFF3
:00431763 E88C16FDFF
call 00402DF4
:00431768 8B15D4014300
:0043176E E81D16FDFF
call 00402D90
:00431773 8845F7
:00431776 8B7E3C
:00431779 807D0800
:0043177D 750B
jne 0043178A
:0043177F 8D55E0
:00431782 8B45F8
:00431785 E8A633FEFF
call 00414B30
|:0043177D(C)
|
:0043178A 85F6
:0043178C 7406
:0043178E C645F600
:00431792 EB1D
|:0043178C(C)
|
:00431794 8BC6
:00431796 8B15A0034300
:0043179C E8EF15FDFF
:004317A1 84C0
:004317A3 7408
:004317A5 8A4650
:004317A8 8845F6
:004317AB EB04
test esi, esi

je 00431794
mov [ebp-0A], 00
jmp 004317B1
mov eax, esi

call 00402D90
test al, al
je 004317AD
mov byte ptr [ebp-0A], al
jmp 004317B1

|:004317A3(C)
|
:004317AD C645F600
mov [ebp-0A], 00
|:00431792(U), :004317AB(U)
|
:004317B1 8B45E0
:004317B4 40
:004317B5 8945D0
:004317B8 8B45E4
:004317BB 40
:004317BC 8945D4
:004317BF 8B45FC
:004317C2 8B4024
:004317C5 BA801C4300
:004317CA E87523FDFF
:004317CF 7520
:004317D1 8D55E0

inc eax
inc eax
mov edx, 00431C80
call 00403B44
jne 004317F1
:004317D4
:004317D7
:004317DC
:004317DE
:004317E1
:004317E8
:004317EC
8B45F8
E85433FEFF
33C0
8945D0
C745D8FCFFFFFF
C645F500
E90F030000

call 00414B30
xor eax, eax
mov [ebp-28], FFFFFFFC
mov [ebp-0B], 00
jmp 00431B00
|:004317CF(C)
|
:004317F1 85FF
:004317F3 7434
:004317F5 8B45FC
:004317F8 8B5834
:004317FB 83FBFF
:004317FE 7E0B
:00431800 8BC7
:00431802 E8C5D2FFFF
:00431807 3BD8
:00431809 7C22
|:004317FE(C)
|
:0043180B 8B45FC
:0043180E 80782C00
:00431812 7415
:00431814 8B45FC
:00431817 8B7040
:0043181A 85F6
:0043181C 740F
:0043181E 8BC6
:00431820 8B10
:00431822 FF521C
:00431825 84C0
:00431827 7504
test edi, edi

je 00431829
cmp ebx, FFFFFFFF
jle 0043180B
mov eax, edi
call 0042EACC
cmp ebx, eax
jl 0043182D

je 00431829
test esi, esi
je 0043182D
mov eax, esi
call [edx+1C]
test al, al
jne 0043182D

|:004317F3(C), :00431812(C)
|
:00431829 33C0
xor eax, eax
:0043182B EB02
jmp 0043182F
|:00431809(C), :0043181C(C), :00431827(C)
|
:0043182D B001
mov al, 01
|:0043182B(U)
|
:0043182F 8BD8
:00431831 84DB
:00431833 751D
:00431835 8B45FC
:00431838 8B7040
:0043183B 85F6
:0043183D 0F848F020000
:00431843 8BC6

mov ebx, eax
test bl, bl
jne 00431852
test esi, esi
je 00431AD2
mov eax, esi
:00431845
:00431847
:0043184A
:0043184C
8B10
FF521C
84C0
0F8580020000
|:00431833(C)
|
:00431852 C645F501
:00431856 84DB
:00431858 7414
:0043185A 8B4728
:0043185D 0345D0
:00431860 8945D8
:00431863 8B4724
:00431866 0345D4
:00431869 8945DC
:0043186C EB12

call [edx+1C]
test al, al
jne 00431AD2
mov [ebp-0B], 01
test bl, bl
je 0043186E
jmp 00431880

|:00431858(C)
|
:0043186E 8B45D0
:00431871 83C010
add eax, 00000010
:00431874 8945D8
:00431877 8B45D4
:0043187A 83C010
add eax, 00000010
:0043187D 8945DC
|:0043186C(U)
|
:00431880 8B45FC
:00431883 80782C00
:00431887 747D
:00431889 FF45D8
:0043188C FF45DC
:0043188F 8B45F8
:00431892 8B4014
:00431895 E8EA2EFEFF
:0043189A 8BF0
:0043189C 807D0800
:004318A0 7536
:004318A2 8B45F8
:004318A5 8B4014
:004318A8 E8D72EFEFF
:004318AD 8BF0
:004318AF BA14000080
:004318B4 B80F000080
:004318B9 E84291FEFF
:004318BE 8BD0
:004318C0 8B45F8
:004318C3 8B4014
:004318C6 E8952EFEFF
:004318CB 8D55D0
:004318CE 8B45F8
:004318D1 E85A32FEFF
:004318D6 EB1B

je 00431906
inc [ebp-28]
inc [ebp-24]
call 00414784
mov esi, eax
jne 004318D8
call 00414784
mov esi, eax
mov edx, 80000014
mov eax, 8000000F
call 0041AA00
mov edx, eax
call 00414760
call 00414B30
jmp 004318F3
|:004318A0(C)
|
:004318D8 8B45F8
:004318DB 8B4014
:004318DE BA0F000080
:004318E3 E8A42EFEFF
:004318E8 8D55D0
:004318EB 8B45F8
:004318EE E83D32FEFF
mov eax, dword ptr

mov eax, dword ptr
mov edx, 8000000F
call 0041478C
lea edx, dword ptr
mov eax, dword ptr
call 00414B30
[ebp-08]
[eax+14]
[ebp-30]
[ebp-08]
|:004318D6(U)
|
:004318F3 8B45F8
:004318F6 8B4014
:004318F9 8BD6
:004318FB E88C2EFEFF
:00431900 FF45D0
:00431903 FF45D4
|:00431887(C)
|
:00431906 84DB
:00431908 0F84FA000000
:0043190E 8B45FC
:00431911 8B5834
:00431914 83FBFF
:00431917 7E2F
:00431919 8BC7
:0043191B E8ACD1FFFF
:00431920 3BD8
:00431922 7D24
:00431924 8B45D4
:00431927 50
:00431928 8B45FC
:0043192B 8B4034
:0043192E 50
:0043192F 8B45FC
:00431932 8A402D
:00431935 50
:00431936 8B4DD0
:00431939 8B55F8
:0043193C 8BC7
:0043193E E841D4FFFF
:00431943 E979010000
|:00431917(C), :00431922(C)
|
:00431948 B201
:0043194A A10C314100
:0043194F E8D871FEFF
:00431954 8945F0
:00431957 33D2
:00431959 55
:0043195A 68011A4300
:0043195F 64FF32
:00431962 648922
:00431965 B201

mov edx, esi
call 0041478C
inc [ebp-30]
inc [ebp-2C]
test bl, bl
je 00431A08
cmp ebx, FFFFFFFF
jle 00431948
mov eax, edi
call 0042EACC
cmp ebx, eax
jge 00431948
push eax
push eax
mov al, byte ptr [eax+2D]
push eax
mov eax, edi
call 0042ED84
jmp 00431AC1
mov dl, 01
call 00418B2C
xor edx, edx
push ebp
push 00431A01
mov dl, 01
:00431967
:0043196A
:0043196C
:0043196F
:00431974
8B45F0
8B08
FF513C
68F87F0000
6A00

call [ecx+3C]
push 00007FF8
push 00000000
* Reference To: user32.LoadBitmapA, Ord:0000h

|
:00431976 E85D49FDFF
Call 004062D8
:0043197B 8BD0
mov edx, eax
:0043197D 8B45F0
mov eax, dword ptr
:00431980 E86380FEFF
call 004199E8
:00431985 8B45F8
mov eax, dword ptr
:00431988 8B400C
mov eax, dword ptr
:0043198B 8B7014
mov esi, dword ptr
:0043198E BA12000080
mov edx, 80000012
:00431993 E83026FEFF
call 00413FC8
:00431998 8B45F0
mov eax, dword ptr
:0043199B 50
push eax
:0043199C 8B45F0
mov eax, dword ptr
:0043199F 8B10
mov edx, dword ptr
:004319A1 FF5220
call [edx+20]
:004319A4 8B55DC
mov edx, dword ptr
:004319A7 8B7DD4
mov edi, dword ptr
:004319AA 2BD7
sub edx, edi
:004319AC 2BD0
sub edx, eax
:004319AE D1FA
sar edx, 1
:004319B0 7903
jns 004319B5
:004319B2 83D200
adc edx, 00000000
[ebp-10]
[ebp-08]
[eax+0C]
[eax+14]
[ebp-10]
[ebp-10]
[eax]
[ebp-24]
[ebp-2C]

|:004319B0(C)
|
:004319B5 03D7
add edx, edi
:004319B7 42
inc edx
:004319B8 52
push edx
:004319B9 8B45F0
:004319BC 8B10
:004319BE FF522C
call [edx+2C]
:004319C1 8B55D8
:004319C4 8B5DD0
:004319C7 2BD3
sub edx, ebx
:004319C9 2BD0
sub edx, eax
:004319CB D1FA
sar edx, 1
:004319CD 7903
jns 004319D2
:004319CF 83D200
adc edx, 00000000
|:004319CD(C)
|
:004319D2 03D3
:004319D4 42
:004319D5 8B45F8
:004319D8 59
:004319D9 E8A630FEFF
:004319DE 8B45F8
:004319E1 8B400C
:004319E4 8BD6
:004319E6 E8DD25FEFF
:004319EB 33C0

add edx, ebx
inc edx
pop ecx
call 00414A84
mov edx, esi
call 00413FC8
xor eax, eax
:004319ED
:004319EE
:004319EF
:004319F0
:004319F3
5A
59
59
648910
68C11A4300
pop edx
pop ecx
pop ecx
push 00431AC1
|:00431A06(U)
|
:004319F8 8B45F0
:004319FB E82012FDFF
:00431A00 C3
:00431A01 E97218FDFF
:00431A06 EBF0
jmp 00403278
jmp 004319F8
|:00431908(C)
|
:00431A08 8D75D0
:00431A0B 8D7DC0
:00431A0E B904000000
:00431A13 F3
:00431A14 A5
:00431A15 8B45FC
:00431A18 8B4040
:00431A1B 8B10
:00431A1D FF522C
:00431A20 8B55D8
:00431A23 2B55D0
:00431A26 3BC2
:00431A28 7D32
:00431A2A 8B45FC
:00431A2D 8B4040
:00431A30 8B10
:00431A32 FF522C
:00431A35 8B55D8
:00431A38 2B55D0
:00431A3B 2BD0
:00431A3D D1FA
:00431A3F 7903
:00431A41 83D200

call 00402C20
ret
lea esi, dword ptr

lea edi, dword ptr
mov ecx, 00000004
repz
movsd
mov eax, dword ptr
mov eax, dword ptr
mov edx, dword ptr
call [edx+2C]
mov edx, dword ptr
sub edx, dword ptr
cmp eax, edx
jge 00431A5C
mov eax, dword ptr
mov eax, dword ptr
mov edx, dword ptr
call [edx+2C]
mov edx, dword ptr
sub edx, dword ptr
sub edx, eax
sar edx, 1
jns 00431A44
adc edx, 00000000
[ebp-30]
[ebp-40]
[ebp-04]
[eax+40]
[eax]
[ebp-28]
[ebp-30]
[ebp-04]
[eax+40]
[eax]
[ebp-28]
[ebp-30]

|:00431A3F(C)
|
:00431A44 0355D0
:00431A47 42
inc edx
:00431A48 8955D0
:00431A4B 8B45FC
:00431A4E 8B4040
:00431A51 8B10
:00431A53 FF522C
call [edx+2C]
:00431A56 0345D0
:00431A59 8945D8
|:00431A28(C)
|
:00431A5C
:00431A5F
:00431A62
:00431A64
:00431A67
:00431A6A
:00431A6D
:00431A6F
:00431A71
:00431A74
:00431A77
:00431A79
:00431A7C
:00431A7F
:00431A82
:00431A84
:00431A86
:00431A88
8B45FC
8B4040
8B10
FF5220
8B55DC
2B55D4
3BC2
7D32
8B45FC
8B4040
8B10
FF5220
8B55DC
2B55D4
2BD0
D1FA
7903
83D200
mov eax, dword ptr

mov eax, dword ptr
mov edx, dword ptr
call [edx+20]
mov edx, dword ptr
sub edx, dword ptr
cmp eax, edx
jge 00431AA3
mov eax, dword ptr
mov eax, dword ptr
mov edx, dword ptr
call [edx+20]
mov edx, dword ptr
sub edx, dword ptr
sub edx, eax
sar edx, 1
jns 00431A8B
adc edx, 00000000
[ebp-04]
[eax+40]
[eax]
[ebp-24]
[ebp-2C]
[ebp-04]
[eax+40]
[eax]
[ebp-24]
[ebp-2C]

|:00431A86(C)
|
:00431A8B 0355D4
add edx, dword ptr [ebp-2C]
:00431A8E 42
inc edx
:00431A8F 8955D4
:00431A92 8B45FC
:00431A95 8B4040
:00431A98 8B10
:00431A9A FF5220
call [edx+20]
:00431A9D 0345D4
:00431AA0 8945DC
|:00431A6F(C)
|
:00431AA3 8B45FC
:00431AA6 8B4840
:00431AA9 8D55D0
:00431AAC 8B45F8
:00431AAF E88C31FEFF
:00431AB4 8D75C0
:00431AB7 8D7DD0
:00431ABA B904000000
:00431ABF F3
:00431AC0 A5
|:00431943(U)
|
:00431AC1 8B45FC
:00431AC4 80782C00
:00431AC8 7436
:00431ACA FF4DD8
:00431ACD FF4DDC
:00431AD0 EB2E
mov eax, dword ptr

mov ecx, dword ptr
lea edx, dword ptr
mov eax, dword ptr
call 00414C40
lea esi, dword ptr
lea edi, dword ptr
mov ecx, 00000004
repz
movsd
[ebp-04]
[eax+40]
[ebp-30]
[ebp-08]
[ebp-40]
[ebp-30]

je 00431B00
dec [ebp-28]
dec [ebp-24]
jmp 00431B00

|:0043183D(C), :0043184C(C)
|
:00431AD2 85FF
test edi, edi
:00431AD4
:00431AD6
:00431ADA
:00431ADC
:00431ADF
:00431AE2
:00431AE5
:00431AE8
:00431AEB
:00431AEE
741A
807DF700
7514
8B4728
0345D0
8945D8
8B4724
0345D4
8945DC
EB0C
|:00431AD4(C), :00431ADA(C)
|
:00431AF0 8B45D0
:00431AF3 8945D8
:00431AF6 8B45D4
:00431AF9 8945DC
je 00431AF0
jne 00431AF0
jmp 00431AFC
mov
mov
mov
mov


|:00431AEE(U)
|
:00431AFC C645F500
mov [ebp-0B], 00
|:004317EC(U), :00431AC8(C), :00431AD0(U)
|
:00431B00 FF4DD0
dec [ebp-30]
:00431B03 FF4DD4
dec [ebp-2C]
:00431B06 8345D802
:00431B0A 8345DC02
:00431B0E 8B45FC
:00431B11 80782C00
:00431B15 7508
jne 00431B1F
:00431B17 8A4508
:00431B1A 2245F5
and al, byte ptr [ebp-0B]
:00431B1D 7423
je 00431B42
|:00431B15(C)
|
:00431B1F 6A0F
:00431B21 8B45FC
:00431B24 0FB6402C
:00431B28 8B048508284400
:00431B2F 50
:00431B30 8D45D0
:00431B33 50
:00431B34 8B45F8
:00431B37 E82433FEFF
:00431B3C 50

push 0000000F
movzx eax, byte ptr [eax+2C]
push eax
push eax
call 00414E60
push eax

|
:00431B3D E85645FDFF
Call 00406098
|:00431B1D(C)
|
:00431B42 807D0800
:00431B46
:00431B48
:00431B4C
:00431B4E
:00431B51
:00431B52
7428
807DF500
7407
8B45D8
40
8945E0
je 00431B70
cmp byte ptr [ebp-0B], 00
je 00431B55
inc eax
|:00431B4C(C)
|
:00431B55 8B45F8
:00431B58 8B4014
:00431B5B BA0D000080
:00431B60 E8272CFEFF
:00431B65 8D55E0
:00431B68 8B45F8
:00431B6B E8C02FFEFF
|:00431B46(C)
|
:00431B70 807D0800
:00431B74 7406
:00431B76 807DF500
:00431B7A 7507
mov eax, dword ptr

mov eax, dword ptr
mov edx, 8000000D
call 0041478C
lea edx, dword ptr
mov eax, dword ptr
call 00414B30
[ebp-08]
[eax+14]
[ebp-20]
[ebp-08]

je 00431B7C
cmp byte ptr [ebp-0B], 00
jne 00431B83

|:00431B74(C)
|
:00431B7C 8B45D8
:00431B7F 40
inc eax
:00431B80 8945E0
|:00431B7A(C)
|
:00431B83 8345E002
:00431B87 FF4DE8
:00431B8A 33C0
:00431B8C 8A45F6
:00431B8F 668B1C4500284400
:00431B97 6683CB60
:00431B9B 0FB7DB
:00431B9E 8D75E0
:00431BA1 8D7DC0
:00431BA4 B904000000
:00431BA9 F3
:00431BAA A5
:00431BAB 8D45E0
:00431BAE 50
:00431BAF 8A4508
:00431BB2 50
:00431BB3 8BC3
:00431BB5 0D00040000
:00431BBA 0D00010000
:00431BBF 50
:00431BC0 8B45FC
:00431BC3 8B4824
:00431BC6 8B55F8
:00431BC9 8B45FC

dec [ebp-18]
xor eax, eax
mov al, byte ptr [ebp-0A]
mov bx, word ptr [2*eax+00442800]
or bx, 0060
movzx ebx, bx
mov ecx, 00000004
repz
movsd
push eax
push eax
mov eax, ebx
or eax, 00000400
or eax, 00000100
push eax
:00431BCC
:00431BD1
:00431BD4
:00431BD7
:00431BDA
:00431BDD
:00431BDF
:00431BE1
:00431BE3
E83BF9FFFF
8B45CC
2B45C4
8B55EC
2B55E4
2BC2
D1F8
7903
83D000
call 0043150C
mov eax, dword ptr
sub eax, dword ptr
mov edx, dword ptr
sub edx, dword ptr
sub eax, edx
sar eax, 1
jns 00431BE6
adc eax, 00000000
[ebp-34]
[ebp-3C]
[ebp-14]
[ebp-1C]

|:00431BE1(C)
|
:00431BE6 50
push eax
:00431BE7 6A00
push 00000000
:00431BE9 8D45E0
:00431BEC 50
push eax
|
:00431BED E82647FDFF
Call 00406318
:00431BF2 8D45E0
:00431BF5 50
push eax
:00431BF6 8A4508
:00431BF9 50
push eax
:00431BFA 53
push ebx
:00431BFB 8B45FC
:00431BFE 8B4824
:00431C01 8B55F8
:00431C04 8B45FC
:00431C07 E800F9FFFF
call 0043150C
:00431C0C 8B45FC
:00431C0F 668B5854
mov bx, word ptr [eax+54]
:00431C13 6685DB
test bx, bx
:00431C16 7437
je 00431C4F
:00431C18 807DF700
:00431C1C 7531
jne 00431C4F
:00431C1E 8B45E8
:00431C21 8945E0
:00431C24 8B45C8
:00431C27 83E80A
sub eax, 0000000A
:00431C2A 8945E8
:00431C2D 8D45E0
:00431C30 50
push eax
:00431C31 8A4508
:00431C34 50
push eax
:00431C35 6A02
push 00000002
:00431C37 8D55BC
:00431C3A 8BC3
mov eax, ebx
:00431C3C E88FEAFFFF
call 004306D0
:00431C41 8B4DBC
:00431C44 8B55F8
:00431C47 8B45FC
:00431C4A E8BDF8FFFF
call 0043150C
|:00431757(U), :00431C16(C), :00431C1C(C)
|
:00431C4F 33C0
xor eax, eax
:00431C51 5A
pop edx
:00431C52 59
:00431C53 59
:00431C54 648910
pop ecx
pop ecx

|
:00431C57 686C1C4300
push 00431C6C
|:00431C6A(U)
|
:00431C5C 8D45BC
:00431C5F E8541BFDFF
:00431C64 C3
:00431C65
:00431C6A
:00431C6C
:00431C6D
:00431C6E
:00431C6F
:00431C71
:00431C72
jmp
jmp
pop
pop
pop
mov
pop
ret
E90E16FDFF
EBF0
5F
5E
5B
8BE5
5D
C20400

call 004037B8
ret
00403278
00431C5C
edi
esi
ebx
esp, ebp
ebp
0004
:00431C75 000000
BYTE 3 DUP(0)
:00431C78 FFFFFFFF
BYTE 4 DUP(0ffh)
:00431C7C
:00431C7E
:00431C80
:00431C81
:00431C82
:00431C83

BYTE 2dh
BYTE 00h
BYTE 00h
BYTE 00h
0100
0000
2D
00
00
00

|:00431D14
|
:00431C84 55
push ebp
:00431C85 8BEC
mov ebp, esp
:00431C87 81C4ACFEFFFF
add esp, FFFFFEAC
:00431C8D C785ACFEFFFF54010000
:00431C97 6A00
push 00000000
:00431C99 8D85ACFEFFFF
:00431C9F 50
push eax
:00431CA0 6A00
push 00000000
:00431CA2 6A29
push 00000029
|
:00431CA4 E89F47FDFF
Call 00406448
:00431CA9 85C0
test eax, eax
:00431CAB 741C
je 00431CC9
:00431CAD 8B4508
:00431CB0 8B40FC
:00431CB3
:00431CB9
:00431CBB
:00431CBE
:00431CC1
:00431CC7
8B9544FFFFFF
8910
8B4508
8B4008
8B9548FFFFFF
8910
mov
mov
mov
mov
mov
mov
edx, dword ptr [ebp+FFFFFF44]

edx, dword ptr [ebp+FFFFFF48]

|:00431CAB(C)
|
:00431CC9 8BE5
mov esp, ebp
:00431CCB 5D
pop ebp
:00431CCC C3
ret
:00431CCD 8D4000

|:00433B7E , :00439384
|
:00431CD0 55
push ebp
:00431CD1 8BEC
mov ebp, esp
:00431CD3 83C4DC
add esp, FFFFFFDC
:00431CD6 53
push ebx
:00431CD7 56
push esi
:00431CD8 57
push edi
:00431CD9 33DB
xor ebx, ebx
:00431CDB 895DDC
:00431CDE 895DF0
:00431CE1 894DFC
:00431CE4 8955F8
:00431CE7 8BF0
mov esi, eax
:00431CE9 33C0
xor eax, eax
:00431CEB 55
push ebp
:00431CEC 68AE1E4300
push 00431EAE
:00431CF1 64FF30
:00431CF4 648920
:00431CF7 8BC6
mov eax, esi
:00431CF9 66BBF3FF
mov bx, FFF3
:00431CFD E8F210FDFF
call 00402DF4
:00431D02 8B15D4014300
:00431D08 E88310FDFF
call 00402D90
:00431D0D 84C0
test al, al
:00431D0F 740B
je 00431D1C
:00431D11 B301
mov bl, 01
:00431D13 55
push ebp
:00431D14 E86BFFFFFF
call 00431C84
:00431D19 59
pop ecx
:00431D1A EB02
jmp 00431D1E
|:00431D0F(C)
|
:00431D1C 33DB
xor ebx, ebx
|:00431D1A(U)
|
:00431D1E 8BC6
mov eax, esi
:00431D20 E853090000
call 00432678
:00431D25
:00431D27
:00431D2A
:00431D2D
:00431D30
:00431D35
:00431D3A
:00431D3C
:00431D3F
:00431D45
:00431D48
:00431D4E
:00431D50
8BF8
8B473C
8945F4
8B4624
BAC81E4300
E80A1EFDFF
7516
8B4508
C70005000000
8B45FC
C700FEFFFFFF
33C0
EB65
|:00431D3A(C)
|
:00431D52 837DF400
:00431D56 7428
:00431D58 837E34FF
:00431D5C 7F04
:00431D5E 84DB
:00431D60 751E
mov edi, eax

mov edx, 00431EC8
call 00403B44
jne 00431D52
mov dword ptr [eax], FFFFFFFE
xor eax, eax
jmp 00431DB7
je 00431D80
cmp dword ptr [esi+34], FFFFFFFF
jg 00431D62
test bl, bl
jne 00431D80

|:00431D5C(C)
|
:00431D62 8B45F4
:00431D65 8B4028
:00431D68 8B55FC
:00431D6B 8902
:00431D6D 84DB
test bl, bl
:00431D6F 750B
jne 00431D7C
:00431D71 8B45F4
:00431D74 8B4024
:00431D77 8B5508
:00431D7A 8902
|:00431D6F(C)
|
:00431D7C B001
mov al, 01
:00431D7E EB37
jmp 00431DB7
|:00431D56(C), :00431D60(C)
|
:00431D80 837E4000
:00431D84 7426
:00431D86 8B4640
:00431D89 8B10
:00431D8B FF521C
:00431D8E 84C0
:00431D90 751A
:00431D92 8B45FC
:00431D95 C70010000000
:00431D9B 84DB
:00431D9D 7509
:00431D9F 8B4508
:00431DA2 C70010000000

je 00431DAC
call [edx+1C]
test al, al
jne 00431DAC
test bl, bl
jne 00431DA8

|:00431D9D(C)
|
:00431DA8 B001
mov al, 01
:00431DAA EB0B
jmp 00431DB7
|:00431D84(C), :00431D90(C)
|
:00431DAC 8B45FC
:00431DAF C700F9FFFFFF
:00431DB5 33C0

mov dword ptr [eax], FFFFFFF9
xor eax, eax

|:00431D50(U), :00431D7E(U), :00431DAA(U)
|
:00431DB7 84C0
test al, al
:00431DB9 740A
je 00431DC5
:00431DBB 84DB
test bl, bl
:00431DBD 7506
jne 00431DC5
:00431DBF 8B45FC
:00431DC2 83000F
add dword ptr [eax], 0000000F
|:00431DB9(C), :00431DBD(C)
|
:00431DC5 84DB
:00431DC7 7506
:00431DC9 8B4508
:00431DCC 830003
|:00431DC7(C)
|
:00431DCF 8D45E0
:00431DD2 33C9
:00431DD4 BA10000000
:00431DD9 E85A0BFDFF
:00431DDE 85FF
:00431DE0 7404
:00431DE2 33DB
:00431DE4 EB18
|:00431DE0(C)
|
:00431DE6 8BC7
:00431DE8 8B15A0034300
:00431DEE E89D0FFDFF
:00431DF3 84C0
:00431DF5 7405
:00431DF7 8A5F50
:00431DFA EB02
test bl, bl
jne 00431DCF
add dword ptr [eax], 00000003

xor ecx, ecx
mov edx, 00000010
call 00402938
test edi, edi
je 00431DE6
xor ebx, ebx
jmp 00431DFE
mov eax, edi

call 00402D90
test al, al
je 00431DFC
mov bl, byte ptr [edi+50]
jmp 00431DFE

|:00431DF5(C)
|
:00431DFC 33DB
xor ebx, ebx
|:00431DE4(U), :00431DFA(U)
|
:00431DFE 668B7E54
:00431E02 6685FF
:00431E05 741A
:00431E07 8D55DC
:00431E0A 8BC7
:00431E0C E8BFE8FFFF
:00431E11 8B4DDC
:00431E14 8D45F0
:00431E17 8B5624
:00431E1A E8611CFDFF
:00431E1F EB0B
|:00431E05(C)
|
:00431E21 8D45F0
:00431E24 8B5624
:00431E27 E8241AFDFF
|:00431E1F(U)
|
:00431E2C 33C0
:00431E2E 8AC3
:00431E30 668B044510284400
:00431E38 6683C840
:00431E3C 6683C820
:00431E40 660D0001
:00431E44 660D0004
:00431E48 0FB7C0
:00431E4B 8D55E0
:00431E4E 52
:00431E4F 6A00
:00431E51 50
:00431E52 8B4DF0
:00431E55 8B55F8
:00431E58 8BC6
:00431E5A E8ADF6FFFF
:00431E5F 8B45E8
:00431E62 2B45E0
:00431E65 83C007
:00431E68 8B55FC
:00431E6B 0102
:00431E6D 6683BE8600000000
:00431E75 7419
:00431E77 8B45FC
:00431E7A 50
:00431E7B 8B4508
:00431E7E 50
:00431E7F 8B4DF8
:00431E82 8BD6
:00431E84 8B8688000000
:00431E8A FF9684000000
mov di, word ptr [esi+54]

test di, di
je 00431E21
mov eax, edi
call 004306D0
call 00403A80
jmp 00431E2C

call 00403850
xor eax, eax

mov al, bl
mov ax, word ptr [2*eax+00442810]
or ax, 0040
or ax, 0020
or ax, 0100
or ax, 0400
movzx eax, ax
push edx
push 00000000
push eax
mov eax, esi
call 0043150C
add eax, 00000007
add dword ptr [edx], eax
cmp word ptr [esi+00000086], 0000
je 00431E90
push eax
push eax
mov edx, esi

|:00431E75(C)
|
:00431E90
:00431E92
:00431E93
:00431E94
:00431E95
33C0
5A
59
59
648910
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:00431E98 68B51E4300
push 00431EB5
|:00431EB3(U)
|
:00431E9D 8D45DC
:00431EA0 E81319FDFF
:00431EA5 8D45F0
:00431EA8 E80B19FDFF
:00431EAD C3
:00431EAE
:00431EB3
:00431EB5
:00431EB6
:00431EB7
:00431EB8
:00431EBA
:00431EBB
jmp
jmp
pop
pop
pop
mov
pop
ret
E9C513FDFF
EBE8
5F
5E
5B
8BE5
5D
C20400

call 004037B8
call 004037B8
ret
00403278
00431E9D
edi
esi
ebx
esp, ebp
ebp
0004
:00431EBE 0000
BYTE 2 DUP(0)
:00431EC0 FFFFFFFF
BYTE 4 DUP(0ffh)
:00431EC4
:00431EC6
:00431EC8
:00431ECD
:00431ECF
:00431ED0
:00431ED1
:00431ED3
:00431ED6
:00431ED8
:00431EDB
:00431EDD
:00431EDF
:00431EE1

sub eax, B0000000
add ebx, eax
nop
push esi
mov esi, eax
cmp dl, byte ptr [esi+3C]
je 00431EE4
mov byte ptr [esi+3C], dl
mov dl, 01
mov eax, esi
call [ecx+34]
0100
0000
2D000000B0
01C3
90
56
8BF0
3A563C
740C
88563C
B201
8BC6
8B08
FF5134

|:00431ED6(C)
|
:00431EE4 5E
pop esi
:00431EE5 C3
ret
:00431EE6 8BC0
mov eax, eax

|:00430D92 , :004326E6
|
:00431EE8 53
push ebx
:00431EE9 56
push esi
:00431EEA 8BDA
mov ebx, edx
:00431EEC 8BF0
mov esi, eax
:00431EEE 8B4624
:00431EF1 8BD3
mov edx, ebx
:00431EF3 E84C1CFDFF
call 00403B44
:00431EF8 7413
je 00431F0D
:00431EFA 8D4624
:00431EFD 8BD3
mov edx, ebx
:00431EFF E80819FDFF
call 0040380C
:00431F04 B201
mov dl, 01
:00431F06 8BC6
mov eax, esi
:00431F08 8B08
:00431F0A FF5134
call [ecx+34]
|:00431EF8(C)
|
:00431F0D 5E
pop esi
:00431F0E 5B
pop ebx
:00431F0F C3
ret

|:00431FA1 , :0043205C , :004326A1
|
:00431F10 53
push ebx
:00431F11 56
push esi
:00431F12 57
push edi
:00431F13 8BD8
mov ebx, eax
:00431F15 8B7358
:00431F18 85F6
test esi, esi
:00431F1A 7438
je 00431F54
:00431F1C 8BC6
mov eax, esi
:00431F1E E85D010000
call 00432080
:00431F23 48
dec eax
:00431F24 85C0
test eax, eax
:00431F26 7C2C
jl 00431F54
:00431F28 40
inc eax
:00431F29 89C6
mov esi, eax
:00431F2B 33FF
xor edi, edi
|:00431F52(C)
|
:00431F2D 8BD7
:00431F2F 8B4358
:00431F32 E859010000
:00431F37 3BD8
:00431F39 7415
:00431F3B 80782F00
:00431F3F 740F
:00431F41 8A5031
:00431F44 3A5331
:00431F47 7507

mov edx, edi
call 00432090
cmp ebx, eax
je 00431F50
je 00431F50
cmp dl, byte ptr [ebx+31]
jne 00431F50
:00431F49 33D2
:00431F4B E808000000
xor edx, edx

call 00431F58

|:00431F39(C), :00431F3F(C), :00431F47(C)
|
:00431F50 47
inc edi
:00431F51 4E
dec esi
:00431F52 75D9
jne 00431F2D
|:00431F1A(C), :00431F26(C)
|
:00431F54 5F
:00431F55 5E
:00431F56 5B
:00431F57 C3

pop edi
pop esi
pop ebx
ret

|:00430DB2 , :00431F4B , :004326FA
|
:00431F58 53
push ebx
:00431F59 56
push esi
:00431F5A 57
push edi
:00431F5B 8BDA
mov ebx, edx
:00431F5D 8BF0
mov esi, eax
:00431F5F 3A5E2C
cmp bl, byte ptr [esi+2C]
:00431F62 7442
je 00431FA6
:00431F64 885E2C
mov byte ptr [esi+2C], bl
:00431F67 8B7E58
:00431F6A 85FF
test edi, edi
:00431F6C 7427
je 00431F95
:00431F6E F6462002
test [esi+20], 02
:00431F72 7521
jne 00431F95
:00431F74 33C0
xor eax, eax
:00431F76 8AC3
mov al, bl
:00431F78 8B048598274400
:00431F7F 83C800
or eax, 00000000
:00431F82 50
push eax
:00431F83 0FB74644
:00431F87 50
push eax
:00431F88 8BC7
mov eax, edi
:00431F8A E8A5F4FFFF
call 00431434
:00431F8F 50
push eax
* Reference To: user32.CheckMenuItem, Ord:0000h
|
:00431F90 E88B40FDFF
Call 00406020
|:00431F6C(C), :00431F72(C)
|
:00431F95 84DB
:00431F97 740D
:00431F99 807E2F00
:00431F9D 7407
:00431F9F 8BC6
:00431FA1 E86AFFFFFF

test bl, bl
je 00431FA6
cmp byte ptr [esi+2F], 00
je 00431FA6
mov eax, esi
call 00431F10

|:00431F62(C), :00431F97(C), :00431F9D(C)
|
:00431FA6 5F
pop edi
:00431FA7 5E
pop esi
:00431FA8 5B
pop ebx
:00431FA9 C3
ret
:00431FAA 8BC0
mov eax, eax

|:00430DD2 , :0043270E , :00439A42
|
:00431FAC 53
push ebx
:00431FAD 56
push esi
:00431FAE 57
push edi
:00431FAF 8BDA
mov ebx, edx
:00431FB1 8BF0
mov esi, eax
:00431FB3 3A5E2D
cmp bl, byte ptr [esi+2D]
:00431FB6 7467
je 0043201F
:00431FB8 885E2D
mov byte ptr [esi+2D], bl
:00431FBB A14C2D4400
:00431FC0 833802
:00431FC3 750B
jne 00431FD0
:00431FC5 8BC6
mov eax, esi
:00431FC7 E8B4000000
call 00432080
:00431FCC 85C0
test eax, eax
:00431FCE 750D
jne 00431FDD
|:00431FC3(C)
|
:00431FD0 8B7E58
:00431FD3 85FF
:00431FD5 7411
:00431FD7 837F6000
:00431FDB 740B

test edi, edi
je 00431FE8
je 00431FE8

|:00431FCE(C)
|
:00431FDD B201
mov dl, 01
:00431FDF 8BC6
mov eax, esi
:00431FE1 8B08
:00431FE3 FF5134
call [ecx+34]
:00431FE6 EB37
jmp 0043201F
|:00431FD5(C), :00431FDB(C)
|
:00431FE8 8B7E58
:00431FEB 85FF
:00431FED 7427
:00431FEF F6462002
:00431FF3 7521
:00431FF5 33C0
:00431FF7 8AC3
:00431FF9 8B0485A0274400

test edi, edi
je 00432016
test [esi+20], 02
jne 00432016
xor eax, eax
mov al, bl
:00432000
:00432003
:00432004
:00432008
:00432009
:0043200B
:00432010
83C800
50
0FB74644
50
8BC7
E824F4FFFF
50
or eax, 00000000
push eax
push eax
mov eax, edi
call 00431434
push eax

|
:00432011 E8AA40FDFF
Call 004060C0
|:00431FED(C), :00431FF3(C)
|
:00432016 33D2
:00432018 8BC6
:0043201A 8B08
:0043201C FF5134
|:00431FB6(C), :00431FE6(U)
|
:0043201F 5F
:00432020 5E
:00432021 5B
:00432022 C3
:00432023 90
nop
xor edx, edx

mov eax, esi
call [ecx+34]
pop edi
pop esi
pop ebx
ret

|:004322A9
|
:00432024 53
push ebx
:00432025 56
push esi
:00432026 57
push edi
:00432027 8BDA
mov ebx, edx
:00432029 8BF0
mov esi, eax
:0043202B 3A5E31
:0043202E 7431
je 00432061
:00432030 8B7E58
:00432033 85FF
test edi, edi
:00432035 7414
je 0043204B
:00432037 8BD6
mov edx, esi
:00432039 8BC7
mov eax, edi
:0043203B E8A0030000
call 004323E0
:00432040 8BD0
mov edx, eax
:00432042 8BCB
mov ecx, ebx
:00432044 8BC7
mov eax, edi
:00432046 E839F3FFFF
call 00431384
|:00432035(C)
|
:0043204B 885E31
:0043204E 807E2C00
:00432052 740D
:00432054 807E2F00
:00432058 7407

je 00432061
je 00432061
:0043205A 8BC6
:0043205C E8AFFEFFFF
mov eax, esi

call 00431F10

|:0043202E(C), :00432052(C), :00432058(C)
|
:00432061 5F
pop edi
:00432062 5E
pop esi
:00432063 5B
pop ebx
:00432064 C3
ret
:00432065 8D4000

|:004312F9 , :00431304 , :00432392 , :0043239D , :004326BF
|:0043279C , :00432967
|
:00432068 8B5038
:0043206B 85D2
test edx, edx
:0043206D 7404
je 00432073
:0043206F 8B420C
:00432072 C3
ret

|:0043206D(C)
|
:00432073 33C0
xor eax, eax
:00432075 C3
ret
:00432076 8BC0
:00432078 A1D8FC4200
:0043207D C3
mov eax, eax

mov eax, dword ptr [0042FCD8]
ret
:0043207E 8BC0
mov eax, eax
|:00430A96 , :00430ACD
|:00431121 , :0043118F
|:0043211E , :00432164
|:0043236B , :00432400
|
:00432080 8B5050
:00432083 85D2
:00432085 7503
:00432087 33C0
:00432089 C3
Addresses:
, :00430ADD
, :004313AA
, :004321CA
, :004325EB
,
,
,
,
:00430F24
:00431F1E
:004322E2
:00432B25
,
,
,
,
:00430FD5
:00431FC7
:0043232B
:0043C263

test edx, edx
jne 0043208A
xor eax, eax
ret

|:00432085(C)
|
:0043208A 8B4208
:0043208D C3
ret
:0043208E 8BC0
|:00430A65 , :00430AFF
|:00430F18 , :004313C2
|:00432178 , :004321DE
|:0043323D , :0043C27D
|
:00432090 53
:00432091 56
:00432092 8BF2
:00432094 8BD8
:00432096 837B5000
:0043209A 7505
:0043209C E847E5FFFF
mov eax, eax

Addresses:
, :00430B15
, :004313EA
, :004321EE
, :00430B64
, :004313FB
, :004325FE
, :00430B81
, :00431F32
, :00432B3C
push ebx
push esi
mov esi, edx
mov ebx, eax
jne 004320A1
call 004305E8
|:0043209A(C)
|
:004320A1 8BD6
:004320A3 8B4350
:004320A6 E8CDAAFDFF
:004320AB 5E
:004320AC 5B
:004320AD C3
:004320AE 8BC0
mov eax, eax
mov edx, esi

call 0040CB78
pop esi
pop ebx
ret

|:00430E52 , :0043129F , :0043275D
|
:004320B0 56
push esi
:004320B1 8BF0
mov esi, eax
:004320B3 663B5654
cmp dx, word ptr [esi+54]
:004320B7 740D
je 004320C6
:004320B9 66895654
mov word ptr [esi+54], dx
:004320BD B201
mov dl, 01
:004320BF 8BC6
mov eax, esi
:004320C1 8B08
:004320C3 FF5134
call [ecx+34]
|:004320B7(C)
|
:004320C6 5E
pop esi
:004320C7 C3
ret

|:00430E72 , :00432771
|
:004320C8 56
push esi
:004320C9 8BF0
mov esi, eax
:004320CB 3A5630
:004320CE 740C
je 004320DC
:004320D0 885630
:004320D3 B201
mov dl, 01
:004320D5 8BC6
:004320D7 8B08
:004320D9 FF5134
mov eax, esi

call [ecx+34]

|:004320CE(C)
|
:004320DC 5E
pop esi
:004320DD C3
ret
:004320DE 8BC0
mov eax, eax

|:00430E32 , :00432747
|
:004320E0 56
push esi
:004320E1 8BF0
mov esi, eax
:004320E3 3B5634
cmp edx, dword ptr [esi+34]
:004320E6 740C
je 004320F4
:004320E8 895634
:004320EB B201
mov dl, 01
:004320ED 8BC6
mov eax, esi
:004320EF 8B08
:004320F1 FF5134
call [ecx+34]
|:004320E6(C)
|
:004320F4 5E
pop esi
:004320F5 C3
ret
:004320F6 8BC0
mov eax, eax

|:00432132
|
:004320F8 83CAFF
or edx, FFFFFFFF
:004320FB 8B4858
:004320FE 85C9
test ecx, ecx
:00432100 740B
je 0043210D
:00432102 8BD0
mov edx, eax
:00432104 8BC1
mov eax, ecx
:00432106 E8D5020000
call 004323E0
:0043210B 8BD0
mov edx, eax
|:00432100(C)
|
:0043210D 8BC2
mov eax, edx
:0043210F C3
ret

|:004321A5
|
:00432110 53
push ebx
:00432111 56
push esi
:00432112
:00432113
:00432115
:00432117
:0043211A
:0043211C
:0043211E
:00432123
:00432125
:00432127
57
8BF2
8BD8
8B4358
85C0
7434
E85DFFFFFF
85F6
7D02
33F6
push edi
mov esi, edx
mov ebx, eax
test eax, eax
je 00432152
call 00432080
test esi, esi
jge 00432129
xor esi, esi

|:00432125(C)
|
:00432129 3BC6
cmp eax, esi
:0043212B 7F03
jg 00432130
:0043212D 8BF0
mov esi, eax
:0043212F 4E
dec esi
|:0043212B(C)
|
:00432130 8BC3
:00432137 3BF0
:00432139 7417
:0043213B 8B7B58
:0043213E 8BD3
:00432140 8BC7
:00432142 E8CD020000
:00432147 8BCB
:00432149 8BD6
:0043214B 8BC7
:0043214D E8CA000000
|:0043211C(C), :00432139(C)
|
:00432152 5F
:00432153 5E
:00432154 5B
:00432155 C3
:00432156
:00432158
:00432159
:0043215B
:0043215C
:0043215D
:0043215E
:00432161
:00432164
:00432169
:0043216B
:0043216C
:0043216E
:00432170
:00432171
mov eax, eax

push ebp
mov ebp, esp
push ecx
push ebx
push esi
call 00432080
mov ebx, eax
dec ebx
test ebx, ebx
jl 00432189
inc ebx
xor esi, esi
8BC0
55
8BEC
51
53
56
8945FC
8B45FC
E817FFFFFF
8BD8
4B
85DB
7C19
43
33F6
mov eax, ebx

call 004320F8
cmp esi, eax
je 00432152
mov edx, ebx
mov eax, edi
call 00432414
mov ecx, ebx
mov edx, esi
mov eax, edi
call 0043221C
pop edi
pop esi
pop ebx
ret
|:00432187(C)
|
:00432173 8BD6
:00432175 8B45FC
:00432178 E813FFFFFF
:0043217D 8BD0
:0043217F 8B450C
:00432182 FF5508
:00432185 46
:00432186 4B
:00432187 75EA

mov edx, esi
call 00432090
mov edx, eax
call [ebp+08]
inc esi
dec ebx
jne 00432173

|:0043216E(C)
|
:00432189 5E
pop esi
:0043218A 5B
pop ebx
:0043218B 59
pop ecx
:0043218C 5D
pop ebp
:0043218D C20800
ret 0008
:00432190
:00432191
:00432192
:00432194
:00432196
:00432198
:0043219E
:004321A3
:004321A5
:004321AA
:004321AB
:004321AC
53
56
8BF1
8BDA
8BC3
8B1590FD4200
E8050CFDFF
8BD6
E866FFFFFF
5E
5B
C3
push ebx
push esi
mov esi, ecx
mov ebx, edx
mov eax, ebx
call 00402DA8
mov edx, esi
call 00432110
pop esi
pop ebx
ret
:004321AD
:004321B0
:004321B1
:004321B2
:004321B3
:004321B4
:004321B6
:004321B8
:004321BB
:004321BD
:004321BF
:004321C1
:004321C5
:004321C7
:004321CA
:004321CF
:004321D1
:004321D2
:004321D4
:004321D6
:004321D7
8D4000
53
56
57
55
8BDA
8BF0
3A5E2E
744A
84DB
743A
837E5800
7434
8B4658
E8B1FEFFFF
8BF8
4F
85FF
7C25
47
33ED

push ebx
push esi
push edi
push ebp
mov ebx, edx
mov esi, eax
cmp bl, byte ptr [esi+2E]
je 00432207
test bl, bl
je 004321FB
je 004321FB
call 00432080
mov edi, eax
dec edi
test edi, edi
jl 004321FB
inc edi
xor ebp, ebp
|:004321F9(C)
|
:004321D9 8BD5
:004321DB 8B4658
:004321DE E8ADFEFFFF
:004321E3 80782E00
:004321E7 740E
:004321E9 8BD5
:004321EB 8B4658
:004321EE E89DFEFFFF
:004321F3 C6402E00
mov edx, ebp

call 00432090
je 004321F7
mov edx, ebp
call 00432090
mov [eax+2E], 00

|:004321E7(C)
|
:004321F7 45
inc ebp
:004321F8 4F
dec edi
:004321F9 75DE
jne 004321D9
|:004321BF(C), :004321C5(C), :004321D4(C)
|
:004321FB 885E2E
mov byte ptr [esi+2E], bl
:004321FE B201
mov dl, 01
:00432200 8BC6
mov eax, esi
:00432202 8B08
:00432204 FF5134
call [ecx+34]
|:004321BB(C)
|
:00432207 5D
pop ebp
:00432208 5F
pop edi
:00432209 5E
pop esi
:0043220A 5B
pop ebx
:0043220B C3
ret
:0043220C
:0043220F
:00432211
:00432213
:00432215
:00432217
8B5038
85D2
7407
8BC2
8B10
FF5218

test edx, edx
je 0043221A
mov eax, edx
call [edx+18]

|:00432211(C)
|
:0043221A C3
ret
:0043221B 90
nop
|:0043214D , :0043240B
|
:0043221C 55
push ebp
:0043221D 8BEC
mov ebp, esp
:0043221F 6A00
push 00000000
:00432221 53
push ebx
:00432222 56
push esi
:00432223 57
push edi
:00432224
:00432226
:00432228
:0043222A
:0043222C
:0043222D
:00432232
:00432235
:00432238
:0043223C
:0043223E
:00432241
:00432246
:0043224B
:0043224E
:00432250
:00432255
:0043225A
8BD9
8BFA
8BF0
33C0
55
6808234300
64FF30
648920
837B5800
7421
8D55FC
A1442D4400
E8D92BFDFF
8B4DFC
B201
A140FB4200
E81266FDFF
E85110FDFF
mov ebx, ecx

mov edi, edx
mov esi, eax
xor eax, eax
push ebp
push 00432308
je 0043225F
call 00404E24
mov dl, 01
call 0040886C
call 004032B0
|:0043223C(C)
|
:0043225F 837E5000
:00432263 750F
:00432265 B201
:00432267 A154B54000
:0043226C E87F09FDFF
:00432271 894650
|:00432263(C)
|
:00432274 8BC7
:00432276 48
:00432277 85C0
:00432279 7C33
:0043227B 8BC7
:0043227D 48
:0043227E 8B5650
:00432281 3B4208
:00432284 7D28
:00432286 8BD7
:00432288 4A
:00432289 8B4650
:0043228C E8E7A8FDFF
:00432291 8A4031
:00432294 3A4331
:00432297 7615
:00432299 8BD7
:0043229B 4A
:0043229C 8B4650
:0043229F E8D4A8FDFF
:004322A4 8A5031
:004322A7 8BC3

jne 00432274
mov dl, 01
call 00402BF0
mov eax, edi

dec eax
test eax, eax
jl 004322AE
mov eax, edi
dec eax
jge 004322AE
mov edx, edi
dec edx
call 0040CB78
jbe 004322AE
mov edx, edi
dec edx
call 0040CB78
mov eax, ebx
call 00432024

|:00432279(C), :00432284(C), :00432297(C)
|
:004322AE 8A4B31
mov cl, byte ptr [ebx+31]
:004322B1
:004322B3
:004322B5
:004322BA
:004322BC
:004322BE
:004322C1
:004322C6
:004322C9
:004322CC
:004322D3
:004322D7
:004322D9
:004322DB
8BD7
8BC6
E8CAF0FFFF
8BCB
8BD7
8B4650
E86AA9FDFF
897358
897370
C7436CC0244300
837E2800
7407
8BC6
E848F0FFFF
mov edx, edi

mov eax, esi
call 00431384
mov ecx, ebx
mov edx, edi
call 0040CC30
mov [ebx+6C], 004324C0
je 004322E0
mov eax, esi
call 00431328
|:004322D7(C)
|
:004322E0 8BC6
:004322E7 48
:004322E8 0F94C2
:004322EB 8BC6
:004322ED 8B08
:004322EF FF5134
:004322F2 33C0
:004322F4 5A
:004322F5 59
:004322F6 59
:004322F7 648910

mov eax, esi
call 00432080
dec eax
sete dl
mov eax, esi
call [ecx+34]
xor eax, eax
pop edx
pop ecx
pop ecx

|
:004322FA 680F234300
push 0043230F
|:0043230D(U)
|
:004322FF 8D45FC
:00432302 E8B114FDFF
:00432307 C3
:00432308
:0043230D
:0043230F
:00432310
:00432311
:00432312
:00432313
:00432314
jmp
jmp
pop
pop
pop
pop
pop
ret
E96B0FFDFF
EBF0
5F
5E
5B
59
5D
C3
:00432315 8D4000

call 004037B8
ret
00403278
004322FF
edi
esi
ebx
ecx
ebp

|:0043245B
|
:00432318 53
push ebx
:00432319 56
push esi
:0043231A
:0043231B
:0043231D
:0043231F
:00432321
:00432323
:00432327
:00432329
:0043232B
:00432330
:00432332
57
8BDA
8BF0
85DB
7C11
837E5000
740B
8BC6
E850FDFFFF
3BD8
7C05
push edi
mov ebx, edx
mov esi, eax
test ebx, ebx
jl 00432334
je 00432334
mov eax, esi
call 00432080
cmp ebx, eax
jl 00432339

|:00432321(C), :00432327(C)
|
:00432334 E8AFE2FFFF
call 004305E8
|:00432332(C)
|
:00432339 8BD3
:0043233B 8B4650
:0043233E E835A8FDFF
:00432343 8BF8
:00432345 8BD3
:00432347 8B4650
:0043234A E84DA7FDFF
:0043234F 33C0
:00432351 894758
:00432354 33C0
:00432356 89476C
:00432359 894770
:0043235C 837E2800
:00432360 7407
:00432362 8BC6
:00432364 E8BFEFFFFF
|:00432360(C)
|
:00432369 8BC6
:00432370 85C0
:00432372 0F94C2
:00432375 8BC6
:00432377 8B08
:00432379 FF5134
:0043237C 5F
:0043237D 5E
:0043237E 5B
:0043237F C3
:00432380
:00432381
:00432383
:00432387
:00432389
:0043238E
:00432390
push ebx
mov ebx, eax
je 004323DD
je 004323B4
mov eax, ebx
53
8BD8
807B2D00
7454
66837B7600
7424
8BC3
mov edx, ebx

call 0040CB78
mov edi, eax
mov edx, ebx
call 0040CA9C
xor eax, eax
xor eax, eax
je 00432369
mov eax, esi
call 00431328
mov eax, esi

call 00432080
test eax, eax
sete dl
mov eax, esi
call [ecx+34]
pop edi
pop esi
pop ebx
ret
:00432392
:00432397
:00432399
:0043239B
:0043239D
:004323A2
:004323A5
:004323A8
:004323AA
:004323AC
:004323AF
:004323B2
E8D1FCFFFF
85C0
7419
8BC3
E8C6FCFFFF
8B402C
3B4374
740A
8BD3
8B4378
FF5374
EB29
call 00432068
test eax, eax
je 004323B4
mov eax, ebx
call 00432068
je 004323B4
mov edx, ebx
call [ebx+74]
jmp 004323DD

|:0043238E(C), :00432399(C), :004323A8(C)
|
:004323B4 F6432010
test [ebx+20], 10
:004323B8 7514
jne 004323CE
:004323BA 837B3800
:004323BE 740E
je 004323CE
:004323C0 8B4338
:004323C3 66BBFFFF
mov bx, FFFF
:004323C7 E8280AFDFF
call 00402DF4
:004323CC EB0F
jmp 004323DD
|:004323B8(C), :004323BE(C)
|
:004323CE 66837B7600
:004323D3 7408
:004323D5 8BD3
:004323D7 8B4378
:004323DA FF5374

je 004323DD
mov edx, ebx
call [ebx+74]

|:00432387(C), :004323B2(U), :004323CC(U), :004323D3(C)
|
:004323DD 5B
pop ebx
:004323DE C3
ret
:004323DF 90
nop

|:0043203B , :00432106 , :0043242C
|
:004323E0 56
push esi
:004323E1 83C9FF
or ecx, FFFFFFFF
:004323E4 8B7050
:004323E7 85F6
test esi, esi
:004323E9 7409
je 004323F4
:004323EB 8BC6
mov eax, esi
:004323ED E81EA8FDFF
call 0040CC10
:004323F2 8BC8
mov ecx, eax
|:004323E9(C)
|
:004323F4 8BC1
mov eax, ecx
:004323F6 5E
pop esi
:004323F7 C3
ret

|:00432652 , :0043266E
|
:004323F8 53
push ebx
:004323F9 56
push esi
:004323FA 8BF2
mov esi, edx
:004323FC 8BD8
mov ebx, eax
:004323FE 8BC3
mov eax, ebx
call 00432080
:00432405 8BD0
mov edx, eax
:00432407 8BCE
mov ecx, esi
:00432409 8BC3
mov eax, ebx
call 0043221C
:00432410 5E
pop esi
:00432411 5B
pop ebx
:00432412 C3
ret
:00432413 90
nop

|:00430F08 , :00432142 , :00432633
|
:00432414 55
push ebp
:00432415 8BEC
mov ebp, esp
:00432417 6A00
push 00000000
:00432419 53
push ebx
:0043241A 8BD8
mov ebx, eax
:0043241C 33C0
xor eax, eax
:0043241E 55
push ebp
:0043241F 6876244300
push 00432476
:00432424 64FF30
:00432427 648920
:0043242A 8BC3
mov eax, ebx
:0043242C E8AFFFFFFF
call 004323E0
:00432431 83F8FF
cmp eax, FFFFFFFF
:00432434 7521
jne 00432457
:00432436 8D55FC
:00432439 A1C42C4400
mov eax, dword ptr [00442CC4]
:0043243E E8E129FDFF
call 00404E24
:00432443 8B4DFC
:00432446 B201
mov dl, 01
:00432448 A140FB4200
:0043244D E81A64FDFF
call 0040886C
:00432452 E8590EFDFF
call 004032B0
|:00432434(C)
|
:00432457 8BD0
:00432459 8BC3
:0043245B E8B8FEFFFF
:00432460 33C0
:00432462 5A
:00432463 59
:00432464 59

mov edx, eax
mov eax, ebx
call 00432318
xor eax, eax
pop edx
pop ecx
pop ecx
:00432465 648910

|
:00432468 687D244300
push 0043247D
|:0043247B(U)
|
:0043246D 8D45FC
:00432470 E84313FDFF
:00432475 C3
:00432476
:0043247B
:0043247D
:0043247E
:0043247F
:00432480
E9FD0DFDFF
EBF0
5B
59
5D
C3
jmp
jmp
pop
pop
pop
ret
:00432481
:00432484
:00432485
:00432486
:00432488
:0043248A
:0043248E
:00432490
:00432493
:00432499
:0043249E
:004324A0
:004324A2
:004324A4
8D4000
53
56
8BDA
8BF0
837E5800
7516
8B4604
8B15E0004300
E8F208FDFF
84C0
7404
33C0
EB02

push ebx
push esi
mov ebx, edx
mov esi, eax
jne 004324A6
call 00402D90
test al, al
je 004324A6
xor eax, eax
jmp 004324A8

call 004037B8
ret
00403278
0043246D
ebx
ecx
ebp

|:0043248E(C), :004324A0(C)
|
:004324A6 8BC6
mov eax, esi
|:004324A4(U)
|
:004324A8 66837E6E00
:004324AD 740B
:004324AF 53
:004324B0 8BC8
:004324B2 8BD6
:004324B4 8B4670
:004324B7 FF566C

cmp word ptr [esi+6E], 0000
je 004324BA
push ebx
mov ecx, eax
mov edx, esi
call [esi+6C]

|:004324AD(C)
|
:004324BA 5E
pop esi
:004324BB 5B
pop ebx
:004324BC C3
ret
:004324BD 8D4000

|:004324EF , :00432AA5
|
:004324C0 55
push ebp
:004324C1 8BEC
mov ebp, esp
:004324C3 53
push ebx
:004324C4 56
push esi
:004324C5 8BF1
mov esi, ecx
:004324C7 8BD8
mov ebx, eax
:004324C9 807D0800
:004324CD 7413
je 004324E2
:004324CF 837B2800
:004324D3 7506
jne 004324DB
:004324D5 837B6000
:004324D9 7407
je 004324E2
|:004324D3(C)
|
:004324DB 8BC3
mov eax, ebx
:004324DD E846EEFFFF
call 00431328
|:004324CD(C), :004324D9(C)
|
:004324E2 8B4358
:004324E5 85C0
:004324E7 740D
:004324E9 6A00
:004324EB 8BCE
:004324ED 8BD3
:004324EF E8CCFFFFFF
:004324F4 EB1B
|:004324E7(C)
|
:004324F6 8B7304
:004324F9 8BC6
:004324FB 8B15D4014300
:00432501 E88A08FDFF
:00432506 84C0
:00432508 7407
:0043250A 8BC6
:0043250C E8C7100000
|:004324F4(U), :00432508(C)
|
:00432511 5E
:00432512 5B
:00432513 5D
:00432514 C20400
:00432517 90
:00432518 53
nop
push ebx

test eax, eax
je 004324F6
push 00000000
mov ecx, esi
mov edx, ebx
call 004324C0
jmp 00432511

mov eax, esi
call 00402D90
test al, al
je 00432511
mov eax, esi
call 004335D8
pop
pop
pop
ret
esi
ebx
ebp
0004
:00432519
:0043251B
:0043251F
:00432521
:00432523
:00432528
:0043252D
8BD8
837B4000
750F
B201
A10C314100
E8FF65FEFF
894340
mov ebx, eax

jne 00432530
mov dl, 01
call 00418B2C

|:0043251F(C)
|
:00432530 B201
mov dl, 01
:00432532 8B4340
:00432535 8B08
:00432537 FF513C
call [ecx+3C]
:0043253A 8B4340
:0043253D 5B
pop ebx
:0043253E C3
ret
:0043253F 90
nop

|:00432974
|
:00432540 53
push ebx
:00432541 56
push esi
:00432542 57
push edi
:00432543 8BFA
mov edi, edx
:00432545 8BF0
mov esi, eax
:00432547 85FF
test edi, edi
:00432549 750F
jne 0043255A
:0043254B 8B4638
:0043254E E8CD06FDFF
call 00402C20
:00432553 33C0
xor eax, eax
:00432555 894638
:00432558 EB4F
jmp 004325A9
|:00432549(C)
|
:0043255A 837E3800
:0043255E 7515
:00432560 8BC6
:00432562 66BBEFFF
:00432566 E88908FDFF
:0043256B 8BCE
:0043256D B201
:0043256F FF5014
:00432572 894638

jne 00432575
mov eax, esi
mov bx, FFEF
call 00402DF4
mov ecx, esi
mov dl, 01
call [eax+14]

|:0043255E(C)
|
:00432575 8BD7
mov edx, edi
:00432577 8B4638
:0043257A 8B08
:0043257C FF510C
call [ecx+0C]
:0043257F 8B4638
:00432582 897008
:00432585
:0043258C
:00432590
:00432593
:00432595
:00432597
:0043259B
:004325A0
:004325A2
:004325A4
C7400494274300
F6472001
0F95C1
8BD7
8BC6
66BBF0FF
E85408FDFF
8BD6
8BC7
E8E7EFFDFF
mov [eax+04], 00432794

test [edi+20], 01
setne cl
mov edx, edi
mov eax, esi
mov bx, FFF0
call 00402DF4
mov edx, esi
mov eax, edi
call 00411590

|:00432558(U)
|
:004325A9 5F
pop edi
:004325AA 5E
pop esi
:004325AB 5B
pop ebx
:004325AC C3
ret
:004325AD
:004325B0
:004325B1
:004325B2
:004325B4
:004325B6
:004325BA
:004325BC
:004325BE
:004325C3
:004325C8
8D4000
53
56
8BDA
8BF0
837E4000
750F
B201
A10C314100
E86465FEFF
894640

push ebx
push esi
mov ebx, edx
mov esi, eax
jne 004325CB
mov dl, 01
call 00418B2C

|:004325BA(C)
|
:004325CB 8BD3
mov edx, ebx
:004325CD 8B4640
:004325D0 8B08
:004325D2 FF5108
call [ecx+08]
:004325D5 33D2
xor edx, edx
:004325D7 8BC6
mov eax, esi
:004325D9 8B08
:004325DB FF5134
call [ecx+34]
:004325DE 5E
pop esi
:004325DF 5B
pop ebx
:004325E0 C3
ret
:004325E1 8D4000

|:00432C3A , :00432C64 , :00432CCD
|
:004325E4 53
push ebx
:004325E5 56
push esi
:004325E6 57
push edi
:004325E7 8BF8
mov edi, eax
:004325E9 8BC7
mov eax, edi
:004325EB E890FAFFFF
call 00432080
:004325F0 8BD8
mov ebx, eax
:004325F2
:004325F3
:004325F5
:004325F7
:004325F8
4B
85DB
7C15
43
33F6
|:0043260A(C)
|
:004325FA 8BD6
:004325FC 8BC7
:004325FE E88DFAFFFF
:00432603 8B10
:00432605 FF5238
:00432608 46
:00432609 4B
:0043260A 75EE
dec ebx
test ebx, ebx
jl 0043260C
inc ebx
xor esi, esi
mov edx, esi
mov eax, edi
call 00432090
call [edx+38]
inc esi
dec ebx
jne 004325FA

|:004325F5(C)
|
:0043260C 5F
pop edi
:0043260D 5E
pop esi
:0043260E 5B
pop ebx
:0043260F C3
ret
:00432610
:00432613
:00432615
:00432617
:0043261B
:0043261D
:00432620
8B5058
85D2
740A
837A6400
7404
8B4264
C3

test edx, edx
je 00432621
je 00432621
ret

|:00432615(C), :0043261B(C)
|
:00432621 8BC2
mov eax, edx
:00432623 C3
ret
:00432624
:00432625
:00432626
:00432628
:0043262A
:0043262D
:0043262F
:00432631
:00432633
53
56
8BF2
8BD8
8B4358
85C0
7407
8BD3
E8DCFDFFFF
push ebx
push esi
mov esi, edx
mov ebx, eax
test eax, eax
je 00432638
mov edx, ebx
call 00432414

|:0043262F(C)
|
:00432638 85F6
test esi, esi
:0043263A 7437
je 00432673
:0043263C 8BC6
mov eax, esi
:0043263E
:00432644
:00432649
:0043264B
:0043264D
:00432650
:00432652
:00432657
8B15E0004300
E84707FDFF
84C0
740C
8B4628
8BD3
E8A1FDFFFF
EB1A
|:0043264B(C)
|
:00432659 8BC6
:0043265B 8B1590FD4200
:00432661 E82A07FDFF
:00432666 84C0
:00432668 7409
:0043266A 8BD3
:0043266C 8BC6
:0043266E E885FDFFFF

call 00402D90
test al, al
je 00432659
mov edx, ebx
call 004323F8
jmp 00432673
mov eax, esi
call 00402D90
test al, al
je 00432673
mov edx, ebx
mov eax, esi
call 004323F8

|:0043263A(C), :00432657(U), :00432668(C)
|
:00432673 5E
pop esi
:00432674 5B
pop ebx
:00432675 C3
ret
:00432676 8BC0
mov eax, eax

|:00431057 , :00431535 , :0043171D , :00431D20
|
:00432678 EB02
jmp 0043267C
|:00432681(C)
|
:0043267A 8BC2
mov eax, edx
|:00432678(U)
|
:0043267C 8B5058
:0043267F 85D2
test edx, edx
:00432681 75F7
jne 0043267A
:00432683 8B4064
:00432686 C3
ret
:00432687
:00432688
:00432689
:0043268B
:0043268E
:00432690
:00432693
:00432697
:00432699
90
56
8BF0
3A562F
741F
88562F
807E2C00
740D
807E2F00
nop
push esi
mov esi, eax
cmp dl, byte
je 004326AF
mov byte ptr
cmp byte ptr
je 004326A6
cmp byte ptr
ptr [esi+2F]
[esi+2F], dl
[esi+2C], 00
[esi+2F], 00
:0043269D 7407
:0043269F 8BC6
:004326A1 E86AF8FFFF
je 004326A6
mov eax, esi
call 00431F10
|:00432697(C), :0043269D(C)
|
:004326A6 B201
:004326A8 8BC6
:004326AA 8B08
:004326AC FF5134

mov dl, 01
mov eax, esi
call [ecx+34]

|:0043268E(C)
|
:004326AF 5E
pop esi
:004326B0 C3
ret
:004326B1
:004326B4
:004326B5
:004326B6
:004326B7
:004326B9
:004326BB
:004326BD
:004326BF
:004326C4
:004326CA
:004326CF
:004326D1
:004326D7
:004326D9
:004326DB
:004326DF
8D4000
53
56
57
8BD9
8BFA
8BF0
8BC6
E8A4F9FFFF
8B15F4D74200
E8C106FDFF
84C0
0F84B6000000
84DB
7406
837E2400
750A

push ebx
push esi
push edi
mov ebx, ecx
mov edi, edx
mov esi, eax
mov eax, esi
call 00432068
call 00402D90
test al, al
je 0043278D
test bl, bl
je 004326E1
jne 004326EB
|:004326D9(C)
|
:004326E1 8B574C
:004326E4 8BC6
:004326E6 E8FDF7FFFF
|:004326DF(C)
|
:004326EB 84DB
:004326ED 7406
:004326EF 807E2C00
:004326F3 750A
|:004326ED(C)
|
:004326F5 8A5750
:004326F8 8BC6
:004326FA E859F8FFFF

mov eax, esi
call 00431EE8
test bl, bl
je 004326F5
jne 004326FF

mov eax, esi
call 00431F58
|:004326F3(C)
|
:004326FF 84DB
:00432701 7406
:00432703 807E2D01
:00432707 750A
test bl, bl
je 00432709
jne 00432713
|:00432701(C)
|
:00432709 8A5751
:0043270C 8BC6
:0043270E E899F8FFFF
|:00432707(C)
|
:00432713 84DB
:00432715 7406
:00432717 837E4800
:0043271B 7506

mov eax, esi
call 00431FAC
test bl, bl
je 0043271D
jne 00432723

|:00432715(C)
|
:0043271D 8B4754
:00432720 894648
|:0043271B(C)
|
:00432723 84DB
:00432725 7406
:00432727 837E4C00
:0043272B 750B
|:00432725(C)
|
:0043272D 8D464C
:00432730 8B5758
:00432733 E8D410FDFF
|:0043272B(C)
|
:00432738 84DB
:0043273A 7406
:0043273C 837E34FF
:00432740 750A
|:0043273A(C)
|
:00432742 8B575C
:00432745 8BC6
:00432747 E894F9FFFF
test bl, bl
je 0043272D
jne 00432738

call 0040380C
test bl, bl
je 00432742
cmp dword ptr [esi+34], FFFFFFFF
jne 0043274C

mov eax, esi
call 004320E0

|:00432740(C)
|
:0043274C
:0043274E
:00432750
:00432755
84DB
7407
66837E5400
750B
test bl, bl
je 00432757
jne 00432762
|:0043274E(C)
|
:00432757 668B5760
:0043275B 8BC6
:0043275D E84EF9FFFF
|:00432755(C)
|
:00432762 84DB
:00432764 7406
:00432766 807E3001
:0043276A 750A
|:00432764(C)
|
:0043276C 8A5762
:0043276F 8BC6
:00432771 E852F9FFFF
|:0043276A(C)
|
:00432776 84DB
:00432778 7407
:0043277A 66837E7600
:0043277F 750C
mov dx, word ptr [edi+60]

mov eax, esi
call 004320B0
test bl, bl
je 0043276C
jne 00432776

mov eax, esi
call 004320C8
test bl, bl
je 00432781
jne 0043278D

|:00432778(C)
|
:00432781 8B472C
:00432784 894674
:00432787 8B4730
:0043278A 894678
|:004326D1(C), :0043277F(C)
|
:0043278D 5F
:0043278E 5E
:0043278F 5B
:00432790 C3
:00432791
:00432794
:00432795
:00432796
:00432798
:0043279A
:0043279C

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 00432068
8D4000
53
56
8BF2
8BD8
8BC3
E8C7F8FFFF
pop edi
pop esi
pop ebx
ret
:004327A1
:004327A3
:004327A5
:004327A7
:004327A9
:004327AB
:004327AF
3BF0
750F
33C9
8BD6
8BC3
66BBF0FF
E84006FDFF
cmp esi, eax

jne 004327B4
xor ecx, ecx
mov edx, esi
mov eax, ebx
mov bx, FFF0
call 00402DF4

|:004327A3(C)
|
:004327B4 5E
pop esi
:004327B5 5B
pop ebx
:004327B6 C3
ret
:004327B7
:004327B8
:004327B9
:004327BA
:004327BC
:004327BF
:004327C1
:004327C3
:004327C5
:004327C7
:004327CA
:004327CC
:004327CE
:004327D0
:004327D1
:004327D2
90
53
56
8BD8
8B7338
85F6
7410
8BC6
8B10
FF521C
84C0
7405
33C0
5E
5B
C3
nop
push ebx
push esi
mov ebx, eax
test esi, esi
je 004327D3
mov eax, esi
call [edx+1C]
test al, al
je 004327D3
xor eax, eax
pop esi
pop ebx
ret
|:004327C1(C), :004327CC(C)
|
:004327D3 B001
:004327D5 5E
:004327D6 5B
:004327D7 C3
:004327D8
:004327D9
:004327DA
:004327DC
:004327DF
:004327E1
:004327E3
:004327E5
:004327E7
:004327EA
:004327EC
:004327EE
:004327F0
:004327F1
:004327F2
push ebx
push esi
mov ebx, eax
test esi, esi
je 004327F3
mov eax, esi
call [edx+20]
test al, al
je 004327F3
xor eax, eax
pop esi
pop ebx
ret
53
56
8BD8
8B7338
85F6
7410
8BC6
8B10
FF5220
84C0
7405
33C0
5E
5B
C3
mov al, 01
pop esi
pop ebx
ret
|:004327E1(C), :004327EC(C)
|
:004327F3 B001
:004327F5 5E
:004327F6 5B
:004327F7 C3
:004327F8
:004327F9
:004327FA
:004327FC
:004327FF
:00432801
:00432803
:00432805
:00432807
:0043280A
:0043280C
:0043280E
:00432810
:00432811
:00432812
push ebx
push esi
mov ebx, eax
test esi, esi
je 00432813
mov eax, esi
call [edx+24]
test al, al
je 00432813
xor eax, eax
pop esi
pop ebx
ret
53
56
8BD8
8B7338
85F6
7410
8BC6
8B10
FF5224
84C0
7405
33C0
5E
5B
C3
mov al, 01
pop esi
pop ebx
ret
|:00432801(C), :0043280C(C)
|
:00432813 B001
:00432815 5E
:00432816 5B
:00432817 C3
:00432818
:00432819
:0043281A
:0043281C
:0043281F
:00432821
:00432823
:00432825
:00432827
:0043282A
:0043282C
:0043282E
:00432830
:00432831
:00432832
push ebx
push esi
mov ebx, eax
test esi, esi
je 00432833
mov eax, esi
call [edx+2C]
test al, al
je 00432833
xor eax, eax
pop esi
pop ebx
ret
53
56
8BD8
8B7338
85F6
7410
8BC6
8B10
FF522C
84C0
7405
33C0
5E
5B
C3
mov al, 01
pop esi
pop ebx
ret

|:00432821(C), :0043282C(C)
|
:00432833 B001
mov al, 01
:00432835 5E
:00432836 5B
:00432837 C3
pop esi
pop ebx
ret
:00432838
:00432839
:0043283A
:0043283C
:0043283F
:00432841
:00432843
:00432845
:00432847
:0043284A
:0043284C
:0043284E
:00432850
:00432851
:00432852
push ebx
push esi
mov ebx, eax
test esi, esi
je 00432853
mov eax, esi
call [edx+28]
test al, al
je 00432853
xor eax, eax
pop esi
pop ebx
ret
53
56
8BD8
8B7338
85F6
7410
8BC6
8B10
FF5228
84C0
7405
33C0
5E
5B
C3
|:00432841(C), :0043284C(C)
|
:00432853 B001
:00432855 5E
:00432856 5B
:00432857 C3
:00432858
:00432859
:0043285A
:0043285C
:0043285F
:00432861
:00432863
:00432865
:00432867
:0043286A
:0043286C
:0043286E
:00432870
:00432871
:00432872
push ebx
push esi
mov ebx, eax
test esi, esi
je 00432873
mov eax, esi
call [edx+30]
test al, al
je 00432873
xor eax, eax
pop esi
pop ebx
ret
53
56
8BD8
8B7338
85F6
7410
8BC6
8B10
FF5230
84C0
7405
33C0
5E
5B
C3
mov al, 01
pop esi
pop ebx
ret
|:00432861(C), :0043286C(C)
|
:00432873 B001
:00432875 5E
:00432876 5B
:00432877 C3
:00432878 53
push ebx
mov al, 01
pop esi
pop ebx
ret
:00432879
:0043287A
:0043287C
:0043287F
:00432881
:00432883
:00432885
:00432887
:0043288A
:0043288C
:0043288E
:00432890
:00432891
:00432892
56
8BD8
8B7338
85F6
7410
8BC6
8B10
FF5234
84C0
7405
33C0
5E
5B
C3
push esi
mov ebx, eax
test esi, esi
je 00432893
mov eax, esi
call [edx+34]
test al, al
je 00432893
xor eax, eax
pop esi
pop ebx
ret
|:00432881(C), :0043288C(C)
|
:00432893 B001
:00432895 5E
:00432896 5B
:00432897 C3
:00432898
:00432899
:0043289A
:0043289C
:0043289F
:004328A1
:004328A3
:004328A5
:004328A7
:004328AA
:004328AC
:004328AE
:004328B0
:004328B1
:004328B2
push ebx
push esi
mov ebx, eax
test esi, esi
je 004328B3
mov eax, esi
call [edx+38]
test al, al
je 004328B3
xor eax, eax
pop esi
pop ebx
ret
53
56
8BD8
8B7338
85F6
7410
8BC6
8B10
FF5238
84C0
7405
33C0
5E
5B
C3
mov al, 01
pop esi
pop ebx
ret
|:004328A1(C), :004328AC(C)
|
:004328B3 B001
:004328B5 5E
:004328B6 5B
:004328B7 C3
:004328B8
:004328B9
:004328BA
:004328BC
:004328BF
:004328C1
:004328C3
push ebx
push esi
mov ebx, eax
test esi, esi
je 004328D3
mov eax, esi
53
56
8BD8
8B7338
85F6
7410
8BC6
mov al, 01
pop esi
pop ebx
ret
:004328C5
:004328C7
:004328CA
:004328CC
:004328CE
:004328D0
:004328D1
:004328D2
8B10
FF5208
84C0
7405
33C0
5E
5B
C3

call [edx+08]
test al, al
je 004328D3
xor eax, eax
pop esi
pop ebx
ret
|:004328C1(C), :004328CC(C)
|
:004328D3 B001
:004328D5 5E
:004328D6 5B
:004328D7 C3
:004328D8
:004328D9
:004328DA
:004328DB
:004328DD
:004328DF
:004328E1
:004328E7
:004328EC
:004328EE
:004328F0
:004328F3
:004328F5
:004328F7
:004328FC
:004328FF
:00432901
:00432906
:00432909
:0043290B
:00432910
:00432913
:00432915
:0043291A
:0043291D
:0043291F
:00432924
:00432927
:00432929
:0043292E
:00432931
:00432934
:00432936
:00432938
:0043293B
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov eax, esi
call 00402D90
test al, al
je 0043293D
mov edi, esi
mov eax, edi
call 0042E144
mov eax, edi
call 0042E19C
mov eax, edi
call 0042E1F4
mov eax, edi
call 0042E25C
mov eax, edi
call 0042E084
mov eax, edi
call 0042E310
push [ebx+78]
push [ebx+74]
mov eax, edi
call [edx+34]
jmp 00432946
53
56
57
8BF2
8BD8
8BC6
8B15F4D74200
E8A404FDFF
84C0
744D
8A532D
8BFE
8BC7
E848B8FFFF
8B5348
8BC7
E896B8FFFF
8B534C
8BC7
E8E4B8FFFF
8B5334
8BC7
E842B9FFFF
8B5324
8BC7
E860B7FFFF
8A5330
8BC7
E8E2B9FFFF
FF7378
FF7374
8BC7
8B10
FF5234
EB09
mov al, 01
pop esi
pop ebx
ret

|:004328EE(C)
|
:0043293D 8BD6
mov edx, esi
:0043293F 8BC3
:00432941 E8C6A9FDFF
mov eax, ebx

call 0040D30C

|:0043293B(U)
|
:00432946 5F
pop edi
:00432947 5E
pop esi
:00432948 5B
pop ebx
:00432949 C3
ret
:0043294A
:0043294C
:0043294D
:0043294E
:0043294F
:00432951
:00432953
:00432955
:00432957
:00432959
:0043295B
:00432960
:00432963
:00432965
:00432967
:0043296C
:0043296E
:00432970
:00432972
:00432974
8BC0
53
56
57
8BD9
8BF2
8BF8
8BCB
8BD6
8BC7
E808EEFDFF
80FB01
7514
8BC7
E8FCF6FFFF
3BF0
7509
33D2
8BC7
E8C7FBFFFF
mov eax, eax

push ebx
push esi
push edi
mov ebx, ecx
mov esi, edx
mov edi, eax
mov ecx, ebx
mov edx, esi
mov eax, edi
call 00411768
cmp bl, 01
jne 00432979
mov eax, edi
call 00432068
cmp esi, eax
jne 00432979
xor edx, edx
mov eax, edi
call 00432540
|:00432963(C), :0043296E(C)
|
:00432979 5F
:0043297A 5E
:0043297B 5B
:0043297C C3
:0043297D 8D4000
pop edi
pop esi
pop ebx
ret

|:00433CFE
|
:00432980 55
push ebp
:00432981 8BEC
mov ebp, esp
:00432983 51
push ecx
:00432984 53
push ebx
:00432985 56
push esi
:00432986 57
push edi
:00432987 84D2
test dl, dl
:00432989 7408
je 00432993
:0043298B 83C4F0
add esp, FFFFFFF0
:0043298E E87105FDFF
call 00402F04
|:00432989(C)
|
:00432993
:00432995
:00432998
:0043299A
:0043299C
:0043299E
:004329A3
:004329A8
:004329AA
:004329AD
:004329B0
:004329B2
:004329B5
:004329B8
:004329BB
:004329BD
:004329C2
:004329C7
:004329C9
:004329CC
8BF9
8855FF
8BD8
8BCB
B201
A190FD4200
E8FCE4FFFF
8BF0
897328
895E70
8B03
8B4038
89466C
895E64
B201
A130E44200
E82902FDFF
8BF0
897338
895E0C
mov edi, ecx

mov ebx, eax
mov ecx, ebx
mov dl, 01
call 00430EA4
mov esi, eax
mov dl, 01
call 00402BF0
mov esi, eax
* Possible StringData Ref from Code Obj ->";P<u"

|
:004329CF C7460800314300
mov [esi+08], 00433100
:004329D6 C6433501
mov [ebx+35], 01
:004329DA 8BCF
mov ecx, edi
:004329DC 33D2
xor edx, edx
:004329DE 8BC3
mov eax, ebx
:004329E0 E8DBEAFDFF
call 004114C0
:004329E5 8BC3
mov eax, ebx
:004329E7 E8040B0000
call 004334F0
:004329EC 8BC3
mov eax, ebx
:004329EE 807DFF00
:004329F2 740F
je 00432A03
:004329F4 E86305FDFF
call 00402F5C
:004329F9 648F0500000000
:00432A00 83C40C
add esp, 0000000C
|:004329F2(C)
|
:00432A03 8BC3
mov eax, ebx
:00432A05 5F
pop edi
:00432A06 5E
pop esi
:00432A07 5B
pop ebx
:00432A08 59
pop ecx
:00432A09 5D
pop ebp
:00432A0A C3
ret
:00432A0B 90
nop

|:00433D76
|
:00432A0C 53
push ebx
:00432A0D 56
push esi
:00432A0E E85105FDFF
call 00402F64
:00432A13 8BDA
mov ebx, edx
:00432A15
:00432A17
:00432A1A
:00432A1F
:00432A22
:00432A27
:00432A29
:00432A2C
:00432A2E
:00432A33
:00432A35
:00432A37
:00432A39
8BF0
8B4628
E80102FDFF
8B4638
E8F901FDFF
8BD3
80E2FC
8BC6
E8D9EAFDFF
84DB
7E07
8BC6
E81605FDFF
mov esi, eax

call 00402C20
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 0041150C
test bl, bl
jle 00432A3E
mov eax, esi
call 00402F54

|:00432A35(C)
|
:00432A3E 5E
pop esi
:00432A3F 5B
pop ebx
:00432A40 C3
ret
:00432A41
:00432A44
:00432A45
:00432A47
:00432A48
:00432A49
:00432A4A
:00432A4C
:00432A4E
:00432A51
:00432A54
:00432A56
:00432A59
:00432A5D
:00432A62
:00432A63
:00432A64
:00432A65
:00432A66
8D4000
55
8BEC
53
56
57
8BFA
8BF0
FF750C
FF7508
8BD7
8B4628
66BBFDFF
E89203FDFF
5F
5E
5B
5D
C20800
:00432A69 8D4000

push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, edx
mov esi, eax
push [ebp+0C]
push [ebp+08]
mov edx, edi
mov bx, FFFD
call 00402DF4
pop edi
pop esi
pop ebx
pop ebp
ret 0008

|:0043360E
|
:00432A6C 8B4028
:00432A6F E8C0E9FFFF
call 00431434
:00432A74 C3
ret
:00432A75
:00432A78
:00432A79
:00432A7C
:00432A80
:00432A85
:00432A86
8D4000
53
8B4028
66BBFAFF
E86F03FDFF
5B
C3

push ebx
mov bx, FFFA
call 00402DF4
pop ebx
ret
:00432A87
:00432A88
:00432A89
:00432A8A
:00432A8C
:00432A8E
:00432A93
:00432A95
:00432A98
:00432A9D
:00432A9F
:00432AA1
:00432AA3
:00432AA5
:00432AAA
:00432AAC
:00432AAD
:00432AAE
90
53
56
8BF0
33DB
B8882A4300
8BCE
8B565C
E80BE0FFFF
6A01
8BCE
8BD6
8BC6
E816FAFFFF
8BC3
5E
5B
C3
:00432AAF 90
nop
push ebx
push esi
mov esi, eax
xor ebx, ebx
mov eax, 00432A88
mov ecx, esi
call 00430AA8
push 00000001
mov ecx, esi
mov edx, esi
mov eax, esi
call 004324C0
mov eax, ebx
pop esi
pop ebx
ret
nop

|:00432FDC , :00433105 , :0043313E
|
:00432AB0 53
push ebx
:00432AB1 B9882A4300
mov ecx, 00432A88
:00432AB6 8B5028
:00432AB9 8B5A5C
mov ebx, dword ptr [edx+5C]
:00432ABC 8BC2
mov eax, edx
:00432ABE 91
xchg eax,ecx
:00432ABF 8BD3
mov edx, ebx
:00432AC1 E8E2DFFFFF
call 00430AA8
:00432AC6 5B
pop ebx
:00432AC7 C3
ret

|:00432B41
|
:00432AC8 55
push ebp
:00432AC9 8BEC
mov ebp, esp
:00432ACB 51
push ecx
:00432ACC 53
push ebx
:00432ACD 56
push esi
:00432ACE 57
push edi
:00432ACF 8BD8
mov ebx, eax
:00432AD1 C645FF00
mov [ebp-01], 00
:00432AD5 8B4508
:00432AD8 8078FF00
:00432ADC 750E
jne 00432AEC
:00432ADE 8B4508
:00432AE1 8B40F8
:00432AE4 0FB75344
movzx edx, word ptr [ebx+44]
:00432AE8 3BC2
cmp eax, edx
:00432AEA 742B
je 00432B17
|:00432ADC(C)
|
:00432AEC 8B4508
:00432AEF 8078FF01
:00432AF3 750B
:00432AF5 8B4508
:00432AF8 8B40F8
:00432AFB 3B4328
:00432AFE 7417
|:00432AF3(C)
|
:00432B00 8B4508
:00432B03 8078FF02
:00432B07 751A
:00432B09 8B4508
:00432B0C 8B40F8
:00432B0F 0FB75354
:00432B13 3BC2
:00432B15 750C
|:00432AEA(C), :00432AFE(C)
|
:00432B17 8B4508
:00432B1A 8958F4
:00432B1D C645FF01
:00432B21 EB32
|:00432B07(C), :00432B15(C)
|
:00432B23 8BC3
:00432B25 E856F5FFFF
:00432B2A 8BF0
:00432B2C 4E
:00432B2D 85F6
:00432B2F 7C24
:00432B31 46
:00432B32 33FF
|:00432B53(C)
|
:00432B34 8B4508
:00432B37 50
:00432B38 8BD7
:00432B3A 8BC3
:00432B3C E84FF5FFFF
:00432B46 59
:00432B47 84C0
:00432B49 7406
:00432B4B C645FF01
:00432B4F EB04

jne 00432B00
je 00432B17

jne 00432B23
movzx edx, word ptr [ebx+54]
cmp eax, edx
jne 00432B23
mov
mov
mov
jmp

dword ptr [eax-0C], ebx
[ebp-01], 01
00432B55
mov eax, ebx

call 00432080
mov esi, eax
dec esi
test esi, esi
jl 00432B55
inc esi
xor edi, edi

push eax
mov edx, edi
mov eax, ebx
call 00432090
call 00432AC8
pop ecx
test al, al
je 00432B51
mov [ebp-01], 01
jmp 00432B55

|:00432B49(C)
|
:00432B51 47
:00432B52 4E
:00432B53 75DF
inc edi
dec esi
jne 00432B34

|:00432B21(U), :00432B2F(C), :00432B4F(U)
|
:00432B55 8A45FF
:00432B58 5F
pop edi
:00432B59 5E
pop esi
:00432B5A 5B
pop ebx
:00432B5B 59
pop ecx
:00432B5C 5D
pop ebp
:00432B5D C3
ret
:00432B5E 8BC0
|:00432BDA , :00432C08
|:004331C5 , :0043321B
|:004337EF , :00433886
|:004391B1 , :004392F6
|
:00432B60 55
:00432B61 8BEC
:00432B63 83C4F4
:00432B66 53
:00432B67 884DFF
:00432B6A 8955F8
:00432B6D 33D2
:00432B6F 8955F4
:00432B72 B9C82A4300
:00432B77 8B5028
:00432B7A 8B5A5C
:00432B7D 8BC2
:00432B7F 91
:00432B80 8BD3
:00432B82 E821DFFFFF
:00432B87 8B45F4
:00432B8A 5B
:00432B8B 8BE5
:00432B8D 5D
:00432B8E C3
:00432B8F 90
mov eax, eax

Addresses:
, :00432C27
, :0043322D
, :0043396F
, :0043B12C
, :00432D80
, :0043345F
, :00433AE0
, :004331A7
, :0043347D
, :00433C3E
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
xor edx, edx
mov ecx, 00432AC8
mov ebx, dword ptr [edx+5C]
mov eax, edx
xchg eax,ecx
mov edx, ebx
call 00430AA8
pop ebx
mov esp, ebp
pop ebp
ret
nop

|:004338AA , :004338C5 , :0043B470 , :0043B489
|
:00432B90 53
push ebx
:00432B91 56
push esi
:00432B92 57
push edi
:00432B93 55
push ebp
:00432B94 51
push ecx
:00432B95 880C24
:00432B98 8BEA
mov ebp, edx
:00432B9A 8BF0
mov esi, eax
:00432B9C
:00432B9E
:00432BA0
:00432BA4
:00432BA6
33FF
B301
803C2400
7402
33DB
|:00432BA4(C)
|
:00432BA8 80FB01
:00432BAB 7527
:00432BAD 8BC6
:00432BAF 8B15A0034300
:00432BB5 E8D601FDFF
:00432BBA 84C0
:00432BBC 7416
:00432BBE 8BC6
:00432BC0 8B10
:00432BC2 FF5234
:00432BC5 3BE8
:00432BC7 750B
:00432BC9 8BC6
:00432BCB E8D0110000
:00432BD0 8BF8
:00432BD2 EB21
xor edi, edi

mov bl, 01
je 00432BA8
xor ebx, ebx
cmp bl, 01
jne 00432BD4
mov eax, esi
call 00402D90
test al, al
je 00432BD4
mov eax, esi
call [edx+34]
cmp ebp, eax
jne 00432BD4
mov eax, esi
call 00433DA0
mov edi, eax
jmp 00432BF5

|:00432BAB(C), :00432BBC(C), :00432BC7(C)
|
:00432BD4 8BCB
mov ecx, ebx
:00432BD6 8BD5
mov edx, ebp
:00432BD8 8BC6
mov eax, esi
:00432BDA E881FFFFFF
call 00432B60
:00432BDF EB03
jmp 00432BE4
|:00432BEC(C)
|
:00432BE1 8B4058
|:00432BDF(U)
|
:00432BE4 85C0
:00432BE6 7406
:00432BE8 83784800
:00432BEC 74F3

test eax, eax
je 00432BEE
je 00432BE1

|:00432BE6(C)
|
:00432BEE 85C0
test eax, eax
:00432BF0 7403
je 00432BF5
:00432BF2 8B7848
|:00432BD2(U), :00432BF0(C)
|
:00432BF5 8BC7
mov eax, edi
:00432BF7 5A
pop edx
:00432BF8
:00432BF9
:00432BFA
:00432BFB
:00432BFC
5D
5F
5E
5B
C3
:00432BFD 8D4000
pop
pop
pop
pop
ret
ebp
edi
esi
ebx

|:00433739 , :0043B08B
|
:00432C00 53
push ebx
:00432C01 33DB
xor ebx, ebx
:00432C03 0FB7D2
movzx edx, dx
:00432C06 33C9
xor ecx, ecx
call 00432B60
:00432C0D 85C0
test eax, eax
:00432C0F 7407
je 00432C18
:00432C11 8B10
:00432C13 FF523C
call [edx+3C]
:00432C16 B301
mov bl, 01
|:00432C0F(C)
|
:00432C18 8BC3
mov eax, ebx
:00432C1A 5B
pop ebx
:00432C1B C3
ret

|:00433777 , :0043B0AF
|
:00432C1C 53
push ebx
:00432C1D 56
push esi
:00432C1E 57
push edi
:00432C1F 8BF8
mov edi, eax
:00432C21 33DB
xor ebx, ebx
:00432C23 B101
mov cl, 01
:00432C25 8BC7
mov eax, edi
call 00432B60
:00432C2C 8BF0
mov esi, eax
:00432C2E 85F6
test esi, esi
:00432C30 7418
je 00432C4A
:00432C32 F6462010
test [esi+20], 10
:00432C36 7507
jne 00432C3F
:00432C38 8BC6
mov eax, esi
:00432C3A E8A5F9FFFF
call 004325E4
|:00432C36(C)
|
:00432C3F 8BC6
mov eax, esi
:00432C41 8B10
:00432C43 FF523C
call [edx+3C]
:00432C46 B301
mov bl, 01
:00432C48 EB1F
jmp 00432C69
|:00432C30(C)
|
:00432C4A F6472010
:00432C4E 7519
:00432C50 8BC7
:00432C52 8B15A0034300
:00432C58 E83301FDFF
:00432C5D 84C0
:00432C5F 7408
:00432C61 8B4728
:00432C64 E87BF9FFFF

test [edi+20], 10
jne 00432C69
mov eax, edi
call 00402D90
test al, al
je 00432C69
call 004325E4

|:00432C48(U), :00432C4E(C), :00432C5F(C)
|
:00432C69 8BC3
mov eax, ebx
:00432C6B 5F
pop edi
:00432C6C 5E
pop esi
:00432C6D 5B
pop ebx
:00432C6E C3
ret
:00432C6F 90
nop

|:00431064 , :0043172A , :00433433
|
:00432C70 80783400
:00432C74 7509
jne 00432C7F
:00432C76 83783C00
:00432C7A 7503
jne 00432C7F
:00432C7C 33C0
xor eax, eax
:00432C7E C3
ret

|:00432C74(C), :00432C7A(C)
|
:00432C7F B001
mov al, 01
:00432C81 C3
ret
:00432C82 8BC0
mov eax, eax

|:00432C9C , :00432D92
|
:00432C84 55
push ebp
:00432C85 8BEC
mov ebp, esp
:00432C87 51
push ecx
:00432C88 53
push ebx
:00432C89 56
push esi
:00432C8A 57
push edi
:00432C8B 8BD8
mov ebx, eax
:00432C8D C645FF01
mov [ebp-01], 01
:00432C91 8B4358
:00432C94 85C0
test eax, eax
:00432C96 740D
je 00432CA5
:00432C98
:00432C9B
:00432C9C
:00432CA1
:00432CA2
8B5508
52
E8E3FFFFFF
59
8845FF

push edx
call 00432C84
pop ecx
|:00432C96(C)
|
:00432CA5 807DFF01
:00432CA9 7579
:00432CAB 807B2D00
:00432CAF 746F
:00432CB1 33C0
:00432CB3 55
:00432CB4 68022D4300
:00432CB9 64FF30
:00432CBC 648920
:00432CBF 8B4508
:00432CC2 8B40FC
:00432CC5 F6402010
:00432CC9 7507
:00432CCB 8BC3
:00432CCD E812F9FFFF
|:00432CC9(C)
|
:00432CD2 8BC3
:00432CD4 8B10
:00432CD6 FF523C
:00432CD9 8B4508
:00432CDC 3B58F8
:00432CDF 7417
:00432CE1 8B4508
:00432CE4 8B40F8
:00432CE7 668B4054
:00432CEB 8B5508
:00432CEE 663B42F6
:00432CF2 7404
:00432CF4 C645FF02
|:00432CDF(C), :00432CF2(C)
|
:00432CF8 33C0
:00432CFA 5A
:00432CFB 59
:00432CFC 59
:00432CFD 648910
:00432D00 EB22
:00432D02 E96903FDFF
:00432D07 8B4508
:00432D0A 8B50FC
:00432D0D A1302C4400
:00432D12 8B00
:00432D14 E84BC10000
:00432D19 E80206FDFF
:00432D1E EB04

jne 00432D24
je 00432D20
xor eax, eax
push ebp
push 00432D02
test [eax+20], 10
jne 00432CD2
mov eax, ebx
call 004325E4
mov eax, ebx

call [edx+3C]
cmp ebx, dword ptr [eax-08]
je 00432CF8
cmp ax, word ptr [edx-0A]
je 00432CF8
mov [ebp-01], 02
xor eax, eax

pop edx
pop ecx
pop ecx
jmp 00432D24
jmp 00403070
call 0043EE64
call 00403320
jmp 00432D24

|:00432CAF(C)
|
:00432D20 C645FF00
mov [ebp-01], 00
|:00432CA9(C), :00432D00(U), :00432D1E(U)
|
:00432D24 8A45FF
:00432D27 5F
pop edi
:00432D28 5E
pop esi
:00432D29 5B
pop ebx
:00432D2A 59
pop ecx
:00432D2B 5D
pop ebp
:00432D2C C3
ret
:00432D2D
:00432D30
:00432D31
:00432D33
:00432D36
:00432D37
:00432D39
:00432D3C
:00432D3E
:00432D41
:00432D45
8D4000
55
8BEC
83C4F4
53
8BDA
8945FC
33C0
8A4304
668945F6
6A10

push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
mov ebx, edx
xor eax, eax
mov word ptr [ebp-0A], ax
push 00000010

|
:00432D47 E83434FDFF
Call 00406180
:00432D4C 6685C0
test ax, ax
:00432D4F 7D06
jge 00432D57
:00432D51 668145F60020
add word ptr [ebp-0A], 2000
|:00432D4F(C)
|
:00432D57 6A11
push 00000011
|
:00432D59 E82234FDFF
Call 00406180
:00432D5E 6685C0
test ax, ax
:00432D61 7D06
jge 00432D69
:00432D63 668145F60040
|:00432D61(C)
|
:00432D69 F6430B20
:00432D6D 7406
:00432D6F 668145F60080

test [ebx+0B], 20
je 00432D75

|:00432D6D(C), :00432D9D(C)
|
:00432D75 33DB
xor ebx, ebx
:00432D77 0FB755F6
movzx edx, word ptr [ebp-0A]
:00432D7B
:00432D7D
:00432D80
:00432D85
:00432D88
:00432D8C
:00432D8E
:00432D8F
:00432D92
:00432D97
:00432D98
B102
8B45FC
E8DBFDFFFF
8945F8
837DF800
740C
55
8B45F8
E8EDFEFFFF
59
8BD8
mov cl, 02
call 00432B60
je 00432D9A
push ebp
call 00432C84
pop ecx
mov ebx, eax
|:00432D8C(C)
|
:00432D9A 80FB02
:00432D9D 74D6
:00432D9F 837DF800
:00432DA3 0F95C0
:00432DA6 5B
:00432DA7 8BE5
:00432DA9 5D
:00432DAA C3
:00432DAB
:00432DAC
:00432DAF
:00432DB1
nop
xor al, 01
ret
90
8A4035
3401
C3
:00432DB2 8BC0
cmp bl, 02
je 00432D75
setne al
pop ebx
mov esp, ebp
pop ebp
ret
mov eax, eax

|:004334D8
|
:00432DB4 53
push ebx
:00432DB5 56
push esi
:00432DB6 83C480
add esp, FFFFFF80
:00432DB9 8BD8
mov ebx, eax
:00432DBB A1502D4400
:00432DC0 80780900
:00432DC4 0F849C000000
je 00432E66
:00432DCA 837B2C00
:00432DCE 0F8492000000
je 00432E66
:00432DD4 8BC3
mov eax, ebx
:00432DD6 8B10
:00432DD8 FF5234
call [edx+34]
:00432DDB 8BF0
mov esi, eax
:00432DDD C704242C000000
mov dword ptr [esp], 0000002C
:00432DE4 C744240410000000
mov [esp+04], 00000010
:00432DEC 8D442430
:00432DF0 89442424
:00432DF4 C744242850000000
mov [esp+28], 00000050
:00432DFC 54
push esp
:00432DFD 6AFF
push FFFFFFFF
:00432DFF 6A00
push 00000000
:00432E01 56
push esi
* Reference To: user32.GetMenuItemInfoA, Ord:0000h
:00432E02
:00432E07
:00432E09
:00432E0B
:00432E0D
:00432E12
:00432E16
:00432E1C
:00432E1E
:00432E20
:00432E22
:00432E24
:00432E26
:00432E28
:00432E2D
:00432E30
:00432E33
:00432E36
:00432E3A
:00432E40
:00432E42
:00432E46
:00432E4E
:00432E4F
:00432E51
:00432E53
E8B933FDFF
85C0
745B
8BC3
E862030000
8B542408
81E200600000
F7DA
1BD2
F7DA
3AC2
7440
8BC3
E847030000
83E07F
C1E00D
8D0440
8B542408
81E2FF9FFFFF
0BC2
89442408
C744240410000000
54
6AFF
6A00
56
|
Call 004061C0
test eax, eax
je 00432E66
mov eax, ebx
call 00433174
and edx, 00006000
neg edx
sbb edx, edx
neg edx
cmp al, dl
je 00432E66
mov eax, ebx
call 00433174
and eax, 0000007F
shl eax, 0D
and edx, FFFF9FFF
or eax, edx
mov [esp+04], 00000010
push esp
push FFFFFFFF
push 00000000
push esi
* Reference To: user32.SetMenuItemInfoA, Ord:0000h

|
:00432E54 E86735FDFF
Call 004063C0
:00432E59 85C0
test eax, eax
:00432E5B 7409
je 00432E66
:00432E5D 8B432C
:00432E60 50
push eax
|
:00432E61 E84A32FDFF
Call 004060B0
|:00432DC4(C), :00432DCE(C), :00432E09(C), :00432E24(C), :00432E5B(C)
|
:00432E66 81C480000000
add esp, 00000080
:00432E6C 5E
pop esi
:00432E6D 5B
pop ebx
:00432E6E C3
ret
:00432E6F 90
nop

|:00432F81
|
:00432E70 55
push ebp
:00432E71 8BEC
mov ebp, esp
:00432E73 83C4F4
add esp, FFFFFFF4
:00432E76 53
push ebx
:00432E77 56
push esi
:00432E78 57
push edi
:00432E79 8945FC
:00432E7C 8B45FC
:00432E7F 50

push eax

|
:00432E80 E82B33FDFF
Call 004061B0
:00432E85 8945F4
:00432E88 8B4508
:00432E8B 8D9800FEFFFF
lea ebx, dword ptr [eax+FFFFFE00]
:00432E91 8B4508
:00432E94 83C0FB
add eax, FFFFFFFB
:00432E97 8945F8
:00432E9A 33F6
xor esi, esi
:00432E9C E987000000
jmp 00432F28
|:00432F30(C)
|
:00432EA1 53
:00432EA2 8B45F8
:00432EA5 2BC3
:00432EA7 50
:00432EA8 6800040000
:00432EAD 8B4508
:00432EB0 8B80FCFDFFFF
:00432EB6 8BCE
:00432EB8 8B55FC
:00432EBB E864050000
:00432EC0 8BC3
:00432EC2 E80D4AFDFF
:00432EC7 8BD8
:00432EC9 6800040000
:00432ECE 56
:00432ECF 8B45FC
:00432ED2 50

push ebx
mov eax, dword
sub eax, ebx
push eax
push 00000400
mov eax, dword
mov eax, dword
mov ecx, esi
mov edx, dword
call 00433424
mov eax, ebx
call 004078D4
mov ebx, eax
push 00000400
push esi
mov eax, dword
push eax
ptr [ebp-08]
ptr [ebp+08]
ptr [eax+FFFFFDFC]
ptr [ebp-04]
ptr [ebp-04]

|
:00432ED3 E8F032FDFF
Call 004061C8
:00432ED8 8BF8
mov edi, eax
:00432EDA 66F7C70200
test di, 0002
:00432EDF 740E
je 00432EEF
:00432EE1 BA402F4300
mov edx, 00432F40
:00432EE6 8BC3
mov eax, ebx
:00432EE8 E85F4AFDFF
call 0040794C
:00432EED 8BD8
mov ebx, eax
|:00432EDF(C)
|
:00432EEF 66F7C74000
:00432EF4 740E
:00432EF6 BA442F4300
:00432EFB 8BC3
:00432EFD E84A4AFDFF
:00432F02 8BD8

test di, 0040
je 00432F04
mov edx, 00432F44
mov eax, ebx
call 0040794C
mov ebx, eax

|:00432EF4(C)
|
:00432F04
:00432F09
:00432F0B
:00432F10
:00432F12
:00432F17
66F7C70100
740E
BA482F4300
8BC3
E8354AFDFF
8BD8
test di, 0001

je 00432F19
mov edx, 00432F48
mov eax, ebx
call 0040794C
mov ebx, eax
|:00432F09(C)
|
:00432F19 BA4C2F4300
:00432F1E 8BC3
:00432F20 E8274AFDFF
:00432F25 8BD8
:00432F27 46
|:00432E9C(U)
|
:00432F28 3B75F4
:00432F2B 7D09
:00432F2D 3B5DF8
:00432F30 0F826BFFFFFF
mov edx, 00432F4C

mov eax, ebx
call 0040794C
mov ebx, eax
inc esi
cmp esi, dword ptr [ebp-0C]

jge 00432F36
jb 00432EA1

|:00432F2B(C)
|
:00432F36 5F
pop edi
:00432F37 5E
pop esi
:00432F38 5B
pop ebx
:00432F39 8BE5
mov esp, ebp
:00432F3B 5D
pop ebp
:00432F3C C3
ret
:00432F3D 000000
BYTE 3 DUP(0)
:00432F40
:00432F42
:00432F44
:00432F45
2400
0000
40
000000
and al, 00
inc eax
BYTE 3 DUP(0)
:00432F48
:00432F4A
:00432F4C
:00432F4E
2300
0000
3B00
0000
and
add
cmp
add
eax,
byte
eax,
byte
dword ptr [eax]

ptr [eax], al
dword ptr [eax]
ptr [eax], al

|:0043306B , :00433578
|
:00432F50 55
push ebp
:00432F51 8BEC
mov ebp, esp
:00432F53 81C4FCFDFFFF
add esp, FFFFFDFC
:00432F59 53
push ebx
:00432F5A 8985FCFDFFFF
mov dword ptr [ebp+FFFFFDFC], eax
:00432F60 33DB
xor ebx, ebx
:00432F62 C68500FEFFFF00
mov byte ptr [ebp+FFFFFE00], 00
:00432F69
:00432F6F
:00432F73
:00432F75
:00432F76
:00432F7C
:00432F7E
:00432F81
:00432F86
8B85FCFDFFFF
83782C00
7412
55
8B85FCFDFFFF
8B10
FF5234
E8EAFEFFFF
59
mov eax, dword ptr [ebp+FFFFFDFC]

je 00432F87
push ebp
call [edx+34]
call 00432E70
pop ecx
|:00432F73(C)
|
:00432F87 8B85FCFDFFFF
:00432F8D 83783000
:00432F91 741D
:00432F93 8B85FCFDFFFF
:00432F99 8B4030
:00432F9C E8570CFDFF
:00432FA1 8D9500FEFFFF
:00432FA7 E8444AFDFF
:00432FAC 85C0
:00432FAE 741B
|:00432F91(C)
|
:00432FB0 B301
:00432FB2 8B85FCFDFFFF
:00432FB8 83C030
:00432FBB 8D9500FEFFFF
:00432FC1 B900020000
:00432FC6 E8190AFDFF

je 00432FB0
call 00403BF8
lea edx, dword ptr [ebp+FFFFFE00]
call 004079F0
test eax, eax
je 00432FCB
mov bl, 01
add eax, 00000030
lea edx, dword ptr [ebp+FFFFFE00]
mov ecx, 00000200
call 004039E4

|:00432FAE(C)
|
:00432FCB 8BC3
mov eax, ebx
:00432FCD 5B
pop ebx
:00432FCE 8BE5
mov esp, ebp
:00432FD0 5D
pop ebp
:00432FD1 C3
ret
:00432FD2
:00432FD4
:00432FD7
:00432FD9
:00432FDC
8BC0
3A5034
7408
885034
E8CFFAFFFF
mov eax, eax

je 00432FE1
call 00432AB0

|:00432FD7(C)
|
:00432FE1 C3
ret
:00432FE2 8BC0
mov eax, eax
|:00433090 , :00433E82
|
:00432FE4 55
push ebp
:00432FE5
:00432FE7
:00432FEA
:00432FED
:00432FF2
:00432FF6
:00432FF8
:00432FFB
:00432FFE
:00433001
:00433004
:00433007
:0043300A
:0043300C
:0043300D
:00433012
:00433015
:00433018
:0043301A
:0043301C
:0043301E
:00433021
:00433026
8BEC
83C4F8
8945FC
A1502D4400
80780900
7463
8B45FC
8A4024
8845FB
8B55FC
8A5235
8855FA
33D2
55
6854304300
64FF32
648922
84C0
750C
B201
8B45FC
E8A6040000
EB0A
|:0043301A(C)
|
:00433028 33D2
:0043302A 8B45FC
:0043302D E89A040000
mov ebp, esp

add esp, FFFFFFF8
je 0043305B
xor edx, edx
push ebp
push 00433054
test al, al
jne 00433028
mov dl, 01
call 004334CC
jmp 00433032
xor edx, edx
call 004334CC

|:00433026(U)
|
:00433032 33C0
xor eax, eax
:00433034 5A
pop edx
:00433035 59
pop ecx
:00433036 59
pop ecx
:00433037 648910
|
:0043303A 685B304300
push 0043305B
|:00433059(U)
|
:0043303F 8A55FB
:00433042 8B45FC
:00433045 E882040000
:0043304A 8B45FC
:0043304D 8A55FA
:00433050 885035
:00433053 C3
:00433054 E91F02FDFF
:00433059 EBE4
jmp 00403278
jmp 0043303F

call 004334CC
ret
|:00432FF6(C)
|
:0043305B 59
:0043305C 59
:0043305D 5D
:0043305E C3
pop ecx
pop ecx
pop ebp
ret
:0043305F 90
nop

|:00439B10 , :00439BAF , :0043B05B
|
:00433060 53
push ebx
:00433061 56
push esi
:00433062 8BF2
mov esi, edx
:00433064 8BD8
mov ebx, eax
:00433066 89732C
:00433069 8BC3
mov eax, ebx
:0043306B E8E0FEFFFF
call 00432F50
:00433070 A1502D4400
:00433075 80780900
:00433079 741A
je 00433095
:0043307B 85F6
test esi, esi
:0043307D 7416
je 00433095
:0043307F 807B3500
:00433083 7409
je 0043308E
:00433085 8BC3
mov eax, ebx
:00433087 E864040000
call 004334F0
:0043308C EB07
jmp 00433095
|:00433083(C)
|
:0043308E 8BC3
mov eax, ebx
call 00432FE4
|:00433079(C), :0043307D(C), :0043308C(U)
|
:00433095 5E
pop esi
:00433096 5B
pop ebx
:00433097 C3
ret
:00433098
:00433099
:0043309E
:004330A0
:004330A1
:004330A3
:004330A5
:004330A7
:004330AA
53
6683784200
740D
51
8BD8
8BCA
8BD0
8B4344
FF5340
push ebx
je 004330AD
push ecx
mov ebx, eax
mov ecx, edx
mov edx, eax
call [ebx+40]

|:0043309E(C)
|
:004330AD 5B
pop ebx
:004330AE C3
ret
:004330AF
:004330B0
:004330B1
:004330B3
:004330B5
:004330BA
:004330BC
:004330BE
:004330C0
:004330C2
:004330C5
:004330C6
90
53
8BD8
8BC3
E8EEE7FDFF
33C9
33D2
8BC3
8B18
FF5330
5B
C3
:004330C7 90
nop
push ebx
mov ebx, eax
mov eax, ebx
call 004118A8
xor ecx, ecx
xor edx, edx
mov eax, ebx
call [ebx+30]
pop ebx
ret
nop

|:00433594
|
:004330C8 55
push ebp
:004330C9 8BEC
mov ebp, esp
:004330CB 53
push ebx
:004330CC 56
push esi
:004330CD 8BF1
mov esi, ecx
:004330CF 8BD8
mov ebx, eax
:004330D1 A0F8304300
:004330D6 224320
:004330D9 8A15FC304300
mov dl, byte ptr [004330FC]
:004330DF 3AD0
cmp dl, al
:004330E1 750C
jne 004330EF
:004330E3 8A4D08
mov cl, byte ptr [ebp+08]
:004330E6 8BD6
mov edx, esi
:004330E8 8BC3
mov eax, ebx
:004330EA 8B18
:004330EC FF5330
call [ebx+30]
|:004330E1(C)
|
:004330EF 5E
pop esi
:004330F0 5B
pop ebx
:004330F1 5D
pop ebp
:004330F2 C20400
ret 0004
:004330F5 000000
BYTE 3 DUP(0)
:004330F8 0900
:004330FA 000000000000

BYTE 6 DUP(0)
:00433100 3B503C
:00433103 7505
:00433105 E8A6F9FFFF
cmp edx, dword ptr [eax+3C]

jne 0043310A
call 00432AB0

|:00433103(C)
|
:0043310A C3
:0043310B 90
ret
nop

|:0043316A
|
:0043310C 53
push ebx
:0043310D 56
push esi
:0043310E 8BF2
mov esi, edx
:00433110 8BD8
mov ebx, eax
:00433112 8B433C
:00433115 85C0
test eax, eax
:00433117 7408
je 00433121
:00433119 8B5338
:0043311C E8CBC0FFFF
call 0042F1EC
|:00433117(C)
|
:00433121 8BC6
:00433123 89433C
:00433126 85C0
:00433128 7412
:0043312A 8B5338
:0043312D E8FEC0FFFF
:00433132 8BD3
:00433134 8B433C
:00433137 E854E4FDFF
|:00433128(C)
|
:0043313C 8BC3
:0043313E E86DF9FFFF
:00433143 5E
:00433144 5B
:00433145 C3
:00433146
:00433148
:00433149
:0043314A
:0043314B
:0043314D
:0043314F
:00433151
:00433153
:00433155
:00433157
:0043315C
:0043315F
:00433161
:00433164
:00433166
:00433168
:0043316A
mov eax, eax

push ebx
push esi
push edi
mov ebx, ecx
mov esi, edx
mov edi, eax
mov ecx, ebx
mov edx, esi
mov eax, edi
call 00411768
cmp esi, dword ptr [edi+3C]
jne 0043316F
cmp bl, 01
jne 0043316F
xor edx, edx
mov eax, edi
call 0043310C
8BC0
53
56
57
8BD9
8BF2
8BF8
8BCB
8BD6
8BC7
E80CE6FDFF
3B773C
750E
80FB01
7509
33D2
8BC7
E89DFFFFFF
mov eax, esi

test eax, eax
je 0043313C
call 0042F230
mov edx, ebx
call 00411590
mov eax, ebx

call 00432AB0
pop esi
pop ebx
ret
|:0043315F(C), :00433164(C)
|
:0043316F 5F
:00433170 5E
:00433171 5B
:00433172 C3
pop edi
pop esi
pop ebx
ret
:00433173 90
nop

|:00431246 , :00431542 , :00432E0D , :00432E28
|
:00433174 8B15502D4400
:0043317A 807A0900
:0043317E 7406
je 00433186
:00433180 80782400
:00433184 7503
jne 00433189
|:0043317E(C)
|
:00433186 33C0
xor eax, eax
:00433188 C3
ret

|:00433184(C)
|
:00433189 B001
mov al, 01
:0043318B C3
ret

|:0043330B
|
:0043318C 55
push ebp
:0043318D 8BEC
mov ebp, esp
:0043318F 56
push esi
:00433190 33F6
xor esi, esi
:00433192 F6C210
test dl, 10
:00433195 7419
je 004331B0
:00433197 51
push ecx
:00433198 50
push eax
|
:00433199 E86A30FDFF
Call 00406208
:0043319E 8B550C
:004331A1 8B52FC
:004331A4 B101
mov cl, 01
:004331A6 92
xchg eax,edx
call 00432B60
:004331AC 8BF0
mov esi, eax
:004331AE EB1C
jmp 004331CC
|:00433195(C)
|
:004331B0 51
:004331B1 50
push ecx
push eax

|
:004331B2 E80130FDFF
Call 004061B8
:004331B7 83F8FF
cmp eax, FFFFFFFF
:004331BA 7410
je 004331CC
:004331BC 8B550C
:004331BF 8B52FC
:004331C2 33C9
xor ecx, ecx
:004331C4 92
xchg eax,edx
:004331C5 E896F9FFFF
call 00432B60
:004331CA 8BF0
mov esi, eax
|:004331AE(U), :004331BA(C)
|
:004331CC 85F6
:004331CE 740F
:004331D0 33C0
:004331D2 8A4508
:004331D5 8B5624
:004331D8 E893390000
:004331DD EB02

test esi, esi
je 004331DF
xor eax, eax
call 00436B70
jmp 004331E1

|:004331CE(C)
|
:004331DF 33C0
xor eax, eax
|:004331DD(U)
|
:004331E1 5E
pop esi
:004331E2 5D
pop ebp
:004331E3 C20400
ret 0004
:004331E6 8BC0
mov eax, eax

|:004333A2
|
:004331E8 55
push ebp
:004331E9 8BEC
mov ebp, esp
:004331EB 6A00
push 00000000
:004331ED 6A00
push 00000000
:004331EF 6A00
push 00000000
:004331F1 53
push ebx
:004331F2 894DFC
:004331F5 33C9
xor ecx, ecx
:004331F7 55
push ebp
:004331F8 6899324300
push 00433299
:004331FD 64FF31
:00433200 648921
:00433203 F6C210
test dl, 10
:00433206 741C
je 00433224
:00433208 8B55FC
:0043320B 52
:0043320C 50
push edx
push eax

|
:0043320D E8F62FFDFF
Call 00406208
:00433212 8B550C
:00433215 8B52FC
:00433218 B101
mov cl, 01
:0043321A 92
xchg eax,edx
:0043321B E840F9FFFF
call 00432B60
:00433220 8BD8
mov ebx, eax
:00433222 EB20
jmp 00433244
|:00433206(C)
|
:00433224 8B550C
:00433227 8B52FC
:0043322A B101
:0043322C 92
:0043322D E82EF9FFFF
:00433232 8BD8
:00433234 85DB
:00433236 740C
:00433238 8B55FC
:0043323B 8BC3
:0043323D E84EEEFFFF
:00433242 8BD8
|:00433222(U), :00433236(C)
|
:00433244 85DB
:00433246 7434
:00433248 837B2400
:0043324C 742E
:0043324E 8D45F8
:00433251 8A5508
:00433254 E80307FDFF
:00433259 8B45F8
:0043325C 50
:0043325D 8D45F4
:00433260 8B5324
:00433263 8A12
:00433265 E8F206FDFF
:0043326A 8B45F4
:0043326D 5A
:0043326E E80143FDFF
:00433273 85C0
:00433275 0F94C0
:00433278 8BD8
:0043327A EB02

mov cl, 01
xchg eax,edx
call 00432B60
mov ebx, eax
test ebx, ebx
je 00433244
mov eax, ebx
call 00432090
mov ebx, eax
test ebx, ebx

je 0043327C
je 0043327C
call 0040395C
push eax
mov dl, byte ptr [edx]
call 0040395C
pop edx
call 00407574
test eax, eax
sete al
mov ebx, eax
jmp 0043327E

|:00433246(C), :0043324C(C)
|
:0043327C 33DB
xor ebx, ebx
|:0043327A(U)
|
:0043327E 33C0
:00433280 5A
:00433281 59
:00433282 59
:00433283 648910
:00433286 68A0324300
xor eax, eax

pop edx
pop ecx
pop ecx
push 004332A0
|:0043329E(U)
|
:0043328B 8D45F4
:0043328E BA02000000
:00433293 E84405FDFF
:00433298 C3
:00433299
:0043329E
:004332A0
:004332A2
:004332A3
:004332A5
:004332A6
jmp
jmp
mov
pop
mov
pop
ret
E9DAFFFCFF
EBEB
8BC3
5B
8BE5
5D
C20400
:004332A9 8D4000

mov edx, 00000002
call 004037DC
ret
00403278
0043328B
eax, ebx
ebx
esp, ebp
ebp
0004

|:00433C4C , :0043B0C5
|
:004332AC 55
push ebp
:004332AD 8BEC
mov ebp, esp
:004332AF 83C4E8
add esp, FFFFFFE8
:004332B2 53
push ebx
:004332B3 56
push esi
:004332B4 57
push edi
:004332B5 8BDA
mov ebx, edx
:004332B7 8945FC
:004332BA 33C0
xor eax, eax
:004332BC 89430C
:004332BF C745F4FFFFFFFF
mov [ebp-0C], FFFFFFFF
:004332C6 C745F0FFFFFFFF
mov [ebp-10], FFFFFFFF
:004332CD C745ECFFFFFFFF
:004332D4 8B4308
:004332D7 50
push eax
|
:004332D8 E8D32EFDFF
Call 004061B0
:004332DD 8945F8
:004332E0 8B45F8
:004332E3 48
dec eax
:004332E4 85C0
test eax, eax
:004332E6 7C77
jl 0043335F
:004332E8 40
inc eax
:004332E9 8945E8
:004332EC 33F6
xor esi, esi
|:0043335D(C)
|
:004332EE 6800040000
:004332F3 56
:004332F4 8B4308
:004332F7 50

push 00000400
push esi
push eax

|
:004332F8 E8CB2EFDFF
Call 004061C8
:004332FD 8BF8
mov edi, eax
:004332FF 55
push ebp
:00433300 8A4304
:00433303 50
push eax
:00433304 8B4308
:00433307 8BCE
mov ecx, esi
:00433309 8BD7
mov edx, edi
call 0043318C
:00433310 59
pop ecx
:00433311 84C0
test al, al
:00433313 7444
je 00433359
:00433315 66F7C70200
test di, 0002
:0043331A 740F
je 0043332B
:0043331C 837DF400
:00433320 7D37
jge 00433359
:00433322 C745F4FEFFFFFF
mov [ebp-0C], FFFFFFFE
:00433329 EB2E
jmp 00433359
|:0043331A(C)
|
:0043332B 837DF400
:0043332F 7D0C
:00433331 8975F4
:00433334 C7430C02000000
:0043333B EB07

cmp
jge
mov
mov
jmp

0043333D
dword ptr [ebp-0C], esi
[ebx+0C], 00000002
00433344

|:0043332F(C)
|
:0043333D C7430C03000000
mov [ebx+0C], 00000003
|:0043333B(U)
|
:00433344 66F7C78000
:00433349 7405
:0043334B 8975F0
:0043334E EB09
|:00433349(C)
|
:00433350 837DF000
:00433354 7C03
:00433356 8975EC
test di, 0080

je 00433350
jmp 00433359

jl 00433359

|:00433313(C), :00433320(C), :00433329(U), :0043334E(U), :00433354(C)
|
:00433359 46
:0043335A FF4DE8
:0043335D 758F
inc esi
dec [ebp-18]
jne 004332EE
|:004332E6(C)
|
:0043335F 837DF4FF
:00433363 7D0C
:00433365 C7430C00000100
:0043336C E9AC000000
|:00433363(C)
|
:00433371 837DF400
:00433375 7D79
:00433377 8B45F8
:0043337A 48
:0043337B 85C0
:0043337D 7C71
:0043337F 40
:00433380 8945E8
:00433383 33F6
|:004333EE(C)
|
:00433385 6800040000
:0043338A 56
:0043338B 8B4308
:0043338E 50
cmp
jge
mov
jmp
dword ptr [ebp-0C], FFFFFFFF

00433371
[ebx+0C], 00010000
0043341D

jge 004333F0
dec eax
test eax, eax
jl 004333F0
inc eax
xor esi, esi
push 00000400
push esi
push eax

|
:0043338F E8342EFDFF
Call 004061C8
:00433394 8BF8
mov edi, eax
:00433396 55
push ebp
:00433397 8A4304
:0043339A 50
push eax
:0043339B 8B4308
:0043339E 8BCE
mov ecx, esi
:004333A0 8BD7
mov edx, edi
:004333A2 E841FEFFFF
call 004331E8
:004333A7 59
pop ecx
:004333A8 84C0
test al, al
:004333AA 743E
je 004333EA
:004333AC 66F7C70200
test di, 0002
:004333B1 7409
je 004333BC
:004333B3 C7430C00000100
mov [ebx+0C], 00010000
:004333BA EB61
jmp 0043341D
|:004333B1(C)
|
:004333BC 837DF400
:004333C0 7D0C
:004333C2 8975F4
:004333C5 C7430C02000000

cmp
jge
mov
mov

004333CE
dword ptr [ebp-0C], esi
[ebx+0C], 00000002
:004333CC EB07
jmp 004333D5

|:004333C0(C)
|
:004333CE C7430C03000000
mov [ebx+0C], 00000003
|:004333CC(U)
|
:004333D5 66F7C78000
:004333DA 7405
:004333DC 8975F0
:004333DF EB09
|:004333DA(C)
|
:004333E1 837DF000
:004333E5 7C03
:004333E7 8975EC
test di, 0080

je 004333E1
jmp 004333EA

jl 004333EA

|:004333AA(C), :004333DF(U), :004333E5(C)
|
:004333EA 46
inc esi
:004333EB FF4DE8
dec [ebp-18]
:004333EE 7595
jne 00433385
|:00433375(C), :0043337D(C)
|
:004333F0 8B430C
:004333F3 83F802
:004333F6 750B
:004333F8 C1E010
:004333FB 0B45F4
:004333FE 89430C
:00433401 EB1A
|:004333F6(C)
|
:00433403 83F803
:00433406 7515
:00433408 837DEC00
:0043340C 7D06
:0043340E 8B55F4
:00433411 8955EC

cmp eax, 00000002
jne 00433403
shl eax, 10
or eax, dword ptr [ebp-0C]
jmp 0043341D
cmp
jne
cmp
jge
mov
mov
eax, 00000003
0043341D
dword ptr [ebp-14], 00000000
00433414

|:0043340C(C)
|
:00433414 C1E010
shl eax, 10
:00433417 0B45EC
or eax, dword ptr [ebp-14]
:0043341A 89430C
|:0043336C(U), :004333BA(U), :00433401(U), :00433406(C)
|
:0043341D
:0043341E
:0043341F
:00433420
:00433422
:00433423
5F
5E
5B
8BE5
5D
C3
pop
pop
pop
mov
pop
ret
edi
esi
ebx
esp, ebp
ebp

|:00432EBB
|
:00433424 55
push ebp
:00433425 8BEC
mov ebp, esp
:00433427 51
push ecx
:00433428 53
push ebx
:00433429 56
push esi
:0043342A 57
push edi
:0043342B 8BF1
mov esi, ecx
:0043342D 8BFA
mov edi, edx
:0043342F 8BD8
mov ebx, eax
:00433431 8BC3
mov eax, ebx
:00433433 E838F8FFFF
call 00432C70
:00433438 84C0
test al, al
:0043343A 7474
je 004334B0
:0043343C 33C0
xor eax, eax
:0043343E 8945FC
:00433441 8B4508
:00433444 50
push eax
:00433445 56
push esi
:00433446 57
push edi
|
:00433447 E87C2DFDFF
Call 004061C8
:0043344C A810
test al, 10
:0043344E 7419
je 00433469
:00433450 56
push esi
:00433451 57
push edi
|
:00433452 E8B12DFDFF
Call 00406208
:00433457 8BF8
mov edi, eax
:00433459 B101
mov cl, 01
:0043345B 8BD7
mov edx, edi
:0043345D 8BC3
mov eax, ebx
:0043345F E8FCF6FFFF
call 00432B60
:00433464 8945FC
:00433467 EB1C
jmp 00433485
|:0043344E(C)
|
:00433469 56
push esi
:0043346A 57
push edi
|
:0043346B E8482DFDFF
Call 004061B8
:00433470
:00433472
:00433475
:00433477
:00433479
:0043347B
:0043347D
:00433482
8BF0
83FEFF
740E
33C9
8BD6
8BC3
E8DEF6FFFF
8945FC
|:00433467(U), :00433475(C)
|
:00433485 837DFC00
:00433489 7421
:0043348B 8B4510
:0043348E C60000
:00433491 8B45FC
:00433494 8B5024
:00433497 8B4D0C
:0043349A 8B4510
:0043349D E82E45FDFF
:004334A2 8B4510
:004334A5 E81244FDFF
:004334AA EB17
mov esi, eax

cmp esi, FFFFFFFF
je 00433485
xor ecx, ecx
mov edx, esi
mov eax, ebx
call 00432B60
je 004334AC
call 004079D0
call 004078BC
jmp 004334C3

|:00433489(C)
|
:004334AC 33C0
xor eax, eax
:004334AE EB13
jmp 004334C3
|:0043343A(C)
|
:004334B0 8B4508
:004334B3 50
push eax
:004334B4 8B450C
:004334B7 50
push eax
:004334B8 8B4510
:004334BB 50
push eax
:004334BC 56
push esi
:004334BD 57
push edi
* Reference To: user32.GetMenuStringA, Ord:0000h
|
:004334BE E80D2DFDFF
Call 004061D0
|:004334AA(U), :004334AE(U)
|
:004334C3 5F
:004334C4 5E
:004334C5 5B
:004334C6 59
:004334C7 5D
:004334C8 C20C00
:004334CB 90
nop
pop
pop
pop
pop
pop
ret
edi
esi
ebx
ecx
ebp
000C

|:00433021 , :0043302D , :00433045 , :0043350A , :00433536
|:00433DD5 , :00433DEC
|
:004334CC 3A5024
:004334CF 740C
je 004334DD
:004334D1 885024
:004334D4 C6403500
mov [eax+35], 00
:004334D8 E8D7F8FFFF
call 00432DB4
|:004334CF(C)
|
:004334DD C3
:004334DE 8BC0
:004334E0 3A5035
:004334E3 7408
:004334E5 885035
:004334E8 E803000000

ret
mov eax, eax
je 004334ED
call 004334F0

|:004334E3(C)
|
:004334ED C3
ret
:004334EE 8BC0
mov eax, eax
|:004329E7 , :00433087 , :004334E8 , :0043962B
|
:004334F0 53
push ebx
:004334F1 8BD8
mov ebx, eax
:004334F3 807B3500
:004334F7 741A
je 00433513
:004334F9 8B432C
:004334FC E87BCFFEFF
call 0042047C
:00433501 85C0
test eax, eax
:00433503 740E
je 00433513
:00433505 8A504F
:00433508 8BC3
mov eax, ebx
:0043350A E8BDFFFFFF
call 004334CC
:0043350F C6433501
mov [ebx+35], 01
|:004334F7(C), :00433503(C)
|
:00433513 5B
pop ebx
:00433514 C3
ret
:00433515 8D4000

|:0042316D
|
:00433518 53
push ebx
:00433519 56
push esi
:0043351A 8BF2
mov esi, edx
:0043351C 8BD8
mov ebx, eax
:0043351E 807B3500
:00433522 741B
je 0043353F
:00433524 8BC6
mov eax, esi

|
:00433526 8B15BCF44100
:0043352C E877F8FCFF
call 00402DA8
:00433531 8A504F
:00433534 8BC3
mov eax, ebx
:00433536 E891FFFFFF
call 004334CC
:0043353B C6433501
mov [ebx+35], 01
|:00433522(C)
|
:0043353F 5E
pop esi
:00433540 5B
pop ebx
:00433541 C3
ret
:00433542
:00433544
:00433547
:00433549
:0043354C
:0043354F
:00433551
:00433553
:00433555
:00433557
:0043355C
8BC0
3A504C
7419
88504C
8B502C
85D2
740F
6A00
6A00
6815B00000
52
mov eax, eax

je 00433562
test edx, edx
je 00433562
push 00000000
push 00000000
push 0000B015
push edx

|
:0043355D E8262EFDFF
Call 00406388
|:00433547(C), :00433551(C)
|
:00433562 C3
:00433563 90
:00433564 55
:00433565 8BEC
:00433567 53
:00433568 56
:00433569 57
:0043356A 8BF9
:0043356C 8BF2
:0043356E 8BD8
:00433570 837B2C00
:00433574 7414
:00433576 8BC3
:00433578 E8D3F9FFFF
:0043357D 84C0
:0043357F 7409
:00433581 8B432C
:00433584 50

ret
nop
push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
je 0043358A
mov eax, ebx
call 00432F50
test al, al
je 0043358A
push eax

|
:00433585 E8262BFDFF
Call 004060B0
|:00433574(C), :0043357F(C)
|
:0043358A 8A4508
:0043358D 50
:0043358E 8BCF
:00433590 8BD6
:00433592 8BC3
:00433594 E82FFBFFFF
:00433599 5F
:0043359A 5E
:0043359B 5B
:0043359C 5D
:0043359D C20400

push eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call 004330C8
pop edi
pop esi
pop ebx
pop ebp
ret 0004

|:0043AAE7
|
:004335A0 85D2
test edx, edx
:004335A2 740C
je 004335B0
:004335A4 8B4028
:004335A7 8B5228
:004335AA E819DDFFFF
call 004312C8
:004335AF C3
ret
|:004335A2(C)
|
:004335B0 33D2
:004335B2 8B4028
:004335B5 E80EDDFFFF
:004335BA C3
:004335BB 90
nop
xor edx, edx

call 004312C8
ret

|:0043AAEF
|
:004335BC 85D2
test edx, edx
:004335BE 7415
je 004335D5
:004335C0 8B4828
:004335C3 8B495C
mov ecx, dword ptr [ecx+5C]
:004335C6 3B4A28
cmp ecx, dword ptr [edx+28]
:004335C9 750A
jne 004335D5
:004335CB 33D2
xor edx, edx
:004335CD 8B4028
:004335D0 E8F3DCFFFF
call 004312C8
|:004335BE(C), :004335C9(C)
|
:004335D5 C3
ret
:004335D6 8BC0
mov eax, eax

|:0043250C
|
:004335D8 53
push ebx
:004335D9 56
push esi
:004335DA 8BD8
mov ebx, eax
:004335DC 6A00
push 00000000
:004335DE 33C9
xor ecx, ecx
:004335E0 33D2
xor edx, edx
:004335E2 8BC3
mov eax, ebx
:004335E4 8B30
:004335E6 FF5638
call [esi+38]
:004335E9 8B432C
:004335EC 85C0
test eax, eax
:004335EE 740F
je 004335FF
:004335F0 6A00
push 00000000
:004335F2 6A00
push 00000000
:004335F4 6815B00000
push 0000B015
:004335F9 50
push eax
|
:004335FA E8892DFDFF
Call 00406388
|:004335EE(C)
|
:004335FF 5E
pop esi
:00433600 5B
pop ebx
:00433601 C3
ret
:00433602
:00433604
:00433607
:00433609
:0043360B
:0043360D
8BC0
8B5048
85D2
7403
8BC2
C3
mov eax, eax

test edx, edx
je 0043360E
mov eax, edx
ret

|:00433609(C)
|
:0043360E E859F4FFFF
call 00432A6C
:00433613 C3
ret
:00433614 60
:00433615 36
pushad
BYTE 036h
:00433616
:00433617
:00433621
:0043362B
inc ebx
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 9 DUP(0)
43
00000000000000000000
00000000000000000000
000000000000000000
:00433634 6836430014
:00433639 000000
push 14004336
BYTE 3 DUP(0)
:0043363C
:0043363D
:0043363F
:00433641
54
B540
0028
2E
push esp
mov ch, 40
BYTE 02eh
:00433642
:00433643
:00433646
:00433647
:00433649
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:0043364A
:0043364B
:0043364E
:0043364F
:00433651
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00433652
:00433653
:0043365A
:0043365B
:0043365E
:0043365F
:00433661
40
00B42B4000C82B
40
0034CA
40
00DC
CB
inc eax
inc eax
add byte ptr [edx+8*ecx], dh
inc eax
add ah, bl
retf
:00433662 40
:00433663 0020
:00433665 CB
inc eax
retf
:00433666
:00433667
:00433669
:0043366A
:0043366B
:0043366C
:0043366E
:00433670
:00433671
:00433672
:00433673
inc eax
push esp
push eax
outsd
jo 004336E3
jo 004336BC
BYTE 69h
BYTE 73h
BYTE 74h
BYTE 90h
40
000A
54
50
6F
7075
704C
69
73
74
90

|:004339D1 , :00433B59
|
:00433674 55
push ebp
:00433675 8BEC
mov ebp, esp
:00433677 81C4ACFEFFFF
add esp, FFFFFEAC
:0043367D C785ACFEFFFF54010000
:00433687 6A00
push 00000000
:00433689 8D85ACFEFFFF
:0043368F 50
push eax
:00433690 6A00
push 00000000
:00433692 6A29
push 00000029

|
:00433694 E8AF2DFDFF
Call 00406448
:00433699 85C0
test eax, eax
:0043369B 740E
je 004336AB
:0043369D 8D854CFFFFFF
:004336A3 50
push eax
|
:004336A4 E86727FDFF
Call 00405E10
:004336A9 EB07
jmp 004336B2
|:0043369B(C)
|
:004336AB 6A0D
push 0000000D
|
:004336AD E82E28FDFF
Call 00405EE0
|:004336A9(U)
|
:004336B2 8BE5
mov esp, ebp
:004336B4 5D
pop ebp
:004336B5 C3
ret
:004336B6
:004336B8
:004336B9
:004336BB
:004336BE
:004336BF
:004336C0
:004336C1
:004336C3
:004336C6
:004336C8
:004336C9
:004336CE
:004336D1
:004336D4
:004336D6
:004336DB
:004336DD
:004336DF
:004336E2
:004336E8
:004336E9
:004336EF
:004336F2
:004336F8
8BC0
55
8BEC
83C4D4
53
56
57
8BF2
8945FC
33C9
55
68833C4300
64FF31
648921
8B06
3D11010000
7F20
743A
83E82B
0F845D020000
48
0F84C7030000
83E827
0F843B010000
E962050000
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFD4
push ebx
push esi
push edi
mov esi, edx
xor ecx, ecx
push ebp
push 00433C83
cmp eax, 00000111
jg 004336FD
je 00433719
sub eax, 0000002B
je 00433945
dec eax
je 00433AB6
sub eax, 00000027
je 00433833
jmp 00433C5F

|:004336DB(C)
|
:004336FD
:00433702
:00433704
:00433707
:0043370D
:0043370E
:00433714
2D17010000
7454
83E808
0F8489000000
48
0F84FA040000
E946050000
sub eax, 00000117

je 00433758
sub eax, 00000008
je 00433796
dec eax
je 00433C0E
jmp 00433C5F
|:004336DD(C)
|
:00433719 8B45FC
:0043371C 8B5808
:0043371F 4B
:00433720 85DB
:00433722 0F8C37050000
:00433728 43
:00433729 33FF
|:00433751(C)
|
:0043372B 8BD7
:0043372D 8B45FC
:00433730 E84394FDFF
:00433735 668B5604
:00433739 E8C2F4FFFF
:0043373E 84C0
:00433740 740D
:00433742 33C0
:00433744 5A
:00433745 59
:00433746 59
:00433747 648910
:0043374A E94D050000
|:00433740(C)
|
:0043374F 47
:00433750 4B
:00433751 75D8
:00433753 E907050000
|:00433702(C)
|
:00433758 8B45FC
:0043375B 8B5808
:0043375E 4B
:0043375F 85DB
:00433761 0F8CF8040000
:00433767 43
:00433768 33FF

dec ebx
test ebx, ebx
jl 00433C5F
inc ebx
xor edi, edi
mov edx, edi

call 0040CB78
call 00432C00
test al, al
je 0043374F
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00433C9C
inc
dec
jne
jmp
edi
ebx
0043372B
00433C5F

dec ebx
test ebx, ebx
jl 00433C5F
inc ebx
xor edi, edi

|:0043378F(C)
|
:0043376A 8BD7
mov edx, edi
:0043376C
:0043376F
:00433774
:00433777
:0043377C
:0043377E
:00433780
:00433782
:00433783
:00433784
:00433785
:00433788
8B45FC
E80494FDFF
8B5604
E8A0F4FFFF
84C0
740D
33C0
5A
59
59
648910
E90F050000

call 0040CB78
call 00432C1C
test al, al
je 0043378D
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00433C9C
|:0043377E(C)
|
:0043378D 47
:0043378E 4B
:0043378F 75D9
:00433791 E9C9040000
|:00433707(C)
|
:00433796 C645F300
:0043379A F6460610
:0043379E 7404
:004337A0 C645F301
inc
dec
jne
jmp
edi
ebx
0043376A
00433C5F
mov [ebp-0D], 00
test [esi+06], 10
je 004337A4
mov [ebp-0D], 01

|:0043379E(C)
|
:004337A4 8B45FC
:004337A7 8B5808
:004337AA 4B
dec ebx
:004337AB 85DB
test ebx, ebx
:004337AD 7C71
jl 00433820
:004337AF 43
inc ebx
:004337B0 33FF
xor edi, edi
|:0043381E(C)
|
:004337B2 807DF301
:004337B6 7520
:004337B8 8B4608
:004337BB 85C0
:004337BD 7410
:004337BF 0FB75604
:004337C3 52
:004337C4 50

jne 004337D8
test eax, eax
je 004337CF
movzx edx, word ptr [esi+04]
push edx
push eax

|
:004337C5 E83E2AFDFF
Call 00406208
:004337CA 8945F8
:004337CD EB10
jmp 004337DF
|:004337BD(C)
|
:004337CF C745F8FFFFFFFF
:004337D6 EB07

jmp 004337DF

|:004337B6(C)
|
:004337D8 0FB74604
:004337DC 8945F8
|:004337CD(U), :004337D6(U)
|
:004337DF 8BD7
:004337E1 8B45FC
:004337E4 E88F93FDFF
:004337E9 8A4DF3
:004337EC 8B55F8
:004337EF E86CF3FFFF
:004337F4 8945F4
:004337F7 837DF400
:004337FB 741F
:004337FD 8B45F4
:00433800 8B504C
:00433803 A1302C4400
:00433808 8B00
:0043380A E825BD0000
:0043380F 33C0
:00433811 5A
:00433812 59
:00433813 59
:00433814 648910
:00433817 E980040000

mov edx, edi
call 0040CB78
mov cl, byte ptr [ebp-0D]
call 00432B60
je 0043381C
call 0043F534
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00433C9C

|:004337FB(C)
|
:0043381C 47
inc edi
:0043381D 4B
dec ebx
:0043381E 7592
jne 004337B2
|:004337AD(C)
|
:00433820 A1302C4400
:00433825 8B00
:00433827 33D2
:00433829 E806BD0000
:0043382E E92C040000
|:004336F2(C)
|
:00433833 8B4608
:00433836 8945E0
:00433839 8B45FC
:0043383C 8B5808
:0043383F 4B
:00433840 85DB
:00433842 0F8C17040000

xor edx, edx
call 0043F534
jmp 00433C5F

dec ebx
test ebx, ebx
jl 00433C5F
:00433848 43
:00433849 33FF
inc ebx
xor edi, edi
|:0043393A(C)
|
:0043384B 8BD7
:0043384D 8B45FC
:00433850 E82393FDFF
:00433855 8B10
:00433857 FF5234
:0043385A 8B55E0
:0043385D 3B420C
:00433860 7512
:00433862 8BD7
:00433864 8B45FC
:00433867 E80C93FDFF
:0043386C 8B4028
:0043386F 8945F4
:00433872 EB1A
|:00433860(C)
|
:00433874 8BD7
:00433876 8B45FC
:00433879 E8FA92FDFF
:0043387E 8B55E0
:00433881 8B520C
:00433884 B101
:00433886 E8D5F2FFFF
:0043388B 8945F4
|:00433872(U)
|
:0043388E 837DF400
:00433892 0F84A0000000
:00433898 8BD7
:0043389A 8B45FC
:0043389D E8D692FDFF
:004338A2 8B55E0
:004338A5 8B5208
:004338A8 B101
:004338AA E8E1F2FFFF
:004338AF 85C0
:004338B1 7517
:004338B3 8BD7
:004338B5 8B45FC
:004338B8 E8BB92FDFF
:004338BD 8B55E0
:004338C0 8B520C
:004338C3 33C9
:004338C5 E8C6F2FFFF
mov edx, edi

call 0040CB78
call [edx+34]
jne 00433874
mov edx, edi
call 0040CB78
jmp 0043388E
mov edx, edi

call 0040CB78
mov cl, 01
call 00432B60

je 00433938
mov edx, edi
call 0040CB78
mov cl, 01
call 00432B90
test eax, eax
jne 004338CA
mov edx, edi
call 0040CB78
xor ecx, ecx
call 00432B90

|:004338B1(C)
|
:004338CA 8B15382D4400
:004338D0 8B12
:004338D2
:004338D5
:004338D7
:004338D9
:004338E0
:004338E3
8B5260
85D2
750F
648F0500000000
83C408
E9B4030000

test edx, edx
jne 004338E8
add esp, 00000008
jmp 00433C9C
|:004338D7(C)
|
:004338E8 85C0
:004338EA 750B
:004338EC A1382D4400
:004338F1 8B8244010000
|:004338EA(C)
|
:004338F7 8B0D382D4400
:004338FD F6820802000008
:00433904 7417
:00433906 8B15302C4400
:0043390C 8B12
:0043390E 8BC8
:00433910 B808000000
:00433915 92
:00433916 E841B90000
:0043391B EB0E
|:00433904(C)
|
:0043391D 8B15302C4400
:00433923 8B12
:00433925 92
:00433926 E825B90000
|:0043391B(U)
|
:0043392B 33C0
:0043392D 5A
:0043392E 59
:0043392F 59
:00433930 648910
:00433933 E964030000
|:00433892(C)
|
:00433938 47
:00433939 4B
:0043393A 0F850BFFFFFF
:00433940 E91A030000
test eax, eax

jne 004338F7

test byte ptr [edx+00000208], 08
je 0043391D
mov ecx, eax
mov eax, 00000008
xchg eax,edx
call 0043F25C
jmp 0043392B

xchg eax,edx
call 0043F250
xor
pop
pop
pop
mov
jmp
inc
dec
jne
jmp
eax, eax
edx
ecx
ecx
00433C9C
edi
ebx
0043384B
00433C5F

|:004336E2(C)
|
:00433945 8B4608
:00433948 8945DC
:0043394B
:0043394E
:00433951
:00433952
:00433954
:0043395A
:0043395B
8B45FC
8B5808
4B
85DB
0F8C05030000
43
33FF
|:00433AAB(C)
|
:0043395D 8BD7
:0043395F 8B45FC
:00433962 E81192FDFF
:00433967 8B55DC
:0043396A 8B5208
:0043396D 33C9
:0043396F E8ECF1FFFF
:00433974 8945F4
:00433977 837DF400
:0043397B 0F8428010000
:00433981 B201
:00433983 A130EB4100
:00433988 E84F0FFEFF
:0043398D 8945EC
:00433990 33C0
:00433992 55
:00433993 68953A4300
:00433998 64FF30
:0043399B 648920
:0043399E 6A0D

dec ebx
test ebx, ebx
jl 00433C5F
inc ebx
xor edi, edi
mov edx, edi
call 0040CB78
xor ecx, ecx
call 00432B60
je 00433AA9
mov dl, 01
call 004148DC
xor eax, eax
push ebp
push 00433A95
push 0000000D

|
:004339A0 E83B25FDFF
Call 00405EE0
:004339A5 50
push eax
:004339A6 8B45DC
:004339A9 8B4018
:004339AC 50
push eax
|
:004339AD E8B625FDFF
Call 00405F68
:004339B2 8945E8
:004339B5 33C0
xor eax, eax
:004339B7 55
push ebp
:004339B8 68783A4300
push 00433A78
:004339BD 64FF30
:004339C0 648920
:004339C3 8B45DC
:004339C6 8B5018
:004339C9 8B45EC
:004339CC E80F15FEFF
call 00414EE0
:004339D1 E89EFCFFFF
call 00433674
:004339D6 8BD0
mov edx, eax
:004339D8 8B45EC
:004339DB 8B400C
:004339DE E89507FEFF
call 00414178
:004339E3 8B45DC
:004339E6 F6401001
test [eax+10], 01
:004339EA
:004339EC
:004339EF
:004339F2
:004339F7
:004339FC
:004339FF
:00433A02
:00433A07
:00433A0C
7422
8B45EC
8B4014
BA0D000080
E8900DFEFF
8B45EC
8B400C
BA0E000080
E8BC05FEFF
EB20
je 00433A0E
mov eax, dword ptr
mov eax, dword ptr
mov edx, 8000000D
call 0041478C
mov eax, dword ptr
mov eax, dword ptr
mov edx, 8000000E
call 00413FC8
jmp 00433A2E
[ebp-14]
[eax+14]
[ebp-14]
[eax+0C]
|:004339EA(C)
|
:00433A0E 8B45EC
:00433A11 8B4014
:00433A14 BA04000080
:00433A19 E86E0DFEFF
:00433A1E 8B45EC
:00433A21 8B400C
:00433A24 BA07000080
:00433A29 E89A05FEFF
|:00433A0C(U)
|
:00433A2E 8B45DC
:00433A31 F6401001
:00433A35 0F95C0
:00433A38 50
:00433A39 8B45DC
:00433A3C 8D481C
:00433A3F 8B55EC
:00433A42 8B45F4
:00433A45 8B18
:00433A47 FF5330
:00433A4A 33C0
:00433A4C 5A
:00433A4D 59
:00433A4E 59
:00433A4F 648910
:00433A52 687F3A4300
|:00433A7D(U)
|
:00433A57 33D2
:00433A59 8B45EC
:00433A5C E87F14FEFF
:00433A61 837DE800
:00433A65 7410
:00433A67 8B45E8
:00433A6A 50
:00433A6B 8B45DC
:00433A6E 8B4018
:00433A71 50
mov eax, dword ptr

mov eax, dword ptr
mov edx, 80000004
call 0041478C
mov eax, dword ptr
mov eax, dword ptr
mov edx, 80000007
call 00413FC8
[ebp-14]
[eax+14]
[ebp-14]
[eax+0C]

test [eax+10], 01
setne al
push eax
call [ebx+30]
xor eax, eax
pop edx
pop ecx
pop ecx
push 00433A7F
xor edx, edx

call 00414EE0
je 00433A77
push eax
push eax

|
:00433A72 E8F124FDFF
Call 00405F68
|:00433A65(C)
|
:00433A77 C3
:00433A78 E9FBF7FCFF
:00433A7D EBD8
:00433A7F 33C0
:00433A81 5A
:00433A82 59
:00433A83 59
:00433A84 648910
:00433A87 689C3A4300
|:00433A9A(U)
|
:00433A8C 8B45EC
:00433A8F E88CF1FCFF
:00433A94 C3
:00433A95
:00433A9A
:00433A9C
:00433A9E
:00433A9F
:00433AA0
:00433AA1
:00433AA4
jmp
jmp
xor
pop
pop
pop
mov
jmp
E9DEF7FCFF
EBF0
33C0
5A
59
59
648910
E9F3010000
ret
jmp 00403278
jmp 00433A57
xor eax, eax
pop edx
pop ecx
pop ecx
push 00433A9C

call 00402C20
ret
00403278
00433A8C
eax, eax
edx
ecx
ecx
00433C9C
|:0043397B(C)
|
:00433AA9 47
:00433AAA 4B
:00433AAB 0F85ACFEFFFF
:00433AB1 E9A9010000
|:004336E9(C)
|
:00433AB6 8B4608
:00433AB9 8945D8
:00433ABC 8B45FC
:00433ABF 8B5808
:00433AC2 4B
:00433AC3 85DB
:00433AC5 0F8C94010000
:00433ACB 43
:00433ACC 33FF
|:00433C06(C)
|
:00433ACE 8BD7
:00433AD0 8B45FC
:00433AD3 E8A090FDFF
:00433AD8 8B55D8
:00433ADB 8B5208
inc
dec
jne
jmp
edi
ebx
0043395D
00433C5F

dec ebx
test ebx, ebx
jl 00433C5F
inc ebx
xor edi, edi
mov edx, edi

call 0040CB78
:00433ADE
:00433AE0
:00433AE5
:00433AE8
:00433AEC
:00433AF2
:00433AF5
:00433AF8
33C9
E87BF0FFFF
8945F4
837DF400
0F8412010000
8B45FC
8B4010
50
xor ecx, ecx

call 00432B60
je 00433C04
push eax

|
:00433AF9 E83A27FDFF
Call 00406238
:00433AFE 8945E4
:00433B01 33C0
xor eax, eax
:00433B03 55
push ebp
:00433B04 68F03B4300
push 00433BF0
:00433B09 64FF30
:00433B0C 648920
:00433B0F B201
mov dl, 01
:00433B11 A130EB4100
:00433B16 E8C10DFEFF
call 004148DC
:00433B1B 8945EC
:00433B1E 33C0
xor eax, eax
:00433B20 55
push ebp
:00433B21 68CB3B4300
push 00433BCB
:00433B26 64FF30
:00433B29 648920
:00433B2C 6A0D
push 0000000D
|
:00433B2E E8AD23FDFF
Call 00405EE0
:00433B33 50
push eax
:00433B34 8B45E4
:00433B37 50
push eax
|
:00433B38 E82B24FDFF
Call 00405F68
:00433B3D 8945E8
:00433B40 33C0
xor eax, eax
:00433B42 55
push ebp
:00433B43 68AE3B4300
push 00433BAE
:00433B48 64FF30
:00433B4B 648920
:00433B4E 8B55E4
:00433B51 8B45EC
:00433B54 E88713FEFF
call 00414EE0
:00433B59 E816FBFFFF
call 00433674
:00433B5E 8BD0
mov edx, eax
:00433B60 8B45EC
:00433B63 8B400C
:00433B66 E80D06FEFF
call 00414178
:00433B6B 8B45D8
:00433B6E 83C010
add eax, 00000010
:00433B71 50
push eax
:00433B72 8B45D8
:00433B75 8D480C
:00433B78 8B55EC
:00433B7B 8B45F4
:00433B7E
:00433B83
:00433B85
:00433B86
:00433B87
:00433B88
:00433B8B
E84DE1FFFF
33C0
5A
59
59
648910
68B53B4300
|:00433BB3(U)
|
:00433B90 33D2
:00433B92 8B45EC
:00433B95 E84613FEFF
:00433B9A 837DE800
:00433B9E 740D
:00433BA0 8B45E8
:00433BA3 50
:00433BA4 8B45E4
:00433BA7 50
call 00431CD0
xor eax, eax
pop edx
pop ecx
pop ecx
push 00433BB5
xor edx, edx
call 00414EE0
je 00433BAD
push eax
push eax

|
:00433BA8 E8BB23FDFF
Call 00405F68
|:00433B9E(C)
|
:00433BAD C3
:00433BAE E9C5F6FCFF
:00433BB3 EBDB
:00433BB5 33C0
:00433BB7 5A
:00433BB8 59
:00433BB9 59
:00433BBA 648910
:00433BBD 68D23B4300
|:00433BD0(U)
|
:00433BC2 8B45EC
:00433BC5 E856F0FCFF
:00433BCA C3
:00433BCB
:00433BD0
:00433BD2
:00433BD4
:00433BD5
:00433BD6
:00433BD7
:00433BDA
jmp 00403278
jmp 00433BC2
xor eax, eax
pop edx
pop ecx
pop ecx
push 00433BF7
E9A8F6FCFF
EBF0
33C0
5A
59
59
648910
68F73B4300
ret
jmp 00403278
jmp 00433B90
xor eax, eax
pop edx
pop ecx
pop ecx
push 00433BD2

call 00402C20
ret

|:00433BF5(U)
|
:00433BDF 8B45E4
:00433BE2 50
push eax
:00433BE3 8B45FC
:00433BE6 8B4010
:00433BE9 50

push eax

|
:00433BEA E87127FDFF
Call 00406360
:00433BEF C3
ret
:00433BF0
:00433BF5
:00433BF7
:00433BF9
:00433BFA
:00433BFB
:00433BFC
:00433BFF
E983F6FCFF
EBE8
33C0
5A
59
59
648910
E998000000
|:00433AEC(C)
|
:00433C04 47
:00433C05 4B
:00433C06 0F85C2FEFFFF
:00433C0C EB51
jmp
jmp
xor
pop
pop
pop
mov
jmp
00403278
00433BDF
eax, eax
edx
ecx
ecx
00433C9C

inc
dec
jne
jmp
edi
ebx
00433ACE
00433C5F

|:0043370E(C)
|
:00433C0E 8B45FC
:00433C11 8B5808
:00433C14 4B
dec ebx
:00433C15 85DB
test ebx, ebx
:00433C17 7C46
jl 00433C5F
:00433C19 43
inc ebx
:00433C1A 33FF
xor edi, edi
|:00433C5D(C)
|
:00433C1C 8BD7
:00433C1E 8B45FC
:00433C21 E8528FFDFF
:00433C26 8945D4
:00433C29 8B45D4
:00433C2C 8B10
:00433C2E FF5234
:00433C31 3B4608
:00433C34 7411
:00433C36 8B5608
:00433C39 B101
:00433C3B 8B45D4
:00433C3E E81DEFFFFF
:00433C43 85C0
:00433C45 7414

mov edx, edi
call 0040CB78
call [edx+34]
je 00433C47
mov cl, 01
call 00432B60
test eax, eax
je 00433C5B

|:00433C34(C)
|
:00433C47
:00433C49
:00433C4C
:00433C51
:00433C53
:00433C54
:00433C55
:00433C56
:00433C59
8BD6
8B45D4
E85BF6FFFF
33C0
5A
59
59
648910
EB41
mov edx, esi

call 004332AC
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 00433C9C

|:00433C45(C)
|
:00433C5B 47
inc edi
:00433C5C 4B
dec ebx
:00433C5D 75BD
jne 00433C1C
|:004336F8(U), :00433714(U), :00433722(C), :00433753(U), :00433761(C)
|:00433791(U), :0043382E(U), :00433842(C), :00433940(U), :00433954(C)
|:00433AB1(U), :00433AC5(C), :00433C0C(U), :00433C17(C)
|
:00433C5F 8B4608
:00433C62 50
push eax
:00433C63 8B4604
:00433C66 50
push eax
:00433C67 8B06
:00433C69 50
push eax
:00433C6A 8B45FC
:00433C6D 8B4010
:00433C70 50
push eax
|
:00433C71 E8EA23FDFF
Call 00406060
:00433C76 89460C
:00433C79 33C0
xor eax, eax
:00433C7B 5A
pop edx
:00433C7C 59
pop ecx
:00433C7D 59
pop ecx
:00433C7E 648910
:00433C81 EB19
jmp 00433C9C
:00433C83 E9E8F3FCFF
jmp 00403070
:00433C88 A1302C4400
:00433C8D 8B00
:00433C8F 8B55FC
:00433C92 E8CDB10000
call 0043EE64
:00433C97 E884F6FCFF
call 00403320
|:0043374A(U), :00433788(U), :00433817(U), :004338E3(U), :00433933(U)
|:00433AA4(U), :00433BFF(U), :00433C59(U), :00433C81(U)
|
:00433C9C 5F
pop edi
:00433C9D 5E
pop esi
:00433C9E 5B
pop ebx
:00433C9F 8BE5
mov esp, ebp
:00433CA1 5D
pop ebp
:00433CA2 C3
ret
:00433CA3 90
nop

|:00433D36
|
:00433CA4 53
push ebx
:00433CA5 56
push esi
:00433CA6 8BF2
mov esi, edx
:00433CA8 8BD8
mov ebx, eax
:00433CAA 837B0800
:00433CAE 750E
jne 00433CBE
:00433CB0 53
push ebx
:00433CB1 68B8364300
push 004336B8
:00433CB6 E8F52C0000
call 004369B0
:00433CBB 894310
|:00433CAE(C)
|
:00433CBE 8BD6
:00433CC0 8BC3
:00433CC2 E8998DFDFF
:00433CC7 5E
:00433CC8 5B
:00433CC9 C3
:00433CCA 8BC0
mov eax, eax
mov edx, esi

mov eax, ebx
call 0040CA60
pop esi
pop ebx
ret

|:00433D6A
|
:00433CCC 53
push ebx
:00433CCD 8BD8
mov ebx, eax
:00433CCF 8BC3
mov eax, ebx
:00433CD1 E86E90FDFF
call 0040CD44
:00433CD6 837B0800
:00433CDA 7508
jne 00433CE4
:00433CDC 8B4310
:00433CDF E8882D0000
call 00436A6C
|:00433CDA(C)
|
:00433CE4 5B
pop ebx
:00433CE5 C3
ret
:00433CE6
:00433CE8
:00433CE9
:00433CEA
:00433CEC
:00433CEE
:00433CF1
8BC0
53
56
84D2
7408
83C4F0
E80EF2FCFF
mov eax, eax

push ebx
push esi
test dl, dl
je 00433CF6
add esp, FFFFFFF0
call 00402F04

|:00433CEC(C)
|
:00433CF6
:00433CF8
:00433CFA
:00433CFC
:00433CFE
:00433D03
:00433D0A
:00433D11
:00433D14
:00433D17
:00433D1E
:00433D23
:00433D25
:00433D28
:00433D2B
:00433D2F
:00433D31
:00433D36
:00433D3B
:00433D3D
:00433D3F
:00433D41
:00433D46
:00433D4D
8BDA
8BF0
33D2
8BC6
E87DECFFFF
C74648FFFFFFFF
C7464CFFFFFFFF
8B4628
897078
C740748C3D4300
A1302C4400
8B00
8B4024
89462C
C6465101
8BD6
A1A0374400
E869FFFFFF
8BC6
84DB
740F
E816F2FCFF
648F0500000000
83C40C
mov ebx, edx

mov esi, eax
xor edx, edx
mov eax, esi
call 00432980
mov [esi+48], FFFFFFFF
mov [esi+4C], FFFFFFFF
mov [eax+74], 00433D8C
mov [esi+51], 01
mov edx, esi
call 00433CA4
mov eax, esi
test bl, bl
je 00433D50
call 00402F5C
add esp, 0000000C

|:00433D3F(C)
|
:00433D50 8BC6
mov eax, esi
:00433D52 5E
pop esi
:00433D53 5B
pop ebx
:00433D54 C3
ret
:00433D55
:00433D58
:00433D59
:00433D5A
:00433D5F
:00433D61
:00433D63
:00433D65
:00433D6A
:00433D6F
:00433D71
:00433D74
:00433D76
:00433D7B
:00433D7D
:00433D7F
:00433D81
8D4000
53
56
E805F2FCFF
8BDA
8BF0
8BD6
A1A0374400
E85DFFFFFF
8BD3
80E2FC
8BC6
E891ECFFFF
84DB
7E07
8BC6
E8CEF1FCFF

push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
mov edx, esi
call 00433CCC
mov edx, ebx
and dl, FC
mov eax, esi
call 00432A0C
test bl, bl
jle 00433D86
mov eax, esi
call 00402F54

|:00433D7D(C)
|
:00433D86 5E
pop esi
:00433D87 5B
pop ebx
:00433D88 C3
ret
:00433D89 8D4000

|:00433E73
|
:00433D8C 53
push ebx
:00433D8D 6683785E00
:00433D92 7408
je 00433D9C
:00433D94 8BD8
mov ebx, eax
:00433D96 8B4360
:00433D99 FF535C
call [ebx+5C]
|:00433D92(C)
|
:00433D9C 5B
pop ebx
:00433D9D C3
ret
:00433D9E 8BC0
mov eax, eax

|:00432BCB
|
:00433DA0 8B4028
:00433DA3 8B4048
:00433DA6 C3
ret
:00433DA7
:00433DA8
:00433DAB
:00433DAE
90
8B4028
895048
C3
:00433DAF 90
nop
ret
nop

|:00433E6A
|
:00433DB0 53
push ebx
:00433DB1 8BD8
mov ebx, eax
:00433DB3 A1502D4400
:00433DB8 80780900
:00433DBC 7437
je 00433DF5
:00433DBE 807B3500
:00433DC2 7431
je 00433DF5
:00433DC4 8D4348
:00433DC7 E8D4C7FFFF
call 004305A0
:00433DCC 85C0
test eax, eax
:00433DCE 7410
je 00433DE0
:00433DD0 8A504F
:00433DD3 8BC3
mov eax, ebx
:00433DD5 E8F2F6FFFF
call 004334CC
:00433DDA C6433501
mov [ebx+35], 01
:00433DDE EB15
jmp 00433DF5
|:00433DCE(C)
|
:00433DE0
:00433DE5
:00433DE7
:00433DEA
:00433DEC
:00433DF1
A1302C4400
8B00
8A5028
8BC3
E8DBF6FFFF
C6433501

mov eax, ebx
call 004334CC
mov [ebx+35], 01

|:00433DBC(C), :00433DC2(C), :00433DDE(U)
|
:00433DF5 5B
pop ebx
:00433DF6 C3
ret
:00433DF7 90
nop

|:00433E98
|
:00433DF8 53
push ebx
:00433DF9 33D2
xor edx, edx
:00433DFB 8B0D502D4400
:00433E01 80790900
:00433E05 7436
je 00433E3D
:00433E07 80783500
:00433E0B 7429
je 00433E36
:00433E0D 83C048
add eax, 00000048
:00433E10 E88BC7FFFF
call 004305A0
:00433E15 85C0
test eax, eax
:00433E17 740D
je 00433E26
:00433E19 66BBCFFF
mov bx, FFCF
:00433E1D E8D2EFFCFF
call 00402DF4
:00433E22 8BD0
mov edx, eax
:00433E24 EB17
jmp 00433E3D
|:00433E17(C)
|
:00433E26 A1302C4400
:00433E2B 8B00
:00433E2D E832A20000
:00433E32 8BD0
:00433E34 EB07

call 0043E064
mov edx, eax
jmp 00433E3D

|:00433E0B(C)
|
:00433E36 80782401
:00433E3A 0F94C2
sete dl
|:00433E05(C), :00433E24(U), :00433E34(U)
|
:00433E3D 8BC2
mov eax, edx
:00433E3F 5B
pop ebx
:00433E40 C3
ret
:00433E41 8D4000
:00433E44 53

push ebx
:00433E45
:00433E46
:00433E47
:00433E4A
:00433E4C
:00433E4E
:00433E50
:00433E52
:00433E54
:00433E56
:00433E5B
:00433E5E
:00433E61
:00433E65
:00433E68
:00433E6A
:00433E6F
:00433E71
:00433E73
:00433E78
:00433E7B
:00433E80
:00433E82
:00433E87
:00433E89
:00433E8E
:00433E91
:00433E92
:00433E94
:00433E95
:00433E96
:00433E98
:00433E9D
:00433EA0
:00433EA3
:00433EAA
:00433EAC
:00433EAF
:00433EB3
:00433EB5
:00433EB8
:00433EC0
:00433EC3
:00433EC4
:00433EC7
:00433ECC
56
57
83C4F8
8BF9
8BF2
8BD8
8BCC
8BD7
8BC6
E82583FDFF
8B0424
894348
8B442404
89434C
8BC3
E841FFFFFF
8BD3
8BC3
E814FFFFFF
8B4328
E8A8D4FFFF
8BC3
E85DF1FFFF
6A00
A1A0374400
8B4010
50
6A00
57
56
8BC3
E85BFFFFFF
83E07F
8D0440
8D044518284400
33D2
8A5350
668B0450
33D2
8A5358
660B045524284400
0FB7C0
50
8B4328
E868D5FFFF
50
push esi
push edi
add esp, FFFFFFF8
mov edi, ecx
mov esi, edx
mov ebx, eax
mov ecx, esp
mov edx, edi
mov eax, esi
call 0040C180
mov eax, ebx
call 00433DB0
mov edx, ebx
mov eax, ebx
call 00433D8C
call 00431328
mov eax, ebx
call 00432FE4
push 00000000
push eax
push 00000000
push edi
push esi
mov eax, ebx
call 00433DF8
and eax, 0000007F
lea eax, dword ptr [2*eax+00442818]
xor edx, edx
mov ax, word ptr [eax+2*edx]
xor edx, edx
or ax, word ptr [2*edx+00442824]
movzx eax, ax
push eax
call 00431434
push eax
* Reference To: user32.TrackPopupMenu, Ord:0000h

|
:00433ECD E87E25FDFF
Call 00406450
:00433ED2 59
pop ecx
:00433ED3 5A
pop edx
:00433ED4 5F
pop edi
:00433ED5 5E
pop esi
:00433ED6 5B
pop ebx
:00433ED7 C3
ret
:00433ED8 1200
:00433EDA 0000

:00433EDC
:00433EDD
:00433EDE
:00433EDF
:00433EE6
:00433EE7
:00433EEA
:00433EEB
:00433EF2
:00433EF3
:00433EF9
:00433EFD
:00433EFE
:00433EFF
:00433F05
:00433F06
:00433F07
:00433F0A
:00433F0B
:00433F0F
:00433F15
:00433F16
:00433F17
:00433F1A
:00433F1B
:00433F1F
:00433F21
:00433F26
:00433F27
:00433F2E
:00433F2F
:00433F31
:00433F35
:00433F36
:00433F37
:00433F39
:00433F3B
:00433F3F
:00433F45
:00433F46
:00433F47
:00433F4E
:00433F4F
:00433F56
:00433F57
:00433F59
:00433F5D
:00433F5E
:00433F5F
:00433F61
:00433F65
:00433F66
:00433F67
:00433F69
:00433F6D
:00433F6F
:00433F71
:00433F72
:00433F77
:00433F7A
94
27
44
00B42A44009027
44
00782A
44
008C274400342A
44
00882744005C
2A440084
27
44
00982C440080
27
44
00682A
44
007C2744
00902B440078
27
44
00242B
44
00742744
0010
2D44007027
44
000C2D44006C27
44
00DC
2A440068
27
44
00D8
2C44
00642744
00A02C440060
27
44
003C2D44005C27
44
001C2D44005827
44
00E8
2A440054
27
44
00F8
2A440050
27
44
0038
2B440055
8BEC
33C0
55
68BC3F4300
64FF30
648920
xchg eax,esp
daa
inc esp
add byte ptr [edx+ebp+27900044], dh
inc esp
inc esp
add byte ptr [edi+2A340044], cl
inc esp
add byte ptr [eax+5C004427], cl
sub al, byte ptr [eax+eax-7C]
daa
inc esp
add byte ptr [eax+8000442C], bl
daa
inc esp
add byte ptr [eax+2A], ch
inc esp
add byte ptr [edi+44], bh
add byte ptr [eax+7800442B], dl
daa
inc esp
add byte ptr [ebx+ebp], ah
inc esp
add byte ptr [edi+44], dh
sub eax, 27700044
inc esp
add byte ptr [ebp+276C0044], cl
inc esp
add ah, bl
daa
inc esp
add al, bl
sub al, 44
add byte ptr [edi+44], ah
add byte ptr [eax+6000442C], ah
daa
inc esp
add byte ptr [ebp+275C0044], bh
inc esp
add byte ptr [ebp+27580044], bl
inc esp
add al, ch
daa
inc esp
add al, bh
daa
inc esp
sub eax, dword ptr [eax+eax+55]
mov ebp, esp
xor eax, eax
push ebp
push 00433FBC
:00433F7D
:00433F83
:00433F85
:00433F8A
:00433F8F
:00433F94
:00433F99
:00433F9E
:00433FA3
:00433FA9
FF0598374400
7529
A1A0374400
E891ECFCFF
A19C374400
E887ECFCFF
B850274400
B912000000
8B157C104000
E84E00FDFF

jne 00433FAE
call 00402C20
call 00402C20
mov eax, 00442750
mov ecx, 00000012
call 00403FFC
|:00433F83(C)
|
:00433FAE 33C0
:00433FB0 5A
:00433FB1 59
:00433FB2 59
:00433FB3 648910
:00433FB6 68C33F4300
|:00433FC1(U)
|
:00433FBB C3
:00433FBC E9B7F2FCFF
:00433FC1 EBF8
:00433FC3 5D
:00433FC4 C3
:00433FC5
:00433FC8
:00433FC9
:00433FCB
:00433FCC
:00433FD3
:00433FD5
:00433FDA
:00433FDF
:00433FE4
:00433FE7
:00433FEA
:00433FEC
:00433FF1
:00433FF3
:00433FF8
:00433FFD
:00434002
:00434004
:00434009
:0043400E

push ebp
mov ebp, esp
push ecx
sub dword ptr [00443798], 00000001
jnb 00434013
mov eax, 00433ED8
call 004035C8
xor edx, edx
call 0040C520
mov dl, 01
call 00402BF0
mov dl, 01
call 00402BF0
8D4000
55
8BEC
51
832D9837440001
733E
B8D83E4300
E8E9F5FCFF
A190FD4200
8945FC
8D45FC
33D2
E82F85FDFF
B201
A110B64000
E8F3EBFCFF
A39C374400
B201
A114364300
E8E2EBFCFF
A3A0374400
xor eax, eax

pop edx
pop ecx
pop ecx
push 00433FC3
ret
jmp 00403278
jmp 00433FBB
pop ebp
ret

|:00433FD3(C)
|
:00434013 59
pop ecx
:00434014 5D
pop ebp
:00434015 C3
ret
:00434016
:00434018
:0043401A
:0043401B
:0043401D
:00434022
:00434023
:00434024
:00434025
:00434026
:00434027
:00434029
:0043402A
:0043402C
:0043402E
:00434030
:00434031
8BC0
1C40
43
0001
0D54536372
6F
6C
6C
42
61
7249
6E
6303
0100
0000
FF
7F00
mov eax, eax

sbb al, 40
inc ebx
or eax, 72635354
outsd
insb
insb
inc edx
popad
jb 00434072
outsb
arpl dword ptr [ebx], eax
BYTE 0ffh
jg 00434033

|:00434031(C)
|
:00434033 0038
:00434035 40
inc eax
:00434036 43
inc ebx
:00434037 0003
:00434039 0F
BYTE 0fh
:0043403A 54
push esp
:0043403B 53
push ebx
:0043403C 63726F
:0043403F 6C
insb
:00434040 6C
insb
:00434041 42
inc edx
:00434042 61
popad
:00434043 7253
jb 00434098
:00434045 7479
je 004340C0
:00434047 6C
insb
:00434048 650100
:0043404B 000000
BYTE 3 DUP(0)
:0043404E
:00434050
:00434052
:00434054
:00434055
:00434057
:00434059
:0043405A
:0043405E
:0043405F
:00434061
:00434063
:00434064
:00434065
:00434066
:00434068
0200
0000
3440
43
0009
7373
52
6567756C
61
7206
7373
46
6C
61
740A
7373

xor al, 40
inc ebx
jnb 004340CC
push edx
jne 004340CA
popad
jb 00434067
jnb 004340D6
inc esi
insb
popad
je 00434072
jnb 004340DD

|:004340DD(C)
|
:0043406A
:0043406B
:0043406C
:0043406E
:00434070
:00434073
:00434076
:00434077
:00434081
48
6F
7454
7261
636B8B
C0C040
43
00000000000000000000
000000
dec eax
outsd
je 004340C2
jb 004340D1
rol al, 40
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00434084
:00434086
:00434087
:00434091
E440
43
00000000000000000000
000000
in al, 40
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00434094
:00434095
:00434096
:00434097
:0043409A
:0043409C
CC
40
43
004800
0000
64
int 03
inc eax
inc ebx
BYTE 064h
:0043409D B640
:0043409F 0028
:004340A1 2E
mov dh, 40
BYTE 02eh
:004340A2
:004340A3
:004340A6
:004340A7
:004340A9
40
00342E
40
0038
2E
inc eax
inc eax
BYTE 02eh
:004340AA
:004340AB
:004340AE
:004340AF
:004340B1
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:004340B2
:004340B3
:004340BA
:004340BB
:004340BD
40
00B42B4000C82B
40
00DC
D14000
inc
add
inc
add
rol
eax
eax
ah, bl
dword ptr [eax+00], 1

|:00434045(C)
|
:004340C0 0CD3
or al, D3
|:0043406C(C)
|
:004340C2 40
inc eax
:004340C3 0014D3
:004340C6 40
:004340C7 00486D

inc eax
add byte ptr [eax+6D], cl

|:0043405C(C)
|
:004340CA 43
inc ebx
:004340CB 0011
:004340CD 54
push esp
:004340CE 43
inc ebx
:004340CF 6F
outsd
:004340D0 6E
outsb
|:0043406E(C)
|
:004340D1 7472
je 00434145
:004340D3 6F
outsd
:004340D4 6C
insb
:004340D5 53
push ebx
|:00434061(C)
|
:004340D6 63726F
:004340D9 6C
insb
:004340DA 6C
insb
:004340DB 42
inc edx
:004340DC 61
popad
|:00434068(C)
|
:004340DD 728B
:004340DF C0E440
:004340E2 43
:004340E3 0007
:004340E5 1154436F
:004340E9 6E
:004340EA 7472
:004340EC 6F
:004340ED 6C
:004340EE 53
:004340EF 63726F
:004340F2 6C
:004340F3 6C
:004340F4 42
:004340F5 61
:004340F6 72C0
:004340F8 40
:004340F9 43
:004340FA 00D8
:004340FC B640
:004340FE 000D0005466F
:00434104 726D
:00434106 730D
:00434108 003C10
:0043410B 40
:0043410C 002400

jb 0043406A
shl ah, 40
inc ebx
adc dword ptr [ebx+2*eax+6F], edx
outsb
je 0043415E
outsd
insb
push ebx
insb
insb
inc edx
popad
jb 004340B8
inc eax
inc ebx
add al, bl
mov dh, 40
add byte ptr [6F460500], cl
jb 00434173
jnb 00434115
inc eax
:0043410F
:00434111
:00434113
:00434114
:00434116
00FF
1C74
43
0001
000000000000
add bh, bh
sbb al, 74
inc ebx
BYTE 6 DUP(0)
:0043411C 800000
:0043411F 00000000

BYTE 4 DUP(0)
:00434123
:00434126
:00434128
:00434129
:0043412A
:0043412B
:00434132
:00434134
:00434136
:00434138
:00434139
:0043413B

je 0043419C
outsd
outsb
push ebx
imul edi, dword ptr [edx+65], 004124BC
sub byte ptr [eax], al
add bh, bh
xor al, 74
inc ebx
BYTE 6 DUP(0)
0A4275
7474
6F
6E
53
697A65BC244100
2800
00FF
3474
43
0001
000000000000
:00434141 80140000
adc byte ptr [eax+eax], 00
|:004340D1(C)
|
:00434145 800100
:00434148 05436F6C6F
:0043414D 7218
:0043414F 40
:00434150 43
:00434151 0008
:00434153 0000
:00434155 FF08
:00434157 0000
:00434159 FF406D
:0043415C 43
:0043415D 00000000
:00434161
:00434164
:00434166
:00434168
:0043416B
:0043416E
:0043416F
or byte ptr [eax], 00

or dword ptr [ecx+6E], ecx
insd
BYTE 065h
800800
0000
0200
09496E
637265
6D
65
:00434170 6E
:00434171 7468
add byte ptr [ecx],

add eax, 6F6C6F43
jb 00434167
inc eax
inc ebx
add byte ptr [eax],
add byte ptr [eax],
dec dword ptr [eax]
add byte ptr [eax],
inc [eax+6D]
inc ebx
BYTE 4 DUP(0)
00
cl
al
al
outsb
je 004341DB

|:00434104(C)
|
:00434173 104000
:00434176
:00434178
:0043417A
:0043417C
:0043417E
:00434180
1A00
00FF
1A00
00FF
0100
0000000000
sbb al, byte ptr [eax]

add bh, bh
add bh, bh
BYTE 5 DUP(0)
:00434185
:00434188
:0043418A
:0043418C
:0043418D
:0043418E
:0043418F
:00434191
:00434198
:0043419A
:0043419D
:0043419E
:004341A0
800000
0000
0300
06
4D
61
7267
696E001040002C
0000
FF5074
43
0001
000000000000

push es
dec ebp
popad
jb 004341F8
call [eax+74]
inc ebx
BYTE 6 DUP(0)
:004341A6
:004341A9
:004341AB
:004341AD
:004341B0
:004341B2
:004341B3
:004341B5
:004341B6
:004341B7
:004341B8
:004341BA
:004341BD
:004341BF
:004341C1
:004341C6
800100
0000
0400
0B5061
7265
6E
7443
6F
6C
6F
723C
104000
0C00
00FF
6874430001
000000000000

add al, 00
or edx, dword ptr [eax+61]
jb 00434217
outsb
je 004341F8
outsd
insb
outsd
jb 004341F6
or al, 00
add bh, bh
push 01004374
BYTE 6 DUP(0)
:004341CC
:004341CF
:004341D1
:004341D6
:004341D8
:004341DA
800000
0000
050008506F
7369
7469
6F

add eax, 6F500800
jnb 00434241
je 00434243
outsd
|:00434171(C)
|
:004341DB 6E
:004341DC 3C10
:004341DE 40
:004341DF 0010
:004341E1 0000
:004341E3 FF8C754300A075
:004341EA 43
:004341EB 00000000

outsb
cmp al, 10
inc eax
dec dword ptr [ebp+2*esi+75A00043]
inc ebx
BYTE 4 DUP(0)
:004341EF
:004341F2
:004341F4
:004341F5
:004341FB
:004341FE
:004341FF
:00434201
:00434203
:00434205
:00434207
:00434209
800000
0000
06
000552616E67
650010
40
001F
0000
FF1F
0000
FF01
000000000000

push es
add byte ptr [676E6152], al
inc eax
add byte ptr [edi], bl
call far dword ptr [edi]
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0043420F
:00434212
:00434214
:00434215
800000
0000
07
0006
add
add
pop
add
byte ptr [eax], 00

byte ptr [eax], al
es
byte ptr [esi], al
|:004341B0(C)
|
:00434217 53
:00434218 6D
:00434219 6F
:0043421A 6F
:0043421B 7468
:0043421D 3C10
:0043421F 40
:00434220 0030
:00434222 0000
:00434224 FF2C7543000100
:0043422B 0000000000
:00434230
:00434233
:00434235
:00434237
:00434239
:00434240
:00434242
:00434244
:00434245
:00434247
:00434249
800000
0000
0800
0453
697A6534404300
3400
00FF
44
7543
0001
000000000000

add al, 53
xor al, 00
add bh, bh
inc esp
jne 0043428A
BYTE 6 DUP(0)
:0043424F
:00434252
:00434254
:00434256
:0043425B
800000
0000
0900
055374796C
65

add eax, 6C797453
BYTE 065h
:0043425C
:0043425E
:0043425F
:00434261
3C10
40
0038
0000
cmp
inc
add
add
push ebx
insd
outsd
outsd
je 00434285
cmp al, 10
inc eax
jmp far dword ptr [2*esi+00010043]
BYTE 5 DUP(0)
al, 10
eax
byte ptr [eax], bh
byte ptr [eax], al
:00434263 FF5C7543
:00434267 0001
:00434269 000000000000
call far [ebp+2*esi+43]

BYTE 6 DUP(0)
:0043426F
:00434272
:00434274
:00434276
:0043427A
:0043427B
:0043427E
:00434280
:00434282
:00434283
:00434289
:0043428B
:0043428D
800000
0000
0A00
09546875
6D
625369
7A65
0010
40
001D0000FF1D
0000
FF01
000000000000

or dword ptr [eax+2*ebp+75], edx
insd
jpe 004342E5
inc eax
add byte ptr [1DFF0000], bl
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434293
:00434296
:00434298
:0043429A
:0043429E
:004342A1
:004342A2
:004342A5
:004342A6
:004342A9
:004342AB
:004342AC
:004342AE
:004342B0
800000
0000
0B00
08547261
636B69
6E
670010
40
001C00
00FF
AC
7543
0001
000000000000

or byte ptr [edx+2*esi+61], dl
outsb
add [bx+si], dl
inc eax
add bh, bh
lodsb
jne 004342F1
BYTE 6 DUP(0)
:004342B6
:004342B9
:004342BB
:004342BD
:004342BE
:004342BF
:004342C6
:004342C7
:004342CA
:004342CB
:004342D5
800100
0000
0C00
07
56
697369626C658D
40
001443
43
00000000000000000000
000000

or al, 00
pop es
push esi
imul esi, dword ptr [ebx+69], 8D656C62
inc eax
add byte ptr [ebx+2*eax], dl
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:004342D8 10444300
:004342DC 0000000000000000
adc byte ptr [ebx+2*eax], al

BYTE 8 DUP(0)
:004342E4 D0434300
:004342E8 F6434300
DWORD 004343D0
DWORD 004343F6
:004342EC 0002
:004342EE 0000

:004342F0 CC
int 03

|:004342AC(C)
|
:004342F1 F9
stc
:004342F2 41
inc ecx
:004342F3 00681C
:004342F6 41
inc ecx
:004342F7 00342E
:004342FA 40
inc eax
:004342FB 0038
:004342FD 2E
BYTE 02eh
:004342FE
:004342FF
:00434302
:00434303
:00434309
:0043430C
:00434310
:00434311
:00434313
:00434319
:0043431A
:0043431B
:0043431D
:00434320
:00434322
:00434323
:00434325
:00434326
:00434327
:00434329
:0043432A
:0043432B
:0043432D
:0043432E
:0043432F
:00434335
:00434338
:0043433D
:0043433F
:00434341
:00434343
:0043434A
:0043434B
:0043434D
:00434354
40
003C2E
40
00906B4200B4
2B4000
C82B4000
40
7843
00B89A420068
44
42
0008
D24000
3C4F
42
00DC
27
42
00FC
54
42
0028
2F
42
00801C4100C4
184100
BC18410088
1C41
00D8
7743
008C914200C095
42
00E8
9A4200149A4200
A88F
|:00434311(C)
|
:00434356 42
:00434357 00C8
:00434359 8F4200
:0043435C DC8C4200B82542
:00434363 00BC2542000051
:0043436A 42
inc eax
inc eax
enter 402B, 00
inc eax
js 00434356
inc esp
inc edx
cmp al, 4F
inc edx
add ah, bl
daa
inc edx
add ah, bh
push esp
inc edx
das
inc edx
mov esp, 88004118
sbb al, 41
add al, bl
ja 00434386
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
add al, cl
pop [edx+00]
inc edx
:0043436B
:0043436E
:0043436F
:00434372
:00434373
:00434375
:00434378
:0043437A
:0043437B
:0043437F
:00434381
:00434384
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
D469
add
inc
add
inc
add
xor
adc
inc
add
add
xor
aam
byte ptr [ecx+2*edx], ch

edx
byte ptr [edi], dl
edx
al, bl
byte ptr [edx+00], al
byte ptr [eax], dh
edx
byte ptr [ebx+esi+42], dh
byte ptr [eax], bh
al, byte ptr [edx+00]
(base105)
|:00434341(C)
|
:00434386 42
:00434387 00B051420074
:0043438D 8D4200
:00434390 F0
:00434391 8D4200
:00434394 1C89
:00434396 42
:00434397 00D4
:00434399 8D4200
:0043439C 747E4300
:004343A0 B8784300
DWORD 00437E74
DWORD 004378B8
:004343A4
:004343A7
:004343AB
:004343B2
:004343B3
:004343B5
les esp, dword ptr [ebp+42]

add byte ptr [eax+2*edi+43], bh
inc ebx
BYTE 065h
C46542
007C7843
00846442008C78
43
0020
65
inc edx
lock
sbb al, 89
inc edx
add ah, dl
:004343B6 42
:004343B7 00C8
:004343B9 64
inc edx
add al, cl
BYTE 064h
:004343BA
:004343BB
:004343BE
:004343BF
:004343C1
:004343C2
:004343C3
:004343CA
:004343CB
:004343CD
:004343CF
:004343D1
:004343D7
:004343DA
:004343DB
:004343DD
inc edx
inc edx
add al, al
insd
inc edx
inc edx
add al, bl
js 00434412
add dword ptr [eax+4*esi], edi
in ax, dx
dec eax
BYTE 0ffh
42
00148F
42
00C0
6D
42
008C8B4200808E
42
00D8
7843
0006
000500140115
013CB0
ED
FFC8
FF
:004343DE
:004343E2
:004343E6
:004343EA
:004343EE
:004343F2
BC7D4300
2C7E4300
507E4300
E87E4300
987D4300
F8784300
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
00437DBC
00437E2C
00437E50
00437EE8
00437D98
004378F8
:004343F6
:004343F8
:004343F9
:004343FC
:004343FD
:004343FE
:00434405
:00434406
:00434407
:00434409
:0043440A
:0043440B
:0043440C
:00434410
:00434411
:00434413
:00434414
:00434417
:00434418
:00434419
:00434420
:00434421
:00434422
:00434424
:00434425
:00434426
1454
53
63726F
6C
6C
696E6757696E43
6F
6E
7472
6F
6C
90
10444300
07
1454
53
63726F
6C
6C
696E6757696E43
6F
6E
7472
6F
6C
1443
adc al, 54
push ebx
insb
insb
imul ebp, dword ptr [esi+67], 436E6957
outsd
outsb
je 0043447B
outsd
insb
nop
adc byte ptr [ebx+2*eax], al
pop es
adc al, 54
push ebx
insb
insb
imul ebp, dword ptr [esi+67], 436E6957
outsd
outsb
je 00434496
outsd
insb
adc al, 43
|:004343E3(C)
|
:00434428 43
:00434429 007CFD41
:0043442D 000B
:0043442F 0005466F726D
:00434435 7302
:00434437 00E0
|:00434435(C)
|
:00434439 40
:0043443A 43
:0043443B 00EC
:0043443D 0100
:0043443F FF707A
:00434442 43
:00434443 0001
:00434445 000000000000
:0043444B 800000
:0043444E 008009000D48

add byte ptr [eax+480D0009], al
inc
add
add
add
jnb
add
ebx
byte ptr [ebp+8*edi+41], bh
byte ptr [ebx], cl
byte ptr [6D726F46], al
00434439
al, ah
inc eax
inc ebx
add ah, ch
push [eax+7A]
inc ebx
BYTE 6 DUP(0)
:00434454
:00434455
:00434457
:00434458
:0043445B
:0043445C
:0043445D
:0043445E
:0043445F
:00434461
:00434462
:00434463
:00434465
:00434467
:0043446D
6F
727A
53
63726F
6C
6C
42
61
72E0
40
43
00F0
0100
FF807A430001
000000000000
outsd
jb 004344D1
push ebx
insb
insb
inc edx
popad
jb 00434441
inc eax
inc ebx
add al, dh
inc dword ptr [eax+0100437A]
BYTE 6 DUP(0)
:00434473 800000
:00434476 00800A000D56
:0043447C 65

add byte ptr [eax+560D000A], al
BYTE 065h
:0043447D
:0043447F
:00434480
:00434483
:00434484
:00434485
:00434486
:00434487
:00434489
:0043448A
:0043448B
:0043448D
:00434491
:00434493
:00434494
:00434495
:00434497
7274
53
63726F
6C
6C
42
61
728C
44
43
0003
1054466F
726D
42
6F
7264
65
jb 004344F3
push ebx
insb
insb
inc edx
popad
jb 00434415
inc esp
inc ebx
adc byte ptr [esi+2*eax+6F], dl
jb 00434500
inc edx
outsd
jb 004344FB
BYTE 065h
:00434498
:0043449A
:0043449C
:0043449D
:004344A0
7253
7479
6C
650100
000000
jb 004344ED
je 00434515
insb
BYTE 3 DUP(0)
:004344A3
:004344A8
:004344A9
:004344AA
:004344AC
:004344AF
:004344B0
:004344B1
:004344B5
:004344B6
:004344BD
:004344BF
0500000088
44
43
0006
62734E
6F
6E
65086273
53
696E676C650A62
7353
697A6561626C65
add eax, 88000000

inc esp
inc ebx
bound esi, dword ptr [ebx+4E]
outsd
outsb
or byte ptr gs:[edx+73], ah
push ebx
imul ebp, dword ptr [esi+67], 620A656C
jnb 00434512
imul edi, dword ptr [edx+65], 656C6261
:004344C6 086273
:004344C9 44
:004344CA 69616C6F670C62
or byte ptr [edx+73], ah

inc esp
imul esp, dword ptr [ecx+6C], 620C676F
|:00434455(C)
|
:004344D1 7354
:004344D3 6F
:004344D4 6F
:004344D5 6C
:004344D6 57
:004344D7 696E646F770D62
:004344DE 7353
:004344E0 697A65546F6F6C
:004344E7 57
:004344E8 696E8BC0F04443
:004344EF 0003
:004344F1 0C54

jnb 00434527
outsd
outsd
insb
push edi
imul ebp, dword ptr
jnb 00434533
imul edi, dword ptr
push edi
imul ebp, dword ptr
add byte ptr [ebx],
or al, 54
[esi+64], 620D776F
[edx+65], 6C6F6F54
[esi-75], 4344F0C0
al

|:0043447D(C)
|
:004344F3 42
inc edx
:004344F4 6F
outsd
:004344F5 7264
jb 0043455B
:004344F7 65
BYTE 065h
:004344F8
:004344FA
:004344FC
:004344FD
7253
7479
6C
650100
jb 0043454D
je 00434575
insb
|:00434491(C)
|
:00434500 000000
:00434503 0100
:00434505 0000
:00434507 88444300
:0043450B 90
:0043450C 58
:0043450D 45
:0043450E 43
:0043450F 00000000000000000000
:00434519 000000
:0043451C 384643
:0043451F 000000000000000000
cmp byte ptr [esi+43], al

BYTE 9 DUP(0)
:00434528 14464300
:0043452C 28464300
DWORD 00434614
DWORD 00434628
:00434530 0402
:00434532 0000
add al, 02
BYTE 3 DUP(0)
mov byte ptr [ebx+2*eax], al
nop
pop eax
inc ebp
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00434534 C8424300
:00434538 681C410034
:0043453D 2E
enter 4342, 00
push 3400411C
BYTE 02eh
:0043453E 40
:0043453F 0038
:00434541 2E
inc eax
BYTE 02eh
:00434542
:00434543
:00434546
:00434547
inc
add
inc
add
40
003C2E
40
00906B4200B4
eax
eax
byte ptr [eax+B400426B], dl
|:004344F8(C)
|
:0043454D 2B4000
:00434550 C82B4000
:00434554 40
:00434555 7843
:00434557 00B89A420068
:0043455D 44
:0043455E 42
:0043455F 0008
:00434561 D24000
:00434564 3C4F
:00434566 42
:00434567 00DC
:00434569 27
:0043456A 42
:0043456B 00FC
:0043456D 54
:0043456E 42
:0043456F 0028
:00434571 2F
:00434572 42
:00434573 00801C4100C4
:00434579 184100
:0043457C BC18410088
:00434581 1C41
:00434583 00787F
:00434586 43
:00434587 008C914200C095
:0043458E 42
:0043458F 00E8
:00434591 9A4200149A4200
:00434598 A88F
|:00434555(C)
|
:0043459A 42
:0043459B 00C8
:0043459D 8F4200
:004345A0 DC8C4200B82542
:004345A7 00BC2542000051
:004345AE 42
:004345AF 002C51

enter 402B, 00
inc eax
js 0043459A
inc esp
inc edx
cmp al, 4F
inc edx
add ah, bl
daa
inc edx
add ah, bh
push esp
inc edx
das
inc edx
mov esp, 88004118
sbb al, 41
add byte ptr [eax+7F], bh
inc ebx
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
add al, cl
pop [edx+00]
inc edx
:004345B2
:004345B3
:004345B6
:004345B7
:004345B9
:004345BC
:004345BE
:004345BF
:004345C3
:004345C5
:004345C8
:004345CA
:004345CB
:004345D1
:004345D4
:004345D5
:004345D8
:004345DA
:004345DB
:004345DD
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
D469
42
00B051420074
8D4200
F0
8D4200
1C89
42
00D4
8D4200
inc edx
inc edx
add al, bl
inc edx
aam (base105)
inc edx
lock
sbb al, 89
inc edx
add ah, dl
:004345E0 747E4300
:004345E4 B8784300
DWORD 00437E74
DWORD 004378B8
:004345E8
:004345EB
:004345ED
:004345EF
:004345F6
:004345F7
:004345F9

add al, bl
jg 00434632
inc ebx
BYTE 065h
C46542
00D8
7F43
00846442008C78
43
0020
65
:004345FA 42
:004345FB 00C8
:004345FD 64
inc edx
add al, cl
BYTE 064h
:004345FE
:004345FF
:00434602
:00434603
:00434605
:00434606
:00434607
:0043460E
:0043460F
:00434611
:00434613
:00434615
:0043461B
:0043461D
:00434621
:00434625
:00434629
:0043462A
:0043462B
:0043462E
:0043462F
inc edx
inc edx
add al, al
insd
inc edx
inc edx
add al, bl
js 00434656
mov al, 3C
add byte ptr [ebx+00], 50
add byte ptr [ebx+00], 0A
push esp
push ebx
insb
insb
42
00148F
42
00C0
6D
42
008C8B4200808E
42
00D8
7843
0003
000500840010
B03C
80430050
80430058
8043000A
54
53
63726F
6C
6C
:00434630 42
:00434631 6F
inc edx
outsd
|:004345ED(C)
|
:00434632 7890
:00434634 384643
:00434637 0007
:00434639 0A545363
:0043463D 726F
:0043463F 6C
:00434640 6C
:00434641 42
:00434642 6F
:00434643 7858
:00434645 45
:00434646 43
:00434647 000C44
:0043464A 43
:0043464B 003B
:0043464D 0005466F726D
:00434653 7330
:00434655 00C8
:00434657 E841004B00
:0043465C 00FF
:0043465E 2028
|:004345E0(C)
|
:00434660 42
:00434661 0001
:00434663 000000000000
:00434669
:0043466C
:0043466E
:00434670
:00434675
:00434676
:00434677
:00434678
:00434679
:0043467C
:0043467E
:0043467F
:00434681
:00434682
:00434683

add eax, 67696C41
outsb
push esp
in ax, dx
inc ecx
add bh, bh
pushad
BYTE 0ffh
cld
BYTE 026h
800000
0000
0B00
05416C6967
6E
54
ED
41
006000
00FF
60
0000
FF
FC
26
:00434684 42
js 004345C4
cmp byte ptr [esi+43], al
or dl, byte ptr [ebx+2*edx+63]
jb 004346AE
insb
insb
inc edx
outsd
js 0043469D
inc ebp
inc ebx
add byte ptr [esp+2*eax], cl
inc ebx
add byte ptr [ebx], bh
add byte ptr [6D726F46], al
jnb 00434685
add al, cl
call 008E469D
add bh, bh
inc edx
BYTE 6 DUP(0)
inc edx

|:00434653(C)
|
:00434685 00000000
BYTE 4 DUP(0)
:00434689 800300
:0043468C
:0043468E
:00434690
:00434691
:00434692
:00434693
:00434696
:00434698
:0043469A
:0043469B
0000
0C00
07
41
6E
63686F
7273
0010
40
00F4

or al, 00
pop es
inc ecx
outsb
jb 0043470B
inc eax
add ah, dh
|:00434643(C)
|
:0043469D 0100
:0043469F FF347A
:004346A2 43
:004346A3 0001
:004346A5 000000000000
:004346AB 800100
|:0043463D(C)
|
:004346AE 0000
:004346B0 0D000A4175
:004346B5 746F
:004346B7 53
:004346B8 63726F
:004346BB 6C
:004346BC 6C
:004346BD 0010
:004346BF 40
:004346C0 004C0000
:004346C4 FF10
:004346C6 2F
:004346C7 42
:004346C8 0001
:004346CA 000000000000
:004346D0
:004346D3
:004346D5
:004346D6
:004346D8
:004346D9
:004346DB
:004346DC
:004346DD
:004346E4
:004346E5
:004346E7
:004346EB
:004346ED
:004346F0

push cs
inc ecx
jne 0043474F
outsd
push ebx
dec edi
jmp far [eax+eax]
inc al
BYTE 3 DUP(0)
800000
0000
0E
0008
41
7574
6F
53
697A6554AF4000
4F
0000
FF6C0000
FEC0
324200
000000

push dword ptr [edx+2*edi]
inc ebx
BYTE 6 DUP(0)

or eax, 75410A00
je 00434726
push ebx
insb
insb
inc eax
das
inc edx
BYTE 6 DUP(0)
:004346F3
:004346F6
:004346FC
:00434704
:00434705
:00434706
:00434708
:0043470A
:0043470C
:00434710
800000
00800F000842
6944694D6F6465EC
44
43
0000
0200
FF28
80430001
000000000000

add byte ptr [eax+4208000F], al
imul eax, dword ptr [ecx+2*ebp+4D], EC65646F
inc esp
inc ebx
jmp far dword ptr [eax]
BYTE 6 DUP(0)
:00434716
:00434719
:0043471B
:0043471D
:00434720
:00434722
800100
0000
1000
0B426F
7264
65

or eax, dword ptr [edx+6F]
jb 00434786
BYTE 065h
:00434723
:00434725
:00434727
:00434728
:0043472B
:0043472C
:0043472F
:00434731
:00434736
7253
7479
6C
6500EE
41
006800
00FF
680000FF01
000000000000
jb 00434778
je 004347A0
insb
add dh, ch
inc ecx
add bh, bh
push 01FF0000
BYTE 6 DUP(0)
:0043473C
:0043473F
:00434745
:00434746
:00434747
:00434749
:0043474B
:00434752
:00434754
:00434756
:00434759
:0043475A
800000
008011000B43
6F
6E
7374
7261
696E7473001040
0038
0100
FF4879
42
0001

outsd
outsb
jnb 004347BD
jb 004347AC
dec [eax+79]
inc edx
|:00434796(C)
|
:0043475C 000000000000
:00434762 800000
:00434765 0000
:00434767 1200
:00434769 08446F63
:0043476D 6B536974
:00434771 65
:00434772 B0E8
:00434774 41
:00434775 006E00
mov al, E8
inc ecx
BYTE 6 DUP(0)
or byte ptr [edi+2*ebp+63], al
imul edx, dword ptr [ebx+69], 00000074
BYTE 065h
|:00434723(C)
|
:00434778 00FF
:0043477A 6E
:0043477B 0000
:0043477D FF01
:0043477F 000000000000
:00434785 80F4FF
:00434788 FFFF
xor ah, FF
BYTE 2 DUP(0ffh)
:0043478A
:0043478C
:00434790
:00434792
:00434794
:00434796
:00434798
:00434799
:0043479A

inc ebx
jne 00434806
jnb 00434805
jb 0043475C
in al, dx
inc ecx
1300
0A447261
6743
7572
736F
72C4
EC
41
00870000FF87
add bh, bh
outsb
inc dword ptr [ecx]
BYTE 6 DUP(0)
|:00434725(C)
|
:004347A0 0000
:004347A2 FF01
:004347A4 000000000000
:004347AA
:004347AD
:004347AF
:004347B1
:004347B5
:004347B7
:004347BE
:004347BF
:004347C1
:004347C5
:004347C7
800000
0000
1400
08447261
674B
696E6490EC4100
4D
0000
FF5C0000
FE01
000000000000

adc al, 00
dec ebx
dec ebp
call far [eax+eax]
inc byte ptr [ecx]
BYTE 6 DUP(0)
:004347CD
:004347D0
:004347D2
:004347D7
:004347D8
:004347DA
:004347DB
800000
0000
1500084472
61
674D
6F
64

adc eax, 72440800
popad
dec ebp
outsd
BYTE 064h
:004347DC
:004347DF
:004347E0
:004347E3
:004347E5
:004347E6
650010
40
005000
00FE
60
0000

inc eax
add dh, bh
pushad

inc dword ptr [ecx]
BYTE 6 DUP(0)
:004347E8
:004347E9
:004347EE
:004347F0
:004347F3
:004347F5
:004347F6
:004347F8
:004347F9
:004347FA
:004347FB
:004347FF
:00434804
FE
BC4E420000
0000
800100
0000
16
0007
45
6E
61
626C6564
BC24410064
0000
BYTE 0feh
mov esp, 0000424E
push ss
inc ebp
outsb
popad
mov esp, 64004124

|:00434792(C)
|
:00434806 FF30
:00434808 334200
:0043480B 4C
dec esp
:0043480C 334200
:0043480F 000000
BYTE 3 DUP(0)
:00434812
:00434815
:0043481B
:0043481C
:0043481D
:0043481E
800000
008017000543
6F
6C
6F
7200

outsd
insb
outsd
jb 00434820
|:0043481E(C)
|
:00434820 104000
:00434823 2C01
:00434825 00FF
:00434827 40
:00434828 90
:00434829 42
:0043482A 00649042
:0043482E 00000000
:00434832
:00434835
:0043483B
:0043483D
:00434841
:00434842
:00434845
:00434847
:00434848
:0043484B
:00434850
:00434852
:00434855
:0043485B
:0043485C
:0043485D

je 004348A9
xor eax, dword ptr [esp+esi+29]
inc ecx
add bh, bh
nop
outsd
outsb
je 0043485F
800000
008018000543
746C
33443429
41
005800
00FF
90
324200
A032420000
0000
800000
008019000446
6F
6E
7400

sub al, 01
add bh, bh
inc eax
nop
inc edx
BYTE 4 DUP(0)
|:0043485D(C)
|
:0043485F 104000
:00434862 50
:00434863 0000
:00434865 FF6800
:00434868 00FE
:0043486A 0100
:0043486C 0000000000
:00434871
:00434874
:00434876
:00434878
:00434879
:0043487A
:0043487B
:0043487D
:0043487E
:00434880
:00434888
:0043488B
:0043488C
:0043488E
:00434892
:00434894
800100
0000
1A00
0E
50
61
7265
6E
7442
6944694D6F646500
104000
4A
0000
FF543342
0001
000000000000

push cs
push eax
popad
jb 004348E2
outsb
je 004348C2
dec edx
call [ebx+esi+42]
BYTE 6 DUP(0)
:0043489A
:0043489D
:0043489F
:004348A1
:004348A4
:004348A6
:004348A7
800100
0000
1B00
0B5061
7265
6E
7443

jb 0043490B
outsb
je 004348EC

push eax
jmp far [eax+00]
add dh, bh
BYTE 5 DUP(0)

|:0043483B(C)
|
:004348A9 6F
outsd
:004348AA 6C
insb
:004348AB 6F
outsd
:004348AC 7200
jb 004348AE
|:004348AC(C)
|
:004348AE 104000
:004348B1 640100
:004348B4 FF7090
:004348B7 42
:004348B8 0001
:004348BA 000000000000
:004348C0 800100
:004348C3 0000


add dword ptr fs:[eax], eax
push [eax-70]
inc edx
BYTE 6 DUP(0)
:004348C5
:004348C7
:004348CA
:004348CC
:004348CD
:004348CF
:004348D1
:004348D5
:004348D6
:004348D9
:004348DB
:004348DF
:004348E1
1C00
0B5061
7265
6E
7443
746C
33440010
40
004900
00FF
C8324200
0100
0000000000
sbb al, 00
jb 00434931
outsb
je 00434912
je 0043493D
xor eax, dword ptr [eax+eax+10]
inc eax
add bh, bh
enter 4232, 00
BYTE 5 DUP(0)
:004348E6
:004348E9
:004348EB
:004348F0
:004348F2
:004348F3
:004348F5
:004348F6
:004348F7
800100
0000
1D000A5061
7265
6E
7446
6F
6E
7400

sbb eax, 61500A00
jb 00434957
outsb
je 0043493B
outsd
outsb
je 004348F9
|:004348F7(C)
|
:004348F9 104000
:004348FC 8600
:004348FE 00FF
:00434900 0C33
:00434902 42
:00434903 0001
:00434905 000000000000
|:004348A4(C)
|
:0043490B 800100
:0043490E 0000
:00434910 1E
:00434911 000E
:00434913 50
:00434914 61
:00434915 7265
:00434917 6E
:00434918 7453
:0043491A 686F774869
:0043491F 6E
:00434920 7438
:00434922 0443
:00434924 007000
:00434927 00FF
:00434929 5C
:0043492A 314200
:0043492D 0100
:0043492F 0000000000

add bh, bh
or al, 33
inc edx
BYTE 6 DUP(0)

push ds
push eax
popad
jb 0043497C
outsb
je 0043496D
push 6948776F
outsb
je 0043495A
add al, 43
add bh, bh
pop esp
BYTE 5 DUP(0)
:00434934 800000
:00434937 00801F000950

add byte ptr [eax+5009001F], al

|:004348CF(C)
|
:0043493D 6F
outsd
:0043493E 7075
jo 004349B5
:00434940 704D
jo 0043498F
:00434942 65
BYTE 065h
:00434943 6E
:00434944 7500
outsb
jne 00434946
|:00434944(C)
|
:00434946 104000
:00434949 8500
:0043494B 00FF
:0043494D E8324200B4
:00434952 324200
:00434955 000000
:00434958
:0043495B
:00434961
:00434966
:00434967
:00434969
:0043496A
:0043496B
:00434972
:00434973
:00434975

push 6948776F
outsb
je 00434959
in al, dx
inc ecx
inc edx
BYTE 6 DUP(0)
800000
008020000853
686F774869
6E
74F0
EC
41
00949042001491
42
0001
000000000000

add bh, bh
call B4438B84
BYTE 3 DUP(0)
:0043497B 80FFFF
:0043497E FFFF
cmp bh, FF
BYTE 2 DUP(0ffh)
:00434980
:00434982
:00434986
:00434987
:00434989

or byte ptr [ecx+62], dl
dec edi
jb 004349ED
BYTE 065h
2100
08546162
4F
7264
65
:0043498A 7200
jb 0043498C

|:0043498A(C)
|
:0043498C 104000
|:00434940(C)
|
:0043498F 7801
:00434991 00FF
:00434993 2C91
:00434995 42
:00434996 0001
:00434998 000000000000
js 00434992
add bh, bh
sub al, 91
inc edx
BYTE 6 DUP(0)
:0043499E
:004349A1
:004349A3
:004349A5
:004349A6
:004349A7
:004349A8
:004349AB
:004349AC

and al, byte ptr [eax]
pop es
push esp
popad
outsd
jo 004349AE
800000
0000
2200
07
54
61
625374
6F
7000
|:004349AC(C)
|
:004349AE 104000
:004349B1 47
:004349B2 0000
:004349B4 FF94304200FC4E
:004349BB 42
:004349BC 00000000
:004349C0
:004349C3
:004349C5
:004349C7
:004349C8
:004349C9
:004349D0
:004349D1
:004349D2
:004349D9
:004349DB
:004349DD
800100
0000
2300
07
56
697369626C650C
F3
41
00A40000FFA400
00FF
0100
0000000000

and eax, dword ptr [eax]
pop es
push esi
imul esi, dword ptr [ebx+69], 0C656C62
repz
inc ecx
add byte ptr [eax+eax+00A4FF00], ah
add bh, bh
BYTE 5 DUP(0)
:004349E2
:004349E5
:004349EB
:004349EC
800000
008024000B4F
6E
43

outsb
inc ebx

inc edi
inc edx
BYTE 4 DUP(0)

|:00434987(C)
|
:004349ED 61
popad
:004349EE 6E
outsb
:004349EF 52
push edx
:004349F0 65
BYTE 065h
:004349F1 7369
jnb 00434A5C
:004349F3
:004349F5
:004349F6
:004349F7
:004349F8
:004349FB
:004349FD
:004349FF
:00434A01
:00434A03
:00434A04
7A65
F0
AF
40
000401
00FF
0401
00FF
1C4F
42
00000000
jpe 00434A5A
lock
scasd
inc eax
add bh, bh
add al, 01
add bh, bh
sbb al, 4F
inc edx
BYTE 4 DUP(0)
:00434A08
:00434A0B
:00434A11
:00434A12
:00434A13
:00434A14
:00434A1B
:00434A1C
:00434A1E
:00434A25
800000
00802500074F
6E
43
6C
69636B68F34100
AC
0000
FFAC0000FF0100
0000000000

outsb
inc ebx
insb
lodsb
jmp far dword ptr [eax+eax+0001FF00]
BYTE 5 DUP(0)
:00434A2A
:00434A2D
:00434A33
:00434A34
:00434A35
:00434A36
:00434A37
:00434A39
:00434A3B
:00434A42
:00434A49
:00434A4B
:00434A4D
:00434A4F
:00434A51
:00434A53
800000
00802600134F
6E
43
6F
6E
7374
7261
696E6564526573
697A65F0AF4000
0C01
00FF
0C01
00FF
0100
0000000000

outsb
inc ebx
outsd
outsb
jnb 00434AAD
jb 00434A9C
imul edi, dword ptr [edx+65], 0040AFF0
or al, 01
add bh, bh
or al, 01
add bh, bh
BYTE 5 DUP(0)
:00434A58
:00434A5B
:00434A61
:00434A62
:00434A63
:00434A67
:00434A6E
:00434A70
:00434A72
:00434A74
:00434A76
:00434A78
800000
008027000A4F
6E
44
626C436C
69636B28F14100
8801
00FF
8801
00FF
0100
0000000000

outsb
inc esp
mov byte ptr [ecx], al
add bh, bh
mov byte ptr [ecx], al
add bh, bh
BYTE 5 DUP(0)
:00434A7D 800000
:00434A80 008028000A4F
:00434A86 6E

outsb
:00434A87
:00434A88
:00434A89
:00434A8C
:00434A8E
:00434A90
:00434A91
:00434A92
:00434A98
:00434A9A
44
6F
636B44
726F
707C
F1
41
00900100FF90
0100
FF01
inc esp
outsd
jb 00434AFD
jo 00434B0C
BYTE 0f1h
inc ecx
add byte ptr [eax+90FF0001], dl
inc dword ptr [ecx]
|:00434A39(C)
|
:00434A9C 000000000000
:00434AA2 800000
:00434AA5 008029000A4F
:00434AAB 6E
:00434AAC 44
|:00434A37(C)
|
:00434AAD 6F
:00434AAE 636B4F
:00434AB1 7665
:00434AB3 7250
:00434AB5 F0
:00434AB6 41
:00434AB7 00CC
:00434AB9 0000
:00434ABB FFCC
:00434ABD 0000
:00434ABF FF01
:00434AC1 000000000000
:00434AC7
:00434ACA
:00434AD0
:00434AD1
:00434AD2
:00434AD4
:00434AD6
:00434AD8
:00434ADA

add byte ptr [eax+4F0A002A], al
outsb
inc esp
jb 00434B35
inc esp
jb 00434B47
jo 00434ABA
out dx, ax
800000
00802A000A4F
6E
44
7261
6744
726F
70E0
EF
BYTE 6 DUP(0)
outsb
inc esp
outsd
jbe 00434B18
jb 00434B05
lock
inc ecx
add ah, cl
dec esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
|:00434AFD(C)
|
:00434ADB 41
:00434ADC 00D4
:00434ADE 0000
:00434AE0 FFD4
:00434AE2 0000
:00434AE4 FF01
:00434AE6 000000000000
:00434AEC 800000
inc ecx
add ah, dl
call esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434AEF
:00434AF5
:00434AF6
:00434AF7
:00434AF9
:00434AFB
00802B000A4F
6E
44
7261
674F
7665

outsb
inc esp
jb 00434B5A
dec edi
jbe 00434B62

|:00434A8C(C)
|
:00434AFD 72DC
jb 00434ADB
:00434AFF F0
lock
:00434B00 41
inc ecx
:00434B01 00EC
add ah, ch
:00434B03 0000
|:00434AB3(C)
|
:00434B05 FFEC
:00434B07 0000
:00434B09 FF01
:00434B0B 000000000000
:00434B11
:00434B14
:00434B1A
:00434B1B
:00434B1C
:00434B1D

add byte ptr [eax+4F09002C], al
outsb
inc ebp
outsb
BYTE 064h
800000
00802C00094F
6E
45
6E
64
jmp far esp

inc dword ptr [ecx]
BYTE 6 DUP(0)
|:00434B88(C)
|
:00434B1E 44
:00434B1F 6F
:00434B20 636BDC
:00434B23 F0
:00434B24 41
:00434B25 00FC
:00434B27 0000
:00434B29 FF
:00434B2A FC
:00434B2B 0000
:00434B2D FF01
:00434B2F 000000000000
|:00434AD2(C)
|
:00434B35 800000
:00434B38 00802D00094F
:00434B3E 6E
:00434B3F 45
:00434B40 6E
inc esp
outsd
lock
inc ecx
add ah, bh
BYTE 0ffh
cld
inc dword ptr [ecx]
BYTE 6 DUP(0)

add byte ptr [eax+4F09002D], al
outsb
inc ebp
outsb
:00434B41 64
BYTE 064h
:00434B42 44
:00434B43 7261
:00434B45 67F0
inc esp
jb 00434BA6
lock
|:00434AD6(C)
|
:00434B47 AF
:00434B48 40
:00434B49 00980100FF98
:00434B4F 0100
:00434B51 FF01
:00434B53 000000000000

scasd
inc eax
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:00434B67(C)
|
:00434B59 800000
:00434B5C 00802E00074F
|:00434AFB(C)
|
:00434B62 6E
:00434B63 45
:00434B64 6E
:00434B65 7465
:00434B67 72F0
:00434B69 AF
:00434B6A 40
:00434B6B 00A00100FFA0
:00434B71 0100
:00434B73 FF01
:00434B75 000000000000
:00434B7B
:00434B7E
:00434B84
:00434B85
:00434B86
:00434B88
:00434B8A
:00434B8B
:00434B8C
:00434B92
:00434B94
:00434B96
800000
00802F00064F
6E
45
7869
7494
F2
41
00A80100FFA8
0100
FF01
000000000000

add byte ptr [eax+4F06002F], al
outsb
inc ebp
js 00434BF1
je 00434B1E
repnz
inc ecx
add byte ptr [eax+A8FF0001], ch
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434B9C 800000
:00434B9F 008030000D4F
:00434BA5 6E

outsb
outsb
inc ebp
outsb
je 00434BCC
jb 00434B59
scasd
inc eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
|:00434B43(C)
|
:00434BA6 47
:00434BA7 65
inc edi
BYTE 065h
:00434BA8
:00434BAA
:00434BB2
:00434BB3
:00434BB4
:00434BBB
:00434BBD
:00434BBF
7453
697465496E666FBC
EE
41
00B40000FFB400
00FF
0100
0000000000
je 00434BFD
imul esi, dword ptr [ebp+49], BC6F666E
out dx, al
inc ecx
add bh, bh
BYTE 5 DUP(0)
:00434BC4
:00434BC7
:00434BCD
:00434BCE
:00434BCF
:00434BD0
:00434BD2
800000
008031000B4F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 00434C45
BYTE 065h
:00434BD3
:00434BD4
:00434BD5
:00434BD7
:00434BD9
:00434BDA
:00434BE1
:00434BE3
:00434BE5
44
6F
776E
20EF
41
00BC0000FFBC00
00FF
0100
0000000000
inc esp
outsd
ja 00434C45
and bh, ch
inc ecx
add bh, bh
BYTE 5 DUP(0)
:00434BEA
:00434BED
:00434BF3
:00434BF4
:00434BF5
:00434BF6
:00434BF8
800000
008032000B4F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 00434C6B
BYTE 065h
:00434BF9 4D
:00434BFA 6F
:00434BFB 7665
dec ebp
outsd
jbe 00434C62
|:00434BA8(C)
|
:00434BFD BCEE4100C4
:00434C02 0000
:00434C04 FFC4

mov esp, C40041EE
inc esp

|:00434C20(C)
|
:00434C06 0000
:00434C08 FF01
:00434C0A 000000000000
inc dword ptr [ecx]

BYTE 6 DUP(0)
:00434C10
:00434C13
:00434C19
:00434C1A
:00434C1B
:00434C1C
:00434C1E
800000
00803300094F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 00434C91
BYTE 065h
:00434C1F
:00434C20
:00434C22
:00434C23
:00434C24
:00434C26
:00434C28
:00434C2A
:00434C2C
:00434C2E
55
70E4
F3
41
00C8
0100
FFC8
0100
FF01
000000000000
push ebp
jo 00434C06
repz
inc ecx
add al, cl
dec eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434C34
:00434C37
:00434C3D
:00434C3E
:00434C3F
:00434C40
:00434C42
800000
008034000C4F
6E
4D
6F
7573
65

add byte ptr [eax+4F0C0034], al
outsb
dec ebp
outsd
jne 00434CB5
BYTE 065h
:00434C43
:00434C44
:00434C49
:00434C4A
:00434C4B
:00434C4D
:00434C4F
:00434C51
:00434C53
:00434C55
57
6865656C58
F4
41
00D0
0100
FFD0
0100
FF01
000000000000
push edi
push 586C6565
hlt
inc ecx
add al, dl
call eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434C5B
:00434C5E
:00434C64
:00434C65
:00434C66
:00434C67
:00434C69
800000
00803500104F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 00434CDC
BYTE 065h
:00434C6A 57
push edi

|:00434BF6(C)
|
:00434C6B
:00434C70
:00434C71
:00434C73
:00434C74
:00434C75
:00434C76
:00434C78
:00434C7A
:00434C7C
:00434C7E
:00434C80
6865656C44
6F
776E
58
F4
41
00D8
0100
FFD8
0100
FF01
000000000000
push 446C6565
outsd
ja 00434CE1
pop eax
hlt
inc ecx
add al, bl
call far eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434C86
:00434C89
:00434C8F
:00434C90
800000
008036000E4F
6E
4D

add byte ptr [eax+4F0E0036], al
outsb
dec ebp

|:00434C1C(C)
|
:00434C91 6F
outsd
:00434C92 7573
jne 00434D07
:00434C94 65
BYTE 065h
:00434C95
:00434C96
:00434C9B
:00434C9D
:00434C9E
:00434C9F
:00434CA1
:00434CA3
:00434CA5
:00434CA7
:00434CA9
57
6865656C55
70F0
AF
40
00DC
0000
FFDC
0000
FF01
000000000000
push edi
push 556C6565
jo 00434C8D
scasd
inc eax
add ah, bl
call far esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434CAF
:00434CB2
:00434CB8
:00434CB9
:00434CBA
800000
00803700084F
6E
52
65

outsb
push edx
BYTE 065h
:00434CBB
:00434CBD
:00434CBF
:00434CC0
:00434CC1
:00434CC2
:00434CC4
:00434CC6
:00434CC8
:00434CCA
:00434CCC
7369
7A65
50
F2
41
00E4
0000
FFE4
0000
FF01
000000000000
jnb 00434D26
jpe 00434D24
push eax
repnz
inc ecx
add ah, ah
jmp esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434CD2 800000
:00434CD5 008038000B4F
:00434CDB 6E

outsb

|:00434C67(C)
|
:00434CDC 53
push ebx
:00434CDD 7461
je 00434D40
:00434CDF 7274
jb 00434D55
|:00434C71(C)
|
:00434CE1 44
:00434CE2 6F
:00434CE3 636B9C
:00434CE6 F0
:00434CE7 41
:00434CE8 00F4
:00434CEA 0000
:00434CEC FFF4
:00434CEE 0000
:00434CF0 FF01
:00434CF2 000000000000
:00434CF8
:00434CFB
:00434D01
:00434D02
:00434D03

outsb
push ebx
je 00434D66
800000
008039000B4F
6E
53
7461
inc esp
outsd
lock
inc ecx
add ah, dh
push esp
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:00434D45(C)
|
:00434D05 7274
jb 00434D7B
|:00434C92(C)
|
:00434D07 44
:00434D08 7261
:00434D0A 67F4
:00434D0C F1
:00434D0D 41
:00434D0E 00E0
:00434D10 0100
:00434D12 FFE0
:00434D14 0100
:00434D16 FF01
:00434D18 000000000000
:00434D1E
:00434D21
:00434D27
:00434D28
:00434D29
:00434D2A

outsb
push ebp
outsb
inc esp
800000
00803A00084F
6E
55
6E
44
inc esp
jb 00434D6B
hlt
BYTE 0f1h
inc ecx
add al, ah
jmp eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00434D2B
:00434D2C
:00434D2F
:00434D30
:00434D32
:00434D33
:00434D35
:00434D38
6F
636B8B
C0
344D
43
000F
094944
65
outsd
BYTE 0d0h
xor al, 4D
inc ebx
or dword ptr [ecx+44], ecx
BYTE 065h
:00434D39 7369
:00434D3B 676E
:00434D3D 65
jnb 00434DA4
outsb
BYTE 065h
:00434D3E 7274
jb 00434DB4
|:00434CDD(C)
|
:00434D40 BE40000156
:00434D45 72BE
:00434D47 AB
:00434D48 95
:00434D49 54
:00434D4A D111
:00434D4C 9F
:00434D4D B500
:00434D4F 20AF3D82DA05

mov esi, 56010040
jb 00434D05
stosd
xchg eax,ebp
push esp
lahf
mov ch, 00
and byte ptr [edi+05DA823D], ch

|:00434CDF(C)
|
:00434D55 46
inc esi
:00434D56 6F
outsd
:00434D57 726D
jb 00434DC6
:00434D59 7300
jnb 00434D5B
|:00434D59(C)
|
:00434D5B 00604D
add byte ptr [eax+4D], ah
:00434D5E 43
inc ebx
:00434D5F 000F
:00434D61 08494F
or byte ptr [ecx+4F], cl
:00434D64 6C
insb
:00434D65 65
BYTE 065h

|:00434D03(C)
|
:00434D66 46
inc esi
:00434D67 6F
outsd
:00434D68 726D
jb 00434DD7
:00434D6A FC
cld
|:00434D08(C)
|
:00434D6B
:00434D6E
:00434D70
:00434D72
:00434D74
:00434D75
:00434D77
:00434D78
:00434D79
104000
01C1
E102
CDDA
52
D011
9E
A6
0020

add ecx, eax
loopz 00434D74
int DA
push edx
sahf
cmpsb
|:00434D05(C)
|
:00434D7B AF
:00434D7C 3D82DA0546
:00434D81 6F
:00434D82 726D
:00434D84 7300
|:00434D84(C)
|
:00434D86 00908C4D4300
:00434D8C 030C54
:00434D8F 57
:00434D90 696E646F775374
:00434D97 61
:00434D98 7465
:00434D9A 0100
:00434D9C 000000
:00434D9F
:00434DA1
:00434DA3
:00434DA6
:00434DA8
:00434DAA
:00434DAB
:00434DAC
:00434DAE
:00434DAF
:00434DB0
:00434DB3

mov byte ptr [ebp+43], cl
ja 00434E1D
dec esi
outsd
jb 00434E1B
popad
insb
or esi, dword ptr [edi+73]
dec ebp
0200
0000
884D43
0008
7773
4E
6F
726D
61
6C
0B7773
4D
|:00434D3E(C)
|
:00434DB4 696E696D697A65
:00434DBB 640B7773
:00434DBF 4D
:00434DC0 61
:00434DC1 7869
:00434DC3 6D
:00434DC4 697A6564CC4D43
:00434DCB 0003
:00434DCD 0A54466F
:00434DD1 726D
:00434DD3 53
scasd
cmp eax, 4605DA82
outsd
jb 00434DF1
jnb 00434D86
add byte ptr [eax+00434D8C], dl

add ecx, dword ptr [esp+2*edx]
push edi
popad
je 00434DFF
BYTE 3 DUP(0)

imul ebp, dword ptr [esi+69], 657A696D
or esi, dword ptr fs:[edi+73]
dec ebp
popad
js 00434E2C
insd
imul edi, dword ptr [edx+65], 434DCC64
or dl, byte ptr [esi+2*eax+6F]
jb 00434E40
push ebx
:00434DD4 7479
:00434DD6 6C
je 00434E4F
insb

|:00434D68(C)
|
:00434DD7 650100
:00434DDA 000000
BYTE 3 DUP(0)
:00434DDD
:00434DDF
:00434DE1
:00434DE5
:00434DE8
:00434DE9
:00434DEA
:00434DEC
:00434DED
:00434DEE
0300
0000
C84D4300
086673
4E
6F
726D
61
6C
0A6673

enter 434D, 00
or byte ptr [esi+73], ah
dec esi
outsd
jb 00434E59
popad
insb
or ah, byte ptr [esi+73]
|:00434D82(C)
|
:00434DF1 4D
:00434DF2 44
:00434DF3 49
:00434DF4 43
:00434DF5 68696C6409
:00434DFA 66734D
:00434DFD 44
:00434DFE 49
|:00434D98(C)
|
:00434DFF 46
:00434E00 6F
:00434E01 726D
:00434E03 0B6673
:00434E06 53
:00434E07 7461
:00434E09 794F
:00434E0B 6E
:00434E0C 54
:00434E0D 6F
:00434E0E 7090
:00434E10 144E
:00434E12 43
:00434E13 0003
:00434E15 0B54426F
:00434E19 7264
dec ebp
inc esp
dec ecx
inc ebx
push 09646C69
jnb 00434E4A
inc esp
dec ecx
inc esi
outsd
jb 00434E70
or esp, dword ptr [esi+73]
push ebx
je 00434E6A
jns 00434E5A
outsb
push esp
outsd
jo 00434DA0
adc al, 4E
inc ebx
or edx, dword ptr [edx+2*eax+6F]
jb 00434E7F

|:00434DAC(C)
|
:00434E1B 65
BYTE 065h
:00434E1C 7249
jb 00434E67
:00434E1E 636F6E
:00434E21 0100
:00434E23 000000
BYTE 3 DUP(0)
:00434E26
:00434E28
:00434E2A
:00434E2D
:00434E30
:00434E37
:00434E38
0300
0000
104E43
000C62
6953797374656D
4D
65

adc byte ptr [esi+43], cl
imul edx, dword ptr [ebx+79], 6D657473
dec ebp
BYTE 065h
:00434E39
:00434E3A
:00434E3C
:00434E3F
6E
750A
62694D
696E696D697A65
outsb
jne 00434E46
bound ebp, dword ptr [ecx+4D]
imul ebp, dword ptr [esi+69], 657A696D

|:00434E3A(C)
|
:00434E46 0A6269
or ah, byte ptr [edx+69]
:00434E49 4D
dec ebp
|:00434DFB(C)
|
:00434E4A 61
:00434E4B 7869
:00434E4D 6D
:00434E4E 697A6506626948
:00434E55 65
:00434E56 6C
:00434E57 705C
insb
jo 00434EB5
popad
js 00434EB6
insd
BYTE 065h

|:00434DEA(C)
|
:00434E59 4E
dec esi
|:00434E09(C)
|
:00434E5A 43
inc ebx
:00434E5B 0006
:00434E5D 0C54
or al, 54
:00434E5F 42
inc edx
:00434E60 6F
outsd
:00434E61 7264
jb 00434EC7
:00434E63 65
BYTE 065h
:00434E64
:00434E66
:00434E69
:00434E6B
:00434E6E
7249
636F6E
7301
104E43
0090744E4300
jb 00434EAF
jnb 00434E6C
adc byte ptr [esi+43], cl
add byte ptr [eax+00434E74], dl
|:00434EE2(C)
|
:00434E74 0309
:00434E76 54
:00434E77 50
:00434E78 6F
:00434E79 7369
:00434E7B 7469
:00434E7D 6F
:00434E7E 6E
add ecx, dword ptr [ecx]

push esp
push eax
outsd
jnb 00434EE4
je 00434EE6
outsd
outsb

|:00434E19(C)
|
:00434E7F 0100
:00434E81 000000
BYTE 3 DUP(0)
:00434E84
:00434E89
:00434E8A
:00434E8B
:00434E8D
:00434E8F
:00434E90
0500000070
4E
43
000A
706F
44
65
add eax, 70000000

dec esi
inc ebx
jo 00434EFE
inc esp
BYTE 065h
:00434E91 7369
:00434E93 676E
:00434E95 65
jnb 00434EFC
outsb
BYTE 065h
:00434E96
:00434E9A
:00434E9B
:00434E9E
:00434EA0
:00434EA2
:00434EA4
:00434EA5
:00434EA8
:00434EAA
:00434EAC
:00434EAD
or dword ptr fs:[eax+6F], esi

inc esp
popa
jne 00434F0C
je 00434EB2
jo 00434F13
inc esp
popa
jne 00434F16
je 00434EFC
outsd
jnb 00434EFE
6409706F
44
656661
756C
7410
706F
44
656661
756C
7450
6F
734F

|:00434E64(C)
|
:00434EAF 6E
outsb
:00434EB0 6C
insb
:00434EB1 7911
jns 00434EC4
:00434EB3 706F
jo 00434F24
|:00434E57(C)
|
:00434EB5 44
inc esp
|:00434E4B(C)
|
:00434EB6
:00434EB9
:00434EBB
:00434EBD
656661
756C
7453
697A654F6E6C79
popa
jne 00434F27
je 00434F10
imul edi, dword ptr [edx+65], 796C6E4F

|:00434EB1(C)
|
:00434EC4 0E
push cs
:00434EC5 706F
jo 00434F36
|:00434E61(C)
|
:00434EC7 53
push ebx
:00434EC8 637265
:00434ECB 65
BYTE 065h
:00434ECC 6E
:00434ECD 43
:00434ECE 65
outsb
inc ebx
BYTE 065h
:00434ECF
:00434ED0
:00434ED2
:00434ED4
:00434ED6
:00434ED7
6E
7465
720F
706F
44
65
outsb
je 00434F37
jb 00434EE3
jo 00434F45
inc esp
BYTE 065h
:00434ED8
:00434EDA
:00434EDC
:00434EDE
736B
746F
7043
65
jnb 00434F45
je 00434F4B
jo 00434F21
BYTE 065h
:00434EDF 6E
:00434EE0 7465
:00434EE2 7290
outsb
je 00434F47
jb 00434E74
|:00434E79(C)
|
:00434EE4 E84E430003
:00434EE9 0F
:00434EEA 54
:00434EEB 44
:00434EEC 656661
:00434EEF 756C
:00434EF1 744D
:00434EF3 6F
:00434EF4 6E
:00434EF5 69746F7201000000
:00434EFD 0003
:00434EFF 000000

call 03439237
BYTE 0fh
push esp
inc esp
popa
jne 00434F5D
je 00434F40
outsd
outsb
imul esi, dword ptr [edi+2*ebp+72], 00000001
BYTE 3 DUP(0)
:00434F02
:00434F04
:00434F05
:00434F07
E44E
43
0009
64
in al, 4E
inc ebx
BYTE 064h
:00434F08 6D
:00434F09 44
:00434F0A 65
insd
inc esp
BYTE 065h
:00434F0B
:00434F0D
:00434F0F
:00434F11
jnb 00434F78
je 00434F7E
jo 00434F1A
BYTE 064h
736B
746F
7009
64
:00434F12 6D
insd

|:00434EA2(C)
|
:00434F13 50
push eax
:00434F14 7269
jb 00434F7F
|:00434EA8(C)
|
:00434F16 6D
insd
:00434F17 61
popad
:00434F18 7279
jb 00434F93
|:00434F0F(C)
|
:00434F1A 0A646D4D
:00434F1E 61
:00434F1F 696E466F726D0C
:00434F26 64
|:00434EB9(C)
|
:00434F27 6D
:00434F28 41
:00434F29 63746976
:00434F2D 65
:00434F2E
:00434F2F
:00434F30
:00434F32
:00434F34
inc esi
outsd
jb 00434F9F
mov eax, eax
cmp byte ptr [edi+43], cl
46
6F
726D
8BC0
384F43
or ah, byte ptr [ebp+2*ebp+4D]

popad
imul ebp, dword ptr [esi+46], 0C6D726F
BYTE 064h
insd
inc ecx
BYTE 065h

|:00434ED0(C)
|
:00434F37
:00434F39
:00434F3D
:00434F44
0003
0B545072
696E745363616C
650100

or edx, dword ptr [eax+2*edx+72]

|:00434EE0(C)
|
:00434F47 000000
BYTE 3 DUP(0)
:00434F4A 0200
:00434F4C 0000
:00434F4E 344F
xor al, 4F
:00434F50 43
inc ebx
:00434F51 0006
:00434F53 706F
jo 00434FC4
:00434F55 4E
dec esi
:00434F56 6F
outsd
:00434F57 6E
outsb
:00434F58 65
BYTE 065h
:00434F59 0E
:00434F5A 706F
:00434F5C 50
push cs
jo 00434FCB
push eax
|:00434EEF(C)
|
:00434F5D 726F
:00434F5F 706F
:00434F61 7274
:00434F63 696F6E616C0C70
:00434F6A 6F
:00434F6B 50
:00434F6C 7269
:00434F6E 6E
:00434F6F 7454
:00434F71 6F
:00434F72 46
:00434F73 69748D40007C4F43
:00434F7B 0001
:00434F7D 0C54

jb 00434FCE
jo 00434FD0
jb 00434FD7
imul ebp, dword ptr [edi+6E], 700C6C61
outsd
push eax
jb 00434FD7
outsb
je 00434FC5
outsd
inc esi
imul esi, dword ptr [ebp+4*ecx+40], 434F7C00
or al, 54

|:00434F14(C)
|
:00434F7F 4D
dec ebp
:00434F80 6F
outsd
:00434F81 64
BYTE 064h
:00434F82
:00434F83
:00434F84
:00434F85
61
6C
52
65
:00434F86 7375
:00434F88 6C
:00434F89 7404
popad
insb
push edx
BYTE 065h
jnb 00434FFD
insb
je 00434F8F
:00434F8B 000000
BYTE 3 DUP(0)
:00434F8E
:00434F91
:00434F92
:00434F94
:00434F95
:00434F96
:00434F97
:00434F99
:00434F9D
:00434F9E
:00434FA0
:00434FA1
:00434FA3
:00434FA4
cmp bh, FF
BYTE 0ffh
jg 00434F24
cwde
dec edi
inc ebx
or edx, dword ptr [ebx+2*eax+6C]
outsd
jnb 00435005
inc ebp
jbe 00435008
outsb
je 00434FA6
80FFFF
FF
7F90
98
4F
43
0008
0B54436C
6F
7365
45
7665
6E
7400

|:00434FA4(C)
|
:00434FA6 0208
:00434FA8 06
push es
:00434FA9 53
push ebx
:00434FAA 65
BYTE 065h
:00434FAB 6E
:00434FAC 64
outsb
BYTE 064h
:00434FAD 65
BYTE 065h
:00434FAE
:00434FB0
:00434FB1
:00434FB2
:00434FB5
:00434FB9
:00434FBA
:00434FBE
:00434FBF
:00434FC1
:00434FC2
:00434FC3
jb 00434FB7
push esp
dec edi
inc ecx
outsb
or al, 54
inc ebx
insb
outsd
7207
54
4F
626A65
63740106
41
6374696F
6E
0C54
43
6C
6F
|:00434F53(C)
|
:00434FC4 7365
:00434FC6 41
:00434FC7 6374696F

jnb 0043502B
inc ecx

|:00434F5A(C)
|
:00434FCB 6E
outsb
:00434FCC D04F43
ror byte ptr [edi+43], 1
:00434FCF 0008
:00434FD1
:00434FD5
:00434FD6
:00434FD8
:00434FD9
:00434FDB
:00434FDD
:00434FDE
:00434FE0
:00434FE1
1054436C
6F
7365
51
7565
7279
45
7665
6E
7400
adc byte ptr [ebx+2*eax+6C], dl

outsd
jnb 0043503D
push ecx
jne 00435040
jb 00435056
inc ebp
jbe 00435045
outsb
je 00434FE3

|:00434FE1(C)
|
:00434FE3 0208
:00434FE5 06
push es
:00434FE6 53
push ebx
:00434FE7 65
BYTE 065h
:00434FE8 6E
:00434FE9 64
outsb
BYTE 064h
:00434FEA 65
BYTE 065h
:00434FEB
:00434FED
:00434FEE
:00434FEF
:00434FF2
:00434FF6
:00434FF7
:00434FF8
:00434FF9
:00434FFA
:00434FFB
:00434FFC
:00434FFE
:00434FFF
:00435000
:00435001
:00435002
:00435003
jb 00434FF4
push esp
dec edi
inc ebx
popad
outsb
inc ebx
insb
outsd
jnb 00435063
pop es
inc edx
outsd
outsd
insb
BYTE 065h
7207
54
4F
626A65
63740108
43
61
6E
43
6C
6F
7365
07
42
6F
6F
6C
65
:00435004 61
popad

|:00434F9E(C)
|
:00435005 6E
outsb
:00435006 8BC0
mov eax, eax
|:00434FA1(C)
|
:00435008 0C50
or al, 50
:0043500A 43
inc ebx
:0043500B
:0043500D
:0043500E
:0043500F
:00435010
:00435015
:00435017
:00435018
:0043501A
:0043501B
0008
0E
54
53
686F727443
7574
45
7665
6E
7400

push cs
push esp
push ebx
push 4374726F
jne 0043508B
inc ebp
jbe 0043507F
outsb
je 0043501D

|:0043501B(C)
|
:0043501D 0211
add dl, byte ptr [ecx]
:0043501F 034D73
add ecx, dword ptr [ebp+73]
:00435022 6706
push es
:00435024 54
push esp
:00435025 57
push edi
:00435026 4D
dec ebp
:00435027 4B
dec ebx
:00435028 65
BYTE 065h
:00435029 7901
jns 0043502C

|:00434FC4(C)
|
:0043502B 07
pop es
|:00435029(C)
|
:0043502C 48
dec eax
:0043502D 61
popad
:0043502E 6E
outsb
:0043502F 64
BYTE 064h
:00435030 6C
:00435031 65
insb
BYTE 065h
:00435032 64
BYTE 064h
:00435033
:00435034
:00435035
:00435036
:00435037
:00435038
07
42
6F
6F
6C
65
pop es
inc edx
outsd
outsd
insb
BYTE 065h
:00435039
:0043503A
:0043503B
:0043503C
:0043503F
61
6E
90
885043
000000000000000000
popad
outsb
nop
BYTE 9 DUP(0)
:00435048 5C514300
:0043504C F8524300
DWORD 0043515C
DWORD 004352F8
:00435050 0000000000000000
BYTE 8 DUP(0)
:00435058 7E514300
:0043505C E8524300
DWORD 0043517E
DWORD 004352E8
:00435060
:00435062
:00435064
:00435068
:0043506D
:00435071
:00435075
les eax, dword ptr [edx]

enter 4342, 00
push 0C00411C
add byte ptr [ebx+00], 4C
add dword ptr [ebx+00], 0000003C
BYTE 02eh
C402
0000
C8424300
681C41000C
8243004C
8343003C
2E
:00435076 40
:00435077 0024A54300B42B
:0043507E 40
inc eax
add byte ptr [2BB40043], ah
inc eax
|:00435018(C)
|
:0043507F 00C8
:00435081 2B4000
:00435084 B083
:00435086 43
:00435087 00B89A42005C
:0043508D 884300
:00435090 08D2
:00435092 40
:00435093 001C8543005485
:0043509A 43
:0043509B 004886
:0043509E 43
:0043509F 0028
:004350A1 2F
:004350A2 42
:004350A3 00801C410068
:004350A9 8E4300
:004350AC BC184100B0
:004350B1 C54300
:004350B4 848043008C91
:004350BA 42
:004350BB 00C0
:004350BD 95
:004350BE 42
:004350BF 00E8
:004350C1 9A4200149A4200
:004350C8 A88F
:004350CA 42
:004350CB 00488B

add al, cl
mov al, 83
inc ebx
add byte ptr [eax+5C00429A], bh
or dl, dl
inc eax
add byte ptr [4*eax+85540043], bl
inc ebx
add byte ptr [eax-7A], cl
inc ebx
das
inc edx
mov es, [ebx+00]
mov esp, B0004118
lds eax, dword ptr [ebx+00]
test byte ptr [eax+918C0043], al
inc edx
add al, al
xchg eax,ebp
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
:004350CE
:004350CF
:004350D1
:004350D4
:004350D9
:004350DE
:004350DF
:004350E2
:004350E3
:004350E6
:004350E7
:004350E9
43
00DC
8C4200
B8254200BC
2542003C8C
43
002C51
42
001427
42
00D8
304200
inc
add
mov
mov
and
inc
add
inc
add
inc
add
xor
ebx
ah, bl
[edx+00], es
eax, BC004225
eax, 8C3C0042
ebx
edx
byte ptr [edi], dl
edx
al, bl
:004350EC 308E4300
:004350F0 FC8C4300
DWORD 00438E30
DWORD 00438CFC
:004350F4
:004350F6
:004350F7
:004350F9
:004350FC
:004350FE
:004350FF
:00435103
:00435105
:00435108
:0043510A
:0043510B
:0043510D
cmp
inc
add
mov
mov
inc
add
add
lea
sbb
inc
add
lea
3832
42
00EC
8E4300
B051
42
00748D42
00F0
8D4200
1C89
42
00D4
8D4200
byte ptr [edx], dh

edx
ah, ch
es, [ebx+00]
al, 51
edx
byte ptr [ebp+4*ecx+42], dh
al, dh
al, 89
edx
ah, dl
:00435110 747E4300
:00435114 68954300
DWORD 00437E74
DWORD 00439568
:00435118
:0043511B
:00435121
:00435126
:00435127
:00435129
:0043512A
:0043512B
:0043512D
C46542
00A0A04300E0
A34300A0A2
43
00E0
A4
43
00C8
64

add byte ptr [eax+E00043A0], ah
mov dword ptr [A2A00043], eax
inc ebx
add al, ah
movsb
inc ebx
add al, cl
BYTE 064h
:0043512E
:0043512F
:00435132
:00435133
:00435135
:00435136
:00435137
:0043513E
:0043513F
:00435141
:00435143
:00435145
42
00148F
42
00C8
AB
43
008C8B420090BE
43
00D8
7843
0038
C24300
inc edx
inc edx
add al, cl
stosd
inc ebx
inc ebx
add al, bl
js 00435186
ret 0043
:00435148
:0043514C
:00435150
:00435154
:00435158
1C824300
64BD4300
ACA64300
28BF4300
2C8E4300
DWORD
DWORD
DWORD
DWORD
DWORD
0043821C
0043BD64
0043A6AC
0043BF28
00438E2C
:0043515C 0E
:0043515D 0000000000
push cs
BYTE 5 DUP(0)
:00435162
:00435164
:00435166
:00435168
:00435169
:0043516C
:0043516E
:00435171
:00435173
:00435175
:00435179
:0043517D
:00435180
:00435184
:00435185
:00435187
:0043518D
:0043518F
:00435191
:00435193
:00435195
:00435197
:0043519D
:0043519F
:004351A1
:004351A3
:004351A5
:004351A7
:004351AA
:004351AC
:004351AE
:004351AF
:004351B2
:004351B3
:004351B5
:004351B7
:004351B9
:004351BB
:004351BD
:004351BF
:004351C1
:004351C3
:004351C5
:004351C7
:004351C9
:004351CB
:004351CD
:004351CF

jl 00435178
inc eax
add byte ptr [edx+eax], bl
xor byte ptr [ebp+43], cl
add byte ptr [ebp+2*ecx+43], bl
add byte ptr [edx+eax], al
lldt dword ptr [eax+eax]
daa
add byte ptr [edi], dh
add byte ptr [ecx+0200A100], al
add dword ptr [edi], edx
add dword ptr [eax], esp
add dword ptr [edi], ebx
add dword ptr [eax], ebx
add byte ptr [edx], ah
add ch, byte ptr [eax]
add dl, byte ptr [ebx+00]
and al, 00
inc esi
aas
mov al, 00
mov al, 17
mov al, 3C
mov al, 01
mov al, 05
mov al, 0D
mov al, 10
mov al, 0E
mov al, 15
mov al, 19
mov al, 1D
mov al, 21
mov al, 12
mov al, 29
mov al, 3D
0300
0000
7C10
40
001C02
0000
304D43
0030
0200
005C4D43
00440200
003C00
0F001400
27
0037
008100A10002
0011
0117
0120
011F
0106
000500100011
0012
0118
0022
0228
0011
025300
2400
1A00
46
0040B0
3F
B000
B017
B03C
B001
B005
B00D
B010
B00E
B015
B019
B01D
B021
B012
B029
B03D
:004351D1
:004351D3
:004351D5
:004351DB
:004351E1
:004351E7
:004351E9
:004351EB
:004351EC
:004351ED
:004351EF
:004351F1
:004351F3
:004351F9
:004351FA
:004351FB
:004351FE
:004351FF
:00435206
:00435207
:0043520B
:00435211
:00435213
:00435217
:0043521D
:0043521F
:00435221
:00435223
:00435229
:0043522B
:0043522D
:0043522F
:00435231
:00435233
:0043523A
:0043523B
:00435242
:00435243
:00435245
:00435247
:0043524E
:0043524F
:00435256
:00435257
:0043525E
:0043525F
:00435265
:00435267
:0043526E
:0043526F
:00435275
:00435276
:00435277
:00435279
:0043527A
:0043527B
:0043527E
:0043527F
:00435282
:00435283
B008
B0B8
FFB7FFEEFFED
FFB6FFB5FFB4
FFB3FFFDFFB2
FFD7
FFD6
FF
FA
FFE7
FFD3
FFD2
FFB1FFB9FF2C
AD
43
000CAE
43
00ACAD430044AE
43
0054AF43
0088AF43000C
B043
006CB043
00A0B04300B8
B043
00D8
B043
0080B14300A0
B143
0008
B243
0010
B243
0094B243001CB3
43
00B4B343000CB4
43
0038
B443
0094B4430098B5
43
00BCC243000CB6
43
008CC343008CC4
43
00A0B643003C
B243
00A4954300ACB6
43
00B8B64300D4
9C
43
0010
9D
43
00589D
43
00789D
43
0054B743
mov al, 08
mov al, B8
push dword ptr [edi+EDFFEEFF]
push dword ptr [esi+B4FFB5FF]
push dword ptr [ebx+B2FFFDFF]
call edi
call esi
BYTE 0ffh
cli
jmp edi
call ebx
call edx
push dword ptr [ecx+2CFFB9FF]
lodsd
inc ebx
add byte ptr [esi+4*ebp], cl
inc ebx
add byte ptr [ebp+4*ebp-51BBFFBD],
inc ebx
add byte ptr [edi+4*ebp+43], dl
add byte ptr [eax+0C0043AF], cl
mov al, 43
add byte ptr [eax+4*esi+43], ch
add byte ptr [eax+B80043B0], ah
mov al, 43
add al, bl
mov al, 43
add byte ptr [eax+A00043B1], al
mov cl, 43
mov dl, 43
mov dl, 43
add byte ptr [edx+4*esi-4CE3FFBD],
inc ebx
add byte ptr [ebx+4*esi-4BF3FFBD],
inc ebx
mov ah, 43
add byte ptr [esp+4*esi-4A67FFBD],
inc ebx
add byte ptr [edx+8*eax-49F3FFBD],
inc ebx
add byte ptr [ebx+8*eax-3B73FFBD],
inc ebx
add byte ptr [eax+3C0043B6], ah
mov dl, 43
add byte ptr [ebp+4*edx-4953FFBD],
inc ebx
add byte ptr [eax+D40043B6], bh
pushfd
inc ebx
popfd
inc ebx
inc ebx
inc ebx
add byte ptr [edi+4*esi+43], dl
ch
dl
dh
dl
bh
cl
ah
:00435287
:00435289
:0043528E
:0043528F
:00435291
:00435296
:00435297
:0043529A
:0043529B
:0043529F
:004352A3
:004352A5
:004352AA
:004352AB
:004352B1
:004352B2
:004352B3
:004352B5
00D4
BB4300F4BB
43
00FC
BB43004CBC
43
003C96
43
0054BC43
004CAB43
0038
A943009C89
43
00A08943006C
AB
43
00E8
8A4300
add ah, dl
mov ebx, BBF40043
inc ebx
add ah, bh
mov ebx, BC4C0043
inc ebx
add byte ptr [esi+4*edx], bh
inc ebx
add byte ptr [esp+4*edi+43], dl
add byte ptr [ebx+4*ebp+43], cl
test eax, 899C0043
inc ebx
add byte ptr [eax+6C004389], ah
stosd
inc ebx
add al, ch
:004352B8
:004352BC
:004352C0
:004352C4
:004352C8
:004352CC
:004352D0
:004352D4
:004352D8
:004352DC
:004352E0
:004352E4
088B4300
288B4300
D08B4300
8CAB4300
80AC4300
A0C24300
688C4300
70974300
C88D4300
28974300
34C54300
24C64300
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:004352E8
:004352EC
:004352EE
:004352EF
:004352F0
:004352F1
:004352F2
:004352F4
:004352F5
:004352F6
:004352F7
:004352F9
:004352FD
:004352FF
:00435300
:00435301
:00435302
:00435303
0B544375
7374
6F
6D
46
6F
726D
F8
52
43
0007
0B544375
7374
6F
6D
46
6F
726D

jnb 00435362
outsd
insd
inc esi
outsd
jb 00435361
clc
push edx
inc ebx
jnb 00435373
outsd
insd
inc esi
outsd
jb 00435372
00438B08
00438B28
00438BD0
0043AB8C
0043AC80
0043C2A0
00438C68
00439770
00438DC8
00439728
0043C534
0043C624
:00435305 88504300
:00435309 0C444300
DWORD 00435088
DWORD 0043440C
:0043530D 0B00
:0043530F 05466F726D
:00435314 7300

add eax, 6D726F46
jnb 00435316
|:00435314(C)
|
:00435316 009064534300
:0043531C 00000000000000000000
:00435326 0000
:00435328
:00435329
:0043532A
:0043532B
:00435335
44
54
43
00000000000000000000
000000
inc esp
push esp
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00435338
:0043533C
:0043533E
:00435340
:00435342
:00435343
:00435346
:00435347
:0043534A
:0043534B
:0043534F
:00435352
:00435353
:0043535A
:0043535B
:0043535D
38544300
C402
0000
3C50
43
00681C
41
000C82
43
004C8343
003C2E
40
0024A54300B42B
40
00C8
2B4000
cmp
les
add
cmp
inc
add
inc
add
inc
add
add
inc
add
inc
add
sub
|:004352EB(C)
|
:00435360 B083
:00435362 43
:00435363 00B89A42005C
:00435369 884300
:0043536C 08D2
:0043536E 40
:0043536F 001C8543005485
:00435376 43
:00435377 004886
:0043537A 43
:0043537B 0028
:0043537D 2F
:0043537E 42
:0043537F 00801C410068
:00435385 8E4300
:00435388 BC184100B0
:0043538D C54300
:00435390 848043008C91
:00435396 42
:00435397 00C0
:00435399 95
:0043539A 42
:0043539B 00E8
:0043539D 9A4200149A4200
:004353A4 A88F

BYTE 10 DUP(0)
BYTE 2 DUP(0)
byte ptr [ebx+2*eax], dl

byte ptr [eax], al
al, 50
ebx
ecx
byte ptr [edx+4*eax], cl
ebx
byte ptr [ebx+4*eax+43], cl
eax
byte ptr [2BB40043], ah
eax
al, cl

mov al, 83
inc ebx
or dl, dl
inc eax
inc ebx
inc ebx
das
inc edx
mov es, [ebx+00]
mov esp, B0004118
inc edx
add al, al
xchg eax,ebp
inc edx
add al, ch
call 0042:9A140042
test al, 8F
:004353A6
:004353A7
:004353AA
:004353AB
:004353AD
:004353B0
:004353B5
:004353BA
:004353BB
:004353BE
:004353BF
:004353C2
:004353C3
:004353C5
42
00488B
43
00DC
8C4200
B8254200BC
2542003C8C
43
002C51
42
001427
42
00D8
304200
inc
add
inc
add
mov
mov
and
inc
add
inc
add
inc
add
xor
edx
byte ptr [eax-75], cl
ebx
ah, bl
[edx+00], es
eax, BC004225
eax, 8C3C0042
ebx
edx
byte ptr [edi], dl
edx
al, bl
:004353C8 308E4300
:004353CC FC8C4300
DWORD 00438E30
DWORD 00438CFC
:004353D0
:004353D2
:004353D3
:004353D5
:004353D8
:004353DA
:004353DB
:004353DF
:004353E1
:004353E4
:004353E6
:004353E7
:004353E9
cmp
inc
add
mov
mov
inc
add
add
lea
sbb
inc
add
lea
3832
42
00EC
8E4300
B051
42
00748D42
00F0
8D4200
1C89
42
00D4
8D4200
byte ptr [edx], dh

edx
ah, ch
es, [ebx+00]
al, 51
edx
al, dh
al, 89
edx
ah, dl
:004353EC 747E4300
:004353F0 68954300
DWORD 00437E74
DWORD 00439568
:004353F4
:004353F7
:004353FD
:00435402
:00435403
:00435405
:00435406
:00435407
:00435409
C46542
00A0A04300E0
A34300A0A2
43
00E0
A4
43
00C8
64

inc ebx
add al, ah
movsb
inc ebx
add al, cl
BYTE 064h
:0043540A
:0043540B
:0043540E
:0043540F
:00435411
:00435412
:00435413
:0043541A
:0043541B
:0043541D
:0043541F
:00435421
42
00148F
42
00C8
AB
43
008C8B420090BE
43
00D8
7843
0038
C24300
inc edx
inc edx
add al, cl
stosd
inc ebx
inc ebx
add al, bl
js 00435462
ret 0043
:00435424
:00435428
:0043542C
:00435430
:00435434
1C824300
64BD4300
ACA64300
28BF4300
2C8E4300
DWORD
DWORD
DWORD
DWORD
DWORD
0043821C
0043BD64
0043A6AC
0043BF28
00438E2C
:00435438
:0043543D
:0043543E
:00435440
:00435441
:00435442
:00435443
:00435445
:0043544A
0554466F72
6D
8BC0
44
54
43
0007
0554466F72
6D
add eax,
insd
mov eax,
inc esp
push esp
inc ebx
add byte
add eax,
insd
726F4654
eax
ptr [edi], al
726F4654
:0043544B 64534300
:0043544F F4524300
DWORD 00435364
DWORD 004352F4
:00435453
:00435454
:0043545A
:0043545C
:0043545F
:00435460
:00435463
:00435464
:0043546A
push ebp
jnb 004354AA
inc eax
inc edx
BYTE 6 DUP(0)
55
0005466F726D
734E
0034C1
40
007026
42
008026420001
000000000000
:00435470 800000
:00435473 00800B000641
:00435479 6374696F

|:0043547E(C)
|
:0043547D 6E
:0043547E 7CFD
:00435480 41
:00435481 0000
:00435483 0200
:00435485 FF88A5430008
:0043548B 99
:0043548C 43
:0043548D 00000000
:00435491
:00435494
:0043549A
:0043549E

add byte ptr [eax+410D000C], al
BYTE 065h
800000
00800C000D41
63746976
65
:0043549F 43
outsb
jl 0043547D
inc ecx
dec dword ptr [eax+080043A5]
cdq
inc ebx
BYTE 4 DUP(0)
inc ebx
:004354A0
:004354A1
:004354A2
:004354A4
:004354A5
:004354A6
6F
6E
7472
6F
6C
C8E84100
outsd
outsb
je 00435516
outsd
insb
enter 41E8, 00
|:0043545A(C)
|
:004354AA 4B
:004354AB 0000
:004354AD FF20
:004354AF 284200
:004354B2 0100
:004354B4 0000000000
:004354B9
:004354BC
:004354BE
:004354C3
:004354CA
:004354CB
:004354CD
:004354D0
:004354D2
:004354D3
add byte ptr [eax],

add byte ptr [eax],
or eax, 6C410500
imul esp, dword ptr
pushad
add byte ptr [eax],
jmp [eax+00]
add bh, bh
cld
BYTE 026h
800000
0000
0D0005416C
69676E54ED4100
60
0000
FF6000
00FF
FC
26
dec ebx
jmp dword ptr [eax]
BYTE 5 DUP(0)
00
al
[edi+6E], 0041ED54
al
:004354D4 42
:004354D5 00000000
inc edx
BYTE 4 DUP(0)
:004354D9
:004354DC
:004354DE
:004354DF
:004354E1
:004354E2
:004354E3
:004354E6
:004354E8
:004354EA
:004354EB
:004354ED
:004354EF
:004354F2
:004354F3
:004354FA
:00435500
:00435503
:00435504
:00435506
:00435507
:00435508
:0043550B
:0043550C
:0043550D
:0043550F

push cs
inc ecx
outsb
jb 0043555B
inc eax
add ah, dh
push dword ptr [edx+2*edi]
inc ebx
add byte ptr [edx+4*ecx+00000043], dh
str dword ptr [edx]
inc ecx
jne 0043557A
outsd
push ebx
insb
insb
inc eax
800300
0000
0E
0007
41
6E
63686F
7273
0010
40
00F4
0100
FF347A
43
00B48A43000000
008001000000
0F000A
41
7574
6F
53
63726F
6C
6C
0010
40
:00435510 004C0000
:00435514 FF10

|:004354A2(C)
|
:00435516 2F
:00435517 42
:00435518 0001
:0043551A 000000000000
:00435520
:00435523
:00435525
:00435527
:0043552A
:0043552C
:0043552D
:00435534
:00435535
:00435537
:0043553B
:0043553D
:00435540
800000
0000
1000
084175
746F
53
697A6554AF4000
4F
0000
FF6C0000
FEC0
324200
000000

je 0043559B
push ebx
dec edi
jmp far [eax+eax]
inc al
BYTE 3 DUP(0)
:00435543
:00435546
:0043554C
:00435554
:00435555
:00435556
:00435558
:0043555A
:0043555C
:0043555D
:0043555E
:00435560
:00435561
:00435562
800000
008011000842
6944694D6F646558
4E
43
0008
0200
FFC4
96
43
0008
99
43
00000000

dec esi
inc ebx
inc esp
xchg eax,esi
inc ebx
cdq
inc ebx
BYTE 4 DUP(0)
:00435566
:00435569
:0043556B
:0043556D
:00435570
:00435572
800700
0000
1200
0B426F
7264
65
add byte ptr [edi], 00

jb 004355D6
BYTE 065h
:00435573 7249
:00435575 636F6E
:00435578 7388
das
inc edx
BYTE 6 DUP(0)
jb 004355BE
jnb 00435502

|:00435504(C)
|
:0043557A 44
inc esp
:0043557B 43
inc ebx
:0043557C
:0043557E
:00435580
:00435582
:00435583
:00435584
:00435586
:00435587
:00435588
0009
0200
FFF0
96
43
0008
99
43
00000000

push eax
xchg eax,esi
inc ebx
cdq
inc ebx
BYTE 4 DUP(0)
:0043558C
:0043558F
:00435591
:00435593
:00435596
:00435598
800200
0000
1300
0B426F
7264
65
add byte ptr [edx], 00

jb 004355FC
BYTE 065h
:00435599 7253
jb 004355EE

|:0043552A(C)
|
:0043559B 7479
je 00435616
:0043559D 6C
insb
:0043559E 65
BYTE 065h
:0043559F
:004355A1
:004355A2
:004355A4
:004355A6
:004355A8
:004355A9
:004355AA
:004355AC
7CF9
41
0020
0100
FF20
90
42
0001
000000000000
jl 0043559A
inc ecx
jmp dword ptr [eax]
nop
inc edx
BYTE 6 DUP(0)
:004355B2
:004355B5
:004355B7
:004355B9
:004355BC
800000
0000
1400
0B426F
7264

adc al, 00
jb 00435622
|:00435573(C)
|
:004355BE 65
:004355BF 7257
:004355C1 6964746808ED4100
:004355C9 A4
:004355CA 314200
:004355CD D431
:004355CF 42
:004355D0 0008
:004355D2 99
:004355D3 43
:004355D4 00000000

BYTE 065h
jb 00435618
imul esp, dword ptr [esp+2*esi+68], 0041ED08
movsb
aam (base49)
inc edx
cdq
inc ebx
BYTE 4 DUP(0)
:004355D8
:004355DB
:004355E1
:004355E2
:004355E4
:004355EB
:004355EC
800000
008015000743
61
7074
696F6E3C104000
F8
2B4200

popad
jo 00435658
imul ebp, dword ptr [edi+6E], 0040103C
clc
:004355EF 548D4300
:004355F3 7C8A4300
DWORD 00438D54
DWORD 00438A7C
:004355F7 000000
BYTE 3 DUP(0)
:004355FA
:004355FD
:00435603
:00435604
:0043560B
:00435611

insb
push 40103C74
add byte ptr [ebx+ebp-72DBFFBE], dh
800000
008016000C43
6C
69656E74486569
6768743C1040
00B42B4200248D
|:004355BF(C)
|
:00435618 43
:00435619 007C8A43
:0043561D 00000000
:00435621
:00435624
:0043562A
:0043562B
:00435632
:00435634
:00435639
:0043563B
:0043563D
:00435640
:00435641
:00435644
800000
008017000B43
6C
69656E74576964
7468
BC24410064
0000
FF30
334200
4C
334200
000000

insb
je 0043569C
mov esp, 64004124
dec esp
BYTE 3 DUP(0)
:00435647
:0043564A
:00435650
:00435651
:00435652
:00435653
800000
008018000543
6F
6C
6F
7200

outsd
insb
outsd
jb 00435655
inc ebx
add byte ptr [edx+4*ecx+43], bh
BYTE 4 DUP(0)

|:00435653(C)
|
:00435655 EE
out dx, al
:00435656 41
inc ecx
:00435657 006800
:0043565A 00FF
add bh, bh
:0043565C 680000FF01
:00435661 000000000000
push 01FF0000
BYTE 6 DUP(0)
:00435667
:0043566A
:00435670
:00435671
:00435672
:00435674
:00435676
:0043567D
:00435680
:00435682
:00435683
:00435684
:00435685
:00435689
800000
008019000B43
6F
6E
7374
7261
696E7473001040
002C01
00FF
40
90
42
00649042
00000000

outsd
outsb
jnb 004356E8
jb 004356D7
add bh, bh
inc eax
nop
inc edx
BYTE 4 DUP(0)
:0043568D
:00435690
:00435692
:00435694
:00435699
:0043569A
800100
0000
1A00
0543746C33
44
0010
add
add
sbb
add
inc
add
byte ptr [ecx], 00

byte ptr [eax], al
al, byte ptr [eax]
eax, 336C7443
esp
byte ptr [eax], dl
|:00435632(C)
|
:0043569C 40
:0043569D 00800100FF70
:004356A3 92
:004356A4 42
:004356A5 0001
:004356A7 000000000000
:004356AD
:004356B0
:004356B2
:004356B4
:004356B5
:004356B6
:004356B8
:004356B9
:004356BA
:004356BD
:004356BE
:004356BF
:004356C0
:004356C1
800000
0000
1B00
0E
55
7365
44
6F
636B4D
61
6E
61
67
65

push cs
push ebp
jnb 0043571D
inc esp
outsd
arpl dword ptr [ebx+4D], ebp
popad
outsb
popad
BYTE 067h
BYTE 065h
:004356C2
:004356C4
:004356C5
:004356C6
:004356C8
:004356CA
72E4
4E
43
0011
0200
FF11
jb 004356A8
dec esi
inc ebx
inc eax
add byte ptr [eax+70FF0001], al
xchg eax,edx
inc edx
BYTE 6 DUP(0)
:004356CC
:004356CE
:004356D0
:004356D1
:004356D2
0200
FF08
99
43
00000000

dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
:004356D6
:004356D9
:004356DB
:004356DD
:004356DE
:004356DF
:004356E2
:004356E4
:004356E6
:004356E7
800300
0000
1C00
0E
44
656661
756C
744D
6F
6E

sbb al, 00
push cs
inc esp
popa
jne 00435750
je 00435733
outsd
outsb
|:00435672(C)
|
:004356E8 69746F7200104000
:004356F0 3801
:004356F2 00FF
:004356F4 48
:004356F5 7942
:004356F7 0001
:004356F9 000000000000
:004356FF
:00435702
:00435704
:00435709
:0043570C
:00435714
:00435716
:0043571C
800000
0000
1D0008446F
636B53
697465C4EC410087
0000
FF870000FF01
000000000000

sbb eax, 6F440800
imul esi, dword ptr [ebp-3C], 870041EC
inc dword ptr [edi+01FF0000]
BYTE 6 DUP(0)
:00435722
:00435725
:00435727
:00435728
:0043572A
:0043572B
:0043572D
:0043572F
:00435736
:00435737
800000
0000
1E
0008
44
7261
674B
696E6490EC4100
4D
0000
add byte ptr [eax],

add byte ptr [eax],
push ds
add byte ptr [eax],
inc esp
jb 0043578E
dec ebx
imul ebp, dword ptr
dec ebp
add byte ptr [eax],
imul esi, dword ptr [edi+2*ebp+72], 00401000

cmp byte ptr [ecx], al
add bh, bh
dec eax
jns 00435739
BYTE 6 DUP(0)
00
al
cl
[esi+64], 0041EC90
al
|:004356F5(C)
|
:00435739 FF5C0000
:0043573D FE01
:0043573F 000000000000
:00435745 800000
call far [eax+eax]

inc byte ptr [ecx]
BYTE 6 DUP(0)
:00435748
:0043574A
:0043574B
:0043574D
:0043574E
0000
1F
0008
44
7261

pop ds
inc esp
jb 004357B1

|:004356E2(C)
|
:00435750 674D
dec ebp
:00435752 6F
outsd
:00435753 64
BYTE 064h
:00435754
:00435757
:00435758
:0043575B
:0043575D
:0043575E
:00435760
:00435761
:00435766
:00435768
:0043576B
:0043576D
:0043576F
:00435770
:00435771
:00435772
:00435773
:00435777
:00435779
:0043577A
:0043577D
:0043577F
:00435783
:00435785
650010
40
005000
00FE
60
0000
FE
BC4E420000
0000
800100
0000
2000
07
45
6E
61
626C6564
0010
40
004900
00FF
C8324200
0100
0000000000

inc eax
add dh, bh
pushad
BYTE 0feh
mov esp, 0000424E
pop es
inc ebp
outsb
popad
inc eax
add bh, bh
enter 4232, 00
BYTE 5 DUP(0)
:0043578A
:0043578D
:0043578F
:00435791
:00435794
:00435796
:00435797
:00435799
:0043579A
:0043579B
:0043579D
:004357A0
:004357A1
:004357A3
:004357A9
:004357AC
800000
0000
2100
0A5061
7265
6E
7446
6F
6E
7434
294100
58
0000
FF90324200A0
324200
000000

jb 004357FB
outsb
je 004357DF
outsd
outsb
je 004357D1
pop eax
call dword ptr [eax+A0004232]
BYTE 3 DUP(0)
:004357AF 800000
:004357B2 008022000446

:004357B8
:004357B9
:004357BA
:004357BC
:004357BD
:004357BE
:004357C0
:004357C2
6F
6E
74C8
4D
43
000F
0200
FF
outsd
outsb
je 00435784
dec ebp
inc ebx
BYTE 0ffh
:004357C3 38994300
:004357C7 08994300
DWORD 00439938
DWORD 00439908
:004357CB 000000
BYTE 3 DUP(0)
:004357CE 800000

|:0043579B(C)
|
:004357D1 0000
:004357D3 2300
and eax, dword ptr [eax]
:004357D5 09466F
or dword ptr [esi+6F], eax
:004357D8 726D
jb 00435847
:004357DA 53
push ebx
:004357DB 7479
je 00435856
:004357DD 6C
insb
:004357DE 65
BYTE 065h
|:00435797(C)
|
:004357DF 3C10
:004357E1 40
:004357E2 003C00
:004357E5 00FF
:004357E7 D029
:004357E9 42
:004357EA 008C8A43000000
:004357F1 008000000080
:004357F7 0500064865
:004357FC 696768747C1040
:00435803 001C02
:00435806 00FF
:00435808 1C02
:0043580A 00FF
:0043580C 0100
:0043580E 0000000000
:00435813 800000
:00435816 008024000848
:0043581C 65

BYTE 065h
:0043581D 6C
:0043581E 7046
insb
jo 00435866
cmp al, 10
inc eax
add bh, bh
shr byte ptr [ecx], 1
inc edx
add byte ptr [edx+4*ecx+00000043], cl
add eax, 65480600
imul esp, dword ptr [edi+68], 40107C74
add byte ptr [edx+eax], bl
add bh, bh
sbb al, 02
add bh, bh
BYTE 5 DUP(0)
:00435820
:00435828
:0043582A
:0043582D
:0043582E
:00435830
:00435831
:00435832
696C65E0404300EC
0100
FF707A
43
0008
99
43
00000000
imul ebp, dword ptr [ebp-20], EC004340

push [eax+7A]
inc ebx
cdq
inc ebx
BYTE 4 DUP(0)
:00435836
:00435839
:0043583F
:00435840
:00435842
:00435843
:00435846
800000
008009000D48
6F
727A
53
63726F
6C

outsd
jb 004358BC
push ebx
insb

|:004357D8(C)
|
:00435847 6C
insb
:00435848 42
inc edx
:00435849 61
popad
:0043584A 7200
jb 0043584C
|:0043584A(C)
|
:0043584C 334100
xor eax, dword ptr [ecx+00]
:0043584F 2002
and byte ptr [edx], al
:00435851 00FF
add bh, bh
:00435853 FC984300
:00435857 10994300
DWORD 004398FC
DWORD 00439910
:0043585B 000000
BYTE 3 DUP(0)
:0043585E
:00435861
:00435867
:0043586A
:0043586C
:0043586D
:00435873
:00435875
:00435877
:00435878
:00435879
800000
008025000449
636F6E
0010
40
000D0200FF0D
0200
FF08
99
43
00000000

inc eax
add byte ptr [0DFF0002], cl
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
:0043587D
:00435880
:00435882
:00435885
:00435886
800000
0000
26000A
4B
65

add byte ptr es:[edx], cl
dec ebx
BYTE 065h
:00435887
:00435889
:0043588B
:0043588D
7950
7265
7669
65
jns 004358D9
jb 004358F0
jbe 004358F6
BYTE 065h
:0043588E
:00435890
:00435893
:00435895
7768
024300
2802
00FF
ja 004358F8
sub byte ptr [edx], al
add bh, bh
:00435897 709A4300
:0043589B 08994300
DWORD 00439A70
DWORD 00439908
:0043589F 000000
BYTE 3 DUP(0)
:004358A2 800000
:004358A5 00802700044D
:004358AB 65

BYTE 065h
:004358AC 6E
:004358AD 7500
outsb
jne 004358AF

|:004358AD(C)
|
:004358AF 104000
:004358B2 1402
adc al, 02
:004358B4 00FF
add bh, bh
:004358B6 1402
adc al, 02
:004358B8 00FF
add bh, bh
:004358BA 0100
|:00435840(C)
|
:004358BC 0000000000
:004358C1 800000
:004358C4 008028000E4F
:004358CA 6C
:004358CB 64
:004358CC
:004358CD
:004358CF
:004358D0
:004358D2
:004358D3
:004358D5
43
7265
61
7465
4F
7264
65
inc ebx
jb 00435934
popad
je 00435937
dec edi
jb 00435939
BYTE 065h
:004358D6
:004358D8
:004358DB
:004358DC
:004358DE
726C
FE4200
40
0200
FF349A
jb 00435944
inc [edx+00]
inc eax
push dword ptr [edx+4*ebx]
BYTE 5 DUP(0)
insb
BYTE 064h
:004358E1
:004358E2
:004358E4
:004358E5
:004358E6
43
0008
99
43
00000000
inc ebx
cdq
inc ebx
BYTE 4 DUP(0)
:004358EA 800000
:004358ED 008029000E4F
:004358F3 626A65

|:0043588B(C)
|
:004358F6 63744D65
:004358FA 6E
:004358FB 7549
:004358FD 7465
:004358FF 6D
:00435900 0010
:00435902 40
:00435903 005000
:00435906 00FF
:00435908 680000FE01
:0043590D 000000000000
:00435913
:00435916
:00435918
:0043591A

sub al, byte ptr [eax]
push cs
800100
0000
2A00
0E
arpl dword ptr [ebp+2*ecx+65], esi

outsb
jne 00435946
je 00435964
insd
inc eax
add bh, bh
push 01FE0000
BYTE 6 DUP(0)
|:0043597D(C)
|
:0043591B 50
:0043591C 61
:0043591D 7265
:0043591F 6E
:00435920 7442
:00435922 6944694D6F64653C
:0043592A 104000
:0043592D 349C4300
:00435931 489C4300
DWORD 00439C34
DWORD 00439C48
:00435935 00000000000000
BYTE 7 DUP(0)
:0043593C
:0043593F
:00435945
:0043594C
:0043594E
:0043594F
:00435952
:00435954
:00435957
:00435959

add byte ptr [eax+500D002B], al
imul edi, dword ptr [eax+65], 6550736C
jb 00435997
outsb
add al, 43
add bh, bh
pop esp
800000
00802B000D50
6978656C735065
7249
6E
636838
0443
007000
00FF
5C
push eax
popad
jb 00435984
outsb
je 00435964
imul eax, dword ptr [ecx+2*ebp+4D], 3C65646F
:0043595A
:0043595D
:00435963
:00435969
:0043596B
:0043596E
:00435970
:00435972
314200
089943000000
008000000080
2C00
09506F
7075
704D
65

or byte ptr [ecx+00000043], bl
sub al, 00
or dword ptr [eax+6F], edx
jo 004359E5
jo 004359BF
BYTE 065h
:00435973
:00435974
:00435976
:00435977
:00435978
:0043597A
:0043597C
6E
7570
4E
43
0010
0200
FF
outsb
jne 004359E6
dec esi
inc ebx
BYTE 0ffh
:0043597D 7C9C4300
:00435981 08994300
DWORD 00439C7C
DWORD 00439908
:00435985 000000
BYTE 3 DUP(0)
:00435988
:0043598B
:0043598D
:00435992
:00435994
:00435996

sub eax, 6F500800
jnb 004359FD
je 004359FF
outsd
800000
0000
2D0008506F
7369
7469
6F
|:0043594C(C)
|
:00435997 6E
:00435998 344F
:0043599A 43
:0043599B 00150200FF15
:004359A1 0200
:004359A3 FF08
:004359A5 99
:004359A6 43
:004359A7 00000000
:004359AB
:004359AE
:004359B0
:004359B3
:004359B4
:004359B6
:004359B7
:004359B9
:004359BC

add byte ptr cs:[edx], cl
push eax
jb 00435A1F
outsb
je 00435A0C
800100
0000
2E000A
50
7269
6E
7453
63616C
650010
outsb
xor al, 4F
inc ebx
add byte ptr [15FF0002], dl
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)

|:00435970(C)
|
:004359BF 40
inc eax
:004359C0
:004359C6
:004359C7
:004359C8
:004359CA
:004359CB
:004359CC
00989C4300A4
9C
43
0008
99
43
00000000
add byte ptr [eax+A400439C], bl

pushfd
inc ebx
cdq
inc ebx
BYTE 4 DUP(0)
:004359D0
:004359D3
:004359D5
:004359D6
:004359D8
:004359D9
:004359DC
800100
0000
2F
0006
53
63616C
65

das
push ebx
BYTE 065h
:004359DD
:004359E0
:004359E1
:004359E7
:004359EA
:004359EC
:004359ED
640010
40
00850000FFE8
324200
B432
42
00000000
add byte ptr fs:[eax], dl

inc eax
add byte ptr [ebp+E8FF0000], al
mov ah, 32
inc edx
BYTE 4 DUP(0)
:004359F1 800000
:004359F4 008030000853
:004359FA 686F774869

push 6948776F
|:00435994(C)
|
:004359FF 6E
:00435A00 74E0
:00435A02 40
:00435A03 43
:00435A04 00F0
:00435A06 0100
:00435A08 FF807A430008
:00435A0E 99
:00435A0F 43
:00435A10 00000000
:00435A14 800000
:00435A17 00800A000D56
:00435A1D 65

add byte ptr [eax+560D000A], al
BYTE 065h
:00435A1E
:00435A20
:00435A21
:00435A24
:00435A25
:00435A26
:00435A27
:00435A28
jb 00435A94
push ebx
insb
insb
inc edx
popad
jb 00435A2A
7274
53
63726F
6C
6C
42
61
7200
outsb
je 004359E2
inc eax
inc ebx
add al, dh
inc dword ptr [eax+0800437A]
cdq
inc ebx
BYTE 4 DUP(0)
|:00435A28(C)
|
:00435A2A 104000
:00435A2D 47
:00435A2E 0000
:00435A30 FF848D4300FC4E
:00435A37 42
:00435A38 00000000
:00435A3C
:00435A3F
:00435A41
:00435A43
:00435A44
:00435A45
:00435A4C
:00435A4F
:00435A51
:00435A53
:00435A54
:00435A57
:00435A5D
:00435A63
:00435A65
:00435A6A
:00435A6F
:00435A71

pop es
push esi
imul esi, dword ptr [ebx+69], 3C656C62
cmp byte ptr [eax], al
add bh, bh
lodsb
mov [edx+00000043], cs
add al, 00
add eax, 74646957
push 00434D88
or eax, dword ptr [edx]
add bh, bh
800000
0000
3100
07
56
697369626C653C
104000
3800
00FF
AC
294200
8C8A43000000
008000000080
0400
0557696474
68884D4300
0B02
00FF

inc edi
inc dword ptr [ebp+4*ecx+4EFC0043]
inc edx
BYTE 4 DUP(0)
:00435A73 949D4300
:00435A77 08994300
DWORD 00439D94
DWORD 00439908
:00435A7B 000000
BYTE 3 DUP(0)
:00435A7E
:00435A81
:00435A83
:00435A85
:00435A88
:00435A89
800000
0000
3200
0B5769
6E
64

xor al, byte ptr [eax]
or edx, dword ptr [edi+69]
outsb
BYTE 064h
:00435A8A
:00435A8B
:00435A8D
:00435A8F
:00435A91
:00435A92
:00435A95
:00435A97
6F
7753
7461
7465
6C
FE4200
3802
00FF
outsd
ja 00435AE0
je 00435AF0
je 00435AF6
insb
inc [edx+00]
cmp byte ptr [edx], al
add bh, bh
:00435A99 489A4300
:00435A9D 08994300
DWORD 00439A48
DWORD 00439908
:00435AA1 000000
BYTE 3 DUP(0)
:00435AA4 800000
|:00435AB5(C)
|
:00435AA7 008033000A57
:00435AAD 696E646F774D65
:00435AB4 6E
:00435AB5 75F0
:00435AB7 AF
:00435AB8 40
:00435AB9 00640200
:00435ABD FF640200
:00435AC1 FF08
:00435AC3 99
:00435AC4 43
:00435AC5 00000000
:00435AC9
:00435ACC
:00435AD2
:00435AD3
:00435AD4
:00435AD8
:00435AD9
:00435ADB
:00435ADD
:00435ADE
:00435AE5
:00435AE7
:00435AED
:00435AF3
:00435AF8
:00435AF9
:00435AFA
:00435AFB
:00435AFC
800000
008034000A4F
6E
41
63746976
61
7465
0CF3
41
00A40000FFA400
00FF
089943000000
008000000080
35000B4F6E
43
61
6E
52
65

outsb
inc ecx
popad
je 00435B40
or al, F3
inc ecx
add byte ptr [eax+eax+00A4FF00], ah
add bh, bh
xor eax, 6E4F0B00
inc ebx
popad
outsb
push edx
BYTE 065h
:00435AFD
:00435AFF
:00435B01
:00435B02
:00435B03
:00435B04
:00435B07
:00435B09
:00435B0B
:00435B0D
:00435B13
:00435B19
:00435B1C
:00435B1D
:00435B1E
:00435B1F
:00435B20
:00435B27
:00435B28
7369
7A65
F0
AF
40
000401
00FF
0401
00FF
089943000000
008000000080
360007
4F
6E
43
6C
69636B944F4300
6C
0200
jnb 00435B68
jpe 00435B66
lock
scasd
inc eax
add bh, bh
add al, 01
add bh, bh
add byte ptr ss:[edi], al
dec edi
outsb
inc ebx
insb
insb
add byte ptr [eax+570A0033], al

imul ebp, dword ptr [esi+64], 654D776F
outsb
jne 00435AA7
scasd
inc eax
add byte ptr [edx+eax], ah
jmp [edx+eax]
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
:00435B2A
:00435B2E
:00435B30
:00435B31
:00435B32
FF6C0200
FF08
99
43
00000000
jmp far [edx+eax]

dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
:00435B36 800000
:00435B39 00803700074F
:00435B3F 6E

outsb
|:00435AD9(C)
|
:00435B40 43
:00435B41 6C
:00435B42 6F
:00435B43 7365
:00435B45 CC
:00435B46 4F
:00435B47 43
:00435B48 00740200
:00435B4C FF740200
:00435B50 FF08
:00435B52 99
:00435B53 43
:00435B54 00000000
:00435B58
:00435B5B
:00435B61
:00435B62
:00435B63
:00435B64
:00435B65
:00435B67

add byte ptr [eax+4F0C0038], al
outsb
inc ebx
insb
outsd
jnb 00435BCC
push ecx
800000
008038000C4F
6E
43
6C
6F
7365
51
inc ebx
insb
outsd
jnb 00435BAA
int 03
dec edi
inc ebx
add byte ptr [edx+eax], dh
push [edx+eax]
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
|:00435AFD(C)
|
:00435B68 7565
:00435B6A 7279
:00435B6C 68F34100AC
:00435B71 0000
:00435B73 FFAC0000FF0100
:00435B7A 0000000000
:00435B7F
:00435B82
:00435B88
:00435B89
:00435B8A
:00435B8B
:00435B8C
:00435B8E
:00435B90
:00435B97
:00435B9E

outsb
inc ebx
outsd
outsb
jnb 00435C02
jb 00435BF1
imul edi, dword ptr [edx+65], 0040AFF0
lodsb
800000
00803900134F
6E
43
6F
6E
7374
7261
696E6564526573
697A65F0AF4000
AC
jne 00435BCF
jb 00435BE5
push AC0041F3
jmp far dword ptr [eax+eax+0001FF00]
BYTE 5 DUP(0)
:00435B9F
:00435BA1
:00435BA8
:00435BA9
0200
FFAC0200FF0899
43
00000000

jmp far dword ptr [edx+eax-66F70100]
inc ebx
BYTE 4 DUP(0)
:00435BAD
:00435BB0
:00435BB6
:00435BB7
:00435BB8
:00435BBA
:00435BBB
:00435BBD
:00435BBE
:00435BBF
:00435BC0
:00435BC3
:00435BC5
:00435BC7
:00435BC9
800000
00803A00084F
6E
43
7265
61
7465
F0
AF
40
000C01
00FF
0C01
00FF
089943000000

outsb
inc ebx
jb 00435C1F
popad
je 00435C22
lock
scasd
inc eax
add bh, bh
or al, 01
add bh, bh
|:00435B68(C)
|
:00435BCF 008000000080
:00435BD5 3B00
:00435BD7 0A4F6E
:00435BDA 44
:00435BDB 626C436C
:00435BDF 69636BF0AF4000
:00435BE6 B402
:00435BE8 00FF
:00435BEA B402
:00435BEC 00FF
:00435BEE 089943000000
:00435BF4 008000000080
:00435BFA 3C00
:00435BFC 094F6E
:00435BFF 44
:00435C00 65
:00435C01
:00435C03
:00435C05
:00435C07
:00435C08
:00435C09
:00435C0D
:00435C0E
:00435C10
jnb 00435C77
jb 00435C74
jns 00435BF7
scasd
inc eax
add byte ptr [edx+eax], bh
BYTE 0ffh
jl 00435C12
add bh, bh
7374
726F
79F0
AF
40
007C0200
FF
7C02
00FF
|:00435C0E(C)
|
:00435C12 089943000000
:00435C18 008000000080
:00435C1E 3D000C4F6E
:00435C23 44

cmp eax, dword ptr [eax]
or cl, byte ptr [edi+6E]
inc esp
mov ah, 02
add bh, bh
mov ah, 02
add bh, bh
cmp al, 00
or dword ptr [edi+6E], ecx
inc esp
BYTE 065h

cmp eax, 6E4F0C00
inc esp
:00435C24 65
BYTE 065h
:00435C25
:00435C26
:00435C2A
:00435C2B
:00435C2D
:00435C2F
:00435C30
:00435C36
:00435C38
:00435C3A
61
63746976
61
7465
28F1
41
00880100FF88
0100
FF01
000000000000
popad
popad
je 00435C92
sub cl, dh
inc ecx
add byte ptr [eax+88FF0001], cl
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00435C40
:00435C43
:00435C49
:00435C4A
:00435C4B
:00435C4C
:00435C4F
:00435C51
:00435C53
:00435C54
:00435C55
:00435C5B
:00435C5D
:00435C5F
800000
00803E000A4F
6E
44
6F
636B44
726F
707C
F1
41
00900100FF90
0100
FF01
000000000000

add byte ptr [eax+4F0A003E], al
outsb
inc esp
outsd
jb 00435CC0
jo 00435CCF
BYTE 0f1h
inc ecx
add byte ptr [eax+90FF0001], dl
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00435C65
:00435C68
:00435C6E
:00435C6F
:00435C70
:00435C71
800000
00803F000A4F
6E
44
6F
636B4F

add byte ptr [eax+4F0A003F], al
outsb
inc esp
outsd
|:00435C03(C)
|
:00435C74 7665
:00435C76 7250
:00435C78 F0
:00435C79 41
:00435C7A 00CC
:00435C7C 0000
:00435C7E FFCC
:00435C80 0000
:00435C82 FF08
:00435C84 99
:00435C85 43
:00435C86 00000000
:00435C8A
:00435C8D
:00435C93
:00435C94
:00435C95

outsb
inc esp
jb 00435CF8
800000
008040000A4F
6E
44
7261
jbe 00435CDB
jb 00435CC8
lock
inc ecx
add ah, cl
dec esp
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
:00435C97
:00435C99
:00435C9B
:00435C9D
6744
726F
70E0
EF
inc esp
jb 00435D0A
jo 00435C7D
out dx, ax
|:00435CC0(C)
|
:00435C9E 41
:00435C9F 00D4
:00435CA1 0000
:00435CA3 FFD4
:00435CA5 0000
:00435CA7 FF08
:00435CA9 99
:00435CAA 43
:00435CAB 00000000
:00435CAF
:00435CB2
:00435CB8
:00435CB9
:00435CBA
:00435CBC
:00435CBE

outsb
inc esp
jb 00435D1D
dec edi
jbe 00435D25
800000
008041000A4F
6E
44
7261
674F
7665
inc ecx
add ah, dl
call esp
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)

|:00435C4F(C)
|
:00435CC0 72DC
jb 00435C9E
:00435CC2 F0
lock
:00435CC3 41
inc ecx
:00435CC4 00EC
add ah, ch
:00435CC6 0000
|:00435C76(C)
|
:00435CC8 FFEC
:00435CCA 0000
:00435CCC FF01
:00435CCE 000000000000
:00435CD4
:00435CD7
:00435CDD
:00435CDE
:00435CDF
:00435CE0
800000
00804200094F
6E
45
6E
64

outsb
inc ebp
outsb
BYTE 064h
:00435CE1
:00435CE2
:00435CE3
:00435CE6
:00435CE7
:00435CE8
:00435CEE
44
6F
636B94
F2
41
00A80100FFA8
0100
inc esp
outsd
arpl dword ptr [ebx-6C], ebp
repnz
inc ecx
add byte ptr [eax+A8FF0001], ch
jmp far esp

inc dword ptr [ecx]
BYTE 6 DUP(0)
:00435CF0 FF01
:00435CF2 000000000000
inc dword ptr [ecx]

BYTE 6 DUP(0)
|:00435C95(C)
|
:00435CF8 800000
:00435CFB 008043000D4F
:00435D01 6E
:00435D02 47
:00435D03 65
:00435D04
:00435D06
:00435D0E
:00435D0F
:00435D10
:00435D17
:00435D19
:00435D1F
je 00435D59
imul esi, dword ptr [ebp+49], F06F666E
scasd
inc eax
add byte ptr [edx+eax+028CFF00], cl
add bh, bh
7453
697465496E666FF0
AF
40
008C0200FF8C02
00FF
089943000000
008000000080

outsb
inc edi
BYTE 065h
|:00435CBE(C)
|
:00435D25 44
:00435D26 0006
:00435D28 4F
:00435D29 6E
:00435D2A 48
:00435D2B 69646514B0400084
:00435D33 0200
:00435D35 FF840200FF0100
:00435D3C 0000000000
:00435D41
:00435D44
:00435D4A
:00435D4B
:00435D4C
800000
00804500064F
6E
48
65

outsb
dec eax
BYTE 065h
:00435D4D
:00435D4E
:00435D50
:00435D51
:00435D52
:00435D58
:00435D5A
:00435D5C
:00435D5D
:00435D5E
6C
7070
EF
41
00B00100FFB0
0100
FF08
99
43
00000000
insb
jo 00435DC0
out dx, ax
inc ecx
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
:00435D62 800000
:00435D65 00804600094F
:00435D6B 6E

outsb
inc esp
dec edi
outsb
dec eax
imul esp, dword ptr [ebp+14], 840040B0
inc dword ptr [edx+eax+0001FF00]
BYTE 5 DUP(0)
:00435D6C 4B
:00435D6D 65
dec ebx
BYTE 065h
:00435D6E
:00435D70
:00435D71
:00435D73
:00435D75
:00435D76
:00435D7C
:00435D7E
:00435D80
:00435D81
:00435D82
jns 00435DB4
outsd
ja 00435DE1
mov al, EF
inc ecx
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
7944
6F
776E
B0EF
41
00B80100FFB8
0100
FF08
99
43
00000000
:00435D86 800000
|:00435D98(C)
|
:00435D89 008047000A4F
:00435D8F 6E
:00435D90 4B
:00435D91 65
:00435D92
:00435D94
:00435D96
:00435D98
:00435D9A
:00435D9B
:00435D9D
:00435D9F
:00435DA1
:00435DA3
:00435DA5
:00435DA6
:00435DA7
jns 00435DE4
jb 00435DFB
jnb 00435E0B
jo 00435D89
inc ecx
add al, al
inc eax
dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
7950
7265
7373
70EF
41
00C0
0100
FFC0
0100
FF08
99
43
00000000
:00435DAB 800000
:00435DAE 00804800074F

outsb
dec ebx
BYTE 065h


|:00435D6E(C)
|
:00435DB4 6E
outsb
:00435DB5 4B
dec ebx
:00435DB6 65
BYTE 065h
:00435DB7
:00435DB9
:00435DBB
:00435DBC
:00435DBD
:00435DC4
7955
70BC
EE
41
00B40000FFB400
00FF
jns 00435E0E
jo 00435D77
out dx, al
inc ecx
add bh, bh
:00435DC6
:00435DCC
:00435DD2
:00435DD3
:00435DD5
:00435DD6
:00435DD7
:00435DD8
:00435DD9
:00435DDB
089943000000
008000000080
49
000B
4F
6E
4D
6F
7573
65

dec ecx
dec edi
outsb
dec ebp
outsd
jne 00435E4E
BYTE 065h
:00435DDC
:00435DDD
:00435DDE
:00435DE0
:00435DE2
:00435DE3
:00435DEA
:00435DEC
:00435DF2
:00435DF8
:00435DF9
44
6F
776E
20EF
41
00BC0000FFBC00
00FF
089943000000
008000000080
4A
000B
inc esp
outsd
ja 00435E4E
and bh, ch
inc ecx
add bh, bh
dec edx

|:00435D94(C)
|
:00435DFB 4F
dec edi
:00435DFC 6E
outsb
:00435DFD 4D
dec ebp
:00435DFE 6F
outsd
:00435DFF 7573
jne 00435E74
:00435E01 65
BYTE 065h
:00435E02
:00435E03
:00435E04
:00435E06
4D
6F
7665
BCEE4100C4
dec ebp
outsd
jbe 00435E6B
mov esp, C40041EE

|:00435D96(C)
|
:00435E0B 0000
:00435E0D FFC4
inc esp
|:00435E29(C)
|
:00435E0F 0000
:00435E11 FF08
:00435E13 99
:00435E14 43
:00435E15 00000000
:00435E19
:00435E1C
:00435E22
:00435E23

add byte ptr [eax+4F09004B], al
outsb
dec ebp
800000
00804B00094F
6E
4D

dec dword ptr [eax]
cdq
inc ebx
BYTE 4 DUP(0)
:00435E24 6F
:00435E25 7573
:00435E27 65
outsd
jne 00435E9A
BYTE 065h
:00435E28
:00435E29
:00435E2B
:00435E2C
:00435E2D
:00435E2F
:00435E31
:00435E33
:00435E35
:00435E37
55
70E4
F3
41
00C8
0100
FFC8
0100
FF01
000000000000
push ebp
jo 00435E0F
repz
inc ecx
add al, cl
dec eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00435E3D
:00435E40
:00435E46
:00435E47
:00435E48
:00435E49
:00435E4B
800000
00804C000C4F
6E
4D
6F
7573
65

add byte ptr [eax+4F0C004C], al
outsb
dec ebp
outsd
jne 00435EBE
BYTE 065h
:00435E4C
:00435E4D
:00435E52
:00435E53
:00435E54
:00435E56
:00435E58
:00435E5A
:00435E5C
:00435E5E
57
6865656C58
F4
41
00D0
0100
FFD0
0100
FF01
000000000000
push edi
push 586C6565
hlt
inc ecx
add al, dl
call eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00435E64
:00435E67
:00435E6D
:00435E6E
:00435E6F
:00435E70
:00435E72
800000
00804D00104F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 00435EE5
BYTE 065h
:00435E73 57
push edi
|:00435DFF(C)
|
:00435E74 6865656C44
:00435E79 6F
:00435E7A 776E
:00435E7C 58
:00435E7D F4
:00435E7E 41
:00435E7F 00D8
:00435E81 0100

push 446C6565
outsd
ja 00435EEA
pop eax
hlt
inc ecx
add al, bl
:00435E83
:00435E85
:00435E87
:00435E89
FFD8
0100
FF01
000000000000
call far eax

inc dword ptr [ecx]
BYTE 6 DUP(0)
:00435E8F
:00435E92
:00435E98
:00435E99
800000
00804E000E4F
6E
4D

add byte ptr [eax+4F0E004E], al
outsb
dec ebp

|:00435E25(C)
|
:00435E9A 6F
outsd
:00435E9B 7573
jne 00435F10
:00435E9D 65
BYTE 065h
:00435E9E
:00435E9F
:00435EA4
:00435EA6
:00435EA7
:00435EA8
:00435EAF
:00435EB1
:00435EB7
:00435EBD
57
6865656C55
70F0
AF
40
00940200FF9402
00FF
089943000000
008000000080
4F
|:00435E49(C)
|
:00435EBE 0007
:00435EC0 4F
:00435EC1 6E
:00435EC2 50
:00435EC3 61
:00435EC4 696E74F0AF4000
:00435ECB DC00
:00435ECD 00FF
:00435ECF DC00
:00435ED1 00FF
:00435ED3 089943000000
:00435ED9 008000000080
:00435EDF 50
:00435EE0 0008
:00435EE2 4F
:00435EE3 6E
:00435EE4 52
push edi
push 556C6565
jo 00435E96
scasd
inc eax
add byte ptr [edx+eax+0294FF00], dl
add bh, bh
dec edi
dec edi
outsb
push eax
popad
imul ebp, dword ptr [esi+74], 0040AFF0
fadd qword ptr [eax]
add bh, bh
fadd qword ptr [eax]
add bh, bh
push eax
dec edi
outsb
push edx

|:00435E70(C)
|
:00435EE5 65
BYTE 065h
:00435EE6 7369
jnb 00435F51
:00435EE8 7A65
jpe 00435F4F
|:00435E7A(C)
|
:00435EEA
:00435EED
:00435EF4
:00435EF6
:00435EF8
085043
009C0200FF9C02
00FF
0100
0000000000
or byte ptr [eax+43], dl

add byte ptr [edx+eax+029CFF00], bl
add bh, bh
BYTE 5 DUP(0)
:00435EFD
:00435F00
:00435F06
:00435F07
:00435F08
:00435F0D
:00435F0F
800000
008051000A4F
6E
53
686F727443
7574
F0

outsb
push ebx
push 4374726F
jne 00435F83
lock
|:00435E9B(C)
|
:00435F10 AF
:00435F11 40
:00435F12 00A40200FFA402
:00435F19 00FF
:00435F1B 089943000000
:00435F21 008000000080
:00435F27 52
:00435F28 0006
:00435F2A 4F
:00435F2B 6E
:00435F2C 53
:00435F2D 686F7750F2
:00435F32 41
:00435F33 00E4
:00435F35 0000
:00435F37 FFE4
:00435F39 0000
:00435F3B FF01
:00435F3D 000000000000
:00435F43
:00435F46
:00435F4C
:00435F4D
:00435F4E
:00435F50
:00435F52
:00435F53
:00435F54
:00435F57
:00435F58
:00435F59
:00435F5B
:00435F5D
:00435F5F
:00435F61
:00435F63

outsb
push ebx
je 00435FB1
jb 00435FC6
inc esp
outsd
arpl dword ptr [ebx-0C], ebp
BYTE 0f1h
inc ecx
add al, ah
jmp eax
inc dword ptr [ecx]
BYTE 6 DUP(0)
800000
008053000B4F
6E
53
7461
7274
44
6F
636BF4
F1
41
00E0
0100
FFE0
0100
FF01
000000000000
:00435F69 800000
scasd
inc eax
add byte ptr [edx+eax+02A4FF00], ah
add bh, bh
push edx
dec edi
outsb
push ebx
push F250776F
inc ecx
add ah, ah
jmp esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00435F6C
:00435F72
:00435F73
:00435F74
:00435F75
:00435F76
:00435F77
:00435F7A
:00435F7B
:00435F7D
:00435F7E
:00435F7F
:00435F89
00805400084F
6E
55
6E
44
6F
636B8D
40
00C8
5F
43
00000000000000000000
000000

outsb
push ebp
outsb
inc esp
outsd
inc eax
add al, cl
pop edi
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00435F8C E860430000
:00435F91 00000000000000
call 0043A2F1
BYTE 7 DUP(0)
:00435F98 9C604300
:00435F9C D4604300
DWORD 0043609C
DWORD 004360D4
:00435FA0
:00435FA2
:00435FA4
:00435FA6
:00435FA7
:00435FAA
:00435FAB
:00435FAE
:00435FAF
:00435FB3
:00435FB6
:00435FB7
:00435FBE
:00435FBF
:00435FC1
:00435FC4
les
add
cmp
inc
add
inc
add
inc
add
add
inc
add
inc
add
sub
mov
C402
0000
3C50
43
00681C
41
000C82
43
004C8343
003C2E
40
0024A54300B42B
40
00C8
2B4000
B083
|:00435F50(C)
|
:00435FC6 43
:00435FC7 00B89A42005C
:00435FCD 884300
:00435FD0 08D2
:00435FD2 40
:00435FD3 0084C743005485
:00435FDA 43
:00435FDB 004886
:00435FDE 43
:00435FDF 0028
:00435FE1 2F
:00435FE2 42
:00435FE3 00801C410068
:00435FE9 8E4300
:00435FEC BC184100B0
:00435FF1 C54300

byte ptr [eax], al
al, 50
ebx
ecx
byte ptr [edx+4*eax], cl
ebx
byte ptr [ebx+4*eax+43], cl
eax
byte ptr [2BB40043], ah
eax
al, cl
al, 83

inc ebx
or dl, dl
inc eax
add byte ptr [edi+8*eax-7AABFFBD], al
inc ebx
inc ebx
das
inc edx
mov es, [ebx+00]
mov esp, B0004118
:00435FF4
:00435FF5
:00435FF9
:00435FFA
:00435FFB
:00435FFD
:00435FFE
:00435FFF
:00436001
:00436008
:0043600A
:0043600B
:0043600E
:0043600F
:00436011
:00436014
:00436019
:0043601E
:0043601F
:00436022
:00436023
:00436026
:00436027
:00436029
54
C643008C
91
42
00C0
95
42
00E8
9A4200149A4200
A88F
42
00488B
43
00DC
8C4200
B8254200BC
2542003C8C
43
002C51
42
001427
42
00D8
304200
push esp
mov [ebx+00], 8C
xchg eax,ecx
inc edx
add al, al
xchg eax,ebp
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
inc ebx
add ah, bl
mov [edx+00], es
mov eax, BC004225
and eax, 8C3C0042
inc ebx
inc edx
inc edx
add al, bl
:0043602C 308E4300
:00436030 FC8C4300
DWORD 00438E30
DWORD 00438CFC
:00436034
:00436036
:00436037
:00436039
:0043603C
:0043603E
:0043603F
:00436043
:00436045
:00436048
:0043604A
:0043604B
:0043604D
cmp
inc
add
mov
mov
inc
add
add
lea
sbb
inc
add
lea
3832
42
00EC
8E4300
B051
42
00748D42
00F0
8D4200
1C89
42
00D4
8D4200
byte ptr [edx], dh

edx
ah, ch
es, [ebx+00]
al, 51
edx
al, dh
al, 89
edx
ah, dl
:00436050 747E4300
:00436054 68954300
DWORD 00437E74
DWORD 00439568
:00436058
:0043605B
:00436061
:00436066
:00436067
:00436069
:0043606A
:0043606B
:0043606D

inc ebx
add al, ah
movsb
inc ebx
add al, cl
BYTE 064h
C46542
00A0A04300E0
A34300A0A2
43
00E0
A4
43
00C8
64
:0043606E 42
:0043606F 00148F
inc edx
:00436072
:00436073
:00436075
:00436076
:00436077
:0043607E
:0043607F
:00436081
:00436083
:00436085
42
00C8
AB
43
008C8B420090BE
43
00D8
7843
0038
C24300
inc edx
add al, cl
stosd
inc ebx
inc ebx
add al, bl
js 004360C6
ret 0043
:00436088
:0043608C
:00436090
:00436094
:00436098
1C824300
64BD4300
ACA64300
28BF4300
2C8E4300
DWORD
DWORD
DWORD
DWORD
DWORD
:0043609C
:0043609E
:004360A0
:004360A5
:004360A7
:004360A9
:004360AB
:004360AD
:004360AF
0900
8400
A1002CB042
B039
B00B
B0CD
FFC4
FFC2
FF

test byte ptr [eax], al
mov al, 39
mov al, 0B
mov al, CD
inc esp
inc edx
BYTE 0ffh
:004360B0
:004360B4
:004360B8
:004360BC
:004360C0
:004360C4
:004360C8
:004360CC
FCC74300
24C84300
B0C84300
08C94300
A8C94300
C0C94300
BCC64300
64C74300
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
|:00436050(C)
|
:004360D0 D0C74300
:004360D4 0F
:004360D5 54
:004360D6 43
:004360D7 7573
:004360D9 746F
:004360DB 6D
:004360DC 44
:004360DD 6F
:004360DE 636B46
:004360E1 6F
:004360E2 726D
:004360E4 E860430007
:004360E9 0F
:004360EA 54
:004360EB 43
:004360EC 7573
:004360EE 746F
0043821C
0043BD64
0043A6AC
0043BF28
00438E2C
0043C7FC
0043C824
0043C8B0
0043C908
0043C9A8
0043C9C0
0043C6BC
0043C764

DWORD 0043C7D0
BYTE 0fh
push esp
inc ebx
jne 0043614C
je 0043614A
insd
inc esp
outsd
outsd
jb 00436151
call 0743A449
BYTE 0fh
push esp
inc ebx
jne 00436161
je 0043615F
:004360F0
:004360F1
:004360F2
:004360F3
:004360F6
:004360F7
6D
44
6F
636B46
6F
726D
insd
inc esp
outsd
outsd
jb 00436166
:004360F9 C85F4300
:004360FD F4524300
DWORD 00435FC8
DWORD 004352F4
:00436101
:00436103
:00436108
:0043610A
:0043610D
:0043610E
:00436111
:00436112
:00436115
:00436116
0C00
05466F726D
7301
003C10
40
00349C
43
00489C
43
0000000000000000
or al, 00
add eax, 6D726F46
jnb 0043610B
inc eax
add byte ptr [esp+4*ebx], dh
inc ebx
inc ebx
BYTE 8 DUP(0)
:0043611E
:00436121
:00436127
:0043612E
:00436130
:00436131
:00436134
:00436138
:00436142
:0043614C
800000
00800B000D50
6978656C735065
7249
6E
636890
80614300
00000000000000000000
00000000000000000000
0000000000000000

add byte ptr [eax+500D000B], al
jb 00436179
outsb
arpl dword ptr [eax-70], ebp
and byte ptr [ecx+43], 00
BYTE 10 DUP(0)
BYTE 10 DUP(0)
BYTE 8 DUP(0)
:00436154
:00436158
:0043615A
:0043615C
:0043615E
80614300
0C00
0000
8810
40
and byte ptr [ecx+43], 00

or al, 00
inc eax

|:004360EE(C)
|
:0043615F 0028
|:004360EC(C)
|
:00436161 2E
BYTE 02eh
:00436162 40
inc eax
:00436163 00342E
|:004360F7(C)
|
:00436166 40
inc eax
:00436167 0038
:00436169 2E
BYTE 02eh
:0043616A
:0043616B
:0043616E
:0043616F
:00436171
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:00436172
:00436173
:0043617A
:0043617B
:0043617D
:0043617F
:00436181
:00436182
:00436183
:00436184
:00436185
:0043618D
:0043618E
:0043618F
40
00B42B4000C82B
40
0010
2C40
0008
54
4D
6F
6E
69746F728D4000D8
61
43
000000000000000000
inc eax
inc eax
sub al, 40
push esp
dec ebp
outsd
outsb
imul esi, dword ptr [edi+2*ebp+72], D800408D
popad
inc ebx
BYTE 9 DUP(0)
:00436198 08624300
:0043619C 28624300
DWORD 00436208
DWORD 00436228
:004361A0 00000000000000000000
:004361AA 0000
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:004361AC
:004361AF
:004361B6
:004361B7
:004361BA
:004361BB
:004361BE
:004361BF
:004361C1
1A6243
008C000000A8BE
40
00681C
41
00342E
40
0038
2E
sbb ah, byte

add byte ptr
inc eax
add byte ptr
inc ecx
add byte ptr
inc eax
add byte ptr
BYTE 02eh
:004361C2
:004361C3
:004361C6
:004361C7
:004361C9
40
003C2E
40
0030
2E
inc eax
inc eax
BYTE 02eh
:004361CA
:004361CB
:004361D2
:004361D3
:004361DA
:004361DB
:004361DD
:004361DE
:004361DF
40
00B42B4000C82B
40
001CCD43000CD3
40
00D4
17
41
0008
inc
add
inc
add
inc
add
pop
inc
add
ptr [edx+43]
[eax+eax-41580000], cl
[eax+1C], ch
[esi+ebp], dh
[eax], bh
eax
eax
byte ptr [8*ecx+D30C0043], bl
eax
ah, dl
ss
ecx
byte ptr [eax], cl
:004361E1
:004361E4
:004361E6
:004361E7
:004361EA
:004361EB
:004361F2
:004361F3
:004361F9
:004361FC
:00436201
:00436203
:00436207
:00436209
D24000
A818
41
006817
41
00B4184100E019
41
00801C4100C4
184100
BC18410088
1C41
004CCB43
000E
0000000000

test al, 18
inc ecx
inc ecx
inc ecx
mov esp, 88004118
sbb al, 41
add byte ptr [ebx+8*ecx+43], cl
BYTE 5 DUP(0)
:0043620E
:00436210
:00436212
:00436214
:00436215
:00436218
:0043621A
:0043621B
:0043621C
:0043621D
:00436220
0100
0000
7C10
40
002C00
0000
07
54
53
637265
65

jl 00436224
inc eax
pop es
push esp
push ebx
BYTE 065h
:00436221 6E
:00436222 8BC0
outsb
mov eax, eax

|:00436212(C)
|
:00436224 286243
sub byte ptr [edx+43], ah
:00436227 0007
:00436229 07
pop es
:0043622A 54
push esp
:0043622B 53
push ebx
:0043622C 637265
:0043622F 65
BYTE 065h
:00436230
:00436231
:00436234
:0043623A
:00436240
6E
D86143
00A0BF400002
0005466F726D
7300
|:00436240(C)
|
:00436242 009048624300
:00436248 0E
:00436249 09544869
:0043624D 6E
:0043624E 7449
:00436250 6E
:00436251 666F
outsb
fsub dword ptr [ecx+43]
jnb 00436242
push cs
or dword ptr [eax+2*ecx+69], edx
outsb
je 00436299
outsb
outsw
:00436253 40
:00436254 000000
inc eax
BYTE 3 DUP(0)
:00436257
:00436259
:0043625B
:0043625D
:0043625E
:00436260
0100
0000
7C10
40
0038
000000

jl 0043626D
inc eax
BYTE 3 DUP(0)
:00436263
:00436264
:00436266
:00436267
90
B062
43
000000000000000000
nop
mov al, 62
inc ebx
BYTE 9 DUP(0)
:00436270 E0624300
:00436274 14634300
DWORD 004362E0
DWORD 00436314
:00436278 00000000000000000000
:00436282 0000
BYTE 10 DUP(0)
BYTE 2 DUP(0)
:00436284
:00436287
:00436289
:0043628B
:00436291
:00436293
:00436296
:00436297
add
add
add
add
sbb
add
inc
add
026343
0020
0100
00A8BE400068
1C41
00342E
40
0038
ah, byte ptr [ebx+43]

byte ptr [eax], ah
byte ptr [eax+680040BE], ch
al, 41
eax
byte ptr [eax], bh

|:0043624E(C)
|
:00436299 2E
BYTE 02eh
:0043629A 40
inc eax
:0043629B 003C2E
:0043629E 40
inc eax
:0043629F 0030
:004362A1 2E
BYTE 02eh
:004362A2
:004362A3
:004362AA
:004362AB
:004362AE
:004362AF
:004362B2
:004362B3
:004362B5
:004362B6
:004362B7
:004362B9
:004362BC
40
00B42B4000C82B
40
000CDC
43
000CD3
40
00D4
17
41
0008
D24000
A818
inc eax
add byte ptr
inc eax
add byte ptr
inc ebx
add byte ptr
inc eax
add ah, dl
pop ss
inc ecx
add byte ptr
rol byte ptr
test al, 18
[esp+8*ebx], cl
[ebx+8*edx], cl
[eax], cl
[eax+00], cl
:004362BE
:004362BF
:004362C2
:004362C3
:004362CA
:004362CB
:004362D1
:004362D4
:004362D9
:004362DB
:004362DE
:004362DF
:004362E1
41
006817
41
00B4184100E019
41
00801C4100C4
184100
BC18410088
1C41
0078DA
43
000E
0000000000
inc ecx
inc ecx
inc ecx
mov esp, 88004118
sbb al, 41
inc ebx
BYTE 5 DUP(0)
:004362E6
:004362E8
:004362EA
:004362EC
:004362ED
:004362EF
0300
0000
7C10
40
0038
000000

jl 004362FC
inc eax
BYTE 3 DUP(0)
:004362F2
:004362F4
:004362F5
:004362F8
:004362FA
7C10
40
003C00
0000
7C10
jl 00436304
inc eax
jl 0043630C
|:004362EA(C)
|
:004362FC 40
:004362FD 00740000
:00436301 000C54
|:004362F2(C)
|
:00436304 41
:00436305 7070
:00436307 6C
:00436308 69636174696F6E
:0043630F 90
:00436310 1463
:00436312 43
:00436313 0007
:00436315 0C54
:00436317 41
:00436318 7070
:0043631A 6C
:0043631B 69636174696F6E
:00436322 B062
:00436324 43
:00436325 00A0BF400002
:0043632B 0005466F726D
:00436331 7300
inc eax
inc ecx
jo 00436377
insb
imul esp, dword ptr [ebx+61], 6E6F6974
nop
adc al, 63
inc ebx
or al, 54
inc ecx
jo 0043638A
insb
mov al, 62
inc ebx
jnb 00436333

|:00436331(C)
|
:00436333 00
BYTE 00h

|:00439553
|
:00436334 53
push ebx
:00436335 56
push esi
:00436336 8BDA
mov ebx, edx
:00436338 8BF0
mov esi, eax
:0043633A 85F6
test esi, esi
:0043633C 743D
je 0043637B
:0043633E 6AEC
push FFFFFFEC
:00436340 56
push esi
|
:00436341 E8FAFEFCFF
Call 00406240
:00436346 84DB
test bl, bl
:00436348 740C
je 00436356
:0043634A F6C402
test ah, 02
:0043634D 752C
jne 0043637B
:0043634F 0D00020000
or eax, 00000200
:00436354 EB0A
jmp 00436360
|:00436348(C)
|
:00436356 F6C402
:00436359 7420
:0043635B 25FFFDFFFF

test ah, 02
je 0043637B
and eax, FFFFFDFF

|:00436354(U)
|
:00436360 50
push eax
:00436361 6AEC
push FFFFFFEC
:00436363 56
push esi
* Reference To: user32.SetWindowLongA,
|
:00436364 E88F00FDFF
Call
:00436369 6A37
push
:0043636B 6A00
push
:0043636D 6A00
push
:0043636F 6A00
push
:00436371 6A00
push
:00436373 6A00
push
:00436375 56
push
Ord:0000h
004063F8
00000037
00000000
00000000
00000000
00000000
00000000
esi

|
:00436376 E88D00FDFF
Call 00406408
|:0043633C(C), :0043634D(C), :00436359(C)
|
:0043637B 5E
pop esi
:0043637C 5B
pop ebx
:0043637D C3
ret
:0043637E 8BC0
mov eax, eax

|:0043FEDA
|
:00436380 A1A4374400
:00436385 8B4024
:00436388 85C0
test eax, eax
|:00436318(C)
|
:0043638A 7408
je 00436394
:0043638C 6A00
push 00000000
:0043638E 50
push eax
* Reference To: user32.ShowOwnedPopups, Ord:0000h
|
:0043638F E89C00FDFF
Call 00406430
|:0043638A(C)
|
:00436394 33D2
:00436396 A1A4374400
:0043639B E8C48E0000
:004363A0 A1A4374400
:004363A5 E886B3FDFF
:004363AA A1A4374400
:004363AF E850B3FDFF
:004363B4 C3
:004363B5
:004363B8
:004363B9
:004363BB
:004363BC
:004363BF
:004363C5
:004363C7

push ebp
mov ebp, esp
push ebx
je 004363FD
push ebx
8D4000
55
8BEC
53
8B5D08
3B1D40284400
7436
53
xor edx, edx

call 0043F264
call 00411730
call 00411704
ret

|
:004363C8 E8F3FEFCFF
Call 004062C0
:004363CD 85C0
test eax, eax
:004363CF 742C
je 004363FD
:004363D1 53
push ebx
|
:004363D2 E8E1FEFCFF
Call 004062B8
:004363D7 85C0
test eax, eax
:004363D9 7422
je 004363FD
:004363DB B808000000
mov eax, 00000008
:004363E0 E8AFC2FCFF
call 00402694
:004363E5 8B154C284400
:004363EB
:004363ED
:004363F0
:004363F5
:004363F7
8910
895804
A34C284400
6A00
53

push 00000000
push ebx

|
:004363F8 E8D3FCFCFF
Call 004060D0
|:004363C5(C), :004363CF(C), :004363D9(C)
|
:004363FD 83C8FF
or eax, FFFFFFFF
:00436400 5B
pop ebx
:00436401 5D
pop ebp
:00436402 C20800
ret 0008
:00436405 8D4000

|:0043C01F , :0043E4A1 , :0043EFA0
|
:00436408 55
push ebp
:00436409 8BEC
mov ebp, esp
:0043640B 83C4F4
add esp, FFFFFFF4
:0043640E 53
push ebx
:0043640F 56
push esi
:00436410 57
push edi
:00436411 33D2
xor edx, edx
:00436413 8955FC
:00436416 8B1540284400
:0043641C 8955F8
:0043641F 8B154C284400
:00436425 8955F4
:00436428 A340284400
:0043642D 33C0
xor eax, eax
:0043642F A34C284400
:00436434 33C0
xor eax, eax
:00436436 55
push ebp
:00436437 68AB644300
push 004364AB
:0043643C 64FF30
:0043643F 648920
:00436442 33C0
xor eax, eax
:00436444 55
push ebp
:00436445 6874644300
push 00436474
:0043644A 64FF30
:0043644D 648920
:00436450 6A00
push 00000000
:00436452 68B8634300
push 004363B8
|
:00436457 E83CF8FCFF
Call 00405C98
:0043645C 50
push eax
|
:0043645D E87EFCFCFF
Call 004060E0
:00436462
:00436467
:0043646A
:0043646C
:0043646D
:0043646E
:0043646F
:00436472
:00436474
:00436479
:0043647E
:00436483
:00436488
A14C284400
8945FC
33C0
5A
59
59
648910
EB19
E9F7CBFCFF
A14C284400
E839000000
E844CEFCFF
E893CEFCFF

xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0043648D
jmp 00403070
call 004364BC
call 004032CC
call 00403320
|:00436472(U)
|
:0043648D 33C0
:0043648F 5A
:00436490 59
:00436491 59
:00436492 648910
:00436495 68B2644300
|:004364B0(U)
|
:0043649A 8B45F4
:0043649D A34C284400
:004364A2 8B45F8
:004364A5 A340284400
:004364AA C3

mov
mov
mov
mov
ret

:004364AB
:004364B0
:004364B2
:004364B5
:004364B6
:004364B7
:004364B8
:004364BA
:004364BB
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
00403278
0043649A
edi
esi
ebx
esp, ebp
ebp
E9C8CDFCFF
EBE8
8B45FC
5F
5E
5B
8BE5
5D
C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 004364B2

|:0043647E , :0043C137 , :0043E46C , :0043F02A
|
:004364BC 53
push ebx
:004364BD 56
push esi
:004364BE 8BF0
mov esi, eax
:004364C0 85F6
test esi, esi
:004364C2 742C
je 004364F0
|:004364EE(C)
|
:004364C4 8BDE
mov ebx, esi
:004364C6 8B4304
:004364C9 50
push eax

|
:004364CA E8E1FDFCFF
Call 004062B0
:004364CF 85C0
test eax, eax
:004364D1 740B
je 004364DE
:004364D3 6AFF
push FFFFFFFF
:004364D5 8B4304
:004364D8 50
push eax
|
:004364D9 E8F2FBFCFF
Call 004060D0
|:004364D1(C)
|
:004364DE 8B33
:004364E0 BA08000000
:004364E5 8BC3
:004364E7 E8C0C1FCFF
:004364EC 85F6
:004364EE 75D4

mov edx, 00000008
mov eax, ebx
call 004026AC
test esi, esi
jne 004364C4

|:004364C2(C)
|
:004364F0 5E
pop esi
:004364F1 5B
pop ebx
:004364F2 C3
ret
:004364F3
:004364F4
:004364F5
:004364F7
:004364F8
:004364FB
:00436501
:00436503
:00436508
:0043650B
:0043650D
90
55
8BEC
53
8B5D08
3B1D40284400
744A
A1A4374400
3B5824
7440
53
nop
push ebp
mov ebp, esp
push ebx
mov ebx, dword
cmp ebx, dword
je 0043654D
mov eax, dword
cmp ebx, dword
je 0043654D
push ebx
ptr [ebp+08]
ptr [00442840]

|
:0043650E E8ADFDFCFF
Call 004062C0
:00436513 85C0
test eax, eax
:00436515 7436
je 0043654D
:00436517 53
push ebx
ptr [004437A4]
ptr [eax+24]

|
:00436518 E89BFDFCFF
Call 004062B8
:0043651D 85C0
test eax, eax
:0043651F 742C
je 0043654D
:00436521 6AEC
push FFFFFFEC
:00436523 53
push ebx

|
:00436524 E817FDFCFF
Call 00406240
:00436529 A808
test al, 08
:0043652B 7511
jne 0043653E
:0043652D 833D4428440000
cmp dword ptr [00442844], 00000000
:00436534 7517
jne 0043654D
:00436536 891D44284400
:0043653C EB0F
jmp 0043654D
|:0043652B(C)
|
:0043653E 833D4828440000
:00436545 7506
:00436547 891D48284400

cmp dword ptr [00442848], 00000000
jne 0043654D

|:00436501(C), :0043650B(C), :00436515(C), :0043651F(C), :00436534(C)
|:0043653C(U), :00436545(C)
|
:0043654D 83C8FF
or eax, FFFFFFFF
:00436550 5B
pop ebx
:00436551 5D
pop ebp
:00436552 C20800
ret 0008
:00436555 8D4000

|:0043BB51 , :0043E701
|
:00436558 A340284400
:0043655D 33C0
xor eax, eax
:0043655F A344284400
:00436564 33C0
xor eax, eax
:00436566 A348284400
:0043656B 6A00
push 00000000
:0043656D 68F4644300
push 004364F4
|
:00436572 E821F7FCFF
Call 00405C98
:00436577 50
push eax
|
:00436578 E863FBFCFF
Call 004060E0
:0043657D 833D4428440000
cmp dword ptr [00442844], 00000000
:00436584 7406
je 0043658C
:00436586 A144284400
:0043658B C3
ret

|:00436584(C)
|
:0043658C A148284400
:00436591 C3
ret
:00436592 8BC0
mov eax, eax

|:0043A7B0 , :0043A7D6 , :0043A82B , :0043A87B
|
:00436594 53
push ebx
:00436595 8B1D3C284400
mov ebx, dword ptr [0044283C]
:0043659B 6A00
push 00000000
:0043659D 6A00
push 00000000
:0043659F 0FB7D2
movzx edx, dx
:004365A2 52
push edx
:004365A3 50
push eax
|
:004365A4 E8DFFDFCFF
Call 00406388
:004365A9 3B1D3C284400
cmp ebx, dword ptr [0044283C]
:004365AF 0F94C0
sete al
:004365B2 5B
pop ebx
:004365B3 C3
ret
:004365B4
:004365B5
:004365B7
:004365B8
:004365BB
:004365BE
:004365C0
:004365C2
:004365C5
:004365C7
:004365C9
55
8BEC
53
8B450C
83CAFF
8BC8
8B19
3B5D08
7506
33D2
C6410401
push ebp
mov ebp, esp
push ebx
or edx, FFFFFFFF
mov ecx, eax
cmp ebx, dword ptr [ebp+08]
jne 004365CD
xor edx, edx
mov [ecx+04], 01

|:004365C5(C)
|
:004365CD 8BC2
mov eax, edx
:004365CF 5B
pop ebx
:004365D0 5D
pop ebp
:004365D1 C20800
ret 0008

|:0043FA91
|
:004365D4 83C4F8
add esp, FFFFFFF8
|
:004365D7 E834FBFCFF
Call 00406110
:004365DC 890424
:004365DF C644240400
mov [esp+04], 00
:004365E4 8BC4
mov eax, esp
:004365E6 50
push eax
:004365E7 68B4654300
push 004365B4

|
:004365EC E8A7F6FCFF
Call 00405C98
:004365F1 50
push eax
|
:004365F2 E8E9FAFCFF
Call 004060E0
:004365F7 8A442404
:004365FB 59
pop ecx
:004365FC 5A
pop edx
:004365FD C3
ret
:004365FE
:00436600
:00436601
:00436602
:00436603
:00436604
:00436606
:0043660B
:00436610
:00436612
:00436613
:00436615
:00436617
:00436618
8BC0
53
56
57
55
8BE8
A1A8374400
E830680000
8BD8
4B
85DB
7C23
43
33FF
mov eax, eax

push ebx
push esi
push edi
push ebp
mov ebp, eax
call 0043CE40
mov ebx, eax
dec ebx
test ebx, ebx
jl 0043663A
inc ebx
xor edi, edi
|:00436638(C)
|
:0043661A 8BD7
:0043661C A1A8374400
:00436621 E806680000
:00436626 8BF0
:00436628 8B5608
:0043662B 8BC5
:0043662D E8BA0EFDFF
:00436632 85C0
:00436634 743A
:00436636 47
:00436637 4B
:00436638 75E0
|:00436615(C)
|
:0043663A A1A8374400
:0043663F E8E06B0000
:00436644 8BD8
:00436646 4B
:00436647 85DB
:00436649 7C23
:0043664B 43
:0043664C 33FF
mov edx, edi

call 0043CE2C
mov esi, eax
mov eax, ebp
call 004074EC
test eax, eax
je 00436670
inc edi
dec ebx
jne 0043661A

call 0043D224
mov ebx, eax
dec ebx
test ebx, ebx
jl 0043666E
inc ebx
xor edi, edi

|:0043666C(C)
|
:0043664E
:00436650
:00436655
:0043665A
:0043665C
:0043665F
:00436661
:00436666
:00436668
:0043666A
:0043666B
:0043666C
8BD7
A1A8374400
E8B66B0000
8BF0
8B5608
8BC5
E8860EFDFF
85C0
7406
47
4B
75E0
mov edx, edi

call 0043D210
mov esi, eax
mov eax, ebp
call 004074EC
test eax, eax
je 00436670
inc edi
dec ebx
jne 0043664E

|:00436649(C)
|
:0043666E 33F6
xor esi, esi
|:00436634(C), :00436668(C)
|
:00436670 8BC6
:00436672 5D
:00436673 5F
:00436674 5E
:00436675 5B
:00436676 C3
:00436677 90
nop
mov
pop
pop
pop
pop
ret
eax, esi
ebp
edi
esi
ebx

|:0042D532
|
:00436678 53
push ebx
:00436679 833DB037440000
cmp dword ptr [004437B0], 00000000
:00436680 0F8552010000
jne 004367D8
|
:00436686 E85DF6FCFF
Call 00405CE8
:0043668B 8BD8
mov ebx, eax
:0043668D 80FB04
cmp bl, 04
:00436690 732F
jnb 004366C1
:00436692 8BC3
mov eax, ebx
:00436694 E80BFEFCFF
call 004064A4
:00436699 3C59
cmp al, 59
:0043669B 7324
jnb 004366C1
:0043669D 6800800000
push 00008000
|
:004366A2 E8D1F6FCFF
Call 00405D78
:004366A7 8BD8
mov ebx, eax
* Possible StringData Ref from Code Obj ->"CTL3D32.DLL"
|
:004366A9 68DC674300
push 004367DC
:004366AE
:004366B3
:004366B8
:004366BB
E895F6FCFF
A3B0374400
0FB7C3
50
|
Call 00405D48
movzx eax, bx
push eax

|
:004366BC E8B7F6FCFF
Call 00405D78
|:00436690(C), :0043669B(C)
|
:004366C1 833DB037440000
:004366C8 750F
:004366CA C705B0374400FFFFFFFF
:004366D4 E9FF000000

cmp
jne
mov
jmp
dword ptr [004437B0], 00000000

004366D9
dword ptr [004437B0], FFFFFFFF
004367D8

|:004366C8(C)
|
* Possible StringData Ref from Code Obj ->"Ctl3dRegister"
|
:004366D9 68E8674300
push 004367E8
:004366DE A1B0374400
:004366E3 50
push eax
|
:004366E4 E8DFF5FCFF
Call 00405CC8
:004366E9 A3B4374400
:004366EE A1E02B4400
:004366F3 8B00
:004366F5 50
push eax
:004366F6 FF15B4374400
:004366FC 85C0
test eax, eax
:004366FE 0F84BF000000
je 004367C3
* Possible StringData Ref from Code Obj ->"Ctl3dUnregister"
|
:00436704 68F8674300
push 004367F8
:00436709 A1B0374400
:0043670E 50
push eax
|
:0043670F E8B4F5FCFF
Call 00405CC8
:00436714 A3B8374400
* Possible StringData Ref from Code Obj ->"Ctl3dSubclassCtl"
|
:00436719 6808684300
push 00436808
:0043671E A1B0374400
:00436723 50
push eax
|
:00436724 E89FF5FCFF
Call 00405CC8
:00436729 A3BC374400
mov dword ptr [004437BC], eax
* Possible StringData Ref from Code Obj ->"Ctl3dSubclassDlgEx"

|
:0043672E 681C684300
push 0043681C
:00436733 A1B0374400
:00436738 50
push eax
|
:00436739 E88AF5FCFF
Call 00405CC8
:0043673E A3C0374400
* Possible StringData Ref from Code Obj ->"Ctl3dDlgFramePaint"
|
:00436743 6830684300
push 00436830
:00436748 A1B0374400
:0043674D 50
push eax
|
:0043674E E875F5FCFF
Call 00405CC8
:00436753 A32C284400
* Possible StringData Ref from Code Obj ->"Ctl3dCtlColorEx"
|
:00436758 6844684300
push 00436844
:0043675D A1B0374400
:00436762 50
push eax
|
:00436763 E860F5FCFF
Call 00405CC8
:00436768 A330284400
* Possible StringData Ref from Code Obj ->"Ctl3dAutoSubclass"
|
:0043676D 6854684300
push 00436854
:00436772 A1B0374400
:00436777 50
push eax
|
:00436778 E84BF5FCFF
Call 00405CC8
:0043677D A3C4374400
* Possible StringData Ref from Code Obj ->"Ctl3dUnAutoSubclass"
|
:00436782 6868684300
push 00436868
:00436787 A1B0374400
:0043678C 50
push eax
|
:0043678D E836F5FCFF
Call 00405CC8
:00436792 A3C8374400
* Possible StringData Ref from Code Obj ->"Ctl3DColorChange"
|
:00436797 687C684300
push 0043687C
:0043679C A1B0374400
:004367A1 50
push eax

|
:004367A2 E821F5FCFF
Call 00405CC8
:004367A7 A3CC374400
mov dword ptr [004437CC], eax
* Possible StringData Ref from Code Obj ->"BtnWndProc3d"
|
:004367AC 6890684300
push 00436890
:004367B1 A1B0374400
:004367B6 50
push eax
|
:004367B7 E80CF5FCFF
Call 00405CC8
:004367BC A328284400
:004367C1 EB15
jmp 004367D8
|:004366FE(C)
|
:004367C3 A1B0374400
:004367C8 50
push eax
|
:004367C9 E8AAF4FCFF
Call 00405C78
:004367CE C705B0374400FFFFFFFF
mov dword ptr [004437B0], FFFFFFFF
|:00436680(C), :004366D4(U), :004367C1(U)
|
:004367D8 5B
pop ebx
:004367D9 C3
ret
:004367DA 0000
BYTE 2 DUP(0)
:004367DC
:004367DD
:004367DE
:004367DF
:004367E3
43
54
4C
33443332
2E
inc ebx
push esp
dec esp
xor eax, dword ptr [ebx+esi+32]
BYTE 02eh
:004367E4
:004367E5
:004367E6
:004367E7
:004367EA
:004367EB
:004367EF
:004367F7
:004367FA
:004367FB
:004367FF
:00436801
:00436809
44
4C
4C
004374
6C
33645265
6769737465720000
004374
6C
3364556E
7265
6769737465720043
746C
inc esp
dec esp
dec esp
insb
xor esp, dword ptr [edx+2*edx+65]
imul esi, [bp+di+74], 00007265
insb
xor esp, dword ptr [ebp+2*edx+6E]
jb 00436866
imul esi, [bp+di+74], 43007265
je 00436877
:0043680B
:0043680F
:00436812
:00436813
:00436815
:00436816
:00436818
33645375
62636C
61
7373
43
746C
00000000
xor esp, dword ptr [ebx+2*edx+75]

bound esp, dword ptr [ebx+6C]
popad
jnb 00436888
inc ebx
je 00436884
BYTE 4 DUP(0)
:0043681C
:0043681D
:0043681F
:00436823
:00436826
:00436827
:00436829
:0043682A
:0043682B
:0043682D
43
746C
33645375
62636C
61
7373
44
6C
6745
7800
inc ebx
je 0043688B
xor esp, dword ptr [ebx+2*edx+75]
bound esp, dword ptr [ebx+6C]
popad
jnb 0043689C
inc esp
insb
inc ebp
js 0043682F
|:0043682D(C)
|
:0043682F 004374
:00436832 6C
:00436833 3364446C
:00436837 6746
:00436839 7261
:0043683B 6D
:0043683C 65
:0043683D
:0043683E
:0043683F
:00436846
:00436847
:0043684B
:0043684C
:0043684D
:0043684E
:0043684F
:00436850
:00436852
push eax
popad
insb
xor esp, dword ptr [ebx+2*eax+74]
insb
inc ebx
outsd
insb
outsd
jb 00436897
js 00436854
50
61
696E7400004374
6C
33644374
6C
43
6F
6C
6F
7245
7800
|:00436852(C)
|
:00436854 43
:00436855 746C
:00436857 33644175
:0043685B 746F
:0043685D 53
:0043685E 7562
:00436860 636C6173
:00436864 7300

insb
xor esp, dword ptr [esp+2*eax+6C]
inc esi
jb 0043689C
insd
BYTE 065h

inc ebx
je 004368C3
xor esp, dword ptr [ecx+2*eax+75]
je 004368CC
push ebx
jne 004368C2
arpl dword ptr [ecx+73], ebp
jnb 00436866

|:004367FF(C), :00436864(C)
|
:00436866
:00436868
:00436869
:0043686B
:0043686F
:00436870
:00436872
:00436873
:00436874
:00436876
:0043687A
0000
43
746C
3364556E
41
7574
6F
53
7562
636C6173
7300

inc ebx
je 004368D7
xor esp, dword ptr [ebp+2*edx+6E]
inc ecx
jne 004368E6
outsd
push ebx
jne 004368D8
arpl dword ptr [ecx+73], ebp
jnb 0043687C
|:0043687A(C)
|
:0043687C 43
:0043687D 746C
:0043687F 3344436F
:00436883 6C
|:00436816(C)
|
:00436884 6F
:00436885 7243
:00436887 68616E6765
:0043688C 00000000
:00436890
:00436891
:00436893
:00436894
:00436895
inc edx
je 00436901
push edi
outsb
BYTE 064h
42
746E
57
6E
64
:00436896 50
inc ebx
je 004368EB
xor eax, dword ptr [ebx+2*eax+6F]
insb
outsd
jb 004368CA
push 65676E61
BYTE 4 DUP(0)
push eax

|:00436850(C)
|
:00436897 726F
jb 00436908
:00436899 6333
arpl dword ptr [ebx], esi
:0043689B 64
BYTE 064h

|:00436827(C), :00436839(C)
|
:0043689C 00000000
BYTE 4 DUP(0)
|:0043DCBA
|
:004368A0 833DB037440000
cmp dword ptr [004437B0], 00000000
:004368A7 7422
je 004368CB
:004368A9 833DB0374400FF
cmp dword ptr [004437B0], FFFFFFFF
:004368B0 7419
je 004368CB
:004368B2 A1E02B4400
:004368B7
:004368B9
:004368BA
:004368C0
:004368C5
8B00
50
FF15B8374400
A1B0374400
50

push eax
push eax

|
:004368C6 E8ADF3FCFF
Call 00405C78
|:004368A7(C), :004368B0(C)
|
:004368CB C3
ret
|:0043685B(C)
|
:004368CC 55
push ebp
:004368CD 8BEC
mov ebp, esp
:004368CF 31C0
xor eax, eax
:004368D1 50
push eax
:004368D2 FF7514
push [ebp+14]
:004368D5 FF7510
push [ebp+10]
|:00436874(C)
|
:004368D8 FF750C
push [ebp+0C]
:004368DB 89E2
mov edx, esp
:004368DD 8B4104
:004368E0 FF11
:004368E2 83C40C
add esp, 0000000C
:004368E5 58
pop eax
|:00436870(C)
|
:004368E6 5D
pop ebp
:004368E7 C21000
ret 0010
:004368EA 8BC0
mov eax, eax

|:0043693A , :0043694D
|
:004368EC 83C005
add eax, 00000005
:004368EF 2BD0
sub edx, eax
:004368F1 8BC2
mov eax, edx
:004368F3 C3
ret

|:00425296 , :00436A4E , :0043A380 , :0043DD29
|
:004368F4 55
push ebp
:004368F5 8BEC
mov ebp, esp
:004368F7 53
push ebx
:004368F8
:004368F9
:004368FA
:004368FF
:00436902
:00436904
:00436906
:0043690B
:00436910
56
57
BFD4374400
833F00
756C
6A40
6800100000
6800100000
6A00
push esi
push edi
mov edi, 004437D4
jne 00436970
push 00000040
push 00001000
push 00001000
push 00000000

|
:00436912 E891F4FCFF
Call 00405DA8
:00436917 8BF0
mov esi, eax
:00436919 A1D0374400
:0043691E 8906
:00436920 8D5604
* Possible StringData Ref from Data Obj ->"Y"
|
:00436923 B850284400
mov eax, 00442850
:00436928 B902000000
mov ecx, 00000002
:0043692D E87ABEFCFF
call 004027AC
:00436932 BACC684300
mov edx, 004368CC
:00436937 8D4605
:0043693A E8ADFFFFFF
call 004368EC
:0043693F 894606
:00436942 8D5E0A
lea ebx, dword ptr [esi+0A]
|:00436968(C)
|
:00436945 C603E8
:00436948 8D5604
:0043694B 8BC3
:0043694D E89AFFFFFF
:00436952 894301
:00436955 8B07
:00436957 894305
:0043695A 891F
:0043695C 83C30D
:0043695F 8BC3
:00436961 2BC6
:00436963 3DFC0F0000
:00436968 7CDB
:0043696A 8935D0374400

mov byte ptr [ebx], E8
mov eax, ebx
call 004368EC
mov dword ptr [edi], ebx
add ebx, 0000000D
mov eax, ebx
sub eax, esi
cmp eax, 00000FFC
jl 00436945
mov dword ptr [004437D0], esi

|:00436902(C)
|
:00436970 8B07
:00436972 8B1F
:00436974 8B5305
:00436977 8917
:00436979 8B5508
:0043697C 895305
:0043697F 8B550C
:00436982 895309
:00436985 5F
pop edi
:00436986 5E
pop esi
:00436987 5B
:00436988 5D
:00436989 C20800
pop ebx
pop ebp
ret 0008

|:00425402 , :00436A8A , :0043DCB5
|
:0043698C 85C0
test eax, eax
:0043698E 740E
je 0043699E
:00436990 8B15D4374400
:00436996 895005
:00436999 A3D4374400
|:0043698E(C)
|
:0043699E C3
:0043699F 90
:004369A0 54
:004369A1 50
:004369A2 55
:004369A3 7469
:004369A5 6C
:004369A6 57
:004369A7 696E646F770000
:004369AE 0000

ret
nop
push esp
push eax
push ebp
je 00436A0E
insb
push edi

|:0042098B , :00433CB6
|
:004369B0 55
push ebp
:004369B1 8BEC
mov ebp, esp
:004369B3 83C4D8
add esp, FFFFFFD8
:004369B6 53
push ebx
:004369B7 A1E02B4400
:004369BC 8B00
:004369BE A364284400
:004369C3 8D45D8
:004369C6 50
push eax
* Possible StringData Ref from Code Obj ->"TPUtilWindow"
|
:004369C7 A178284400
:004369CC 50
push eax
:004369CD A1E02B4400
:004369D2 8B00
:004369D4 50
push eax
|
:004369D5 E846F7FCFF
Call 00406120
:004369DA F7D8
neg eax
:004369DC 1BC0
sbb eax, eax
:004369DE F7D8
neg eax
:004369E0 84C0
test al, al
:004369E2 740A
je 004369EE
:004369E4 BA60604000
mov edx, 00406060
:004369E9 3B55DC
:004369EC 7421
je 00436A0F
|:004369E2(C)
|
:004369EE 84C0
:004369F0 7413
:004369F2 A1E02B4400
:004369F7 8B00
:004369F9 50

test al, al
je 00436A05
push eax

|
:004369FA A178284400
:004369FF 50
push eax
|
:00436A00 E86BFAFCFF
Call 00406470
|:004369F0(C)
|
:00436A05 6854284400
push 00442854
|
:00436A0A E831F9FCFF
Call 00406340
|:004369EC(C)
|
:00436A0F 6A00
:00436A11 A1E02B4400
:00436A16 8B00
:00436A18 50
:00436A19 6A00
:00436A1B 6A00
:00436A1D 6A00
:00436A1F 6A00
:00436A21 6A00
:00436A23 6A00
:00436A25 6800000080
:00436A2A 68686A4300

push 00000000
push eax
push 00000000
push 00000000
push 00000000
push 00000000
push 00000000
push 00000000
push 80000000
push 00436A68

|
:00436A2F A178284400
:00436A34 50
push eax
:00436A35 6880000000
push 00000080
|
:00436A3A E809F6FCFF
Call 00406048
:00436A3F 8BD8
mov ebx, eax
:00436A41 66837D0A00
cmp word ptr [ebp+0A], 0000
:00436A46 7414
je 00436A5C
:00436A48 FF750C
push [ebp+0C]
:00436A4B FF7508
push [ebp+08]
:00436A4E E8A1FEFFFF
call 004368F4
:00436A53 50
:00436A54 6AFC
:00436A56 53
push eax
push FFFFFFFC
push ebx

|
:00436A57 E89CF9FCFF
Call 004063F8
|:00436A46(C)
|
:00436A5C 8BC3
mov eax, ebx
:00436A5E 5B
pop ebx
:00436A5F 8BE5
mov esp, ebp
:00436A61 5D
pop ebp
:00436A62 C20800
ret 0008
:00436A65 00000000000000
BYTE 7 DUP(0)

|:004209D6 , :00433CDF
|
:00436A6C 53
push ebx
:00436A6D 56
push esi
:00436A6E 8BF0
mov esi, eax
:00436A70 6AFC
push FFFFFFFC
:00436A72 56
push esi
|
:00436A73 E8C8F7FCFF
Call 00406240
:00436A78 8BD8
mov ebx, eax
:00436A7A 56
push esi
|
:00436A7B E808F6FCFF
Call 00406088
:00436A80 81FB60604000
cmp ebx, 00406060
:00436A86 7407
je 00436A8F
:00436A88 8BC3
mov eax, ebx
:00436A8A E8FDFEFFFF
call 0043698C
|:00436A86(C)
|
:00436A8F 5E
pop esi
:00436A90 5B
pop ebx
:00436A91 C3
ret
:00436A92 8BC0
mov eax, eax

|:004245A2 , :00424883 , :004248F7 , :00427E6F
|
:00436A94 53
push ebx
:00436A95 56
push esi
:00436A96
:00436A98
:00436A9E
:00436AA3
:00436AA5
8BF0
8A1DE46A4300
66F7C60400
7403
80CB01
mov esi, eax

mov bl, byte ptr [00436AE4]
test si, 0004
je 00436AA8
or bl, 01
|:00436AA3(C)
|
:00436AA8 66F7C60800
:00436AAD 7403
:00436AAF 80CB04
|:00436AAD(C)
|
:00436AB2 66F7C60100
:00436AB7 7403
:00436AB9 80CB08
|:00436AB7(C)
|
:00436ABC 66F7C60200
:00436AC1 7403
:00436AC3 80CB10
|:00436AC1(C)
|
:00436AC6 66F7C61000
:00436ACB 7403
:00436ACD 80CB20
test si, 0008

je 00436AB2
or bl, 04
test si, 0001

je 00436ABC
or bl, 08
test si, 0002

je 00436AC6
or bl, 10
test si, 0010

je 00436AD0
or bl, 20

|:00436ACB(C)
|
:00436AD0 6A12
push 00000012
|
:00436AD2 E8A9F6FCFF
Call 00406180
:00436AD7 6685C0
test ax, ax
:00436ADA 7D03
jge 00436ADF
:00436ADC 80CB02
or bl, 02
|:00436ADA(C)
|
:00436ADF 8BC3
mov eax, ebx
:00436AE1 5E
pop esi
:00436AE2 5B
pop ebx
:00436AE3 C3
ret
:00436AE4 00000000
BYTE 4 DUP(0)
|:0041E56D , :00427BF6
|
:00436AE8 53
:00436AE9 56
:00436AEA 8BF0
:00436AEC 8A1D206B4300
:00436AF2 6A10
, :00427CC6
, :0042DE18
push ebx
push esi
mov esi, eax
mov bl, byte ptr [00436B20]
push 00000010

|
:00436AF4 E887F6FCFF
Call 00406180
:00436AF9 6685C0
test ax, ax
:00436AFC 7D03
jge 00436B01
:00436AFE 80CB01
or bl, 01
|:00436AFC(C)
|
:00436B01 6A11
push 00000011
|
:00436B03 E878F6FCFF
Call 00406180
:00436B08 6685C0
test ax, ax
:00436B0B 7D03
jge 00436B10
:00436B0D 80CB04
or bl, 04
|:00436B0B(C)
|
:00436B10 F7C600000020
:00436B16 7403
:00436B18 80CB02

test esi, 20000000
je 00436B1B
or bl, 02

|:00436B16(C)
|
:00436B1B 8BC3
mov eax, ebx
:00436B1D 5E
pop esi
:00436B1E 5B
pop ebx
:00436B1F C3
ret
:00436B20 00000000
BYTE 4 DUP(0)

|:00426B58
|
:00436B24 53
push ebx
:00436B25 56
push esi
:00436B26 8BF0
mov esi, eax
:00436B28 8A1D6C6B4300
mov bl, byte ptr [00436B6C]
:00436B2E 807E1000
:00436B32 7403
je 00436B37
:00436B34 80CB01
or bl, 01
|:00436B32(C)
|
:00436B37 807E1100
:00436B3B 7403
:00436B3D 80CB04

je 00436B40
or bl, 04
|:00436B3B(C)
|
:00436B40 807E1200
:00436B44 7403
:00436B46 80CB02
|:00436B44(C)
|
:00436B49 807E0100
:00436B4D 7403
:00436B4F 80CB08
|:00436B4D(C)
|
:00436B52 807E0200
:00436B56 7403
:00436B58 80CB10
|:00436B56(C)
|
:00436B5B 807E0400
:00436B5F 7403
:00436B61 80CB20

je 00436B49
or bl, 02

je 00436B52
or bl, 08

je 00436B5B
or bl, 10

je 00436B64
or bl, 20

|:00436B5F(C)
|
:00436B64 8BC3
mov eax, ebx
:00436B66 5E
pop esi
:00436B67 5B
pop ebx
:00436B68 C3
ret
:00436B69 00000000000000
BYTE 7 DUP(0)

|:0041D857 , :0041E5D6 , :004331D8
|
:00436B70 55
push ebp
:00436B71 8BEC
mov ebp, esp
:00436B73 6A00
push 00000000
:00436B75 6A00
push 00000000
:00436B77 53
push ebx
:00436B78 56
push esi
:00436B79 57
push edi
:00436B7A 8BF2
mov esi, edx
:00436B7C 8BF8
mov edi, eax
:00436B7E 33C0
xor eax, eax
:00436B80 55
push ebp
:00436B81
:00436B86
:00436B89
:00436B8C
:00436B8E
:00436B93
:00436B98
:00436B9A
:00436B9C
:00436B9E
:00436BA0
:00436BA5
:00436BA7
:00436BA9
:00436BAC
:00436BAE
:00436BB3
:00436BB6
:00436BB7
:00436BBA
:00436BBD
:00436BC2
:00436BC5
:00436BC6
:00436BCB
:00436BCD
68F26B4300
64FF30
648920
8BD6
B80C6C4300
E828D1FCFF
8BD8
85DB
7431
8BC6
E88FCEFCFF
3BD8
7D26
8D45FC
8BD7
E8A9CDFCFF
8B45FC
50
8D45F8
8A141E
E89ACDFCFF
8B45F8
5A
E8A909FDFF
85C0
7404
push 00436BF2
mov edx, esi
mov eax, 00436C0C
call 00403CC0
mov ebx, eax
test ebx, ebx
je 00436BCF
mov eax, esi
call 00403A34
cmp ebx, eax
jge 00436BCF
mov edx, edi
call 0040395C
push eax
mov dl, byte ptr [esi+ebx]
call 0040395C
pop edx
call 00407574
test eax, eax
je 00436BD3

|:00436B9C(C), :00436BA7(C)
|
:00436BCF 33C0
xor eax, eax
:00436BD1 EB02
jmp 00436BD5
|:00436BCD(C)
|
:00436BD3 B001
mov al, 01
|:00436BD1(U)
|
:00436BD5 8BD8
:00436BD7 33C0
:00436BD9 5A
:00436BDA 59
:00436BDB 59
:00436BDC 648910
:00436BDF 68F96B4300
|:00436BF7(U)
|
:00436BE4 8D45F8
:00436BE7 BA02000000
:00436BEC E8EBCBFCFF
:00436BF1 C3
:00436BF2 E981C6FCFF
:00436BF7 EBEB
jmp 00403278
jmp 00436BE4
mov ebx, eax

xor eax, eax
pop edx
pop ecx
pop ecx
push 00436BF9

mov edx, 00000002
call 004037DC
ret
:00436BF9
:00436BFB
:00436BFC
:00436BFD
:00436BFE
:00436BFF
:00436C00
:00436C01
8BC3
5F
5E
5B
59
59
5D
C3
mov
pop
pop
pop
pop
pop
pop
ret
eax, ebx
edi
esi
ebx
ecx
ecx
ebp
:00436C02 0000
BYTE 2 DUP(0)
:00436C04 FFFFFFFF
BYTE 4 DUP(0ffh)
:00436C08 0100
:00436C0A 0000
:00436C0C 26

BYTE 026h
:00436C0D 000000
BYTE 3 DUP(0)
|:0041E431 , :0041E4BE
|:00425E50 , :00426A28
|:00427D8A , :00427EA1
|:0042886D , :004288C7
|:00436C57 , :004374D4
|
:00436C10 53
:00436C11 8BD8
:00436C13 EB02
Addresses:
, :00421B1C
, :00427ACB
, :0042813C
, :00428901
, :0043A5B3
,
,
,
,
,
:00424287
:00427BCE
:004286D3
:00428E4B
:0044070E
,
,
,
,
:004242D1
:00427C9E
:004287CA
:00428E85
push ebx
mov ebx, eax
jmp 00436C17

|:00436C1C(C)
|
:00436C15 8BD8
mov ebx, eax
|:00436C13(U)
|
:00436C17 8B4324
:00436C1A 85C0
:00436C1C 75F7
:00436C1E 8BC3
:00436C20 8B153C504300
:00436C26 E865C1FCFF
:00436C2B 84C0
:00436C2D 7404
:00436C2F 8BC3
:00436C31 5B
:00436C32 C3

test eax, eax
jne 00436C15
mov eax, ebx
call 00402D90
test al, al
je 00436C33
mov eax, ebx
pop ebx
ret

|:00436C2D(C)
|
:00436C33 33C0
:00436C35 5B
:00436C36 C3
xor eax, eax

pop ebx
ret
:00436C37 90
nop

|:0042345C , :00428EB1
|
:00436C38 55
push ebp
:00436C39 8BEC
mov ebp, esp
:00436C3B 83C4F4
add esp, FFFFFFF4
:00436C3E 53
push ebx
:00436C3F 56
push esi
:00436C40 33D2
xor edx, edx
:00436C42 8955F4
:00436C45 8BF0
mov esi, eax
:00436C47 33C0
xor eax, eax
:00436C49 55
push ebp
:00436C4A 68A96C4300
push 00436CA9
:00436C4F 64FF30
:00436C52 648920
:00436C55 8BC6
mov eax, esi
:00436C57 E8B4FFFFFF
call 00436C10
:00436C5C 8BD8
mov ebx, eax
:00436C5E 85DB
test ebx, ebx
:00436C60 7531
jne 00436C93
:00436C62 8B4608
:00436C65 8945F8
:00436C68 C645FC0B
mov [ebp-04], 0B
:00436C6C 8D45F8
:00436C6F 50
push eax
:00436C70 6A00
push 00000000
:00436C72 8D55F4
:00436C75 A1582C4400
:00436C7A E8A5E1FCFF
call 00404E24
:00436C7F 8B4DF4
:00436C82 B201
mov dl, 01
:00436C84 A1F4B44000
:00436C89 E81A1CFDFF
call 004088A8
:00436C8E E81DC6FCFF
call 004032B0
|:00436C60(C)
|
:00436C93 33C0
:00436C95 5A
:00436C96 59
:00436C97 59
:00436C98 648910
:00436C9B 68B06C4300
|:00436CAE(U)
|
:00436CA0 8D45F4
:00436CA3 E810CBFCFF
:00436CA8 C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 00436CB0

call 004037B8
ret
:00436CA9
:00436CAE
:00436CB0
:00436CB2
:00436CB3
:00436CB4
:00436CB6
:00436CB7
E9CAC5FCFF
EBF0
8BC3
5E
5B
8BE5
5D
C3
jmp
jmp
mov
pop
pop
mov
pop
ret
00403278
00436CA0
eax, ebx
esi
ebx
esp, ebp
ebp

|:004377FE , :00437814
|
:00436CB8 55
push ebp
:00436CB9 8BEC
mov ebp, esp
:00436CBB 53
push ebx
:00436CBC 56
push esi
:00436CBD 57
push edi
:00436CBE 84D2
test dl, dl
:00436CC0 7408
je 00436CCA
:00436CC2 83C4F0
add esp, FFFFFFF0
:00436CC5 E83AC2FCFF
call 00402F04
|:00436CC0(C)
|
:00436CCA 8BF1
:00436CCC 8BDA
:00436CCE 8BF8
:00436CD0 33D2
:00436CD2 8BC7
:00436CD4 E817BFFCFF
:00436CD9 897704
:00436CDC 8A4508
:00436CDF 884718
:00436CE2 66B95000
:00436CE6 66894F0A
:00436CEA 0FB7C1
:00436CED B90A000000
:00436CF2 33D2
:00436CF4 F7F1
:00436CF6 66894708
:00436CFA C6471C01
:00436CFE C747200A000000
:00436D05 C7474004000000
:00436D0C C7473C0C000000
:00436D13 C7472814000080
:00436D1A C6472C01
:00436D1E C6474401
:00436D22 8BC7
:00436D24 84DB
:00436D26 740F
:00436D28 E82FC2FCFF
:00436D2D 648F0500000000
:00436D34 83C40C

mov esi, ecx
mov ebx, edx
mov edi, eax
xor edx, edx
mov eax, edi
call 00402BF0
mov cx, 0050
mov word ptr [edi+0A], cx
movzx eax, cx
mov ecx, 0000000A
xor edx, edx
div ecx
mov [edi+1C], 01
mov [edi+20], 0000000A
mov [edi+40], 00000004
mov [edi+3C], 0000000C
mov [edi+28], 80000014
mov [edi+2C], 01
mov [edi+44], 01
mov eax, edi
test bl, bl
je 00436D37
call 00402F5C
add esp, 0000000C
|:00436D26(C)
|
:00436D37 8BC7
:00436D39 5F
:00436D3A 5E
:00436D3B 5B
:00436D3C 5D
:00436D3D C20400
mov
pop
pop
pop
pop
ret
:00436D40 8A401F
:00436D43 3401
:00436D45 C3
mov al, byte ptr [eax+1F]

xor al, 01
ret
:00436D46
:00436D48
:00436D49
:00436D4A
:00436D4B
:00436D4D
:00436D4F
:00436D51
:00436D57
:00436D5C
:00436D5E
:00436D60
:00436D62
:00436D65
:00436D67
:00436D6C
:00436D6F
:00436D71
:00436D76
:00436D79
:00436D7B
:00436D80
:00436D84
:00436D88
mov eax, eax

push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov eax, esi
call 00402D90
test al, al
je 00436D8A
mov edi, esi
mov eax, ebx
call 004375AC
mov eax, ebx
call 0043758C
mov eax, ebx
call 00437468
jmp 00436D93
8BC0
53
56
57
8BF2
8BD8
8BC6
8B1574404300
E834C0FCFF
84C0
742A
8BFE
8A571C
8BC3
E840080000
8B5710
8BC3
E816080000
8B570C
8BC3
E8E8060000
668B4708
66894308
EB09
|:00436D5E(C)
|
:00436D8A 8BD6
:00436D8C 8BC3
:00436D8E E87564FDFF
eax, edi
edi
esi
ebx
ebp
0004

mov edx, esi
mov eax, ebx
call 0040D208

|:00436D88(U)
|
:00436D93 5F
pop edi
:00436D94 5E
pop esi
:00436D95 5B
pop ebx
:00436D96 C3
ret
:00436D97 90
nop

|:004379E5 , :00437F65
|
:00436D98
:00436D99
:00436D9B
:00436D9F
:00436DA1
:00436DA3
:00436DA8
:00436DAA
:00436DAC
:00436DAF
:00436DB4
:00436DB6
:00436DB8
:00436DBB
:00436DC0
:00436DC2
:00436DC4
:00436DC7
:00436DCC
:00436DCD
53
8BD8
807B1800
7560
8BC3
E89C010000
84C0
7455
8B4304
E8F8C9FEFF
84C0
7525
8B4304
E82025FFFF
84C0
740E
8B4304
E83421FFFF
50
E8FE47FEFF
push ebx
mov ebx, eax
jne 00436E01
mov eax, ebx
call 00436F44
test al, al
je 00436E01
call 004237AC
test al, al
jne 00436DDD
call 004292E0
test al, al
je 00436DD2
call 00428F00
push eax
call 0041B5D0
|:00436DC2(C)
|
:00436DD2 33D2
:00436DD4 8BC3
:00436DD6 E88D060000
:00436DDB EB24
|:00436DB6(C)
|
:00436DDD 8B4304
:00436DE0 E8FB24FFFF
:00436DE5 84C0
:00436DE7 740E
:00436DE9 8B4304
:00436DEC E80F21FFFF
:00436DF1 50
:00436DF2 E8B147FEFF
|:00436DE7(C)
|
:00436DF7 8B5310
:00436DFA 8BC3
:00436DFC E867060000
xor edx, edx

mov eax, ebx
call 00437468
jmp 00436E01

call 004292E0
test al, al
je 00436DF7
call 00428F00
push eax
call 0041B5A8

mov eax, ebx
call 00437468

|:00436D9F(C), :00436DAA(C), :00436DDB(U)
|
:00436E01 5B
pop ebx
:00436E02 C3
ret
:00436E03 90
|:00436EFA
nop
|
:00436E04
:00436E05
:00436E07
:00436E08
:00436E0A
:00436E0E
:00436E10
:00436E13
:00436E15
:00436E17
:00436E19
:00436E1B
:00436E1D
:00436E1F
55
8BEC
53
8BD8
807B4700
743C
8A434B
2C01
720A
2C02
7406
FEC8
7424
EB2B
|:00436E15(C), :00436E19(C)
|
:00436E21 8B4508
:00436E24 8B40F8
:00436E27 8B500C
:00436E2A 035330
:00436E2D 035338
:00436E30 8B4508
:00436E33 8B40FC
:00436E36 E87D46FEFF
:00436E3B 8B5508
:00436E3E 8942FC
:00436E41 EB09
push ebp
mov ebp, esp
push ebx
mov ebx, eax
je 00436E4C
sub al, 01
jb 00436E21
sub al, 02
je 00436E21
dec al
je 00436E43
jmp 00436E4C
call 0041B4B8
jmp 00436E4C

|:00436E1D(C)
|
:00436E43 8B4508
:00436E46 8B5338
:00436E49 0150F4
add dword ptr [eax-0C], edx
|:00436E0E(C), :00436E1F(U), :00436E41(U)
|
:00436E4C 5B
pop ebx
:00436E4D 5D
pop ebp
:00436E4E C3
ret
:00436E4F 90
nop

|:00436F10
|
:00436E50 55
push ebp
:00436E51 8BEC
mov ebp, esp
:00436E53 53
push ebx
:00436E54 8BD8
mov ebx, eax
:00436E56 807B4700
:00436E5A 7436
je 00436E92
:00436E5C 8A434B
:00436E5F 2C02
sub al, 02
:00436E61 7204
jb 00436E67
:00436E63 7424
:00436E65 EB2B
je 00436E89
jmp 00436E92
|:00436E61(C)
|
:00436E67 8B4508
:00436E6A 8B40F8
:00436E6D 8B500C
:00436E70 035334
:00436E73 03533C
:00436E76 8B4508
:00436E79 8B40FC
:00436E7C E83746FEFF
:00436E81 8B5508
:00436E84 8942FC
:00436E87 EB09

call 0041B4B8
jmp 00436E92

|:00436E63(C)
|
:00436E89 8B4508
:00436E8C 8B533C
:00436E8F 0150F4
add dword ptr [eax-0C], edx
|:00436E5A(C), :00436E65(U), :00436E87(U)
|
:00436E92 5B
pop ebx
:00436E93 5D
pop ebp
:00436E94 C3
ret
:00436E95 8D4000

|:00437A22 , :00437A2D
|
:00436E98 55
push ebp
:00436E99 8BEC
mov ebp, esp
:00436E9B 83C4F4
add esp, FFFFFFF4
:00436E9E 53
push ebx
:00436E9F 56
push esi
:00436EA0 8945F8
:00436EA3 8B45F8
:00436EA6 8B5804
:00436EA9 80BBF401000000
:00436EB0 0F8487000000
je 00436F3D
:00436EB6 8BC3
mov eax, ebx
:00436EB8 8B10
:00436EBA FF92B8000000
:00436EC0 84C0
test al, al
:00436EC2 746F
je 00436F33
:00436EC4 33C0
xor eax, eax
:00436EC6 8945FC
:00436EC9 33C0
xor eax, eax
:00436ECB 8945F4
:00436ECE 8B45F8
:00436ED1 8B4004
:00436ED4 E8AFF1FEFF
call 00426088
:00436ED9
:00436EDB
:00436EDC
:00436EDE
:00436EE0
:00436EE1
8BD8
4B
85DB
7C3A
43
33F6
mov ebx, eax

dec ebx
test ebx, ebx
jl 00436F1A
inc ebx
xor esi, esi
|:00436F18(C)
|
:00436EE3 8B45F8
:00436EE6 80781800
:00436EEA 7516
:00436EEC 55
:00436EED 8B45F8
:00436EF0 8B4004
:00436EF3 8BD6
:00436EF5 E852F1FEFF
:00436EFA E805FFFFFF
:00436EFF 59
:00436F00 EB14
|:00436EEA(C)
|
:00436F02 55
:00436F03 8B45F8
:00436F06 8B4004
:00436F09 8BD6
:00436F0B E83CF1FEFF
:00436F10 E83BFFFFFF
:00436F15 59

jne 00436F02
push ebp
mov edx, esi
call 0042604C
call 00436E04
pop ecx
jmp 00436F16
push ebp
mov edx, esi
call 0042604C
call 00436E50
pop ecx

|:00436F00(U)
|
:00436F16 46
inc esi
:00436F17 4B
dec ebx
:00436F18 75C9
jne 00436EE3
|:00436EDE(C)
|
:00436F1A 8B55FC
:00436F1D 0355F4
:00436F20 8B45F8
:00436F23 0FB7401A
:00436F27 03D0
:00436F29 8B45F8
:00436F2C E843060000
:00436F31 EB0A
|:00436EC2(C)
|
:00436F33 33D2
:00436F35 8B45F8
:00436F38 E837060000

add edx, eax
call 00437574
jmp 00436F3D
xor edx, edx

call 00437574
|:00436EB0(C), :00436F31(U)
|
:00436F3D 5E
:00436F3E 5B
:00436F3F 8BE5
:00436F41 5D
:00436F42 C3
pop
pop
mov
pop
ret
:00436F43 90
nop
esi
ebx
esp, ebp
ebp

|:00436DA3 , :00437937
|
:00436F44 53
push ebx
:00436F45 56
push esi
:00436F46 8BD8
mov ebx, eax
:00436F48 BE00001000
mov esi, 00100000
:00436F4D 807B1801
:00436F51 7505
jne 00436F58
:00436F53 BE00002000
mov esi, 00200000
|:00436F51(C)
|
:00436F58 807B1C00
:00436F5C 7414
:00436F5E 6AF0
:00436F60 8B4304
:00436F63 E8981FFFFF
:00436F68 50

je 00436F72
push FFFFFFF0
call 00428F00
push eax

|
:00436F69 E8D2F2FCFF
Call 00406240
:00436F6E 85F0
test eax, esi
:00436F70 7505
jne 00436F77
|:00436F5C(C)
|
:00436F72 33C0
xor eax, eax
:00436F74 5E
pop esi
:00436F75 5B
pop ebx
:00436F76 C3
ret

|:00436F70(C)
|
:00436F77 B001
mov al, 01
:00436F79 5E
pop esi
:00436F7A 5B
pop ebx
:00436F7B C3
ret

|:00436FD4 , :00437006
|
:00436F7C
:00436F7D
:00436F7F
:00436F80
:00436F85
:00436F89
:00436F8B
55
8BEC
53
BB00001000
6683F801
7505
BB00002000
|:00436F89(C)
|
:00436F90 6AF0
:00436F92 8B4508
:00436F95 8B40FC
:00436F98 8B4004
:00436F9B E8601FFFFF
:00436FA0 50
push ebp
mov ebp, esp
push ebx
mov ebx, 00100000
cmp ax, 0001
jne 00436F90
mov ebx, 00200000
push FFFFFFF0
call 00428F00
push eax

|
:00436FA1 E89AF2FCFF
Call 00406240
:00436FA6 85D8
test eax, ebx
:00436FA8 0F95C0
setne al
:00436FAB 5B
pop ebx
:00436FAC 5D
pop ebp
:00436FAD C3
ret
:00436FAE 8BC0
mov eax, eax

|:0043706D , :0043708F
|
:00436FB0 55
push ebp
:00436FB1 8BEC
mov ebp, esp
:00436FB3 53
push ebx
:00436FB4 56
push esi
:00436FB5 57
push edi
:00436FB6 8BFA
mov edi, edx
:00436FB8 8BF0
mov esi, eax
:00436FBA 33DB
xor ebx, ebx
:00436FBC 8B4508
:00436FBF 8078FB00
:00436FC3 7560
jne 00437025
:00436FC5 8B4508
:00436FC8 8078FA00
:00436FCC 7429
je 00436FF7
:00436FCE 8B4508
:00436FD1 50
push eax
:00436FD2 8BC6
mov eax, esi
:00436FD4 E8A3FFFFFF
call 00436F7C
:00436FD9 59
pop ecx
:00436FDA 84C0
test al, al
:00436FDC 7519
jne 00436FF7
:00436FDE 0FB7C7
movzx eax, di
:00436FE1 50
push eax
:00436FE2 A1302B4400
:00436FE7 8B00
:00436FE9 FFD0
call eax
:00436FEB
:00436FED
:00436FF0
:00436FF3
:00436FF5
8BD8
8B4508
2B58F4
F7DB
EB2E
|:00436FCC(C), :00436FDC(C)
|
:00436FF7 8B4508
:00436FFA 8078FA00
:00436FFE 7525
:00437000 8B4508
:00437003 50
:00437004 8BC6
:00437006 E871FFFFFF
:0043700B 59
:0043700C 84C0
:0043700E 7415
:00437010 0FB7C7
:00437013 50
:00437014 A1302B4400
:00437019 8B00
:0043701B FFD0
:0043701D 8BD8
:0043701F 8B4508
:00437022 2B58F4
mov
mov
sub
neg
jmp
ebx, eax
ebx, dword ptr [eax-0C]
ebx
00437025

jne 00437025
push eax
mov eax, esi
call 00436F7C
pop ecx
test al, al
je 00437025
movzx eax, di
push eax
call eax
mov ebx, eax
sub ebx, dword ptr [eax-0C]

|:00436FC3(C), :00436FF5(U), :00436FFE(C), :0043700E(C)
|
:00437025 8BC3
mov eax, ebx
:00437027 5F
pop edi
:00437028 5E
pop esi
:00437029 5B
pop ebx
:0043702A 5D
pop ebp
:0043702B C3
ret

|:004370B5 , :00437354 , :00437375 , :004376FA , :00437748
|:0043779E
|
:0043702C 55
push ebp
:0043702D 8BEC
mov ebp, esp
:0043702F 83C4F4
add esp, FFFFFFF4
:00437032 53
push ebx
:00437033 884DFA
:00437036 8855FB
:00437039 8945FC
:0043703C 6AF0
push FFFFFFF0
:0043703E 8B45FC
:00437041 8B4004
:00437044 E8B71EFFFF
call 00428F00
:00437049 50
push eax
|
:0043704A E8F1F1FCFF
Call 00406240
:0043704F
:00437054
:00437057
:0043705A
:0043705D
:00437060
:00437064
:00437066
:00437067
:0043706B
:0043706D
:00437072
:00437073
:00437075
:00437078
:0043707B
:00437080
:00437082
:00437084
A900008400
0F95C0
83E07F
8945F4
8B45FC
80781801
7520
55
66BA1500
33C0
E83EFFFFFF
59
8BD8
8B45FC
8B4004
E878BBFEFF
03D8
8BC3
EB20
|:00437064(C)
|
:00437086 55
:00437087 66BA1400
:0043708B 66B80100
:0043708F E81CFFFFFF
:00437094 59
:00437095 8BD8
:00437097 8B45FC
:0043709A 8B4004
:0043709D E812BBFEFF
:004370A2 03D8
:004370A4 8BC3
test eax, 00840000

setne al
and eax, 0000007F
jne 00437086
push ebp
mov dx, 0015
xor eax, eax
call 00436FB0
pop ecx
mov ebx, eax
call 00422BF8
add ebx, eax
mov eax, ebx
jmp 004370A6
push ebp
mov dx, 0014
mov ax, 0001
call 00436FB0
pop ecx
mov ebx, eax
call 00422BB4
add ebx, eax
mov eax, ebx

|:00437084(U)
|
:004370A6 5B
pop ebx
:004370A7 8BE5
mov esp, ebp
:004370A9 5D
pop ebp
:004370AA C3
ret
:004370AB 90
nop

|:00437AD8 , :00437B10
|
:004370AC 53
push ebx
:004370AD 8BD8
mov ebx, eax
:004370AF 33C9
xor ecx, ecx
:004370B1 33D2
xor edx, edx
:004370B3 8BC3
mov eax, ebx
call 0043702C
:004370BA 3B4310
:004370BD 0F9CC0
setl al
:004370C0 5B
pop ebx
:004370C1 C3
ret
:004370C2 8BC0
mov eax, eax

|:0043739C , :004373D5
|
:004370C4 55
push ebp
:004370C5 8BEC
mov ebp, esp
:004370C7 83C4E4
add esp, FFFFFFE4
:004370CA 53
push ebx
:004370CB 56
push esi
:004370CC C745E41C000000
mov [ebp-1C], 0000001C
:004370D3 C745E810000000
mov [ebp-18], 00000010
:004370DA 33DB
xor ebx, ebx
:004370DC 8B4508
:004370DF 8B40FC
:004370E2 80781801
:004370E6 7505
jne 004370ED
:004370E8 BB01000000
mov ebx, 00000001
|:004370E6(C)
|
:004370ED 8B4508
:004370F0 8B70F8
:004370F3 0FBF7606
:004370F7 8D45E4
:004370FA 50
:004370FB 53
:004370FC 8B4508
:004370FF 8B40FC
:00437102 8B4004
:00437105 E8F61DFFFF
:0043710A 50
:0043710B A1582A4400
:00437110 8B00
:00437112 FFD0
:00437114 85C0
:00437116 7403
:00437118 8B75FC

movsx esi, word ptr [esi+06]
push eax
push ebx
call 00428F00
push eax
call eax
test eax, eax
je 0043711B

|:00437116(C)
|
:0043711B 8BC6
mov eax, esi
:0043711D 5E
pop esi
:0043711E 5B
pop ebx
:0043711F 8BE5
mov esp, ebp
:00437121 5D
pop ebp
:00437122 C3
ret
:00437123 90
nop

|:00437E44 , :00437E68
|
:00437124 55
push ebp
:00437125 8BEC
mov ebp, esp
:00437127 83C4F0
add esp, FFFFFFF0
:0043712A
:0043712B
:0043712C
:0043712D
:00437130
:00437133
:00437136
:0043713A
:00437140
:00437143
:00437147
:0043714B
:00437151
:00437154
:00437158
:0043715C
:0043715E
:00437162
:00437164
53
56
57
8955F8
8945FC
8B45FC
80781F00
0F849E010000
8B45F8
668B4004
6683E804
0F838D010000
8B45F8
668B4004
6683E802
7208
6683E802
7223
EB47
push ebx
push esi
push edi
je 004372DE
sub ax, 0004
jnb 004372DE
sub ax, 0002
jb 00437166
sub ax, 0002
jb 00437187
jmp 004371AD
|:0043715C(C)
|
:00437166 8B45FC
:00437169 0FB75808
:0043716D 8BC3
:0043716F 8B55FC
:00437172 8B4A40
:00437175 99
:00437176 F7F9
:00437178 8945F4
:0043717B 8BC3
:0043717D 99
:0043717E F7F9
:00437180 8955F0
:00437183 8BF1
:00437185 EB32
|:00437162(C)
|
:00437187 8B45FC
:0043718A 0FB7400A
:0043718E 8945F4
:00437191 8B45FC
:00437194 8B483C
:00437197 8B45F4
:0043719A 99
:0043719B F7F9
:0043719D 8955F0
:004371A0 8B45F4
:004371A3 99
:004371A4 F7F9
:004371A6 8945F4
:004371A9 8BF1
:004371AB EB0C

movzx ebx, word ptr [eax+08]
mov eax, ebx
cdq
idiv ecx
mov eax, ebx
cdq
idiv ecx
mov esi, ecx
jmp 004371B9

cdq
idiv ecx
cdq
idiv ecx
mov esi, ecx
jmp 004371B9

|:00437164(U)
|
:004371AD
:004371AF
:004371B1
:004371B4
:004371B6
33F6
33C0
8945F4
33C0
8945F0
xor
xor
mov
xor
mov
esi, esi
eax, eax
eax, eax
|:00437185(U), :004371AB(U)
|
:004371B9 33FF
:004371BB 85F6
:004371BD 0F8E9B000000
|:00437258(C)
|
:004371C3 E8E4F2FCFF
:004371C8 8BD8
:004371CA 8BC3
:004371CC 2BC7
:004371CE 8B55FC
:004371D1 8B5220
:004371D4 3BC2
:004371D6 7D08
:004371D8 2BD0
:004371DA 52
xor edi, edi

test esi, esi
jle 0043725E
call 004064AC
mov ebx, eax
mov eax, ebx
sub eax, edi
cmp eax, edx
jge 004371E0
sub edx, eax
push edx
* Reference To: kernel32.Sleep, Ord:0000h

|
:004371DB E8C0EBFCFF
Call 00405DA0
|:004371D6(C)
|
:004371E0 8BFB
:004371E2 8B45F8
:004371E5 668B4004
:004371E9 6683E801
:004371ED 720E
:004371EF 741F
:004371F1 66FFC8
:004371F4 742D
:004371F6 66FFC8
:004371F9 743B
:004371FB EB4A
|:004371ED(C)
|
:004371FD 8B45FC
:00437200 8B500C
:00437203 2B55F4
:00437206 8B45FC
:00437209 E85A020000
:0043720E EB37
mov edi, ebx

sub ax, 0001
jb 004371FD
je 00437210
dec ax
je 00437223
dec ax
je 00437236
jmp 00437247
mov eax, dword

mov edx, dword
sub edx, dword
mov eax, dword
call 00437468
jmp 00437247
ptr
ptr
ptr
ptr
[ebp-04]
[eax+0C]
[ebp-0C]
[ebp-04]

|:004371EF(C)
|
:00437210 8B45FC
:00437213
:00437216
:00437219
:0043721C
:00437221
8B500C
0355F4
8B45FC
E847020000
EB24

call 00437468
jmp 00437247
|:004371F4(C)
|
:00437223 8B45FC
:00437226 8B500C
:00437229 2B55F4
:0043722C 8B45FC
:0043722F E834020000
:00437234 EB11
|:004371F9(C)
|
:00437236 8B45FC
:00437239 8B500C
:0043723C 0355F4
:0043723F 8B45FC
:00437242 E821020000
mov eax, dword

mov edx, dword
sub edx, dword
mov eax, dword
call 00437468
jmp 00437247
mov eax, dword

mov edx, dword
add edx, dword
mov eax, dword
call 00437468
ptr
ptr
ptr
ptr
ptr
ptr
ptr
ptr
[ebp-04]
[eax+0C]
[ebp-0C]
[ebp-04]
[ebp-04]
[eax+0C]
[ebp-0C]
[ebp-04]

|:004371FB(U), :0043720E(U), :00437221(U), :00437234(U)
|
:00437247 8B45FC
:0043724A 8B4004
:0043724D 8B10
:0043724F FF9284000000
:00437255 4E
dec esi
:00437256 85F6
test esi, esi
:00437258 0F8F65FFFFFF
jg 004371C3
|:004371BD(C)
|
:0043725E 837DF000
:00437262 0F8EAA010000
:00437268 8B45F8
:0043726B 668B4004
:0043726F 6683E801
:00437273 7211
:00437275 7425
:00437277 66FFC8
:0043727A 7436
:0043727C 66FFC8
:0043727F 7447
:00437281 E98C010000
|:00437273(C)
|
:00437286 8B45FC
:00437289 8B500C
:0043728C 2B55F0
:0043728F 8B45FC
:00437292 E8D1010000

jle 00437412
sub ax, 0001
jb 00437286
je 0043729C
dec ax
je 004372B2
dec ax
je 004372C8
jmp 00437412
mov eax, dword

mov edx, dword
sub edx, dword
mov eax, dword
call 00437468
ptr
ptr
ptr
ptr
[ebp-04]
[eax+0C]
[ebp-10]
[ebp-04]
:00437297 E976010000
jmp 00437412
|:00437275(C)
|
:0043729C 8B45FC
:0043729F 8B500C
:004372A2 0355F0
:004372A5 8B45FC
:004372A8 E8BB010000
:004372AD E960010000
|:0043727A(C)
|
:004372B2 8B45FC
:004372B5 8B500C
:004372B8 2B55F0
:004372BB 8B45FC
:004372BE E8A5010000
:004372C3 E94A010000
|:0043727F(C)
|
:004372C8 8B45FC
:004372CB 8B500C
:004372CE 0355F0
:004372D1 8B45FC
:004372D4 E88F010000
:004372D9 E934010000
|:0043713A(C), :0043714B(C)
|
:004372DE 8B45F8
:004372E1 0FBF4004
:004372E5 83F807
:004372E8 0F8724010000
:004372EE FF2485F5724300
:004372F5
:004372F9
:004372FD
:00437301
:00437305
:00437309
:0043730D
:00437311
15734300
31734300
4D734300
6E734300
8F734300
BF734300
F8734300
04744300
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:00437315
:00437318
:0043731B
:0043731E
:00437322
:00437324
:00437327
:0043732C
:00437331
8B45FC
8B500C
8B45FC
0FB74008
2BD0
8B45FC
E83C010000
E9E1000000
8B45FC

sub edx, eax
call 00437468
jmp 00437412
mov eax, dword

mov edx, dword
add edx, dword
mov eax, dword
call 00437468
jmp 00437412
mov eax, dword

mov edx, dword
sub edx, dword
mov eax, dword
call 00437468
jmp 00437412
mov eax, dword

mov edx, dword
add edx, dword
mov eax, dword
call 00437468
jmp 00437412
ptr
ptr
ptr
ptr
ptr
ptr
ptr
ptr
ptr
ptr
ptr
ptr
[ebp-04]
[eax+0C]
[ebp-10]
[ebp-04]
[ebp-04]
[eax+0C]
[ebp-10]
[ebp-04]
[ebp-04]
[eax+0C]
[ebp-10]
[ebp-04]

movsx eax, word ptr [eax+04]
cmp eax, 00000007
ja 00437412
jmp dword ptr [4*eax+004372F5]
00437315
00437331
0043734D
0043736E
0043738F
004373BF
004373F8
00437404
:00437334
:00437337
:0043733A
:0043733E
:00437340
:00437343
:00437348
:0043734D
8B500C
8B45FC
0FB74008
03D0
8B45FC
E820010000
E9C5000000
33C9

add edx, eax
call 00437468
jmp 00437412
xor ecx, ecx
|:0043730A(C)
|
:0043734F B201
:00437351 8B45FC
:00437354 E8D3FCFFFF
:00437359 8B55FC
:0043735C 8B520C
:0043735F 2BD0
:00437361 8B45FC
:00437364 E8FF000000
:00437369 E9A4000000
:0043736E 33C9
:00437370 B201
:00437372 8B45FC
:00437375 E8B2FCFFFF
:0043737A 8BD0
:0043737C 8B45FC
:0043737F 03500C
:00437382 8B45FC
:00437385 E8DE000000
:0043738A E983000000
:0043738F 8B45FC
:00437392 817814FF7F0000
:00437399 7E13
:0043739B 55
:0043739C E823FDFFFF
:004373A1 59
:004373A2 8BD0
:004373A4 8B45FC
:004373A7 E8BC000000
:004373AC EB64
|:00437399(C)
|
:004373AE 8B55F8
:004373B1 0FBF5206
:004373B5 8B45FC
:004373B8 E8AB000000
:004373BD EB53
:004373BF 8B45FC
:004373C2 80781D00
:004373C6 744A
:004373C8 8B45FC
:004373CB 817814FF7F0000
:004373D2 7E13
:004373D4 55
:004373D5 E8EAFCFFFF
:004373DA 59
:004373DB 8BD0
mov dl, 01
call 0043702C
sub edx, eax
call 00437468
jmp 00437412
xor ecx, ecx
mov dl, 01
call 0043702C
mov edx, eax
call 00437468
jmp 00437412
cmp dword ptr [eax+14], 00007FFF
jle 004373AE
push ebp
call 004370C4
pop ecx
mov edx, eax
call 00437468
jmp 00437412

movsx edx, word ptr [edx+06]
call 00437468
jmp 00437412
je 00437412
cmp dword ptr [eax+14], 00007FFF
jle 004373E7
push ebp
call 004370C4
pop ecx
mov edx, eax
:004373DD 8B45FC
:004373E0 E883000000
:004373E5 EB2B

call 00437468
jmp 00437412
|:004373D2(C)
|
:004373E7 8B55F8
:004373EA 0FBF5206
:004373EE 8B45FC
:004373F1 E872000000
:004373F6 EB1A
:004373F8 33D2
:004373FA 8B45FC
:004373FD E866000000
:00437402 EB0E
:00437404 8B45FC
:00437407 8B5014
:0043740A 8B45FC
:0043740D E856000000

movsx edx, word ptr [edx+06]
call 00437468
jmp 00437412
xor edx, edx
call 00437468
jmp 00437412
call 00437468

|:00437262(C), :00437281(U), :00437297(U), :004372AD(U), :004372C3(U)
|:004372D9(U), :004372E8(C), :0043732C(U), :00437348(U), :00437369(U)
|:0043738A(U), :004373AC(U), :004373BD(U), :004373C6(C), :004373E5(U)
|:004373F6(U), :00437402(U)
|
:00437412 5F
pop edi
:00437413 5E
pop esi
:00437414 5B
pop ebx
:00437415 8BE5
mov esp, ebp
:00437417 5D
pop ebp
:00437418 C3
ret
:00437419
:0043741C
:0043741F
:00437421
:00437424
:00437428
:0043742B
8D4000
3B5024
740F
895024
C6404401
8B4004
E860060000

je 00437430
mov [eax+44], 01
call 00437A90

|:0043741F(C)
|
:00437430 C3
ret
:00437431 8D4000
|:00437461
|
:00437434 3B5028
:00437437 7413
je 0043744C
:00437439 895028
:0043743C C6402C00
mov [eax+2C], 00
:00437440 C6404401
mov [eax+44], 01
:00437444 8B4004
:00437447 E844060000
call 00437A90
|:00437437(C)
|
:0043744C C3
:0043744D 8D4000
:00437450 3A502C
:00437453 7411
:00437455 88502C
:00437458 84D2
:0043745A 740A
:0043745C BA14000080
:00437461 E8CEFFFFFF

ret
je 00437466
test dl, dl
je 00437466
mov edx, 80000014
call 00437434

|:00437453(C), :0043745A(C)
|
:00437466 C3
ret
:00437467 90
nop
|:00436D7B , :00436DD6
|:0043722F , :00437242
|:004372D4 , :00437327
|:004373A7 , :004373B8
|:0043740D , :00437793
|:00437C9E , :00437CE4
|
:00437468 53
:00437469 56
:0043746A 57
:0043746B 8BD8
:0043746D 8B4304
:00437470 F6402002
:00437474 7408
:00437476 89530C
:00437479 E9A7000000
Addresses:
, :00436DFC
, :00437292
, :00437343
, :004373E0
, :00437961
, :00437D24
,
,
,
,
,
,
:00437209
:004372A8
:00437364
:004373F1
:00437C42
:00437D31
,
,
,
,
,
:0043721C
:004372BE
:00437385
:004373FD
:00437C87
push ebx
push esi
push edi
mov ebx, eax
test [eax+20], 02
je 0043747E
jmp 00437525

|:00437474(C)
|
:0043747E 8B4314
:00437481 3BD0
cmp edx, eax
:00437483 7E04
jle 00437489
:00437485 8BD0
mov edx, eax
:00437487 EB06
jmp 0043748F
|:00437483(C)
|
:00437489 85D2
test edx, edx
:0043748B 7D02
jge 0043748F
:0043748D 33D2
xor edx, edx
|:00437487(U), :0043748B(C)
|
:0043748F 807B1800
:00437493 7504
:00437495 33F6
:00437497 EB04

cmp
jne
xor
jmp
byte ptr [ebx+18], 00

00437499
esi, esi
0043749D

|:00437493(C)
|
:00437499 66BE0100
mov si, 0001
|:00437497(U)
|
:0043749D 8B430C
:004374A0 3BD0
:004374A2 744D
:004374A4 89530C
:004374A7 807B1800
:004374AB 7510
:004374AD 2BC2
:004374AF 8BD0
:004374B1 33C9
:004374B3 8B4304
:004374B6 E8F915FFFF
:004374BB EB0E
|:004374AB(C)
|
:004374BD 8BC8
:004374BF 2BCA
:004374C1 8B4304
:004374C4 33D2
:004374C6 E8E915FFFF
|:004374BB(U)
|
:004374CB 8B4304
:004374CE F6402010
:004374D2 741D
:004374D4 E837F7FFFF
:004374D9 85C0
:004374DB 7414
:004374DD 83B83002000000
:004374E4 740B
:004374E6 8B8030020000
:004374EC 8B10
:004374EE FF520C

cmp edx, eax
je 004374F1
jne 004374BD
sub eax, edx
mov edx, eax
xor ecx, ecx
call 00428AB4
jmp 004374CB
mov ecx, eax

sub ecx, edx
xor edx, edx
call 00428AB4

test [eax+20], 10
je 004374F1
call 00436C10
test eax, eax
je 004374F1
cmp dword ptr [eax+00000230], 00000000
je 004374F1
call [edx+0C]

|:004374A2(C), :004374D2(C), :004374DB(C), :004374E4(C)
|
:004374F1 0FB7FE
movzx edi, si
:004374F4 57
push edi
:004374F5 8B4304
:004374F8 E8031AFFFF
call 00428F00
:004374FD 50
push eax
:004374FE A1842B4400
:00437503 8B00
:00437505 FFD0
call eax
:00437507 3B430C
:0043750A 7419
je 00437525
:0043750C 6AFF
push FFFFFFFF
:0043750E
:00437511
:00437512
:00437513
:00437516
:0043751B
:0043751C
:00437521
:00437523
8B430C
50
57
8B4304
E8E519FFFF
50
A1282D4400
8B00
FFD0
mov eax, dword

push eax
push edi
mov eax, dword
call 00428F00
push eax
mov eax, dword
mov eax, dword
call eax
ptr [ebx+0C]
ptr [ebx+04]
ptr [00442D28]
ptr [eax]
|:00437479(U), :0043750A(C)
|
:00437525 5F
:00437526 5E
:00437527 5B
:00437528 C3
:00437529
:0043752C
:0043752F
:00437531
:00437534
:00437538
:0043753B

je 00437540
mov [eax+44], 01
call 00437A90
8D4000
3B5030
740F
895030
C6404401
8B4004
E850050000
pop edi
pop esi
pop ebx
ret
|:0043752F(C)
|
:00437540 C3
:00437541 8D4000
:00437544 3A5034
:00437547 740F
:00437549 885034
:0043754C C6404401
:00437550 8B4004
:00437553 E838050000
|:00437547(C)
|
:00437558 C3
:00437559 8D4000
:0043755C 3B5038
:0043755F 740F
:00437561 895038
:00437564 C6404401
:00437568 8B4004
:0043756B E820050000
ret
je 00437558
mov [eax+44], 01
call 00437A90
ret
je 00437570
mov [eax+44], 01
call 00437A90

|:0043755F(C)
|
:00437570 C3
ret
:00437571 8D4000
|:00436F2C , :00436F38 , :0043759A
|
:00437574
:00437576
:00437579
:0043757B
:0043757D
:0043757F
8BCA
894810
85C9
7D05
33D2
895010
mov ecx, edx

test ecx, ecx
jge 00437582
xor edx, edx
|:0043757B(C)
|
:00437582 8B4004
:00437585 E806050000
:0043758A C3
:0043758B 90
nop

call 00437A90
ret

|:00436D71 , :00437A5A , :00437A67 , :00437D5A , :00437D7A
|
:0043758C 8B4804
:0043758F C681F401000000
mov byte ptr [ecx+000001F4], 00
:00437596 C6401E01
mov [eax+1E], 01
:0043759A E8D5FFFFFF
call 00437574
:0043759F C3
ret
:004375A0
:004375A3
:004375A9
:004375AB
8B4004
8A80F4010000
3401
C3

mov al, byte ptr [eax+000001F4]
xor al, 01
ret

|:00436D67
|
:004375AC 88501C
:004375AF 8B4004
:004375B2 E8D9040000
call 00437A90
:004375B7 C3
ret

|:00437762
|
:004375B8 55
push ebp
:004375B9 8BEC
mov ebp, esp
:004375BB 53
push ebx
:004375BC 56
push esi
:004375BD 8BD8
mov ebx, eax
:004375BF 8B7508
:004375C2 83C6FC
add esi, FFFFFFFC
:004375C5 F6DB
neg bl
:004375C7 1BC0
sbb eax, eax
:004375C9 50
push eax
:004375CA 8B06
:004375CC 0FB64034
:004375D0 8B0485A4284400
:004375D7
:004375D8
:004375DA
:004375DE
:004375E1
:004375E8
:004375E9
:004375EB
:004375EE
:004375F3
:004375F4
:004375F9
:004375FB
:004375FF
:00437601
:00437603
:00437605
:00437608
:00437609
:0043760B
:0043760F
:00437612
:00437619
:0043761A
:0043761C
:0043761F
:00437624
:00437625
50
8B06
0FB64018
8D0480
8B04857C284400
50
8B06
8B4004
E80D19FFFF
50
E87B3FFEFF
8B06
83782400
7E29
6A00
8B06
8B4024
50
8B06
0FB64018
8D0480
8B048580284400
50
8B06
8B4004
E8DC18FFFF
50
E84A3FFEFF
push eax
mov eax, dword ptr [4*eax+0044287C]
push eax
call 00428F00
push eax
call 0041B574
jle 0043762A
push 00000000
push eax
push eax
call 00428F00
push eax
call 0041B574
|:004375FF(C)
|
:0043762A 8B06
:0043762C 83783800
:00437630 7E29
:00437632 6A00
:00437634 8B06
:00437636 8B4038
:00437639 50
:0043763A 8B06
:0043763C 0FB64018
:00437640 8D0480
:00437643 8B048584284400
:0043764A 50
:0043764B 8B06
:0043764D 8B4004
:00437650 E8AB18FFFF
:00437655 50
:00437656 E8193FFEFF
|:00437630(C)
|
:0043765B 8B06
:0043765D 83783000
:00437661 7E29
:00437663 6A00
:00437665 8B06
:00437667 8B4030
:0043766A 50

jle 0043765B
push 00000000
push eax
push eax
call 00428F00
push eax
call 0041B574

jle 0043768C
push 00000000
push eax
:0043766B
:0043766D
:00437671
:00437674
:0043767B
:0043767C
:0043767E
:00437681
:00437686
:00437687
8B06
0FB64018
8D0480
8B048588284400
50
8B06
8B4004
E87A18FFFF
50
E8E83EFEFF

push eax
call 00428F00
push eax
call 0041B574
|:00437661(C)
|
:0043768C 6A00
:0043768E 8B06
:00437690 8B4028
:00437693 E870C4FDFF
:00437698 50
:00437699 8B06
:0043769B 0FB64018
:0043769F 8D0480
:004376A2 8B04858C284400
:004376A9 50
:004376AA 8B06
:004376AC 8B4004
:004376AF E84C18FFFF
:004376B4 50
:004376B5 E8BA3EFEFF
:004376BA 5E
:004376BB 5B
:004376BC 5D
:004376BD C3
:004376BE 8BC0
mov eax, eax
push 00000000
call 00413B08
push eax
mov eax, dword ptr [4*eax+0044288C]
push eax
call 00428F00
push eax
call 0041B574
pop esi
pop ebx
pop ebp
ret

|:00437AEE , :00437B00 , :00437B26 , :00437B38 , :00437B4C
|:00437B5E
|
:004376C0 55
push ebp
:004376C1 8BEC
mov ebp, esp
:004376C3 83C4DC
add esp, FFFFFFDC
:004376C6 53
push ebx
:004376C7 56
push esi
:004376C8 57
push edi
:004376C9 884DFA
:004376CC 8855FB
:004376CF 8945FC
:004376D2 8D75FC
:004376D5 8B06
:004376D7 33D2
xor edx, edx
:004376D9 895014
:004376DC 33DB
xor ebx, ebx
:004376DE 8B06
:004376E0 80781801
:004376E4 7504
jne 004376EA
:004376E6 66BB0100
mov bx, 0001
|:004376E4(C)
|
:004376EA 8B06
:004376EC 80781C00
:004376F0 7424
:004376F2 8A4DFA
:004376F5 8A55FB
:004376F8 8B06
:004376FA E82DF9FFFF
:004376FF 8B16
:00437701 8B7A10
:00437704 2BF8
:00437706 8B06
:00437708 897814
:0043770B 85FF
:0043770D 7D07
:0043770F 8B06
:00437711 33D2
:00437713 895014
|:004376F0(C), :0043770D(C)
|
:00437716 C745DE1C000000
:0043771D C745E217000000
:00437724 33C0
:00437726 8945E6
:00437729 8B06
:0043772B 83781400
:0043772F 7E0A
:00437731 8B06
:00437733 8B4010
:00437736 8945EA
:00437739 EB05

je 00437716
call 0043702C
sub edi, eax
test edi, edi
jge 00437716
xor edx, edx
mov
mov
xor
mov
mov
cmp
jle
mov
mov
mov
jmp
[ebp-22], 0000001C
[ebp-1E], 00000017
eax, eax
dword ptr [ebp-1A], eax
dword ptr [eax+14], 00000000
0043773B
00437740

|:0043772F(C)
|
:0043773B 33C0
xor eax, eax
:0043773D 8945EA
|:00437739(U)
|
:00437740 8A4DFA
:00437743 8A55FB
:00437746 8B06
:00437748 E8DFF8FFFF
:0043774D 40
:0043774E 8945EE
:00437751 8B06
:00437753 8B400C
:00437756 8945F2
:00437759 8945F6
:0043775C 55
:0043775D 8B06
:0043775F 8A4044
:00437762 E851FEFFFF
:00437767 59

call 0043702C
inc eax
mov dword ptr [ebp-0E], eax
mov dword ptr [ebp-0A], eax
push ebp
call 004375B8
pop ecx
:00437768
:0043776A
:0043776E
:00437770
:00437773
:00437774
:00437777
:00437778
:0043777A
:0043777D
:00437782
:00437783
:00437788
:0043778A
:0043778C
:0043778E
:00437791
:00437793
:00437798
:0043779A
:0043779C
:0043779E
:004377A3
:004377A6
:004377AB
:004377AC
:004377AE
:004377B0
:004377B2
:004377B6
:004377B8
:004377BC
:004377BE
:004377C1
:004377C6
:004377C8
:004377CA
:004377CC
8B06
C6404400
6AFF
8D45DE
50
0FB7C3
50
8B06
8B4004
E87E17FFFF
50
A1282C4400
8B00
FFD0
8B06
8B500C
8B06
E8D0FCFFFF
33C9
B201
8B06
E889F8FFFF
8D04C0
B90A000000
99
F7F9
8BD8
8B06
6689580A
8B06
80781F00
7412
0FB7C3
B90A000000
33D2
F7F1
8B16
66894208

mov [eax+44], 00
push FFFFFFFF
push eax
movzx eax, bx
push eax
call 00428F00
push eax
call eax
call 00437468
xor ecx, ecx
mov dl, 01
call 0043702C
mov ecx, 0000000A
cdq
idiv ecx
mov ebx, eax
mov word ptr [eax+0A], bx
je 004377D0
movzx eax, bx
mov ecx, 0000000A
xor edx, edx
div ecx
mov word ptr [edx+08], ax

|:004377BC(C)
|
:004377D0 5F
pop edi
:004377D1 5E
pop esi
:004377D2 5B
pop ebx
:004377D3 8BE5
mov esp, ebp
:004377D5 5D
pop ebp
:004377D6 C3
ret
:004377D7 90
nop

|:00437F8E , :00438237
|
:004377D8 53
push ebx
:004377D9 56
push esi
:004377DA 84D2
test dl, dl
:004377DC 7408
je 004377E6
:004377DE 83C4F0
add esp, FFFFFFF0
:004377E1 E81EB7FCFF
call 00402F04
|:004377DC(C)
|
:004377E6 8BDA
:004377E8 8BF0
:004377EA 33D2
:004377EC 8BC6
:004377EE E87DDAFEFF
:004377F3 6A00
:004377F5 8BCE
:004377F7 B201
:004377F9 A174404300
:004377FE E8B5F4FFFF
:00437803 8986EC010000
:00437809 6A01
:0043780B 8BCE
:0043780D B201
:0043780F A174404300
:00437814 E89FF4FFFF
:00437819 8986F0010000
:0043781F C686F401000001
:00437826 8BC6
:00437828 84DB
:0043782A 740F
:0043782C E82BB7FCFF
:00437831 648F0500000000
:00437838 83C40C

mov ebx, edx
mov esi, eax
xor edx, edx
mov eax, esi
call 00425270
push 00000000
mov ecx, esi
mov dl, 01
call 00436CB8
mov dword ptr [esi+000001EC], eax
push 00000001
mov ecx, esi
mov dl, 01
call 00436CB8
mov dword ptr [esi+000001F0], eax
mov byte ptr [esi+000001F4], 01
mov eax, esi
test bl, bl
je 0043783B
call 00402F5C
add esp, 0000000C

|:0043782A(C)
|
:0043783B 8BC6
mov eax, esi
:0043783D 5E
pop esi
:0043783E 5B
pop ebx
:0043783F C3
ret

|:00438428
|
:00437840 53
push ebx
:00437841 56
push esi
:00437842 E81DB7FCFF
call 00402F64
:00437847 8BDA
mov ebx, edx
:00437849 8BF0
mov esi, eax
:0043784B 8B86EC010000
:00437851 E8CAB3FCFF
call 00402C20
:00437856 8B86F0010000
mov eax, dword ptr [esi+000001F0]
:0043785C E8BFB3FCFF
call 00402C20
:00437861 8BD3
mov edx, ebx
:00437863 80E2FC
and dl, FC
:00437866 8BC6
mov eax, esi
:00437868 E8E7DAFEFF
call 00425354
:0043786D 84DB
test bl, bl
:0043786F 7E07
jle 00437878
:00437871 8BC6
mov eax, esi
:00437873 E8DCB6FCFF
call 00402F54

|:0043786F(C)
|
:00437878 5E
pop esi
:00437879 5B
pop ebx
:0043787A C3
ret
:0043787B 90
nop

|:00437FE2 , :0043A0AC
|
:0043787C 53
push ebx
:0043787D 8BDA
mov ebx, edx
:0043787F 8BD3
mov edx, ebx
:00437881 E862E9FEFF
call 004261E8
:00437886 836324FC
and dword ptr [ebx+24], FFFFFFFC
:0043788A 5B
pop ebx
:0043788B C3
ret

|:0043A2A9
|
:0043788C 53
push ebx
:0043788D 8BD8
mov ebx, eax
:0043788F 8BC3
mov eax, ebx
:00437891 E882EAFEFF
call 00426318
:00437896 A1502D4400
:0043789B 80780900
:0043789F 750D
jne 004378AE
:004378A1 8BC3
mov eax, ebx
:004378A3 E85816FFFF
call 00428F00
:004378A8 50
push eax
:004378A9 E8FA3CFEFF
call 0041B5A8
|:0043789F(C)
|
:004378AE 8BC3
:004378B0 E8DB010000
:004378B5 5B
:004378B6 C3
:004378B7 90
nop
mov eax, ebx

call 00437A90
pop ebx
ret

|:00439573
|
:004378B8 53
push ebx
:004378B9 56
push esi
:004378BA 57
push edi
:004378BB 8BF9
mov edi, ecx
:004378BD 8BF2
mov esi, edx
:004378BF 8BD8
mov ebx, eax
:004378C1 8BC3
mov eax, ebx
:004378C3
:004378C8
:004378CA
:004378CC
:004378CE
:004378D3
:004378D4
:004378D5
:004378D6
E848010000
8BCF
8BD6
8BC3
E879E1FEFF
5F
5E
5B
C3
call 00437A10
mov ecx, edi
mov edx, esi
mov eax, ebx
call 00425A4C
pop edi
pop esi
pop ebx
ret
:004378D7
:004378D8
:004378DC
:004378DE
:004378E5
:004378E7
:004378EE
90
80784C00
7512
80B83801000000
740C
80B88001000000
7403
nop
jne 004378F0
je 004378F3
je 004378F3

|:004378DC(C)
|
:004378F0 33C0
xor eax, eax
:004378F2 C3
ret

|:004378E5(C), :004378EE(C)
|
:004378F3 B001
mov al, 01
:004378F5 C3
ret
:004378F6
:004378F8
:004378F9
:004378FB
:004378FE
:004378FF
:00437900
:00437901
:00437904
:00437906
:0043790B
:00437910
:00437913
:00437915
:00437916
:0043791B
:0043791E
:00437921
:00437924
:00437929
:0043792C
:0043792F
:00437935
:00437937
:0043793C
:0043793E
8BC0
55
8BEC
83C4F0
53
56
57
8945FC
B201
A154B54000
E8E0B2FCFF
8945F0
33C0
55
68007A4300
64FF30
648920
8B45FC
E88BB2FEFF
8945F8
8B45FC
8B98EC010000
8BC3
E808F6FFFF
84C0
7408
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF0
push ebx
push esi
push edi
mov dl, 01
call 00402BF0
xor eax, eax
push ebp
push 00437A00
call 00422BB4
mov ebx, dword ptr [eax+000001EC]
mov eax, ebx
call 00436F44
test al, al
je 00437948
:00437940 8B4310
:00437943 3B45F8
:00437946 7F04

jg 0043794C

|:0043793E(C)
|
:00437948 33C0
xor eax, eax
:0043794A EB02
jmp 0043794E
|:00437946(C)
|
:0043794C B001
mov al, 01
|:0043794A(U)
|
:0043794E 8845F7
:00437951 807DF700
:00437955 740F
:00437957 8B4310
:0043795A 8945F8
:0043795D 33D2
:0043795F 8BC3
:00437961 E802FBFFFF
|:00437955(C)
|
:00437966 8B45FC
:00437969 E81AE7FEFF
:0043796E 8BF0
:00437970 4E
:00437971 85F6
:00437973 7C37
:00437975 46
:00437976 33DB
|:004379AA(C)
|
:00437978 8BD3
:0043797A 8B45FC
:0043797D E8CAE6FEFF
:00437982 8BF8
:00437984 8BD3
:00437986 8B45FC
:00437989 E8BEE6FEFF
:0043798E 8BD0
:00437990 8B45F0
:00437993 E8C850FDFF
:00437998 8B55F8
:0043799B 2B5738
:0043799E 2B5730
:004379A1 8BC7
:004379A3 E8B8AFFEFF
:004379A8 43
:004379A9 4E
:004379AA 75CC

je 00437966
xor edx, edx
mov eax, ebx
call 00437468

call 00426088
mov esi, eax
dec esi
test esi, esi
jl 004379AC
inc esi
xor ebx, ebx
mov edx, ebx

mov eax, dword
call 0042604C
mov edi, eax
mov edx, ebx
mov eax, dword
call 0042604C
mov edx, eax
mov eax, dword
call 0040CA60
mov edx, dword
sub edx, dword
sub edx, dword
mov eax, edi
call 00422960
inc ebx
dec esi
jne 00437978
ptr [ebp-04]
ptr [ebp-04]
ptr [ebp-10]
ptr [ebp-08]
ptr [edi+38]
ptr [edi+30]

|:00437973(C)
|
:004379AC 8B45F0
:004379AF 8B7008
:004379B2 4E
dec esi
:004379B3 85F6
test esi, esi
:004379B5 7C1F
jl 004379D6
:004379B7 46
inc esi
:004379B8 33DB
xor ebx, ebx
|:004379D4(C)
|
:004379BA 6A00
:004379BC 8BD3
:004379BE 8B45F0
:004379C1 E8B251FDFF
:004379C6 33C9
:004379C8 BA3EB00000
:004379CD E8C2C7FEFF
:004379D2 43
:004379D3 4E
:004379D4 75E4
|:004379B5(C)
|
:004379D6 807DF700
:004379DA 740E
:004379DC 8B45FC
:004379DF 8B80EC010000
:004379E5 E8AEF3FFFF
push 00000000
mov edx, ebx
call 0040CB78
xor ecx, ecx
mov edx, 0000B03E
call 00424194
inc ebx
dec esi
jne 004379BA

je 004379EA
call 00436D98

|:004379DA(C)
|
:004379EA 33C0
xor eax, eax
:004379EC 5A
pop edx
:004379ED 59
pop ecx
:004379EE 59
pop ecx
:004379EF 648910
|
:004379F2 68077A4300
push 00437A07
|:00437A05(U)
|
:004379F7 8B45F0
:004379FA E821B2FCFF
:004379FF C3
:00437A00
:00437A05
:00437A07
:00437A08
jmp
jmp
pop
pop
E973B8FCFF
EBF0
5F
5E

call 00402C20
ret
00403278
004379F7
edi
esi
:00437A09
:00437A0A
:00437A0C
:00437A0D
5B
8BE5
5D
C3
pop ebx
mov esp, ebp
pop ebp
ret
:00437A0E 8BC0
mov eax, eax

|:004378C3 , :00437A4B , :00438048 , :0043B1FE
|
:00437A10 53
push ebx
:00437A11 8BD8
mov ebx, eax
:00437A13 83BBF801000000
cmp dword ptr [ebx+000001F8], 00000000
:00437A1A 7F16
jg 00437A32
:00437A1C 8B83EC010000
:00437A22 E871F4FFFF
call 00436E98
:00437A27 8B83F0010000
:00437A2D E866F4FFFF
call 00436E98
|:00437A1A(C)
|
:00437A32 5B
pop ebx
:00437A33 C3
ret

|:00439713 , :0043C67D
|
:00437A34 53
push ebx
:00437A35 8BD8
mov ebx, eax
:00437A37 3A93F4010000
:00437A3D 742D
je 00437A6C
:00437A3F 8893F4010000
:00437A45 84D2
test dl, dl
:00437A47 7409
je 00437A52
:00437A49 8BC3
mov eax, ebx
:00437A4B E8C0FFFFFF
call 00437A10
:00437A50 EB1A
jmp 00437A6C
|:00437A47(C)
|
:00437A52 33D2
:00437A54 8B83EC010000
:00437A5A E82DFBFFFF
:00437A5F 33D2
:00437A61 8B83F0010000
:00437A67 E820FBFFFF

xor edx, edx
call 0043758C
xor edx, edx
call 0043758C

|:00437A3D(C), :00437A50(U)
|
:00437A6C 5B
pop ebx
:00437A6D C3
ret
:00437A6E 8BC0
mov eax, eax
:00437A70
:00437A71
:00437A73
:00437A79
:00437A7B
:00437A7E
:00437A7F
56
8BF0
8B86EC010000
8B08
FF5108
5E
C3
push esi
mov esi, eax
call [ecx+08]
pop esi
ret
:00437A80
:00437A81
:00437A83
:00437A89
:00437A8B
:00437A8E
:00437A8F
56
8BF0
8B86F0010000
8B08
FF5108
5E
C3
push esi
mov esi, eax
mov eax, dword ptr [esi+000001F0]
call [ecx+08]
pop esi
ret

|:0043742B , :00437447 , :0043753B , :00437553 , :0043756B
|:00437585 , :004375B2 , :004378B0 , :00437E21 , :00437F6D
|
:00437A90 55
push ebp
:00437A91 8BEC
mov ebp, esp
:00437A93 51
push ecx
:00437A94 8945FC
:00437A97 8B45FC
:00437A9A 80B8FC01000000
cmp byte ptr [eax+000001FC], 00
:00437AA1 0F85DB000000
jne 00437B82
:00437AA7 8B45FC
:00437AAA E83118FFFF
call 004292E0
:00437AAF 84C0
test al, al
:00437AB1 0F84CB000000
je 00437B82
:00437AB7 33C0
xor eax, eax
:00437AB9 55
push ebp
:00437ABA 687B7B4300
push 00437B7B
:00437ABF 64FF30
:00437AC2 648920
:00437AC5 8B45FC
:00437AC8 C680FC01000001
mov byte ptr [eax+000001FC], 01
:00437ACF 8B45FC
:00437AD2 8B80F0010000
mov eax, dword ptr [eax+000001F0]
:00437AD8 E8CFF5FFFF
call 004370AC
:00437ADD 84C0
test al, al
:00437ADF 7426
je 00437B07
:00437AE1 8B45FC
:00437AE4 8B80EC010000
:00437AEA B101
mov cl, 01
:00437AEC 33D2
xor edx, edx
:00437AEE E8CDFBFFFF
call 004376C0
:00437AF3 8B45FC
:00437AF6 8B80F0010000
:00437AFC 33C9
xor ecx, ecx
:00437AFE B201
mov dl, 01
:00437B00 E8BBFBFFFF
call 004376C0
:00437B05 EB5C
jmp 00437B63
|:00437ADF(C)
|
:00437B07
:00437B0A
:00437B10
:00437B15
:00437B17
:00437B19
:00437B1C
:00437B22
:00437B24
:00437B26
:00437B2B
:00437B2E
:00437B34
:00437B36
:00437B38
:00437B3D
8B45FC
8B80EC010000
E897F5FFFF
84C0
7426
8B45FC
8B80F0010000
B101
33D2
E895FBFFFF
8B45FC
8B80EC010000
33C9
B201
E883FBFFFF
EB24
mov eax, dword

mov eax, dword
call 004370AC
test al, al
je 00437B3F
mov eax, dword
mov eax, dword
mov cl, 01
xor edx, edx
call 004376C0
mov eax, dword
mov eax, dword
xor ecx, ecx
mov dl, 01
call 004376C0
jmp 00437B63
ptr [ebp-04]
ptr [eax+000001EC]
ptr [ebp-04]
ptr [eax+000001F0]
ptr [ebp-04]
ptr [eax+000001EC]
|:00437B17(C)
|
:00437B3F 8B45FC
:00437B42 8B80F0010000
:00437B48 33C9
:00437B4A 33D2
:00437B4C E86FFBFFFF
:00437B51 8B45FC
:00437B54 8B80EC010000
:00437B5A 33C9
:00437B5C B201
:00437B5E E85DFBFFFF
|:00437B05(U), :00437B3D(U)
|
:00437B63 33C0
:00437B65 5A
:00437B66 59
:00437B67 59
:00437B68 648910
:00437B6B 68827B4300
|:00437B80(U)
|
:00437B70 8B45FC
:00437B73 C680FC01000000
:00437B7A C3
:00437B7B E9F8B6FCFF
:00437B80 EBEE
jmp 00403278
jmp 00437B70
|:00437AA1(C), :00437AB1(C)
|
:00437B82 59
:00437B83 5D
:00437B84 C3
mov eax, dword

mov eax, dword
xor ecx, ecx
xor edx, edx
call 004376C0
mov eax, dword
mov eax, dword
xor ecx, ecx
mov dl, 01
call 004376C0
ptr [ebp-04]
ptr [eax+000001F0]
ptr [ebp-04]
ptr [eax+000001EC]
xor eax, eax

pop edx
pop ecx
pop ecx
push 00437B82

mov byte ptr [eax+000001FC], 00
ret
pop ecx
pop ebp
ret
:00437B85 8D4000

|:0043A8B9
|
:00437B88 85D2
test edx, edx
:00437B8A 7411
je 00437B9D
:00437B8C F6422001
test [edx+20], 01
:00437B90 750B
jne 00437B9D
:00437B92 F6402001
test [eax+20], 01
:00437B96 7505
jne 00437B9D
:00437B98 E803000000
call 00437BA0
|:00437B8A(C), :00437B90(C), :00437B96(C)
|
:00437B9D C3
ret
:00437B9E 8BC0
mov eax, eax
|:00437B98
|
:00437BA0 53
push ebx
:00437BA1 56
push esi
:00437BA2 57
push edi
:00437BA3 55
push ebp
:00437BA4 83C4E0
add esp, FFFFFFE0
:00437BA7 8BF2
mov esi, edx
:00437BA9 8BD8
mov ebx, eax
:00437BAB 8BFC
mov edi, esp
:00437BAD 85F6
test esi, esi
:00437BAF 0F8434010000
je 00437CE9
:00437BB5 8BD7
mov edx, edi
:00437BB7 8BC6
mov eax, esi
:00437BB9 8B08
:00437BBB FF5144
call [ecx+44]
:00437BBE 8B83EC010000
:00437BC4 0FB7401A
:00437BC8 2907
sub dword ptr [edi], eax
:00437BCA 014708
:00437BCD 8B83F0010000
:00437BD3 0FB7401A
:00437BD7 294704
sub dword ptr [edi+04], eax
:00437BDA 01470C
add dword ptr [edi+0C], eax
:00437BDD 8D4C2418
:00437BE1 8BD7
mov edx, edi
:00437BE3 8BC6
mov eax, esi
:00437BE5 E8DEB0FEFF
call 00422CC8
:00437BEA 8D542418
:00437BEE 8D4C2410
:00437BF2 8BC3
mov eax, ebx
:00437BF4 E8FBB0FEFF
call 00422CF4
:00437BF9 8B442410
:00437BFD 8907
:00437BFF 8B442414
:00437C03 894704
:00437C06 8D4C2418
:00437C0A 8D5708
:00437C0D 8BC6
mov eax, esi
:00437C0F
:00437C14
:00437C18
:00437C1C
:00437C1E
:00437C23
:00437C27
:00437C2A
:00437C2E
:00437C31
:00437C33
:00437C35
:00437C37
:00437C3D
:00437C40
:00437C42
:00437C47
E8B4B0FEFF
8D542418
8D4C2410
8BC3
E8D1B0FEFF
8B442410
894708
8B442414
89470C
8B37
85F6
7D12
8B83EC010000
8B500C
03D6
E821F8FFFF
EB43
call 00422CC8
mov eax, ebx
call 00422CF4
test esi, esi
jge 00437C49
add edx, esi
call 00437468
jmp 00437C8C
|:00437C35(C)
|
:00437C49 8BC3
:00437C4B E864AFFEFF
:00437C50 8B6F08
:00437C53 3BC5
:00437C55 7D35
:00437C57 8BC3
:00437C59 E856AFFEFF
:00437C5E 2BEE
:00437C60 3BC5
:00437C62 7D0C
:00437C64 8BC3
:00437C6B 0307
:00437C6D 894708
|:00437C62(C)
|
:00437C70 8BB3EC010000
:00437C76 8BC3
:00437C7D 8B560C
:00437C80 035708
:00437C83 2BD0
:00437C85 8BC6
:00437C87 E8DCF7FFFF
|:00437C47(U), :00437C55(C)
|
:00437C8C 8B7704
:00437C8F 85F6
:00437C91 7D12
:00437C93 8B83F0010000
:00437C99 8B500C
:00437C9C 03D6
:00437C9E E8C5F7FFFF
:00437CA3 EB44
mov eax, ebx

call 00422BB4
cmp eax, ebp
jge 00437C8C
mov eax, ebx
call 00422BB4
sub ebp, esi
cmp eax, ebp
jge 00437C70
mov eax, ebx
call 00422BB4
add eax, dword ptr [edi]
mov esi, dword ptr [ebx+000001EC]

mov eax, ebx
call 00422BB4
add edx, dword ptr [edi+08]
sub edx, eax
mov eax, esi
call 00437468

test esi, esi
jge 00437CA5
add edx, esi
call 00437468
jmp 00437CE9
|:00437C91(C)
|
:00437CA5 8BC3
:00437CA7 E84CAFFEFF
:00437CAC 8B6F0C
:00437CAF 3BC5
:00437CB1 7D36
:00437CB3 8BC3
:00437CB5 E83EAFFEFF
:00437CBA 2BEE
:00437CBC 3BC5
:00437CBE 7D0D
:00437CC0 8BC3
:00437CC2 E831AFFEFF
:00437CC7 034704
:00437CCA 89470C
|:00437CBE(C)
|
:00437CCD 8BB3F0010000
:00437CD3 8BC3
:00437CD5 E81EAFFEFF
:00437CDA 8B560C
:00437CDD 03570C
:00437CE0 2BD0
:00437CE2 8BC6
:00437CE4 E87FF7FFFF
mov eax, ebx

call 00422BF8
mov ebp, dword ptr [edi+0C]
cmp eax, ebp
jge 00437CE9
mov eax, ebx
call 00422BF8
sub ebp, esi
cmp eax, ebp
jge 00437CCD
mov eax, ebx
call 00422BF8
mov esi, dword ptr [ebx+000001F0]

mov eax, ebx
call 00422BF8
add edx, dword ptr [edi+0C]
sub edx, eax
mov eax, esi
call 00437468

|:00437BAF(C), :00437CA3(U), :00437CB1(C)
|
:00437CE9 83C420
add esp, 00000020
:00437CEC 5D
pop ebp
:00437CED 5F
pop edi
:00437CEE 5E
pop esi
:00437CEF 5B
pop ebx
:00437CF0 C3
ret
:00437CF1 8D4000

|:00437DA7 , :00438748 , :0043880C , :004389B0
|
:00437CF4 53
push ebx
:00437CF5 56
push esi
:00437CF6 57
push edi
:00437CF7 55
push ebp
:00437CF8 8BF9
mov edi, ecx
:00437CFA 8BF2
mov esi, edx
:00437CFC 8BD8
mov ebx, eax
:00437CFE 3BFE
cmp edi, esi
:00437D00 747D
je 00437D7F
:00437D02 F6432001
test [ebx+20], 01
:00437D06 7514
jne 00437D1C
:00437D08 8B83EC010000
:00437D0E C6401E01
mov [eax+1E], 01
:00437D12 8B83F0010000
:00437D18 C6401E01
mov [eax+1E], 01
|:00437D06(C)
|
:00437D1C 33D2
:00437D1E 8B83EC010000
:00437D24 E83FF7FFFF
:00437D29 33D2
:00437D2B 8B83F0010000
:00437D31 E832F7FFFF
:00437D36 80BBF401000000
:00437D3D 7540
:00437D3F 8BABEC010000
:00437D45 807D1E00
:00437D49 7414
:00437D4B 57
:00437D4C 56
:00437D4D 8B4510
:00437D50 50

xor edx, edx
call 00437468
xor edx, edx
call 00437468
jne 00437D7F
mov ebp, dword ptr [ebx+000001EC]
cmp byte ptr [ebp+1E], 00
je 00437D5F
push edi
push esi
push eax

|
:00437D51 E80AE0FCFF
Call 00405D60
:00437D56 8BD0
mov edx, eax
:00437D58 8BC5
mov eax, ebp
:00437D5A E82DF8FFFF
call 0043758C
|:00437D49(C)
|
:00437D5F 8BABF0010000
:00437D65 807D1E00
:00437D69 7414
:00437D6B 57
:00437D6C 56
:00437D6D 8B4510
:00437D70 50

mov ebp, dword ptr [ebx+000001F0]
cmp byte ptr [ebp+1E], 00
je 00437D7F
push edi
push esi
push eax

|
:00437D71 E8EADFFCFF
Call 00405D60
:00437D76 8BD0
mov edx, eax
:00437D78 8BC5
mov eax, ebp
:00437D7A E80DF8FFFF
call 0043758C
|:00437D00(C), :00437D3D(C), :00437D69(C)
|
:00437D7F 8B83EC010000
:00437D85 C6401E00
mov [eax+1E], 00
:00437D89 8B83F0010000
:00437D8F C6401E00
mov [eax+1E], 00
:00437D93 5D
pop ebp
:00437D94 5F
pop edi
:00437D95 5E
pop esi
:00437D96 5B
pop ebx
:00437D97 C3
ret
:00437D98
:00437D99
:00437D9A
:00437D9B
:00437D9D
:00437D9F
:00437DA1
:00437DA3
:00437DA5
:00437DA7
:00437DAC
:00437DAE
:00437DB0
:00437DB2
:00437DB7
:00437DB8
:00437DB9
:00437DBA
53
56
57
8BF9
8BF2
8BD8
8BCF
8BD6
8BC3
E848FFFFFF
8BCF
8BD6
8BC3
E89D0CFFFF
5F
5E
5B
C3
:00437DBB 90
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call 00437CF4
mov ecx, edi
mov edx, esi
mov eax, ebx
call 00428A54
pop edi
pop esi
pop ebx
ret
nop

|:00438041 , :0043B1AA
|
:00437DBC 55
push ebp
:00437DBD 8BEC
mov ebp, esp
:00437DBF 51
push ecx
:00437DC0 8945FC
:00437DC3 8B45FC
:00437DC6 FF80F8010000
inc dword ptr [eax+000001F8]
:00437DCC 33C0
xor eax, eax
:00437DCE 55
push ebp
:00437DCF 68F97D4300
push 00437DF9
:00437DD4 64FF30
:00437DD7 648920
:00437DDA 8B45FC
:00437DDD E852F6FEFF
call 00427434
:00437DE2 33C0
xor eax, eax
:00437DE4 5A
pop edx
:00437DE5 59
pop ecx
:00437DE6 59
pop ecx
:00437DE7 648910
:00437DEA 68007E4300
push 00437E00
|:00437DFE(U)
|
:00437DEF 8B45FC
:00437DF2 FF88F8010000
:00437DF8 C3
:00437DF9
:00437DFE
:00437E00
:00437E03
:00437E09
:00437E0D
:00437E0F
jmp
jmp
mov
mov
cmp
jne
mov
E97AB4FCFF
EBEF
8B45FC
8B80EC010000
80781C00
750F
8B45FC

dec dword ptr [eax+000001F8]
ret
00403278
00437DEF
eax, dword ptr [eax+000001EC]
byte ptr [eax+1C], 00
00437E1E
:00437E12 8B80F0010000
:00437E18 80781C00
:00437E1C 7408

je 00437E26

|:00437E0D(C)
|
:00437E1E 8B45FC
:00437E21 E86AFCFFFF
call 00437A90
|:00437E1C(C)
|
:00437E26 59
pop ecx
:00437E27 5D
pop ebp
:00437E28 C3
ret
:00437E29
:00437E2C
:00437E30
:00437E32
:00437E38
:00437E3C
:00437E3E
:00437E44
:00437E49
8D4000
837A0800
7518
8B88EC010000
80791C00
740C
8B80EC010000
E8DBF2FFFF
C3

jne 00437E4A
mov ecx, dword ptr [eax+000001EC]
cmp byte ptr [ecx+1C], 00
je 00437E4A
call 00437124
ret

|:00437E30(C), :00437E3C(C)
|
:00437E4A E8BDF3FEFF
call 0042720C
:00437E4F C3
ret
:00437E50
:00437E54
:00437E56
:00437E5C
:00437E60
:00437E62
:00437E68
:00437E6D
837A0800
7518
8B88F0010000
80791C00
740C
8B80F0010000
E8B7F2FFFF
C3

jne 00437E6E
mov ecx, dword ptr [eax+000001F0]
cmp byte ptr [ecx+1C], 00
je 00437E6E
call 00437124
ret

|:00437E54(C), :00437E60(C)
|
:00437E6E E8B9F3FEFF
call 0042722C
:00437E73 C3
ret
:00437E74
:00437E75
:00437E76
:00437E77
:00437E7A
53
56
57
83C4F0
8BF2
push ebx
push esi
push edi
add esp, FFFFFFF0
mov esi, edx
:00437E7C
:00437E7E
:00437E80
:00437E85
:00437E8B
:00437E8E
:00437E93
:00437E94
:00437E98
:00437E99
:00437E9B
:00437EA0
:00437EA2
:00437EA8
:00437EAB
:00437EB0
:00437EB2
:00437EB8
:00437EBB
:00437EBD
:00437EC0
:00437EC2
:00437EC7
:00437EC8
:00437ECA
:00437ECE
:00437ED3
:00437ED4
:00437ED5
:00437ED6
:00437ED8
:00437EDA
:00437EDF
:00437EE2
:00437EE3
:00437EE4
:00437EE5
8BD8
8BC3
E873ADFEFF
8B93F0010000
8B5210
E82536FEFF
50
8D442404
50
8BC3
E814ADFEFF
8BD0
8BBBEC010000
8B4710
E80836FEFF
8BC8
8B83F0010000
8B500C
F7DA
8B470C
F7D8
E8ED42FDFF
56
8BFE
8D742404
B904000000
F3
A5
5E
8BD6
8BC3
E895D6FEFF
83C410
5F
5E
5B
C3
:00437EE6 8BC0
mov ebx, eax

mov eax, ebx
call 00422BF8
mov edx, dword ptr
mov edx, dword ptr
call 0041B4B8
push eax
lea eax, dword ptr
push eax
mov eax, ebx
call 00422BB4
mov edx, eax
mov edi, dword ptr
mov eax, dword ptr
call 0041B4B8
mov ecx, eax
mov eax, dword ptr
mov edx, dword ptr
neg edx
mov eax, dword ptr
neg eax
call 0040C1B4
push esi
mov edi, esi
lea esi, dword ptr
mov ecx, 00000004
repz
movsd
pop esi
mov edx, esi
mov eax, ebx
call 00425574
add esp, 00000010
pop edi
pop esi
pop ebx
ret
[ebx+000001F0]
[edx+10]
[esp+04]
[ebx+000001EC]
[edi+10]
[ebx+000001F0]
[eax+0C]
[edi+0C]
[esp+04]
mov eax, eax

|:004395AC
|
:00437EE8 55
push ebp
:00437EE9 8BEC
mov ebp, esp
:00437EEB 83C4F4
add esp, FFFFFFF4
:00437EEE 8955F8
:00437EF1 8945FC
:00437EF4 8B45F8
:00437EF7 8B4004
:00437EFA 8945F4
:00437EFD 33C0
xor eax, eax
:00437EFF 55
push ebp
:00437F00 68497F4300
push 00437F49
:00437F05 64FF30
:00437F08 648920
:00437F0B 8B45FC
:00437F0E 8B150C454300
:00437F14 E877AEFCFF
call 00402D90
:00437F19
:00437F1B
:00437F1D
:00437F20
84C0
750A
8B45F8
C7400401000000
|:00437F1B(C)
|
:00437F27 8B55F8
:00437F2A 8B45FC
:00437F2D E80204FFFF
:00437F32 33C0
:00437F34 5A
:00437F35 59
:00437F36 59
:00437F37 648910
:00437F3A 68507F4300
test al, al
jne 00437F27
mov [eax+04], 00000001
call 00428334
xor eax, eax
pop edx
pop ecx
pop ecx
push 00437F50

|:00437F4E(U)
|
:00437F3F 8B45F8
:00437F42 8B55F4
:00437F45 895004
:00437F48 C3
ret
:00437F49
:00437F4E
:00437F50
:00437F53
:00437F58
:00437F5A
:00437F5C
:00437F5F
:00437F65
:00437F6A
:00437F6D
E92AB3FCFF
EBEF
8B45FC
E88813FFFF
84C0
7416
8B45FC
8B80EC010000
E82EEEFFFF
8B45FC
E81EFBFFFF
jmp 00403278
jmp 00437F3F
mov eax, dword
call 004292E0
test al, al
je 00437F72
mov eax, dword
mov eax, dword
call 00436D98
mov eax, dword
call 00437A90
ptr [ebp-04]
ptr [ebp-04]
ptr [eax+000001EC]
ptr [ebp-04]

|:00437F5A(C)
|
:00437F72 8BE5
mov esp, ebp
:00437F74 5D
pop ebp
:00437F75 C3
ret
:00437F76
:00437F78
:00437F79
:00437F7A
:00437F7C
:00437F7E
:00437F81
8BC0
53
56
84D2
7408
83C4F0
E87EAFFCFF
mov eax, eax

push ebx
push esi
test dl, dl
je 00437F86
add esp, FFFFFFF0
call 00402F04

|:00437F7C(C)
|
:00437F86 8BDA
mov ebx, edx
:00437F88 8BF0
mov esi, eax
:00437F8A
:00437F8C
:00437F8E
:00437F93
:00437F98
:00437F9B
:00437FA0
:00437FA2
:00437FA7
:00437FAC
:00437FAE
:00437FB3
:00437FBA
:00437FBC
:00437FBE
:00437FC0
:00437FC5
:00437FCC
33D2
8BC6
E845F8FFFF
A1D47F4300
894640
BAB9000000
8BC6
E805AAFEFF
BA29000000
8BC6
E81DAAFEFF
C6860002000001
8BC6
84DB
740F
E897AFFCFF
648F0500000000
83C40C
xor edx, edx

mov eax, esi
call 004377D8
mov edx, 000000B9
mov eax, esi
call 004229AC
mov edx, 00000029
mov eax, esi
call 004229D0
mov eax, esi
test bl, bl
je 00437FCF
call 00402F5C
add esp, 0000000C

|:00437FBE(C)
|
:00437FCF 8BC6
mov eax, esi
:00437FD1 5E
pop esi
:00437FD2 5B
pop ebx
:00437FD3 C3
ret
:00437FD4 AB
:00437FD5 000000
stosd
BYTE 3 DUP(0)
:00437FD8
:00437FD9
:00437FDA
:00437FDC
:00437FDE
:00437FE0
:00437FE2
:00437FE7
:00437FE9
:00437FEF
:00437FF6
:00437FF9
:00437FFE
:00438001
:00438003
:0043800A
:0043800C
:00438013
:00438015
:0043801C
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 0043787C
xor eax, eax
mov eax, dword ptr [4*eax+004428B0]
or dword ptr [esi+04], eax
je 00438023
je 00438023
jne 00438023
and dword ptr [esi+04], FF7FFFFF
53
56
8BF2
8BD8
8BD6
8BC3
E895F8FFFF
33C0
8A8300020000
8B0485B0284400
094604
A18C2B4400
803800
7420
80BB2C01000000
7417
80BB0002000001
750E
816604FFFF7FFF
814E0800020000

|:00438001(C), :0043800A(C), :00438013(C)
|
:00438023 5E
pop esi
:00438024 5B
pop ebx
:00438025 C3
ret
:00438026
:00438028
:0043802E
:00438030
:00438036
8BC0
3A9000020000
740B
889000020000
E841E6FEFF
mov eax, eax

je 0043803B
call 0042667C
|:0043802E(C)
|
:0043803B C3
:0043803C 53
:0043803D 8BD8
:0043803F 8BC3
:00438041 E876FDFFFF
:00438046 8BC3
:00438048 E8C3F9FFFF
:0043804D 5B
:0043804E C3
:0043804F
:00438050
:00438052
:00438055
90
8B08
FF51F0
C3
nop
call [ecx-10]
ret
:00438056
:00438058
:00438059
:0043805A
:0043805C
:0043805E
:00438063
:00438066
:00438068
:0043806F
:00438071
:00438073
8BC0
53
56
8BF2
8BD8
A18C2B4400
803800
7410
80BB0002000001
7507
8BC3
E804E6FEFF
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
je 00438078
jne 00438078
mov eax, ebx
call 0042667C
ret
push ebx
mov ebx, eax
mov eax, ebx
call 00437DBC
mov eax, ebx
call 00437A10
pop ebx
ret
|:00438066(C), :0043806F(C)
|
:00438078 8BD6
:0043807A 8BC3
:0043807C E8D704FFFF
:00438081 5E
:00438082 5B
:00438083 C3
:00438084
:00438085
:00438087
:0043808D
:0043808E
:00438090
:00438096
:00438098
:0043809A
push ebp
mov ebp, esp
add esp, FFFFFEEC
push ebx
xor ebx, ebx
mov dword ptr [ebp+FFFFFEEC], ebx
test dl, dl
je 004380A2
add esp, FFFFFFF0
55
8BEC
81C4ECFEFFFF
53
33DB
899DECFEFFFF
84D2
7408
83C4F0
mov edx, esi

mov eax, ebx
call 00428558
pop esi
pop ebx
ret
:0043809D E862AEFCFF
call 00402F04
|:00438098(C)
|
:004380A2 8BD9
:004380A4 8855FB
:004380A7 8945FC
:004380AA 33C0
:004380AC 55
:004380AD 68E5814300
:004380B2 64FF30
:004380B5 648920
:004380B8 A1302D4400
:004380BD 8B00
:004380BF E85018FDFF
:004380C4 33C0
:004380C6 55
:004380C7 68C5814300
:004380CC 64FF30
:004380CF 648920
:004380D2 6A00
:004380D4 8BCB
:004380D6 33D2
:004380D8 8B45FC
:004380DB 8B18
:004380DD FF93C0000000
:004380E3 8B45FC
:004380E6 E87DAAFCFF
:004380EB 3B0518534300
:004380F1 0F84B4000000
:004380F7 8B45FC
:004380FA F6402010
:004380FE 0F85A7000000
:00438104 8B45FC
:00438107 8088C002000001
:0043810E 33C0
:00438110 55
:00438111 6890814300
:00438116 64FF30
:00438119 648920
:0043811C 8B1518534300
:00438122 8B45FC
:00438125 E87A48FDFF
:0043812A 84C0
:0043812C 754A
:0043812E 8D95F0FEFFFF
:00438134 8B45FC
:00438137 8B00
:00438139 E82EAAFCFF
:0043813E 8D85F0FEFFFF
:00438144 8945F0
:00438147 C645F404
:0043814B 8D45F0
:0043814E 50
:0043814F 6A00
:00438151 8D95ECFEFFFF
:00438157 A1A02B4400
:0043815C E8C3CCFCFF
:00438161 8B8DECFEFFFF

mov ebx, ecx
xor eax, eax
push ebp
push 004381E5
call 00409914
xor eax, eax
push ebp
push 004381C5
push 00000000
mov ecx, ebx
xor edx, edx
call 00402B68
je 004381AB
test [eax+20], 10
jne 004381AB
or byte ptr [eax+000002C0], 01
xor eax, eax
push ebp
push 00438190
call 0040C9A4
test al, al
jne 00438178
call 00402B6C
mov [ebp-0C], 04
push eax
push 00000000
lea edx, dword ptr [ebp+FFFFFEEC]
call 00404E24
mov ecx, dword ptr [ebp+FFFFFEEC]
:00438167
:00438169
:0043816E
:00438173
B201
A1D0B24000
E83507FDFF
E838B1FCFF
mov dl, 01
mov eax, dword ptr [0040B2D0]
call 004088A8
call 004032B0
|:0043812C(C)
|
:00438178 33C0
:0043817A 5A
:0043817B 59
:0043817C 59
:0043817D 648910
:00438180 6897814300
|:00438195(U)
|
:00438185 8B45FC
:00438188 80A0C0020000FE
:0043818F C3
:00438190
:00438195
:00438197
:0043819A
:004381A1
:004381A3
:004381A6
jmp 00403278
jmp 00438185
je 004381AB
call 00438448
E9E3B0FCFF
EBEE
8B45FC
80B81402000000
7408
8B45FC
E89D020000
xor eax, eax

pop edx
pop ecx
pop ecx
push 00438197

and byte ptr [eax+000002C0], FE
ret

|:004380F1(C), :004380FE(C), :004381A1(C)
|
:004381AB 33C0
xor eax, eax
:004381AD 5A
pop edx
:004381AE 59
pop ecx
:004381AF 59
pop ecx
:004381B0 648910
:004381B3 68CC814300
push 004381CC
|:004381CA(U)
|
:004381B8 A1302D4400
:004381BD 8B00
:004381BF E89C17FDFF
:004381C4 C3
:004381C5
:004381CA
:004381CC
:004381CE
:004381CF
:004381D0
:004381D1
:004381D4
jmp 00403278
jmp 004381B8
xor eax, eax
pop edx
pop ecx
pop ecx
push 004381EC
E9AEB0FCFF
EBEC
33C0
5A
59
59
648910
68EC814300

call 00409960
ret
|:004381EA(U)
|
:004381D9 8D85ECFEFFFF
:004381DF E8D4B5FCFF
:004381E4 C3

call 004037B8
ret
:004381E5
:004381EA
:004381EC
:004381EF
:004381F3
:004381F5
:004381FA
:00438201
jmp 00403278
jmp 004381D9
je 00438204
call 00402F5C
add esp, 0000000C
E98EB0FCFF
EBED
8B45FC
807DFB00
740F
E862ADFCFF
648F0500000000
83C40C

|:004381F3(C)
|
:00438204 8B45FC
:00438207 5B
pop ebx
:00438208 8BE5
mov esp, ebp
:0043820A 5D
pop ebp
:0043820B C3
ret
:0043820C 80B81402000000
:00438213 7505
:00438215 E82E020000

jne 0043821A
call 00438448

|:00438213(C)
|
:0043821A C3
ret
:0043821B 90
nop
|:00440BF9
|
:0043821C 55
push ebp
:0043821D 8BEC
mov ebp, esp
:0043821F 51
push ecx
:00438220 53
push ebx
:00438221 56
push esi
:00438222 84D2
test dl, dl
:00438224 7408
je 0043822E
:00438226 83C4F0
add esp, FFFFFFF0
:00438229 E8D6ACFCFF
call 00402F04
|:00438224(C)
|
:0043822E 8855FF
:00438231 8BD8
:00438233 33D2
:00438235 8BC3
:00438237 E89CF5FFFF
:0043823C A144834300
:00438241 894340
:00438244 33D2

mov ebx, eax
xor edx, edx
mov eax, ebx
call 004377D8
xor edx, edx
:00438246
:00438248
:0043824D
:0043824F
:00438251
:00438256
:0043825B
:0043825D
:00438262
:00438267
:00438269
:0043826E
:00438270
:00438272
:00438277
:00438279
:0043827B
:00438280
:00438282
:00438284
:00438289
:0043828B
:0043828D
:00438292
:00438297
:0043829D
:004382A4
:004382AB
:004382B2
:004382B4
:004382B9
:004382BE
:004382C0
:004382C6
:004382C9
:004382D0
:004382D7
:004382D9
:004382DE
:004382E3
:004382E5
:004382EB
:004382ED
:004382EF
:004382F4
:004382F9
:004382FC
:00438302
:00438309
:0043830B
:00438310
:00438316
:00438318
:0043831D
:00438322
:00438324
:00438328
:0043832A
:0043832F
:00438336
8BC3
E813A7FEFF
33D2
8BC3
E82EA7FEFF
BA40010000
8BC3
E84AA7FEFF
BAF0000000
8BC3
E862A7FEFF
33D2
8BC3
E80D0B0000
33D2
8BC3
E8D4B0FEFF
33D2
8BC3
E83FB0FEFF
B201
8BC3
E8AE0DFFFF
A048834300
888308020000
C6830902000002
C6830B02000000
C6831102000003
B201
A14C324100
E83A1EFEFF
8BF0
89B320020000
895E08
C74604208A4300
C6832402000000
B201
A130EB4100
E8F9C5FDFF
8BF0
89B318020000
8BD3
8BC6
E8D09CFEFF
A1A8374400
8B4034
89833C020000
C6831502000001
8BC3
E858A8FCFF
8983A0000000
8BD3
A1A8374400
E88A4B0000
8BC3
807DFF00
740F
E82DACFCFF
648F0500000000
83C40C
mov eax, ebx

call 00422960
xor edx, edx
mov eax, ebx
call 00422984
mov edx, 00000140
mov eax, ebx
call 004229AC
mov edx, 000000F0
mov eax, ebx
call 004229D0
xor edx, edx
mov eax, ebx
call 00438D84
xor edx, edx
mov eax, ebx
call 00423354
xor edx, edx
mov eax, ebx
call 004232C8
mov dl, 01
mov eax, ebx
call 00429040
mov byte ptr [ebx+0000020B], 00
mov dl, 01
call 0041A0F8
mov esi, eax
mov [esi+04], 00438A20
mov dl, 01
call 004148DC
mov esi, eax
mov edx, ebx
mov eax, esi
call 00421FC4
mov eax, ebx
call 00402B68
mov dword ptr [ebx+000000A0], eax
mov edx, ebx
call 0043CEAC
mov eax, ebx
je 00438339
call 00402F5C
add esp, 0000000C

|:00438328(C)
|
:00438339 8BC3
mov eax, ebx
:0043833B 5E
pop esi
:0043833C 5B
pop ebx
:0043833D 59
pop ecx
:0043833E 5D
pop ebp
:0043833F C20400
ret 0004
:00438342 0000
BYTE 2 DUP(0)
:00438344 AB
:00438345 000000
stosd
BYTE 3 DUP(0)
:00438348 07
:00438349 000000
pop es
BYTE 3 DUP(0)
:0043834C
:0043834D
:0043834F
:00438354
:00438356
:0043835B
:0043835D
:00438362
:00438367
:0043836A
:0043836C
:00438371
:00438373
:00438375
:0043837A
:00438381
:00438383
:00438389
:0043838B
push ebx
mov ebx, eax
call 00409914
mov eax, ebx
call 00411730
mov edx, ebx
call 0040CD44
xor edx, edx
mov eax, ebx
call 0040F1E8
cmp dword ptr [ebx+00000244], 00000000
je 0043838E
call [edx+0C]
53
8BD8
A1302D4400
8B00
E8B915FDFF
8BC3
E8CE93FDFF
A1A8374400
8B4070
8BD3
E8D349FDFF
33D2
8BC3
E86E6EFDFF
83BB4402000000
740B
8B8344020000
8B10
FF520C
|:00438381(C)
|
:0043838E 80BB0F02000001
:00438395 7407
:00438397 8BC3
:00438399 E8D23A0000
|:00438395(C)
|
:0043839E 80BB1402000000
:004383A5 7507
:004383A7 8BC3
:004383A9 E80E010000
cmp byte ptr [ebx+0000020F], 01

je 0043839E
mov eax, ebx
call 0043BE70

jne 004383AE
mov eax, ebx
call 004384BC
|:004383A5(C)
|
:004383AE 5B
:004383AF C3
pop ebx
ret
:004383B0
:004383B1
:004383B2
:004383B7
:004383B9
:004383BB
:004383C2
:004383C4
:004383C6
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
je 004383CB
mov eax, esi
call 004384BC
53
56
E8ADABFCFF
8BDA
8BF0
80BE1402000000
7407
8BC6
E8F1000000
|:004383C2(C)
|
:004383CB 33D2
:004383CD 8BC6
:004383CF E86C260000
:004383D4 8BC6
:004383D6 E8050FFFFF
:004383DB 84C0
:004383DD 740A
:004383DF 8BC6
:004383E1 8B10
:004383E3 FF92A0000000
|:004383DD(C)
|
:004383E9 8BD6
:004383EB A1A8374400
:004383F0 E8EF4A0000
:004383F5 8B8618020000
:004383FB E820A8FCFF
:00438400 8B8620020000
:00438406 E815A8FCFF
:0043840B 8B8628020000
:00438411 E80AA8FCFF
:00438416 8B86BC020000
:0043841C E8FFA7FCFF
:00438421 8BD3
:00438423 80E2FC
:00438426 8BC6
:00438428 E813F4FFFF
:0043842D A1302D4400
:00438432 8B00
:00438434 E82715FDFF
:00438439 84DB
:0043843B 7E07
:0043843D 8BC6
:0043843F E810ABFCFF
xor edx, edx

mov eax, esi
call 0043AA40
mov eax, esi
call 004292E0
test al, al
je 004383E9
mov eax, esi
mov edx, esi

mov eax, dword
call 0043CEE4
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 00437840
mov eax, dword
mov eax, dword
call 00409960
test bl, bl
jle 00438444
mov eax, esi
call 00402F54
ptr [004437A8]
ptr [esi+00000218]
ptr [esi+00000220]
ptr [esi+00000228]
ptr [esi+000002BC]
ptr [00442D30]
ptr [eax]

|:0043843B(C)
|
:00438444 5E
pop esi
:00438445 5B
:00438446 C3
pop ebx
ret
:00438447 90
nop

|:004381A6 , :00438215
|
:00438448 55
push ebp
:00438449 8BEC
mov ebp, esp
:0043844B 51
push ecx
:0043844C 53
push ebx
:0043844D 56
push esi
:0043844E 57
push edi
:0043844F 8945FC
:00438452 8B45FC
:00438455 6683B8AE02000000
cmp word ptr [eax+000002AE], 0000
:0043845D 7441
je 004384A0
:0043845F 33C0
xor eax, eax
:00438461 55
push ebp
:00438462 6889844300
push 00438489
:00438467 64FF30
:0043846A 648920
:0043846D 8B5DFC
:00438470 8B55FC
:00438473 8B83B0020000
:00438479 FF93AC020000
call dword ptr [ebx+000002AC]
:0043847F 33C0
xor eax, eax
:00438481 5A
pop edx
:00438482 59
pop ecx
:00438483 59
pop ecx
:00438484 648910
:00438487 EB17
jmp 004384A0
:00438489 E9E2ABFCFF
jmp 00403070
:0043848E 8B55FC
:00438491 A1A4374400
:00438496 E8C9690000
call 0043EE64
:0043849B E880AEFCFF
call 00403320
|:0043845D(C), :00438487(U)
|
:004384A0 8B45FC
:004384A3 F680C002000002
:004384AA 740A
:004384AC B201
:004384AE 8B45FC
:004384B1 E8CE080000

test byte ptr [eax+000002C0], 02
je 004384B6
mov dl, 01
call 00438D84

|:004384AA(C)
|
:004384B6 5F
pop edi
:004384B7 5E
pop esi
:004384B8 5B
pop ebx
:004384B9 59
pop ecx
:004384BA 5D
pop ebp
:004384BB C3
ret

|:004383A9 , :004383C6
|
:004384BC 55
push ebp
:004384BD 8BEC
mov ebp, esp
:004384BF 51
push ecx
:004384C0 53
push ebx
:004384C1 56
push esi
:004384C2 57
push edi
:004384C3 8945FC
:004384C6 8B45FC
:004384C9 6683B8B602000000
:004384D1 7441
je 00438514
:004384D3 33C0
xor eax, eax
:004384D5 55
push ebp
:004384D6 68FD844300
push 004384FD
:004384DB 64FF30
:004384DE 648920
:004384E1 8B5DFC
:004384E4 8B55FC
:004384E7 8B83B8020000
:004384ED FF93B4020000
:004384F3 33C0
xor eax, eax
:004384F5 5A
pop edx
:004384F6 59
pop ecx
:004384F7 59
pop ecx
:004384F8 648910
:004384FB EB17
jmp 00438514
:004384FD E96EABFCFF
jmp 00403070
:00438502 8B55FC
:00438505 A1A4374400
:0043850A E855690000
call 0043EE64
:0043850F E80CAEFCFF
call 00403320
|:004384D1(C), :004384FB(U)
|
:00438514 5F
:00438515 5E
:00438516 5B
:00438517 59
:00438518 5D
:00438519 C3
:0043851A 8BC0
mov eax, eax
pop
pop
pop
pop
pop
ret
edi
esi
ebx
ecx
ebp

|:0043C7C3
|
:0043851C 53
push ebx
:0043851D 56
push esi
:0043851E 8BD8
mov ebx, eax
:00438520 8BC3
mov eax, ebx
:00438522 E815CAFEFF
call 00424F3C
:00438527 8B8300020000
:0043852D 85C0
test eax, eax
:0043852F 741E
je 0043854F
:00438531
:00438533
:00438535
:0043853B
:0043853D
:00438542
:00438544
:00438546
:00438548
:0043854A
8BF0
33C0
898300020000
8BC6
E8FE08FFFF
84C0
7409
8BD6
8BC3
E839200000
mov esi, eax

xor eax, eax
mov eax, esi
call 00428E40
test al, al
je 0043854F
mov edx, esi
mov eax, ebx
call 0043A588
|:0043852F(C), :00438544(C)
|
:0043854F 5E
:00438550 5B
:00438551 C3
:00438552
:00438554
:00438555
:00438556
:00438557
:00438558
:0043855A
:0043855C
:0043855E
:00438560
:00438562
:00438564
:00438569
:0043856B
:0043856D
:0043856F
:00438571
mov eax, eax

push ebx
push esi
push edi
push ebp
mov ebx, ecx
mov esi, edx
mov edi, eax
mov ecx, ebx
mov edx, esi
mov eax, edi
call 004227DC
mov eax, ebx
sub al, 01
jb 00438576
je 004385E1
jmp 00438629
8BC0
53
56
57
55
8BD9
8BF2
8BF8
8BCB
8BD6
8BC7
E873A2FEFF
8BC3
2C01
7207
7470
E9B3000000
pop esi
pop ebx
ret
|:0043856D(C)
|
:00438576 8BC6
:00438578 8B151CD74200
:0043857E E80DA8FCFF
:00438583 84C0
:00438585 742A
:00438587 83BFBC02000000
:0043858E 7512
:00438590 B201
:00438592 A154B54000
:00438597 E854A6FCFF
:0043859C 8987BC020000
|:0043858E(C)
|
:004385A2 8BD6
:004385A4 8B87BC020000
:004385AA E8B144FDFF
:004385AF EB78
mov eax, esi

call 00402D90
test al, al
je 004385B1
cmp dword ptr [edi+000002BC], 00000000
jne 004385A2
mov dl, 01
call 00402BF0
mov dword ptr [edi+000002BC], eax
mov edx, esi

mov eax, dword ptr [edi+000002BC]
call 0040CA60
jmp 00438629
|:00438585(C)
|
:004385B1 F6472001
:004385B5 7572
:004385B7 83BF2802000000
:004385BE 7569
:004385C0 3B7E04
:004385C3 7564
:004385C5 8BC6
:004385C7 8B15D4014300
:004385CD E8BEA7FCFF
:004385D2 84C0
:004385D4 7453
:004385D6 8BD6
:004385D8 8BC7
:004385DA E891140000
:004385DF EB48
|:0043856F(C)
|
:004385E1 8BAFBC020000
:004385E7 85ED
:004385E9 741C
:004385EB 8BC6
:004385ED 8B151CD74200
:004385F3 E898A7FCFF
:004385F8 84C0
:004385FA 740B
:004385FC 8BD6
:004385FE 8BC5
:00438600 E83F47FDFF
:00438605 EB22
|:004385E9(C), :004385FA(C)
|
:00438607 3BB728020000
:0043860D 7509
:0043860F 33D2
:00438611 8BC7
:00438613 E858140000
|:0043860D(C)
|
:00438618 3BB738020000
:0043861E 7509
:00438620 33D2
:00438622 8BC7
:00438624 E81F140000
test [edi+20], 01
jne 00438629
cmp dword ptr [edi+00000228], 00000000
jne 00438629
jne 00438629
mov eax, esi
call 00402D90
test al, al
je 00438629
mov edx, esi
mov eax, edi
call 00439A70
jmp 00438629
mov ebp, dword ptr [edi+000002BC]

test ebp, ebp
je 00438607
mov eax, esi
call 00402D90
test al, al
je 00438607
mov edx, esi
mov eax, ebp
call 0040CD44
jmp 00438629

jne 00438618
xor edx, edx
mov eax, edi
call 00439A70

jne 00438629
xor edx, edx
mov eax, edi
call 00439A48

|:00438571(U), :004385AF(U), :004385B5(C), :004385BE(C), :004385C3(C)
|:004385D4(C), :004385DF(U), :00438605(U), :0043861E(C)
|
:00438629 83BF3002000000
cmp dword ptr [edi+00000230], 00000000
:00438630 740F
je 00438641
:00438632 8BCB
mov ecx, ebx
:00438634
:00438636
:0043863C
:0043863E
8BD6
8B8730020000
8B18
FF5310
mov edx, esi

call [ebx+10]

|:00438630(C)
|
:00438641 5D
pop ebp
:00438642 5F
pop edi
:00438643 5E
pop esi
:00438644 5B
pop ebx
:00438645 C3
ret
:00438646
:00438648
:00438649
:0043864B
:0043864C
:0043864D
:0043864E
:00438650
:00438653
:00438656
:0043865B
:0043865D
:0043865E
:00438663
:00438666
:00438669
:0043866C
:0043866E
:00438674
:00438677
:00438679
:0043867F
:00438682
:00438684
:0043868A
:0043868C
:00438691
:00438693
:00438695
:00438698
:0043869E
:004386A0
:004386A3
:004386A8
:004386AB
:004386B2
:004386B8
:004386BB
:004386C2
:004386C8
:004386CB
:004386D2
:004386D4
:004386D7
:004386DD
8BC0
55
8BEC
51
53
56
8BF2
8945FC
8B45FC
E881D5FEFF
33D2
55
684A884300
64FF32
648922
8B45FC
33D2
899048020000
8B45FC
33D2
89904C020000
8B45FC
33D2
899050020000
33DB
A19C2C4400
8A00
3401
8B55FC
888214020000
8BD6
8B45FC
E854CEFEFF
8B45FC
83B83C02000000
0F8406010000
8B45FC
83B85002000000
0F8EF6000000
8B45FC
F6808400000010
7443
8B45FC
8B803C020000
8B15A8374400
mov eax, eax

push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, edx
call 00425BDC
xor edx, edx
push ebp
push 0043884A
xor edx, edx
xor edx, edx
xor edx, edx
xor ebx, ebx
mov al, byte ptr [eax]
xor al, 01
mov edx, esi
call 004254FC
je 004387BE
cmp dword ptr [eax+00000250], 00000000
jle 004387BE
je 00438717
:004386E3
:004386E6
:004386E8
:004386EB
:004386F1
:004386F2
:004386F7
:004386FA
:004386FB
:004386FE
:00438701
:00438703
:00438708
3B4234
742F
8B45FC
8B803C020000
50
A1A8374400
8B4034
50
8B45FC
8B7058
8BC6
E894BAFDFF
50
cmp eax, dword

je 00438717
mov eax, dword
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
mov eax, dword
mov esi, dword
mov eax, esi
call 0041419C
push eax
ptr [edx+34]
ptr [ebp-04]
ptr [eax+0000023C]
ptr [004437A8]
ptr [eax+34]
ptr [ebp-04]
ptr [eax+58]

|
:00438709 E852D6FCFF
Call 00405D60
:0043870E 8BD0
mov edx, eax
:00438710 8BC6
mov eax, esi
:00438712 E88DBAFDFF
call 004141A4
|:004386D2(C), :004386E6(C)
|
:00438717 A1A8374400
:0043871C 8B4034
:0043871F 8B55FC
:00438722 89823C020000
:00438728 8B45FC
:0043872B E848020000
:00438730 8BF0
:00438732 8B45FC
:00438735 8B8050020000
:0043873B 3BF0
:0043873D 747F
:0043873F B301
:00438741 8BC8
:00438743 8BD6
:00438745 8B45FC
:00438748 E8A7F5FFFF
:0043874D 8B45FC
:00438750 8B8850020000
:00438756 8BD6
:00438758 8B45FC
:0043875B E8AC02FFFF
:00438760 8B45FC
:00438763 F6808400000004
:0043876A 7423
:0043876C 8B45FC
:0043876F 8B8050020000
:00438775 50
:00438776 56
:00438777 8B45FC
:0043877A 8B8048020000
:00438780 50

call 00438978
mov esi, eax
cmp esi, eax
je 004387BE
mov bl, 01
mov ecx, eax
mov edx, esi
call 00437CF4
mov edx, esi
call 00428A0C
je 0043878F
push eax
push esi
push eax

|
:00438781 E8DAD5FCFF
Call 00405D60
:00438786 8B55FC
:00438789 898248020000
|:0043876A(C)
|
:0043878F 8B45FC
:00438792 F6808400000008
:00438799 7423
:0043879B 8B45FC
:0043879E 8B8050020000
:004387A4 50
:004387A5 56
:004387A6 8B45FC
:004387A9 8B804C020000
:004387AF 50

je 004387BE
push eax
push esi
push eax

|
:004387B0 E8ABD5FCFF
Call 00405D60
:004387B5 8B55FC
:004387B8 89824C020000
|:004386B2(C), :004386C2(C), :0043873D(C), :00438799(C)
|
:004387BE 8B45FC
:004387C1 8B8048020000
:004387C7 85C0
test eax, eax
:004387C9 7E0A
jle 004387D5
:004387CB 8BD0
mov edx, eax
:004387CD 8B45FC
:004387D0 E8F7A3FEFF
call 00422BCC
|:004387C9(C)
|
:004387D5 8B45FC
:004387D8 8B804C020000
:004387DE 85C0
:004387E0 7E0A
:004387E2 8BD0
:004387E4 8B45FC
:004387E7 E824A4FEFF
|:004387E0(C)
|
:004387EC 8B45FC
:004387EF 8A1558884300
:004387F5 889084000000
:004387FB 84DB
:004387FD 7524
:004387FF B901000000
:00438804 BA01000000
:00438809 8B45FC
:0043880C E8E3F4FFFF
:00438811 B901000000
:00438816 BA01000000
:0043881B 8B45FC
:0043881E E8E901FFFF

test eax, eax
jle 004387EC
mov edx, eax
call 00422C10

test bl, bl
jne 00438823
mov ecx, 00000001
mov edx, 00000001
call 00437CF4
mov ecx, 00000001
mov edx, 00000001
call 00428A0C
|:004387FD(C)
|
:00438823 6A00
:00438825 33C9
:00438827 BA3DB00000
:0043882C 8B45FC
:0043882F E860B9FEFF
:00438834 33C0
:00438836 5A
:00438837 59
:00438838 59
:00438839 648910

push 00000000
xor ecx, ecx
mov edx, 0000B03D
call 00424194
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0043883C 6851884300
push 00438851
|:0043884F(U)
|
:00438841 8B45FC
:00438844 E89BD3FEFF
:00438849 C3
:0043884A
:0043884F
:00438851
:00438852
:00438853
:00438854
:00438855
jmp
jmp
pop
pop
pop
pop
ret
E929AAFCFF
EBF0
5E
5B
59
5D
C3

call 00425BE4
ret
00403278
00438841
esi
ebx
ecx
ebp
:00438856 000000000000
BYTE 6 DUP(0)
:0043885C
:0043885D
:0043885E
:0043885F
:00438861
:00438863
:00438865
:00438867
:0043886C
:0043886E
:00438870
:00438871
:00438876
:00438879
push ebx
push esi
push edi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00424468
push 00000000
push 00000000
push ebx
push 0043895C
mov cl, byte ptr [ebx+4E]
xor cl, 01
53
56
57
8BF2
8BD8
8BD6
8BC3
E8FCBBFEFF
6A00
6A00
53
685C894300
8A4B4E
80F101
* Possible StringData Ref from Code Obj ->"PixelsPerInch"

|
:0043887C BAC8884300
mov edx, 004388C8
:00438881 8BC6
mov eax, esi
:00438883 8B38
:00438885 FF17
:00438887
:00438888
:0043888D
:0043888E
:00438893
:00438896
53
6828894300
53
6840894300
8A4B4E
80F101
push ebx
push 00438928
push ebx
push 00438940
mov cl, byte ptr [ebx+4E]
xor cl, 01
* Possible StringData Ref from Code Obj ->"TextHeight"

|
:00438899 BAE0884300
mov edx, 004388E0
:0043889E 8BC6
mov eax, esi
:004388A0 8B38
:004388A2 FF17
:004388A4 53
push ebx
:004388A5 6808894300
push 00438908
:004388AA 6A00
push 00000000
:004388AC 6A00
push 00000000
:004388AE 33C9
xor ecx, ecx
* Possible StringData Ref from Code Obj ->"IgnoreFontProperty"
|
:004388B0 BAF4884300
mov edx, 004388F4
:004388B5 8BC6
mov eax, esi
:004388B7 8B18
:004388B9 FF13
:004388BB 5F
pop edi
:004388BC 5E
pop esi
:004388BD 5B
pop ebx
:004388BE C3
ret
:004388BF 00
BYTE 0
:004388C0 FFFFFFFF
BYTE 4 DUP(0ffh)
:004388C4
:004388C9
:004388D0
:004388D2
:004388D3
:004388D6
:004388D8
0D00000050
6978656C735065
7249
6E
636800
0000
FFFFFFFF
or eax, 50000000
jb 0043891B
outsb
BYTE 4 DUP(0ffh)
:004388DC
:004388DE
:004388E0
:004388E1
0A00
0000
54
65

push esp
BYTE 065h
:004388E2
:004388E4
:004388E5
:004388ED
7874
48
65696768740000FF
FFFFFF
js 00438958
dec eax
imul esp, dword ptr gs:[edi+68], FF000074
BYTE 3 DUP(0ffh)
:004388F0 1200
:004388F2 0000

:004388F4
:004388F5
:004388F7
:004388F8
:004388FA
:004388FB
:004388FC
:004388FD
:004388FF
:00438901
:00438903
:00438905
49
676E
6F
7265
46
6F
6E
7450
726F
7065
7274
7900
|:00438905(C)
|
:00438907 005356
:0043890A 8BF2
:0043890C 8BD8
:0043890E 8BC6
:00438910 E8236FFDFF
:00438915 84C0
:00438917 7409
:00438919 B201
dec ecx
outsb
outsd
jb 0043895F
inc esi
outsd
outsb
je 0043894F
jb 00438970
jo 00438968
jb 00438979
jns 00438907
mov esi, edx
mov ebx, eax
mov eax, esi
call 0040F838
test al, al
je 00438922
mov dl, 01

|:004388D0(C)
|
:0043891B 8BC3
mov eax, ebx
:0043891D E8A6A9FEFF
call 004232C8
|:00438917(C)
|
:00438922 5E
pop esi
:00438923 5B
pop ebx
:00438924 C3
ret
:00438925
:00438928
:00438929
:0043892A
:0043892C
:0043892E
:00438930
:00438935
:0043893B
:0043893C
:0043893D
8D4000
53
56
8BF2
8BD8
8BC6
E8C376FDFF
898350020000
5E
5B
C3

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, esi
call 0040FFF8
pop esi
pop ebx
ret
:0043893E
:00438940
:00438941
:00438942
:00438944
:00438946
:00438948
:0043894D
8BC0
53
56
8BF2
8BD8
8BC3
E82B000000
8BD0
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 00438978
mov edx, eax
|:004388FD(C)
|
:0043894F 8BC6
:00438951 E85A8AFDFF
:00438956 5E
:00438957 5B
|:004388E2(C)
|
:00438958 C3
:00438959 8D4000
:0043895C 53
:0043895D 56
:0043895E 8BF2
:00438960 8BD8
:00438962 8BC3
:00438964 E8CB120000
:00438969 8BD0
:0043896B 8BC6
:0043896D E83E8AFDFF
:00438972 5E
:00438973 5B
:00438974 C3
:00438975 8D4000
mov eax, esi

call 004113B0
pop esi
pop ebx
ret
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 00439C34
mov edx, eax
mov eax, esi
call 004113B0
pop esi
pop ebx
ret

|:0043872B , :00438948
|
:00438978 53
push ebx
|:00438903(C)
|
:00438979 8BD8
:0043897B 8BC3
:0043897D E8720F0000
:00438982 BA98894300
:00438987 E850C3FDFF
:0043898C 5B
:0043898D C3
:0043898E 0000
BYTE 2 DUP(0)
:00438990 FFFFFFFF
BYTE 4 DUP(0ffh)
:00438994
:00438996
:00438998
:0043899A
:0043899C
add
add
xor
add
ret
0100
0000
3000
0000
C3
mov ebx, eax

mov eax, ebx
call 004398F4
mov edx, 00438998
call 00414CDC
pop ebx
ret

byte ptr [eax], al
byte ptr [eax], al
byte ptr [eax], al
:0043899D
:004389A0
:004389A1
:004389A2
:004389A3
:004389A4
:004389A6
:004389A8
:004389AA
:004389AC
:004389AE
:004389B0
:004389B5
:004389B7
:004389B9
:004389BB
:004389C0
:004389C2
:004389C7
:004389C9
:004389CB
:004389CD
:004389D2
:004389D4
:004389D5
:004389D6
:004389D8
:004389DD
8D4000
53
56
57
55
8BF9
8BF2
8BD8
8BCF
8BD6
8BC3
E83FF3FFFF
8BCF
8BD6
8BC3
E84C00FFFF
8BC3
E8B5000000
84C0
7432
8BC3
E826A2FEFF
8BE8
57
56
8BC3
E8D7A1FEFF
50

push ebx
push esi
push edi
push ebp
mov edi, ecx
mov esi, edx
mov ebx, eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call 00437CF4
mov ecx, edi
mov edx, esi
mov eax, ebx
call 00428A0C
mov eax, ebx
call 00438A7C
test al, al
je 004389FD
mov eax, ebx
call 00422BF8
mov ebp, eax
push edi
push esi
mov eax, ebx
call 00422BB4
push eax

|
:004389DE E87DD3FCFF
Call 00405D60
:004389E3 8BD0
mov edx, eax
:004389E5 8BC3
mov eax, ebx
:004389E7 E838030000
call 00438D24
:004389EC 57
push edi
:004389ED 56
push esi
:004389EE 55
push ebp
|
:004389EF E86CD3FCFF
Call 00405D60
:004389F4 8BD0
mov edx, eax
:004389F6 8BC3
mov eax, ebx
:004389F8 E857030000
call 00438D54
|:004389C9(C)
|
:004389FD 57
:004389FE 56
:004389FF 8B6B58
:00438A02 8BC5
:00438A04 E837B8FDFF
:00438A09 50

push edi
push esi
mov eax, ebp
call 00414240
push eax

|
:00438A0A E851D3FCFF
Call 00405D60
:00438A0F 8BD0
mov edx, eax
:00438A11
:00438A13
:00438A18
:00438A19
:00438A1A
:00438A1B
:00438A1C
8BC5
E844B8FDFF
5D
5F
5E
5B
C3
:00438A1D 8D4000
mov eax, ebp

call 0041425C
pop ebp
pop edi
pop esi
pop ebx
ret

|:0043BBEA
|
:00438A20 53
push ebx
:00438A21 8BD8
mov ebx, eax
:00438A23 A18C2B4400
:00438A28 803800
:00438A2B 7432
je 00438A5F
:00438A2D 8BC3
mov eax, ebx
:00438A2F E8AC08FFFF
call 004292E0
:00438A34 84C0
test al, al
:00438A36 743F
je 00438A77
:00438A38 80BB0902000003
:00438A3F 7436
je 00438A77
:00438A41 8BC3
mov eax, ebx
:00438A43 E864210000
call 0043ABAC
:00438A48 50
push eax
:00438A49 6A01
push 00000001
:00438A4B 6880000000
push 00000080
:00438A50 8BC3
mov eax, ebx
:00438A52 E8A904FFFF
call 00428F00
:00438A57 50
push eax
|
:00438A58 E82BD9FCFF
Call 00406388
:00438A5D 5B
pop ebx
:00438A5E C3
ret
|:00438A2B(C)
|
:00438A5F 8BC3
:00438A61 E89A04FFFF
:00438A66 50

mov eax, ebx
call 00428F00
push eax

|
:00438A67 E83CD8FCFF
Call 004062A8
:00438A6C 85C0
test eax, eax
:00438A6E 7407
je 00438A77
:00438A70 8BC3
mov eax, ebx
:00438A72 8B10
:00438A74 FF5278
call [edx+78]
|:00438A36(C), :00438A3F(C), :00438A6E(C)
|
:00438A77 5B
:00438A78 C3
pop ebx
ret
:00438A79 8D4000

|:004389C2
|
:00438A7C 53
push ebx
:00438A7D 8BD8
mov ebx, eax
:00438A7F 8BC3
mov eax, ebx
:00438A81 E806000000
call 00438A8C
:00438A86 3401
xor al, 01
:00438A88 5B
pop ebx
:00438A89 C3
ret
:00438A8A 8BC0
mov eax, eax

|:00438A81
|
:00438A8C 80B8F401000000
:00438A93 751B
jne 00438AB0
:00438A95 8B90EC010000
mov edx, dword ptr [eax+000001EC]
:00438A9B 837A1000
:00438A9F 750F
jne 00438AB0
:00438AA1 8B80F0010000
:00438AA7 83781000
:00438AAB 7503
jne 00438AB0
:00438AAD 33C0
xor eax, eax
:00438AAF C3
ret

|:00438A93(C), :00438A9F(C), :00438AAB(C)
|
:00438AB0 B001
mov al, 01
:00438AB2 C3
ret
:00438AB3
:00438AB4
:00438AB5
:00438AB7
:00438AB9
:00438ABE
:00438AC0
:00438AC2
:00438AC8
:00438ACA
:00438ACC
:00438ACE
:00438AD0
:00438AD2
90
53
8BD8
8BC3
E84A0E0000
84C0
741C
8A8309020000
2C02
7408
2C03
7404
33C0
EB02
nop
push ebx
mov ebx, eax
mov eax, ebx
call 00439908
test al, al
je 00438ADE
sub al, 02
je 00438AD4
sub al, 03
je 00438AD4
xor eax, eax
jmp 00438AD6
|:00438ACA(C), :00438ACE(C)
|
:00438AD4 B001
mov al, 01

|:00438AD2(U)
|
:00438AD6 3A83F4010000
cmp al, byte ptr [ebx+000001F4]
:00438ADC 7504
jne 00438AE2
|:00438AC0(C)
|
:00438ADE 33C0
xor eax, eax
:00438AE0 5B
pop ebx
:00438AE1 C3
ret

|:00438ADC(C)
|
:00438AE2 B001
mov al, 01
:00438AE4 5B
pop ebx
:00438AE5 C3
ret
:00438AE6
:00438AE8
:00438AE9
:00438AF1
:00438AF3
:00438AF5
:00438AF7
:00438AF9
:00438AFF
8BC0
53
6683B86E02000000
7412
8BCA
8BD8
8BD0
8B8370020000
FF936C020000
mov eax, eax

push ebx
je 00438B05
mov ecx, edx
mov ebx, eax
mov edx, eax

|:00438AF1(C)
|
:00438B05 5B
pop ebx
:00438B06 C3
ret
:00438B07
:00438B08
:00438B09
:00438B11
:00438B13
:00438B15
:00438B17
:00438B1D
90
53
6683B88E02000000
7410
8BD8
8BD0
8B8390020000
FF938C020000
nop
push ebx
je 00438B23
mov ebx, eax
mov edx, eax

|:00438B11(C)
|
:00438B23 5B
pop ebx
:00438B24 C3
ret
:00438B25
:00438B28
:00438B29
:00438B31
:00438B33
:00438B35
:00438B37
:00438B3D
8D4000
53
6683B8A602000000
7410
8BD8
8BD0
8B83A8020000
FF93A4020000

push ebx
je 00438B43
mov ebx, eax
mov edx, eax

|:00438B31(C)
|
:00438B43 5B
pop ebx
:00438B44 C3
ret
:00438B45
:00438B48
:00438B49
:00438B4A
:00438B4C
:00438B4E
:00438B50
:00438B55
8D4000
53
56
8BF2
8BD8
8BC3
E8AB03FFFF
50

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 00428F00
push eax

|
:00438B56 E84DD7FCFF
Call 004062A8
:00438B5B 85C0
test eax, eax
:00438B5D 7463
je 00438BC2
:00438B5F 6A00
push 00000000
:00438B61 6A00
push 00000000
:00438B63 6A00
push 00000000
:00438B65 6A00
push 00000000
:00438B67 56
push esi
|
:00438B68 E863D8FCFF
Call 004063D0
:00438B6D 6AEC
push FFFFFFEC
:00438B6F 8BC3
mov eax, ebx
:00438B71 E88A03FFFF
call 00428F00
:00438B76 50
push eax
|
:00438B77 E8C4D6FCFF
Call 00406240
:00438B7C 50
push eax
:00438B7D 83BB2802000000
cmp dword ptr [ebx+00000228], 00000000
:00438B84 0F95C0
setne al
:00438B87 F6D8
neg al
:00438B89 1BC0
sbb eax, eax
:00438B8B 50
push eax
:00438B8C 6AF0
push FFFFFFF0
:00438B8E 8BC3
mov eax, ebx
:00438B90 E86B03FFFF
call 00428F00
:00438B95 50
push eax
|
:00438B96 E8A5D6FCFF
:00438B9B 50
:00438B9C 56
Call 00406240
push eax
push esi
* Reference To: user32.AdjustWindowRectEx, Ord:0000h

|
:00438B9D E84ED4FCFF
Call 00405FF0
:00438BA2 8B433C
mov eax, dword ptr
:00438BA5 2B460C
sub eax, dword ptr
:00438BA8 034604
add eax, dword ptr
:00438BAB 50
push eax
:00438BAC 8B4338
mov eax, dword ptr
:00438BAF 2B4608
sub eax, dword ptr
:00438BB2 0306
add eax, dword ptr
:00438BB4 50
push eax
:00438BB5 6A00
push 00000000
:00438BB7 6A00
push 00000000
:00438BB9 56
push esi
[ebx+3C]
[esi+0C]
[esi+04]
[ebx+38]
[esi+08]
[esi]

|
:00438BBA E811D8FCFF
Call 004063D0
:00438BBF 5E
pop esi
:00438BC0 5B
pop ebx
:00438BC1 C3
ret
|:00438B5D(C)
|
:00438BC2 8BD6
:00438BC4 8BC3
:00438BC6 E8FD03FFFF
:00438BCB 5E
:00438BCC 5B
:00438BCD C3
:00438BCE
:00438BD0
:00438BD1
:00438BD3
:00438BD6
:00438BD7
:00438BD8
:00438BD9
:00438BDB
:00438BDD
:00438BE0
:00438BE3
:00438BE5
:00438BE7
:00438BEC
:00438BEE
:00438BF0
:00438BF2
:00438BF7
:00438BF8
:00438BFA
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
mov ebx, edx
mov esi, eax
push [ebp+0C]
push [ebp+08]
mov edx, ebx
mov eax, esi
call 00429538
cmp esi, ebx
jne 00438C32
mov eax, esi
call 00411B2C
dec eax
test eax, eax
jl 00438C32
8BC0
55
8BEC
83C4F8
53
56
57
8BDA
8BF0
FF750C
FF7508
8BD3
8BC6
E84C09FFFF
3BF3
7542
8BC6
E8358FFDFF
48
85C0
7C36
mov edx, esi

mov eax, ebx
call 00428FC8
pop esi
pop ebx
ret
:00438BFC 40
:00438BFD 8945F8
:00438C00 C745FC00000000
inc eax
mov [ebp-04], 00000000
|:00438C30(C)
|
:00438C07 8B55FC
:00438C0A 8BC6
:00438C0C E8AF8EFDFF
:00438C11 8BF8
:00438C13 8BC7
:00438C15 66BBF2FF
:00438C19 E8D6A1FCFF
:00438C1E 84C0
:00438C20 7508
:00438C22 8BD7
:00438C24 8B450C
:00438C27 FF5508

mov eax, esi
call 00411AC0
mov edi, eax
mov eax, edi
mov bx, FFF2
call 00402DF4
test al, al
jne 00438C2A
mov edx, edi
call [ebp+08]

|:00438C20(C)
|
:00438C2A FF45FC
inc [ebp-04]
:00438C2D FF4DF8
dec [ebp-08]
:00438C30 75D5
jne 00438C07
|:00438BEE(C), :00438BFA(C)
|
:00438C32 5F
:00438C33 5E
:00438C34 5B
:00438C35 59
:00438C36 59
:00438C37 5D
:00438C38 C20800
:00438C3B
:00438C3C
:00438C3D
:00438C3E
:00438C40
:00438C47
:00438C49
:00438C4B
:00438C4D
:00438C50
:00438C52
:00438C54
:00438C59
:00438C5B
nop
push ebx
push esi
mov ebx, eax
jne 00438C5D
mov eax, ebx
call [edx+58]
mov esi, eax
mov eax, ebx
call 00402B68
cmp esi, eax
je 00438C62
90
53
56
8BD8
83BB8C00000000
7514
8BC3
8B10
FF5258
8BF0
8BC3
E80F9FFCFF
3BF0
7405
pop
pop
pop
pop
pop
pop
ret
edi
esi
ebx
ecx
ecx
ebp
0008

|:00438C47(C)
|
:00438C5D 33C0
xor eax, eax
:00438C5F 5E
pop esi
:00438C60 5B
pop ebx
:00438C61 C3
ret

|:00438C5B(C)
|
:00438C62 B001
mov al, 01
:00438C64 5E
pop esi
:00438C65 5B
pop ebx
:00438C66 C3
ret
:00438C67
:00438C68
:00438C69
:00438C6A
:00438C6B
:00438C6C
:00438C6F
:00438C73
:00438C76
:00438C78
90
53
56
57
55
83C4F4
894C2404
891424
8BE8
8B0424
nop
push ebx
push esi
push edi
push ebp
add esp, FFFFFFF4
mov ebp, eax

|
:00438C7B 8B15BCF44100
:00438C81 E80AA1FCFF
call 00402D90
:00438C86 84C0
test al, al
:00438C88 7410
je 00438C9A
:00438C8A 8B4C2404
:00438C8E 8B1424
:00438C91 8BC5
mov eax, ebp
:00438C93 E8E808FFFF
call 00429580
:00438C98 EB58
jmp 00438CF2
|:00438C88(C)
|
:00438C9A 8BC5
:00438C9C E8E7D3FEFF
:00438CA1 29442404
:00438CA5 C7442408FFFFFFFF
:00438CAD 8BC5
:00438CAF E8788EFDFF
:00438CB4 8BF0
:00438CB6 4E
:00438CB7 85F6
:00438CB9 7C37
:00438CBB 46
:00438CBC 33FF
|:00438CF0(C)
|
:00438CBE 8BD7
:00438CC0 8BC5
:00438CC2 E8F98DFDFF
:00438CC7 66BBF2FF
:00438CCB E824A1FCFF
mov eax, ebp

call 00426088
sub dword ptr [esp+04], eax
mov [esp+08], FFFFFFFF
mov eax, ebp
call 00411B2C
mov esi, eax
dec esi
test esi, esi
jl 00438CF2
inc esi
xor edi, edi
mov edx, edi

mov eax, ebp
call 00411AC0
mov bx, FFF2
call 00402DF4
:00438CD0
:00438CD2
:00438CD4
:00438CD8
:00438CDC
:00438CE0
:00438CE2
:00438CE4
:00438CE7
:00438CEC
84C0
751A
FF442408
8B442408
3B442404
750C
8BD7
8B0424
E8508EFDFF
EB04
|:00438CD2(C), :00438CE0(C)
|
:00438CEE 47
:00438CEF 4E
:00438CF0 75CC
test al, al
jne 00438CEE
inc [esp+08]
jne 00438CEE
mov edx, edi
call 00411B3C
jmp 00438CF2
inc edi
dec esi
jne 00438CBE

|:00438C98(U), :00438CB9(C), :00438CEC(U)
|
:00438CF2 83C40C
add esp, 0000000C
:00438CF5 5D
pop ebp
:00438CF6 5F
pop edi
:00438CF7 5E
pop esi
:00438CF8 5B
pop ebx
:00438CF9 C3
ret
:00438CFA
:00438CFC
:00438CFD
:00438CFF
:00438D02
:00438D04
:00438D06
:00438D0B
:00438D0F
:00438D11
:00438D13
:00438D15
:00438D1A
:00438D1C
8BC0
53
8BD8
3A5350
741D
8BC3
E869A6FEFF
837B2400
7510
6A00
33C9
BA3DB00000
8BC3
E873B4FEFF
mov eax, eax

push ebx
mov ebx, eax
je 00438D21
mov eax, ebx
call 00423374
jne 00438D21
push 00000000
xor ecx, ecx
mov edx, 0000B03D
mov eax, ebx
call 00424194

|:00438D02(C), :00438D0F(C)
|
:00438D21 5B
pop ebx
:00438D22 C3
ret
:00438D23 90
nop

|:004389E7 , :00440F54
|
:00438D24 53
push ebx
:00438D25 8BD8
mov ebx, eax
:00438D27 F6434408
test [ebx+44], 08
:00438D2B 7419
je 00438D46
:00438D2D
:00438D33
:00438D38
:00438D3E
:00438D44
:00438D45
899348020000
A0508D4300
0A8384000000
888384000000
5B
C3

mov al, byte ptr [00438D50]
or al, byte ptr [ebx+00000084]
pop ebx
ret
|:00438D2B(C)
|
:00438D46 8BC3
:00438D48 E87F9EFEFF
:00438D4D 5B
:00438D4E C3
:00438D4F 00
BYTE 0
:00438D50 0400
:00438D52 0000
add al, 00
mov eax, ebx

call 00422BCC
pop ebx
ret

|:004389F8 , :00440F6C
|
:00438D54 53
push ebx
:00438D55 8BD8
mov ebx, eax
:00438D57 F6434408
test [ebx+44], 08
:00438D5B 7419
je 00438D76
:00438D5D 89934C020000
:00438D63 A0808D4300
mov al, byte ptr [00438D80]
:00438D68 0A8384000000
or al, byte ptr [ebx+00000084]
:00438D6E 888384000000
:00438D74 5B
pop ebx
:00438D75 C3
ret
|:00438D5B(C)
|
:00438D76 8BC3
:00438D78 E8939EFEFF
:00438D7D 5B
:00438D7E C3
:00438D7F 00
BYTE 0
:00438D80 0800
:00438D82 0000

mov eax, ebx

call 00422C10
pop ebx
ret

|:00438272 , :004384B1 , :004399AE , :0043BE72
|:0043C739 , :0043C943 , :0043EE15
|
:00438D84 53
push ebx
, :0043BE7F
:00438D85
:00438D86
:00438D88
:00438D8A
:00438D91
:00438D93
:00438D95
:00438D97
:00438D9E
56
8BDA
8BF0
F686C002000001
7417
84DB
7409
808EC002000002
EB23
push esi
mov ebx, edx
mov esi, eax
test byte ptr [esi+000002C0], 01
je 00438DAA
test bl, bl
je 00438DA0
or byte ptr [esi+000002C0], 02
jmp 00438DC3
|:00438D95(C)
|
:00438DA0 80A6C0020000FD
:00438DA7 5E
:00438DA8 5B
:00438DA9 C3
|:00438D91(C)
|
:00438DAA 84DB
:00438DAC 740C
:00438DAE 3A5E47
:00438DB1 7407
:00438DB3 8BC6
:00438DB5 E81A100000
|:00438DAC(C), :00438DB1(C)
|
:00438DBA 8BD3
:00438DBC 8BC6
:00438DBE E8D1A2FEFF
and byte ptr [esi+000002C0], FD

pop esi
pop ebx
ret
test bl, bl
je 00438DBA
je 00438DBA
mov eax, esi
call 00439DD4
mov edx, ebx

mov eax, esi
call 00423094

|:00438D9E(U)
|
:00438DC3 5E
pop esi
:00438DC4 5B
pop ebx
:00438DC5 C3
ret
:00438DC6
:00438DC8
:00438DC9
:00438DCB
:00438DCD
:00438DCF
:00438DD0
:00438DD5
:00438DD8
:00438DDB
:00438DE2
:00438DE4
:00438DE8
:00438DEA
:00438DED
8BC0
55
8BEC
6A00
33D2
55
68218E4300
64FF32
648922
80B80F02000001
7527
80784700
7421
8D55FC
A1702A4400
mov eax, eax

push ebp
mov ebp, esp
push 00000000
xor edx, edx
push ebp
push 00438E21
jne 00438E0B
je 00438E0B
:00438DF2
:00438DF7
:00438DFA
:00438DFC
:00438E01
:00438E06
E82DC0FCFF
8B4DFC
B201
A1F4B44000
E866FAFCFF
E8A5A4FCFF
call 00404E24
mov dl, 01
call 0040886C
call 004032B0
|:00438DE2(C), :00438DE8(C)
|
:00438E0B 33C0
:00438E0D 5A
:00438E0E 59
:00438E0F 59
:00438E10 648910
:00438E13 68288E4300
|:00438E26(U)
|
:00438E18 8D45FC
:00438E1B E898A9FCFF
:00438E20 C3
:00438E21
:00438E26
:00438E28
:00438E29
:00438E2A
jmp
jmp
pop
pop
ret
E952A4FCFF
EBF0
59
5D
C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 00438E28

call 004037B8
ret
00403278
00438E18
ecx
ebp
:00438E2B 90
:00438E2C 33C0
:00438E2E C3
nop
xor eax, eax
ret
:00438E2F
:00438E30
:00438E31
:00438E32
:00438E34
:00438E36
:00438E39
:00438E3B
:00438E3D
:00438E3F
:00438E41
:00438E43
:00438E45
:00438E47
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
cmp esi, eax
je 00438E62
cmp ebx, esi
je 00438E62
test eax, eax
jne 00438E4C
mov eax, ebx
call 00426634
90
53
56
8BF2
8BD8
8B4324
3BF0
7425
3BDE
7421
85C0
7507
8BC3
E8E8D7FEFF
|:00438E43(C)
|
:00438E4C 8BD6
:00438E4E 8BC3
:00438E50 E8BBA1FEFF
:00438E55 837B2400
:00438E59 7507

mov edx, esi
mov eax, ebx
call 00423010
jne 00438E62
:00438E5B 8BC3
:00438E5D E86AD9FEFF
mov eax, ebx

call 004267CC

|:00438E3B(C), :00438E3F(C), :00438E59(C)
|
:00438E62 5E
pop esi
:00438E63 5B
pop ebx
:00438E64 C3
ret
:00438E65
:00438E68
:00438E69
:00438E6B
:00438E6C
:00438E6D
:00438E6E
:00438E70
:00438E72
:00438E74
:00438E77
:00438E78
:00438E7A
:00438E7C
:00438E7E
:00438E83
:00438E8A
:00438E8C
:00438E8F
:00438E90
:00438E92
:00438E94
:00438E9A
:00438E9C
8D4000
55
8BEC
53
56
57
8BF9
8BF2
8BD8
8B4508
50
8BCF
8BD6
8BC3
E8418AFDFF
83BB3002000000
7413
8B4508
50
8BCF
8BD6
8B8330020000
8B18
FF532C

push ebp
mov ebp, esp
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
push eax
mov ecx, edi
mov edx, esi
mov eax, ebx
call 004118C4
cmp dword ptr [ebx+00000230], 00000000
je 00438E9F
push eax
mov ecx, edi
mov edx, esi
call [ebx+2C]

|:00438E8A(C)
|
:00438E9F 5F
pop edi
:00438EA0 5E
pop esi
:00438EA1 5B
pop ebx
:00438EA2 5D
pop ebp
:00438EA3 C20400
ret 0004
:00438EA6 8BC0
mov eax, eax

|:00439208 , :00439366
|
:00438EA8 55
push ebp
:00438EA9 8BEC
mov ebp, esp
:00438EAB 81C4ACFEFFFF
add esp, FFFFFEAC
:00438EB1 C785ACFEFFFF54010000
:00438EBB 6A00
push 00000000
:00438EBD 8D85ACFEFFFF
:00438EC3 50
push eax
:00438EC4 6A00
push 00000000
:00438EC6 6A29
push 00000029

|
:00438EC8 E87BD5FCFF
Call 00406448
:00438ECD 85C0
test eax, eax
:00438ECF 740E
je 00438EDF
:00438ED1 8D854CFFFFFF
:00438ED7 50
push eax
|
:00438ED8 E833CFFCFF
Call 00405E10
:00438EDD EB07
jmp 00438EE6
|:00438ECF(C)
|
:00438EDF 6A0D
push 0000000D
|
:00438EE1 E8FACFFCFF
Call 00405EE0
|:00438EDD(U)
|
:00438EE6 8BE5
mov esp, ebp
:00438EE8 5D
pop ebp
:00438EE9 C3
ret
:00438EEA
:00438EEC
:00438EED
:00438EEF
:00438EF2
:00438EF3
:00438EF4
:00438EF5
:00438EF7
:00438EFA
:00438EFC
:00438EFF
:00438F01
:00438F07
:00438F0A
:00438F0D
:00438F13
:00438F16
:00438F18
:00438F1B
:00438F21
8BC0
55
8BEC
83C4EC
53
56
57
8BDA
8945FC
8B03
83F82C
7F25
0F84C5030000
83C0FA
83E803
0F8280010000
83E803
7423
83E81F
0F845D020000
E9D3040000
|:00438EFF(C)
|
:00438F26 83E846
:00438F29 0F84DE010000
:00438F2F 83C0C1
:00438F32 83E802
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFEC
push ebx
push esi
push edi
mov ebx, edx
cmp eax, 0000002C
jg 00438F26
je 004392CC
add eax, FFFFFFFA
sub eax, 00000003
jb 00439093
sub eax, 00000003
je 00438F3B
sub eax, 0000001F
je 0043917E
jmp 004393F9
sub eax, 00000046
je 0043910D
add eax, FFFFFFC1
sub eax, 00000002
:00438F35 0F83BE040000
jnb 004393F9
|:00438F16(C)
|
:00438F3B 8B45FC
:00438F3E E89D03FFFF
:00438F43 84C0
:00438F45 0F84AE040000
:00438F4B 8B45FC
:00438F4E 80B80902000003
:00438F55 0F859E040000
:00438F5B 8B45FC
:00438F5E 80B82C01000000
:00438F65 0F848E040000
:00438F6B 833D2C28440000
:00438F72 0F8481040000
:00438F78 833B0C
:00438F7B 0F85F0000000
:00438F81 8B45FC
:00438F84 8B403C
:00438F87 50
:00438F88 8B45FC
:00438F8B 8B4038
:00438F8E 50
:00438F8F 6A00
:00438F91 6A00

call 004292E0
test al, al
je 004393F9
jne 004393F9
je 004393F9
cmp dword ptr [0044282C], 00000000
je 004393F9
cmp dword ptr [ebx], 0000000C
jne 00439071
push eax
push eax
push 00000000
push 00000000

|
:00438F93 E898CEFCFF
Call 00405E30
:00438F98 8BF0
mov esi, eax
:00438F9A 56
push esi
:00438F9B 8B45FC
:00438F9E E85DFFFEFF
call 00428F00
:00438FA3 50
push eax
* Reference To: user32.GetWindowRgn, Ord:0000h
|
:00438FA4 E8AFD2FCFF
Call 00406258
:00438FA9 6A00
push 00000000
:00438FAB 6A00
push 00000000
:00438FAD 6A00
push 00000000
:00438FAF 6A00
push 00000000
:00438FB1 6A00
push 00000000
|
:00438FB3 E878CEFCFF
Call 00405E30
:00438FB8 50
push eax
:00438FB9 8B45FC
:00438FBC E83FFFFEFF
call 00428F00
:00438FC1 50
push eax
|
:00438FC2 E859D4FCFF
Call 00406420
:00438FC7 8BD3
mov edx, ebx
:00438FC9 8B45FC
:00438FCC E803DAFEFF
call 004269D4
:00438FD1
:00438FD3
:00438FD4
:00438FD7
:00438FDC
6A00
56
8B45FC
E824FFFEFF
50
push 00000000
push esi
call 00428F00
push eax

|
:00438FDD E83ED4FCFF
Call 00406420
:00438FE2 6A07
push 00000007
:00438FE4 A1302B4400
mov eax, dword ptr
:00438FE9 8B00
mov eax, dword ptr
:00438FEB FFD0
call eax
:00438FED 8BD8
mov ebx, eax
:00438FEF 6A08
push 00000008
:00438FF1 A1302B4400
mov eax, dword ptr
:00438FF6 8B00
mov eax, dword ptr
:00438FF8 FFD0
call eax
:00438FFA 8BF0
mov esi, eax
:00438FFC 6A04
push 00000004
:00438FFE A1302B4400
mov eax, dword ptr
:00439003 8B00
mov eax, dword ptr
:00439005 FFD0
call eax
:00439007 8B55FC
mov edx, dword ptr
:0043900A 8B5234
mov edx, dword ptr
:0043900D 03D6
add edx, esi
:0043900F 03C2
add eax, edx
:00439011 48
dec eax
:00439012 50
push eax
:00439013 8B45FC
mov eax, dword ptr
:00439016 8B7830
mov edi, dword ptr
:00439019 8BC7
mov eax, edi
:0043901B 8B55FC
mov edx, dword ptr
:0043901E 034238
add eax, dword ptr
:00439021 8BD3
mov edx, ebx
:00439023 03D2
add edx, edx
:00439025 2BC2
sub eax, edx
:00439027 50
push eax
:00439028 8B45FC
mov eax, dword ptr
:0043902B 037034
add esi, dword ptr
:0043902E 46
inc esi
:0043902F 56
push esi
:00439030 03DF
add ebx, edi
:00439032 83C302
add ebx, 00000002
:00439035 53
push ebx
[00442B30]
[eax]
[00442B30]
[eax]
[00442B30]
[eax]
[ebp-04]
[edx+34]
[ebp-04]
[eax+30]
[ebp-04]
[edx+38]
[ebp-04]
[eax+34]

|
:00439036 E8F5CDFCFF
Call 00405E30
:0043903B 8BD8
mov ebx, eax
:0043903D 6A00
push 00000000
:0043903F 53
push ebx
:00439040 6885000000
push 00000085
:00439045 8B45FC
:00439048 E8B3FEFEFF
call 00428F00
:0043904D 50
push eax
:0043904E FF152C284400
:00439054 6A00
push 00000000
:00439056 6A00
push 00000000
:00439058 8B45FC
:0043905B E8A0FEFEFF
:00439060 50
call 00428F00
push eax

|
:00439061 E8BAD3FCFF
Call 00406420
:00439066 53
push ebx
|
:00439067 E8E4CDFCFF
Call 00405E50
:0043906C E992030000
jmp 00439403
|:00438F7B(C)
|
:00439071 8B4308
:00439074 50
:00439075 8B4304
:00439078 50
:00439079 8B03
:0043907B 50
:0043907C 8B45FC
:0043907F E87CFEFEFF
:00439084 50
:00439085 FF152C284400
:0043908B 89430C
:0043908E E970030000
|:00438F0D(C)
|
:00439093 803D3828440000
:0043909A 0F8463030000
:004390A0 833B07
:004390A3 0F8550030000
:004390A9 8B45FC
:004390AC F6402010
:004390B0 0F8543030000
:004390B6 33F6
:004390B8 8B45FC
:004390BB 80B80F02000002
:004390C2 751D
:004390C4 8B45FC
:004390C7 E8F8060000
:004390CC 85C0
:004390CE 742A
:004390D0 8B45FC
:004390D3 E8EC060000
:004390D8 E823FEFEFF
:004390DD 8BF0
:004390DF EB19
|:004390C2(C)
|
:004390E1 8B45FC
:004390E4 8B8000020000
:004390EA 85C0
:004390EC 740C

push eax
push eax
push eax
call 00428F00
push eax
jmp 00439403
cmp byte ptr [00442838], 00

je 00439403
jne 004393F9
test [eax+20], 10
jne 004393F9
xor esi, esi
jne 004390E1
call 004397C4
test eax, eax
je 004390FA
call 004397C4
call 00428F00
mov esi, eax
jmp 004390FA

test eax, eax
je 004390FA
:004390EE
:004390F1
:004390F3
:004390F8
3B45FC
7407
E808FEFEFF
8BF0

je 004390FA
call 00428F00
mov esi, eax

|:004390CE(C), :004390DF(U), :004390EC(C), :004390F1(C)
|
:004390FA 85F6
test esi, esi
:004390FC 0F84F7020000
je 004393F9
:00439102 56
push esi
|
:00439103 E8A0D2FCFF
Call 004063A8
:00439108 E9F6020000
jmp 00439403
|:00438F29(C)
|
:0043910D 8B45FC
:00439110 8A4020
:00439113 22050C944300
:00439119 8A1510944300
:0043911F 3AD0
:00439121 0F85D2020000
:00439127 8B45FC
:0043912A 8A8010020000
:00439130 48
:00439131 2C02
:00439133 7313
:00439135 8B45FC
:00439138 80B80B02000002
:0043913F 7407
:00439141 8B4308
:00439144 83481802
|:00439133(C), :0043913F(C)
|
:00439148 8B45FC
:0043914B 8A8010020000
:00439151 2C01
:00439153 7408
:00439155 2C02
:00439157 0F859C020000
|:00439153(C)
|
:0043915D 8B45FC
:00439160 8A8009020000
:00439166 2C02
:00439168 7408
:0043916A 2C03
:0043916C 0F8587020000

and al, byte ptr [0043940C]
cmp dl, al
jne 004393F9
dec eax
sub al, 02
jnb 00439148
je 00439148

sub al, 01
je 0043915D
sub al, 02
jne 004393F9

sub al, 02
je 00439172
sub al, 03
jne 004393F9

|:00439168(C)
|
:00439172 8B4308
:00439175 83481801
:00439179 E97B020000

jmp 004393F9
|:00438F1B(C)
|
:0043917E 8B4308
:00439181 8945EC
:00439184 8B45EC
:00439187 833801
:0043918A 0F8569020000
:00439190 8B45FC
:00439193 83B82802000000
:0043919A 0F8459020000
:004391A0 8B45EC
:004391A3 8B5008
:004391A6 8B45FC
:004391A9 8B8028020000
:004391AF 33C9
:004391B1 E8AA99FFFF
:004391B6 8BF8
:004391B8 85FF
:004391BA 0F8439020000
:004391C0 B201
:004391C2 A130EB4100
:004391C7 E810B7FDFF
:004391CC 8945F4
:004391CF 33C0
:004391D1 55
:004391D2 68C5924300
:004391D7 64FF30
:004391DA 648920
:004391DD 8B45EC
:004391E0 8B4018
:004391E3 50

jne 004393F9
cmp dword ptr [eax+00000228], 00000000
je 004393F9
xor ecx, ecx
call 00432B60
mov edi, eax
test edi, edi
je 004393F9
mov dl, 01
call 004148DC
xor eax, eax
push ebp
push 004392C5
push eax

|
:004391E4 E877CDFCFF
Call 00405F60
:004391E9 8945F8
:004391EC 33C0
xor eax, eax
:004391EE 55
push ebp
:004391EF 68A8924300
push 004392A8
:004391F4 64FF30
:004391F7 648920
:004391FA 8B45EC
:004391FD 8B5018
:00439200 8B45F4
:00439203 E8D8BCFDFF
call 00414EE0
call 00438EA8
:0043920D 8BD0
mov edx, eax
:0043920F 8B45F4
:00439212 8B400C
:00439215 E85EAFFDFF
call 00414178
:0043921A 8B45EC
:0043921D F6401001
test [eax+10], 01
:00439221 7422
je 00439245
:00439223 8B45F4
:00439226 8B4014
:00439229
:0043922E
:00439233
:00439236
:00439239
:0043923E
:00439243
BA0D000080
E859B5FDFF
8B45F4
8B400C
BA0E000080
E885ADFDFF
EB20
mov edx, 8000000D

call 0041478C
mov edx, 8000000E
call 00413FC8
jmp 00439265
|:00439221(C)
|
:00439245 8B45F4
:00439248 8B4014
:0043924B BA04000080
:00439250 E837B5FDFF
:00439255 8B45F4
:00439258 8B400C
:0043925B BA07000080
:00439260 E863ADFDFF
|:00439243(U)
|
:00439265 8B45EC
:00439268 F6401001
:0043926C 0F95C0
:0043926F 50
:00439270 8B45EC
:00439273 8D481C
:00439276 8B55F4
:00439279 8BC7
:0043927B 8B18
:0043927D FF5330
:00439280 33C0
:00439282 5A
:00439283 59
:00439284 59
:00439285 648910
:00439288 68AF924300
|:004392AD(U)
|
:0043928D 33D2
:0043928F 8B45F4
:00439292 E849BCFDFF
:00439297 8B45F8
:0043929A 50
:0043929B 8B45EC
:0043929E 8B4018
:004392A1 50
mov eax, dword ptr

mov eax, dword ptr
mov edx, 80000004
call 0041478C
mov eax, dword ptr
mov eax, dword ptr
mov edx, 80000007
call 00413FC8
[ebp-0C]
[eax+0C]

test [eax+10], 01
setne al
push eax
mov eax, edi
call [ebx+30]
xor eax, eax
pop edx
pop ecx
pop ecx
push 004392AF
xor edx, edx

mov eax, dword
call 00414EE0
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax

|
:004392A2 E8B1CCFCFF
Call 00405F58
:004392A7 C3
ret
:004392A8 E9CB9FFCFF
:004392AD EBDE
[ebp-0C]
[eax+14]
jmp 00403278
jmp 0043928D
ptr [ebp-0C]
ptr [ebp-08]
ptr [ebp-14]
ptr [eax+18]
:004392AF
:004392B1
:004392B2
:004392B3
:004392B4
33C0
5A
59
59
648910
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:004392B7 6803944300
push 00439403
|:004392CA(U)
|
:004392BC 8B45F4
:004392BF E85C99FCFF
:004392C4 C3
:004392C5 E9AE9FFCFF
:004392CA EBF0
jmp 00403278
jmp 004392BC
|:00438F01(C)
|
:004392CC 8B7308
:004392CF 833E01
:004392D2 0F8521010000
:004392D8 8B45FC
:004392DB 83B82802000000
:004392E2 0F8411010000
:004392E8 8B5608
:004392EB 8B45FC
:004392EE 8B8028020000
:004392F4 33C9
:004392F6 E86598FFFF
:004392FB 8BF8
:004392FD 85FF
:004392FF 0F84F4000000
:00439305 8B45FC
:00439308 E8F3FBFEFF
:0043930D 50

call 00402C20
ret

jne 004393F9
cmp dword ptr [eax+00000228], 00000000
je 004393F9
xor ecx, ecx
call 00432B60
mov edi, eax
test edi, edi
je 004393F9
call 00428F00
push eax

|
:0043930E E825CFFCFF
Call 00406238
:00439313 8945F0
:00439316 33C0
xor eax, eax
:00439318 55
push ebp
:00439319 68F2934300
push 004393F2
:0043931E 64FF30
:00439321 648920
:00439324 B201
mov dl, 01
:00439326 A130EB4100
:0043932B E8ACB5FDFF
call 004148DC
:00439330 8945F4
:00439333 33C0
xor eax, eax
:00439335 55
push ebp
:00439336 68CB934300
push 004393CB
:0043933B 64FF30
:0043933E 648920
:00439341 8B45F0
:00439344 50

push eax

|
:00439345 E816CCFCFF
Call 00405F60
:0043934A 8945F8
:0043934D 33C0
xor eax, eax
:0043934F 55
push ebp
:00439350 68AE934300
push 004393AE
:00439355 64FF30
:00439358 648920
:0043935B 8B55F0
:0043935E 8B45F4
:00439361 E87ABBFDFF
call 00414EE0
:00439366 E83DFBFFFF
call 00438EA8
:0043936B 8BD0
mov edx, eax
:0043936D 8B45F4
:00439370 8B400C
:00439373 E800AEFDFF
call 00414178
:00439378 8D4610
:0043937B 50
push eax
:0043937C 8D4E0C
lea ecx, dword ptr [esi+0C]
:0043937F 8B55F4
:00439382 8BC7
mov eax, edi
:00439384 E84789FFFF
call 00431CD0
:00439389 33C0
xor eax, eax
:0043938B 5A
pop edx
:0043938C 59
pop ecx
:0043938D 59
pop ecx
:0043938E 648910
:00439391 68B5934300
push 004393B5
|:004393B3(U)
|
:00439396 33D2
:00439398 8B45F4
:0043939B E840BBFDFF
:004393A0 8B45F8
:004393A3 50
:004393A4 8B45F0
:004393A7 50

xor edx, edx
call 00414EE0
push eax
push eax

|
:004393A8 E8ABCBFCFF
Call 00405F58
:004393AD C3
ret
:004393AE
:004393B3
:004393B5
:004393B7
:004393B8
:004393B9
:004393BA
:004393BD
E9C59EFCFF
EBE1
33C0
5A
59
59
648910
68D2934300
jmp 00403278
jmp 00439396
xor eax, eax
pop edx
pop ecx
pop ecx
push 004393D2
|:004393D0(U)
|
:004393C2 8B45F4
:004393C5 E85698FCFF
:004393CA C3

call 00402C20
ret
:004393CB
:004393D0
:004393D2
:004393D4
:004393D5
:004393D6
:004393D7
jmp
jmp
xor
pop
pop
pop
mov
E9A89EFCFF
EBF0
33C0
5A
59
59
648910
00403278
004393C2
eax, eax
edx
ecx
ecx

|
:004393DA 6803944300
push 00439403
|:004393F7(U)
|
:004393DF 8B45F0
:004393E2 50
:004393E3 8B45FC
:004393E6 E815FBFEFF
:004393EB 50

push eax
call 00428F00
push eax

|
:004393EC E86FCFFCFF
Call 00406360
:004393F1 C3
ret
:004393F2 E9819EFCFF
:004393F7 EBE6
jmp 00403278
jmp 004393DF

|:00438F21(U), :00438F35(C), :00438F45(C), :00438F55(C), :00438F65(C)
|:00438F72(C), :004390A3(C), :004390B0(C), :004390FC(C), :00439121(C)
|:00439157(C), :0043916C(C), :00439179(U), :0043918A(C), :0043919A(C)
|:004391BA(C), :004392D2(C), :004392E2(C), :004392FF(C)
|
:004393F9 8BD3
mov edx, ebx
:004393FB 8B45FC
:004393FE E8D1D5FEFF
call 004269D4
|:0043906C(U), :0043908E(U), :0043909A(C), :00439108(U)
|
:00439403 5F
pop edi
:00439404 5E
pop esi
:00439405 5B
pop ebx
:00439406 8BE5
mov esp, ebp
:00439408 5D
pop ebp
:00439409 C3
ret
:0043940A 0000
BYTE 2 DUP(0)
:0043940C
:0043940E
:00439410
:00439412
1100
0000
0100
0000
adc
add
add
add

byte ptr [eax], al
byte ptr [eax], al

|:004394C5 , :0043951B , :0043955B
|
:00439414 55
push ebp
:00439415 8BEC
mov ebp, esp
:00439417 8B4508
:0043941A 8B40F8
:0043941D 8B4008
:00439420 50
push eax
:00439421 8B4508
:00439424 8B40F8
:00439427 8B4004
:0043942A 50
push eax
:0043942B 8B4508
:0043942E 8B40F8
:00439431 8B00
:00439433 50
push eax
:00439434 8B4508
:00439437 8B40FC
:0043943A 8B8034020000
:00439440 50
push eax
:00439441 8B4508
:00439444 8B40FC
:00439447 8B8054020000
:0043944D 50
push eax
|
:0043944E E8BDCBFCFF
Call 00406010
:00439453 8B5508
:00439456 8B52F8
:00439459 89420C
:0043945C 5D
pop ebp
:0043945D C3
ret
:0043945E 8BC0
mov eax, eax

|:0043953A
|
:00439460 55
push ebp
:00439461 8BEC
mov ebp, esp
:00439463 53
push ebx
:00439464 56
push esi
:00439465 8B4508
:00439468 8B40FC
:0043946B E888030000
call 004397F8
:00439470 8BD8
mov ebx, eax
:00439472 4B
dec ebx
:00439473 85DB
test ebx, ebx
:00439475 7C21
jl 00439498
:00439477 43
inc ebx
:00439478 33F6
xor esi, esi
|:00439496(C)
|
:0043947A 8B4508
:0043947D 8B40FC
:00439480 8BD6
:00439482 E8BD030000
:00439487 80B80B02000002
:0043948E 7504
:00439490 B001
:00439492 EB06

mov edx, esi
call 00439844
jne 00439494
mov al, 01
jmp 0043949A

|:0043948E(C)
|
:00439494 46
inc esi
:00439495 4B
dec ebx
:00439496 75E2
jne 0043947A
|:00439475(C)
|
:00439498 33C0
xor eax, eax
|:00439492(U)
|
:0043949A 5E
pop esi
:0043949B 5B
pop ebx
:0043949C 5D
pop ebp
:0043949D C3
ret
:0043949E
:004394A0
:004394A1
:004394A3
:004394A6
:004394A9
:004394AC
:004394AF
:004394B1
:004394B4
:004394B6
:004394B9
:004394BB
:004394BE
:004394C4
:004394C5
:004394CA
:004394CB
:004394CE
:004394D2
:004394D8
:004394DB
:004394E2
8BC0
55
8BEC
83C4E8
8955F8
8945FC
8B45F8
8B00
83E814
742E
83E82B
745F
83E845
0F8596000000
55
E84AFFFFFF
59
8B45F8
83780C01
0F8589000000
8B45F8
C7400CFFFFFFFF
EB7D
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFE8
sub eax, 00000014
je 004394E4
sub eax, 0000002B
je 0043951A
sub eax, 00000045
jne 0043955A
push ebp
call 00439414
pop ecx
jne 00439561
mov [eax+0C], FFFFFFFF
jmp 00439561

|:004394B4(C)
|
:004394E4
:004394E7
:004394ED
:004394F2
:004394F3
:004394F6
:004394F9
:004394FB
:004394FE
:00439501
:00439502
:00439505
:00439508
8B45FC
8B8024010000
E8CEB2FDFF
50
8D55E8
8B45FC
8B08
FF5144
8D45E8
50
8B45F8
8B4004
50
mov eax, dword

mov eax, dword
call 004147C0
push eax
lea edx, dword
mov eax, dword
mov ecx, dword
call [ecx+44]
lea eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
ptr [ebp-04]
ptr [eax+00000124]
ptr [ebp-18]
ptr [ebp-04]
ptr [eax]
ptr [ebp-18]
ptr [ebp-08]
ptr [eax+04]

|
:00439509 E8EACBFCFF
Call 004060F8
:0043950E 8B45F8
:00439511 C7400C01000000
mov [eax+0C], 00000001
:00439518 EB47
jmp 00439561
|:004394B9(C)
|
:0043951A 55
:0043951B E8F4FEFFFF
:00439520 59
:00439521 8B45FC
:00439524 80B80F02000002
:0043952B 7534
:0043952D 8B45FC
:00439530 E8C3020000
:00439535 85C0
:00439537 740F
:00439539 55
:0043953F 59
:00439540 84C0
:00439542 7404
:00439544 33D2
:00439546 EB02

push ebp
call 00439414
pop ecx
jne 00439561
call 004397F8
test eax, eax
je 00439548
push ebp
call 00439460
pop ecx
test al, al
je 00439548
xor edx, edx
jmp 0043954A

|:00439537(C), :00439542(C)
|
:00439548 B201
mov dl, 01
|:00439546(U)
|
:0043954A 8B45FC
:0043954D 8B8034020000
:00439553 E8DCCDFFFF
:00439558 EB07

call 00436334
jmp 00439561

|:004394BE(C)
|
:0043955A 55
push ebp
:0043955B E8B4FEFFFF
:00439560 59
call 00439414
pop ecx

|:004394D2(C), :004394E2(U), :00439518(U), :0043952B(C), :00439558(U)
|
:00439561 8BE5
mov esp, ebp
:00439563 5D
pop ebp
:00439564 C3
ret
:00439565
:00439568
:00439569
:0043956A
:0043956B
:0043956D
:0043956F
:00439571
:00439573
:00439578
:0043957E
:00439580
:00439582
:00439584
:00439587
:0043958A
:0043958C
:0043958D
:00439590
:00439592
:00439594
:00439595
:00439596
:00439597
:00439599
8D4000
53
56
57
8BD9
8BF0
8BCB
8BC6
E840E3FFFF
8B8634020000
85C0
741D
6A14
8B4B0C
8B7B04
2BCF
51
8B4B08
8B13
2BCA
51
57
52
6A01
50
lea eax, dword

push ebx
push esi
push edi
mov ebx, ecx
mov esi, eax
mov ecx, ebx
mov eax, esi
call 004378B8
mov eax, dword
test eax, eax
je 0043959F
push 00000014
mov ecx, dword
mov edi, dword
sub ecx, edi
push ecx
mov ecx, dword
mov edx, dword
sub ecx, edx
push ecx
push edi
push edx
push 00000001
push eax
ptr [eax+00]
ptr [esi+00000234]
ptr [ebx+0C]
ptr [ebx+04]
ptr [ebx+08]
ptr [ebx]

|
:0043959A E869CEFCFF
Call 00406408
|:00439580(C)
|
:0043959F 5F
pop edi
:004395A0 5E
pop esi
:004395A1 5B
pop ebx
:004395A2 C3
ret
:004395A3
:004395A4
:004395A5
:004395A6
:004395A7
:004395A8
:004395AA
:004395AC
:004395B1
:004395B3
90
53
56
57
51
8BD8
8BC3
E837E9FFFF
8BC3
E828FDFEFF
nop
push ebx
push esi
push edi
push ecx
mov ebx, eax
mov eax, ebx
call 00437EE8
mov eax, ebx
call 004292E0
:004395B8
:004395BA
:004395BC
:004395BE
:004395C0
:004395C5
84C0
743D
6AEC
8BC3
E83BF9FEFF
50
test al, al
je 004395F9
push FFFFFFEC
mov eax, ebx
call 00428F00
push eax

|
:004395C6 E875CCFCFF
Call 00406240
:004395CB 25FFEFFFFF
and eax, FFFFEFFF
:004395D0 25FFDFFFFF
and eax, FFFFDFFF
:004395D5 25FFBFFFFF
and eax, FFFFBFFF
:004395DA 890424
:004395DD 8BD4
mov edx, esp
:004395DF 8BC3
mov eax, ebx
:004395E1 E89ACBFEFF
call 00426180
:004395E6 8B0424
:004395E9 50
push eax
:004395EA 6AEC
push FFFFFFEC
:004395EC 8BC3
mov eax, ebx
:004395EE E80DF9FEFF
call 00428F00
:004395F3 50
push eax
|
:004395F4 E8FFCDFCFF
Call 004063F8
|:004395BA(C)
|
:004395F9 8BC3
:004395FB E82C85FDFF
:00439600 8BF8
:00439602 4F
:00439603 85FF
:00439605 7C2D
:00439607 47
:00439608 33F6
|:00439632(C)
|
:0043960A 8BD6
:0043960C 8BC3
:0043960E E8AD84FDFF
:00439613 8B15E0004300
:00439619 E87297FCFF
:0043961E 84C0
:00439620 740E
:00439622 8BD6
:00439624 8BC3
:00439626 E89584FDFF
:0043962B E8C09EFFFF
mov eax, ebx

call 00411B2C
mov edi, eax
dec edi
test edi, edi
jl 00439634
inc edi
xor esi, esi
mov edx, esi

mov eax, ebx
call 00411AC0
call 00402D90
test al, al
je 00439630
mov edx, esi
mov eax, ebx
call 00411AC0
call 004334F0

|:00439620(C)
|
:00439630 46
inc esi
:00439631 4F
dec edi
:00439632 75D6
jne 0043960A

|:00439605(C)
|
:00439634 5A
pop edx
:00439635 5F
pop edi
:00439636 5E
pop esi
:00439637 5B
pop ebx
:00439638 C3
ret
:00439639
:0043963C
:0043963D
:0043963F
:00439640
:00439643
:00439646
:0043964D
:0043964F
:00439652
:00439659
:0043965B
:0043965C
:00439661
:00439664
:00439667
:0043966A
:0043966E
:00439670
:00439673
:00439676
:00439678
:0043967A
:0043967F
:00439682
:00439685
:00439687
:0043968A
8D4000
55
8BEC
51
8945FC
8B45FC
80B82402000000
7571
8B45FC
C6802402000001
33D2
55
68B9964300
64FF32
648922
8B45FC
80785000
7431
8B45FC
8B4024
85C0
7512
A1A4374400
8A5028
8B45FC
8B08
FF516C
EB0B

push ebp
mov ebp, esp
push ecx
jne 004396C0
xor edx, edx
push ebp
push 004396B9
je 004396A1
test eax, eax
jne 0043968C
call [ecx+6C]
jmp 00439697

|:00439678(C)
|
:0043968C 8A504F
:0043968F 8B45FC
:00439692 8B08
:00439694 FF516C
call [ecx+6C]
|:0043968A(U)
|
:00439697 B201
mov dl, 01
:00439699 8B45FC
:0043969C 8B08
:0043969E FF5168
call [ecx+68]
|:0043966E(C)
|
:004396A1
:004396A3
:004396A4
:004396A5
:004396A6
:004396A9
33C0
5A
59
59
648910
68C0964300
xor eax, eax

pop edx
pop ecx
pop ecx
push 004396C0
|:004396BE(U)
|
:004396AE 8B45FC
:004396B1 C6802402000000
:004396B8 C3
:004396B9 E9BA9BFCFF
:004396BE EBEE
jmp 00403278
jmp 004396AE

ret

|:0043964D(C)
|
:004396C0 59
pop ecx
:004396C1 5D
pop ebp
:004396C2 C3
ret
:004396C3
:004396C4
:004396C5
:004396C6
:004396C9
:004396CB
:004396CE
:004396D4
:004396D6
:004396D9
:004396DF
:004396E3
:004396E5
:004396E7
90
53
51
881424
8BD8
8A0424
3A8308020000
7416
8A0424
888308020000
F6432010
7507
8BC3
E890CFFEFF
nop
push ebx
push ecx
mov ebx, eax
je 004396EC
test [ebx+20], 10
jne 004396EC
mov eax, ebx
call 0042667C
|:004396D4(C), :004396E3(C)
|
:004396EC 5A
:004396ED 5B
:004396EE C3
:004396EF 90
nop
pop edx
pop ebx
ret

|:0043C686 , :00440D60
|
:004396F0 56
push esi
:004396F1 8BF0
mov esi, eax
:004396F3 3A9609020000
:004396F9 742A
je 00439725
:004396FB 8BC2
mov eax, edx
:004396FD 888609020000
:00439703
:00439705
:00439707
:00439709
:0043970B
:0043970D
2C02
7408
2C03
7404
33D2
EB02
sub al, 02
je 0043970F
sub al, 03
je 0043970F
xor edx, edx
jmp 00439711

|:00439705(C), :00439709(C)
|
:0043970F B201
mov dl, 01
|:0043970D(U)
|
:00439711 8BC6
:00439713 E81CE3FFFF
:00439718 F6462010
:0043971C 7507
:0043971E 8BC6
:00439720 E857CFFEFF

mov eax, esi
call 00437A34
test [esi+20], 10
jne 00439725
mov eax, esi
call 0042667C

|:004396F9(C), :0043971C(C)
|
:00439725 5E
pop esi
:00439726 C3
ret
:00439727
:00439728
:00439729
:0043972A
:0043972B
:0043972E
:00439730
:00439733
:00439738
:00439739
:0043973A
:0043973C
:0043973F
:00439745
:00439747
:00439749
:0043974E
:00439751
:00439753
:00439755
:00439757
:00439759
:0043975F
:00439761
:00439763
90
53
56
57
83C4F0
8BF1
8D3C24
B904000000
F3
A5
8BD8
8B7B24
8BB38C000000
8BCC
8BC3
E8A692FEFF
8B4324
85C0
7413
3BF8
750F
3BB38C000000
7407
8BC3
E814CFFEFF
nop
push ebx
push esi
push edi
add esp, FFFFFFF0
mov esi, ecx
lea edi, dword ptr
mov ecx, 00000004
repz
movsd
mov ebx, eax
mov edi, dword ptr
mov esi, dword ptr
mov ecx, esp
mov eax, ebx
call 004229F4
mov eax, dword ptr
test eax, eax
je 00439768
cmp edi, eax
jne 00439768
cmp esi, dword ptr
je 00439768
mov eax, ebx
call 0042667C
[esp]
[ebx+24]
[ebx+0000008C]
[ebx+24]
[ebx+0000008C]

|:00439753(C), :00439757(C), :0043975F(C)
|
:00439768 83C410
add esp, 00000010
:0043976B 5F
pop edi
:0043976C 5E
:0043976D 5B
:0043976E C3
pop esi
pop ebx
ret
:0043976F
:00439770
:00439771
:00439772
:00439773
:00439775
:00439777
:00439779
:0043977F
:00439781
:00439783
:00439785
:00439787
:00439789
:0043978C
:0043978E
90
53
56
57
8BF9
8BF2
8BD8
3BB38C000000
7434
85F6
740B
8BC3
8B10
FF5254
84C0
7425
nop
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
je 004397B5
test esi, esi
je 00439790
mov eax, ebx
call [edx+54]
test al, al
je 004397B5
|:00439783(C)
|
:00439790 85F6
:00439792 750E
:00439794 8A8360020000
:0043979A 888309020000
:004397A0 EB13
|:00439792(C)
|
:004397A2 8A8309020000
:004397A8 888360020000
:004397AE C6830902000000
test esi, esi

jne 004397A2
jmp 004397B5


|:0043977F(C), :0043978E(C), :004397A0(U)
|
:004397B5 8BCF
mov ecx, edi
:004397B7 8BD6
mov edx, esi
:004397B9 8BC3
mov eax, ebx
:004397BB E84093FEFF
call 00422B00
:004397C0 5F
pop edi
:004397C1 5E
pop esi
:004397C2 5B
pop ebx
:004397C3 C3
ret

|:004390C7 , :004390D3 , :0043AA26 , :0043AA31 , :0043AC93
|
:004397C4 53
push ebx
:004397C5 8BD8
mov ebx, eax
:004397C7 33C0
xor eax, eax
:004397C9 80BB0F02000002
:004397D0 7523
jne 004397F5
:004397D2
:004397D9
:004397DB
:004397DD
:004397DF
:004397E4
:004397EA
83BB3402000000
741A
6A00
6A00
6829020000
8B8334020000
50
cmp dword ptr [ebx+00000234], 00000000

je 004397F5
push 00000000
push 00000000
push 00000229
push eax

|
:004397EB E898CBFCFF
Call 00406388
:004397F0 E8876CFEFF
call 0042047C
|:004397D0(C), :004397D9(C)
|
:004397F5 5B
pop ebx
:004397F6 C3
ret
:004397F7 90
nop

|:0043946B , :00439530 , :0043ACB9 , :0043BD79
|
:004397F8 53
push ebx
:004397F9 56
push esi
:004397FA 57
push edi
:004397FB 33FF
xor edi, edi
:004397FD 80B80F02000002
:00439804 7537
jne 0043983D
:00439806 83B83402000000
cmp dword ptr [eax+00000234], 00000000
:0043980D 742E
je 0043983D
:0043980F A1A8374400
:00439814 E827360000
call 0043CE40
:00439819 8BD8
mov ebx, eax
:0043981B 4B
dec ebx
:0043981C 85DB
test ebx, ebx
:0043981E 7C1D
jl 0043983D
:00439820 43
inc ebx
:00439821 33F6
xor esi, esi
|:0043983B(C)
|
:00439823 8BD6
:00439825 A1A8374400
:0043982A E8FD350000
:0043982F 80B80F02000001
:00439836 7501
:00439838 47

mov edx, esi
call 0043CE2C
jne 00439839
inc edi

|:00439836(C)
|
:00439839 46
inc esi
:0043983A 4B
dec ebx
:0043983B 75E6
jne 00439823
|:00439804(C), :0043980D(C), :0043981E(C)

|
:0043983D 8BC7
mov eax, edi
:0043983F 5F
pop edi
:00439840 5E
pop esi
:00439841 5B
pop ebx
:00439842 C3
ret
:00439843 90
nop

|:00439482 , :0043ACDD , :0043BD8C
|
:00439844 53
push ebx
:00439845 56
push esi
:00439846 57
push edi
:00439847 8BFA
mov edi, edx
:00439849 80B80F02000002
:00439850 753B
jne 0043988D
:00439852 83B83402000000
cmp dword ptr [eax+00000234], 00000000
:00439859 7432
je 0043988D
:0043985B A1A8374400
:00439860 E8DB350000
call 0043CE40
:00439865 8BD8
mov ebx, eax
:00439867 4B
dec ebx
:00439868 85DB
test ebx, ebx
:0043986A 7C21
jl 0043988D
:0043986C 43
inc ebx
:0043986D 33F6
xor esi, esi
|:0043988B(C)
|
:0043986F 8BD6
:00439871 A1A8374400
:00439876 E8B1350000
:0043987B 80B80F02000001
:00439882 7505
:00439884 4F
:00439885 85FF
:00439887 7C06

mov edx, esi
call 0043CE2C
jne 00439889
dec edi
test edi, edi
jl 0043988F

|:00439882(C)
|
:00439889 46
inc esi
:0043988A 4B
dec ebx
:0043988B 75E2
jne 0043986F
|:00439850(C), :00439859(C), :0043986A(C)
|
:0043988D 33C0
xor eax, eax
|:00439887(C)
|
:0043988F 5F
pop edi
:00439890 5E
pop esi
:00439891 5B
:00439892 C3
pop ebx
ret
:00439893 90
nop

|:00439E0C , :00439E37 , :00439E5C
|
:00439894 53
push ebx
:00439895 56
push esi
:00439896 57
push edi
:00439897 55
push ebp
:00439898 8BD8
mov ebx, eax
:0043989A 33ED
xor ebp, ebp
:0043989C 6A02
push 00000002
:0043989E 8BC3
mov eax, ebx
:004398A0 E85BF6FEFF
call 00428F00
:004398A5 50
push eax
:004398A6 A19C2B4400
:004398AB 8B00
:004398AD FFD0
call eax
:004398AF 8BF8
mov edi, eax
:004398B1 A1A8374400
:004398B6 E855350000
call 0043CE10
:004398BB 8BF0
mov esi, eax
:004398BD 4E
dec esi
:004398BE 85F6
test esi, esi
:004398C0 7C28
jl 004398EA
:004398C2 46
inc esi
:004398C3 33DB
xor ebx, ebx
|:004398E8(C)
|
:004398C5 8BD3
:004398C7 A1A8374400
:004398CC E82B350000
:004398D1 3B7804
:004398D4 7510
:004398D6 8BD3
:004398D8 A1A8374400
:004398DD E81A350000
:004398E2 8BE8
:004398E4 EB04

mov edx, ebx
call 0043CDFC
jne 004398E6
mov edx, ebx
call 0043CDFC
mov ebp, eax
jmp 004398EA

|:004398D4(C)
|
:004398E6 43
inc ebx
:004398E7 4E
dec esi
:004398E8 75DB
jne 004398C5
|:004398C0(C), :004398E4(U)
|
:004398EA 8BC5
:004398EC 5D
:004398ED 5F
:004398EE 5E

mov
pop
pop
pop
eax, ebp
ebp
edi
esi
:004398EF 5B
:004398F0 C3
pop ebx
ret
:004398F1 8D4000

|:0043897D , :00440D68 , :00440D7B , :00440E2F , :00440ECF
|
:004398F4 8B8018020000
:004398FA C3
ret
:004398FB
:004398FC
:00439902
:00439904
:00439907
90
8B8020020000
8B08
FF5108
C3
nop
call [ecx+08]
ret

|:00438AB9 , :00439915
|
:00439908 8A404E
:0043990B 3401
xor al, 01
:0043990D C3
ret
:0043990E
:00439910
:00439911
:00439913
:00439915
:0043991A
:0043991C
:0043991E
:00439924
:00439929
:0043992B
8BC0
53
8BD8
8BC3
E8EEFFFFFF
84C0
740F
8B8320020000
E80309FEFF
85C0
7504
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 00439908
test al, al
je 0043992D
call 0041A22C
test eax, eax
jne 00439931

|:0043991C(C)
|
:0043992D 33C0
xor eax, eax
:0043992F 5B
pop ebx
:00439930 C3
ret

|:0043992B(C)
|
:00439931 B001
mov al, 01
:00439933 5B
pop ebx
:00439934 C3
ret
:00439935 8D4000

|:0043C698
|
:00439938 53
push ebx
:00439939 56
push esi
:0043993A 8BDA
mov ebx, edx
:0043993C 8BF0
mov esi, eax
:0043993E 3A9E0F020000
cmp bl, byte ptr [esi+0000020F]
:00439944 746D
je 004399B3
:00439946 80FB01
cmp bl, 01
:00439949 7512
jne 0043995D
:0043994B 80BE1002000000
:00439952 7509
jne 0043995D
:00439954 B201
mov dl, 01
:00439956 8BC6
mov eax, esi
:00439958 E81F030000
call 00439C7C
|:00439949(C), :00439952(C)
|
:0043995D F6462010
:00439961 7507
:00439963 8BC6
:00439965 E8CACCFEFF
|:00439961(C)
|
:0043996A 8A860F020000
:00439970 889E0F020000
:00439976 80FB02
:00439979 7404
:0043997B 3C02
:0043997D 7519
|:00439979(C)
|
:0043997F 80BE2C01000000
:00439986 7510
:00439988 8BC6
:0043998A E869030000
:0043998F 8BD0
:00439991 8BC6
:00439993 E89899FEFF
|:0043997D(C), :00439986(C)
|
:00439998 F6462010
:0043999C 7507
:0043999E 8BC6
:004399A0 E827CEFEFF
test [esi+20], 10
jne 0043996A
mov eax, esi
call 00426634

mov byte ptr [esi+0000020F], bl
cmp bl, 02
je 0043997F
cmp al, 02
jne 00439998

jne 00439998
mov eax, esi
call 00439CF8
mov edx, eax
mov eax, esi
call 00423330
test [esi+20], 10
jne 004399A5
mov eax, esi
call 004267CC

|:0043999C(C)
|
:004399A5 80FB01
cmp bl, 01
:004399A8 7509
jne 004399B3
:004399AA B201
mov dl, 01
:004399AC 8BC6
:004399AE E8D1F3FFFF
mov eax, esi

call 00438D84
|:00439944(C), :004399A8(C)
|
:004399B3 5E
:004399B4 5B
:004399B5 C3
:004399B6 8BC0
mov eax, eax
pop esi
pop ebx
ret

|:00439A68 , :00439C09 , :00439D7D
|
:004399B8 53
push ebx
:004399B9 56
push esi
:004399BA 57
push edi
:004399BB 55
push ebp
:004399BC 8BE8
mov ebp, eax
:004399BE 80BD0F02000002
cmp byte ptr [ebp+0000020F], 02
:004399C5 7565
jne 00439A2C
:004399C7 83BD3402000000
cmp dword ptr [ebp+00000234], 00000000
:004399CE 745C
je 00439A2C
:004399D0 33F6
xor esi, esi
:004399D2 8B8528020000
:004399D8 85C0
test eax, eax
:004399DA 7407
je 004399E3
:004399DC 8B10
:004399DE FF5234
call [edx+34]
:004399E1 8BF0
mov esi, eax
|:004399DA(C)
|
:004399E3 33FF
:004399E5 8B8538020000
:004399EB 85C0
:004399ED 7407
:004399EF E8407AFFFF
:004399F4 8BF8
|:004399ED(C)
|
:004399F6 8BC5
:004399F8 E803F5FEFF
:004399FD 50
xor edi, edi

test eax, eax
je 004399F6
call 00431434
mov edi, eax
mov eax, ebp

call 00428F00
push eax

|
:004399FE E8A5C7FCFF
Call 004061A8
:00439A03 3BF0
cmp esi, eax
:00439A05 0F95C3
setne bl
:00439A08 57
push edi
:00439A09 56
push esi
:00439A0A 6830020000
push 00000230
:00439A0F 8B8534020000
:00439A15 50
push eax

|
:00439A16 E86DC9FCFF
Call 00406388
:00439A1B 84DB
test bl, bl
:00439A1D 740D
je 00439A2C
:00439A1F 8BC5
mov eax, ebp
:00439A21 E8DAF4FEFF
call 00428F00
:00439A26 50
push eax
|
:00439A27 E884C6FCFF
Call 004060B0
|:004399C5(C), :004399CE(C), :00439A1D(C)
|
:00439A2C 5D
pop ebp
:00439A2D 5F
pop edi
:00439A2E 5E
pop esi
:00439A2F 5B
pop ebx
:00439A30 C3
ret
:00439A31
:00439A34
:00439A3A
:00439A3C
:00439A3E
:00439A40
:00439A42
8D4000
899040020000
85D2
7409
8BC2
33D2
E86585FFFF

test edx, edx
je 00439A47
mov eax, edx
xor edx, edx
call 00431FAC

|:00439A3C(C)
|
:00439A47 C3
ret
|:00438624
|
:00439A48 53
push ebx
:00439A49 8BD8
mov ebx, eax
:00439A4B 3B9338020000
:00439A51 741A
je 00439A6D
:00439A53 899338020000
:00439A59 85D2
test edx, edx
:00439A5B 7409
je 00439A66
:00439A5D 8BC2
mov eax, edx
:00439A5F 8BD3
mov edx, ebx
:00439A61 E82A7BFDFF
call 00411590
|:00439A5B(C)
|
:00439A66 8BC3
mov eax, ebx
:00439A68 E84BFFFFFF
call 004399B8
|:00439A51(C)
|
:00439A6D 5B
:00439A6E C3
pop ebx
ret
:00439A6F 90
nop

|:004385DA , :00438613 , :00439D8A , :0043AF6F
|
:00439A70 55
push ebp
:00439A71 8BEC
mov ebp, esp
:00439A73 83C4F0
add esp, FFFFFFF0
:00439A76 53
push ebx
:00439A77 56
push esi
:00439A78 57
push edi
:00439A79 33C9
xor ecx, ecx
:00439A7B 894DF0
:00439A7E 8BF2
mov esi, edx
:00439A80 8BD8
mov ebx, eax
:00439A82 33C0
xor eax, eax
:00439A84 55
push ebp
:00439A85 68249C4300
push 00439C24
:00439A8A 64FF30
:00439A8D 648920
:00439A90 85F6
test esi, esi
:00439A92 7470
je 00439B04
:00439A94 A1A8374400
:00439A99 E8A2330000
call 0043CE40
:00439A9E 48
dec eax
:00439A9F 85C0
test eax, eax
:00439AA1 7C61
jl 00439B04
:00439AA3 40
inc eax
:00439AA4 8945FC
:00439AA7 33FF
xor edi, edi
|:00439B02(C)
|
:00439AA9 8BD7
:00439AAB A1A8374400
:00439AB0 E877330000
:00439AB5 3BB028020000
:00439ABB 7541
:00439ABD 8BD7
:00439ABF A1A8374400
:00439AC4 E863330000
:00439AC9 3BD8
:00439ACB 7431
:00439ACD 8B4608
:00439AD0 8945F4
:00439AD3 C645F80B
:00439AD7 8D45F4
:00439ADA 50
:00439ADB 6A00
:00439ADD 8D55F0
:00439AE0 A1D42A4400
:00439AE5 E83AB3FCFF
:00439AEA 8B4DF0
:00439AED B201
:00439AEF A1F4B44000

mov edx, edi
call 0043CE2C
jne 00439AFE
mov edx, edi
call 0043CE2C
cmp ebx, eax
je 00439AFE
mov [ebp-08], 0B
push eax
push 00000000
call 00404E24
mov dl, 01
:00439AF4 E8AFEDFCFF
:00439AF9 E8B297FCFF
call 004088A8
call 004032B0
|:00439ABB(C), :00439ACB(C)
|
:00439AFE 47
:00439AFF FF4DFC
:00439B02 75A5
|:00439A92(C), :00439AA1(C)
|
:00439B04 8B8328020000
:00439B0A 85C0
:00439B0C 7407
:00439B0E 33D2
:00439B10 E84B95FFFF
|:00439B0C(C)
|
:00439B15 89B328020000
:00439B1B 85F6
:00439B1D 7409
:00439B1F 8BD3
:00439B21 8BC6
:00439B23 E8687AFDFF
|:00439B1D(C)
|
:00439B28 85F6
:00439B2A 0F84AB000000
:00439B30 F6432010
:00439B34 750D
:00439B36 80BB0902000003
:00439B3D 0F8498000000
|:00439B34(C)
|
:00439B43 8B8328020000
:00439B49 80784C00
:00439B4D 7509
:00439B4F 80BB0F02000001
:00439B56 7506
inc edi
dec [ebp-04]
jne 00439AA9

test eax, eax
je 00439B15
xor edx, edx
call 00433060

test esi, esi
je 00439B28
mov edx, ebx
mov eax, esi
call 00411590
test esi, esi

je 00439BDB
test [ebx+20], 10
jne 00439B43
je 00439BDB
mov
cmp
jne
cmp
jne

byte ptr [eax+4C], 00
00439B58
byte ptr [ebx+0000020F], 01
00439B5E

|:00439B4D(C)
|
:00439B58 F6432010
test [ebx+20], 10
:00439B5C 7458
je 00439BB6
|:00439B56(C)
|
:00439B5E 8BC3
:00439B60 E87BF7FEFF
:00439B65 84C0

mov eax, ebx
call 004292E0
test al, al
:00439B67
:00439B6D
:00439B73
:00439B75
:00439B78
:00439B7A
:00439B7C
:00439B81
0F8488000000
8B8328020000
8B10
FF5234
8BF8
8BC3
E87FF3FEFF
50
je 00439BF5
call [edx+34]
mov edi, eax
mov eax, ebx
call 00428F00
push eax

|
:00439B82 E821C6FCFF
Call 004061A8
:00439B87 3BF8
cmp edi, eax
:00439B89 7419
je 00439BA4
:00439B8B 8B8328020000
:00439B91 8B10
:00439B93 FF5234
call [edx+34]
:00439B96 50
push eax
:00439B97 8BC3
mov eax, ebx
:00439B99 E862F3FEFF
call 00428F00
:00439B9E 50
push eax
|
:00439B9F E814C8FCFF
Call 004063B8
|:00439B89(C)
|
:00439BA4 8BC3
:00439BA6 E855F3FEFF
:00439BAB 8BD0
:00439BAD 8BC6
:00439BAF E8AC94FFFF
:00439BB4 EB3F
|:00439B5C(C)
|
:00439BB6 80BB0F02000001
:00439BBD 7436
:00439BBF 8BC3
:00439BC1 E81AF7FEFF
:00439BC6 84C0
:00439BC8 742B
:00439BCA 6A00
:00439BCC 8BC3
:00439BCE E82DF3FEFF
:00439BD3 50
mov eax, ebx

call 00428F00
mov edx, eax
mov eax, esi
call 00433060
jmp 00439BF5

je 00439BF5
mov eax, ebx
call 004292E0
test al, al
je 00439BF5
push 00000000
mov eax, ebx
call 00428F00
push eax

|
:00439BD4 E8DFC7FCFF
Call 004063B8
:00439BD9 EB1A
jmp 00439BF5
|:00439B2A(C), :00439B3D(C)
|
:00439BDB 8BC3
mov eax, ebx
:00439BDD E8FEF6FEFF
call 004292E0
:00439BE2
:00439BE4
:00439BE6
:00439BE8
:00439BEA
:00439BEF
84C0
740F
6A00
8BC3
E811F3FEFF
50
test al, al
je 00439BF5
push 00000000
mov eax, ebx
call 00428F00
push eax

|
:00439BF0 E8C3C7FCFF
Call 004063B8
|:00439B67(C), :00439BB4(U), :00439BBD(C), :00439BC8(C), :00439BD9(U)
|:00439BE4(C)
|
:00439BF5 80BB0E02000000
cmp byte ptr [ebx+0000020E], 00
:00439BFC 7409
je 00439C07
:00439BFE B201
mov dl, 01
:00439C00 8BC3
mov eax, ebx
:00439C02 E8390E0000
call 0043AA40
|:00439BFC(C)
|
:00439C07 8BC3
:00439C09 E8AAFDFFFF
:00439C0E 33C0
:00439C10 5A
:00439C11 59
:00439C12 59
:00439C13 648910

mov eax, ebx
call 004399B8
xor eax, eax
pop edx
pop ecx
pop ecx

|
:00439C16 682B9C4300
push 00439C2B
|:00439C29(U)
|
:00439C1B 8D45F0
:00439C1E E8959BFCFF
:00439C23 C3
:00439C24
:00439C29
:00439C2B
:00439C2C
:00439C2D
:00439C2E
:00439C30
:00439C31
jmp
jmp
pop
pop
pop
mov
pop
ret
E94F96FCFF
EBF0
5F
5E
5B
8BE5
5D
C3
:00439C32 8BC0

call 004037B8
ret
00403278
00439C1B
edi
esi
ebx
esp, ebp
ebp
mov eax, eax

|:00438964 , :00439C50
|
:00439C34 8B803C020000
:00439C3A
:00439C3C
:00439C3E
:00439C43
85C0
7508
A1A8374400
8B4034
test eax, eax

jne 00439C46
|:00439C3C(C)
|
:00439C46 C3
:00439C47 90
:00439C48 53
:00439C49 56
:00439C4A 8BF2
:00439C4C 8BD8
:00439C4E 8BC3
:00439C50 E8DFFFFFFF
:00439C55 3BF0
:00439C57 741E
:00439C59 85F6
:00439C5B 7405
:00439C5D 83FE24
:00439C60 7C15
|:00439C5B(C)
|
:00439C62 F6432001
:00439C66 7409
:00439C68 83BB3C02000000
:00439C6F 7406
ret
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 00439C34
cmp esi, eax
je 00439C77
test esi, esi
je 00439C62
cmp esi, 00000024
jl 00439C77
test [ebx+20], 01
je 00439C71
je 00439C77

|:00439C66(C)
|
:00439C71 89B33C020000
|:00439C57(C), :00439C60(C), :00439C6F(C)
|
:00439C77 5E
pop esi
:00439C78 5B
pop ebx
:00439C79 C3
ret
:00439C7A 8BC0
mov eax, eax

|:00439958 , :0044130F
|
:00439C7C 3A9010020000
:00439C82 7411
je 00439C95
:00439C84 889010020000
:00439C8A F6402010
test [eax+20], 10
:00439C8E 7505
jne 00439C95
:00439C90 E8E7C9FEFF
call 0042667C
|:00439C82(C), :00439C8E(C)
|
:00439C95 C3
ret
:00439C96 8BC0
mov eax, eax

|:00439CAC
|
:00439C98 83B83C02000000
:00439C9F 0F95C0
setne al
:00439CA2 C3
ret
:00439CA3
:00439CA4
:00439CA5
:00439CA6
:00439CA8
:00439CAA
:00439CAC
:00439CB1
:00439CB3
:00439CB5
:00439CB7
:00439CBD
:00439CBF
:00439CC1
:00439CC6
:00439CC9
90
53
56
8BDA
8BF0
8BC6
E8E7FFFFFF
3AD8
741A
33C0
89863C020000
84DB
740E
A1A8374400
8B4034
89863C020000
nop
push ebx
push esi
mov ebx, edx
mov esi, eax
mov eax, esi
call 00439C98
cmp bl, al
je 00439CCF
xor eax, eax
test bl, bl
je 00439CCF
|:00439CB3(C), :00439CBF(C)
|
:00439CCF 5E
:00439CD0 5B
:00439CD1 C3
:00439CD2
:00439CD4
:00439CD5
:00439CD7
:00439CD9
:00439CDE
:00439CE4
:00439CE6
:00439CE8
:00439CEB
:00439CEE
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 00428484
test eax, eax
je 00439CF3
call 0041478C
8BC0
53
8BD8
8BC3
E8A6E7FEFF
8B8318020000
85C0
740B
8B4014
8B5364
E899AAFDFF
pop esi
pop ebx
ret

|:00439CE6(C)
|
:00439CF3 5B
pop ebx
:00439CF4 C3
ret
:00439CF5 8D4000

|:0043998A , :00439D25 , :00439D48
|
:00439CF8 BA05000080
mov edx, 80000005
:00439CFD 80B80F02000002
:00439D04 7505
:00439D06 BA0C000080

jne 00439D0B
mov edx, 8000000C

|:00439D04(C)
|
:00439D0B 8BC2
mov eax, edx
:00439D0D C3
ret
:00439D0E
:00439D10
:00439D11
:00439D13
:00439D15
:00439D1A
:00439D21
:00439D23
:00439D25
:00439D2A
:00439D2D
:00439D2F
:00439D34
:00439D36
:00439D3B
:00439D3C
8BC0
53
8BD8
8BC3
E83EE8FEFF
80BB2C01000000
741A
8BC3
E8CEFFFFFF
3B4364
7527
BA0F000080
8BC3
E8F595FEFF
5B
C3
|:00439D21(C)
|
:00439D3D 817B640F000080
:00439D44 7510
:00439D46 8BC3
:00439D48 E8ABFFFFFF
:00439D4D 8BD0
:00439D4F 8BC3
:00439D51 E8DA95FEFF
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 00428558
je 00439D3D
mov eax, ebx
call 00439CF8
jne 00439D56
mov edx, 8000000F
mov eax, ebx
call 00423330
pop ebx
ret

cmp dword ptr [ebx+64], 8000000F
jne 00439D56
mov eax, ebx
call 00439CF8
mov edx, eax
mov eax, ebx
call 00423330

|:00439D2D(C), :00439D44(C)
|
:00439D56 5B
pop ebx
:00439D57 C3
ret
:00439D58
:00439D59
:00439D5B
:00439D5D
:00439D62
:00439D68
:00439D6A
:00439D6C
:00439D6F
53
8BD8
8BC3
E84AE7FEFF
8B8318020000
85C0
7408
8B5358
E80CB0FDFF
push ebx
mov ebx, eax
mov eax, ebx
call 004284AC
test eax, eax
je 00439D74
call 00414D80

|:00439D6A(C)
|
:00439D74 5B
:00439D75 C3
pop ebx
ret
:00439D76
:00439D78
:00439D79
:00439D7B
:00439D7D
:00439D82
:00439D88
:00439D8A
:00439D8F
:00439D90
mov eax, eax

push ebx
mov ebx, eax
mov eax, ebx
call 004399B8
mov eax, ebx
call 00439A70
pop ebx
ret
8BC0
53
8BD8
8BC3
E836FCFFFF
8B9328020000
8BC3
E8E1FCFFFF
5B
C3
:00439D91 8D4000

|:0043BD4F , :0043E8A3 , :0043EDEC
|
:00439D94 53
push ebx
:00439D95 56
push esi
:00439D96 8BDA
mov ebx, edx
:00439D98 8BF0
mov esi, eax
:00439D9A 3A9E0B020000
cmp bl, byte ptr [esi+0000020B]
:00439DA0 742E
je 00439DD0
:00439DA2 889E0B020000
mov byte ptr [esi+0000020B], bl
:00439DA8 F6462010
test [esi+20], 10
:00439DAC 7522
jne 00439DD0
:00439DAE 80BE6C01000000
:00439DB5 7419
je 00439DD0
:00439DB7 33C0
xor eax, eax
:00439DB9 8AC3
mov al, bl
:00439DBB 8B0485B8284400
mov eax, dword ptr [4*eax+004428B8]
:00439DC2 50
push eax
:00439DC3 8BC6
mov eax, esi
:00439DC5 E836F1FEFF
call 00428F00
:00439DCA 50
push eax
|
:00439DCB E870C6FCFF
Call 00406440
|:00439DA0(C), :00439DAC(C), :00439DB5(C)
|
:00439DD0 5E
pop esi
:00439DD1 5B
pop ebx
:00439DD2 C3
ret
:00439DD3 90
nop

|:00438DB5 , :0043B8E5
|
:00439DD4 53
push ebx
:00439DD5 56
push esi
:00439DD6
:00439DD7
:00439DD8
:00439DDB
:00439DDD
:00439DE3
:00439DE5
:00439DEB
:00439DF1
:00439DF5
:00439DFB
:00439DFD
:00439E00
:00439E02
:00439E04
:00439E09
:00439E0C
:00439E11
:00439E14
:00439E17
57
55
83C4EC
8BD8
8A8311020000
84C0
0F84AC020000
8B15A4374400
837A3000
0F849C020000
33D2
891424
3C02
7515
A1A4374400
8B4030
E883FAFFFF
8B4004
890424
EB41
push edi
push ebp
add esp, FFFFFFEC
mov ebx, eax
test al, al
je 0043A097
je 0043A097
xor edx, edx
cmp al, 02
jne 00439E19
call 00439894
jmp 00439E5A
|:00439E02(C)
|
:00439E19 8A8311020000
:00439E1F 3C03
:00439E21 7521
:00439E23 8B15A8374400
:00439E29 837A5C00
:00439E2D 7415
:00439E2F A1A8374400
:00439E34 8B405C
:00439E37 E858FAFFFF
:00439E3C 8B4004
:00439E3F 890424
:00439E42 EB16
|:00439E21(C), :00439E2D(C)
|
:00439E44 3C01
:00439E46 7512
:00439E48 33D2
:00439E4A A1A8374400
:00439E4F E8A82F0000
:00439E54 8B4004
:00439E57 890424

cmp al, 03
jne 00439E44
cmp dword ptr [edx+5C], 00000000
je 00439E44
call 00439894
jmp 00439E5A
cmp al, 01
jne 00439E5A
xor edx, edx
call 0043CDFC

|:00439E17(U), :00439E42(U), :00439E46(C)
|
:00439E5A 8BC3
mov eax, ebx
:00439E5C E833FAFFFF
call 00439894
:00439E61 8B4004
:00439E64 89442404
:00439E68 A1A8374400
:00439E6D E89E2F0000
call 0043CE10
:00439E72 48
dec eax
:00439E73 85C0
test eax, eax
:00439E75 0F8C1C020000
jl 0043A097
:00439E7B 40
:00439E7C 8944240C
:00439E80 33F6
inc eax
xor esi, esi
|:0043A091(C)
|
:00439E82 8BD6
:00439E84 A1A8374400
:00439E89 E86E2F0000
:00439E8E 8B4004
:00439E91 3B0424
:00439E94 0F85F2010000
:00439E9A 8B0424
:00439E9D 3B442404
:00439EA1 0F84E5010000
:00439EA7 A1A8374400
:00439EAC E85F2F0000
:00439EB1 48
:00439EB2 85C0
:00439EB4 0F8CD2010000
:00439EBA 40
:00439EBB 89442410
:00439EBF 33FF
|:0043A086(C)
|
:00439EC1 8BD7
:00439EC3 A1A8374400
:00439EC8 E82F2F0000
:00439ECD 8B4004
:00439ED0 3B442404
:00439ED4 0F85A7010000
:00439EDA 80BB1002000004
:00439EE1 757A
:00439EE3 8B4338
:00439EE6 50
:00439EE7 8B6B3C
:00439EEA 55
:00439EEB 8BD6
:00439EED A1A8374400
:00439EF2 E8052F0000
:00439EF7 E8442B0000
:00439EFC 50
:00439EFD 8BD6
:00439EFF A1A8374400
:00439F04 E8F32E0000
:00439F09 E80E2B0000
:00439F0E 2BC5
:00439F10 D1F8
:00439F12 7903
:00439F14 83D000
mov edx, esi

call 0043CDFC
jne 0043A08C
je 0043A08C
call 0043CE10
dec eax
test eax, eax
jl 0043A08C
inc eax
xor edi, edi
mov edx, edi

call 0043CDFC
jne 0043A081
jne 00439F5D
push eax
mov ebp, dword ptr [ebx+3C]
push ebp
mov edx, esi
call 0043CDFC
call 0043CA40
push eax
mov edx, esi
call 0043CDFC
call 0043CA1C
sub eax, ebp
sar eax, 1
jns 00439F17
adc eax, 00000000

|:00439F12(C)
|
:00439F17 5A
pop edx
:00439F18 03D0
add edx, eax
:00439F1A 52
push edx
:00439F1B
:00439F1D
:00439F22
:00439F27
:00439F2C
:00439F2E
:00439F30
:00439F35
:00439F3A
:00439F3F
:00439F42
:00439F44
:00439F46
8BD6
A1A8374400
E8D52E0000
E8D02A0000
8BE8
8BD6
A1A8374400
E8C22E0000
E8212B0000
2B4338
D1F8
7903
83D000
mov edx, esi

call 0043CDFC
call 0043C9FC
mov ebp, eax
mov edx, esi
call 0043CDFC
call 0043CA60
sar eax, 1
jns 00439F49
adc eax, 00000000
|:00439F44(C)
|
:00439F49 03E8
:00439F4B 8BD5
:00439F4D 8BC3
:00439F4F 59
:00439F50 8B28
:00439F52 FF9580000000
:00439F58 E924010000
|:00439EE1(C)
|
:00439F5D 8BD6
:00439F5F A1A8374400
:00439F64 E8932E0000
:00439F69 E88E2A0000
:00439F6E 8BE8
:00439F70 036B30
:00439F73 8BD7
:00439F75 A1A8374400
:00439F7A E87D2E0000
:00439F7F E8782A0000
:00439F84 2BE8
:00439F86 8BD6
:00439F88 A1A8374400
:00439F8D E86A2E0000
:00439F92 E8652A0000
:00439F97 50
:00439F98 8BD6
:00439F9A A1A8374400
:00439F9F E8582E0000
:00439FA4 E8B72A0000
:00439FA9 5A
:00439FAA 03D0
:00439FAC 8B4338
:00439FAF 03C5
:00439FB1 3BD0
:00439FB3 7D29
:00439FB5 8BD6
:00439FB7 A1A8374400
:00439FBC E83B2E0000
:00439FC1 E8362A0000
:00439FC6 8BE8
:00439FC8 8BD6
add ebp, eax

mov edx, ebp
mov eax, ebx
pop ecx
jmp 0043A081
mov edx, esi

mov eax, dword
call 0043CDFC
call 0043C9FC
mov ebp, eax
add ebp, dword
mov edx, edi
mov eax, dword
call 0043CDFC
call 0043C9FC
sub ebp, eax
mov edx, esi
mov eax, dword
call 0043CDFC
call 0043C9FC
push eax
mov edx, esi
mov eax, dword
call 0043CDFC
call 0043CA60
pop edx
add edx, eax
mov eax, dword
add eax, ebp
cmp edx, eax
jge 00439FDE
mov edx, esi
mov eax, dword
call 0043CDFC
call 0043C9FC
mov ebp, eax
mov edx, esi
ptr [004437A8]
ptr [ebx+30]
ptr [004437A8]
ptr [004437A8]
ptr [004437A8]
ptr [ebx+38]
ptr [004437A8]
:00439FCA
:00439FCF
:00439FD4
:00439FD9
:00439FDB
A1A8374400
E8282E0000
E8872A0000
03E8
2B6B38

call 0043CDFC
call 0043CA60
add ebp, eax
sub ebp, dword ptr [ebx+38]
|:00439FB3(C)
|
:00439FDE 8BD6
:00439FE0 A1A8374400
:00439FE5 E8122E0000
:00439FEA E8512A0000
:00439FEF 034334
:00439FF2 50
:00439FF3 8BD7
:00439FF5 A1A8374400
:00439FFA E8FD2D0000
:00439FFF E83C2A0000
:0043A004 5A
:0043A005 2BD0
:0043A007 89542408
:0043A00B 8BD6
:0043A00D A1A8374400
:0043A012 E8E52D0000
:0043A017 E8242A0000
:0043A01C 50
:0043A01D 8BD6
:0043A01F A1A8374400
:0043A024 E8D32D0000
:0043A029 E8EE290000
:0043A02E 5A
:0043A02F 03D0
:0043A031 8B442408
:0043A035 03433C
:0043A038 3BD0
:0043A03A 7D2D
:0043A03C 8BD6
:0043A03E A1A8374400
:0043A043 E8B42D0000
:0043A048 E8F3290000
:0043A04D 50
:0043A04E 8BD6
:0043A050 A1A8374400
:0043A055 E8A22D0000
:0043A05A E8BD290000
:0043A05F 5A
:0043A060 03D0
:0043A062 2B533C
:0043A065 89542408
|:0043A03A(C)
|
:0043A069 8B4338
:0043A06C 50
:0043A06D 8B433C
:0043A070 50
:0043A071 8B4C2410
:0043A075 8BD5
mov edx, esi

call 0043CDFC
call 0043CA40
push eax
mov edx, edi
call 0043CDFC
call 0043CA40
pop edx
sub edx, eax
mov edx, esi
call 0043CDFC
call 0043CA40
push eax
mov edx, esi
call 0043CDFC
call 0043CA1C
pop edx
add edx, eax
cmp edx, eax
jge 0043A069
mov edx, esi
call 0043CDFC
call 0043CA40
push eax
mov edx, esi
call 0043CDFC
call 0043CA1C
pop edx
add edx, eax
sub edx, dword ptr [ebx+3C]
mov eax,
push eax
mov eax,
push eax
mov ecx,
mov edx,
dword ptr [ebx+38]

dword ptr [ebx+3C]
dword ptr [esp+10]
ebp
:0043A077 8BC3
:0043A079 8B28
:0043A07B FF9580000000
mov eax, ebx

|:00439ED4(C), :00439F58(U)
|
:0043A081 47
:0043A082 FF4C2410
:0043A086 0F8535FEFFFF

inc edi
dec [esp+10]
jne 00439EC1

|:00439E94(C), :00439EA1(C), :00439EB4(C)
|
:0043A08C 46
inc esi
:0043A08D FF4C240C
dec [esp+0C]
:0043A091 0F85EBFDFFFF
jne 00439E82
|:00439DE5(C), :00439DF5(C), :00439E75(C)
|
:0043A097 83C414
add esp, 00000014
:0043A09A 5D
pop ebp
:0043A09B 5F
pop edi
:0043A09C 5E
pop esi
:0043A09D 5B
pop ebx
:0043A09E C3
ret
:0043A09F
:0043A0A0
:0043A0A1
:0043A0A2
:0043A0A3
:0043A0A4
:0043A0A6
:0043A0A8
:0043A0AA
:0043A0AC
:0043A0B1
:0043A0B5
:0043A0B7
:0043A0BE
:0043A0C0
:0043A0C5
:0043A0C8
:0043A0CB
90
53
56
57
51
8BF2
8BF8
8BD6
8BC7
E8CBD7FFFF
837F2400
751B
83BF6801000000
7512
A1A4374400
8B4024
89461C
816604FFFFFCBF
|:0043A0B5(C), :0043A0BE(C)
|
:0043A0D2 C7462408000000
:0043A0D9 F6472010
:0043A0DD 740C
:0043A0DF 814E040000CF00
:0043A0E6 E9A4010000
nop
push ebx
push esi
push edi
push ecx
mov esi, edx
mov edi, eax
mov edx, esi
mov eax, edi
call 0043787C
jne 0043A0D2
cmp dword ptr [edi+00000168], 00000000
jne 0043A0D2
and dword ptr [esi+04], BFFCFFFF
mov [esi+24], 00000008
test [edi+20], 10
je 0043A0EB
or dword ptr [esi+04], 00CF0000
jmp 0043A28F

|:0043A0DD(C)
|
:0043A0EB
:0043A0F1
:0043A0F2
:0043A0F4
:0043A0F6
:0043A0FD
8A8710020000
48
2C02
730E
C7460C00000080
C7461000000080
|:0043A0F4(C)
|
:0043A104 8A9F08020000
:0043A10A 8A8709020000
:0043A110 880424
:0043A113 80BF0F02000001
:0043A11A 750F
:0043A11C 8A0424
:0043A11F 84C0
:0043A121 7404
:0043A123 2C03
:0043A125 7504
mov
dec
sub
jnb
mov
mov
al, byte ptr [edi+00000210]

eax
al, 02
0043A104
[esi+0C], 80000000
[esi+10], 80000000

mov bl, byte
mov al, byte
mov byte ptr
cmp byte ptr
jne 0043A12B
mov al, byte
test al, al
je 0043A127
sub al, 03
jne 0043A12B
ptr [edi+00000208]
ptr [edi+00000209]
[esp], al
[edi+0000020F], 01
ptr [esp]

|:0043A121(C)
|
:0043A127 C6042402
|:0043A11A(C), :0043A125(C)
|
:0043A12B 33C0
:0043A12D 8A0424
:0043A130 83F805
:0043A133 0F87B6000000
:0043A139 FF248540A14300
:0043A140
:0043A144
:0043A148
:0043A14C
:0043A150
:0043A154
58A14300
76A14300
7FA14300
A4A14300
76A14300
7FA14300
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0043A158
:0043A15C
:0043A15E
:0043A165
:0043A167
837F2400
7510
83BF6801000000
7507
814E0400000080

jne 0043A16E
cmp dword ptr [edi+00000168], 00000000
jne 0043A16E
|:0043A165(C)
|
:0043A16E 8A1D94A24300
:0043A174 EB79
:0043A176 814E040000C000
:0043A17D EB70
:0043A17F 814E040000C400
:0043A186 8A8710020000
:0043A18C 2C01
:0043A18E 7404
xor eax, eax

cmp eax, 00000005
ja 0043A1EF
jmp dword ptr [4*eax+0043A140]
0043A158
0043A176
0043A17F
0043A1A4
0043A176
0043A17F

mov bl, byte
jmp 0043A1EF
or dword ptr
jmp 0043A1EF
or dword ptr
mov al, byte
sub al, 01
je 0043A194
ptr [0043A294]
[esi+04], 00C00000
[esi+04], 00C40000
ptr [edi+00000210]
:0043A190 2C02
:0043A192 755B
sub al, 02
jne 0043A1EF
|:0043A18E(C)
|
:0043A194 C7461400000080
:0043A19B C7461800000080
:0043A1A2 EB4B
:0043A1A4 8B4604
:0043A1A7 0D00000080
:0043A1AC 0D0000C000
:0043A1B1 894604
:0043A1B4 C7460801010000
:0043A1BB 8D5608
:0043A1BE 8BC7
:0043A1C0 E8BBBFFEFF
:0043A1C5 A18C2B4400
:0043A1CA 803800
:0043A1CD 7510
:0043A1CF 8B4604
:0043A1D2 0D00004000
:0043A1D7 0D80000000
:0043A1DC 894604
|:0043A1CD(C)
|
:0043A1DF A098A24300
:0043A1E4 22C3
:0043A1E6 8BD8
:0043A1E8 C7462408280000
mov [esi+14], 80000000

mov [esi+18], 80000000
jmp 0043A1EF
or eax, 80000000
or eax, 00C00000
mov [esi+08], 00000101
mov eax, edi
call 00426180
jne 0043A1DF
or eax, 00400000
or eax, 00000080
mov
and
mov
mov
al, byte ptr [0043A298]

al, bl
ebx, eax
[esi+24], 00002808

|:0043A133(C), :0043A174(U), :0043A17D(U), :0043A192(C), :0043A1A2(U)
|
:0043A1EF 8A0424
:0043A1F2 04FC
add al, FC
:0043A1F4 2C02
sub al, 02
:0043A1F6 731A
jnb 0043A212
:0043A1F8 C7460880000000
mov [esi+08], 00000080
:0043A1FF 8D5608
:0043A202 8BC7
mov eax, edi
:0043A204 E877BFFEFF
call 00426180
:0043A209 A09CA24300
mov al, byte ptr [0043A29C]
:0043A20E 22C3
and al, bl
:0043A210 8BD8
mov ebx, eax
|:0043A1F6(C)
|
:0043A212 8A0424
:0043A215 2C03
:0043A217 7346
:0043A219 80BF0F02000001
:0043A220 7505
:0043A222 F6C301
:0043A225 7418

sub al, 03
jnb 0043A25F
cmp byte ptr [edi+0000020F], 01
jne 0043A227
test bl, 01
je 0043A23F
|:0043A220(C)
|
:0043A227 F6C302
:0043A22A 7407
:0043A22C 814E0400000200
test bl, 02
je 0043A233
|:0043A22A(C)
|
:0043A233 F6C304
:0043A236 7407
:0043A238 814E0400000100
|:0043A225(C), :0043A236(C)
|
:0043A23F 8A870B020000
:0043A245 3C01
:0043A247 7509
:0043A249 814E0400000020
:0043A250 EB14
|:0043A247(C)
|
:0043A252 3C02
:0043A254 7510
:0043A256 814E0400000001
:0043A25D EB07
test bl, 04
je 0043A23F
mov al, byte ptr [edi+0000020B]

cmp al, 01
jne 0043A252
jmp 0043A266
cmp al, 02
jne 0043A266
jmp 0043A266

|:0043A217(C)
|
:0043A25F C6870B02000000
mov byte ptr [edi+0000020B], 00
|:0043A250(U), :0043A254(C), :0043A25D(U)
|
:0043A266 F6C301
test bl, 01
:0043A269 7407
je 0043A272
:0043A26B 814E0400000800
|:0043A269(C)
|
:0043A272 F6C308
:0043A275 7407
:0043A277 814E0800040000
|:0043A275(C)
|
:0043A27E 80BF0F02000001
:0043A285 7508
:0043A287 B858604000
:0043A28C 894628
test bl, 08
je 0043A27E
cmp
jne
mov
mov
byte ptr [edi+0000020F], 01

0043A28F
eax, 00406058

|:0043A0E6(U), :0043A285(C)
|
:0043A28F
:0043A290
:0043A291
:0043A292
:0043A293
5A
5F
5E
5B
C3
pop
pop
pop
pop
ret
edx
edi
esi
ebx
:0043A294 00000000
BYTE 4 DUP(0)
:0043A298
:0043A29A
:0043A29C
:0043A29E
:0043A2A0
:0043A2A1
:0043A2A2
:0043A2A5
:0043A2A7
:0043A2A9
:0043A2AE
:0043A2B3
:0043A2B6
:0043A2B8
:0043A2BF
:0043A2C1
:0043A2C3
:0043A2C8
:0043A2C9
:0043A2CB
:0043A2D0
:0043A2D2
:0043A2D7

push ebx
push esi
add esp, FFFFFFF8
mov ebx, eax
mov eax, ebx
call 0043788C
je 0043A2F5
je 0043A2DF
mov eax, ebx
call 0043ABAC
push eax
push 00000001
push 00000080
mov eax, ebx
call 00428F00
push eax
0900
0000
0100
0000
53
56
83C4F8
8BD8
8BC3
E8DED5FFFF
A18C2B4400
803800
743D
80BB0902000003
741E
8BC3
E8E4080000
50
6A01
6880000000
8BC3
E829ECFEFF
50

|
:0043A2D8 E8ABC0FCFF
Call 00406388
:0043A2DD EB16
jmp 0043A2F5
|:0043A2BF(C)
|
:0043A2DF 6A00
:0043A2E1 6A01
:0043A2E3 6880000000
:0043A2E8 8BC3
:0043A2EA E811ECFEFF
:0043A2EF 50

push 00000000
push 00000001
push 00000080
mov eax, ebx
call 00428F00
push eax

|
:0043A2F0 E8
BYTE e8h
|:00435F8C
|
:0043A2F1 93
xchg eax,ebx
:0043A2F2 C0FCFF
sar ah, FF
|:0043A2B6(C), :0043A2DD(U)
|
:0043A2F5 F6432010
:0043A2F9 0F85D0000000
:0043A2FF 8A830F020000
:0043A305 2C02
:0043A307 740D
:0043A309 FEC8
:0043A30B 0F84A5000000
:0043A311 E9B9000000
|:0043A307(C)
|
:0043A316 C744240400FF0000
:0043A31E 33C0
:0043A320 890424
:0043A323 8BB338020000
:0043A329 85F6
:0043A32B 740A
:0043A32D 8BC6
:0043A32F E80071FFFF
:0043A334 890424
|:0043A32B(C)
|
:0043A337 54
:0043A338 A1E02B4400
:0043A33D 8B00
:0043A33F 50
:0043A340 6A00
:0043A342 8BC3
:0043A344 E8B7EBFEFF
:0043A349 50
:0043A34A 8BC3
:0043A34C E8A788FEFF
:0043A351 50
:0043A352 8BC3
:0043A354 E85B88FEFF
:0043A359 50
:0043A35A 6A00
:0043A35C 6A00
:0043A35E 6801003356
:0043A363 6A00
test [ebx+20], 10
jne 0043A3CF
mov al, byte ptr [ebx+0000020F]
sub al, 02
je 0043A316
dec al
je 0043A3B6
jmp 0043A3CF
mov [esp+04], 0000FF00

xor eax, eax
test esi, esi
je 0043A337
mov eax, esi
call 00431434
push esp
push eax
push 00000000
mov eax, ebx
call 00428F00
push eax
mov eax, ebx
call 00422BF8
push eax
mov eax, ebx
call 00422BB4
push eax
push 00000000
push 00000000
push 56330001
push 00000000
* Possible StringData Ref from Code Obj ->"MDICLIENT"

|
:0043A365 68D4A34300
push 0043A3D4
:0043A36A 6800020000
push 00000200
|
:0043A36F E8D4BCFCFF
Call 00406048
:0043A374 898334020000
:0043A37A 53
push ebx
:0043A37B 68A0944300
push 004394A0
:0043A380 E86FC5FFFF
call 004368F4
:0043A385 898358020000
:0043A38B 6AFC
:0043A38D 8B8334020000
:0043A393 50
push FFFFFFFC
push eax

|
:0043A394 E8A7BEFCFF
Call 00406240
:0043A399 898354020000
:0043A39F 8B8358020000
:0043A3A5 50
push eax
:0043A3A6 6AFC
push FFFFFFFC
:0043A3A8 8B8334020000
:0043A3AE 50
push eax
|
:0043A3AF E844C0FCFF
Call 004063F8
:0043A3B4 EB19
jmp 0043A3CF
|:0043A30B(C)
|
:0043A3B6 6A13
:0043A3B8 6A00
:0043A3BA 6A00
:0043A3BC 6A00
:0043A3BE 6A00
:0043A3C0 6AFF
:0043A3C2 8BC3
:0043A3C4 E837EBFEFF
:0043A3C9 50

push 00000013
push 00000000
push 00000000
push 00000000
push 00000000
push FFFFFFFF
mov eax, ebx
call 00428F00
push eax

|
:0043A3CA E839C0FCFF
Call 00406408
|:0043A2F9(C), :0043A311(U), :0043A3B4(U)
|
:0043A3CF 59
pop ecx
:0043A3D0 5A
pop edx
:0043A3D1 5E
pop esi
:0043A3D2 5B
pop ebx
:0043A3D3 C3
ret
:0043A3D4
:0043A3D5
:0043A3D6
:0043A3D7
:0043A3D8
:0043A3D9
:0043A3DA
:0043A3DB
:0043A3DC
:0043A3DD
4D
44
49
43
4C
49
45
4E
54
000000
:0043A3E0 55
:0043A3E1 8BEC
dec ebp
inc esp
dec ecx
inc ebx
dec esp
dec ecx
inc ebp
dec esi
push esp
BYTE 3 DUP(0)
push ebp
mov ebp, esp
:0043A3E3
:0043A3E6
:0043A3E7
:0043A3E9
:0043A3EC
:0043A3EE
:0043A3F0
:0043A3F1
:0043A3F6
:0043A3F9
:0043A3FC
:0043A403
:0043A409
:0043A40D
:0043A413
:0043A418
:0043A41B
:0043A41D
:0043A41F
:0043A426
83C4D8
53
33C9
894DD8
8BD8
33C0
55
68D4A44300
64FF30
648920
80BB0F02000001
0F85A7000000
F6432010
0F859D000000
A1A4374400
8B4030
85C0
7409
83B83402000000
7521
add esp, FFFFFFD8

push ebx
xor ecx, ecx
mov ebx, eax
xor eax, eax
push ebp
push 0043A4D4
jne 0043A4B0
test [ebx+20], 10
jne 0043A4B0
test eax, eax
je 0043A428
cmp dword ptr [eax+00000234], 00000000
jne 0043A449
|:0043A41D(C)
|
:0043A428 8D55D8
:0043A42B A1AC2C4400
:0043A430 E8EFA9FCFF
:0043A435 8B4DD8
:0043A438 B201
:0043A43A A1F4B44000
:0043A43F E828E4FCFF
:0043A444 E8678EFCFF
|:0043A426(C)
|
:0043A449 8D424C
:0043A44C 8945DC
:0043A44F 8B02
:0043A451 8945E0
:0043A454 A1E02B4400
:0043A459 8B00
:0043A45B 8945E4
:0043A45E 8B420C
:0043A461 8945E8
:0043A464 8B4210
:0043A467 8945EC
:0043A46A 8B4214
:0043A46D 8945F0
:0043A470 8B4218
:0043A473 8945F4
:0043A476 8B4204
:0043A479 8945F8
:0043A47C 8B4220
:0043A47F 8945FC
:0043A482 8D45DC
:0043A485 50
:0043A486 6A00
:0043A488 6820020000
:0043A48D A1A4374400
lea edx, dword

mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-28]
ptr [00442CAC]
ptr [ebp-28]
ptr [0040B4F4]
lea eax, dword ptr [edx+4C]

push eax
push 00000000
push 00000220
:0043A492 8B4030
:0043A495 8B8034020000
:0043A49B 50

push eax

|
:0043A49C E8E7BEFCFF
Call 00406388
:0043A4A1 898340010000
:0043A4A7 808BC002000010
or byte ptr [ebx+000002C0], 10
:0043A4AE EB0E
jmp 0043A4BE
|:0043A403(C), :0043A40D(C)
|
:0043A4B0 8BC3
:0043A4B2 E8CDBFFEFF
:0043A4B7 80A3C0020000EF
|:0043A4AE(U)
|
:0043A4BE 33C0
:0043A4C0 5A
:0043A4C1 59
:0043A4C2 59
:0043A4C3 648910
:0043A4C6 68DBA44300
|:0043A4D9(U)
|
:0043A4CB 8D45D8
:0043A4CE E8E592FCFF
:0043A4D3 C3
:0043A4D4
:0043A4D9
:0043A4DB
:0043A4DC
:0043A4DE
:0043A4DF
E99F8DFCFF
EBF0
5B
8BE5
5D
C3
jmp
jmp
pop
mov
pop
ret
:0043A4E0
:0043A4E1
:0043A4E3
:0043A4EA
:0043A4EC
:0043A4EE
:0043A4F0
:0043A4F5
:0043A4F6
:0043A4FB
:0043A500
:0043A503
:0043A509
53
8BD8
F683C002000010
7425
6A00
8BC3
E80BEAFEFF
50
6821020000
A1A4374400
8B4030
8B8034020000
50
push ebx
mov ebx, eax
test byte ptr [ebx+000002C0], 10
je 0043A511
push 00000000
mov eax, ebx
call 00428F00
push eax
push 00000221
push eax
mov eax, ebx

call 00426484
and byte ptr [ebx+000002C0], EF
xor eax, eax

pop edx
pop ecx
pop ecx
push 0043A4DB

call 004037B8
ret
00403278
0043A4CB
ebx
esp, ebp
ebp

|
:0043A50A E879BEFCFF
:0043A50F EB07
Call 00406388
jmp 0043A518

|:0043A4EA(C)
|
:0043A511 8BC3
mov eax, ebx
:0043A513 E808C0FEFF
call 00426520
|:0043A50F(U)
|
:0043A518 33C0
:0043A51A 898334020000
:0043A520 5B
:0043A521 C3
:0043A522
:0043A524
:0043A525
:0043A526
:0043A528
:0043A52A
:0043A531
:0043A533
:0043A536
:0043A538
:0043A53B
:0043A53C
:0043A53F
:0043A540
:0043A542
:0043A543
:0043A545
:0043A54A
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
cmp dword ptr [ebx+00000234], 00000000
je 0043A57A
jne 0043A555
push eax
push eax
push eax
mov eax, ebx
call 00428F00
push eax
8BC0
53
56
8BF2
8BD8
83BB3402000000
7447
833E05
751D
8B4608
50
8B4604
50
8B06
50
8BC3
E8B6E9FEFF
50
xor eax, eax

pop ebx
ret

|
:0043A54B E810BBFCFF
Call 00406060
:0043A550 89460C
:0043A553 EB2E
jmp 0043A583
|:0043A536(C)
|
:0043A555 8B4608
:0043A558 50
:0043A559 8B4604
:0043A55C 50
:0043A55D 8B06
:0043A55F 50
:0043A560 8B8334020000
:0043A566 50
:0043A567 8BC3
:0043A569 E892E9FEFF
:0043A56E 50

mov eax, dword
push eax
mov eax, dword
push eax
mov eax, dword
push eax
mov eax, dword
push eax
mov eax, ebx
call 00428F00
push eax
* Reference To: user32.DefFrameProcA, Ord:0000h

|
ptr [esi+08]
ptr [esi+04]
ptr [esi]
ptr [ebx+00000234]
:0043A56F
:0043A574
:0043A577
:0043A578
:0043A579
E8DCBAFCFF
89460C
5E
5B
C3
|:0043A531(C)
|
:0043A57A 8BD6
:0043A57C 8BC3
:0043A57E E80DC6FEFF
Call 00406050
pop esi
pop ebx
ret

mov edx, esi
mov eax, ebx
call 00426B90

|:0043A553(U)
|
:0043A583 5E
pop esi
:0043A584 5B
pop ebx
:0043A585 C3
ret
:0043A586 8BC0
mov eax, eax

|:00421B32 , :0043854A , :0043A67C , :0043A694 , :0043A9D8
|
:0043A588 55
push ebp
:0043A589 8BEC
mov ebp, esp
:0043A58B 6A00
push 00000000
:0043A58D 53
push ebx
:0043A58E 56
push esi
:0043A58F 8BF2
mov esi, edx
:0043A591 8BD8
mov ebx, eax
:0043A593 33C0
xor eax, eax
:0043A595 55
push ebp
:0043A596 682BA64300
push 0043A62B
:0043A59B 64FF30
:0043A59E 648920
:0043A5A1 3BB300020000
:0043A5A7 746C
je 0043A615
:0043A5A9 85F6
test esi, esi
:0043A5AB 7441
je 0043A5EE
:0043A5AD 3BDE
cmp ebx, esi
:0043A5AF 741C
je 0043A5CD
:0043A5B1 8BC6
mov eax, esi
:0043A5B3 E858C6FFFF
call 00436C10
:0043A5B8 3BD8
cmp ebx, eax
:0043A5BA 7511
jne 0043A5CD
:0043A5BC F6432001
test [ebx+20], 01
:0043A5C0 752C
jne 0043A5EE
:0043A5C2 8BC6
mov eax, esi
:0043A5C4 E877E8FEFF
call 00428E40
:0043A5C9 84C0
test al, al
:0043A5CB 7521
jne 0043A5EE
|:0043A5AF(C), :0043A5BA(C)
|
:0043A5CD
:0043A5D0
:0043A5D5
:0043A5DA
:0043A5DD
:0043A5DF
:0043A5E4
:0043A5E9
8D55FC
A1C82C4400
E84AA8FCFF
8B4DFC
B201
A1F4B44000
E883E2FCFF
E8C28CFCFF
lea edx, dword

mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-04]
ptr [00442CC8]
ptr [ebp-04]
ptr [0040B4F4]

|:0043A5AB(C), :0043A5C0(C), :0043A5CB(C)
|
:0043A5EE 89B300020000
:0043A5F4 F6432001
test [ebx+20], 01
:0043A5F8 751B
jne 0043A615
:0043A5FA 80BB0E02000000
:0043A601 7407
je 0043A60A
:0043A603 8BC3
mov eax, ebx
:0043A605 E832030000
call 0043A93C
|:0043A601(C)
|
:0043A60A 8BC3
:0043A60C 66BBB7FF
:0043A610 E8DF87FCFF
|:0043A5A7(C), :0043A5F8(C)
|
:0043A615 33C0
:0043A617 5A
:0043A618 59
:0043A619 59
:0043A61A 648910
mov eax, ebx

mov bx, FFB7
call 00402DF4
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0043A61D 6832A64300
push 0043A632
|:0043A630(U)
|
:0043A622 8D45FC
:0043A625 E88E91FCFF
:0043A62A C3
:0043A62B
:0043A630
:0043A632
:0043A633
:0043A634
:0043A635
:0043A636
jmp
jmp
pop
pop
pop
pop
ret
E9488CFCFF
EBF0
5E
5B
59
5D
C3

call 004037B8
ret
:0043A637 90
nop
00403278
0043A622
esi
ebx
ecx
ebp
|:00425E5D
|
:0043A638 53
:0043A639 56
:0043A63A 57
:0043A63B 8BD9
:0043A63D 8BF2
:0043A63F 8BF8
:0043A641 84DB
:0043A643 741A
:0043A645 8B9704020000
:0043A64B 8BC6
:0043A64D E8E2B7FEFF
:0043A652 84C0
:0043A654 7409
:0043A656 8B4624
:0043A659 898704020000
push ebx
push esi
push edi
mov ebx, ecx
mov esi, edx
mov edi, eax
test bl, bl
je 0043A65F
mov eax, esi
call 00425E34
test al, al
je 0043A65F
|:0043A643(C), :0043A654(C)
|
:0043A65F 8B9700020000
:0043A665 8BC6
:0043A667 E8C8B7FEFF
:0043A66C 84C0
:0043A66E 7411
:0043A670 3BB700020000
:0043A676 7409
:0043A678 33D2
:0043A67A 8BC7
:0043A67C E807FFFFFF
|:0043A66E(C), :0043A676(C)
|
:0043A681 5F
:0043A682 5E
:0043A683 5B
:0043A684 C3
:0043A685 8D4000

mov eax, esi
call 00425E34
test al, al
je 0043A681
je 0043A681
xor edx, edx
mov eax, edi
call 0043A588
pop edi
pop esi
pop ebx
ret

|:00428E90
|
:0043A688 53
push ebx
:0043A689 56
push esi
:0043A68A 8BF0
mov esi, eax
:0043A68C 8A9E0E020000
mov bl, byte ptr [esi+0000020E]
:0043A692 8BC6
mov eax, esi
:0043A694 E8EFFEFFFF
call 0043A588
:0043A699 84DB
test bl, bl
:0043A69B 750A
jne 0043A6A7
:0043A69D 8BC6
mov eax, esi
:0043A69F 8B10
:0043A6A1 FF92B4000000
|:0043A69B(C)
|
:0043A6A7 5E
:0043A6A8 5B
:0043A6A9 C3
pop esi
pop ebx
ret
:0043A6AA
:0043A6AC
:0043A6AD
:0043A6AF
:0043A6B0
:0043A6B1
:0043A6B2
:0043A6B3
:0043A6B6
:0043A6B8
:0043A6BA
:0043A6C0
:0043A6C7
:0043A6C9
:0043A6CC
:0043A6CE
:0043A6D1
:0043A6D7
mov eax, eax

push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
mov edi, eax
xor ebx, ebx
cmp dword ptr [edi+00000230], 00000000
jne 0043A6E1
je 0043A6D9
jmp 0043A6E1
8BC0
55
8BEC
51
53
56
57
8955FC
8BF8
33DB
FF053C284400
83BF3002000000
7518
3B7DFC
740B
8B45FC
898700020000
EB08

|:0043A6CC(C)
|
:0043A6D9 33C0
xor eax, eax
:0043A6DB 898700020000
|:0043A6C7(C), :0043A6D7(U)
|
:0043A6E1 A1A8374400
:0043A6E6 8B55FC
:0043A6E9 895058
:0043A6EC A1A8374400
:0043A6F1 89785C
:0043A6F4 A1A8374400
:0043A6F9 8B4044
:0043A6FC 8BD7
:0043A6FE E84126FDFF
:0043A703 A1A8374400
:0043A708 8B4044
:0043A70B 8BCF
:0043A70D 33D2
:0043A70F E81C25FDFF
:0043A714 8BC7
:0043A716 8B1518534300
:0043A71C E86F86FCFF
:0043A721 84C0
:0043A723 742A
:0043A725 A1A8374400
:0043A72A 897860
:0043A72D A1A8374400
:0043A732 8B4040
:0043A735 8BD7
:0043A737 E80826FDFF
:0043A73C A1A8374400

mov edx, edi
call 0040CD44
mov ecx, edi
xor edx, edx
call 0040CC30
mov eax, edi
call 00402D90
test al, al
je 0043A74F
mov edx, edi
call 0040CD44
:0043A741
:0043A744
:0043A746
:0043A748
:0043A74D
8B4040
8BCF
33D2
E8E324FDFF
EB0A

mov ecx, edi
xor edx, edx
call 0040CC30
jmp 0043A759
|:0043A723(C)
|
:0043A74F A1A8374400
:0043A754 33D2
:0043A756 895060
|:0043A74D(U)
|
:0043A759 8B45FC
:0043A75C F6404420
:0043A760 0F85C6010000
:0043A766 8B45FC
:0043A769 668B4044
:0043A76D 660B0534A94300
:0043A774 8B55FC
:0043A777 66894244
:0043A77B 33D2
:0043A77D 55
:0043A77E 6819A94300
:0043A783 64FF32
:0043A786 648922
:0043A789 A1A8374400
:0043A78E 8B406C
:0043A791 3BF8
:0043A793 7454
:0043A795 85C0
:0043A797 742A
:0043A799 E862E7FEFF
:0043A79E 8BF0
:0043A7A0 A1A8374400
:0043A7A5 33D2
:0043A7A7 89506C
:0043A7AA 66BA01B0
:0043A7AE 8BC6
:0043A7B0 E8DFBDFFFF
:0043A7B5 84C0
:0043A7B7 750A
:0043A7B9 E8928BFCFF
:0043A7BE E969010000
|:0043A797(C), :0043A7B7(C)
|
:0043A7C3 A1A8374400
:0043A7C8 89786C
:0043A7CB 8BC7
:0043A7CD E82EE7FEFF
:0043A7D2 66BA00B0
:0043A7D6 E8B9BDFFFF
:0043A7DB 84C0
:0043A7DD 750A
:0043A7DF E86C8BFCFF

xor edx, edx

test [eax+44], 20
jne 0043A92C
or ax, word ptr [0043A934]
mov word ptr [edx+44], ax
xor edx, edx
push ebp
push 0043A919
cmp edi, eax
je 0043A7E9
test eax, eax
je 0043A7C3
call 00428F00
mov esi, eax
xor edx, edx
mov dx, B001
mov eax, esi
call 00436594
test al, al
jne 0043A7C3
call 00403350
jmp 0043A92C

mov eax, edi
call 00428F00
mov dx, B000
call 00436594
test al, al
jne 0043A7E9
call 00403350
:0043A7E4 E943010000
jmp 0043A92C
|:0043A793(C), :0043A7DD(C)
|
:0043A7E9 83BF0402000000
:0043A7F0 7506
:0043A7F2 89BF04020000
|:0043A7F0(C)
|
:0043A7F8 8B8704020000
:0043A7FE 3B45FC
:0043A801 0F84ED000000
:0043A807 EB35
|:0043A854(C)
|
:0043A809 8B8704020000
:0043A80F E8ECE6FEFF
:0043A814 8BF0
:0043A816 8B8704020000
:0043A81C 8B4024
:0043A81F 898704020000
:0043A825 66BA1BB0
:0043A829 8BC6
:0043A82B E864BDFFFF
:0043A830 84C0
:0043A832 750A
:0043A834 E8178BFCFF
:0043A839 E9EE000000
|:0043A807(U), :0043A832(C)
|
:0043A83E 8BB704020000
:0043A844 85F6
:0043A846 7446
:0043A848 8BC6
:0043A84A 8B55FC
:0043A84D E8E2B5FEFF
:0043A852 84C0
:0043A854 74B3
:0043A856 EB36
cmp dword ptr [edi+00000204], 00000000

jne 0043A7F8
mov dword ptr [edi+00000204], edi

je 0043A8F4
jmp 0043A83E

call 00428F00
mov esi, eax
mov dx, B01B
mov eax, esi
call 00436594
test al, al
jne 0043A83E
call 00403350
jmp 0043A92C

test esi, esi
je 0043A88E
mov eax, esi
call 00425E34
test al, al
je 0043A809
jmp 0043A88E

|:0043A897(C)
|
:0043A858 8B75FC
:0043A85B EB02
jmp 0043A85F
|:0043A868(C)
|
:0043A85D 8BF0
mov esi, eax
|:0043A85B(U)
|
:0043A85F
:0043A862
:0043A868
:0043A86A
:0043A870
:0043A872
:0043A877
:0043A87B
:0043A880
:0043A882
:0043A884
:0043A889
8B4624
3B8704020000
75F3
89B704020000
8BC6
E889E6FEFF
66BA1AB0
E814BDFFFF
84C0
750A
E8C78AFCFF
E99E000000

jne 0043A85D
mov eax, esi
call 00428F00
mov dx, B01A
call 00436594
test al, al
jne 0043A88E
call 00403350
jmp 0043A92C

|:0043A846(C), :0043A856(U), :0043A882(C)
|
:0043A88E 8B8704020000
:0043A894 3B45FC
:0043A897 75BF
jne 0043A858
:0043A899 8B45FC
:0043A89C 8B7024
:0043A89F 85F6
test esi, esi
:0043A8A1 7422
je 0043A8C5
|:0043A8C3(C)
|
:0043A8A3 8BC6
:0043A8A5 8B15C8424300
:0043A8AB E8E084FCFF
:0043A8B0 84C0
:0043A8B2 740A
:0043A8B4 8B55FC
:0043A8B7 8BC6
:0043A8B9 E8CAD2FFFF

mov eax, esi
call 00402D90
test al, al
je 0043A8BE
mov eax, esi
call 00437B88

|:0043A8B2(C)
|
:0043A8BE 8B7624
:0043A8C1 85F6
test esi, esi
:0043A8C3 75DE
jne 0043A8A3
|:0043A8A1(C)
|
:0043A8C5 8B45FC
:0043A8C8 50
:0043A8C9 33C9
:0043A8CB BA07B00000
:0043A8D0 8BC7
:0043A8D2 E8BD98FEFF
:0043A8D7 8B875C020000
:0043A8DD 85C0
:0043A8DF 7413
:0043A8E1 3B45FC
:0043A8E4 740E
:0043A8E6 6A00
:0043A8E8 33C9

push eax
xor ecx, ecx
mov edx, 0000B007
mov eax, edi
call 00424194
test eax, eax
je 0043A8F4
je 0043A8F4
push 00000000
xor ecx, ecx
:0043A8EA BA2AB00000
:0043A8EF E8A098FEFF
mov edx, 0000B02A

call 00424194

|:0043A801(C), :0043A8DF(C), :0043A8E4(C)
|
:0043A8F4 33C0
xor eax, eax
:0043A8F6 5A
pop edx
:0043A8F7 59
pop ecx
:0043A8F8 59
pop ecx
:0043A8F9 648910
:0043A8FC 6820A94300
push 0043A920
|:0043A91E(U)
|
:0043A901 8B45FC
:0043A904 668B1534A94300
:0043A90B F7D2
:0043A90D 66235044
:0043A911 8B45FC
:0043A914 66895044
:0043A918 C3
:0043A919
:0043A91E
:0043A920
:0043A925
:0043A92A
jmp 00403278
jmp 0043A901
call 0043CE64
mov bl, 01
E95A89FCFF
EBE1
A1A8374400
E83A250000
B301
mov
mov
not
and
mov
mov
ret

dx, word ptr [0043A934]
edx
dx, word ptr [eax+44]
word ptr [eax+44], dx

|:0043A760(C), :0043A7BE(U), :0043A7E4(U), :0043A839(U), :0043A889(U)
|
:0043A92C 8BC3
mov eax, ebx
:0043A92E 5F
pop edi
:0043A92F 5E
pop esi
:0043A930 5B
pop ebx
:0043A931 59
pop ecx
:0043A932 5D
pop ebp
:0043A933 C3
ret
:0043A934 2000
:0043A936 0000
:0043A938 C3

ret
:0043A939 8D4000

|:0043A605 , :0043A9E8 , :0043BEE3
|
:0043A93C 53
push ebx
:0043A93D 56
push esi
:0043A93E 8B9000020000
:0043A944 85D2
test edx, edx
:0043A946 740D
je 0043A955
:0043A948 83B83002000000
cmp dword ptr [eax+00000230], 00000000
:0043A94F 7504
jne 0043A955
:0043A951 8BDA
:0043A953 EB02
mov ebx, edx

jmp 0043A957

|:0043A946(C), :0043A94F(C)
|
:0043A955 8BD8
mov ebx, eax
|:0043A953(U)
|
:0043A957 8BC3
:0043A959 E8A2E5FEFF
:0043A95E 50

mov eax, ebx
call 00428F00
push eax

|
:0043A95F E844BAFCFF
Call 004063A8
:0043A964 8BC3
mov eax, ebx
:0043A966 E895E5FEFF
call 00428F00
:0043A96B 8BF0
mov esi, eax
|
:0043A96D E8EEB7FCFF
Call 00406160
:0043A972 3BF0
cmp esi, eax
:0043A974 7510
jne 0043A986
:0043A976 6A00
push 00000000
:0043A978 33C9
xor ecx, ecx
:0043A97A BA29B00000
mov edx, 0000B029
:0043A97F 8BC3
mov eax, ebx
:0043A981 E80E98FEFF
call 00424194
|:0043A974(C)
|
:0043A986 5E
pop esi
:0043A987 5B
pop ebx
:0043A988 C3
ret
:0043A989 8D4000

|:0043B197 , :0043B3DF
|
:0043A98C 53
push ebx
:0043A98D 56
push esi
:0043A98E 8BDA
mov ebx, edx
:0043A990 8BF0
mov esi, eax
:0043A992 889E0E020000
mov byte ptr [esi+0000020E], bl
:0043A998 8B865C020000
:0043A99E 85C0
test eax, eax
:0043A9A0 7410
je 0043A9B2
:0043A9A2 6A00
push 00000000
:0043A9A4 33C9
xor ecx, ecx
:0043A9A6 8ACB
mov cl, bl
:0043A9A8 BA2BB00000
mov edx, 0000B02B
:0043A9AD E8E297FEFF
call 00424194
|:0043A9A0(C)
|
:0043A9B2 84DB
:0043A9B4 7437
:0043A9B6 83BE0002000000
:0043A9BD 751E
:0043A9BF F6462010
:0043A9C3 7518
:0043A9C5 6A01
:0043A9C7 6A00
:0043A9C9 B101
:0043A9CB 33D2
:0043A9CD 8BC6
:0043A9CF E838EAFEFF
:0043A9D4 8BD0
:0043A9D6 8BC6
:0043A9D8 E8ABFBFFFF
|:0043A9BD(C), :0043A9C3(C)
|
:0043A9DD B201
:0043A9DF 8BC6
:0043A9E1 E85A000000
:0043A9E6 8BC6
:0043A9E8 E84FFFFFFF
test bl, bl
je 0043A9ED
cmp dword ptr [esi+00000200], 00000000
jne 0043A9DD
test [esi+20], 10
jne 0043A9DD
push 00000001
push 00000000
mov cl, 01
xor edx, edx
mov eax, esi
call 0042940C
mov edx, eax
mov eax, esi
call 0043A588
mov dl, 01
mov eax, esi
call 0043AA40
mov eax, esi
call 0043A93C

|:0043A9B4(C)
|
:0043A9ED 5E
pop esi
:0043A9EE 5B
pop ebx
:0043A9EF C3
ret

|:00422D40 , :0043AA38 , :0043B26E , :0043B442
|
:0043A9F0 53
push ebx
:0043A9F1 56
push esi
:0043A9F2 8BF2
mov esi, edx
:0043A9F4 8BD8
mov ebx, eax
:0043A9F6 80BB0E02000000
:0043A9FD 741C
je 0043AA1B
:0043A9FF 83BB0002000000
cmp dword ptr [ebx+00000200], 00000000
:0043AA06 7413
je 0043AA1B
:0043AA08 56
push esi
:0043AA09 33C9
xor ecx, ecx
:0043AA0B BA04B00000
mov edx, 0000B004
:0043AA10 8B8300020000
:0043AA16 E87997FEFF
call 00424194
|:0043A9FD(C), :0043AA06(C)
|
:0043AA1B 80BB0F02000002
:0043AA22 7519
:0043AA24 8BC3

jne 0043AA3D
mov eax, ebx
:0043AA26
:0043AA2B
:0043AA2D
:0043AA2F
:0043AA31
:0043AA36
:0043AA38
E899EDFFFF
85C0
740E
8BC3
E88EEDFFFF
8BD6
E8B3FFFFFF
|:0043AA22(C), :0043AA2D(C)
|
:0043AA3D 5E
:0043AA3E 5B
:0043AA3F C3
call 004397C4
test eax, eax
je 0043AA3D
mov eax, ebx
call 004397C4
mov edx, esi
call 0043A9F0
pop esi
pop ebx
ret

|:004383CF , :00439C02 , :0043A9E1 , :0043BAD9
|
:0043AA40 53
push ebx
:0043AA41 56
push esi
:0043AA42 51
push ecx
:0043AA43 881424
:0043AA46 8BD8
mov ebx, eax
:0043AA48 F683C002000008
test byte ptr [ebx+000002C0], 08
:0043AA4F 0F85F0000000
jne 0043AB45
:0043AA55 A1A4374400
:0043AA5A 83783000
:0043AA5E 0F84E1000000
je 0043AB45
:0043AA64 A1A4374400
:0043AA69 8B4030
:0043AA6C 83B82802000000
cmp dword ptr [eax+00000228], 00000000
:0043AA73 0F84CC000000
je 0043AB45
:0043AA79 A1A4374400
:0043AA7E 3B5830
:0043AA81 0F84BE000000
je 0043AB45
:0043AA87 80BB0F02000001
:0043AA8E 7415
je 0043AAA5
:0043AA90 A1A4374400
:0043AA95 8B4030
:0043AA98 80B80F02000002
:0043AA9F 0F84A0000000
je 0043AB45
|:0043AA8E(C)
|
:0043AAA5 33C0
:0043AAA7 F6432010
:0043AAAB 7524
:0043AAAD 83BB2802000000
:0043AAB4 741B
:0043AAB6 8B9328020000
:0043AABC 807A4C00
:0043AAC0 7509
:0043AAC2 80BB0F02000001
:0043AAC9 7506

xor eax, eax
test [ebx+20], 10
jne 0043AAD1
cmp dword ptr [ebx+00000228], 00000000
je 0043AAD1
cmp byte ptr [edx+4C], 00
jne 0043AACB
jne 0043AAD1

|:0043AAC0(C)
|
:0043AACB 8B8328020000

|:0043AAAB(C), :0043AAB4(C), :0043AAC9(C)
|
:0043AAD1 8B15A4374400
:0043AAD7 8B5230
:0043AADA 8B9228020000
:0043AAE0 803C2400
:0043AAE4 7408
je 0043AAEE
:0043AAE6 92
xchg eax,edx
:0043AAE7 E8B48AFFFF
call 004335A0
:0043AAEC EB06
jmp 0043AAF4
|:0043AAE4(C)
|
:0043AAEE 92
xchg eax,edx
:0043AAEF E8C88AFFFF
call 004335BC
|:0043AAEC(U)
|
:0043AAF4 803C2400
:0043AAF8 744B
:0043AAFA 80BB0F02000001
:0043AB01 7542
:0043AB03 80BB0B02000002
:0043AB0A 7539
:0043AB0C 8BC3
:0043AB0E E8A180FEFF
:0043AB13 8BF0
:0043AB15 8BC3
:0043AB17 E8DC80FEFF
:0043AB1C C1E010
:0043AB1F 03F0
:0043AB21 56
:0043AB22 6A00
:0043AB24 6A05
:0043AB26 8BC3
:0043AB28 E8D3E3FEFF
:0043AB2D 50

je 0043AB45
jne 0043AB45
cmp byte ptr [ebx+0000020B], 02
jne 0043AB45
mov eax, ebx
call 00422BB4
mov esi, eax
mov eax, ebx
call 00422BF8
shl eax, 10
add esi, eax
push esi
push 00000000
push 00000005
mov eax, ebx
call 00428F00
push eax

|
:0043AB2E E855B8FCFF
Call 00406388
:0043AB33 56
push esi
:0043AB34 6A02
push 00000002
:0043AB36 6A05
push 00000005
:0043AB38 8BC3
mov eax, ebx
:0043AB3A E8C1E3FEFF
call 00428F00
:0043AB3F 50
push eax
|
:0043AB40 E843B8FCFF
Call 00406388
|:0043AA4F(C), :0043AA5E(C), :0043AA73(C), :0043AA81(C), :0043AA9F(C)
|:0043AAF8(C), :0043AB01(C), :0043AB0A(C)

|
:0043AB45 5A
pop edx
:0043AB46 5E
pop esi
:0043AB47 5B
pop ebx
:0043AB48 C3
ret
:0043AB49
:0043AB4C
:0043AB4D
:0043AB55
:0043AB57
:0043AB59
:0043AB5B
:0043AB61
8D4000
53
6683B86602000000
7410
8BD8
8BD0
8B8368020000
FF9364020000

push ebx
cmp word ptr [eax+00000266], 0000
je 0043AB67
mov ebx, eax
mov edx, eax

|:0043AB55(C)
|
:0043AB67 5B
pop ebx
:0043AB68 C3
ret
:0043AB69
:0043AB6C
:0043AB6D
:0043AB75
:0043AB77
:0043AB79
:0043AB7B
:0043AB81
8D4000
53
6683B87E02000000
7410
8BD8
8BD0
8B8380020000
FF937C020000

push ebx
je 0043AB87
mov ebx, eax
mov edx, eax

|:0043AB75(C)
|
:0043AB87 5B
pop ebx
:0043AB88 C3
ret
:0043AB89
:0043AB8C
:0043AB8D
:0043AB95
:0043AB97
:0043AB99
:0043AB9B
:0043ABA1
8D4000
53
6683B89602000000
7410
8BD8
8BD0
8B8398020000
FF9394020000

push ebx
cmp word ptr [eax+00000296], 0000
je 0043ABA7
mov ebx, eax
mov edx, eax

|:0043AB95(C)
|
:0043ABA7 5B
pop ebx
:0043ABA8 C3
ret
:0043ABA9 8D4000

|:00438A43 , :0043A2C3 , :0043AD81
, :0043AE4C
|
:0043ABAC
:0043ABB2
:0043ABB7
:0043ABB9
:0043ABBB
:0043ABC0
8B8020020000
E875F6FDFF
85C0
750A
A1A4374400
E83B3C0000

call 0041A22C
test eax, eax
jne 0043ABC5
call 0043E800
|:0043ABB9(C)
|
:0043ABC5 C3
:0043ABC6 8BC0
:0043ABC8 55
:0043ABC9 8BEC
:0043ABCB 51
:0043ABCC 53
:0043ABCD 8BDA
:0043ABCF 8945FC
:0043ABD2 8B45FC
:0043ABD5 8B8018020000
:0043ABDB E8C49FFDFF
:0043ABE0 33C0
:0043ABE2 55
:0043ABE3 6875AC4300
:0043ABE8 64FF30
:0043ABEB 648920
:0043ABEE 8B45FC
:0043ABF1 8B8018020000
:0043ABF7 8BD3
:0043ABF9 E8E2A2FDFF
:0043ABFE 33C0
:0043AC00 55
:0043AC01 6852AC4300
:0043AC06 64FF30
:0043AC09 648920
:0043AC0C 8B45FC
:0043AC0F 83B83002000000
:0043AC16 7410
:0043AC18 8B45FC
:0043AC1B 8B8030020000
:0043AC21 8B10
:0043AC23 FF5228
:0043AC26 EB0C
|:0043AC16(C)
|
:0043AC28 8B45FC
:0043AC2B 66BBB2FF
:0043AC2F E8C081FCFF
ret
mov eax, eax
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, edx
call 00414BA4
xor eax, eax
push ebp
push 0043AC75
mov edx, ebx
call 00414EE0
xor eax, eax
push ebp
push 0043AC52
cmp dword ptr [eax+00000230], 00000000
je 0043AC28
call [edx+28]
jmp 0043AC34

mov bx, FFB2
call 00402DF4

|:0043AC26(U)
|
:0043AC34 33C0
xor eax, eax
:0043AC36 5A
pop edx
:0043AC37 59
pop ecx
:0043AC38 59
pop ecx
:0043AC39 648910
:0043AC3C 6859AC4300
push 0043AC59
|:0043AC57(U)
|
:0043AC41 8B45FC
:0043AC44 8B8018020000
:0043AC4A 33D2
:0043AC4C E88FA2FDFF
:0043AC51 C3
:0043AC52
:0043AC57
:0043AC59
:0043AC5B
:0043AC5C
:0043AC5D
:0043AC5E
jmp
jmp
xor
pop
pop
pop
mov
E92186FCFF
EBE8
33C0
5A
59
59
648910

xor edx, edx
call 00414EE0
ret
00403278
0043AC41
eax, eax
edx
ecx
ecx

|
:0043AC61 687CAC4300
push 0043AC7C
|:0043AC7A(U)
|
:0043AC66 8B45FC
:0043AC69 8B8018020000
:0043AC6F E8E4A0FDFF
:0043AC74 C3
:0043AC75
:0043AC7A
:0043AC7C
:0043AC7D
:0043AC7E
:0043AC7F
E9FE85FCFF
EBEA
5B
59
5D
C3
jmp
jmp
pop
pop
pop
ret
:0043AC80
:0043AC81
:0043AC82
:0043AC83
:0043AC84
:0043AC87
:0043AC8A
:0043AC8C
:0043AC91
:0043AC93
:0043AC98
:0043AC9C
:0043ACA1
:0043ACA3
:0043ACA6
:0043ACAA
:0043ACAE
:0043ACB3
53
56
57
55
83C4F4
881424
8BE8
C644240100
8BC5
E82CEBFFFF
89442408
837C240800
7414
8A1424
8B442408
66BBD7FF
E84181FCFF
88442401
push ebx
push esi
push edi
push ebp
add esp, FFFFFFF4
mov ebp, eax
mov [esp+01], 00
mov eax, ebp
call 004397C4
je 0043ACB7
mov bx, FFD7
call 00402DF4

call 00414D58
ret
00403278
0043AC66
ebx
ecx
ebp
|:0043ACA1(C)
|
:0043ACB7 8BC5
:0043ACB9 E83AEBFFFF
:0043ACBE 8BF8
:0043ACC0 4F
:0043ACC1 85FF
:0043ACC3 7C42
:0043ACC5 47
:0043ACC6 C744240400000000
|:0043AD05(C)
|
:0043ACCE 8A0424
:0043ACD1 22442401
:0043ACD5 7547
:0043ACD7 8B542404
:0043ACDB 8BC5
:0043ACDD E862EBFFFF
:0043ACE2 8BF0
:0043ACE4 3B742408
:0043ACE8 7416
:0043ACEA 8A1424
:0043ACED 8BC6
:0043ACEF 66BBD7FF
:0043ACF3 E8FC80FCFF
:0043ACF8 0A442401
:0043ACFC 88442401
|:0043ACE8(C)
|
:0043AD00 FF442404
:0043AD04 4F
:0043AD05 75C7
|:0043ACC3(C)
|
:0043AD07 8A0424
:0043AD0A 22442401
:0043AD0E 750E
:0043AD10 8A1424
:0043AD13 8BC5
:0043AD15 E85AD5FEFF
:0043AD1A 88442401
|:0043ACD5(C), :0043AD0E(C)
|
:0043AD1E 8A442401
:0043AD22 83C40C
:0043AD25 5D
:0043AD26 5F
:0043AD27 5E
:0043AD28 5B
:0043AD29 C3
mov eax, ebp

call 004397F8
mov edi, eax
dec edi
test edi, edi
jl 0043AD07
inc edi
mov [esp+04], 00000000

jne 0043AD1E
mov eax, ebp
call 00439844
mov esi, eax
cmp esi, dword ptr [esp+08]
je 0043AD00
mov eax, esi
mov bx, FFD7
call 00402DF4
inc [esp+04]
dec edi
jne 0043ACCE

jne 0043AD1E
mov eax, ebp
call 00428274
mov
add
pop
pop
pop
pop
ret

esp, 0000000C
ebp
edi
esi
ebx
:0043AD2A
:0043AD2C
:0043AD2D
:0043AD2E
:0043AD31
:0043AD33
:0043AD35
:0043AD37
:0043AD3C
8BC0
53
56
83C4C0
8BF2
8BD8
8BC3
E8C4E1FEFF
50
mov eax, eax

push ebx
push esi
add esp, FFFFFFC0
mov esi, edx
mov ebx, eax
mov eax, ebx
call 00428F00
push eax

|
:0043AD3D E866B5FCFF
Call 004062A8
:0043AD42 85C0
test eax, eax
:0043AD44 7529
jne 0043AD6F
:0043AD46 66A1A8AD4300
mov ax, word ptr [0043ADA8]
:0043AD4C 660B4344
or ax, word ptr [ebx+44]
:0043AD50 66894344
:0043AD54 8BD6
mov edx, esi
:0043AD56 8BC3
mov eax, ebx
:0043AD58 E8BBC2FEFF
call 00427018
:0043AD5D 66A1A8AD4300
mov ax, word ptr [0043ADA8]
:0043AD63 F7D0
not eax
:0043AD65 66234344
and ax, word ptr [ebx+44]
:0043AD69 66894344
:0043AD6D EB30
jmp 0043AD9F
|:0043AD44(C)
|
:0043AD6F 54
:0043AD70 8BC3
:0043AD72 E889E1FEFF
:0043AD77 50

push esp
mov eax, ebx
call 00428F00
push eax

|
:0043AD78 E883B2FCFF
Call 00406000
:0043AD7D 8BF0
mov esi, eax
:0043AD7F 8BC3
mov eax, ebx
:0043AD81 E826FEFFFF
call 0043ABAC
:0043AD86 50
push eax
:0043AD87 6A00
push 00000000
:0043AD89 6A00
push 00000000
:0043AD8B 56
push esi
|
:0043AD8C E817B3FCFF
Call 004060A8
:0043AD91 54
push esp
:0043AD92 8BC3
mov eax, ebx
:0043AD94 E867E1FEFF
call 00428F00
:0043AD99 50
push eax
|
:0043AD9A E839B3FCFF
Call 004060D8
|:0043AD6D(U)
|
:0043AD9F 83C440
:0043ADA2 5E
:0043ADA3 5B
:0043ADA4 C3
add esp, 00000040

pop esi
pop ebx
ret
:0043ADA5 00000000
BYTE 4 DUP(0)
:0043ADA9
:0043ADAB
:0043ADAE
:0043ADB1
:0043ADB3
:0043ADB5
:0043ADBC
:0043ADBE
:0043ADC5
:0043ADC7
:0043ADCB
:0043ADCD
:0043ADD2
:0043ADD5
:0043ADDB
:0043ADE0
:0043ADE1
:0043ADE5
:0043ADE7
:0043ADE9
:0043ADEC
:0043ADF0
:0043ADF1
:0043ADF4

add esp, FFFFFFF0
mov esi, edx
mov ebx, eax
jne 0043AE05
jne 0043ADFC
test [ebx+20], 10
jne 0043ADFC
call 004147C0
push eax
mov eax, ebx
call [ecx+44]
push eax
push eax
0100
005356
83C4F0
8BF2
8BD8
80BB0F02000001
7547
80BB0F02000001
7535
F6432010
752F
A1A4374400
8B4030
8B8024010000
E8E099FDFF
50
8D542404
8BC3
8B08
FF5144
8D442404
50
8B4604
50

|
:0043ADF5 E8FEB2FCFF
Call 004060F8
:0043ADFA EB09
jmp 0043AE05
|:0043ADC5(C), :0043ADCB(C)
|
:0043ADFC 8BD6
:0043ADFE 8BC3
:0043AE00 8B08
:0043AE02 FF51F0
|:0043ADBC(C), :0043ADFA(U)
|
:0043AE05 83C410
:0043AE08 5E
:0043AE09 5B
:0043AE0A C3
:0043AE0B 90
:0043AE0C 53
nop
push ebx
mov edx, esi

mov eax, ebx
call [ecx-10]
add esp, 00000010

pop esi
pop ebx
ret
:0043AE0D
:0043AE0E
:0043AE10
:0043AE12
:0043AE14
:0043AE19
56
8BF2
8BD8
8BC3
E8E7E0FEFF
50
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 00428F00
push eax

|
:0043AE1A E889B4FCFF
Call 004062A8
:0043AE1F 85C0
test eax, eax
:0043AE21 750C
jne 0043AE2F
:0043AE23 8BD6
mov edx, esi
:0043AE25 8BC3
mov eax, ebx
:0043AE27 E8B0C4FEFF
call 004272DC
:0043AE2C 5E
pop esi
:0043AE2D 5B
pop ebx
:0043AE2E C3
ret
|:0043AE21(C)
|
:0043AE2F C70627000000
:0043AE35 8BD6
:0043AE37 8BC3
:0043AE39 8B08
:0043AE3B FF51F0
:0043AE3E 5E
:0043AE3F 5B
:0043AE40 C3
:0043AE41
:0043AE44
:0043AE45
:0043AE46
:0043AE48
:0043AE4A
:0043AE4C
:0043AE51
:0043AE54
:0043AE55
:0043AE56

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
call 0043ABAC
pop esi
pop ebx
ret
8D4000
53
56
8BF2
8BD8
8BC3
E85BFDFFFF
89460C
5E
5B
C3
:0043AE57 90
mov dword ptr [esi], 00000027

mov edx, esi
mov eax, ebx
call [ecx-10]
pop esi
pop ebx
ret
nop

|:0043AF7E
|
:0043AE58 55
push ebp
:0043AE59 8BEC
mov ebp, esp
:0043AE5B 53
push ebx
:0043AE5C 8B4508
:0043AE5F 8B40FC
:0043AE62 80B80902000000
:0043AE69 0F84DF000000
je 0043AF4E
:0043AE6F 8B4508
:0043AE72
:0043AE75
:0043AE7C
:0043AE82
:0043AE85
:0043AE88
:0043AE8F
:0043AE95
:0043AE97
:0043AE9A
:0043AE9D
:0043AEA2
8B40FC
F6800802000001
0F84CC000000
8B4508
8B40FC
80B80F02000001
0F84B9000000
6A00
8B4508
8B40FC
E85EE0FEFF
50

je 0043AF4E
je 0043AF4E
push 00000000
call 00428F00
push eax

|
:0043AEA3 E870B3FCFF
Call 00406218
:0043AEA8 8BD8
mov ebx, eax
:0043AEAA 8B4508
:0043AEAD 8B40FC
:0043AEB0 80B80902000003
:0043AEB7 755D
jne 0043AF16
:0043AEB9 6A00
push 00000000
:0043AEBB 6830F10000
push 0000F130
:0043AEC0 53
push ebx
|
:0043AEC1 E8A2B1FCFF
Call 00406068
:0043AEC6 6800040000
push 00000400
:0043AECB 6A07
push 00000007
:0043AECD 53
push ebx
|
:0043AECE E895B1FCFF
Call 00406068
:0043AED3 6800040000
push 00000400
:0043AED8 6A05
push 00000005
:0043AEDA 53
push ebx
|
:0043AEDB E888B1FCFF
Call 00406068
:0043AEE0 6A00
push 00000000
:0043AEE2 6830F00000
push 0000F030
:0043AEE7 53
push ebx
|
:0043AEE8 E87BB1FCFF
Call 00406068
:0043AEED 6A00
push 00000000
:0043AEEF 6820F00000
push 0000F020
:0043AEF4 53
push ebx
|
:0043AEF5 E86EB1FCFF
Call 00406068
:0043AEFA 6A00
push 00000000
:0043AEFC 6800F00000
push 0000F000
:0043AF01 53
push ebx

|
Call 00406068
:0043AF07 6A00
push 00000000
:0043AF09 6820F10000
push 0000F120
:0043AF0E 53
push ebx
|
:0043AF0F E854B1FCFF
Call 00406068
:0043AF14 EB38
jmp 0043AF4E
|:0043AEB7(C)
|
:0043AF16 8B4508
:0043AF19 8B40FC
:0043AF1C F6800802000002
:0043AF23 750D
:0043AF25 6A01
:0043AF27 6820F00000
:0043AF2C 53

jne 0043AF32
push 00000001
push 0000F020
push ebx

|
:0043AF2D E88EB1FCFF
Call 004060C0
|:0043AF23(C)
|
:0043AF32 8B4508
:0043AF35 8B40FC
:0043AF38 F6800802000004
:0043AF3F 750D
:0043AF41 6A01
:0043AF43 6830F00000
:0043AF48 53

jne 0043AF4E
push 00000001
push 0000F030
push ebx

|
Call 004060C0
|:0043AE69(C), :0043AE7C(C), :0043AE8F(C), :0043AF14(U), :0043AF3F(C)
|
:0043AF4E 5B
pop ebx
:0043AF4F 5D
pop ebp
:0043AF50 C3
ret
:0043AF51
:0043AF54
:0043AF55
:0043AF57
:0043AF58
:0043AF5B
:0043AF5E
:0043AF60
:0043AF63
:0043AF66
8D4000
55
8BEC
51
8945FC
8B45FC
8B08
FF51F0
8B45FC
8B9028020000

push ebp
mov ebp, esp
push ecx
call [ecx-10]
:0043AF6C
:0043AF6F
:0043AF74
:0043AF77
:0043AF7B
:0043AF7D
:0043AF7E
:0043AF83
8B45FC
E8FCEAFFFF
8B45FC
F6402010
7507
55
E8D5FEFFFF
59

call 00439A70
test [eax+20], 10
jne 0043AF84
push ebp
call 0043AE58
pop ecx

|:0043AF7B(C)
|
:0043AF84 59
pop ecx
:0043AF85 5D
pop ebp
:0043AF86 C3
ret
:0043AF87 90
nop

|:0043C8A8
|
:0043AF88 53
push ebx
:0043AF89 56
push esi
:0043AF8A 8BF2
mov esi, edx
:0043AF8C 8BD8
mov ebx, eax
:0043AF8E 837E0402
:0043AF92 756C
jne 0043B000
:0043AF94 80BB8700000001
:0043AF9B 7563
jne 0043B000
:0043AF9D F6432010
test [ebx+20], 10
:0043AFA1 755D
jne 0043B000
:0043AFA3 8BC3
mov eax, ebx
:0043AFA5 E856DFFEFF
call 00428F00
:0043AFAA 50
push eax
|
:0043AFAB E8F8B2FCFF
Call 004062A8
:0043AFB0 85C0
test eax, eax
:0043AFB2 754C
jne 0043B000
:0043AFB4 6A07
push 00000007
:0043AFB6 6A00
push 00000000
:0043AFB8 6A00
push 00000000
:0043AFBA 6A00
push 00000000
:0043AFBC 6A00
push 00000000
:0043AFBE 6A00
push 00000000
:0043AFC0 8BC3
mov eax, ebx
:0043AFC2 E839DFFEFF
call 00428F00
:0043AFC7 50
push eax
|
:0043AFC8 E83BB4FCFF
Call 00406408
:0043AFCD 8B4608
:0043AFD0 50
push eax
:0043AFD1 8B4604
:0043AFD4 50
push eax
:0043AFD5 68A2000000
push 000000A2
:0043AFDA 8BC3
mov eax, ebx
:0043AFDC E81FDFFEFF
:0043AFE1 50
call 00428F00
push eax

|
:0043AFE2 E841B3FCFF
Call 00406328
:0043AFE7 8BC3
mov eax, ebx
:0043AFE9 8B10
:0043AFEB FF5254
call [edx+54]
:0043AFEE 8BD0
mov edx, eax
:0043AFF0 80F201
xor dl, 01
:0043AFF3 83C9FF
or ecx, FFFFFFFF
:0043AFF6 8BC3
mov eax, ebx
:0043AFF8 E8E387FEFF
call 004237E0
:0043AFFD 5E
pop esi
:0043AFFE 5B
pop ebx
:0043AFFF C3
ret

|:0043AF92(C), :0043AF9B(C), :0043AFA1(C), :0043AFB2(C)
|
:0043B000 8BD6
mov edx, esi
:0043B002 8BC3
mov eax, ebx
:0043B004 E80796FEFF
call 00424610
:0043B009 5E
pop esi
:0043B00A 5B
pop ebx
:0043B00B C3
ret
:0043B00C
:0043B00D
:0043B00E
:0043B010
:0043B012
:0043B017
:0043B01A
:0043B01C
:0043B01E
:0043B020
:0043B025
:0043B027
:0043B02C
53
56
8BF2
8BD8
A18C2B4400
803800
7416
6A00
6A01
6880000000
8BC3
E8D4DEFEFF
50
push ebx
push esi
mov esi, edx
mov ebx, eax
je 0043B032
push 00000000
push 00000001
push 00000080
mov eax, ebx
call 00428F00
push eax

|
:0043B02D E856B3FCFF
Call 00406388
|:0043B01A(C)
|
:0043B032 83BB2802000000
:0043B039 7425
:0043B03B 80BB0F02000001
:0043B042 741C
:0043B044 6A00
:0043B046 8BC3
:0043B048 E8B3DEFEFF
:0043B04D 50

cmp dword ptr [ebx+00000228], 00000000
je 0043B060
je 0043B060
push 00000000
mov eax, ebx
call 00428F00
push eax

|
:0043B04E E865B3FCFF
Call 004063B8
:0043B053 33D2
xor edx, edx
:0043B055 8B8328020000
:0043B05B E80080FFFF
call 00433060
|:0043B039(C), :0043B042(C)
|
:0043B060 8BD6
:0043B062 8BC3
:0043B064 E897D1FEFF
:0043B069 5E
:0043B06A 5B
:0043B06B C3
:0043B06C
:0043B06D
:0043B06E
:0043B070
:0043B072
:0043B076
:0043B078
:0043B07F
:0043B081
:0043B085
:0043B08B
:0043B090
:0043B092
push ebx
push esi
mov esi, edx
mov ebx, eax
jne 0043B094
cmp dword ptr [ebx+00000228], 00000000
je 0043B094
call 00432C00
test al, al
jne 0043B09D
53
56
8BF2
8BD8
837E0800
751C
83BB2802000000
7413
668B5604
8B8328020000
E8707BFFFF
84C0
7509
|:0043B076(C), :0043B07F(C)
|
:0043B094 8BD6
:0043B096 8BC3
:0043B098 E8DBC0FEFF
mov edx, esi

mov eax, ebx
call 00428200
pop esi
pop ebx
ret

mov edx, esi
mov eax, ebx
call 00427178

|:0043B092(C)
|
:0043B09D 5E
pop esi
:0043B09E 5B
pop ebx
:0043B09F C3
ret
:0043B0A0
:0043B0A6
:0043B0A8
:0043B0AA
:0043B0AD
:0043B0AF
8B8828020000
85C9
740A
8B5204
8BC1
E8687BFFFF

test ecx, ecx
je 0043B0B4
mov eax, ecx
call 00432C1C

|:0043B0A8(C)
|
:0043B0B4 C3
ret
:0043B0B5 8D4000
:0043B0B8
:0043B0B9
:0043B0BB
:0043B0C1
:0043B0C3
:0043B0C5
:0043B0CA
:0043B0CB
56
8BF0
8B8628020000
85C0
7407
E8E281FFFF
5E
C3
push esi
mov esi, eax
test eax, eax
je 0043B0CC
call 004332AC
pop esi
ret

|:0043B0C3(C)
|
:0043B0CC 8BC6
mov eax, esi
:0043B0CE 8B08
:0043B0D0 FF51F0
call [ecx-10]
:0043B0D3 5E
pop esi
:0043B0D4 C3
ret
:0043B0D5
:0043B0D8
:0043B0D9
:0043B0DB
:0043B0DD
:0043B0DE
:0043B0DF
:0043B0E0
:0043B0E2
:0043B0E4
:0043B0E5
:0043B0EA
:0043B0ED
:0043B0F0
:0043B0F7
:0043B0F9
:0043B0FB
:0043B101
:0043B103
:0043B108
8D4000
55
8BEC
6A00
53
56
57
8BF8
33C0
55
6873B14300
64FF30
648920
83BF2802000000
7464
33F6
66817A06FFFF
7507
66837A0400
7429
|:0043B101(C)
|
:0043B10A 33DB
:0043B10C 0FB74204
:0043B110 F6420610
:0043B114 740C
:0043B116 B301
:0043B118 50
:0043B119 8B4208
:0043B11C 50

push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, eax
xor eax, eax
push ebp
push 0043B173
cmp dword ptr [edi+00000228], 00000000
je 0043B15D
xor esi, esi
cmp word ptr [edx+06], FFFF
jne 0043B10A
je 0043B133
xor ebx, ebx
movzx eax, word ptr [edx+04]
test [edx+06], 10
je 0043B122
mov bl, 01
push eax
push eax

|
:0043B11D E8E6B0FCFF
Call 00406208
|:0043B114(C)
|
:0043B122
:0043B124
:0043B126
:0043B12C
:0043B131
8BCB
8BD0
8B8728020000
E82F7AFFFF
8BF0
mov ecx, ebx

mov edx, eax
call 00432B60
mov esi, eax
|:0043B108(C)
|
:0043B133 85F6
:0043B135 741A
:0043B137 8D55FC
:0043B13A 8B464C
:0043B13D E87E55FEFF
:0043B142 8B55FC
:0043B145 A1A4374400
:0043B14A E8E5430000
:0043B14F EB0C
|:0043B135(C)
|
:0043B151 33D2
:0043B153 A1A4374400
:0043B158 E8D7430000
|:0043B0F7(C), :0043B14F(U)
|
:0043B15D 33C0
:0043B15F 5A
:0043B160 59
:0043B161 59
:0043B162 648910
test esi, esi

je 0043B151
lea edx, dword
mov eax, dword
call 004206C0
mov edx, dword
mov eax, dword
call 0043F534
jmp 0043B15D
ptr [ebp-04]
ptr [esi+4C]
ptr [ebp-04]
ptr [004437A4]
xor edx, edx

call 0043F534
xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0043B165 687AB14300
push 0043B17A
|:0043B178(U)
|
:0043B16A 8D45FC
:0043B16D E84686FCFF
:0043B172 C3
:0043B173
:0043B178
:0043B17A
:0043B17B
:0043B17C
:0043B17D
:0043B17E
:0043B17F
jmp
jmp
pop
pop
pop
pop
pop
ret
E90081FCFF
EBF0
5F
5E
5B
59
5D
C3
:0043B180 80B80F02000002
:0043B187 7506

call 004037B8
ret
00403278
0043B16A
edi
esi
ebx
ecx
ebp

jne 0043B18F
:0043B189 F6402010
:0043B18D 740D
test [eax+20], 10
je 0043B19C
|:0043B187(C)
|
:0043B18F 66837A0400
:0043B194 0F95C2
:0043B197 E8F0F7FFFF
|:0043B18D(C)
|
:0043B19C C3
:0043B19D 8D4000
:0043B1A0 53
:0043B1A1 56
:0043B1A2 8BDA
:0043B1A4 8BF0
:0043B1A6 8BD3
:0043B1A8 8BC6
:0043B1AA E80DCCFFFF
:0043B1AF F6462010
:0043B1B3 7528
:0043B1B5 8B4304
:0043B1B8 83E801
:0043B1BB 7207
:0043B1BD 740E
:0043B1BF 48
:0043B1C0 7414
:0043B1C2 EB19

setne dl
call 0043A98C
ret
push ebx
push esi
mov ebx, edx
mov esi, eax
mov edx, ebx
mov eax, esi
call 00437DBC
test [esi+20], 10
jne 0043B1DD
sub eax, 00000001
jb 0043B1C4
je 0043B1CD
dec eax
je 0043B1D6
jmp 0043B1DD

|:0043B1BB(C)
|
:0043B1C4 C6860B02000000
mov byte ptr [esi+0000020B], 00
:0043B1CB EB10
jmp 0043B1DD
|:0043B1BD(C)
|
:0043B1CD C6860B02000001
:0043B1D4 EB07
jmp 0043B1DD
|:0043B1C0(C)
|
:0043B1D6 C6860B02000002
|:0043B1B3(C), :0043B1C2(U), :0043B1CB(U), :0043B1D4(U)
|
:0043B1DD 8BC6
mov eax, esi
:0043B1DF 66BBD6FF
mov bx, FFD6
:0043B1E3 E80C7CFCFF
call 00402DF4
:0043B1E8 83BE4402000000
cmp dword ptr [esi+00000244], 00000000
:0043B1EF 740B
je 0043B1FC
:0043B1F1 8B8644020000
:0043B1F7 8B10
:0043B1F9 FF5210
call [edx+10]
|:0043B1EF(C)
|
:0043B1FC 8BC6
:0043B1FE E80DC8FFFF
:0043B203 5E
:0043B204 5B
:0043B205 C3
:0043B206 8BC0
:0043B208 E8B30A0000
:0043B20D C3
mov eax, eax

call 0043BCC0
ret
:0043B20E
:0043B210
:0043B211
:0043B212
:0043B214
:0043B216
:0043B218
:0043B21A
:0043B220
:0043B222
:0043B224
:0043B229
:0043B22B
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, ebx
test al, al
je 0043B22D
call 00409798
test al, al
jne 0043B231
8BC0
53
56
8BF2
8BD8
8BC3
8B10
FF92C4000000
84C0
7409
E86FE5FCFF
84C0
7504
mov eax, esi

call 00437A10
pop esi
pop ebx
ret

|:0043B222(C)
|
:0043B22D 33C0
xor eax, eax
:0043B22F EB02
jmp 0043B233
|:0043B22B(C)
|
:0043B231 B001
mov al, 01
|:0043B22F(U)
|
:0043B233 83E07F
and eax, 0000007F
:0043B236 89460C
:0043B239 5E
pop esi
:0043B23A 5B
pop ebx
:0043B23B C3
ret
:0043B23C
:0043B23D
:0043B23E
:0043B240
:0043B242
:0043B245
:0043B249
:0043B24B
:0043B252
53
56
8BDA
33D2
89530C
F6402010
751E
80B80F02000001
7415
push ebx
push esi
mov ebx, edx
xor edx, edx
test [eax+20], 10
jne 0043B269
je 0043B269
:0043B254
:0043B25B
:0043B25D
:0043B263
:0043B267
83B82802000000
740C
8B9028020000
807A4C00
7426
cmp dword ptr [eax+00000228], 00000000

je 0043B269
cmp byte ptr [edx+4C], 00
je 0043B28F

|:0043B249(C), :0043B252(C), :0043B25B(C)
|
:0043B269 8B7308
:0043B26C 33D2
xor edx, edx
:0043B26E E87DF7FFFF
call 0043A9F0
:0043B273 0FB74E08
:0043B277 8B5604
:0043B27A B817B00000
mov eax, 0000B017
:0043B27F E81452FEFF
call 00420498
:0043B284 85C0
test eax, eax
:0043B286 7407
je 0043B28F
:0043B288 C7430C01000000
mov [ebx+0C], 00000001
|:0043B267(C), :0043B286(C)
|
:0043B28F 5E
:0043B290 5B
:0043B291 C3
:0043B292
:0043B294
:0043B295
:0043B296
:0043B298
:0043B29A
:0043B29D
:0043B2A2
:0043B2A7
:0043B2A9
:0043B2AE
:0043B2B1
:0043B2B3
:0043B2B8
:0043B2BD
mov eax, eax

push ebx
push esi
mov esi, edx
mov ebx, eax
mov eax, dword ptr
and eax, 0000FFF0
cmp eax, 0000F020
jne 0043B2BF
mov eax, dword ptr
cmp ebx, dword ptr
jne 0043B2BF
mov eax, dword ptr
call 0043E81C
jmp 0043B2EC
8BC0
53
56
8BF2
8BD8
8B4604
25F0FF0000
3D20F00000
7516
A1A4374400
3B5830
750C
A1A4374400
E85F350000
EB2D
|:0043B2A7(C), :0043B2B1(C)
|
:0043B2BF 8B4604
:0043B2C2 25F0FF0000
:0043B2C7 3D10F00000
:0043B2CC 7515
:0043B2CE F6432010
:0043B2D2 750F
:0043B2D4 807B4B00
:0043B2D8 7409
:0043B2DA 80BB0B02000001
:0043B2E1 7509
pop esi
pop ebx
ret
[esi+04]
[004437A4]
[eax+30]
[004437A4]

and eax, 0000FFF0
cmp eax, 0000F010
jne 0043B2E3
test [ebx+20], 10
jne 0043B2E3
je 0043B2E3
jne 0043B2EC

|:0043B2CC(C), :0043B2D2(C), :0043B2D8(C)
|
:0043B2E3 8BD6
:0043B2E5 8BC3
:0043B2E7 E8F8CDFEFF
mov edx, esi

mov eax, ebx
call 004280E4
|:0043B2BD(U), :0043B2E1(C)
|
:0043B2EC 8B4604
:0043B2EF 25F0FF0000
:0043B2F4 3D20F00000
:0043B2F9 7407
:0043B2FB 3D20F10000
:0043B300 7517
|:0043B2F9(C)
|
:0043B302 F6432010
:0043B306 7511
:0043B308 807B4B00
:0043B30C 740B
:0043B30E 8BC3
:0043B310 66BBD6FF
:0043B314 E8DB7AFCFF

and eax, 0000FFF0
cmp eax, 0000F020
je 0043B302
cmp eax, 0000F120
jne 0043B319
test [ebx+20], 10
jne 0043B319
je 0043B319
mov eax, ebx
mov bx, FFD6
call 00402DF4

|:0043B300(C), :0043B306(C), :0043B30C(C)
|
:0043B319 5E
pop esi
:0043B31A 5B
pop ebx
:0043B31B C3
ret
:0043B31C
:0043B31D
:0043B31E
:0043B320
:0043B322
:0043B325
:0043B326
:0043B328
:0043B32B
:0043B32D
53
56
8BF2
8BD8
8B4608
48
7407
83E802
7449
EB77
|:0043B326(C)
|
:0043B32F 8BC3
:0043B331 E8CADBFEFF
:0043B336 50
push ebx
push esi
mov esi, edx
mov ebx, eax
dec eax
je 0043B32F
sub eax, 00000002
je 0043B376
jmp 0043B3A6
mov eax, ebx
call 00428F00
push eax

|
:0043B337 E86CAFFCFF
Call 004062A8
:0043B33C 85C0
test eax, eax
:0043B33E 7409
je 0043B349
:0043B340 C6830C02000002
mov byte ptr [ebx+0000020C], 02
:0043B347 EB21
jmp 0043B36A
|:0043B33E(C)
|
:0043B349 8BC3
:0043B34B E8B0DBFEFF
:0043B350 50

mov eax, ebx
call 00428F00
push eax
* Reference To: user32.IsZoomed, Ord:0000h

|
:0043B351 E872AFFCFF
Call 004062C8
:0043B356 85C0
test eax, eax
:0043B358 7409
je 0043B363
:0043B35A C6830C02000003
:0043B361 EB07
jmp 0043B36A
|:0043B358(C)
|
:0043B363 C6830C02000001
|:0043B347(U), :0043B361(U)
|
:0043B36A 8BD6
:0043B36C 8BC3
:0043B36E 8B08
:0043B370 FF51F0
:0043B373 5E
:0043B374 5B
:0043B375 C3
|:0043B32B(C)
|
:0043B376 80BB0C02000000
:0043B37D 7430
:0043B37F 33C0
:0043B381 8A830C020000
:0043B387 8B0485C0284400
:0043B38E 50
:0043B38F 8BC3
:0043B391 E86ADBFEFF
:0043B396 50
mov edx, esi

mov eax, ebx
call [ecx-10]
pop esi
pop ebx
ret

je 0043B3AF
xor eax, eax
mov eax, dword ptr [4*eax+004428C0]
push eax
mov eax, ebx
call 00428F00
push eax

|
:0043B397 E8A4B0FCFF
Call 00406440
:0043B39C C6830C02000000
:0043B3A3 5E
pop esi
:0043B3A4 5B
pop ebx
:0043B3A5 C3
ret

|:0043B32D(U)
|
:0043B3A6 8BD6
mov edx, esi
:0043B3A8 8BC3
:0043B3AA 8B08
:0043B3AC FF51F0
mov eax, ebx

call [ecx-10]

|:0043B37D(C)
|
:0043B3AF 5E
pop esi
:0043B3B0 5B
pop ebx
:0043B3B1 C3
ret
:0043B3B2
:0043B3B4
:0043B3B5
:0043B3B6
:0043B3B8
:0043B3BA
:0043B3BC
:0043B3BE
:0043B3C0
:0043B3C3
:0043B3CA
:0043B3CC
:0043B3CE
:0043B3D3
:0043B3D6
:0043B3D9
:0043B3DB
:0043B3DD
:0043B3DF
:0043B3E4
:0043B3E6
:0043B3E8
:0043B3ED
:0043B3F0
:0043B3F4
:0043B3F6
:0043B3FB
:0043B3FE
:0043B400
:0043B404
8BC0
53
56
8BDA
8BF0
8BD3
8BC6
8B08
FF51F0
80BE0F02000001
753D
8BC6
E82DDBFEFF
3B4308
0F94C0
8BD8
8BD3
8BC6
E8A8F5FFFF
84DB
7421
A1A4374400
8B4030
F6404404
7413
A1A4374400
8B4030
B201
66BBD7FF
E8EB79FCFF
mov eax, eax

push ebx
push esi
mov ebx, edx
mov esi, eax
mov edx, ebx
mov eax, esi
call [ecx-10]
jne 0043B409
mov eax, esi
call 00428F00
sete al
mov ebx, eax
mov edx, ebx
mov eax, esi
call 0043A98C
test bl, bl
je 0043B409
test [eax+44], 04
je 0043B409
mov dl, 01
mov bx, FFD7
call 00402DF4

|:0043B3CA(C), :0043B3E6(C), :0043B3F4(C)
|
:0043B409 5E
pop esi
:0043B40A 5B
pop ebx
:0043B40B C3
ret
:0043B40C
:0043B411
:0043B413
:0043B416
66837A0800
740A
8B4204
50

je 0043B41D
push eax

|
:0043B417 E88CAFFCFF
Call 004063A8
:0043B41C C3
ret
|:0043B411(C)
|
:0043B41D 6A01
:0043B41F 8B4A04
:0043B422 83F901
:0043B425 1BC9
:0043B427 F7D9
:0043B429 8B9000020000
:0043B42F E8D8E0FEFF
:0043B434 C3
:0043B435
:0043B438
:0043B439
:0043B43A
:0043B43C
:0043B43E
:0043B440
:0043B442
:0043B447
:0043B449
:0043B44B
:0043B44D
:0043B450
:0043B451
:0043B452

push ebx
push esi
mov esi, edx
mov ebx, eax
xor edx, edx
mov eax, ebx
call 0043A9F0
mov edx, esi
mov eax, ebx
call [ecx-10]
pop esi
pop ebx
ret
8D4000
53
56
8BF2
8BD8
33D2
8BC3
E8A9F5FFFF
8BD6
8BC3
8B08
FF51F0
5E
5B
C3
:0043B453 90
push 00000001
cmp ecx, 00000001
sbb ecx, ecx
neg ecx
call 0042950C
ret
nop

|:0043B51A , :0043B52A
|
:0043B454 55
push ebp
:0043B455 8BEC
mov ebp, esp
:0043B457 53
push ebx
:0043B458 8BD8
mov ebx, eax
:0043B45A 33C0
xor eax, eax
:0043B45C 85DB
test ebx, ebx
:0043B45E 742E
je 0043B48E
:0043B460 8B4508
mov eax, dword
:0043B463 8B40FC
mov eax, dword
:0043B466 8B4008
mov eax, dword
:0043B469 8B5008
mov edx, dword
:0043B46C B101
mov cl, 01
:0043B46E 8BC3
mov eax, ebx
:0043B470 E81B77FFFF
call 00432B90
:0043B475 85C0
test eax, eax
:0043B477 7515
jne 0043B48E
:0043B479 8B4508
mov eax, dword
:0043B47C 8B40FC
mov eax, dword
:0043B47F 8B4008
mov eax, dword
:0043B482 8B500C
mov edx, dword
:0043B485 33C9
xor ecx, ecx
:0043B487 8BC3
mov eax, ebx
ptr
ptr
ptr
ptr
[ebp+08]
[eax-04]
[eax+08]
[eax+08]
ptr
ptr
ptr
ptr
[ebp+08]
[eax-04]
[eax+08]
[eax+0C]
:0043B489 E80277FFFF
call 00432B90
|:0043B45E(C), :0043B477(C)
|
:0043B48E 5B
:0043B48F 5D
:0043B490 C3
:0043B491
:0043B494
:0043B495
:0043B497
:0043B49A
:0043B49B
:0043B49C
:0043B49D
:0043B4A0
:0043B4A2
:0043B4A6
:0043B4A8
:0043B4AB
:0043B4AD
:0043B4AF
:0043B4B2

push ebp
mov ebp, esp
add esp, FFFFFFE8
push ebx
push esi
push edi
mov esi, eax
test [esi+20], 10
je 0043B4B7
mov eax, esi
call [ecx-10]
jmp 0043B590
8D4000
55
8BEC
83C4E8
53
56
57
8955FC
8BF0
F6462010
740F
8B55FC
8BC6
8B08
FF51F0
E9D9000000
|:0043B4A6(C)
|
:0043B4B7 8B45FC
:0043B4BA 8B4008
:0043B4BD 83780401
:0043B4C1 7550
:0043B4C3 8B400C
:0043B4C6 E8B14FFEFF
:0043B4CB 8BD8
:0043B4CD EB03
pop ebx
pop ebp
ret

jne 0043B513
call 0042047C
mov ebx, eax
jmp 0043B4D2

|:0043B4DD(C)
|
:0043B4CF 8B5B24
|:0043B4CD(U)
|
:0043B4D2 85DB
:0043B4D4 7409
:0043B4D6 83BB4401000000
:0043B4DD 74F0
|:0043B4D4(C)
|
:0043B4DF 85DB
:0043B4E1 0F84A9000000
:0043B4E7 8BBB44010000
:0043B4ED 8D4DE8
:0043B4F0 33D2
test ebx, ebx

je 0043B4DF
cmp dword ptr [ebx+00000144], 00000000
je 0043B4CF
test ebx, ebx

je 0043B590
xor edx, edx
:0043B4F2
:0043B4F4
:0043B4F9
:0043B4FC
:0043B4FF
:0043B501
:0043B506
:0043B509
:0043B50E
:0043B511
33C0
E8870CFDFF
8D55E8
8D4DF0
8BC3
E8C277FEFF
8D45F0
E80AB0FCFF
8945F8
EB43
xor eax, eax

call 0040C180
mov eax, ebx
call 00422CC8
call 00406518
jmp 0043B556
|:0043B4C1(C)
|
:0043B513 55
:0043B514 8B8628020000
:0043B51A E835FFFFFF
:0043B51F 59
:0043B520 8BF8
:0043B522 85FF
:0043B524 750C
:0043B526 55
:0043B527 8B4670
:0043B52A E825FFFFFF
:0043B52F 59
:0043B530 8BF8
|:0043B524(C)
|
:0043B532 8D4DE8
:0043B535 33D2
:0043B537 33C0
:0043B539 E8420CFDFF
:0043B53E 8D55E8
:0043B541 8D4DF0
:0043B544 8BC6
:0043B546 E87D77FEFF
:0043B54B 8D45F0
:0043B54E E8C5AFFCFF
:0043B553 8945F8
|:0043B511(U)
|
:0043B556 F6860802000008
:0043B55D 7425
:0043B55F 8B4DF8
:0043B562 BA0D000000
:0043B567 A1A4374400
:0043B56C E8EB3C0000
:0043B571 8BCF
:0043B573 BA08000000
:0043B578 A1A4374400
:0043B57D E8DA3C0000
:0043B582 EB0C
push ebp
call 0043B454
pop ecx
mov edi, eax
test edi, edi
jne 0043B532
push ebp
call 0043B454
pop ecx
mov edi, eax

xor edx, edx
xor eax, eax
call 0040C180
mov eax, esi
call 00422CC8
call 00406518
test byte ptr [esi+00000208], 08

je 0043B584
mov edx, 0000000D
call 0043F25C
mov ecx, edi
mov edx, 00000008
call 0043F25C
jmp 0043B590

|:0043B55D(C)
|
:0043B584 8BD7
:0043B586 A1A4374400
:0043B58B E8C03C0000
mov edx, edi

call 0043F250

|:0043B4B2(U), :0043B4E1(C), :0043B582(U)
|
:0043B590 5F
pop edi
:0043B591 5E
pop esi
:0043B592 5B
pop ebx
:0043B593 8BE5
mov esp, ebp
:0043B595 5D
pop ebp
:0043B596 C3
ret
:0043B597
:0043B598
:0043B599
:0043B59A
:0043B59B
:0043B59E
:0043B5A0
:0043B5A4
:0043B5A6
:0043B5AD
:0043B5AF
:0043B5B2
:0043B5B5
:0043B5B8
:0043B5BB
:0043B5BE
:0043B5C0
:0043B5C2
90
53
56
51
891424
8BF0
F6462002
7555
80BE0A02000000
744C
8B1424
8B5208
8B4668
8D4A18
8B5814
85DB
7602
8919
nop
push ebx
push esi
push ecx
mov esi, eax
test [esi+20], 02
jne 0043B5FB
cmp byte ptr [esi+0000020A], 00
je 0043B5FB
lea ecx, dword ptr [edx+18]
test ebx, ebx
jbe 0043B5C4

|:0043B5C0(C)
|
:0043B5C4 8B5810
:0043B5C7 85DB
test ebx, ebx
:0043B5C9 7603
jbe 0043B5CE
:0043B5CB 895904
|:0043B5C9(C)
|
:0043B5CE 8D4A20
lea ecx, dword ptr [edx+20]
:0043B5D1 8B580C
:0043B5D4 85DB
test ebx, ebx
:0043B5D6 7602
jbe 0043B5DA
:0043B5D8 8919
|:0043B5D6(C)
|
:0043B5DA 8B5808
:0043B5DD 85DB
test ebx, ebx
:0043B5DF 7603
jbe 0043B5E4
:0043B5E1 895904
|:0043B5DF(C)
|
:0043B5E4 8D4220
:0043B5E7 50
:0043B5E8 8D4224
:0043B5EB 50
:0043B5EC 8D4A1C
:0043B5EF 8D4218
:0043B5F2 8BD0
:0043B5F4 8BC6
:0043B5F6 8B18
:0043B5F8 FF533C
lea eax, dword

push eax
lea eax, dword
push eax
lea ecx, dword
lea eax, dword
mov edx, eax
mov eax, esi
mov ebx, dword
call [ebx+3C]
ptr [edx+20]
ptr [edx+24]
ptr [edx+1C]
ptr [edx+18]
ptr [eax]
|:0043B5A4(C), :0043B5AD(C)
|
:0043B5FB 8B1424
:0043B5FE 8BC6
:0043B600 8B08
:0043B602 FF51F0
:0043B605 5A
:0043B606 5E
:0043B607 5B
:0043B608 C3
:0043B609
:0043B60C
:0043B60D
:0043B60F
:0043B610
:0043B611
:0043B612
:0043B614
:0043B617
:0043B61A
:0043B61D
:0043B620
:0043B626
:0043B62C
:0043B62E
:0043B630
:0043B634
:0043B636
:0043B639
:0043B63C
:0043B63F
:0043B641
:0043B644
:0043B647
:0043B64A

push ebp
mov ebp, esp
push ecx
push ebx
push esi
mov esi, edx
and al, byte ptr [0043B698]
mov dl, byte ptr [0043B69C]
cmp dl, al
jne 0043B64C
test [ebx+18], 01
jne 0043B64C
jne 0043B650
jne 0043B650
8D4000
55
8BEC
51
53
56
8BF2
8945FC
8B5E08
8B45FC
8A4020
220598B64300
8A159CB64300
3AD0
751C
F6431801
7516
8B4310
8B55FC
3B4238
750F
8B4314
8B55FC
3B423C
7504

mov eax, esi
call [ecx-10]
pop edx
pop esi
pop ebx
ret

|:0043B62E(C), :0043B634(C)
|
:0043B64C 33C0
xor eax, eax
:0043B64E EB02
jmp 0043B652
|:0043B63F(C), :0043B64A(C)
|
:0043B650 B001
|:0043B64E(U)
|
:0043B652 8B55FC
:0043B655 88820A020000
:0043B65B 33C0
:0043B65D 55
:0043B65E 688BB64300
:0043B663 64FF30
:0043B666 648920
:0043B669 8BD6
:0043B66B 8B45FC
:0043B66E E875BDFEFF
:0043B673 33C0
:0043B675 5A
:0043B676 59
:0043B677 59
:0043B678 648910
mov al, 01
mov byte ptr [edx+0000020A], al
xor eax, eax
push ebp
push 0043B68B
mov edx, esi
call 004273E8
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0043B67B 6892B64300
push 0043B692
|:0043B690(U)
|
:0043B680 8B45FC
:0043B683 C6800A02000000
:0043B68A C3
:0043B68B
:0043B690
:0043B692
:0043B693
:0043B694
:0043B695
:0043B696
jmp
jmp
pop
pop
pop
pop
ret
E9E87BFCFF
EBEE
5E
5B
59
5D
C3

mov byte ptr [eax+0000020A], 00
ret
00403278
0043B680
esi
ebx
ecx
ebp
:0043B697 00
BYTE 0
:0043B698 0A00
:0043B69A 000000000000

BYTE 6 DUP(0)
:0043B6A0
:0043B6A1
:0043B6A5
:0043B6AA
:0043B6AB
53
66BBB8FF
E84A77FCFF
5B
C3
push ebx
mov bx, FFB8
call 00402DF4
pop ebx
ret
:0043B6AC 53
:0043B6AD 66BBB6FF
:0043B6B1 E83E77FCFF
push ebx
mov bx, FFB6
call 00402DF4
:0043B6B6 5B
:0043B6B7 C3
pop ebx
ret
:0043B6B8
:0043B6B9
:0043B6BA
:0043B6BC
:0043B6BE
push ebx
push esi
mov esi, edx
mov ebx, eax
push 00000012
53
56
8BF2
8BD8
6A12

|
:0043B6C0 E8BBAAFCFF
Call 00406180
:0043B6C5 6685C0
test ax, ax
:0043B6C8 7C7C
jl 0043B746
:0043B6CA 668B4604
:0043B6CE 6683E809
sub ax, 0009
:0043B6D2 740B
je 0043B6DF
:0043B6D4 83C0E4
add eax, FFFFFFE4
:0043B6D7 6683E804
sub ax, 0004
:0043B6DB 7234
jb 0043B711
:0043B6DD EB67
jmp 0043B746
|:0043B6D2(C)
|
:0043B6DF 6A11
push 00000011
|
:0043B6E1 E89AAAFCFF
Call 00406180
:0043B6E6 6685C0
test ax, ax
:0043B6E9 7C5B
jl 0043B746
:0043B6EB 6A01
push 00000001
:0043B6ED 6A10
push 00000010
|
:0043B6EF E88CAAFCFF
Call 00406180
:0043B6F4 6685C0
test ax, ax
:0043B6F7 0F9DC1
setnl cl
:0043B6FA 8B9300020000
:0043B700 8BC3
mov eax, ebx
:0043B702 E805DEFEFF
call 0042950C
:0043B707 C7460C01000000
mov [esi+0C], 00000001
:0043B70E 5E
pop esi
:0043B70F 5B
pop ebx
:0043B710 C3
ret
|:0043B6DB(C)
|
:0043B711 8B8300020000
:0043B717 85C0
:0043B719 7434
:0043B71B 6A00
:0043B71D 668B5604
:0043B721 6683FA27

test eax, eax
je 0043B74F
push 00000000
cmp dx, 0027
:0043B725
:0043B727
:0043B72B
:0043B72D
:0043B72F
740A
6683FA28
7404
33C9
EB02
je 0043B731
cmp dx, 0028
je 0043B731
xor ecx, ecx
jmp 0043B733

|:0043B725(C), :0043B72B(C)
|
:0043B731 B101
mov cl, 01
|:0043B72F(U)
|
:0043B733 8B5024
:0043B736 92
:0043B737 E8D0DDFEFF
:0043B73C C7460C01000000
:0043B743 5E
:0043B744 5B
:0043B745 C3

xchg eax,edx
call 0042950C
mov [esi+0C], 00000001
pop esi
pop ebx
ret

|:0043B6C8(C), :0043B6DD(U), :0043B6E9(C)
|
:0043B746 8BD6
mov edx, esi
:0043B748 8BC3
mov eax, ebx
:0043B74A E87DCCFEFF
call 004283CC
|:0043B719(C)
|
:0043B74F 5E
pop esi
:0043B750 5B
pop ebx
:0043B751 C3
ret
:0043B752
:0043B754
:0043B755
:0043B757
:0043B75A
:0043B75B
:0043B75C
:0043B75D
:0043B75F
:0043B762
:0043B765
:0043B767
:0043B768
:0043B76D
:0043B770
:0043B773
:0043B776
:0043B77A
:0043B77C
:0043B77F
:0043B786
8BC0
55
8BEC
83C4F8
53
56
57
33C9
894DF8
8945FC
33C0
55
68C6BB4300
64FF30
648920
8B45FC
F6402010
752D
8B45FC
F680C002000004
7421
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
xor ecx, ecx
xor eax, eax
push ebp
push 0043BBC6
test [eax+20], 10
jne 0043B7A9
je 0043B7A9
:0043B788
:0043B78B
:0043B790
:0043B795
:0043B798
:0043B79A
:0043B79F
:0043B7A4
8D55F8
A1482D4400
E88F96FCFF
8B4DF8
B201
A1F4B44000
E8C8D0FCFF
E8077BFCFF
lea edx, dword

mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-08]
ptr [00442D48]
ptr [ebp-08]
ptr [0040B4F4]
|:0043B77A(C), :0043B786(C)
|
:0043B7A9 A1A4374400
:0043B7AE E8713E0000
:0043B7B3 8B45FC
:0043B7B6 8088C002000004
:0043B7BD 33D2
:0043B7BF 55
:0043B7C0 68A9BB4300
:0043B7C5 64FF32
:0043B7C8 648922
:0043B7CB 8B45FC
:0043B7CE F6402010
:0043B7D2 0F85B9030000
:0043B7D8 8B45FC
:0043B7DB 80B86C01000000
:0043B7E2 0F84A4020000
:0043B7E8 33C0
:0043B7EA 55
:0043B7EB 680CB84300
:0043B7F0 64FF30
:0043B7F3 648920
:0043B7F6 8B45FC
:0043B7F9 66BBB3FF
:0043B7FD E8F275FCFF
:0043B802 33C0
:0043B804 5A
:0043B805 59
:0043B806 59
:0043B807 648910
:0043B80A EB17
:0043B80C E95F78FCFF
:0043B811 8B55FC
:0043B814 A1A4374400
:0043B819 E846360000
:0043B81E E8FD7AFCFF
|:0043B80A(U)
|
:0043B823 8B45FC
:0043B826 8A8010020000
:0043B82C 3C04
:0043B82E 0F85BB000000
:0043B834 8B45FC
:0043B837 80B80F02000001
:0043B83E 753A
:0043B840 A1A4374400
:0043B845 8B4030
:0043B848 E86773FEFF

call 0043F624
xor edx, edx
push ebp
push 0043BBA9
test [eax+20], 10
jne 0043BB91
je 0043BA8C
xor eax, eax
push ebp
push 0043B80C
mov bx, FFB3
call 00402DF4
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0043B823
jmp 00403070
call 0043EE64
call 00403320

cmp al, 04
jne 0043B8EF
jne 0043B87A
call 00422BB4
:0043B84D
:0043B84F
:0043B852
:0043B855
:0043B857
:0043B859
8BD8
8B45FC
2B5838
D1FB
7903
83D300
mov
mov
sub
sar
jns
adc
ebx, eax
ebx, dword ptr [eax+38]
ebx, 1
0043B85C
ebx, 00000000
|:0043B857(C)
|
:0043B85C A1A4374400
:0043B861 8B4030
:0043B864 E88F73FEFF
:0043B869 8BF0
:0043B86B 8B45FC
:0043B86E 2B703C
:0043B871 D1FE
:0043B873 7937
:0043B875 83D600
:0043B878 EB32
|:0043B83E(C)
|
:0043B87A A1A8374400
:0043B87F E83C150000
:0043B884 8BD8
:0043B886 8B45FC
:0043B889 2B5838
:0043B88C D1FB
:0043B88E 7903
:0043B890 83D300
|:0043B88E(C)
|
:0043B893 A1A8374400
:0043B898 E817150000
:0043B89D 8BF0
:0043B89F 8B45FC
:0043B8A2 2B703C
:0043B8A5 D1FE
:0043B8A7 7903
:0043B8A9 83D600
mov eax, dword ptr

mov eax, dword ptr
call 00422BF8
mov esi, eax
mov eax, dword ptr
sub esi, dword ptr
sar esi, 1
jns 0043B8AC
adc esi, 00000000
jmp 0043B8AC
[004437A4]
[eax+30]
[ebp-04]
[eax+3C]

call 0043CDC0
mov ebx, eax
sub ebx, dword ptr [eax+38]
sar ebx, 1
jns 0043B893
adc ebx, 00000000

call 0043CDB4
mov esi, eax
sar esi, 1
jns 0043B8AC
adc esi, 00000000

|:0043B873(C), :0043B878(U), :0043B8A7(C)
|
:0043B8AC 85DB
test ebx, ebx
:0043B8AE 7D02
jge 0043B8B2
:0043B8B0 33DB
xor ebx, ebx
|:0043B8AE(C)
|
:0043B8B2 85F6
test esi, esi
:0043B8B4 7D02
jge 0043B8B8
:0043B8B6 33F6
xor esi, esi
|:0043B8B4(C)
|
:0043B8B8 8B45FC
:0043B8BB 8B4038
:0043B8BE 50
:0043B8BF 8B45FC
:0043B8C2 8B403C
:0043B8C5 50
:0043B8C6 8BCE
:0043B8C8 8BD3
:0043B8CA 8B45FC
:0043B8CD 8B18
:0043B8CF FF9380000000
:0043B8D5 8B45FC
:0043B8D8 80784700
:0043B8DC 0F84B6000000
:0043B8E2 8B45FC
:0043B8E5 E8EAE4FFFF
:0043B8EA E9A9000000

push eax
push eax
mov ecx, esi
mov edx, ebx
je 0043B998
call 00439DD4
jmp 0043B998
|:0043B82E(C)
|
:0043B8EF 3C05
:0043B8F1 0F85A1000000
:0043B8F7 8B45FC
:0043B8FA 80B80F02000001
:0043B901 753A
:0043B903 A1A4374400
:0043B908 8B4030
:0043B90B E8A472FEFF
:0043B910 8BD8
:0043B912 8B45FC
:0043B915 2B5838
:0043B918 D1FB
:0043B91A 7903
:0043B91C 83D300
|:0043B91A(C)
|
:0043B91F A1A4374400
:0043B924 8B4030
:0043B927 E8CC72FEFF
:0043B92C 8BF0
:0043B92E 8B45FC
:0043B931 2B703C
:0043B934 D1FE
:0043B936 7937
:0043B938 83D600
:0043B93B EB32
|:0043B901(C)
|
:0043B93D A1A8374400
:0043B942 E8A9140000
:0043B947 8BD8
:0043B949 8B45FC
:0043B94C 2B5838
cmp al, 05
jne 0043B998
jne 0043B93D
call 00422BB4
mov ebx, eax
sar ebx, 1
jns 0043B91F
adc ebx, 00000000
mov eax, dword ptr

mov eax, dword ptr
call 00422BF8
mov esi, eax
mov eax, dword ptr
sub esi, dword ptr
sar esi, 1
jns 0043B96F
adc esi, 00000000
jmp 0043B96F
[004437A4]
[eax+30]
[ebp-04]
[eax+3C]

call 0043CDF0
mov ebx, eax
:0043B94F D1FB
:0043B951 7903
:0043B953 83D300
sar ebx, 1
jns 0043B956
adc ebx, 00000000
|:0043B951(C)
|
:0043B956 A1A8374400
:0043B95B E884140000
:0043B960 8BF0
:0043B962 8B45FC
:0043B965 2B703C
:0043B968 D1FE
:0043B96A 7903
:0043B96C 83D600

call 0043CDE4
mov esi, eax
sar esi, 1
jns 0043B96F
adc esi, 00000000

|:0043B936(C), :0043B93B(U), :0043B96A(C)
|
:0043B96F 85DB
test ebx, ebx
:0043B971 7D02
jge 0043B975
:0043B973 33DB
xor ebx, ebx
|:0043B971(C)
|
:0043B975 85F6
test esi, esi
:0043B977 7D02
jge 0043B97B
:0043B979 33F6
xor esi, esi
|:0043B977(C)
|
:0043B97B 8B45FC
:0043B97E 8B4038
:0043B981 50
:0043B982 8B45FC
:0043B985 8B403C
:0043B988 50
:0043B989 8BCE
:0043B98B 8BD3
:0043B98D 8B45FC
:0043B990 8B18
:0043B992 FF9380000000

mov eax, dword
mov eax, dword
push eax
mov eax, dword
mov eax, dword
push eax
mov ecx, esi
mov edx, ebx
mov eax, dword
mov ebx, dword
call dword ptr
ptr [ebp-04]
ptr [eax+38]
ptr [ebp-04]
ptr [eax+3C]
ptr [ebp-04]
ptr [eax]
[ebx+00000080]

|:0043B8DC(C), :0043B8EA(U), :0043B8F1(C)
|
:0043B998 8B45FC
:0043B99B C6801002000000
:0043B9A2 8B45FC
:0043B9A5 80B80F02000001
:0043B9AC 0F85B5000000
jne 0043BA67
:0043B9B2 8B45FC
:0043B9B5 80B80B02000002
:0043B9BC 7536
jne 0043B9F4
:0043B9BE 6A00
push 00000000
:0043B9C0 8B45FC
:0043B9C3 E838D5FEFF
call 00428F00
:0043B9C8 50
push eax
:0043B9C9
:0043B9CE
:0043B9D3
:0043B9D6
:0043B9DC
6823020000
A1A4374400
8B4030
8B8034020000
50
push 00000223
push eax

|
:0043B9DD E8A6A9FCFF
Call 00406388
:0043B9E2 6A03
push 00000003
:0043B9E4 8B45FC
:0043B9E7 E814D5FEFF
call 00428F00
:0043B9EC 50
push eax
|
:0043B9ED E84EAAFCFF
Call 00406440
:0043B9F2 EB51
jmp 0043BA45
|:0043B9BC(C)
|
:0043B9F4 8B45FC
:0043B9F7 0FB6800B020000
:0043B9FE 8B0485D0284400
:0043BA05 50
:0043BA06 8B45FC
:0043BA09 E8F2D4FEFF
:0043BA0E 50

movzx eax, byte ptr [eax+0000020B]
push eax
call 00428F00
push eax

|
:0043BA0F E82CAAFCFF
Call 00406440
:0043BA14 8B45FC
mov eax, dword
:0043BA17 8B4038
mov eax, dword
:0043BA1A 8B55FC
mov edx, dword
:0043BA1D 8B523C
mov edx, dword
:0043BA20 C1E210
shl edx, 10
:0043BA23 0BC2
or eax, edx
:0043BA25 50
push eax
:0043BA26 6A00
push 00000000
:0043BA28 6A05
push 00000005
:0043BA2A 8B45FC
mov eax, dword
:0043BA2D E8CED4FEFF
call 00428F00
:0043BA32 50
push eax
:0043BA33 6858604000
push 00406058
ptr
ptr
ptr
ptr
[ebp-04]
[eax+38]
[ebp-04]
[edx+3C]
ptr [ebp-04]

|
:0043BA38 E8D3A5FCFF
Call 00406010
:0043BA3D 8B45FC
:0043BA40 E8A379FEFF
call 004233E8
|:0043B9F2(U)
|
:0043BA45 6A00
:0043BA47 6A00
:0043BA49 6834020000
:0043BA4E A1A4374400

push 00000000
push 00000000
push 00000234
:0043BA53 8B4030
:0043BA56 8B8034020000
:0043BA5C 50

push eax

|
:0043BA5D E826A9FCFF
Call 00406388
:0043BA62 E92A010000
jmp 0043BB91
|:0043B9AC(C)
|
:0043BA67 8B45FC
:0043BA6A 0FB6800B020000
:0043BA71 8B0485D0284400
:0043BA78 50
:0043BA79 8B45FC
:0043BA7C E87FD4FEFF
:0043BA81 50

movzx eax, byte ptr [eax+0000020B]
push eax
call 00428F00
push eax

|
:0043BA82 E8B9A9FCFF
Call 00406440
:0043BA87 E905010000
jmp 0043BB91
|:0043B7E2(C)
|
:0043BA8C 33C0
:0043BA8E 55
:0043BA8F 68B0BA4300
:0043BA94 64FF30
:0043BA97 648920
:0043BA9A 8B45FC
:0043BA9D 66BBB4FF
:0043BAA1 E84E73FCFF
:0043BAA6 33C0
:0043BAA8 5A
:0043BAA9 59
:0043BAAA 59
:0043BAAB 648910
:0043BAAE EB17
:0043BAB0 E9BB75FCFF
:0043BAB5 8B55FC
:0043BAB8 A1A4374400
:0043BABD E8A2330000
:0043BAC2 E85978FCFF
|:0043BAAE(U)
|
:0043BAC7 A1A8374400
:0043BACC 8B4060
:0043BACF 3B45FC
:0043BAD2 750A
:0043BAD4 33D2
:0043BAD6 8B45FC
:0043BAD9 E862EFFFFF
xor eax, eax

push ebp
push 0043BAB0
mov bx, FFB4
call 00402DF4
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0043BAC7
jmp 00403070
call 0043EE64
call 00403320
mov eax, dword

mov eax, dword
cmp eax, dword
jne 0043BADE
xor edx, edx
mov eax, dword
call 0043AA40
ptr [004437A8]
ptr [eax+60]
ptr [ebp-04]
ptr [ebp-04]
|:0043BAD2(C)
|
:0043BADE 8B45FC
:0043BAE1 80B80F02000001
:0043BAE8 750D
:0043BAEA 8B45FC
:0043BAED E842ABFEFF
:0043BAF2 E99A000000
|:0043BAE8(C)
|
:0043BAF7 8B45FC
:0043BAFA F680C002000008
:0043BB01 741F
:0043BB03 6897000000
:0043BB08 6A00
:0043BB0A 6A00
:0043BB0C 6A00
:0043BB0E 6A00
:0043BB10 6A00
:0043BB12 8B45FC
:0043BB15 E8E6D3FEFF
:0043BB1A 50

jne 0043BAF7
call 00426634
jmp 0043BB91
je 0043BB22
push 00000097
push 00000000
push 00000000
push 00000000
push 00000000
push 00000000
call 00428F00
push eax

|
:0043BB1B E8E8A8FCFF
Call 00406408
:0043BB20 EB6F
jmp 0043BB91
|:0043BB01(C)
|
:0043BB22 33DB
:0043BB24 8B45FC
:0043BB27 E8D4D3FEFF
:0043BB2C 8BF0

xor ebx, ebx
call 00428F00
mov esi, eax

|
:0043BB2E E8DDA5FCFF
Call 00406110
:0043BB33 3BF0
cmp esi, eax
:0043BB35 7521
jne 0043BB58
:0043BB37 8B45FC
:0043BB3A E8C1D3FEFF
call 00428F00
:0043BB3F 50
push eax
|
:0043BB40 E863A7FCFF
Call 004062A8
:0043BB45 85C0
test eax, eax
:0043BB47 750F
jne 0043BB58
:0043BB49 8B45FC
:0043BB4C E8AFD3FEFF
call 00428F00
:0043BB51 E802AAFFFF
call 00436558
:0043BB56 8BD8
mov ebx, eax
|:0043BB35(C), :0043BB47(C)
|
:0043BB58
:0043BB5A
:0043BB5C
:0043BB61
:0043BB63
:0043BB65
:0043BB67
:0043BB69
:0043BB6B
:0043BB6E
:0043BB73
85DB
7425
6897000000
6A00
6A00
6A00
6A00
6A00
8B45FC
E88DD3FEFF
50
test ebx, ebx

je 0043BB81
push 00000097
push 00000000
push 00000000
push 00000000
push 00000000
push 00000000
call 00428F00
push eax

|
:0043BB74 E88FA8FCFF
Call 00406408
:0043BB79 53
push ebx
|
:0043BB7A E811A8FCFF
Call 00406390
:0043BB7F EB10
jmp 0043BB91
|:0043BB5A(C)
|
:0043BB81 6A00
:0043BB83 8B45FC
:0043BB86 E875D3FEFF
:0043BB8B 50

push 00000000
call 00428F00
push eax

|
:0043BB8C E8AFA8FCFF
Call 00406440
|:0043B7D2(C), :0043BA62(U), :0043BA87(U), :0043BAF2(U), :0043BB20(U)
|:0043BB7F(U)
|
:0043BB91 33C0
xor eax, eax
:0043BB93 5A
pop edx
:0043BB94 59
pop ecx
:0043BB95 59
pop ecx
:0043BB96 648910
:0043BB99 68B0BB4300
push 0043BBB0
|:0043BBAE(U)
|
:0043BB9E 8B45FC
:0043BBA1 80A0C0020000FB
:0043BBA8 C3
:0043BBA9
:0043BBAE
:0043BBB0
:0043BBB2
:0043BBB3
:0043BBB4
:0043BBB5
jmp
jmp
xor
pop
pop
pop
mov
E9CA76FCFF
EBEE
33C0
5A
59
59
648910

and byte ptr [eax+000002C0], FB
ret
00403278
0043BB9E
eax, eax
edx
ecx
ecx

|
:0043BBB8 68CDBB4300
push 0043BBCD
|:0043BBCB(U)
|
:0043BBBD 8D45F8
:0043BBC0 E8F37BFCFF
:0043BBC5 C3
:0043BBC6
:0043BBCB
:0043BBCD
:0043BBCE
:0043BBCF
:0043BBD0
:0043BBD1
:0043BBD2
:0043BBD3
E9AD76FCFF
EBF0
5F
5E
5B
59
59
5D
C3
jmp
jmp
pop
pop
pop
pop
pop
pop
ret
:0043BBD4
:0043BBD5
:0043BBD7
:0043BBDD
:0043BBE2
:0043BBE4
:0043BBE6
:0043BBE8
:0043BBEA
53
8BD8
8B8320020000
E84AE6FDFF
85C0
7509
33D2
8BC3
E831CEFFFF
push ebx
mov ebx, eax
call 0041A22C
test eax, eax
jne 0043BBEF
xor edx, edx
mov eax, ebx
call 00438A20

call 004037B8
ret
00403278
0043BBBD
edi
esi
ebx
ecx
ecx
ebp

|:0043BBE4(C)
|
:0043BBEF 5B
pop ebx
:0043BBF0 C3
ret
:0043BBF1 8D4000
:0043BBF4 E82770FCFF
:0043BBF9 C3

call 00402C20
ret
:0043BBFA
:0043BBFC
:0043BBFD
:0043BBFF
:0043BC01
:0043BC03
:0043BC06
:0043BC0D
:0043BC0F
:0043BC14
:0043BC18
:0043BC1A
:0043BC1F
:0043BC22
mov eax, eax

push esi
mov esi, eax
mov eax, esi
call [ecx-10]
jne 0043BC48
je 0043BC48
cmp dword ptr [eax+00000234], 00000000
8BC0
56
8BF0
8BC6
8B08
FF51F0
80BE0F02000001
7539
A1A4374400
83783000
742E
A1A4374400
8B4030
83B83402000000
:0043BC29
:0043BC2B
:0043BC2D
:0043BC2F
:0043BC34
:0043BC39
:0043BC3C
:0043BC42
741D
6A00
6A00
6834020000
A1A4374400
8B4030
8B8034020000
50
je 0043BC48
push 00000000
push 00000000
push 00000234
push eax

|
:0043BC43 E840A7FCFF
Call 00406388
|:0043BC0D(C), :0043BC18(C), :0043BC29(C)
|
:0043BC48 5E
pop esi
:0043BC49 C3
ret
:0043BC4A
:0043BC4C
:0043BC4E
:0043BC51
8BC0
8B08
FF51F0
C3
mov eax, eax

call [ecx-10]
ret
:0043BC52
:0043BC54
:0043BC55
:0043BC57
:0043BC58
:0043BC59
:0043BC5B
:0043BC5F
:0043BC61
:0043BC65
:0043BC67
:0043BC6A
:0043BC6D
:0043BC6F
:0043BC72
8BC0
55
8BEC
51
56
8BF0
807E4900
7458
837A0400
740D
8B4658
8B5208
8B08
FF5108
EB45
mov eax, eax

push ebp
mov ebp, esp
push ecx
push esi
mov esi, eax
je 0043BCB9
je 0043BC74
call [ecx+08]
jmp 0043BCB9
|:0043BC65(C)
|
:0043BC74 B201
:0043BC76 A1BC284100
:0043BC7B E87481FDFF
:0043BC80 8945FC
:0043BC83 33C0
:0043BC85 55
:0043BC86 68B2BC4300
:0043BC8B 64FF30
:0043BC8E 648920
:0043BC91 8B4658
:0043BC94 8B55FC
:0043BC97 8B08
:0043BC99 FF5108
:0043BC9C 33C0
:0043BC9E 5A

mov dl, 01
call 00413DF4
xor eax, eax
push ebp
push 0043BCB2
call [ecx+08]
xor eax, eax
pop edx
:0043BC9F 59
:0043BCA0 59
:0043BCA1 648910
pop ecx
pop ecx

|
:0043BCA4 68B9BC4300
push 0043BCB9
|:0043BCB7(U)
|
:0043BCA9 8B45FC
:0043BCAC E86F6FFCFF
:0043BCB1 C3
:0043BCB2 E9C175FCFF
:0043BCB7 EBF0
jmp 00403278
jmp 0043BCA9
|:0043BC5F(C), :0043BC72(U)
|
:0043BCB9 5E
:0043BCBA 59
:0043BCBB 5D
:0043BCBC C3
:0043BCBD 8D4000

call 00402C20
ret
pop esi
pop ecx
pop ebp
ret

|:0042CCF7 , :0043B208 , :0043E338
|
:0043BCC0 53
push ebx
:0043BCC1 56
push esi
:0043BCC2 51
push ecx
:0043BCC3 8BF0
mov esi, eax
:0043BCC5 F686C002000008
test byte ptr [esi+000002C0], 08
:0043BCCC 740F
je 0043BCDD
:0043BCCE C7862C02000002000000
mov dword ptr [esi+0000022C], 00000002
:0043BCD8 E980000000
jmp 0043BD5D
|:0043BCCC(C)
|
:0043BCDD 8BC6
:0043BCDF 8B10
:0043BCE1 FF92C4000000
:0043BCE7 84C0
:0043BCE9 7472
:0043BCEB 80BE0F02000001
:0043BCF2 7515
:0043BCF4 F6860802000002
:0043BCFB 7406
:0043BCFD C6042403
:0043BD01 EB0A

mov eax, esi
test al, al
je 0043BD5D
jne 0043BD09
test byte ptr [esi+00000208], 02
je 0043BD03
jmp 0043BD0D

|:0043BCFB(C)
|
:0043BD03 C6042400
:0043BD07 EB04

jmp 0043BD0D

|:0043BCF2(C)
|
:0043BD09 C6042401
|:0043BD01(U), :0043BD07(U)
|
:0043BD0D 8BD4
:0043BD0F 8BC6
:0043BD11 66BBB5FF
:0043BD15 E8DA70FCFF
:0043BD1A 803C2400
:0043BD1E 743D
:0043BD20 A1A4374400
:0043BD25 3B7030
:0043BD28 750C
:0043BD2A A1A4374400
:0043BD2F E81C310000
:0043BD34 EB27
|:0043BD28(C)
|
:0043BD36 803C2401
:0043BD3A 7509
:0043BD3C 8BC6
:0043BD3E E82D010000
:0043BD43 EB18
|:0043BD3A(C)
|
:0043BD45 803C2403
:0043BD49 750B
:0043BD4B B201
:0043BD4D 8BC6
:0043BD4F E840E0FFFF
:0043BD54 EB07
mov edx, esp

mov eax, esi
mov bx, FFB5
call 00402DF4
je 0043BD5D
jne 0043BD36
call 0043EE50
jmp 0043BD5D

jne 0043BD45
mov eax, esi
call 0043BE70
jmp 0043BD5D

jne 0043BD56
mov dl, 01
mov eax, esi
call 00439D94
jmp 0043BD5D

|:0043BD49(C)
|
:0043BD56 8BC6
mov eax, esi
:0043BD58 E8AF010000
call 0043BF0C
|:0043BCD8(U), :0043BCE9(C), :0043BD1E(C), :0043BD34(U), :0043BD43(U)
|:0043BD54(U)
|
:0043BD5D 5A
pop edx
:0043BD5E 5E
pop esi
:0043BD5F 5B
pop ebx
:0043BD60 C3
ret
:0043BD61 8D4000
:0043BD64
:0043BD65
:0043BD66
:0043BD67
:0043BD68
:0043BD6A
:0043BD71
:0043BD73
:0043BD77
:0043BD79
:0043BD7E
:0043BD80
:0043BD81
:0043BD83
:0043BD85
:0043BD86
53
56
57
51
8BD8
80BB0F02000002
752E
C6042400
8BC3
E87ADAFFFF
8BF0
4E
85F6
7C1C
46
33FF
push ebx
push esi
push edi
push ecx
mov ebx, eax
jne 0043BDA1
mov eax, ebx
call 004397F8
mov esi, eax
dec esi
test esi, esi
jl 0043BDA1
inc esi
xor edi, edi
|:0043BD9F(C)
|
:0043BD88 8BD7
:0043BD8A 8BC3
:0043BD8C E8B3DAFFFF
:0043BD91 8B10
:0043BD93 FF92C4000000
:0043BD99 84C0
:0043BD9B 7422
:0043BD9D 47
:0043BD9E 4E
:0043BD9F 75E7
|:0043BD71(C), :0043BD83(C)
|
:0043BDA1 C6042401
:0043BDA5 6683BB7602000000
:0043BDAD 7410
:0043BDAF 8BCC
:0043BDB1 8BD3
:0043BDB3 8B8378020000
:0043BDB9 FF9374020000
|:0043BD9B(C), :0043BDAD(C)
|
:0043BDBF 8A0424
:0043BDC2 5A
:0043BDC3 5F
:0043BDC4 5E
:0043BDC5 5B
:0043BDC6 C3
:0043BDC7 90
nop
mov edx, edi

mov eax, ebx
call 00439844
test al, al
je 0043BDBF
inc edi
dec esi
jne 0043BD88

cmp word ptr [ebx+00000276], 0000
je 0043BDBF
mov ecx, esp
mov edx, ebx
mov
pop
pop
pop
pop
ret
al, byte ptr [esp]

edx
edi
esi
ebx

|:0043C09D
|
:0043BDC8 55
push ebp
:0043BDC9 8BEC
mov ebp, esp
:0043BDCB
:0043BDCE
:0043BDCF
:0043BDD0
:0043BDD1
:0043BDD4
:0043BDD6
:0043BDD7
:0043BDDC
:0043BDDF
:0043BDE2
:0043BDE6
:0043BDE9
:0043BDEB
:0043BDF1
:0043BDF3
:0043BDF5
:0043BDF9
:0043BDFC
:0043BE04
:0043BE06
:0043BE09
:0043BE0C
:0043BE0F
:0043BE15
83C4F8
53
56
57
8945FC
33C0
55
6847BE4300
64FF30
648920
C645FB00
8B45FC
8B10
FF92C4000000
84C0
7426
C645FB01
8B45FC
6683B86E02000000
7415
8D4DFB
8B5DFC
8B55FC
8B8370020000
FF936C020000
add esp, FFFFFFF8

push ebx
push esi
push edi
xor eax, eax
push ebp
push 0043BE47
mov [ebp-05], 00
test al, al
je 0043BE1B
mov [ebp-05], 01
je 0043BE1B
|:0043BDF3(C), :0043BE04(C)
|
:0043BE1B 8A45FB
:0043BE1E 2C01
:0043BE20 7206
:0043BE22 FEC8
:0043BE24 740F
:0043BE26 EB15
|:0043BE20(C)
|
:0043BE28 8B45FC
:0043BE2B 33D2
:0043BE2D 89902C020000
:0043BE33 EB08

sub al, 01
jb 0043BE28
dec al
je 0043BE35
jmp 0043BE3D
mov
xor
mov
jmp

edx, edx
dword ptr [eax+0000022C], edx
0043BE3D

|:0043BE24(C)
|
:0043BE35 8B45FC
:0043BE38 E8CF000000
call 0043BF0C
|:0043BE26(U), :0043BE33(U)
|
:0043BE3D 33C0
:0043BE3F 5A
:0043BE40 59
:0043BE41 59
:0043BE42 648910
:0043BE45 EB22
:0043BE47 E92472FCFF

xor
pop
pop
pop
mov
jmp
jmp
eax, eax
edx
ecx
ecx
0043BE69
00403070
:0043BE4C
:0043BE4F
:0043BE51
:0043BE57
:0043BE5A
:0043BE5F
:0043BE64
8B45FC
33D2
89902C020000
8B55FC
A1A4374400
E800300000
E8B774FCFF

xor edx, edx
call 0043EE64
call 00403320

|:0043BE45(U)
|
:0043BE69 5F
pop edi
:0043BE6A 5E
pop esi
:0043BE6B 5B
pop ebx
:0043BE6C 59
pop ecx
:0043BE6D 59
pop ecx
:0043BE6E 5D
pop ebp
:0043BE6F C3
ret

|:00438399 , :0043BD3E , :0043C0F1
|
:0043BE70 33D2
xor edx, edx
:0043BE72 E80DCFFFFF
call 00438D84
:0043BE77 C3
ret

|:0043C038 , :0043E8AB
|
:0043BE78 53
push ebx
:0043BE79 8BD8
mov ebx, eax
:0043BE7B B201
mov dl, 01
:0043BE7D 8BC3
mov eax, ebx
:0043BE7F E800CFFFFF
call 00438D84
:0043BE84 8BC3
mov eax, ebx
:0043BE86 E85D75FEFF
call 004233E8
:0043BE8B 5B
pop ebx
:0043BE8C C3
ret
:0043BE8D
:0043BE90
:0043BE91
:0043BE93
:0043BE95
:0043BE96
:0043BE98
:0043BE9A
:0043BE9B
:0043BEA0
:0043BEA3
:0043BEA6
:0043BEAD
:0043BEAF
:0043BEB3
:0043BEB5
8D4000
55
8BEC
6A00
53
8BD8
33C0
55
68FEBE4300
64FF30
648920
80BB0E02000000
7539
807B4700
740B
8BC3

push ebp
mov ebp, esp
push 00000000
push ebx
mov ebx, eax
xor eax, eax
push ebp
push 0043BEFE
jne 0043BEE8
je 0043BEC0
mov eax, ebx
:0043BEB7
:0043BEB9
:0043BEBC
:0043BEBE
8B10
FF5250
84C0
7521
|:0043BEB3(C)
|
:0043BEC0 8D55FC
:0043BEC3 A1C82C4400
:0043BEC8 E8578FFCFF
:0043BECD 8B4DFC
:0043BED0 B201
:0043BED2 A1F4B44000
:0043BED7 E890C9FCFF
:0043BEDC E8CF73FCFF

call [edx+50]
test al, al
jne 0043BEE1
lea edx, dword
mov eax, dword
call 00404E24
mov ecx, dword
mov dl, 01
mov eax, dword
call 0040886C
call 004032B0
ptr [ebp-04]
ptr [00442CC8]
ptr [ebp-04]
ptr [0040B4F4]

|:0043BEBE(C)
|
:0043BEE1 8BC3
mov eax, ebx
:0043BEE3 E854EAFFFF
call 0043A93C
|:0043BEAD(C)
|
:0043BEE8 33C0
xor eax, eax
:0043BEEA 5A
pop edx
:0043BEEB 59
pop ecx
:0043BEEC 59
pop ecx
:0043BEED 648910
|
:0043BEF0 6805BF4300
push 0043BF05
|:0043BF03(U)
|
:0043BEF5 8D45FC
:0043BEF8 E8BB78FCFF
:0043BEFD C3
:0043BEFE
:0043BF03
:0043BF05
:0043BF06
:0043BF07
:0043BF08
jmp
jmp
pop
pop
pop
ret
E97573FCFF
EBF0
5B
59
5D
C3
:0043BF09 8D4000

call 004037B8
ret
00403278
0043BEF5
ebx
ecx
ebp

|:0043BD58 , :0043BE38 , :0043C77B
|
:0043BF0C 53
push ebx
:0043BF0D 8BD8
mov ebx, eax
:0043BF0F 6A00
push 00000000
:0043BF11
:0043BF13
:0043BF18
:0043BF1A
:0043BF1F
6A00
6821B00000
8BC3
E8E1CFFEFF
50
push 00000000
push 0000B021
mov eax, ebx
call 00428F00
push eax

|
:0043BF20 E803A4FCFF
Call 00406328
:0043BF25 5B
pop ebx
:0043BF26 C3
ret
:0043BF27
:0043BF28
:0043BF29
:0043BF2B
:0043BF2E
:0043BF2F
:0043BF30
:0043BF32
:0043BF35
:0043BF38
:0043BF3D
:0043BF3F
:0043BF40
:0043BF45
:0043BF48
:0043BF4B
:0043BF50
:0043BF53
:0043BF57
:0043BF59
:0043BF5C
:0043BF5E
:0043BF61
:0043BF63
:0043BF65
:0043BF68
:0043BF6F
:0043BF71
:0043BF74
:0043BF7B
90
55
8BEC
83C4E0
53
56
33D2
8955E0
8945FC
BBA4374400
33C0
55
68B8C14300
64FF30
648920
E8FC5CFEFF
8B45FC
80784700
7524
8B45FC
8B10
FF5250
84C0
7418
8B45FC
F680C002000008
750C
8B45FC
80B80F02000001
7521
nop
push ebp
mov ebp, esp
add esp, FFFFFFE0
push ebx
push esi
xor edx, edx
mov ebx, 004437A4
xor eax, eax
push ebp
push 0043C1B8
call 00421C4C
jne 0043BF7D
call [edx+50]
test al, al
je 0043BF7D
jne 0043BF7D
jne 0043BF9E

|:0043BF57(C), :0043BF63(C), :0043BF6F(C)
|
:0043BF7D 8D55E0
:0043BF80 A1A82B4400
:0043BF85 E89A8EFCFF
call 00404E24
:0043BF8A 8B4DE0
:0043BF8D B201
mov dl, 01
:0043BF8F A1F4B44000
:0043BF94 E8D3C8FCFF
call 0040886C
:0043BF99 E81273FCFF
call 004032B0
|:0043BF7B(C)
|

|
:0043BF9E E875A1FCFF
Call 00406118
:0043BFA3 85C0
test eax, eax
:0043BFA5 7411
je 0043BFB8
:0043BFA7 6A00
push 00000000
:0043BFA9 6A00
push 00000000
:0043BFAB 6A1F
push 0000001F
|
:0043BFAD E866A1FCFF
Call 00406118
:0043BFB2 50
push eax
|
:0043BFB3 E8D0A3FCFF
Call 00406388
|:0043BFA5(C)
|
|
:0043BFB8 E89BA3FCFF
Call 00406358
:0043BFBD 8B45FC
:0043BFC0 8088C002000008
|
:0043BFC7 E844A1FCFF
Call 00406110
:0043BFCC 8945E4
:0043BFCF A13C284400
:0043BFD4 8945F0
:0043BFD7 A1A8374400
:0043BFDC 8B486C
:0043BFDF A1A8374400
:0043BFE4 8B4070
:0043BFE7 33D2
xor edx, edx
:0043BFE9 E8420CFDFF
call 0040CC30
:0043BFEE A1A8374400
:0043BFF3 8B55FC
:0043BFF6 89506C
:0043BFF9 A1A8374400
:0043BFFE 668B4038
:0043C002 668945EE
:0043C006 33D2
xor edx, edx
:0043C008 A1A8374400
:0043C00D E842120000
call 0043D254
:0043C012 A1A8374400
:0043C017 8B403C
:0043C01A 8945E8
:0043C01D 33C0
xor eax, eax
:0043C01F E8E4A3FFFF
call 00436408
:0043C024 8945F4
:0043C027 33D2
xor edx, edx
:0043C029 55
push ebp
:0043C02A 6898C14300
push 0043C198
:0043C02F 64FF32
:0043C032 648922
:0043C035
:0043C038
:0043C03D
:0043C03F
:0043C040
:0043C045
:0043C048
:0043C04B
:0043C04D
:0043C04F
:0043C054
:0043C057
:0043C05C
8B45FC
E83BFEFFFF
33D2
55
68F7C04300
64FF32
648922
6A00
6A00
6800B00000
8B45FC
E8A4CEFEFF
50

call 0043BE78
xor edx, edx
push ebp
push 0043C0F7
push 00000000
push 00000000
push 0000B000
call 00428F00
push eax

|
:0043C05D E826A3FCFF
Call 00406388
:0043C062 8B45FC
:0043C065 33D2
xor edx, edx
:0043C067 89902C020000
|:0043C0AD(C)
|
:0043C06D 8B03
:0043C06F E8942B0000
:0043C074 8B03
:0043C076 80B88400000000
:0043C07D 740F
:0043C07F 8B45FC
:0043C082 C7802C02000002000000
:0043C08C EB14
|:0043C07D(C)
|
:0043C08E 8B45FC
:0043C091 83B82C02000000
:0043C098 7408
:0043C09A 8B45FC
:0043C09D E826FDFFFF
|:0043C08C(U), :0043C098(C)
|
:0043C0A2 8B45FC
:0043C0A5 8B802C020000
:0043C0AB 85C0
:0043C0AD 74BE
:0043C0AF 8945F8
:0043C0B2 6A00
:0043C0B4 6A00
:0043C0B6 6801B00000
:0043C0BB 8B45FC
:0043C0BE E83DCEFEFF
:0043C0C3 50

call 0043EC08
je 0043C08E
mov dword ptr [ebx+0000022C], 00000002
jmp 0043C0A2

je 0043C0A2
call 0043BDC8

test eax, eax
je 0043C06D
push 00000000
push 00000000
push 0000B001
call 00428F00
push eax

|
:0043C0C4 E8BFA2FCFF
Call 00406388
:0043C0C9 8B45FC
:0043C0CC E82FCEFEFF
:0043C0D1 8BD8

call 00428F00
mov ebx, eax

|
:0043C0D3 E838A0FCFF
Call 00406110
:0043C0D8 3BD8
cmp ebx, eax
:0043C0DA 7405
je 0043C0E1
:0043C0DC 33C0
xor eax, eax
:0043C0DE 8945E4
|:0043C0DA(C)
|
:0043C0E1 33C0
:0043C0E3 5A
:0043C0E4 59
:0043C0E5 59
:0043C0E6 648910
:0043C0E9 68FEC04300
|:0043C0FC(U)
|
:0043C0EE 8B45FC
:0043C0F1 E87AFDFFFF
:0043C0F6 C3
:0043C0F7
:0043C0FC
:0043C0FE
:0043C100
:0043C101
:0043C102
:0043C103
:0043C106
jmp 00403278
jmp 0043C0EE
xor eax, eax
pop edx
pop ecx
pop ecx
push 0043C1A2
E97C71FCFF
EBF0
33C0
5A
59
59
648910
68A2C14300
xor eax, eax

pop edx
pop ecx
pop ecx
push 0043C0FE

call 0043BE70
ret
|:0043C19D(U)
|
:0043C10B A1A8374400
:0043C110 8B403C
:0043C113 3B45E8
:0043C116 7510
:0043C118 668B55EE
:0043C11C A1A8374400
:0043C121 E82E110000
:0043C126 EB0C
|:0043C116(C)
|
:0043C128 33D2
:0043C12A A1A8374400
:0043C12F E820110000

jne 0043C128
call 0043D254
jmp 0043C134
xor edx, edx

call 0043D254

|:0043C126(U)
|
:0043C134
:0043C137
:0043C13C
:0043C141
:0043C144
:0043C148
:0043C14A
:0043C14C
:0043C151
:0043C153
:0043C158
:0043C15B
:0043C15D
:0043C162
:0043C165
:0043C16A
8B45F4
E880A3FFFF
A1A8374400
8B5870
837B0800
7E22
8BC3
E81F0AFDFF
8BF0
A1A8374400
89706C
8BD6
A1A8374400
8B4070
E8DA0BFDFF
EB0A

call 004364BC
jle 0043C16C
mov eax, ebx
call 0040CB70
mov esi, eax
mov edx, esi
call 0040CD44
jmp 0043C176
|:0043C148(C)
|
:0043C16C A1A8374400
:0043C171 33D2
:0043C173 89506C
|:0043C16A(U)
|
:0043C176 837DE400
:0043C17A 7409
:0043C17C 8B45E4
:0043C17F 50

xor edx, edx

je 0043C185
push eax

|
:0043C180 E80BA2FCFF
Call 00406390
|:0043C17A(C)
|
:0043C185 8B45F0
:0043C188 A33C284400
:0043C18D 8B45FC
:0043C190 80A0C0020000F7
:0043C197 C3
:0043C198
:0043C19D
:0043C1A2
:0043C1A4
:0043C1A5
:0043C1A6
:0043C1A7
:0043C1AA
jmp 00403278
jmp 0043C10B
xor eax, eax
pop edx
pop ecx
pop ecx
push 0043C1BF
E9DB70FCFF
E969FFFFFF
33C0
5A
59
59
648910
68BFC14300
mov
mov
mov
and
ret

byte ptr [eax+000002C0], F7

|:0043C1BD(U)
|
:0043C1AF 8D45E0
:0043C1B2 E80176FCFF
:0043C1B7 C3
call 004037B8
ret
:0043C1B8
:0043C1BD
:0043C1BF
:0043C1C2
:0043C1C3
:0043C1C4
:0043C1C6
:0043C1C7
jmp
jmp
mov
pop
pop
mov
pop
ret
E9BB70FCFF
EBF0
8B45F8
5E
5B
8BE5
5D
C3
00403278
0043C1AF
esi
ebx
esp, ebp
ebp

|:0043C226 , :0043C294
|
:0043C1C8 55
push ebp
:0043C1C9 8BEC
mov ebp, esp
:0043C1CB 51
push ecx
:0043C1CC 53
push ebx
:0043C1CD 56
push esi
:0043C1CE 57
push edi
:0043C1CF 8945FC
:0043C1D2 8B45FC
:0043C1D5 80B86C01000000
:0043C1DC 7452
je 0043C230
:0043C1DE 8B45FC
:0043C1E1 E8A29EFEFF
call 00426088
:0043C1E6 8BF0
mov esi, eax
:0043C1E8 4E
dec esi
:0043C1E9 85F6
test esi, esi
:0043C1EB 7C43
jl 0043C230
:0043C1ED 46
inc esi
:0043C1EE 33FF
xor edi, edi
|:0043C22E(C)
|
:0043C1F0 8BD7
:0043C1F2 8B45FC
:0043C1F5 E8529EFEFF
:0043C1FA 8BD8
:0043C1FC F6434180
:0043C200 740D
:0043C202 807B4700
:0043C206 7407
:0043C208 8BC3
:0043C20A 8B10
:0043C20C FF5274
|:0043C200(C), :0043C206(C)
|
:0043C20F 8BC3
:0043C211 8B15CCF94100
:0043C217 E8746BFCFF
:0043C21C 84C0
:0043C21E 740C
mov edx, edi

call 0042604C
mov ebx, eax
test [ebx+41], 80
je 0043C20F
je 0043C20F
mov eax, ebx
call [edx+74]
mov eax, ebx

call 00402D90
test al, al
je 0043C22C
:0043C220
:0043C223
:0043C224
:0043C226
:0043C22B
8B4508
50
8BC3
E89DFFFFFF
59

push eax
mov eax, ebx
call 0043C1C8
pop ecx

|:0043C21E(C)
|
:0043C22C 47
inc edi
:0043C22D 4E
dec esi
:0043C22E 75C0
jne 0043C1F0
|:0043C1DC(C), :0043C1EB(C)
|
:0043C230 5F
:0043C231 5E
:0043C232 5B
:0043C233 59
:0043C234 5D
:0043C235 C3
:0043C236
:0043C238
:0043C239
:0043C23B
:0043C23C
:0043C23D
:0043C23E
:0043C240
:0043C244
:0043C246
:0043C24D
:0043C24F
:0043C251
:0043C253
:0043C256
:0043C25C
:0043C25E
:0043C260
:0043C263
:0043C268
:0043C269
:0043C26B
:0043C26D
:0043C26E
:0043C270
8BC0
55
8BEC
53
56
57
8BD8
F6432010
7554
80BB6C01000000
744B
8BC3
8B10
FF5274
8BB328020000
85F6
7431
8B4628
E8185EFFFF
48
85C0
7C24
40
89C6
33FF
mov eax, eax

push ebp
mov ebp, esp
push ebx
push esi
push edi
mov ebx, eax
test [ebx+20], 10
jne 0043C29A
je 0043C29A
mov eax, ebx
call [edx+74]
test esi, esi
je 0043C291
call 00432080
dec eax
test eax, eax
jl 0043C291
inc eax
mov esi, eax
xor edi, edi
|:0043C28F(C)
|
:0043C272 8B8328020000
:0043C278 8B4028
:0043C27B 8BD7
:0043C27D E80E5EFFFF
:0043C282 80783000
:0043C286 7405
:0043C288 8B10
pop
pop
pop
pop
pop
ret
edi
esi
ebx
ecx
ebp

mov edx, edi
call 00432090
je 0043C28D
:0043C28A FF5238
call [edx+38]

|:0043C286(C)
|
:0043C28D 47
inc edi
:0043C28E 4E
dec esi
:0043C28F 75E1
jne 0043C272
|:0043C25E(C), :0043C26B(C)
|
:0043C291 55
:0043C292 8BC3
:0043C294 E82FFFFFFF
:0043C299 59
|:0043C244(C), :0043C24D(C)
|
:0043C29A 5F
:0043C29B 5E
:0043C29C 5B
:0043C29D 5D
:0043C29E C3
:0043C29F
:0043C2A0
:0043C2A4
:0043C2A6
:0043C2A8
:0043C2AD
:0043C2B2
nop
jne 0043C2B3
mov edx, eax
call 0043D788
ret
90
83782400
750D
8BD0
A1A8374400
E8D6140000
C3
push ebp
mov eax, ebx
call 0043C1C8
pop ecx
pop
pop
pop
pop
ret
edi
esi
ebx
ebp

|:0043C2A4(C)
|
:0043C2B3 E86064FEFF
call 00422718
:0043C2B8 C3
ret
:0043C2B9
:0043C2BC
:0043C2BD
:0043C2BE
:0043C2C0
:0043C2C2
:0043C2C4
:0043C2C6
:0043C2CB
:0043C2CF
:0043C2D1
:0043C2D3
:0043C2D7
8D4000
53
56
8BF2
8BD8
8BD6
8BC3
E80DAFFEFF
837E042F
750B
8BC3
66BBD6FF
E8186BFCFF

push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 004271D8
cmp dword ptr [esi+04], 0000002F
jne 0043C2DC
mov eax, ebx
mov bx, FFD6
call 00402DF4

|:0043C2CF(C)
|
:0043C2DC 5E
:0043C2DD 5B
:0043C2DE C3
pop esi
pop ebx
ret
:0043C2DF 90
nop

|:0043C350 , :0043C3AC , :0043C3B9
|
:0043C2E0 55
push ebp
:0043C2E1 8BEC
mov ebp, esp
:0043C2E3 53
push ebx
:0043C2E4 56
push esi
:0043C2E5 8BF0
mov esi, eax
:0043C2E7 85F6
test esi, esi
:0043C2E9 7418
je 0043C303
:0043C2EB 8B4508
:0043C2EE 8B50FC
:0043C2F1 8B5208
:0043C2F4 8BC6
mov eax, esi
:0043C2F6 66BBF4FF
mov bx, FFF4
:0043C2FA E8F56AFCFF
call 00402DF4
:0043C2FF 84C0
test al, al
:0043C301 7504
jne 0043C307
|:0043C2E9(C)
|
:0043C303 33C0
xor eax, eax
:0043C305 EB02
jmp 0043C309
|:0043C301(C)
|
:0043C307 B001
mov al, 01
|:0043C305(U)
|
:0043C309 5E
pop esi
:0043C30A 5B
pop ebx
:0043C30B 5D
pop ebp
:0043C30C C3
ret
:0043C30D 8D4000

|:0043C371 , :0043C3C6
|
:0043C310 55
push ebp
:0043C311 8BEC
mov ebp, esp
:0043C313 51
push ecx
:0043C314 53
push ebx
:0043C315 56
push esi
:0043C316 57
push edi
:0043C317 8945FC
:0043C31A 8B45FC
:0043C31D
:0043C324
:0043C326
:0043C329
:0043C32E
:0043C330
:0043C331
:0043C333
:0043C335
:0043C336
80B86C01000000
745D
8B45FC
E85A9DFEFF
8BF0
4E
85F6
7C4E
46
33FF

je 0043C383
call 00426088
mov esi, eax
dec esi
test esi, esi
jl 0043C383
inc esi
xor edi, edi
|:0043C381(C)
|
:0043C338 8BD7
:0043C33A 8B45FC
:0043C33D E80A9DFEFF
:0043C342 8BD8
:0043C344 807B4700
:0043C348 7410
:0043C34A 8B4508
:0043C34D 50
:0043C34E 8BC3
:0043C350 E88BFFFFFF
:0043C355 59
:0043C356 84C0
:0043C358 7521
|:0043C348(C)
|
:0043C35A 8BC3
:0043C35C 8B15CCF94100
:0043C362 E8296AFCFF
:0043C367 84C0
:0043C369 7414
:0043C36B 8B4508
:0043C36E 50
:0043C36F 8BC3
:0043C371 E89AFFFFFF
:0043C376 59
:0043C377 84C0
:0043C379 7404
mov edx, edi

call 0042604C
mov ebx, eax
je 0043C35A
push eax
mov eax, ebx
call 0043C2E0
pop ecx
test al, al
jne 0043C37B
mov eax, ebx

call 00402D90
test al, al
je 0043C37F
push eax
mov eax, ebx
call 0043C310
pop ecx
test al, al
je 0043C37F

|:0043C358(C)
|
:0043C37B B001
mov al, 01
:0043C37D EB06
jmp 0043C385
|:0043C369(C), :0043C379(C)
|
:0043C37F 47
:0043C380 4E
:0043C381 75B5

inc edi
dec esi
jne 0043C338

|:0043C324(C), :0043C333(C)
|
:0043C383 33C0
xor eax, eax

|:0043C37D(U)
|
:0043C385 5F
pop edi
:0043C386 5E
pop esi
:0043C387 5B
pop ebx
:0043C388 59
pop ecx
:0043C389 5D
pop ebp
:0043C38A C3
ret
:0043C38B
:0043C38C
:0043C38D
:0043C38F
:0043C390
:0043C391
:0043C394
:0043C396
:0043C39A
:0043C39C
:0043C3A3
:0043C3A5
:0043C3A6
:0043C3AC
:0043C3B1
:0043C3B2
:0043C3B4
:0043C3B6
:0043C3B7
:0043C3B9
:0043C3BE
:0043C3BF
:0043C3C1
:0043C3C3
:0043C3C4
:0043C3C6
:0043C3CB
:0043C3CC
:0043C3CE
90
55
8BEC
51
53
8955FC
8BD8
F6432010
753E
80BB6C01000000
7435
55
8B8300020000
E82FFFFFFF
59
84C0
751A
55
8BC3
E822FFFFFF
59
84C0
750D
55
8BC3
E845FFFFFF
59
84C0
740A
nop
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, eax
test [ebx+20], 10
jne 0043C3DA
je 0043C3DA
push ebp
call 0043C2E0
pop ecx
test al, al
jne 0043C3D0
push ebp
mov eax, ebx
call 0043C2E0
pop ecx
test al, al
jne 0043C3D0
push ebp
mov eax, ebx
call 0043C310
pop ecx
test al, al
je 0043C3DA

|:0043C3B4(C), :0043C3C1(C)
|
:0043C3D0 8B45FC
:0043C3D3 C7400C01000000
mov [eax+0C], 00000001
|:0043C39A(C), :0043C3A3(C), :0043C3CE(C)
|
:0043C3DA 5B
pop ebx
:0043C3DB 59
pop ecx
:0043C3DC 5D
pop ebp
:0043C3DD C3
ret
:0043C3DE 8BC0
mov eax, eax

|:0043C450 , :0043C4AC , :0043C4B9
|
:0043C3E0 55
push ebp
:0043C3E1 8BEC
mov ebp, esp
:0043C3E3 53
push ebx
:0043C3E4 56
push esi
:0043C3E5 8BF0
mov esi, eax
:0043C3E7 85F6
test esi, esi
:0043C3E9 7418
je 0043C403
:0043C3EB 8B4508
:0043C3EE 8B50FC
:0043C3F1 8B5208
:0043C3F4 8BC6
mov eax, esi
:0043C3F6 66BBF1FF
mov bx, FFF1
:0043C3FA E8F569FCFF
call 00402DF4
:0043C3FF 84C0
test al, al
:0043C401 7504
jne 0043C407
|:0043C3E9(C)
|
:0043C403 33C0
xor eax, eax
:0043C405 EB02
jmp 0043C409
|:0043C401(C)
|
:0043C407 B001
mov al, 01
|:0043C405(U)
|
:0043C409 5E
pop esi
:0043C40A 5B
pop ebx
:0043C40B 5D
pop ebp
:0043C40C C3
ret
:0043C40D 8D4000

|:0043C471 , :0043C4C6
|
:0043C410 55
push ebp
:0043C411 8BEC
mov ebp, esp
:0043C413 51
push ecx
:0043C414 53
push ebx
:0043C415 56
push esi
:0043C416 57
push edi
:0043C417 8945FC
:0043C41A 8B45FC
:0043C41D 80B86C01000000
:0043C424 745D
je 0043C483
:0043C426 8B45FC
:0043C429 E85A9CFEFF
call 00426088
:0043C42E 8BF0
mov esi, eax
:0043C430 4E
dec esi
:0043C431 85F6
test esi, esi
:0043C433 7C4E
jl 0043C483
:0043C435 46
:0043C436 33FF
inc esi
xor edi, edi
|:0043C481(C)
|
:0043C438 8BD7
:0043C43A 8B45FC
:0043C43D E80A9CFEFF
:0043C442 8BD8
:0043C444 807B4700
:0043C448 7410
:0043C44A 8B4508
:0043C44D 50
:0043C44E 8BC3
:0043C450 E88BFFFFFF
:0043C455 59
:0043C456 84C0
:0043C458 7521
|:0043C448(C)
|
:0043C45A 8BC3
:0043C45C 8B15CCF94100
:0043C462 E82969FCFF
:0043C467 84C0
:0043C469 7414
:0043C46B 8B4508
:0043C46E 50
:0043C46F 8BC3
:0043C471 E89AFFFFFF
:0043C476 59
:0043C477 84C0
:0043C479 7404
mov edx, edi

call 0042604C
mov ebx, eax
je 0043C45A
push eax
mov eax, ebx
call 0043C3E0
pop ecx
test al, al
jne 0043C47B
mov eax, ebx

call 00402D90
test al, al
je 0043C47F
push eax
mov eax, ebx
call 0043C410
pop ecx
test al, al
je 0043C47F

|:0043C458(C)
|
:0043C47B B001
mov al, 01
:0043C47D EB06
jmp 0043C485
|:0043C469(C), :0043C479(C)
|
:0043C47F 47
:0043C480 4E
:0043C481 75B5

inc edi
dec esi
jne 0043C438

|:0043C424(C), :0043C433(C)
|
:0043C483 33C0
xor eax, eax
|:0043C47D(U)
|
:0043C485 5F
pop edi
:0043C486 5E
pop esi
:0043C487 5B
pop ebx
:0043C488 59
:0043C489 5D
:0043C48A C3
pop ecx
pop ebp
ret
:0043C48B
:0043C48C
:0043C48D
:0043C48F
:0043C490
:0043C491
:0043C494
:0043C496
:0043C49A
:0043C49C
:0043C4A3
:0043C4A5
:0043C4A6
:0043C4AC
:0043C4B1
:0043C4B2
:0043C4B4
:0043C4B6
:0043C4B7
:0043C4B9
:0043C4BE
:0043C4BF
:0043C4C1
:0043C4C3
:0043C4C4
:0043C4C6
:0043C4CB
:0043C4CC
:0043C4CE
nop
push ebp
mov ebp, esp
push ecx
push ebx
mov ebx, eax
test [ebx+20], 10
jne 0043C4DA
je 0043C4DA
push ebp
call 0043C3E0
pop ecx
test al, al
jne 0043C4D0
push ebp
mov eax, ebx
call 0043C3E0
pop ecx
test al, al
jne 0043C4D0
push ebp
mov eax, ebx
call 0043C410
pop ecx
test al, al
je 0043C4DA
90
55
8BEC
51
53
8955FC
8BD8
F6432010
753E
80BB6C01000000
7435
55
8B8300020000
E82FFFFFFF
59
84C0
751A
55
8BC3
E822FFFFFF
59
84C0
750D
55
8BC3
E845FFFFFF
59
84C0
740A

|:0043C4B4(C), :0043C4C1(C)
|
:0043C4D0 8B45FC
:0043C4D3 C7400C01000000
mov [eax+0C], 00000001
|:0043C49A(C), :0043C4A3(C), :0043C4CE(C)
|
:0043C4DA 5B
pop ebx
:0043C4DB 59
pop ecx
:0043C4DC 5D
pop ebp
:0043C4DD C3
ret
:0043C4DE 8BC0
mov eax, eax

|:0043C594
|
:0043C4E0 55
push ebp
:0043C4E1 8BEC
mov ebp, esp
:0043C4E3 53
push ebx
:0043C4E4 56
push esi
:0043C4E5 8B4508
:0043C4E8
:0043C4EB
:0043C4F1
:0043C4F3
:0043C4F5
:0043C4F8
:0043C4FB
:0043C4FC
:0043C4FE
:0043C500
:0043C501
8B40FC
8B80BC020000
85C0
7438
8B5508
8B5808
4B
85DB
7C2D
43
33F6
|:0043C52B(C)
|
:0043C503 8B4508
:0043C506 8B40FC
:0043C509 8B80BC020000
:0043C50F 8BD6
:0043C511 E86206FDFF
:0043C516 8B5508
:0043C519 8B52F8
:0043C51C E8EB18FFFF
:0043C521 84C0
:0043C523 7404
:0043C525 B001
:0043C527 EB06
mov eax, dword

mov eax, dword
test eax, eax
je 0043C52D
mov edx, dword
mov ebx, dword
dec ebx
test ebx, ebx
jl 0043C52D
inc ebx
xor esi, esi
ptr [eax-04]
ptr [eax+000002BC]
ptr [ebp+08]
ptr [eax+08]

mov eax, dword
mov eax, dword
mov eax, dword
mov edx, esi
call 0040CB78
mov edx, dword
mov edx, dword
call 0042DE0C
test al, al
je 0043C529
mov al, 01
jmp 0043C52F
ptr [ebp+08]
ptr [eax-04]
ptr [eax+000002BC]
ptr [ebp+08]
ptr [edx-08]

|:0043C523(C)
|
:0043C529 46
inc esi
:0043C52A 4B
dec ebx
:0043C52B 75D6
jne 0043C503
|:0043C4F3(C), :0043C4FE(C)
|
:0043C52D 33C0
xor eax, eax
|:0043C527(U)
|
:0043C52F 5E
pop esi
:0043C530 5B
pop ebx
:0043C531 5D
pop ebp
:0043C532 C3
ret
:0043C533
:0043C534
:0043C535
:0043C537
:0043C53A
:0043C53B
:0043C53C
:0043C53F
:0043C542
:0043C546
:0043C549
90
55
8BEC
83C4F4
53
56
8955F8
8945FC
C645F700
8B45FC
6683B89E02000000
nop
push ebp
mov ebp, esp
add esp, FFFFFFF4
push ebx
push esi
mov [ebp-09], 00
:0043C551
:0043C553
:0043C556
:0043C559
:0043C55C
:0043C562
7415
8D4DF7
8B55F8
8B5DFC
8B83A0020000
FF939C020000
je 0043C568
lea ecx, dword
mov edx, dword
mov ebx, dword
mov eax, dword
call dword ptr
ptr [ebp-09]
ptr [ebp-08]
ptr [ebp-04]
ptr [ebx+000002A0]
[ebx+0000029C]
|:0043C551(C)
|
:0043C568 807DF700
:0043C56C 7534
:0043C56E 8B45FC
:0043C571 8BB028020000
:0043C577 85F6
:0043C579 7418
:0043C57B 837E2C00
:0043C57F 7412
:0043C581 8B55F8
:0043C584 8BC6
:0043C586 66BBF0FF
:0043C58A E86568FCFF
:0043C58F 84C0
:0043C591 750F
|:0043C579(C), :0043C57F(C)
|
:0043C593 55
:0043C599 59
:0043C59A 84C0
:0043C59C 7504
:0043C59E 33C0
:0043C5A0 EB02

jne 0043C5A2
test esi, esi
je 0043C593
je 0043C593
mov eax, esi
mov bx, FFF0
call 00402DF4
test al, al
jne 0043C5A2
push ebp
call 0043C4E0
pop ecx
test al, al
jne 0043C5A2
xor eax, eax
jmp 0043C5A4

|:0043C56C(C), :0043C591(C), :0043C59C(C)
|
:0043C5A2 B001
mov al, 01
|:0043C5A0(U)
|
:0043C5A4 8845F7
:0043C5A7 8A45F7
:0043C5AA 5E
pop esi
:0043C5AB 5B
pop ebx
:0043C5AC 8BE5
mov esp, ebp
:0043C5AE 5D
pop ebp
:0043C5AF C3
ret
:0043C5B0
:0043C5B1
:0043C5B3
:0043C5B4
:0043C5B5
:0043C5B6
:0043C5B9
55
8BEC
53
56
57
8B7D10
8B5D0C
push ebp
mov ebp, esp
push ebx
push esi
push edi
:0043C5BC 8B7508
:0043C5BF 6804C64300
:0043C5C4 53

push 0043C604
push ebx

|
:0043C5C5 E8F6E0FCFF
Call 0040A6C0
:0043C5CA 84C0
test al, al
:0043C5CC 750F
jne 0043C5DD
:0043C5CE 6814C64300
push 0043C614
:0043C5D3 53
push ebx
|
:0043C5D4 E8E7E0FCFF
Call 0040A6C0
:0043C5D9 84C0
test al, al
:0043C5DB 7411
je 0043C5EE
|:0043C5CC(C)
|
:0043C5DD 33DB
:0043C5DF 8BC7
:0043C5E1 8B9630020000
:0043C5E7 E8A888FCFF
:0043C5EC EB0A
|:0043C5DB(C)
|
:0043C5EE 57
:0043C5EF 53
:0043C5F0 56
:0043C5F1 E89256FDFF
:0043C5F6 8BD8
xor ebx, ebx

mov eax, edi
call 00404E94
jmp 0043C5F8
push edi
push ebx
push esi
call 00411C88
mov ebx, eax

|:0043C5EC(U)
|
:0043C5F8 8BC3
mov eax, ebx
:0043C5FA 5F
pop edi
:0043C5FB 5E
pop esi
:0043C5FC 5B
pop ebx
:0043C5FD 5D
pop ebp
:0043C5FE C20C00
ret 000C
:0043C601 000000
BYTE 3 DUP(0)
:0043C604
:0043C605
:0043C60A
:0043C60C
:0043C60D
:0043C60F
:0043C613
:0043C618
:0043C619
:0043C61A
pop es
call E3EA7F7B
stosb
mov cl, 00
ror byte ptr [edi-4F], 6F
mov esp, ABBE7256
xchg eax,ebp
push esp
07
E871B9A6E3
D111
AA
B100
C04FB16F
BC5672BEAB
95
54
D111
:0043C61C
:0043C61D
:0043C61F
:0043C625
:0043C626
:0043C627
:0043C629
:0043C62B
:0043C62D
:0043C630
:0043C636
:0043C638
:0043C63A
:0043C63D
:0043C63E
:0043C641
:0043C646
:0043C648
:0043C64D
9F
B500
20AF3D82DA53
56
57
8BDA
8BF0
33C0
89430C
8BBE04020000
85FF
7416
8B4308
50
8B4B04
BA43B00000
8BC7
E8477BFEFF
89430C
lahf
mov ch, 00
and byte ptr [edi+53DA823D], ch
push esi
push edi
mov ebx, edx
mov esi, eax
xor eax, eax
test edi, edi
je 0043C650
push eax
mov edx, 0000B043
mov eax, edi
call 00424194

|:0043C638(C)
|
:0043C650 5F
pop edi
:0043C651 5E
pop esi
:0043C652 5B
pop ebx
:0043C653 C3
ret
:0043C654
:0043C655
:0043C657
:0043C658
:0043C659
:0043C65A
:0043C65C
:0043C65E
:0043C661
55
8BEC
51
53
56
84D2
7408
83C4F0
E89E68FCFF
|:0043C65C(C)
|
:0043C666 8855FF
:0043C669 8BD8
:0043C66B 6A00
:0043C66D 33D2
:0043C66F 8BC3
:0043C671 8B30
:0043C673 FF96C0000000
:0043C679 33D2
:0043C67B 8BC3
:0043C67D E8B2B3FFFF
:0043C682 B205
:0043C684 8BC3
:0043C686 E865D0FFFF
:0043C68B B201
:0043C68D 8BC3
:0043C68F E8B4B2FEFF
:0043C694 B203
:0043C696 8BC3
push ebp
mov ebp, esp
push ecx
push ebx
push esi
test dl, dl
je 0043C666
add esp, FFFFFFF0
call 00402F04
mov ebx, eax
push 00000000
xor edx, edx
mov eax, ebx
call dword ptr [esi+000000C0]
xor edx, edx
mov eax, ebx
call 00437A34
mov dl, 05
mov eax, ebx
call 004396F0
mov dl, 01
mov eax, ebx
call 00427948
mov dl, 03
mov eax, ebx
:0043C698
:0043C69D
:0043C69F
:0043C6A3
:0043C6A5
:0043C6AA
:0043C6B1
E89BD2FFFF
8BC3
807DFF00
740F
E8B268FCFF
648F0500000000
83C40C
call 00439938
mov eax, ebx
je 0043C6B4
call 00402F5C
add esp, 0000000C

|:0043C6A3(C)
|
:0043C6B4 8BC3
mov eax, ebx
:0043C6B6 5E
pop esi
:0043C6B7 5B
pop ebx
:0043C6B8 59
pop ecx
:0043C6B9 5D
pop ebp
:0043C6BA C3
ret
:0043C6BB
:0043C6BC
:0043C6BD
:0043C6BF
:0043C6C1
:0043C6C2
:0043C6C3
:0043C6C4
:0043C6C6
:0043C6C8
:0043C6CA
:0043C6CC
:0043C6CD
:0043C6D2
:0043C6D5
:0043C6D8
:0043C6DA
:0043C6DF
:0043C6E0
:0043C6E2
:0043C6E4
:0043C6E9
:0043C6EB
:0043C6EC
:0043C6EF
:0043C6F1
:0043C6F6
:0043C6F9
:0043C6FE
:0043C6FF
:0043C702
:0043C707
:0043C709
:0043C70B
:0043C70C
:0043C711
:0043C714
:0043C716
90
55
8BEC
6A00
53
56
57
8BF9
8BF2
8BD8
33C0
55
6854C74300
64FF30
648920
8BC3
E869B1FEFF
48
7539
8BC6
E8076AFEFF
8BC8
41
8D45FC
33D2
E8A671FCFF
8B45FC
E83673FCFF
50
8B45FC
E8F174FCFF
8BD0
8BC6
59
E8EF69FEFF
8B55FC
8BC3
E8B96AFEFF
nop
push ebp
mov ebp, esp
push 00000000
push ebx
push esi
push edi
mov edi, ecx
mov esi, edx
mov ebx, eax
xor eax, eax
push ebp
push 0043C754
mov eax, ebx
call 00427848
dec eax
jne 0043C71B
mov eax, esi
call 004230F0
mov ecx, eax
inc ecx
xor edx, edx
call 0040389C
call 00403A34
push eax
call 00403BF8
mov edx, eax
mov eax, esi
pop ecx
call 00423100
mov eax, ebx
call 004231D4

|:0043C6E0(C)
|
:0043C71B
:0043C71D
:0043C71F
:0043C721
:0043C726
:0043C728
:0043C72A
:0043C72F
:0043C733
:0043C735
:0043C737
:0043C739
8BCF
8BD6
8BC3
E896AFFEFF
B205
8BC6
E8F160FEFF
F6432001
7509
B201
8BC3
E846C6FFFF
mov ecx, edi

mov edx, esi
mov eax, ebx
call 004276BC
mov dl, 05
mov eax, esi
call 00422820
test [ebx+20], 01
jne 0043C73E
mov dl, 01
mov eax, ebx
call 00438D84

|:0043C733(C)
|
:0043C73E 33C0
xor eax, eax
:0043C740 5A
pop edx
:0043C741 59
pop ecx
:0043C742 59
pop ecx
:0043C743 648910
|
:0043C746 685BC74300
push 0043C75B
|:0043C759(U)
|
:0043C74B 8D45FC
:0043C74E E86570FCFF
:0043C753 C3
:0043C754
:0043C759
:0043C75B
:0043C75C
:0043C75D
:0043C75E
:0043C75F
:0043C760
E91F6BFCFF
EBF0
5F
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
pop
ret
:0043C761
:0043C764
:0043C765
:0043C767
:0043C769
:0043C76E
:0043C770
:0043C775
:0043C777
:0043C779
:0043C77B
8D4000
53
8BD8
8BC3
E856AFFEFF
8BC3
E8D3B0FEFF
85C0
7507
8BC3
E88CF7FFFF

push ebx
mov ebx, eax
mov eax, ebx
call 004276C4
mov eax, ebx
call 00427848
test eax, eax
jne 0043C780
mov eax, ebx
call 0043BF0C

call 004037B8
ret
00403278
0043C74B
edi
esi
ebx
ecx
ebp

|:0043C777(C)
|
:0043C780 5B
:0043C781 C3
pop ebx
ret
:0043C782
:0043C784
:0043C785
:0043C786
:0043C787
:0043C788
:0043C78B
:0043C78D
:0043C78F
:0043C794
:0043C796
:0043C797
:0043C799
:0043C79B
:0043C79C
mov eax, eax

push ebx
push esi
push edi
push ebp
add esp, FFFFFFF0
mov esi, eax
mov eax, esi
call 00426088
mov edi, eax
dec edi
test edi, edi
jl 0043C7C1
inc edi
xor ebp, ebp
8BC0
53
56
57
55
83C4F0
8BF0
8BC6
E8F498FEFF
8BF8
4F
85FF
7C26
47
33ED
|:0043C7BF(C)
|
:0043C79E 8BD4
:0043C7A0 8BC6
:0043C7A2 8B08
:0043C7A4 FF5144
:0043C7A7 54
:0043C7A8 8BD5
:0043C7AA 8BC6
:0043C7AC E89B98FEFF
:0043C7B1 8BD6
:0043C7B3 59
:0043C7B4 66BBD2FF
:0043C7B8 E83766FCFF
:0043C7BD 45
:0043C7BE 4F
:0043C7BF 75DD
|:0043C799(C)
|
:0043C7C1 8BC6
:0043C7C3 E854BDFFFF
:0043C7C8 83C410
:0043C7CB 5D
:0043C7CC 5F
:0043C7CD 5E
:0043C7CE 5B
:0043C7CF C3
:0043C7D0
:0043C7D1
:0043C7D3
:0043C7D6
:0043C7D7
:0043C7D8
:0043C7D9
:0043C7DC
push ebp
mov ebp,
add esp,
push ebx
push esi
push edi
mov esi,
lea edi,
55
8BEC
83C4F8
53
56
57
8B750C
8D7DF8
mov edx, esp

mov eax, esi
call [ecx+44]
push esp
mov edx, ebp
mov eax, esi
call 0042604C
mov edx, esi
pop ecx
mov bx, FFD2
call 00402DF4
inc ebp
dec edi
jne 0043C79E
mov eax, esi

call 0043851C
add esp, 00000010
pop ebp
pop edi
pop esi
pop ebx
ret
esp
FFFFFFF8
dword ptr [ebp+0C]

dword ptr [ebp-08]
:0043C7DF
:0043C7E0
:0043C7E1
:0043C7E3
:0043C7E5
:0043C7EA
:0043C7EC
:0043C7EF
:0043C7F2
:0043C7F3
:0043C7F4
:0043C7F5
:0043C7F6
:0043C7F7
:0043C7F8
A5
A5
8BD8
8BC3
E85EB0FEFF
85C0
8B4508
0F9400
5F
5E
5B
59
59
5D
C20800
movsd
movsd
mov ebx, eax
mov eax, ebx
call 00427848
test eax, eax
sete byte ptr [eax]
pop edi
pop esi
pop ebx
pop ecx
pop ecx
pop ebp
ret 0008
:0043C7FB
:0043C7FC
:0043C7FD
:0043C7FE
:0043C800
:0043C802
:0043C804
:0043C806
:0043C80B
:0043C80F
:0043C811
:0043C815
:0043C817
90
53
56
8BF2
8BD8
8BD6
8BC3
E845BAFEFF
F6432010
750D
837E0C01
7507
C7460C02000000
nop
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00428250
test [ebx+20], 10
jne 0043C81E
jne 0043C81E
mov [esi+0C], 00000002
|:0043C80F(C), :0043C815(C)
|
:0043C81E 5E
:0043C81F 5B
:0043C820 C3
:0043C821
:0043C824
:0043C825
:0043C826
:0043C828
:0043C82A
:0043C82E
:0043C830
:0043C837
:0043C839
:0043C83D
:0043C83F
:0043C841
:0043C846

push ebx
push esi
mov esi, edx
mov ebx, eax
jne 0043C8A4
je 0043C8A4
test [ebx+20], 10
jne 0043C8A4
mov eax, ebx
call 00428F00
push eax
8D4000
53
56
8BF2
8BD8
837E0402
7574
80BB8700000001
746B
F6432010
7565
8BC3
E8BAC6FEFF
50
pop esi
pop ebx
ret

|
:0043C847 E85C9AFCFF
Call 004062A8
:0043C84C 85C0
test eax, eax
:0043C84E 7554
jne 0043C8A4
:0043C850 8BC3
mov eax, ebx
:0043C852
:0043C857
:0043C859
:0043C85B
:0043C85D
:0043C85F
:0043C861
:0043C863
:0043C865
:0043C867
:0043C869
:0043C86E
E8F1AFFEFF
85C0
7E49
6A07
6A00
6A00
6A00
6A00
6A00
8BC3
E892C6FEFF
50
call 00427848
test eax, eax
jle 0043C8A4
push 00000007
push 00000000
push 00000000
push 00000000
push 00000000
push 00000000
mov eax, ebx
call 00428F00
push eax

|
:0043C86F E8949BFCFF
Call 00406408
:0043C874 8B4608
:0043C877 50
push eax
:0043C878 8B4604
:0043C87B 50
push eax
:0043C87C 68A2000000
push 000000A2
:0043C881 8BC3
mov eax, ebx
:0043C883 E878C6FEFF
call 00428F00
:0043C888 50
push eax
|
:0043C889 E89A9AFCFF
Call 00406328
:0043C88E 33D2
xor edx, edx
:0043C890 8BC3
mov eax, ebx
:0043C892 E8C5AFFEFF
call 0042785C
:0043C897 83C9FF
or ecx, FFFFFFFF
:0043C89A B201
mov dl, 01
:0043C89C E83F6FFEFF
call 004237E0
:0043C8A1 5E
pop esi
:0043C8A2 5B
pop ebx
:0043C8A3 C3
ret

|:0043C82E(C), :0043C837(C), :0043C83D(C), :0043C84E(C), :0043C859(C)
|
:0043C8A4 8BD6
mov edx, esi
:0043C8A6 8BC3
mov eax, ebx
:0043C8A8 E8DBE6FFFF
call 0043AF88
:0043C8AD 5E
pop esi
:0043C8AE 5B
pop ebx
:0043C8AF C3
ret
:0043C8B0
:0043C8B1
:0043C8B2
:0043C8B3
:0043C8B6
:0043C8B8
:0043C8BA
:0043C8BC
:0043C8BE
53
56
57
83C4F0
8BF2
8BD8
8BD6
8BC3
E88DBDFEFF
push ebx
push esi
push edi
add esp, FFFFFFF0
mov esi, edx
mov ebx, eax
mov edx, esi
mov eax, ebx
call 00428650
:0043C8C3
:0043C8C7
:0043C8C9
:0043C8CC
:0043C8CD
:0043C8CF
:0043C8D4
:0043C8D6
:0043C8DB
:0043C8DE
:0043C8E4
:0043C8E6
:0043C8E8
:0043C8EA
:0043C8EF
:0043C8F1
:0043C8F3
:0043C8F6
:0043C8FA
837E0800
7536
8B4604
50
33C9
BA39B00000
8BC3
E8B978FEFF
8B7E04
3B9F8C000000
7519
8BD4
8BC7
E86962FEFF
8BCC
8BC7
83CAFF
66BBD2FF
E8F564FCFF

jne 0043C8FF
push eax
xor ecx, ecx
mov edx, 0000B039
mov eax, ebx
call 00424194
cmp ebx, dword ptr [edi+0000008C]
jne 0043C8FF
mov edx, esp
mov eax, edi
call 00422B58
mov ecx, esp
mov eax, edi
or edx, FFFFFFFF
mov bx, FFD2
call 00402DF4
|:0043C8C7(C), :0043C8E4(C)
|
:0043C8FF 83C410
:0043C902 5F
:0043C903 5E
:0043C904 5B
:0043C905 C3
:0043C906
:0043C908
:0043C909
:0043C90B
:0043C90D
:0043C90E
:0043C90F
:0043C911
:0043C913
:0043C915
:0043C916
:0043C91B
:0043C91E
:0043C921
:0043C923
:0043C925
:0043C927
:0043C92A
:0043C92D
:0043C92F
:0043C932
:0043C934
:0043C939
:0043C93B
:0043C93E
:0043C941
:0043C943
:0043C948
mov eax, eax

push ebp
mov ebp, esp
push 00000000
push ebx
push esi
mov ebx, edx
mov esi, eax
xor eax, eax
push ebp
push 0043C99B
mov edx, ebx
mov eax, esi
call [ecx-10]
sub eax, 0000000C
je 0043C94A
sub eax, 0000AFFF
jne 0043C985
mov eax, esi
call 00438D84
jmp 0043C985
8BC0
55
8BEC
6A00
53
56
8BDA
8BF0
33C0
55
689BC94300
64FF30
648920
8BD3
8BC6
8B08
FF51F0
8B4308
8B00
83E80C
7416
2DFFAF0000
754A
8B4304
8A5047
8BC6
E83CC4FFFF
EB3B
add
pop
pop
pop
ret
esp, 00000010
edi
esi
ebx
|:0043C932(C)
|
:0043C94A 8B4304
:0043C94D E89E67FEFF
:0043C952 8BC8
:0043C954 41
:0043C955 8D45FC
:0043C958 33D2
:0043C95A E83D6FFCFF
:0043C95F 8B45FC
:0043C962 E8CD70FCFF
:0043C967 50
:0043C968 8B45FC
:0043C96B E88872FCFF
:0043C970 8BD0
:0043C972 8B4304
:0043C975 59
:0043C976 E88567FEFF
:0043C97B 8B55FC
:0043C97E 8BC6
:0043C980 E84F68FEFF
|:0043C939(C), :0043C948(U)
|
:0043C985 33C0
:0043C987 5A
:0043C988 59
:0043C989 59
:0043C98A 648910
mov eax, dword

call 004230F0
mov ecx, eax
inc ecx
lea eax, dword
xor edx, edx
call 0040389C
mov eax, dword
call 00403A34
push eax
mov eax, dword
call 00403BF8
mov edx, eax
mov eax, dword
pop ecx
call 00423100
mov edx, dword
mov eax, esi
call 004231D4
ptr [ebx+04]
ptr [ebp-04]
ptr [ebp-04]
ptr [ebp-04]
ptr [ebx+04]
ptr [ebp-04]

xor
pop
pop
pop
mov
eax, eax
edx
ecx
ecx

|
:0043C98D 68A2C94300
push 0043C9A2
|:0043C9A0(U)
|
:0043C992 8D45FC
:0043C995 E81E6EFCFF
:0043C99A C3
:0043C99B
:0043C9A0
:0043C9A2
:0043C9A3
:0043C9A4
:0043C9A5
:0043C9A6
E9D868FCFF
EBF0
5E
5B
59
5D
C3
jmp
jmp
pop
pop
pop
pop
ret
:0043C9A7
:0043C9A8
:0043C9A9
:0043C9AB
:0043C9AD
:0043C9B2
:0043C9B5
:0043C9B7
90
53
8BDA
8BD3
E83AB1FEFF
8B4308
33D2
E8645EFEFF
nop
push ebx
mov ebx, edx
mov edx, ebx
call 00427AEC
xor edx, edx
call 00422820

call 004037B8
ret
00403278
0043C992
esi
ebx
ecx
ebp
:0043C9BC 5B
:0043C9BD C3
pop ebx
ret
:0043C9BE
:0043C9C0
:0043C9C1
:0043C9C2
:0043C9C3
:0043C9C5
:0043C9C7
:0043C9CC
:0043C9D0
:0043C9D2
:0043C9D4
:0043C9D9
:0043C9DB
:0043C9DC
:0043C9DE
:0043C9E0
:0043C9E1
mov eax, eax

push ebx
push esi
push edi
mov ebx, eax
mov eax, ebx
call 004283E4
test [ebx+20], 08
jne 0043C9F8
mov eax, ebx
call 00427848
mov esi, eax
dec esi
test esi, esi
jl 0043C9F8
inc esi
xor edi, edi
8BC0
53
56
57
8BD8
8BC3
E818BAFEFF
F6432008
7526
8BC3
E86FAEFEFF
8BF0
4E
85F6
7C18
46
33FF
|:0043C9F6(C)
|
:0043C9E3 8BD7
:0043C9E5 8BC3
:0043C9E7 E870AEFEFF
:0043C9EC 8A5347
:0043C9EF E8A066FEFF
:0043C9F4 47
:0043C9F5 4E
:0043C9F6 75EB
|:0043C9D0(C), :0043C9DE(C)
|
:0043C9F8 5F
:0043C9F9 5E
:0043C9FA 5B
:0043C9FB C3
mov edx, edi

mov eax, ebx
call 0042785C
call 00423094
inc edi
dec esi
jne 0043C9E3
pop edi
pop esi
pop ebx
ret

|:00439F27 , :00439F69 , :00439F7F , :00439F92 , :00439FC1
|
:0043C9FC 83C4D8
add esp, FFFFFFD8
:0043C9FF C7042428000000
:0043CA06 54
push esp
:0043CA07 8B4004
:0043CA0A 50
push eax
:0043CA0B A1082B4400
:0043CA10 8B00
:0043CA12 FFD0
call eax
:0043CA14 8B442404
:0043CA18 83C428
add esp, 00000028
:0043CA1B C3
ret

|:00439F09 , :0043A029 , :0043A05A
|
:0043CA1C 83C4D8
add esp, FFFFFFD8
:0043CA1F C7042428000000
:0043CA26 54
push esp
:0043CA27 8B4004
:0043CA2A 50
push eax
:0043CA2B A1082B4400
:0043CA30 8B00
:0043CA32 FFD0
call eax
:0043CA34 8B442410
:0043CA38 2B442408
:0043CA3C 83C428
add esp, 00000028
:0043CA3F C3
ret

|:00439EF7 , :00439FEA , :00439FFF , :0043A017 , :0043A048
|
:0043CA40 83C4D8
add esp, FFFFFFD8
:0043CA43 C7042428000000
:0043CA4A 54
push esp
:0043CA4B 8B4004
:0043CA4E 50
push eax
:0043CA4F A1082B4400
:0043CA54 8B00
:0043CA56 FFD0
call eax
:0043CA58 8B442408
:0043CA5C 83C428
add esp, 00000028
:0043CA5F C3
ret

|:00439F3A , :00439FA4 , :00439FD4
|
:0043CA60 83C4D8
add esp, FFFFFFD8
:0043CA63 C7042428000000
:0043CA6A 54
push esp
:0043CA6B 8B4004
:0043CA6E 50
push eax
:0043CA6F A1082B4400
:0043CA74 8B00
:0043CA76 FFD0
call eax
:0043CA78 8B44240C
:0043CA7C 2B442404
:0043CA80 83C428
add esp, 00000028
:0043CA83 C3
ret
:0043CA84
:0043CA85
:0043CA87
:0043CA89
:0043CA8B
:0043CA8C
:0043CA8D
55
8BEC
6A00
6A00
53
56
33C0
push ebp
mov ebp, esp
push 00000000
push 00000000
push ebx
push esi
xor eax, eax
:0043CA8F
:0043CA90
:0043CA95
:0043CA98
:0043CA9B
:0043CA9E
:0043CAA1
:0043CAA4
:0043CAA7
:0043CAAC
:0043CAB1
:0043CAB3
:0043CAB5
:0043CAB8
:0043CABA
:0043CABC
:0043CABE
:0043CAC0
:0043CAC3
:0043CAC5
:0043CAC6
:0043CAC9
:0043CACB
:0043CACD
:0043CAD0
:0043CAD3
:0043CAD6
:0043CADB
:0043CADD
55
6809CB4300
64FF30
648920
8B5D14
8D45FC
8B5508
83C21C
B920000000
E8336FFCFF
8BC3
8B10
FF5214
85C0
7423
8BC3
8B10
FF5214
8BD0
4A
8D4DF8
8BC3
8B30
FF560C
8B45F8
8B55FC
E899AAFCFF
85C0
740A
push ebp
push 0043CB09
add edx, 0000001C
mov ecx, 00000020
call 004039E4
mov eax, ebx
call [edx+14]
test eax, eax
je 0043CADF
mov eax, ebx
call [edx+14]
mov edx, eax
dec edx
mov eax, ebx
call [esi+0C]
call 00407574
test eax, eax
je 0043CAE9

|:0043CABA(C)
|
:0043CADF 8B55FC
:0043CAE2 8BC3
mov eax, ebx
:0043CAE4 8B08
:0043CAE6 FF5134
call [ecx+34]
|:0043CADD(C)
|
:0043CAE9 BB01000000
:0043CAEE 33C0
:0043CAF0 5A
:0043CAF1 59
:0043CAF2 59
:0043CAF3 648910
:0043CAF6 6810CB4300
|:0043CB0E(U)
|
:0043CAFB 8D45F8
:0043CAFE BA02000000
:0043CB03 E8D46CFCFF
:0043CB08 C3
:0043CB09 E96A67FCFF
:0043CB0E EBEB
jmp 00403278
jmp 0043CAFB
mov ebx, 00000001

xor eax, eax
pop edx
pop ecx
pop ecx
push 0043CB10

mov edx, 00000002
call 004037DC
ret
:0043CB10
:0043CB12
:0043CB13
:0043CB14
:0043CB15
:0043CB16
:0043CB17
8BC3
5E
5B
59
59
5D
C21000
mov
pop
pop
pop
pop
pop
ret
:0043CB1A
:0043CB1C
:0043CB1D
:0043CB1F
:0043CB20
:0043CB23
:0043CB25
:0043CB2A
:0043CB2F
:0043CB32
:0043CB35
:0043CB38
:0043CB3B
:0043CB3D
:0043CB3F
:0043CB44
:0043CB46
:0043CB47
:0043CB48
8BC0
55
8BEC
53
8B5D14
B201
A134614300
E8C160FCFF
8B5508
895004
8B5308
895008
8BD0
8BC3
E81CFFFCFF
B001
5B
5D
C21000
mov eax, eax

push ebp
mov ebp, esp
push ebx
mov dl, 01
call 00402BF0
mov edx, eax
mov eax, ebx
call 0040CA60
mov al, 01
pop ebx
pop ebp
ret 0010
:0043CB4B 90
eax, ebx
esi
ebx
ecx
ecx
ebp
0010
nop

|:0042D50F
|
:0043CB4C 55
push ebp
:0043CB4D 8BEC
mov ebp, esp
:0043CB4F 83C4B8
add esp, FFFFFFB8
:0043CB52 84D2
test dl, dl
:0043CB54 7408
je 0043CB5E
:0043CB56 83C4F0
add esp, FFFFFFF0
:0043CB59 E8A663FCFF
call 00402F04
|:0043CB54(C)
|
:0043CB5E 8855FB
:0043CB61 8945FC
:0043CB64 33D2
:0043CB66 8B45FC
:0043CB69 E85249FDFF
:0043CB6E 8B45FC
:0043CB71 E8B6030000
:0043CB76 8B45FC
:0043CB79 E88A040000
:0043CB7E B201
:0043CB80 A154B84000
:0043CB85 E86660FCFF
:0043CB8A 8B55FC
:0043CB8D 894224

xor edx, edx
call 004114C0
call 0043CF2C
call 0043D008
mov dl, 01
call 00402BF0
:0043CB90
:0043CB92
:0043CB97
:0043CB9C
:0043CB9F
:0043CBA2
:0043CBA4
:0043CBA9
:0043CBAE
:0043CBB1
:0043CBB4
:0043CBB6
:0043CBBB
:0043CBC0
:0043CBC3
:0043CBC6
:0043CBC8
:0043CBCD
:0043CBD2
:0043CBD5
:0043CBD8
:0043CBDA
:0043CBDF
:0043CBE4
:0043CBE7
:0043CBEA
B201
A154B54000
E85460FCFF
8B55FC
894240
B201
A154B54000
E84260FCFF
8B55FC
894244
B201
A154B54000
E83060FCFF
8B55FC
894248
B201
A154B54000
E81E60FCFF
8B55FC
89424C
B201
A154B54000
E80C60FCFF
8B55FC
894270
6A00
mov dl, 01
call 00402BF0
mov dl, 01
call 00402BF0
mov dl, 01
call 00402BF0
mov dl, 01
call 00402BF0
mov dl, 01
call 00402BF0
push 00000000

|
:0043CBEC E85795FCFF
Call 00406148
:0043CBF1 8945F4
:0043CBF4 33C0
xor eax, eax
:0043CBF6 55
push ebp
:0043CBF7 689FCC4300
push 0043CC9F
:0043CBFC 64FF30
:0043CBFF 648920
:0043CC02 8B45FC
:0043CC05 8B4024
* Possible StringData Ref from Code Obj ->"Default"
|
:0043CC08 BA14CD4300
mov edx, 0043CD14
:0043CC0D 8B08
:0043CC0F FF5134
call [ecx+34]
|
:0043CC12 E8D190FCFF
Call 00405CE8
:0043CC17 6625FF00
and ax, 00FF
:0043CC1B 6683F804
cmp ax, 0004
:0043CC1F 7230
jb 0043CC51
:0043CC21 8D45B8
:0043CC24 33C9
xor ecx, ecx
:0043CC26 BA3C000000
mov edx, 0000003C
:0043CC2B E8085DFCFF
call 00402938
:0043CC30 C645CF01
mov [ebp-31], 01
:0043CC34 6A00
push 00000000
:0043CC36 8B45FC
:0043CC39 8B4024
:0043CC3C 50
push eax
:0043CC3D
:0043CC42
:0043CC45
:0043CC46
:0043CC49
6884CA4300
8D45B8
50
8B45F4
50
push 0043CA84
push eax
push eax
* Reference To: gdi32.EnumFontFamiliesExA, Ord:0000h

|
:0043CC4A E80992FCFF
Call 00405E58
:0043CC4F EB17
jmp 0043CC68
|:0043CC1F(C)
|
:0043CC51 8B45FC
:0043CC54 8B4024
:0043CC57 50
:0043CC58 6884CA4300
:0043CC5D 6A00
:0043CC5F 8B45F4
:0043CC62 50

push eax
push 0043CA84
push 00000000
push eax
* Reference To: gdi32.EnumFontsA, Ord:0000h

|
:0043CC63 E8F891FCFF
Call 00405E60
|:0043CC4F(U)
|
:0043CC68 8B45FC
:0043CC6B 8B4024
:0043CC6E B201
:0043CC70 E86F1AFDFF
:0043CC75 6A5A
:0043CC77 8B45F4
:0043CC7A 50

mov dl, 01
call 0040E6E4
push 0000005A
push eax

|
:0043CC7B E82892FCFF
Call 00405EA8
:0043CC80 8B55FC
:0043CC83 894234
:0043CC86 33C0
xor eax, eax
:0043CC88 5A
pop edx
:0043CC89 59
pop ecx
:0043CC8A 59
pop ecx
:0043CC8B 648910
:0043CC8E 68A6CC4300
push 0043CCA6
|:0043CCA4(U)
|
:0043CC93 8B45F4
:0043CC96 50
push eax
:0043CC97 6A00
push 00000000
|
:0043CC99 E8C296FCFF
Call 00406360
:0043CC9E C3
ret
:0043CC9F
:0043CCA4
:0043CCA6
:0043CCA9
:0043CCAC
:0043CCAD
:0043CCB2
:0043CCB3
:0043CCB5
:0043CCB7
:0043CCBC
:0043CCBE
:0043CCC0
:0043CCC2
:0043CCC7
:0043CCCC
:0043CCCF
:0043CCD2
:0043CCD5
:0043CCDA
:0043CCDD
:0043CCE0
:0043CCE3
:0043CCE6
:0043CCED
:0043CCF0
:0043CCF4
:0043CCF6
:0043CCFB
:0043CD02
E9D465FCFF
EBED
8B45FC
8B404C
50
B81CCB4300
50
6A00
6A00
A1D02B4400
8B00
FFD0
B201
A1BC284100
E82871FDFF
8B55FC
894274
8B45FC
E80A060000
8B45FC
8B4074
8B55FC
895008
C7400400D24300
8B45FC
807DFB00
740F
E86162FCFF
648F0500000000
83C40C
jmp 00403278
jmp 0043CC93
push eax
mov eax, 0043CB1C
push eax
push 00000000
push 00000000
mov eax, dword ptr [00442BD0]
call eax
mov dl, 01
call 00413DF4
call 0043D2E4
mov [eax+04], 0043D200
je 0043CD05
call 00402F5C
add esp, 0000000C

|:0043CCF4(C)
|
:0043CD05 8B45FC
:0043CD08 8BE5
mov esp, ebp
:0043CD0A 5D
pop ebp
:0043CD0B C3
ret
:0043CD0C FFFFFFFF
BYTE 4 DUP(0ffh)
:0043CD10 07
:0043CD11 000000
pop es
BYTE 3 DUP(0)
:0043CD14
:0043CD15
:0043CD18
:0043CD1A
inc esp
popa
jne 0043CD86
je 0043CD1C
44
656661
756C
7400

|:0043CD1A(C)
|
:0043CD1C 53
push ebx
:0043CD1D 56
push esi
:0043CD1E 57
push edi
:0043CD1F
:0043CD20
:0043CD25
:0043CD27
:0043CD29
:0043CD2C
:0043CD31
:0043CD34
:0043CD39
:0043CD3C
:0043CD41
:0043CD44
:0043CD49
:0043CD4C
:0043CD51
:0043CD54
:0043CD59
:0043CD5C
:0043CD61
:0043CD64
:0043CD66
:0043CD68
:0043CD6B
:0043CD6C
:0043CD6E
:0043CD70
:0043CD71
55
E83F62FCFF
8BDA
8BE8
8B4574
E8EF5EFCFF
8B4548
E8E75EFCFF
8B4544
E8DF5EFCFF
8B4540
E8D75EFCFF
8B4524
E8CF5EFCFF
8B4528
E8C75EFCFF
8B4570
E8BF5EFCFF
8B454C
85C0
741E
8B7008
4E
85F6
7C16
46
33FF
|:0043CD84(C)
|
:0043CD73 8BD7
:0043CD75 8B454C
:0043CD78 E8FBFDFCFF
:0043CD7D E89E5EFCFF
:0043CD82 47
:0043CD83 4E
:0043CD84 75ED
push ebp
call 00402F64
mov ebx, edx
mov ebp, eax
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov eax, dword
call 00402C20
mov eax, dword
test eax, eax
je 0043CD86
mov esi, dword
dec esi
test esi, esi
jl 0043CD86
inc esi
xor edi, edi
ptr [ebp+74]
ptr [ebp+48]
ptr [ebp+44]
ptr [ebp+40]
ptr [ebp+24]
ptr [ebp+28]
ptr [ebp+70]
ptr [ebp+4C]
ptr [eax+08]

mov edx, edi
call 0040CB78
call 00402C20
inc edi
dec esi
jne 0043CD73

|:0043CD18(C), :0043CD66(C), :0043CD6E(C)
|
:0043CD86 8B454C
:0043CD89 E8925EFCFF
call 00402C20
:0043CD8E 8BC5
mov eax, ebp
:0043CD90 E8F3010000
call 0043CF88
:0043CD95 8BD3
mov edx, ebx
:0043CD97 80E2FC
and dl, FC
:0043CD9A 8BC5
mov eax, ebp
:0043CD9C E86B47FDFF
call 0041150C
:0043CDA1 84DB
test bl, bl
:0043CDA3 7E07
jle 0043CDAC
:0043CDA5 8BC5
mov eax, ebp
:0043CDA7 E8A861FCFF
call 00402F54
|:0043CDA3(C)
|
:0043CDAC 5D
pop ebp
:0043CDAD 5F
pop edi
:0043CDAE 5E
:0043CDAF 5B
:0043CDB0 C3
pop esi
pop ebx
ret
:0043CDB1 8D4000

|:0043B898 , :00440FA4
|
:0043CDB4 6A01
push 00000001
:0043CDB6 A1302B4400
:0043CDBB 8B00
:0043CDBD FFD0
call eax
:0043CDBF C3
ret

|:0043B87F , :0043FAD9 , :00440E8E , :00440F78
|
:0043CDC0 6A00
push 00000000
:0043CDC2 A1302B4400
:0043CDC7 8B00
:0043CDC9 FFD0
call eax
:0043CDCB C3
ret

|:0042A4BD , :0042A4C9
|
:0043CDCC 6A4D
push 0000004D
:0043CDCE A1302B4400
:0043CDD3 8B00
:0043CDD5 FFD0
call eax
:0043CDD7 C3
ret

|:0042A4A7 , :0042A4B3
|
:0043CDD8 6A4C
push 0000004C
:0043CDDA A1302B4400
:0043CDDF 8B00
:0043CDE1 FFD0
call eax
:0043CDE3 C3
ret

|:0042A45F , :0042A473 , :0043B95B
|
:0043CDE4 6A4F
push 0000004F
:0043CDE6 A1302B4400
:0043CDEB 8B00
:0043CDED FFD0
call eax
:0043CDEF C3
ret

|:0042A483 , :0042A497 , :0043B942
|
:0043CDF0 6A4E
push 0000004E
:0043CDF2 A1302B4400
:0043CDF7 8B00
:0043CDF9 FFD0
call eax
:0043CDFB C3
ret
|:004398CC , :004398DD
|:00439EF2 , :00439F04
|:00439F7A , :00439F8D
|:00439FE5 , :00439FFA
|:0043A055
|
:0043CDFC 53
:0043CDFD 56
:0043CDFE 8BF2
:0043CE00 8BD8
:0043CE02 8BD6
:0043CE04 8B434C
:0043CE07 E86CFDFCFF
:0043CE0C 5E
:0043CE0D 5B
:0043CE0E C3
:0043CE0F 90
Addresses:
, :00439E4F
, :00439F22
, :00439F9F
, :0043A012
,
,
,
,
:00439E89
:00439F35
:00439FBC
:0043A024
,
,
,
,
:00439EC8
:00439F64
:00439FCF
:0043A043
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
call 0040CB78
pop esi
pop ebx
ret
nop

|:004398B6 , :00439E6D , :00439EAC
|
:0043CE10 8B504C
:0043CE13 8B5208
:0043CE16 85D2
test edx, edx
:0043CE18 750C
jne 0043CE26
:0043CE1A 6A50
push 00000050
:0043CE1C A1302B4400
:0043CE21 8B00
:0043CE23 FFD0
call eax
:0043CE25 C3
ret

|:0043CE18(C)
|
:0043CE26 8BC2
mov eax, edx
:0043CE28 C3
ret
:0043CE29 8D4000

|:00436621 , :0043982A , :00439876
, :00439AB0
, :00439AC4
|:0043F4CA , :0043F651
|
:0043CE2C 53
:0043CE2D 56
:0043CE2E 8BF2
:0043CE30 8BD8
:0043CE32 8BD6
:0043CE34 8B4340
:0043CE37 E83CFDFCFF
:0043CE3C 5E
:0043CE3D 5B
:0043CE3E C3
push ebx
push esi
mov esi, edx
mov ebx, eax
mov edx, esi
call 0040CB78
pop esi
pop ebx
ret
:0043CE3F 90
nop

|:0043660B , :00439814 , :00439860 , :00439A99 , :0043F4B2
|:0043F63B
|
:0043CE40 8B4040
:0043CE43 8B4008
:0043CE46 C3
ret
:0043CE47 90
nop

|:0043D5F9 , :0043D6CA , :0043F2C2
|
:0043CE48 53
push ebx
:0043CE49 56
push esi
:0043CE4A 8BF2
mov esi, edx
:0043CE4C 8BD8
mov ebx, eax
:0043CE4E 8BD6
mov edx, esi
:0043CE50 8B4344
:0043CE53 E820FDFCFF
call 0040CB78
:0043CE58 5E
pop esi
:0043CE59 5B
pop ebx
:0043CE5A C3
ret
:0043CE5B 90
nop

|:0043D5DC , :0043D6B5 , :0043F2AC
|
:0043CE5C 8B4044
:0043CE5F 8B4008
:0043CE62 C3
ret
:0043CE63 90
nop

|:0043A925 , :0043DED4
|
:0043CE64 53
push ebx
:0043CE65 8BD8
mov ebx, eax
:0043CE67 8B435C
:0043CE6A
:0043CE6D
:0043CE6F
:0043CE72
:0043CE7A
:0043CE7C
:0043CE7E
:0043CE84
3B4368
741B
894368
6683BB8600000000
740E
8BD3
8B8388000000
FF9384000000
|:0043CE6D(C), :0043CE7A(C)
|
:0043CE8A 8B4358
:0043CE8D 3B4364
:0043CE90 7415
:0043CE92 894364
:0043CE95 66837B7E00
:0043CE9A 740B
:0043CE9C 8BD3
:0043CE9E 8B8380000000
:0043CEA4 FF537C

je 0043CE8A
cmp word ptr [ebx+00000086], 0000
je 0043CE8A
mov edx, ebx
je 0043CEA7
je 0043CEA7
mov edx, ebx
call [ebx+7C]

|:0043CE90(C), :0043CE9A(C)
|
:0043CEA7 5B
pop ebx
:0043CEA8 C3
ret
:0043CEA9 8D4000

|:0043831D
|
:0043CEAC 53
push ebx
:0043CEAD 56
push esi
:0043CEAE 8BF2
mov esi, edx
:0043CEB0 8BD8
mov ebx, eax
:0043CEB2 8BD6
mov edx, esi
:0043CEB4 8B4344
mov eax, dword
:0043CEB7 E8A4FBFCFF
call 0040CA60
:0043CEBC 8BC6
mov eax, esi
:0043CEBE 8B1518534300
mov edx, dword
:0043CEC4 E8C75EFCFF
call 00402D90
:0043CEC9 84C0
test al, al
:0043CECB 7414
je 0043CEE1
:0043CECD 8BD6
mov edx, esi
:0043CECF 8B4340
mov eax, dword
:0043CED2 E889FBFCFF
call 0040CA60
:0043CED7 A1A4374400
mov eax, dword
:0043CEDC E843270000
call 0043F624
ptr [ebx+44]
ptr [00435318]
ptr [ebx+40]
ptr [004437A4]

|:0043CECB(C)
|
:0043CEE1 5E
pop esi
:0043CEE2 5B
pop ebx
:0043CEE3 C3
ret

|:004383F0
|
:0043CEE4 53
push ebx
:0043CEE5 56
push esi
:0043CEE6 8BF2
mov esi, edx
:0043CEE8 8BD8
mov ebx, eax
:0043CEEA 8BD6
mov edx, esi
:0043CEEC 8B4344
:0043CEEF E850FEFCFF
call 0040CD44
:0043CEF4 8BD6
mov edx, esi
:0043CEF6 8B4340
:0043CEF9 E846FEFCFF
call 0040CD44
:0043CEFE A1A4374400
:0043CF03 E81C270000
call 0043F624
:0043CF08 8B4344
:0043CF0B 83780800
:0043CF0F 7518
jne 0043CF29
:0043CF11 A1A4374400
:0043CF16 83786C00
:0043CF1A 740D
je 0043CF29
:0043CF1C A1A4374400
:0043CF21 8B406C
:0043CF24 E84BD4FEFF
call 0042A374
|:0043CF0F(C), :0043CF1A(C)
|
:0043CF29 5E
:0043CF2A 5B
:0043CF2B C3

pop esi
pop ebx
ret

|:0043CB71
|
:0043CF2C 53
push ebx
:0043CF2D 56
push esi
:0043CF2E 57
push edi
:0043CF2F 55
push ebp
:0043CF30 8BE8
mov ebp, eax
:0043CF32 68007F0000
push 00007F00
:0043CF37 6A00
push 00000000
|
:0043CF39 E8A293FCFF
Call 004062E0
:0043CF3E 894554
:0043CF41 BBEAFFFFFF
mov ebx, FFFFFFEA
:0043CF46 BEDC284400
mov esi, 004428DC
|:0043CF81(C)
|
:0043CF4B 83FBEF
cmp ebx, FFFFFFEF
:0043CF4E 7C05
jl 0043CF55
:0043CF50 83FBF4
cmp ebx, FFFFFFF4
:0043CF53 7E05
jle 0043CF5A

|:0043CF4E(C)
|
:0043CF55 83FBEB
cmp ebx, FFFFFFEB
:0043CF58 750A
jne 0043CF64
|:0043CF53(C)
|
:0043CF5A 8B3DE02B4400
:0043CF60 8B3F
:0043CF62 EB02

mov edi, dword ptr [00442BE0]
jmp 0043CF66

|:0043CF58(C)
|
:0043CF64 33FF
xor edi, edi
|:0043CF62(U)
|
:0043CF66 8B06
:0043CF68 50
push eax
:0043CF69 57
push edi
|
:0043CF6A E87193FCFF
Call 004062E0
:0043CF6F 8BC8
mov ecx, eax
:0043CF71 8BD3
mov edx, ebx
:0043CF73 8BC5
mov eax, ebp
:0043CF75 E866000000
call 0043CFE0
:0043CF7A 43
inc ebx
:0043CF7B 83C604
add esi, 00000004
:0043CF7E 83FBFF
cmp ebx, FFFFFFFF
:0043CF81 75C8
jne 0043CF4B
:0043CF83 5D
pop ebp
:0043CF84 5F
pop edi
:0043CF85 5E
pop esi
:0043CF86 5B
pop ebx
:0043CF87 C3
ret

|:0043CD90
|
:0043CF88 53
push ebx
:0043CF89 56
push esi
:0043CF8A 57
push edi
:0043CF8B 8BF8
mov edi, eax
:0043CF8D 8B5F50
:0043CF90 85DB
test ebx, ebx
:0043CF92 742E
je 0043CFC2
|:0043CFC0(C)
|
:0043CF94 8B4304
:0043CF97
:0043CF9A
:0043CF9C
:0043CF9F
83F8EF
7C05
83F8F4
7E04
cmp eax, FFFFFFEF

jl 0043CFA1
cmp eax, FFFFFFF4
jle 0043CFA5

|:0043CF9A(C)
|
:0043CFA1 85C0
test eax, eax
:0043CFA3 7E09
jle 0043CFAE
|:0043CF9F(C)
|
:0043CFA5 8B4308
:0043CFA8 50
push eax
|
:0043CFA9 E8C290FCFF
Call 00406070
|:0043CFA3(C)
|
:0043CFAE 8B33
:0043CFB0 BA0C000000
:0043CFB5 8BC3
:0043CFB7 E8F056FCFF
:0043CFBC 8BDE
:0043CFBE 85DB
:0043CFC0 75D2

mov edx, 0000000C
mov eax, ebx
call 004026AC
mov ebx, esi
test ebx, ebx
jne 0043CF94

|:0043CF92(C)
|
:0043CFC2 68007F0000
push 00007F00
:0043CFC7 6A00
push 00000000
|
:0043CFC9 E81293FCFF
Call 004062E0
:0043CFCE 8B5754
:0043CFD1 3BC2
cmp eax, edx
:0043CFD3 7406
je 0043CFDB
:0043CFD5 52
push edx
|
:0043CFD6 E89590FCFF
Call 00406070
|:0043CFD3(C)
|
:0043CFDB 5F
pop edi
:0043CFDC 5E
pop esi
:0043CFDD 5B
pop ebx
:0043CFDE C3
ret
:0043CFDF 90
nop

|:0043CF75
|
:0043CFE0 53
push ebx
:0043CFE1 56
push esi
:0043CFE2 57
push edi
:0043CFE3 8BF9
mov edi, ecx
:0043CFE5 8BF2
mov esi, edx
:0043CFE7 8BD8
mov ebx, eax
:0043CFE9 B80C000000
mov eax, 0000000C
:0043CFEE E8A156FCFF
call 00402694
:0043CFF3 8B5350
:0043CFF6 8910
:0043CFF8 897004
:0043CFFB 897808
:0043CFFE 894350
:0043D001 5F
pop edi
:0043D002 5E
pop esi
:0043D003 5B
pop ebx
:0043D004 C3
ret
:0043D005 8D4000

|:0043CB79
|
:0043D008 55
push ebp
:0043D009 8BEC
mov ebp, esp
:0043D00B 81C4A0FDFFFF
add esp, FFFFFDA0
:0043D011 53
push ebx
:0043D012 33D2
xor edx, edx
:0043D014 8995A0FDFFFF
mov dword ptr [ebp+FFFFFDA0], edx
:0043D01A 8945FC
:0043D01D 33C0
xor eax, eax
:0043D01F 55
push ebp
:0043D020 68ADD14300
push 0043D1AD
:0043D025 64FF30
:0043D028 648920
:0043D02B B201
mov dl, 01
:0043D02D A154B84000
:0043D032 E8B95BFCFF
call 00402BF0
:0043D037 8B55FC
:0043D03A 894228
:0043D03D 8B45FC
:0043D040 83C02C
add eax, 0000002C
:0043D043 E87067FCFF
call 004037B8
:0043D048 6A00
push 00000000
* Reference To: user32.GetKeyboardLayout, Ord:0000h
|
:0043D04A E83991FCFF
Call 00406188
:0043D04F 8B55FC
:0043D052 894230
:0043D055 8D85ECFEFFFF
:0043D05B 50
push eax
:0043D05C 6A40
push 00000040
* Reference To: user32.GetKeyboardLayoutList, Ord:0000h
:0043D05E
:0043D063
:0043D064
:0043D066
:0043D06C
:0043D06D
:0043D070
:0043D076
E82D91FCFF
48
85C0
0F8C17010000
40
8945F0
8D85ECFEFFFF
8945EC
|:0043D17D(C)
|
:0043D079 8B45EC
:0043D07C 8B00
:0043D07E E86503FFFF
:0043D083 84C0
:0043D085 0F84EB000000
:0043D08B 8D45F4
:0043D08E 50
:0043D08F 683F000F00
:0043D094 6A00
:0043D096 6A00
:0043D098 8B45EC
:0043D09B 8B00
:0043D09D 8985A4FDFFFF
:0043D0A3 C685A8FDFFFF00
:0043D0AA 8D8DA4FDFFFF
|
Call 00406190
dec eax
test eax, eax
jl 0043D183
inc eax
call 0042D3E8
test al, al
je 0043D176
push eax
push 000F003F
push 00000000
push 00000000
mov dword ptr [ebp+FFFFFDA4], eax
mov byte ptr [ebp+FFFFFDA8], 00
lea ecx, dword ptr [ebp+FFFFFDA4]
* Possible StringData Ref from Code Obj ->"System\CurrentControlSet\Control\Keyb

oard "
->"Layouts\%.8x"
|
:0043D0B0 BABCD14300
mov edx, 0043D1BC
:0043D0B5 8D85ACFDFFFF
lea eax, dword ptr [ebp+FFFFFDAC]
:0043D0BB E8DCAEFCFF
call 00407F9C
:0043D0C0 50
push eax
:0043D0C1 6802000080
push 80000002
|
:0043D0C6 E84D8BFCFF
Call 00405C18
:0043D0CB 85C0
test eax, eax
:0043D0CD 0F85A3000000
jne 0043D176
:0043D0D3 33C0
xor eax, eax
:0043D0D5 55
push ebp
:0043D0D6 686FD14300
push 0043D16F
:0043D0DB 64FF30
:0043D0DE 648920
:0043D0E1 C745F800010000
mov [ebp-08], 00000100
:0043D0E8 8D45F8
:0043D0EB 50
push eax
:0043D0EC 8D85ECFDFFFF
lea eax, dword ptr [ebp+FFFFFDEC]
:0043D0F2 50
push eax
:0043D0F3 6A00
push 00000000
:0043D0F5 6A00
push 00000000
* Possible StringData Ref from Code Obj ->"layout text"
|
:0043D0F7 68F4D14300
push 0043D1F4
:0043D0FC 8B45F4
:0043D0FF 50

push eax

|
:0043D100 E81B8BFCFF
Call 00405C20
:0043D105 85C0
test eax, eax
:0043D107 754F
jne 0043D158
:0043D109 8D85A0FDFFFF
lea eax, dword ptr
:0043D10F 8D95ECFDFFFF
lea edx, dword ptr
:0043D115 B900010000
mov ecx, 00000100
:0043D11A E8C568FCFF
call 004039E4
:0043D11F 8B95A0FDFFFF
mov edx, dword ptr
:0043D125 8B45EC
mov eax, dword ptr
:0043D128 8B08
mov ecx, dword ptr
:0043D12A 8B45FC
mov eax, dword ptr
:0043D12D 8B4028
mov eax, dword ptr
:0043D130 8B18
mov ebx, dword ptr
:0043D132 FF5338
call [ebx+38]
:0043D135 8B45EC
mov eax, dword ptr
:0043D138 8B00
mov eax, dword ptr
:0043D13A 8B55FC
mov edx, dword ptr
:0043D13D 3B4230
cmp eax, dword ptr
:0043D140 7516
jne 0043D158
:0043D142 8B45FC
mov eax, dword ptr
:0043D145 83C02C
add eax, 0000002C
:0043D148 8D95ECFDFFFF
lea edx, dword ptr
:0043D14E B900010000
mov ecx, 00000100
:0043D153 E88C68FCFF
call 004039E4
|:0043D107(C), :0043D140(C)
|
:0043D158 33C0
:0043D15A 5A
:0043D15B 59
:0043D15C 59
:0043D15D 648910
:0043D160 6876D14300
[ebp+FFFFFDA0]
[ebp+FFFFFDEC]
[ebp+FFFFFDA0]
[ebp-14]
[eax]
[ebp-04]
[eax+28]
[eax]
[ebp-14]
[eax]
[ebp-04]
[edx+30]
[ebp-04]
[ebp+FFFFFDEC]

xor eax, eax
pop edx
pop ecx
pop ecx
push 0043D176

|:0043D174(U)
|
:0043D165 8B45F4
:0043D168 50
push eax
|
:0043D169 E8A28AFCFF
Call 00405C10
:0043D16E C3
ret
:0043D16F E90461FCFF
:0043D174 EBEF
jmp 00403278
jmp 0043D165

|:0043D085(C), :0043D0CD(C)
|
:0043D176 8345EC04
:0043D17A FF4DF0
dec [ebp-10]
:0043D17D 0F85F6FEFFFF
jne 0043D079
|:0043D066(C)
|
:0043D183 8B45FC
:0043D186 8B4028
:0043D189 C6401900
:0043D18D B201
:0043D18F E85015FDFF
:0043D194 33C0
:0043D196 5A
:0043D197 59
:0043D198 59
:0043D199 648910
:0043D19C 68B4D14300
|:0043D1B2(U)
|
:0043D1A1 8D85A0FDFFFF
:0043D1A7 E80C66FCFF
:0043D1AC C3
:0043D1AD
:0043D1B2
:0043D1B4
:0043D1B5
:0043D1B7
:0043D1B8
jmp
jmp
pop
mov
pop
ret
E9C660FCFF
EBED
5B
8BE5
5D
C3

mov [eax+19], 00
mov dl, 01
call 0040E6E4
xor eax, eax
pop edx
pop ecx
pop ecx
push 0043D1B4
lea eax, dword ptr [ebp+FFFFFDA0]

call 004037B8
ret
00403278
0043D1A1
ebx
esp, ebp
ebp
:0043D1B9 000000
BYTE 3 DUP(0)
:0043D1BC
:0043D1BD
:0043D1BF
:0043D1C1
:0043D1C2
:0043D1C3
:0043D1C4
:0043D1C6
:0043D1C8
:0043D1C9
:0043D1CB
:0043D1CC
:0043D1CD
:0043D1CF
:0043D1D0
:0043D1D1
:0043D1D2
53
7973
7465
6D
5C
43
7572
7265
6E
7443
6F
6E
7472
6F
6C
53
65
push ebx
jns 0043D232
je 0043D226
insd
pop esp
inc ebx
jne 0043D238
jb 0043D22D
outsb
je 0043D20E
outsd
outsb
je 0043D241
outsd
insb
push ebx
BYTE 065h
:0043D1D3
:0043D1D5
:0043D1D6
:0043D1D7
:0043D1D8
745C
43
6F
6E
7472
je 0043D231
inc ebx
outsd
outsb
je 0043D24C
:0043D1DA
:0043D1DB
:0043D1DC
:0043D1DD
:0043D1DE
6F
6C
5C
4B
65
outsd
insb
pop esp
dec ebx
BYTE 065h
:0043D1DF
:0043D1E1
:0043D1E2
:0043D1E3
:0043D1E5
:0043D1E9
:0043D1EA
:0043D1EC
:0043D1EE
:0043D1F3
:0043D1F7
:0043D1F8
:0043D1FA
:0043D1FE
7962
6F
61
7264
204C6179
6F
7574
735C
252E387800
006C6179
6F
7574
20746578
7400
jns 0043D243
outsd
popad
jb 0043D249
and byte ptr [ecx+79], cl
outsd
jne 0043D260
jnb 0043D24A
and eax, 0078382E
add byte ptr [ecx+79], ch
outsd
jne 0043D26E
and byte ptr [ebp+78], dh
je 0043D200
|:0043D1FE(C)
|
:0043D200 66BA35B0
:0043D204 A1A4374400
:0043D209 E89A220000

mov dx, B035
call 0043F4A8

|:0043D1C9(C)
|
:0043D20E C3
ret
:0043D20F 90
nop
|:00436655
|
:0043D210 53
push ebx
:0043D211 56
push esi
:0043D212 8BF2
mov esi, edx
:0043D214 8BD8
mov ebx, eax
:0043D216 8BD6
mov edx, esi
:0043D218 8B4348
:0043D21B E858F9FCFF
call 0040CB78
:0043D220 5E
pop esi
:0043D221 5B
pop ebx
:0043D222 C3
ret
:0043D223 90
nop

|:0043663F
|
:0043D224 8B4048
:0043D227 8B4008
:0043D22A C3
ret
:0043D22B 90
nop

|:0042152F , :00421544 , :00427505 , :0042A643
|:0042CDAC , :0043D2CD
|
:0043D22C 33C9
xor ecx, ecx
:0043D22E 83FAFF
cmp edx, FFFFFFFF
, :0042A65D

|:0043D1D3(C)
|
:0043D231 741C
je 0043D24F
:0043D233 8B4850
:0043D236 EB02
jmp 0043D23A
|:0043D1C4(C), :0043D241(C)
|
:0043D238 8B09
|:0043D236(U)
|
:0043D23A 85C9
test ecx, ecx
:0043D23C 7405
je 0043D243
:0043D23E 3B5104
cmp edx, dword ptr [ecx+04]
|:0043D1CD(C)
|
:0043D241 75F5
jne 0043D238
|:0043D1DF(C), :0043D23C(C)
|
:0043D243 85C9
:0043D245 7505
:0043D247 8B4854

test ecx, ecx
jne 0043D24C

|:0043D1EC(C)
|
:0043D24A EB03
jmp 0043D24F
|:0043D1D8(C), :0043D245(C)
|
:0043D24C 8B4908
|:0043D231(C), :0043D24A(U)
|
:0043D24F 8BC1
mov eax, ecx
:0043D251 C3
ret
:0043D252 8BC0
mov eax, eax
|:0043C00D , :0043C121
|
:0043D254 53
:0043D255 56
:0043D256 57
:0043D257 55
:0043D258 83C4F8
:0043D25B 8BF2
:0043D25D 8BD8
:0043D25F 663B7338
:0043D263 7473
:0043D265 66897338
:0043D269 6685F6
:0043D26C 755A
, :0043C12F
push ebx
push esi
push edi
push ebp
add esp, FFFFFFF8
mov esi, edx
mov ebx, eax
cmp si, word ptr [ebx+38]
je 0043D2D8
mov word ptr [ebx+38], si
test si, si
jne 0043D2C8

|:0043D1F8(C)
|
:0043D26E 54
push esp
|
:0043D26F E8CC8EFCFF
Call 00406140
:0043D274 FF742404
push [esp+04]
:0043D278 FF742404
push [esp+04]
|
:0043D27C E80F92FCFF
Call 00406490
:0043D281 8BF8
mov edi, eax
:0043D283 85FF
test edi, edi
:0043D285 7441
je 0043D2C8
:0043D287 6A00
push 00000000
:0043D289 57
push edi
* Reference To: user32.GetWindowThreadProcessId, Ord:0000h
|
:0043D28A E8D98FFCFF
Call 00406268
:0043D28F 8BE8
mov ebp, eax
|
:0043D291 E8028AFCFF
Call 00405C98
:0043D296 3BE8
cmp ebp, eax
:0043D298 752E
jne 0043D2C8
:0043D29A 8BC4
mov eax, esp
:0043D29C E87792FCFF
call 00406518
:0043D2A1 50
push eax
:0043D2A2 6A00
push 00000000
:0043D2A4 6884000000
push 00000084
:0043D2A9 57
push edi
|
:0043D2AA E8D990FCFF
Call 00406388
:0043D2AF 8BD8
mov ebx, eax
:0043D2B1 66BA0002
mov dx, 0200
:0043D2B5 8BC3
mov eax, ebx
:0043D2B7 E8DC91FCFF
call 00406498
:0043D2BC 50
push eax
:0043D2BD 57
:0043D2BE 6A20
:0043D2C0 57
push edi
push 00000020
push edi

|
:0043D2C1 E8C290FCFF
Call 00406388
:0043D2C6 EB13
jmp 0043D2DB
|:0043D26C(C), :0043D285(C), :0043D298(C)
|
:0043D2C8 0FBFD6
movsx edx, si
:0043D2CB 8BC3
mov eax, ebx
:0043D2CD E85AFFFFFF
call 0043D22C
:0043D2D2 50
push eax
|
:0043D2D3 E8C890FCFF
Call 004063A0
|:0043D263(C)
|
:0043D2D8 FF433C
inc [ebx+3C]
|:0043D2C6(U)
|
:0043D2DB 59
pop ecx
:0043D2DC 5A
pop edx
:0043D2DD 5D
pop ebp
:0043D2DE 5F
pop edi
:0043D2DF 5E
pop esi
:0043D2E0 5B
pop ebx
:0043D2E1 C3
ret
:0043D2E2 8BC0
mov eax, eax

|:0043CCD5 , :0043E0A9
|
:0043D2E4 53
push ebx
:0043D2E5 83C4C4
add esp, FFFFFFC4
:0043D2E8 8BD8
mov ebx, eax
:0043D2EA 6A00
push 00000000
:0043D2EC 8D442404
:0043D2F0 50
push eax
:0043D2F1 6A3C
push 0000003C
:0043D2F3 6A1F
push 0000001F
|
:0043D2F5 E84E91FCFF
Call 00406448
:0043D2FA 85C0
test eax, eax
:0043D2FC 7412
je 0043D310
:0043D2FE 54
push esp
:0043D2FF
:0043D304
:0043D306
:0043D309
:0043D30E
E80C8BFCFF
8BD0
8B4374
E86A6EFDFF
EB11
|
Call 00405E10
mov edx, eax
call 00414178
jmp 0043D321

|:0043D2FC(C)
|
:0043D310 6A0D
push 0000000D
|
:0043D312 E8C98BFCFF
Call 00405EE0
:0043D317 8BD0
mov edx, eax
:0043D319 8B4374
:0043D31C E8576EFDFF
call 00414178
|:0043D30E(U)
|
:0043D321 83C43C
add esp, 0000003C
:0043D324 5B
pop ebx
:0043D325 C3
ret
:0043D326 8BC0
mov eax, eax

|:0043D7AB
|
:0043D328 66FF4078
inc [eax+78]
:0043D32C C3
ret
:0043D32D 8D4000

|:0043D7F2
|
:0043D330 66FF4878
dec [eax+78]
:0043D334 6683787800
:0043D339 750B
jne 0043D346
:0043D33B F6407A10
test [eax+7A], 10
:0043D33F 7405
je 0043D346
:0043D341 E802000000
call 0043D348
|:0043D339(C), :0043D33F(C)
|
:0043D346 C3
ret
:0043D347 90
nop
|:0043D341
|
:0043D348 33D2
xor edx, edx
:0043D34A E839040000
call 0043D788
:0043D34F C3
ret

|:0043D649
|
:0043D350 55
push ebp
:0043D351 8BEC
mov ebp, esp
:0043D353 51
push ecx
:0043D354 53
push ebx
:0043D355 884DFF
:0043D358 33C9
xor ecx, ecx
:0043D35A 8A5DFF
:0043D35D FECB
dec bl
:0043D35F 740E
je 0043D36F
:0043D361 FECB
dec bl
:0043D363 7415
je 0043D37A
:0043D365 FECB
dec bl
:0043D367 7424
je 0043D38D
:0043D369 FECB
dec bl
:0043D36B 742B
je 0043D398
:0043D36D EB3A
jmp 0043D3A9
|:0043D35F(C)
|
:0043D36F 8B5234
:0043D372 3B5034
:0043D375 0F9FC1
setg cl
:0043D378 EB2F
jmp 0043D3A9
|:0043D363(C)
|
:0043D37A 8B4A34
:0043D37D 034A3C
:0043D380 8B5034
:0043D383 03503C
:0043D386 3BCA
cmp ecx, edx
:0043D388 0F9CC1
setl cl
:0043D38B EB1C
jmp 0043D3A9
|:0043D367(C)
|
:0043D38D 8B5230
:0043D390 3B5030
:0043D393 0F9FC1
setg cl
:0043D396 EB11
jmp 0043D3A9
|:0043D36B(C)
|
:0043D398 8B4A30
:0043D39B 034A38
:0043D39E 8B5030
:0043D3A1 035038
:0043D3A4 3BCA
cmp ecx, edx
:0043D3A6 0F9CC1
setl cl

|:0043D36D(U), :0043D378(U), :0043D38B(U), :0043D396(U)
|
:0043D3A9 8BC1
mov eax, ecx
:0043D3AB 5B
pop ebx
:0043D3AC 59
pop ecx
:0043D3AD 5D
pop ebp
:0043D3AE C3
ret
:0043D3AF 90
nop

|:0043D692
|
:0043D3B0 55
push ebp
:0043D3B1 8BEC
mov ebp, esp
:0043D3B3 83C4F0
add esp, FFFFFFF0
:0043D3B6 53
push ebx
:0043D3B7 56
push esi
:0043D3B8 57
push edi
:0043D3B9 8855FF
:0043D3BC 8BD8
mov ebx, eax
:0043D3BE 8B4508
:0043D3C1 8B70FC
:0043D3C4 8B7608
:0043D3C7 8B4508
:0043D3CA 8B40FC
:0043D3CD 2B30
sub esi, dword ptr [eax]
:0043D3CF 85F6
test esi, esi
:0043D3D1 7C09
jl 0043D3DC
:0043D3D3 8A45FF
:0043D3D6 04FD
add al, FD
:0043D3D8 2C02
sub al, 02
:0043D3DA 7303
jnb 0043D3DF
|:0043D3D1(C)
|
:0043D3DC 8B7338
|:0043D3DA(C)
|
:0043D3DF 8B4508
:0043D3E2 8B40FC
:0043D3E5 8B400C
:0043D3E8 8B5508
:0043D3EB 8B52FC
:0043D3EE 2B4204
:0043D3F1 8945F0
:0043D3F4 837DF000
:0043D3F8 7C08
:0043D3FA 8A45FF
:0043D3FD 48
:0043D3FE 2C02
:0043D400 7306

jl 0043D402
dec eax
sub al, 02
jnb 0043D408

|:0043D3F8(C)
|
:0043D402 8B433C
:0043D405 8945F0

|:0043D400(C)
|
:0043D408 807DFF01
:0043D40C 7524
:0043D40E 80BB0B02000002
:0043D415 751B
:0043D417 8B4330
:0043D41A 8945F8
:0043D41D 8B4334
:0043D420 8945F4
:0043D423 6A3D
:0043D425 A1302B4400
:0043D42A 8B00
:0043D42C FFD0
:0043D42E 8BF0
:0043D430 EB17
|:0043D40C(C), :0043D415(C)
|
:0043D432 8B4508
:0043D435 8B40FC
:0043D438 8B00
:0043D43A 8945F8
:0043D43D 8B4508
:0043D440 8B40FC
:0043D443 8B4004
:0043D446 8945F4

jne 0043D432
jne 0043D432
push 0000003D
call eax
mov esi, eax
jmp 0043D449
mov
mov
mov
mov
mov
mov
mov
mov


|:0043D430(U)
|
:0043D449 8A45FF
:0043D44C FEC8
dec al
:0043D44E 740E
je 0043D45E
:0043D450 FEC8
dec al
:0043D452 7418
je 0043D46C
:0043D454 FEC8
dec al
:0043D456 742E
je 0043D486
:0043D458 FEC8
dec al
:0043D45A 7434
je 0043D490
:0043D45C EB47
jmp 0043D4A5
|:0043D44E(C)
|
:0043D45E 8B4508
:0043D461 8B40FC
:0043D464 8B55F0
:0043D467 015004
add dword ptr [eax+04], edx
:0043D46A EB39
jmp 0043D4A5
|:0043D452(C)
|
:0043D46C
:0043D46F
:0043D472
:0043D475
:0043D478
:0043D47B
:0043D47E
:0043D481
:0043D484
8B4508
8B40FC
8B55F0
29500C
8B4508
8B40FC
8B400C
8945F4
EB1F
mov
mov
mov
sub
mov
mov
mov
mov
jmp

0043D4A5

|:0043D456(C)
|
:0043D486 8B4508
:0043D489 8B40FC
:0043D48C 0130
add dword ptr [eax], esi
:0043D48E EB15
jmp 0043D4A5
|:0043D45A(C)
|
:0043D490 8B4508
:0043D493 8B40FC
:0043D496 297008
sub dword ptr [eax+08], esi
:0043D499 8B4508
:0043D49C 8B40FC
:0043D49F 8B4008
:0043D4A2 8945F8
|:0043D45C(U), :0043D46A(U), :0043D484(U), :0043D48E(U)
|
:0043D4A5 56
push esi
:0043D4A6 8B45F0
:0043D4A9 50
push eax
:0043D4AA 8B4DF4
:0043D4AD 8B55F8
:0043D4B0 8BC3
mov eax, ebx
:0043D4B2 8B38
:0043D4B4 FF9780000000
:0043D4BA 80BB0B02000002
:0043D4C1 7509
jne 0043D4CC
:0043D4C3 2B75F8
:0043D4C6 8B45F4
:0043D4C9 2945F0
|:0043D4C1(C)
|
:0043D4CC 8B4338
:0043D4CF 3BF0
cmp esi, eax
:0043D4D1 7508
jne 0043D4DB
:0043D4D3 8B533C
:0043D4D6 3B55F0
:0043D4D9 747E
je 0043D559
|:0043D4D1(C)
|
:0043D4DB 33D2
xor edx, edx
:0043D4DD
:0043D4E0
:0043D4E3
:0043D4E5
8A55FF
83FA05
7774
FF2495ECD44300

cmp edx, 00000005
ja 0043D559
jmp dword ptr [4*edx+0043D4EC]
:0043D4EC
:0043D4F0
:0043D4F4
:0043D4F8
:0043D4FC
:0043D500
59D54300
04D54300
15D54300
26D54300
32D54300
3FD54300
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
:0043D504
:0043D507
:0043D50A
:0043D50D
:0043D510
:0043D513
:0043D515
:0043D518
:0043D51B
:0043D51E
:0043D521
:0043D524
:0043D526
:0043D528
:0043D52B
:0043D52E
:0043D530
:0043D532
:0043D534
:0043D537
:0043D53A
:0043D53D
:0043D53F
:0043D541
:0043D544
:0043D547
:0043D54A
:0043D54D
:0043D550
:0043D553
:0043D556
8B45F0
2B433C
8B5508
8B52FC
294204
EB44
8B45F0
2B433C
8B5508
8B52FC
01420C
EB33
2BF0
8B4508
8B40FC
2930
EB27
2BF0
8B4508
8B40FC
017008
EB1A
2BF0
8B4508
8B40FC
017008
8B45F0
2B433C
8B5508
8B52FC
01420C
mov
sub
mov
mov
sub
jmp
mov
sub
mov
mov
add
jmp
sub
mov
mov
sub
jmp
sub
mov
mov
add
jmp
sub
mov
mov
add
mov
sub
mov
mov
add
0043D559
0043D504
0043D515
0043D526
0043D532
0043D53F

0043D559
0043D559
esi, eax
0043D559
esi, eax
0043D559
esi, eax

|:0043D4D9(C), :0043D4E3(C), :0043D524(U), :0043D530(U), :0043D53D(U)
|
:0043D559 5F
pop edi
:0043D55A 5E
pop esi
:0043D55B 5B
pop ebx
:0043D55C 8BE5
mov esp, ebp
:0043D55E 5D
pop ebp
:0043D55F C3
ret

|:0043D73A , :0043D743 , :0043D74C
|
, :0043D755
, :0043D75E
:0043D560
:0043D561
:0043D563
:0043D566
:0043D567
:0043D568
:0043D569
:0043D56C
:0043D56F
:0043D572
:0043D576
:0043D57B
:0043D57E
:0043D582
:0043D584
:0043D587
:0043D58A
:0043D58E
:0043D590
:0043D593
:0043D596
:0043D59A
:0043D59C
:0043D59F
:0043D5A2
:0043D5A6
:0043D5A8
:0043D5AB
:0043D5AE
:0043D5B1
:0043D5B4
:0043D5B6
:0043D5B9
:0043D5BC
:0043D5C3
:0043D5C5
:0043D5C8
:0043D5CB
:0043D5CE
:0043D5D1
55
8BEC
83C4F8
53
56
57
8845FF
8B4508
8B40F8
66BBFFFF
E87958FCFF
8B4508
8378F400
7452
8B4508
8B40F4
83782400
7546
8B4508
8B40F4
F6402010
753A
8B4508
8B40F4
80784700
742E
8B4508
8B40F4
8A404B
3A45FF
7520
8B4508
8B40F4
80B80B02000001
7411
8B4508
8B50F4
8B4508
8B40F8
E88AF4FCFF
push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
mov bx, FFFF
call 00402DF4
cmp dword ptr [eax-0C], 00000000
je 0043D5D6
jne 0043D5D6
test [eax+20], 10
jne 0043D5D6
je 0043D5D6
jne 0043D5D6
je 0043D5D6
mov edx, dword ptr [eax-0C]
call 0040CA60

|:0043D582(C), :0043D58E(C), :0043D59A(C), :0043D5A6(C), :0043D5B4(C)
|:0043D5C3(C)
|
:0043D5D6 8B4508
:0043D5D9 8B40F0
:0043D5DC E87BF8FFFF
call 0043CE5C
:0043D5E1 8BF8
mov edi, eax
:0043D5E3 4F
dec edi
:0043D5E4 85FF
test edi, edi
:0043D5E6 7C7F
jl 0043D667
:0043D5E8 47
inc edi
:0043D5E9 C745F800000000
mov [ebp-08], 00000000
|:0043D665(C)
|
:0043D5F0 8B4508
:0043D5F3 8B40F0
:0043D5F6
:0043D5F9
:0043D5FE
:0043D600
:0043D603
:0043D606
:0043D608
:0043D60C
:0043D60E
:0043D612
:0043D614
:0043D61B
:0043D61D
:0043D620
:0043D623
:0043D625
:0043D627
8B55F8
E84AF8FFFF
8BD8
8A434B
3A45FF
7559
F6432010
7553
807B4700
744D
80BB0B02000001
7444
8B4508
3B58F4
743C
33F6
EB01

call 0043CE48
mov ebx, eax
jne 0043D661
test [ebx+20], 10
jne 0043D661
je 0043D661
je 0043D661
cmp ebx, dword ptr [eax-0C]
je 0043D661
xor esi, esi
jmp 0043D62A

|:0043D650(C)
|
:0043D629 46
inc esi
|:0043D627(U)
|
:0043D62A 8B4508
:0043D62D 8B40F8
:0043D630 3B7008
:0043D633 7D1D
:0043D635 8B4508
:0043D638 8B40F8
:0043D63B 8BD6
:0043D63D E836F5FCFF
:0043D642 8BD0
:0043D644 8A4DFF
:0043D647 8BC3
:0043D649 E802FDFFFF
:0043D64E 84C0
:0043D650 74D7
|:0043D633(C)
|
:0043D652 8B4508
:0043D655 8B40F8
:0043D658 8BCB
:0043D65A 8BD6
:0043D65C E8CFF5FCFF

jge 0043D652
mov edx, esi
call 0040CB78
mov edx, eax
mov eax, ebx
call 0043D350
test al, al
je 0043D629

mov ecx, ebx
mov edx, esi
call 0040CC30

|:0043D606(C), :0043D60C(C), :0043D612(C), :0043D61B(C), :0043D623(C)
|
:0043D661 FF45F8
inc [ebp-08]
:0043D664 4F
dec edi
:0043D665 7589
jne 0043D5F0
|:0043D5E6(C)
|
:0043D667
:0043D66A
:0043D66D
:0043D670
:0043D671
:0043D673
:0043D675
:0043D676
8B4508
8B40F8
8B7808
4F
85FF
7C29
47
C745F800000000
|:0043D69C(C)
|
:0043D67D 8B4508
:0043D680 50
:0043D681 8B4508
:0043D684 8B40F8
:0043D687 8B55F8
:0043D68A E8E9F4FCFF
:0043D68F 8A55FF
:0043D692 E819FDFFFF
:0043D697 59
:0043D698 FF45F8
:0043D69B 4F
:0043D69C 75DF

dec edi
test edi, edi
jl 0043D69E
inc edi
mov [ebp-08], 00000000
push eax
call 0040CB78
call 0043D3B0
pop ecx
inc [ebp-08]
dec edi
jne 0043D67D

|:0043D673(C)
|
:0043D69E 5F
pop edi
:0043D69F 5E
pop esi
:0043D6A0 5B
pop ebx
:0043D6A1 59
pop ecx
:0043D6A2 59
pop ecx
:0043D6A3 5D
pop ebp
:0043D6A4 C3
ret
:0043D6A5 8D4000

|:0043D710
|
:0043D6A8 55
push ebp
:0043D6A9 8BEC
mov ebp, esp
:0043D6AB 53
push ebx
:0043D6AC 56
push esi
:0043D6AD B301
mov bl, 01
:0043D6AF 8B4508
:0043D6B2 8B40F0
:0043D6B5 E8A2F7FFFF
call 0043CE5C
:0043D6BA 8BF0
mov esi, eax
:0043D6BC 4E
dec esi
:0043D6BD 83FE00
cmp esi, 00000000
:0043D6C0 7C34
jl 0043D6F6
|:0043D6F4(C)
|
:0043D6C2 8B4508
:0043D6C5 8B40F0
:0043D6C8
:0043D6CA
:0043D6CF
:0043D6D3
:0043D6D5
:0043D6D9
:0043D6DB
:0043D6DF
:0043D6E1
:0043D6E5
:0043D6E7
:0043D6EE
8BD6
E879F7FFFF
83782400
751B
F6402010
7515
80784B00
740F
80784700
7409
80B80B02000001
7508
mov edx, esi

call 0043CE48
jne 0043D6F0
test [eax+20], 10
jne 0043D6F0
je 0043D6F0
je 0043D6F0
jne 0043D6F8

|:0043D6D3(C), :0043D6D9(C), :0043D6DF(C), :0043D6E5(C)
|
:0043D6F0 4E
dec esi
:0043D6F1 83FEFF
cmp esi, FFFFFFFF
:0043D6F4 75CC
jne 0043D6C2
|:0043D6C0(C)
|
:0043D6F6 33DB
xor ebx, ebx
|:0043D6EE(C)
|
:0043D6F8 8BC3
mov eax, ebx
:0043D6FA 5E
pop esi
:0043D6FB 5B
pop ebx
:0043D6FC 5D
pop ebp
:0043D6FD C3
ret
:0043D6FE 8BC0
mov eax, eax

|:0043D7D5
|
:0043D700 55
push ebp
:0043D701 8BEC
mov ebp, esp
:0043D703 83C4F0
add esp, FFFFFFF0
:0043D706 894DFC
:0043D709 8955F4
:0043D70C 8945F0
:0043D70F 55
push ebp
call 0043D6A8
:0043D715 59
pop ecx
:0043D716 84C0
test al, al
:0043D718 7467
je 0043D781
:0043D71A B201
mov dl, 01
:0043D71C A154B54000
:0043D721 E8CA54FCFF
call 00402BF0
:0043D726 8945F8
:0043D729 33C0
xor eax, eax
:0043D72B 55
push ebp
:0043D72C 687AD74300
push 0043D77A
:0043D731 64FF30
:0043D734 648920
:0043D737
:0043D738
:0043D73A
:0043D73F
:0043D740
:0043D741
:0043D743
:0043D748
:0043D749
:0043D74A
:0043D74C
:0043D751
:0043D752
:0043D753
:0043D755
:0043D75A
:0043D75B
:0043D75C
:0043D75E
:0043D763
:0043D764
:0043D766
:0043D767
:0043D768
:0043D769
:0043D76C
55
B001
E821FEFFFF
59
55
B002
E818FEFFFF
59
55
B003
E80FFEFFFF
59
55
B004
E806FEFFFF
59
55
B005
E8FDFDFFFF
59
33C0
5A
59
59
648910
6881D74300
push ebp
mov al, 01
call 0043D560
pop ecx
push ebp
mov al, 02
call 0043D560
pop ecx
push ebp
mov al, 03
call 0043D560
pop ecx
push ebp
mov al, 04
call 0043D560
pop ecx
push ebp
mov al, 05
call 0043D560
pop ecx
xor eax, eax
pop edx
pop ecx
pop ecx
push 0043D781
|:0043D77F(U)
|
:0043D771 8B45F8
:0043D774 E8A754FCFF
:0043D779 C3
:0043D77A E9F95AFCFF
:0043D77F EBF0
jmp 00403278
jmp 0043D771

call 00402C20
ret

|:0043D718(C)
|
:0043D781 8BE5
mov esp, ebp
:0043D783 5D
pop ebp
:0043D784 C3
ret
:0043D785 8D4000

|:0043C2AD , :0043D34A
|
:0043D788 55
push ebp
:0043D789 8BEC
mov ebp, esp
:0043D78B 83C4EC
add esp, FFFFFFEC
:0043D78E 53
push ebx
:0043D78F 8BDA
mov ebx, edx
:0043D791 8945FC
:0043D794 8B45FC
:0043D797 6683787800
:0043D79C 740A
je 0043D7A8
:0043D79E 8B45FC
:0043D7A1 6683487A10
:0043D7A6 EB57

or word ptr [eax+7A], 0010
jmp 0043D7FF
|:0043D79C(C)
|
:0043D7A8 8B45FC
:0043D7AB E878FBFFFF
:0043D7B0 33C0
:0043D7B2 55
:0043D7B3 68F8D74300
:0043D7B8 64FF30
:0043D7BB 648920
:0043D7BE 6A00
:0043D7C0 8D45EC
:0043D7C3 50
:0043D7C4 6A00
:0043D7C6 6A30

call 0043D328
xor eax, eax
push ebp
push 0043D7F8
push 00000000
push eax
push 00000000
push 00000030

|
:0043D7C8 E87B8CFCFF
Call 00406448
:0043D7CD 8D4DEC
:0043D7D0 8BD3
mov edx, ebx
:0043D7D2 8B45FC
:0043D7D5 E826FFFFFF
call 0043D700
:0043D7DA 33C0
xor eax, eax
:0043D7DC 5A
pop edx
:0043D7DD 59
pop ecx
:0043D7DE 59
pop ecx
:0043D7DF 648910
:0043D7E2 68FFD74300
push 0043D7FF
|:0043D7FD(U)
|
:0043D7E7 8B45FC
:0043D7EA 6683607AEF
:0043D7EF 8B45FC
:0043D7F2 E839FBFFFF
:0043D7F7 C3
:0043D7F8 E97B5AFCFF
:0043D7FD EBE8
jmp 00403278
jmp 0043D7E7

and word ptr [eax+7A], FFEF
call 0043D330
ret

|:0043D7A6(U)
|
:0043D7FF 5B
pop ebx
:0043D800 8BE5
mov esp, ebp
:0043D802 5D
pop ebp
:0043D803 C3
ret

|:0043F3D9 , :0043FBAA
|
:0043D804
:0043D805
:0043D806
:0043D808
:0043D80A
:0043D80C
53
56
8BF2
8BD8
85DB
741C
push ebx
push esi
mov esi, edx
mov ebx, eax
test ebx, ebx
je 0043D82A
|:0043D828(C)
|
:0043D80E 837B7400
:0043D812 7505
:0043D814 8B5B24
:0043D817 EB0D
|:0043D812(C)
|
:0043D819 8BC6
:0043D81B 8B5374
:0043D81E E82D60FCFF
:0043D823 5E
:0043D824 5B
:0043D825 C3
cmp
jne
mov
jmp
dword ptr [ebx+74], 00000000

0043D819
ebx, dword ptr [ebx+24]
0043D826
mov eax, esi

call 00403850
pop esi
pop ebx
ret

|:0043D817(U)
|
:0043D826 85DB
test ebx, ebx
:0043D828 75E4
jne 0043D80E
|:0043D80C(C)
|
:0043D82A 8BC6
:0043D82C E8875FFCFF
:0043D831 5E
:0043D832 5B
:0043D833 C3

mov eax, esi
call 004037B8
pop esi
pop ebx
ret

|:0043F707 , :0043FAA8
|
:0043D834 EB03
jmp 0043D839
|:0043D844(C)
|
:0043D836 8B4024
|:0043D834(U)
|
:0043D839 85C0
:0043D83B 7409
:0043D83D 80B88500000000

test eax, eax
je 0043D846
:0043D844 74F0
je 0043D836
|:0043D83B(C)
|
:0043D846 85C0
:0043D848 7408
:0043D84A F6402010
:0043D84E 7402
:0043D850 33C0
|:0043D848(C), :0043D84E(C)
|
:0043D852 C3
:0043D853 90
:0043D854 55
:0043D855 8BEC
:0043D857 833DA437440000
:0043D85E 740A
:0043D860 A1A4374400
:0043D865 E8761F0000
test eax, eax

je 0043D852
test [eax+20], 10
je 0043D852
xor eax, eax
ret
nop
push ebp
mov ebp, esp
cmp dword ptr [004437A4], 00000000
je 0043D86A
call 0043F7E0

|:0043D85E(C)
|
:0043D86A 5D
pop ebp
:0043D86B C21000
ret 0010
:0043D86E
:0043D870
:0043D871
:0043D873
:0043D876
:0043D877
8BC0
55
8BEC
83C4F8
53
BBA4374400
mov eax,
push ebp
mov ebp,
add esp,
push ebx
mov ebx,
eax
esp
FFFFFFF8
004437A4

|
:0043D87C E81784FCFF
Call 00405C98
:0043D881 A3D8374400
:0043D886 EB29
jmp 0043D8B1
|:0043D8C3(C)
|
:0043D888 833B00
:0043D88B 7424
:0043D88D 8B03
:0043D88F 83784800
:0043D893 741C
:0043D895 8D45F8
:0043D898 50

je 0043D8B1
je 0043D8B1
push eax

|
:0043D899 E8A288FCFF
Call 00406140
:0043D89E 8D45F8
:0043D8A1 E8BE43FEFF
call 00421C64
:0043D8A6 85C0
test eax, eax
:0043D8A8 7507
:0043D8AA 8B03
:0043D8AC E89F1F0000
jne 0043D8B1
call 0043F850

|:0043D886(U), :0043D88B(C), :0043D893(C), :0043D8A8(C)
|
:0043D8B1 6A64
push 00000064
:0043D8B3 A1DC374400
:0043D8B8 50
push eax
|
:0043D8B9 E8FA84FCFF
Call 00405DB8
:0043D8BE 3D02010000
cmp eax, 00000102
:0043D8C3 74C3
je 0043D888
:0043D8C5 5B
pop ebx
:0043D8C6 59
pop ecx
:0043D8C7 59
pop ecx
:0043D8C8 5D
pop ebp
:0043D8C9 C20400
ret 0004
:0043D8CC
:0043D8CD
:0043D8CF
:0043D8D0
:0043D8D1
:0043D8D2
:0043D8D5
:0043D8D8
:0043D8D9
:0043D8DC
:0043D8DD
:0043D8DE
:0043D8E3
55
8BEC
53
56
57
8B7510
8B5D08
56
8B450C
50
53
A1E0374400
50
push ebp
mov ebp,
push ebx
push esi
push edi
mov esi,
mov ebx,
push esi
mov eax,
push eax
push ebx
mov eax,
push eax
esp
dword ptr [ebp+10]

dword ptr [ebp+08]
dword ptr [ebp+0C]
dword ptr [004437E0]
* Reference To: user32.CallNextHookEx, Ord:0000h

|
:0043D8E4 E81F87FCFF
Call 00406008
:0043D8E9 8BF8
mov edi, eax
:0043D8EB 85DB
test ebx, ebx
:0043D8ED 7C15
jl 0043D904
:0043D8EF 833DA437440000
cmp dword ptr [004437A4], 00000000
:0043D8F6 740C
je 0043D904
:0043D8F8 8BD6
mov edx, esi
:0043D8FA A1A4374400
:0043D8FF E8D0110000
call 0043EAD4
|:0043D8ED(C), :0043D8F6(C)
|
:0043D904 8BC7
:0043D906 5F
:0043D907 5E
:0043D908 5B
:0043D909 5D
:0043D90A C20C00

mov
pop
pop
pop
pop
ret
eax, edi
edi
esi
ebx
ebp
000C
:0043D90D 8D4000

|:0043FD49
|
:0043D910 51
push ecx
:0043D911 A1A4374400
:0043D916 80B88D00000000
:0043D91D 7562
jne 0043D981
:0043D91F 833DE037440000
cmp dword ptr [004437E0], 00000000
:0043D926 751A
jne 0043D942
|
:0043D928 E86B83FCFF
Call 00405C98
:0043D92D 50
push eax
:0043D92E 6A00
push 00000000
:0043D930 B8CCD84300
mov eax, 0043D8CC
:0043D935 50
push eax
:0043D936 6A03
push 00000003
* Reference To: user32.SetWindowsHookExA, Ord:0000h
|
:0043D938 E8DB8AFCFF
Call 00406418
:0043D93D A3E0374400
|:0043D926(C)
|
:0043D942 833DDC37440000
:0043D949 7512
:0043D94B 6A00
:0043D94D 6A00
:0043D94F 6A00
:0043D951 6A00

cmp dword ptr [004437DC], 00000000
jne 0043D95D
push 00000000
push 00000000
push 00000000
push 00000000

|
:0043D953 E8E082FCFF
Call 00405C38
:0043D958 A3DC374400
mov dword ptr [004437DC], eax
|:0043D949(C)
|
:0043D95D 833DE437440000
:0043D964 751B
:0043D966 54
:0043D967 6A00
:0043D969 6A00
:0043D96B 6870D84300
:0043D970 68E8030000
:0043D975 6A00

cmp dword ptr [004437E4], 00000000
jne 0043D981
push esp
push 00000000
push 00000000
push 0043D870
push 000003E8
push 00000000
* Reference To: kernel32.CreateThread, Ord:0000h

|
:0043D977 E8CC82FCFF
Call 00405C48
:0043D97C A3E4374400
|:0043D91D(C), :0043D964(C)
|
:0043D981 5A
:0043D982 C3
pop edx
ret
:0043D983 90
nop

|:0043F869
|
:0043D984 833DE037440000
cmp dword ptr [004437E0], 00000000
:0043D98B 740B
je 0043D998
:0043D98D A1E0374400
:0043D992 50
push eax
* Reference To: user32.UnhookWindowsHookEx, Ord:0000h
|
:0043D993 E8D08AFCFF
Call 00406468
|:0043D98B(C)
|
:0043D998 33C0
:0043D99A A3E0374400
:0043D99F 833DE437440000
:0043D9A6 7437
:0043D9A8 A1DC374400
:0043D9AD 50

xor eax, eax
cmp dword ptr [004437E4], 00000000
je 0043D9DF
push eax
* Reference To: kernel32.SetEvent, Ord:0000h

|
:0043D9AE E8CD83FCFF
Call 00405D80
|
:0043D9B3 E8E082FCFF
Call 00405C98
:0043D9B8 3B05D8374400
cmp eax, dword ptr [004437D8]
:0043D9BE 740D
je 0043D9CD
:0043D9C0 6AFF
push FFFFFFFF
:0043D9C2 A1E4374400
:0043D9C7 50
push eax
|
:0043D9C8 E8EB83FCFF
Call 00405DB8
|:0043D9BE(C)
|
:0043D9CD A1E4374400
:0043D9D2 50
push eax
|
:0043D9D3 E85082FCFF
Call 00405C28
:0043D9D8 33C0
xor eax, eax
:0043D9DA A3E4374400
|:0043D9A6(C)
|
:0043D9DF C3
ret

|:0043DA3F
|
:0043D9E0 83C4F8
add esp, FFFFFFF8
:0043D9E3 C7042408000000
:0043D9EA 6A00
push 00000000
:0043D9EC 8D442404
:0043D9F0 50
push eax
:0043D9F1 6A08
push 00000008
:0043D9F3 6A48
push 00000048
|
:0043D9F5 E84E8AFCFF
Call 00406448
:0043D9FA 85C0
test eax, eax
:0043D9FC 740B
je 0043DA09
:0043D9FE 837C240400
:0043DA03 0F95C0
setne al
:0043DA06 59
pop ecx
:0043DA07 5A
pop edx
:0043DA08 C3
ret

|:0043D9FC(C)
|
:0043DA09 33C0
xor eax, eax
:0043DA0B 59
pop ecx
:0043DA0C 5A
pop edx
:0043DA0D C3
ret
:0043DA0E 8BC0
mov eax, eax

|:0043DA4C , :0043DA5E
|
:0043DA10 83C4F8
add esp, FFFFFFF8
:0043DA13 C7042408000000
:0043DA1A F6D8
neg al
:0043DA1C 1BC0
sbb eax, eax
:0043DA1E 89442404
:0043DA22 6A00
push 00000000
:0043DA24 8D442404
:0043DA28 50
push eax
:0043DA29 6A08
push 00000008
:0043DA2B 6A49
push 00000049
|
:0043DA2D E8168AFCFF
Call 00406448
:0043DA32 59
pop ecx
:0043DA33 5A
pop edx
:0043DA34 C3
ret
:0043DA35 8D4000

|:0043E844 , :0043E886
|
:0043DA38 53
push ebx
:0043DA39 56
push esi
:0043DA3A 57
push edi
:0043DA3B 8BFA
mov edi, edx
:0043DA3D 8BF0
mov esi, eax
:0043DA3F E89CFFFFFF
call 0043D9E0
:0043DA44 8BD8
mov ebx, eax
:0043DA46 84DB
test bl, bl
:0043DA48 7407
je 0043DA51
:0043DA4A 33C0
xor eax, eax
:0043DA4C E8BFFFFFFF
call 0043DA10
|:0043DA48(C)
|
:0043DA51 57
push edi
:0043DA52 56
push esi
|
:0043DA53 E8E889FCFF
Call 00406440
:0043DA58 84DB
test bl, bl
:0043DA5A 7407
je 0043DA63
:0043DA5C B001
mov al, 01
:0043DA5E E8ADFFFFFF
call 0043DA10
|:0043DA5A(C)
|
:0043DA63 5F
pop edi
:0043DA64 5E
pop esi
:0043DA65 5B
pop ebx
:0043DA66 C3
ret
:0043DA67
:0043DA68
:0043DA69
:0043DA6A
:0043DA6C
:0043DA6D
:0043DA74
90
54
41
7070
6C
69636174696F6E
00000000
nop
push esp
inc ecx
jo 0043DADC
insb
BYTE 4 DUP(0)

|:0042D525
|
:0043DA78 55
push ebp
:0043DA79 8BEC
mov ebp, esp
:0043DA7B 81C4FCFEFFFF
add esp, FFFFFEFC
:0043DA81 53
push ebx
:0043DA82 56
push esi
:0043DA83 84D2
test dl, dl
:0043DA85 7408
je 0043DA8F
:0043DA87 83C4F0
:0043DA8A E87554FCFF
add esp, FFFFFFF0

call 00402F04
|:0043DA85(C)
|
:0043DA8F 8855FF
:0043DA92 8BD8
:0043DA94 33D2
:0043DA96 8BC3
:0043DA98 E8233AFDFF
:0043DA9D C6432800
:0043DAA1 B201
:0043DAA3 A154B54000
:0043DAA8 E84351FCFF
:0043DAAD 894378
:0043DAB0 B201
:0043DAB2 A154B54000
:0043DAB7 E83451FCFF
:0043DABC 898390000000
:0043DAC2 33C0
:0043DAC4 894348
:0043DAC7 33C0
:0043DAC9 89436C
:0043DACC C7434418000080
:0043DAD3 C74360F4010000
:0043DADA C6436401
:0043DADE 33C0
:0043DAE0 894368
:0043DAE3 C7435CC4090000
:0043DAEA C6437000
:0043DAEE C6838500000001
:0043DAF5 B201
:0043DAF7 A14C324100
:0043DAFC E8F7C5FDFF
:0043DB01 8BF0
:0043DB03 89B380000000

mov ebx, eax
xor edx, edx
mov eax, ebx
call 004114C0
mov [ebx+28], 00
mov dl, 01
call 00402BF0
mov dl, 01
call 00402BF0
xor eax, eax
xor eax, eax
mov [ebx+44], 80000018
mov [ebx+60], 000001F4
mov [ebx+64], 01
xor eax, eax
mov [ebx+5C], 000009C4
mov [ebx+70], 00
mov dl, 01
call 0041A0F8
mov esi, eax
* Possible StringData Ref from Code Obj ->"MAINICON"

|
:0043DB09 6800DC4300
push 0043DC00
:0043DB0E A1142B4400
:0043DB13 8B00
:0043DB15 50
push eax
|
:0043DB16 E8CD87FCFF
Call 004062E8
:0043DB1B 8BD0
mov edx, eax
:0043DB1D 8BC6
mov eax, esi
:0043DB1F E878C9FDFF
call 0041A49C
:0043DB24 8B8380000000
:0043DB2A 895808
:0043DB2D C74004E4F44300
mov [eax+04], 0043F4E4
:0043DB34 6800010000
push 00000100
:0043DB39 8D85FFFEFFFF
lea eax, dword ptr [ebp+FFFFFEFF]
:0043DB3F 50
push eax
:0043DB40 A1142B4400
:0043DB45 8B00
:0043DB47 50
push eax

|
:0043DB48 E86B81FCFF
Call 00405CB8
:0043DB4D 8D85FFFEFFFF
:0043DB53 50
push eax
:0043DB5A 50
push eax
* Reference To: user32.OemToCharA, Ord:0000h
|
:0043DB5B E8B087FCFF
Call 00406310
:0043DB66 B25C
mov dl, 5C
:0043DB68 E8D3B6FCFF
call 00409240
:0043DB6D 85C0
test eax, eax
:0043DB6F 740E
je 0043DB7F
:0043DB71 8D5001
:0043DB7A E8A59DFCFF
call 00407924
|:0043DB6F(C)
|
:0043DB7F 8D85FFFEFFFF
:0043DB85 B22E
:0043DB87 E8DCB6FCFF
:0043DB8C 85C0
:0043DB8E 7403
:0043DB90 C60000
|:0043DB8E(C)
|
:0043DB99 40
:0043DB9A 50

mov dl, 2E
call 00409268
test eax, eax
je 0043DB93

inc eax
push eax
* Reference To: user32.CharLowerA, Ord:0000h

|
:0043DB9B E85884FCFF
Call 00405FF8
:0043DBA0 8D4374
:0043DBA3 8D95FFFEFFFF
lea edx, dword ptr [ebp+FFFFFEFF]
:0043DBA9 B900010000
mov ecx, 00000100
:0043DBAE E8315EFCFF
call 004039E4
:0043DBB3 A12C2A4400
:0043DBB8 803800
:0043DBBB 7507
jne 0043DBC4
:0043DBBD 8BC3
mov eax, ebx
:0043DBBF E828010000
call 0043DCEC
|:0043DBBB(C)
|
:0043DBC4 C6434101
:0043DBC8 C6434201
:0043DBCC C6434301
:0043DBD0 C6838600000001
:0043DBD7 33C0
:0043DBD9 898388000000

mov
mov
mov
mov
xor
mov
[ebx+41], 01
[ebx+42], 01
[ebx+43], 01
byte ptr [ebx+00000086], 01
eax, eax
:0043DBDF
:0043DBE1
:0043DBE5
:0043DBE7
:0043DBEC
:0043DBF3
8BC3
807DFF00
740F
E87053FCFF
648F0500000000
83C40C
mov eax, ebx

je 0043DBF6
call 00402F5C
add esp, 0000000C

|:0043DBE5(C)
|
:0043DBF6 8BC3
mov eax, ebx
:0043DBF8 5E
pop esi
:0043DBF9 5B
pop ebx
:0043DBFA 8BE5
mov esp, ebp
:0043DBFC 5D
pop ebp
:0043DBFD C3
ret
:0043DBFE 0000
BYTE 2 DUP(0)
:0043DC00
:0043DC01
:0043DC02
:0043DC03
:0043DC04
:0043DC05
:0043DC06
:0043DC07
:0043DC08
4D
41
49
4E
49
43
4F
4E
00000000
dec ebp
inc ecx
dec ecx
dec esi
dec ecx
inc ebx
dec edi
dec esi
BYTE 4 DUP(0)
:0043DC0C
:0043DC0D
:0043DC0E
:0043DC13
:0043DC15
:0043DC17
:0043DC1D
:0043DC20
:0043DC22
53
56
E85153FCFF
8BDA
8BF0
8B8688000000
83F820
7606
50
push ebx
push esi
call 00402F64
mov ebx, edx
mov esi, eax
cmp eax, 00000020
jbe 0043DC28
push eax

|
:0043DC23 E85080FCFF
Call 00405C78
|:0043DC20(C)
|
:0043DC28 837E2400
:0043DC2C 741D
:0043DC2E 80BE8C00000000
:0043DC35 7414
:0043DC37 837E3800
:0043DC3B 740E
:0043DC3D 33C9
:0043DC3F BA02000000
:0043DC44 8BC6
:0043DC46 E811160000

je 0043DC4B
je 0043DC4B
je 0043DC4B
xor ecx, ecx
mov edx, 00000002
mov eax, esi
call 0043F25C

|:0043DC2C(C), :0043DC35(C), :0043DC3B(C)
|
:0043DC4B C6868500000000
:0043DC52 8BC6
mov eax, esi
:0043DC54 E8F71B0000
call 0043F850
:0043DC59 33D2
xor edx, edx
:0043DC5B 8BC6
mov eax, esi
:0043DC5D E802160000
call 0043F264
:0043DC62 8BD3
mov edx, ebx
:0043DC64 80E2FC
and dl, FC
:0043DC67 8BC6
mov eax, esi
:0043DC69 E89E38FDFF
call 0041150C
:0043DC6E 56
push esi
:0043DC6F 687CE04300
push 0043E07C
:0043DC74 8BC6
mov eax, esi
:0043DC76 E80D100000
call 0043EC88
:0043DC7B 8B4624
:0043DC7E 85C0
test eax, eax
:0043DC80 742C
je 0043DCAE
:0043DC82 80BE8C00000000
:0043DC89 7423
je 0043DCAE
:0043DC8B 8B158C2B4400
mov edx, dword ptr [00442B8C]
:0043DC91 803A00
cmp byte ptr [edx], 00
:0043DC94 740F
je 0043DCA5
:0043DC96 6A00
push 00000000
:0043DC98 6A01
push 00000001
:0043DC9A 6880000000
push 00000080
:0043DC9F 50
push eax
|
:0043DCA0 E8E386FCFF
Call 00406388
|:0043DC94(C)
|
:0043DCA5 8B4624
:0043DCA8 50
push eax
|
:0043DCA9 E8DA83FCFF
Call 00406088
|:0043DC80(C), :0043DC89(C)
|
:0043DCAE 8B462C
:0043DCB1 85C0
:0043DCB3 7405
:0043DCB5 E8D28CFFFF
|:0043DCB3(C)
|
:0043DCBA E8E18BFFFF
:0043DCBF 8B8690000000
:0043DCC5 E8564FFCFF
:0043DCCA 8B4678
:0043DCCD E84E4FFCFF

test eax, eax
je 0043DCBA
call 0043698C
call 004368A0
call 00402C20
call 00402C20
:0043DCD2
:0043DCD8
:0043DCDD
:0043DCDF
:0043DCE1
:0043DCE3
8B8680000000
E8434FFCFF
84DB
7E07
8BC6
E86C52FCFF

call 00402C20
test bl, bl
jle 0043DCE8
mov eax, esi
call 00402F54

|:0043DCDF(C)
|
:0043DCE8 5E
pop esi
:0043DCE9 5B
pop ebx
:0043DCEA C3
ret
:0043DCEB 90
nop

|:0043DBBF
|
:0043DCEC 55
push ebp
:0043DCED 8BEC
mov ebp, esp
:0043DCEF 83C4D4
add esp, FFFFFFD4
:0043DCF2 53
push ebx
:0043DCF3 33D2
xor edx, edx
:0043DCF5 8955D4
:0043DCF8 8BD8
mov ebx, eax
:0043DCFA 33C0
xor eax, eax
:0043DCFC 55
push ebp
:0043DCFD 6870DE4300
push 0043DE70
:0043DD02 64FF30
:0043DD05 648920
:0043DD08 80BB8C00000000
:0043DD0F 0F8545010000
jne 0043DE5A
:0043DD15 A17C2C4400
:0043DD1A 803800
:0043DD1D 0F8537010000
jne 0043DE5A
:0043DD23 53
push ebx
:0043DD24 6854E14300
push 0043E154
:0043DD29 E8C68BFFFF
call 004368F4
:0043DD2E 89432C
:0043DD31 8D45D8
:0043DD34 50
push eax
* Possible StringData Ref from Code Obj ->"TApplication"
|
:0043DD35 A154294400
:0043DD3A 50
push eax
:0043DD3B A1E02B4400
:0043DD40 8B00
:0043DD42 50
push eax
|
:0043DD43 E8D883FCFF
Call 00406120
:0043DD48 85C0
test eax, eax
:0043DD4A 753C
jne 0043DD88
:0043DD4C A1E02B4400
:0043DD51 8B00
:0043DD53 A340294400
:0043DD58 6830294400
push 00442930

|
:0043DD5D E8DE85FCFF
Call 00406340
:0043DD62 6685C0
test ax, ax
:0043DD65 7521
jne 0043DD88
:0043DD67 8D55D4
lea edx, dword
:0043DD6A A1942A4400
mov eax, dword
:0043DD6F E8B070FCFF
call 00404E24
:0043DD74 8B4DD4
mov ecx, dword
:0043DD77 B201
mov dl, 01
:0043DD79 A198B44000
mov eax, dword
:0043DD7E E8E9AAFCFF
call 0040886C
:0043DD83 E82855FCFF
call 004032B0
ptr [ebp-2C]
ptr [00442A94]
ptr [ebp-2C]
ptr [0040B498]
|:0043DD4A(C), :0043DD65(C)
|
:0043DD88 6A00
:0043DD8A A1302B4400
:0043DD8F 8B00
:0043DD91 FFD0
:0043DD93 D1F8
:0043DD95 7903
:0043DD97 83D000
|:0043DD95(C)
|
:0043DD9A 50
:0043DD9B 6A01
:0043DD9D A1302B4400
:0043DDA2 8B00
:0043DDA4 FFD0
:0043DDA6 D1F8
:0043DDA8 7903
:0043DDAA 83D000
|:0043DDA8(C)
|
:0043DDAD 50
:0043DDAE 6A00
:0043DDB0 6A00
:0043DDB2 6A00
:0043DDB4 6A00
:0043DDB6 A1E02B4400
:0043DDBB 8B00
:0043DDBD 50
:0043DDBE 6A00
:0043DDC0 8B4374
:0043DDC3 E8305EFCFF
:0043DDC8 8BD0
:0043DDCA B90000CA84
push 00000000
call eax
sar eax, 1
jns 0043DD9A
adc eax, 00000000
push eax
push 00000001
call eax
sar eax, 1
jns 0043DDAD
adc eax, 00000000
push eax
push 00000000
push 00000000
push 00000000
push 00000000
push eax
push 00000000
call 00403BF8
mov edx, eax
mov ecx, 84CA0000
* Possible StringData Ref from Code Obj ->"TApplication"

|
:0043DDCF A154294400
:0043DDD4 E85787FCFF
call 00406530
:0043DDD9
:0043DDDC
:0043DDDF
:0043DDE4
:0043DDEB
:0043DDEE
:0043DDEF
:0043DDF1
:0043DDF4
894324
8D4374
E8D459FCFF
C6838C00000001
8B432C
50
6AFC
8B4324
50

call 004037B8
push eax
push FFFFFFFC
push eax

|
:0043DDF5 E8FE85FCFF
Call 004063F8
:0043DDFA A18C2B4400
:0043DDFF 803800
:0043DE02 7418
je 0043DE1C
:0043DE04 8BC3
mov eax, ebx
:0043DE06 E8F5090000
call 0043E800
:0043DE0B 50
push eax
:0043DE0C 6A01
push 00000001
:0043DE0E 6880000000
push 00000080
:0043DE13 8B4324
:0043DE16 50
push eax
|
:0043DE17 E86C85FCFF
Call 00406388
|:0043DE02(C)
|
:0043DE1C 6A00
push 00000000
:0043DE1E 8B4324
:0043DE21 50
push eax
|
:0043DE22 E8F183FCFF
Call 00406218
:0043DE27 8BD8
mov ebx, eax
:0043DE29 6A00
push 00000000
:0043DE2B 6830F00000
push 0000F030
:0043DE30 53
push ebx
|
:0043DE31 E83282FCFF
Call 00406068
:0043DE36 6A00
push 00000000
:0043DE38 6800F00000
push 0000F000
:0043DE3D 53
push ebx
|
:0043DE3E E82582FCFF
Call 00406068
:0043DE43 A18C2B4400
:0043DE48 803800
:0043DE4B 740D
je 0043DE5A
:0043DE4D 6A00
push 00000000
:0043DE4F 6810F00000
push 0000F010
:0043DE54 53
push ebx

|
:0043DE55 E80E82FCFF
Call 00406068
|:0043DD0F(C), :0043DD1D(C), :0043DE4B(C)
|
:0043DE5A 33C0
xor eax, eax
:0043DE5C 5A
pop edx
:0043DE5D 59
pop ecx
:0043DE5E 59
pop ecx
:0043DE5F 648910
:0043DE62 6877DE4300
push 0043DE77
|:0043DE75(U)
|
:0043DE67 8D45D4
:0043DE6A E84959FCFF
:0043DE6F C3
:0043DE70
:0043DE75
:0043DE77
:0043DE78
:0043DE7A
:0043DE7B
jmp
jmp
pop
mov
pop
ret
E90354FCFF
EBF0
5B
8BE5
5D
C3

call 004037B8
ret
00403278
0043DE67
ebx
esp, ebp
ebp

|:00422520
|
:0043DE7C 53
push ebx
:0043DE7D 56
push esi
:0043DE7E B9A8374400
mov ecx, 004437A8
:0043DE83 3B5030
:0043DE86 7505
jne 0043DE8D
:0043DE88 33DB
xor ebx, ebx
:0043DE8A 895830
|:0043DE86(C)
|
:0043DE8D 3B5034
:0043DE90 7505
jne 0043DE97
:0043DE92 33DB
xor ebx, ebx
:0043DE94 895834
|:0043DE90(C)
|
:0043DE97 8B19
:0043DE99 3B5358
:0043DE9C 7507
jne 0043DEA5
:0043DE9E 8B19
:0043DEA0 33F6
xor esi, esi
:0043DEA2 897358

|:0043DE9C(C)
|
:0043DEA5 8B19
:0043DEA7 3B535C
:0043DEAA 750E
jne 0043DEBA
:0043DEAC 8B19
:0043DEAE 33F6
xor esi, esi
:0043DEB0 89735C
:0043DEB3 8B19
:0043DEB5 33F6
xor esi, esi
:0043DEB7 897360
|:0043DEAA(C)
|
:0043DEBA 8B19
:0043DEBC 3B536C
:0043DEBF 7507
jne 0043DEC8
:0043DEC1 8B19
:0043DEC3 33F6
xor esi, esi
:0043DEC5 89736C
|:0043DEBF(C)
|
:0043DEC8 3B5048
:0043DECB 7505
jne 0043DED2
:0043DECD 33D2
xor edx, edx
:0043DECF 895048
|:0043DECB(C)
|
:0043DED2 8B01
:0043DED4 E88BEFFFFF
:0043DED9 5E
:0043DEDA 5B
:0043DEDB C3
:0043DEDC
:0043DEDD
:0043DEDF
:0043DEE0
:0043DEE1
:0043DEE2
:0043DEE5
:0043DEE8
:0043DEEA
push ebp
mov ebp, esp
push ebx
push esi
push edi
or esi, FFFFFFFF
push 00000004
push ebx
55
8BEC
53
56
57
8B5D08
83CEFF
6A04
53

call 0043CE64
pop esi
pop ebx
ret

|
:0043DEEB E84083FCFF
Call 00406230
:0043DEF0 8B15A4374400
:0043DEF6 3B4224
:0043DEF9 7544
jne 0043DF3F
:0043DEFB 6AEC
push FFFFFFEC
:0043DEFD 53
push ebx

|
:0043DEFE E83D83FCFF
Call 00406240
:0043DF03 A808
test al, 08
:0043DF05 7431
je 0043DF38
:0043DF07 A1A4374400
:0043DF0C 8B7830
:0043DF0F 85FF
test edi, edi
:0043DF11 7414
je 0043DF27
:0043DF13 8B450C
:0043DF16 80780400
:0043DF1A 750B
jne 0043DF27
:0043DF1C 8BC7
mov eax, edi
:0043DF1E E8DDAFFEFF
call 00428F00
:0043DF23 3BD8
cmp ebx, eax
:0043DF25 7411
je 0043DF38
|:0043DF11(C), :0043DF1A(C)
|
:0043DF27 A1A4374400
:0043DF2C 8B4078
:0043DF2F 8BD3
:0043DF31 E82AEBFCFF
:0043DF36 EB07
|:0043DF05(C), :0043DF25(C)
|
:0043DF38 8B450C
:0043DF3B 8918
:0043DF3D 33F6
|:0043DEF9(C), :0043DF36(U)
|
:0043DF3F 8BC6
:0043DF41 5F
:0043DF42 5E
:0043DF43 5B
:0043DF44 5D
:0043DF45 C20800

mov edx, ebx
call 0040CA60
jmp 0043DF3F

xor esi, esi
mov
pop
pop
pop
pop
ret
eax, esi
edi
esi
ebx
ebp
0008

|:0043DFE2 , :0043DFEA
|
:0043DF48 53
push ebx
:0043DF49 56
push esi
:0043DF4A 83C4F8
add esp, FFFFFFF8
:0043DF4D 8BD8
mov ebx, eax
:0043DF4F A1A4374400
:0043DF54 83782400
:0043DF58 747E
je 0043DFD8
:0043DF5A 837B7C00
:0043DF5E 7575
jne 0043DFD5
:0043DF60 8B4324
:0043DF63 890424
:0043DF66 88542404
mov byte ptr [esp+04], dl
:0043DF6A 8BC4
:0043DF6C 50
:0043DF6D 68DCDE4300
mov eax, esp

push eax
push 0043DEDC
* Reference To: user32.EnumWindows, Ord:0000h

|
:0043DF72 E87181FCFF
Call 004060E8
:0043DF77 8B4378
:0043DF7A 83780800
:0043DF7E 7455
je 0043DFD5
:0043DF80 6A03
push 00000003
:0043DF82 8B442404
:0043DF86 50
push eax
|
:0043DF87 E8A482FCFF
Call 00406230
:0043DF8C 8BF0
mov esi, eax
:0043DF8E 893424
mov dword ptr [esp], esi
:0043DF91 6AEC
push FFFFFFEC
:0043DF93 56
push esi
|
:0043DF94 E8A782FCFF
Call 00406240
:0043DF99 A808
test al, 08
:0043DF9B 7407
je 0043DFA4
:0043DF9D C70424FEFFFFFF
mov dword ptr [esp], FFFFFFFE
|:0043DF9B(C)
|
:0043DFA4 8B4378
:0043DFA7 8B7008
:0043DFAA 4E
dec esi
:0043DFAB 83FE00
cmp esi, 00000000
:0043DFAE 7C25
jl 0043DFD5
|:0043DFD3(C)
|
:0043DFB0 6A13
:0043DFB2 6A00
:0043DFB4 6A00
:0043DFB6 6A00
:0043DFB8 6A00
:0043DFBA 8B442414
:0043DFBE 50
:0043DFBF 8BD6
:0043DFC1 8B4378
:0043DFC4 E8AFEBFCFF
:0043DFC9 50

push 00000013
push 00000000
push 00000000
push 00000000
push 00000000
push eax
mov edx, esi
call 0040CB78
push eax

|
:0043DFCA E83984FCFF
Call 00406408
:0043DFCF 4E
dec esi
:0043DFD0 83FEFF
cmp esi, FFFFFFFF
:0043DFD3 75DB
jne 0043DFB0

|:0043DF5E(C), :0043DF7E(C), :0043DFAE(C)
|
:0043DFD5 FF437C
inc [ebx+7C]
|:0043DF58(C)
|
:0043DFD8 59
pop ecx
:0043DFD9 5A
pop edx
:0043DFDA 5E
pop esi
:0043DFDB 5B
pop ebx
:0043DFDC C3
ret
:0043DFDD 8D4000

|:0043E42F , :0043E82E
|
:0043DFE0 33D2
xor edx, edx
:0043DFE2 E861FFFFFF
call 0043DF48
:0043DFE7 C3
ret

|:0043E4B2
|
:0043DFE8 B201
mov dl, 01
:0043DFEA E859FFFFFF
call 0043DF48
:0043DFEF C3
ret

|:0043E40D , :0043E45A , :0043E8B2
|
:0043DFF0 53
push ebx
:0043DFF1 56
push esi
:0043DFF2 8BD8
mov ebx, eax
:0043DFF4 A1A4374400
:0043DFF9 83782400
:0043DFFD 7449
je 0043E048
:0043DFFF 837B7C00
:0043E003 7E43
jle 0043E048
:0043E005 FF4B7C
dec [ebx+7C]
:0043E008 837B7C00
:0043E00C 753A
jne 0043E048
:0043E00E 8B4378
:0043E011 8B7008
:0043E014 4E
dec esi
:0043E015 83FE00
cmp esi, 00000000
:0043E018 7C22
jl 0043E03C
|:0043E03A(C)
|
:0043E01A 6A13
push 00000013
:0043E01C 6A00
push 00000000
:0043E01E
:0043E020
:0043E022
:0043E024
:0043E026
:0043E028
:0043E02B
:0043E030
6A00
6A00
6A00
6AFF
8BD6
8B4378
E848EBFCFF
50
push 00000000
push 00000000
push 00000000
push FFFFFFFF
mov edx, esi
call 0040CB78
push eax

|
:0043E031 E8D283FCFF
Call 00406408
:0043E036 4E
dec esi
:0043E037 83FEFF
cmp esi, FFFFFFFF
:0043E03A 75DE
jne 0043E01A
|:0043E018(C)
|
:0043E03C 8B4378
:0043E03F 66BBFFFF
:0043E043 E8AC4DFCFF

mov bx, FFFF
call 00402DF4

|:0043DFFD(C), :0043E003(C), :0043E00C(C)
|
:0043E048 5E
pop esi
:0043E049 5B
pop ebx
:0043E04A C3
ret
:0043E04B 90
nop

|:0043EFAB
|
:0043E04C 8B15502D4400
:0043E052 807A0900
:0043E056 7406
je 0043E05E
:0043E058 80782800
:0043E05C 7503
jne 0043E061
|:0043E056(C)
|
:0043E05E 33C0
xor eax, eax
:0043E060 C3
ret

|:0043E05C(C)
|
:0043E061 B001
mov al, 01
:0043E063 C3
ret

|:00433E2D
|
:0043E064
:0043E06A
:0043E06E
:0043E070
:0043E074
8B15502D4400
807A0900
7406
80782801
7403

je 0043E076
je 0043E079

|:0043E06E(C)
|
:0043E076 33C0
xor eax, eax
:0043E078 C3
ret

|:0043E074(C)
|
:0043E079 B001
mov al, 01
:0043E07B C3
ret

|:0043E1C2
|
:0043E07C 53
push ebx
:0043E07D 56
push esi
:0043E07E 8BF0
mov esi, eax
:0043E080 33DB
xor ebx, ebx
:0043E082 8B02
:0043E084 83E81A
sub eax, 0000001A
:0043E087 753D
jne 0043E0C6
:0043E089 807E4100
:0043E08D 740F
je 0043E09E
:0043E08F 6800040000
push 00000400
* Reference To: kernel32.SetThreadLocale, Ord:0000h
|
:0043E094 E8F77CFCFF
Call 00405D90
:0043E099 E8C2B2FCFF
call 00409360
|:0043E08D(C)
|
:0043E09E 807E4200
:0043E0A2 7422
:0043E0A4 A1A8374400
:0043E0A9 E836F2FFFF
:0043E0AE 807E7000
:0043E0B2 7412
:0043E0B4 33D2
:0043E0B6 8BC6
:0043E0B8 E8A7110000
:0043E0BD B201
:0043E0BF 8BC6
:0043E0C1 E89E110000

je 0043E0C6
call 0043D2E4
je 0043E0C6
xor edx, edx
mov eax, esi
call 0043F264
mov dl, 01
mov eax, esi
call 0043F264

|:0043E087(C), :0043E0A2(C), :0043E0B2(C)
|
:0043E0C6
:0043E0C8
:0043E0C9
:0043E0CA
8BC3
5E
5B
C3
:0043E0CB 90
mov eax, ebx

pop esi
pop ebx
ret
nop

|:0043E31F , :0043E391 , :0043E3A6 , :0043E3DA , :0043E3E6
|:0043E47D , :0043E489 , :0043E7A4 , :0043E7AD
|
:0043E0CC 55
push ebp
:0043E0CD 8BEC
mov ebp, esp
:0043E0CF 8B4508
:0043E0D2 8B40F8
:0043E0D5 8B4008
:0043E0D8 50
push eax
:0043E0D9 8B4508
:0043E0DC 8B40F8
:0043E0DF 8B4004
:0043E0E2 50
push eax
:0043E0E3 8B4508
:0043E0E6 8B40F8
:0043E0E9 8B00
:0043E0EB 50
push eax
:0043E0EC 8B4508
:0043E0EF 8B40FC
:0043E0F2 8B4024
:0043E0F5 50
push eax
|
:0043E0F6 E8657FFCFF
Call 00406060
:0043E0FB 8B5508
:0043E0FE 8B52F8
:0043E101 89420C
:0043E104 5D
pop ebp
:0043E105 C3
ret
:0043E106 8BC0
mov eax, eax

|:0043E385
|
:0043E108 55
push ebp
:0043E109 8BEC
mov ebp, esp
:0043E10B 83C4C0
add esp, FFFFFFC0
:0043E10E 53
push ebx
:0043E10F 8D45C0
:0043E112 50
push eax
:0043E113 8B4508
:0043E116 8B40FC
:0043E119 8B4024
:0043E11C 50
push eax
|
:0043E11D
:0043E122
:0043E124
:0043E127
:0043E12A
:0043E12F
:0043E130
:0043E132
:0043E134
E8DE7EFCFF
8BD8
8B4508
8B40FC
E8D1060000
50
6A00
6A00
53
Call 00406000
mov ebx, eax
call 0043E800
push eax
push 00000000
push 00000000
push ebx

|
:0043E135 E86E7FFCFF
Call 004060A8
:0043E13A 8D45C0
lea eax, dword
:0043E13D 50
push eax
:0043E13E 8B4508
mov eax, dword
:0043E141 8B40FC
mov eax, dword
:0043E144 8B4024
mov eax, dword
:0043E147 50
push eax
ptr [ebp-40]
ptr [ebp+08]
ptr [eax-04]
ptr [eax+24]

|
:0043E148 E88B7FFCFF
Call 004060D8
:0043E14D 5B
pop ebx
:0043E14E 8BE5
mov esp, ebp
:0043E150 5D
pop ebp
:0043E151 C3
ret
:0043E152
:0043E154
:0043E155
:0043E157
:0043E15A
:0043E15B
:0043E15C
:0043E15D
:0043E160
:0043E163
:0043E165
:0043E166
:0043E16B
:0043E16E
:0043E171
:0043E174
:0043E176
:0043E179
:0043E17C
:0043E182
:0043E185
:0043E186
:0043E188
:0043E18A
:0043E18B
8BC0
55
8BEC
83C4F8
53
56
57
8955F8
8945FC
33D2
55
68BDE74300
64FF32
648922
8B45F8
33D2
89500C
8B45FC
8B8090000000
8B5808
4B
85DB
7C32
43
33F6
mov eax, eax

push ebp
mov ebp, esp
add esp, FFFFFFF8
push ebx
push esi
push edi
xor edx, edx
push ebp
push 0043E7BD
xor edx, edx
dec ebx
test ebx, ebx
jl 0043E1BC
inc ebx
xor esi, esi

|:0043E1BA(C)
|
:0043E18D 8B45FC
:0043E190 8B8090000000
:0043E196
:0043E198
:0043E19D
:0043E19F
:0043E1A2
:0043E1A5
:0043E1A7
:0043E1A9
:0043E1AB
:0043E1AD
:0043E1AE
:0043E1AF
:0043E1B0
:0043E1B3
8BD6
E8DBE9FCFF
8BF8
8B55F8
8B4704
FF17
84C0
740D
33C0
5A
59
59
648910
E91A060000
mov edx, esi

call 0040CB78
mov edi, eax
test al, al
je 0043E1B8
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0043E7D2

|:0043E1A9(C)
|
:0043E1B8 46
inc esi
:0043E1B9 4B
dec ebx
:0043E1BA 75D1
jne 0043E18D
|:0043E188(C)
|
:0043E1BC 8B55F8
:0043E1BF 8B45FC
:0043E1C2 E8B5FEFFFF
:0043E1C7 8B5DF8
:0043E1CA 8B1B
:0043E1CC 8BC3
:0043E1CE 3D12010000
:0043E1D3 0F8F95000000
:0043E1D9 0F840A010000
:0043E1DF 83F815
:0043E1E2 7F51
:0043E1E4 0F8458010000
:0043E1EA 83C0F9
:0043E1ED 83F80D
:0043E1F0 0F87B6050000
:0043E1F6 FF2485FDE14300
:0043E1FD
:0043E201
:0043E205
:0043E209
:0043E20D
:0043E211
:0043E215
:0043E219
:0043E21D
:0043E221
:0043E225
:0043E229
:0043E22D
:0043E231
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
DWORD
C4E34300
ACE74300
ACE74300
4EE44300
ACE74300
ACE74300
ACE74300
ACE74300
74E34300
2AE34300
ACE74300
ACE74300
ACE74300
9CE34300

call 0043E07C
mov eax, ebx
cmp eax, 00000112
jg 0043E26E
je 0043E2E9
cmp eax, 00000015
jg 0043E235
je 0043E342
add eax, FFFFFFF9
cmp eax, 0000000D
ja 0043E7AC
jmp dword ptr [4*eax+0043E1FD]
0043E3C4
0043E7AC
0043E7AC
0043E44E
0043E7AC
0043E7AC
0043E7AC
0043E7AC
0043E374
0043E32A
0043E7AC
0043E7AC
0043E7AC
0043E39C
|:0043E1E2(C)
|
:0043E235 83F81C
:0043E238 7F1D
:0043E23A 0F84A5010000
:0043E240 83E816
:0043E243 0F849F020000
:0043E249 83E804
:0043E24C 0F843F050000
:0043E252 E955050000
:0043E257 83E837
:0043E25A 0F8451010000
:0043E260 83E813
:0043E263 0F8496020000
:0043E269 E93E050000
cmp eax, 0000001C

jg 0043E257
je 0043E3E5
sub eax, 00000016
je 0043E4E8
sub eax, 00000004
je 0043E791
jmp 0043E7AC
sub eax, 00000037
je 0043E3B1
sub eax, 00000013
je 0043E4FF
jmp 0043E7AC
|:0043E1D3(C)
|
:0043E26E 3D1AB00000
:0043E273 7F48
:0043E275 0F845F040000
:0043E27B 3D01B00000
:0043E280 7F24
:0043E282 0F842A040000
:0043E288 05CEFEFFFF
:0043E28D 83E807
:0043E290 0F8226020000
:0043E296 2DC7AE0000
:0043E29B 0F84E9030000
:0043E2A1 E906050000
|:0043E280(C)
|
:0043E2A6 2D16B00000
:0043E2AB 0F841E030000
:0043E2B1 48
:0043E2B2 0F8439030000
:0043E2B8 E9EF040000
|:0043E273(C)
|
:0043E2BD 2D1FB00000
:0043E2C2 0F8451040000
:0043E2C8 48
:0043E2C9 0F8464040000
:0043E2CF 83E811
:0043E2D2 0F848E040000
:0043E2D8 83C0F2
:0043E2DB 83E802
:0043E2DE 0F82CA020000
:0043E2E4 E9C3040000
cmp eax, 0000B01A

jg 0043E2BD
je 0043E6DA
cmp eax, 0000B001
jg 0043E2A6
je 0043E6B2
add eax, FFFFFECE
sub eax, 00000007
jb 0043E4BC
sub eax, 0000AEC7
je 0043E68A
jmp 0043E7AC
sub eax, 0000B016

je 0043E5CF
dec eax
je 0043E5F1
jmp 0043E7AC
sub eax, 0000B01F

je 0043E719
dec eax
je 0043E733
sub eax, 00000011
je 0043E766
add eax, FFFFFFF2
sub eax, 00000002
jb 0043E5AE
jmp 0043E7AC

|:0043E1D9(C)
|
:0043E2E9 8B45F8
:0043E2EC 8B4004
:0043E2EF
:0043E2F4
:0043E2F9
:0043E2FB
:0043E300
:0043E302
25F0FF0000
2D20F00000
7409
2D00010000
740F
EB1A
and eax, 0000FFF0

sub eax, 0000F020
je 0043E304
sub eax, 00000100
je 0043E311
jmp 0043E31E
|:0043E2F9(C)
|
:0043E304 8B45FC
:0043E307 E810050000
:0043E30C E9A2040000
|:0043E300(C)
|
:0043E311 8B45FC
:0043E314 E84B050000
:0043E319 E995040000
|:0043E302(U)
|
:0043E31E 55
:0043E31F E8A8FDFFFF
:0043E324 59
:0043E325 E989040000
:0043E32A 8B45FC
:0043E32D 8B4030
:0043E330 85C0
:0043E332 0F847B040000
:0043E338 E883D9FFFF
:0043E33D E971040000
|:0043E1E4(C)
|
:0043E342 833DB037440000
:0043E349 0F8464040000
:0043E34F 833DB0374400FF
:0043E356 0F8457040000
:0043E35C 833DCC37440000
:0043E363 0F844A040000
:0043E369 FF15CC374400
:0043E36F E93F040000
:0043E374 8B45FC
:0043E377 8B4024
:0043E37A 50

call 0043E81C
jmp 0043E7B3

call 0043E864
jmp 0043E7B3
push ebp
call 0043E0CC
pop ecx
jmp 0043E7B3
test eax, eax
je 0043E7B3
call 0043BCC0
jmp 0043E7B3
cmp dword ptr [004437B0], 00000000

je 0043E7B3
cmp dword ptr [004437B0], FFFFFFFF
je 0043E7B3
cmp dword ptr [004437CC], 00000000
je 0043E7B3
call dword ptr [004437CC]
jmp 0043E7B3
push eax

|
:0043E37B E8287FFCFF
Call 004062A8
:0043E380 85C0
test eax, eax
:0043E382 740C
je 0043E390
:0043E384 55
push ebp
:0043E385 E87EFDFFFF
call 0043E108
:0043E38A 59
pop ecx
:0043E38B E923040000
jmp 0043E7B3
|:0043E382(C)
|
:0043E390 55
:0043E396 59
:0043E397 E917040000
:0043E39C 8B45F8
:0043E39F C70027000000
:0043E3A5 55
:0043E3A6 E821FDFFFF
:0043E3AB 59
:0043E3AC E902040000
|:0043E25A(C)
|
:0043E3B1 8B45FC
:0043E3B4 E847040000
:0043E3B9 8B55F8
:0043E3BC 89420C
:0043E3BF E9EF030000
:0043E3C4 6A00
:0043E3C6 6A00
:0043E3C8 681AB00000
:0043E3CD 8B45FC
:0043E3D0 8B4024
:0043E3D3 50
push ebp
call 0043E0CC
pop ecx
jmp 0043E7B3
push ebp
call 0043E0CC
pop ecx
jmp 0043E7B3

call 0043E800
jmp 0043E7B3
push 00000000
push 00000000
push 0000B01A
push eax

|
:0043E3D4 E84F7FFCFF
Call 00406328
:0043E3D9 55
push ebp
:0043E3DA E8EDFCFFFF
call 0043E0CC
:0043E3DF 59
pop ecx
:0043E3E0 E9CE030000
jmp 0043E7B3
|:0043E23A(C)
|
:0043E3E5 55
:0043E3E6 E8E1FCFFFF
:0043E3EB 59
:0043E3EC 8B45F8
:0043E3EF 8B4004
:0043E3F2 F7D8
:0043E3F4 1BC0
:0043E3F6 F7D8
:0043E3F8 8B55FC
:0043E3FB 888285000000
:0043E401 8B45F8
:0043E404 83780400
:0043E408 7422
:0043E40A 8B45FC
:0043E40D E8DEFBFFFF
:0043E412 6A00
:0043E414 6A00
:0043E416 6800B00000
:0043E41B 8B45FC
:0043E41E 8B4024

push ebp
call 0043E0CC
pop ecx
neg eax
sbb eax, eax
neg eax
je 0043E42C
call 0043DFF0
push 00000000
push 00000000
push 0000B000
:0043E421 50
push eax

|
:0043E422 E8017FFCFF
Call 00406328
:0043E427 E987030000
jmp 0043E7B3
|:0043E408(C)
|
:0043E42C 8B45FC
:0043E42F E8ACFBFFFF
:0043E434 6A00
:0043E436 6A00
:0043E438 6801B00000
:0043E43D 8B45FC
:0043E440 8B4024
:0043E443 50

call 0043DFE0
push 00000000
push 00000000
push 0000B001
push eax

|
:0043E444 E8DF7EFCFF
Call 00406328
:0043E449 E965030000
jmp 0043E7B3
:0043E44E 8B45F8
:0043E451 83780400
:0043E455 7431
je 0043E488
:0043E457 8B45FC
:0043E45A E891FBFFFF
call 0043DFF0
:0043E45F 8B45FC
:0043E462 8B8094000000
:0043E468 85C0
test eax, eax
:0043E46A 7410
je 0043E47C
:0043E46C E84B80FFFF
call 004364BC
:0043E471 8B45FC
:0043E474 33D2
xor edx, edx
:0043E476 899094000000
|:0043E46A(C)
|
:0043E47C 55
:0043E47D E84AFCFFFF
:0043E482 59
:0043E483 E92B030000
|:0043E455(C)
|
:0043E488 55
:0043E489 E83EFCFFFF
:0043E48E 59
:0043E48F 8B45FC
:0043E492 83B89400000000
:0043E499 7514
:0043E49B 8B45FC
:0043E49E 8B4024
:0043E4A1 E8627FFFFF
:0043E4A6 8B55FC
:0043E4A9 898294000000
push ebp
call 0043E0CC
pop ecx
jmp 0043E7B3
push ebp
call 0043E0CC
pop ecx
cmp dword ptr [eax+00000094], 00000000
jne 0043E4AF
call 00436408
|:0043E499(C)
|
:0043E4AF 8B45FC
:0043E4B2 E831FBFFFF
:0043E4B7 E9F7020000
|:0043E290(C)
|
:0043E4BC 8B75F8
:0043E4BF 8B7608
:0043E4C2 56
:0043E4C3 8B45F8
:0043E4C6 8B4004
:0043E4C9 50
:0043E4CA 8B45F8
:0043E4CD 81C300BC0000
:0043E4D3 53
:0043E4D4 8B45F8
:0043E4D7 56

call 0043DFE8
jmp 0043E7B3
mov esi,
mov esi,
push esi
mov eax,
mov eax,
push eax
mov eax,
add ebx,
push ebx
mov eax,
push esi
dword ptr [ebp-08]

dword ptr [esi+08]
dword ptr [ebp-08]
dword ptr [eax+04]
dword ptr [ebp-08]
0000BC00
dword ptr [ebp-08]

|
:0043E4D8 E8AB7EFCFF
Call 00406388
:0043E4DD 8B55F8
:0043E4E0 89420C
:0043E4E3 E9CB020000
jmp 0043E7B3
|:0043E243(C)
|
:0043E4E8 8B45F8
:0043E4EB 83780400
:0043E4EF 0F84BE020000
:0043E4F5 E88E51FCFF
:0043E4FA E9B4020000
|:0043E263(C)
|
:0043E4FF 8B45F8
:0043E502 8B4008
:0043E505 8138544453DE
:0043E50B 0F85A2020000
:0043E511 8B45FC
:0043E514 80B88600000000
:0043E51B 0F8492020000
:0043E521 8B45FC
:0043E524 83B88800000000
:0043E52B 7574

je 0043E7B3
call 00403688
jmp 0043E7B3

cmp dword ptr [eax], DE534454
jne 0043E7B3
je 0043E7B3
cmp dword ptr [eax+00000088], 00000000
jne 0043E5A1
* Possible StringData Ref from Code Obj ->"vcltest3.dll"

|
:0043E52D 68DCE74300
push 0043E7DC
|
:0043E532 E81178FCFF
Call 00405D48
:0043E537 8BD8
mov ebx, eax
:0043E539
:0043E53C
:0043E542
:0043E544
:0043E546
:0043E549
:0043E54B
8B45FC
899888000000
85DB
7440
8B45F8
33D2
89500C

test ebx, ebx
je 0043E586
xor edx, edx
* Possible StringData Ref from Code Obj ->"RegisterAutomation"

|
:0043E54E 68ECE74300
push 0043E7EC
:0043E553 8B45FC
:0043E556 8B8088000000
:0043E55C 50
push eax
|
:0043E55D E86677FCFF
Call 00405CC8
:0043E562 8BF0
mov esi, eax
:0043E564 89F3
mov ebx, esi
:0043E566 85F6
test esi, esi
:0043E568 0F8445020000
je 0043E7B3
:0043E56E 8B45F8
mov eax, dword ptr
:0043E571 8B4008
mov eax, dword ptr
:0043E574 8B5008
mov edx, dword ptr
:0043E577 52
push edx
:0043E578 8B55F8
mov edx, dword ptr
:0043E57B 8B4004
mov eax, dword ptr
:0043E57E 50
push eax
:0043E57F FFD3
call ebx
:0043E581 E92D020000
jmp 0043E7B3
[ebp-08]
[eax+08]
[eax+08]
[ebp-08]
[eax+04]

|:0043E544(C)
|
|
:0043E586 E81D77FCFF
Call 00405CA8
:0043E58B 8B55F8
:0043E58E 89420C
:0043E591 8B45FC
:0043E594 33D2
xor edx, edx
:0043E596 899088000000
:0043E59C E912020000
jmp 0043E7B3
|:0043E52B(C)
|
:0043E5A1 8B45F8
:0043E5A4 33D2
:0043E5A6 89500C
:0043E5A9 E905020000

mov
xor
mov
jmp

edx, edx
0043E7B3

|:0043E2DE(C)
|
:0043E5AE 8B4DF8
:0043E5B1 8B4908
:0043E5B4 8B45F8
:0043E5B7
:0043E5B9
:0043E5BC
:0043E5C1
:0043E5C4
:0043E5C7
:0043E5CA
8BD3
8B45FC
E807180000
83E07F
8B55F8
89420C
E9E4010000
mov edx, ebx

call 0043FDC8
and eax, 0000007F
jmp 0043E7B3
|:0043E2AB(C)
|
:0043E5CF 8B55F8
:0043E5D2 8B45FC
:0043E5D5 E82A050000
:0043E5DA 84C0
:0043E5DC 0F84D1010000
:0043E5E2 8B45F8
:0043E5E5 C7400C01000000
:0043E5EC E9C2010000
|:0043E2B2(C)
|
:0043E5F1 8B45FC
:0043E5F4 8B4030
:0043E5F7 85C0
:0043E5F9 0F84B4010000
:0043E5FF 8BD8
:0043E601 8BC3
:0043E603 E8F8A8FEFF
:0043E608 85C0
:0043E60A 0F84A3010000
:0043E610 8BC3
:0043E612 E8E9A8FEFF
:0043E617 50

call 0043EB04
test al, al
je 0043E7B3
mov [eax+0C], 00000001
jmp 0043E7B3

test eax, eax
je 0043E7B3
mov ebx, eax
mov eax, ebx
call 00428F00
test eax, eax
je 0043E7B3
mov eax, ebx
call 00428F00
push eax

|
:0043E618 E89B7CFCFF
Call 004062B8
:0043E61D 85C0
test eax, eax
:0043E61F 0F848E010000
je 0043E7B3
:0043E625 8BC3
mov eax, ebx
:0043E627 E8D4A8FEFF
call 00428F00
:0043E62C 50
push eax
|
:0043E62D E88E7CFCFF
Call 004062C0
:0043E632 85C0
test eax, eax
:0043E634 0F8479010000
je 0043E7B3
:0043E63A C6053828440000
mov byte ptr [00442838], 00
|
:0043E641 E81A7BFCFF
Call 00406160
:0043E646 8BF0
mov esi, eax
:0043E648 8BC3
mov eax, ebx
:0043E64A E8B1A8FEFF
call 00428F00
:0043E64F 50
push eax

|
:0043E650 E8537DFCFF
Call 004063A8
:0043E655 8B45F8
mov eax, dword ptr
:0043E658 8B4008
mov eax, dword ptr
:0043E65B 50
push eax
:0043E65C 8B4DF8
mov ecx, dword ptr
:0043E65F 8B4904
mov ecx, dword ptr
:0043E662 BA12010000
mov edx, 00000112
:0043E667 8BC3
mov eax, ebx
:0043E669 E8265BFEFF
call 00424194
:0043E66E 56
push esi
[ebp-08]
[eax+08]
[ebp-08]
[ecx+04]

|
:0043E66F E8347DFCFF
Call 004063A8
:0043E674 C6053828440001
mov byte ptr [00442838], 01
:0043E67B 8B45F8
:0043E67E C7400C01000000
mov [eax+0C], 00000001
:0043E685 E929010000
jmp 0043E7B3
|:0043E29B(C)
|
:0043E68A 8B45FC
:0043E68D 6683B8FA00000000
:0043E695 0F8418010000
:0043E69B 8B5DFC
:0043E69E 8B55FC
:0043E6A1 8B83FC000000
:0043E6A7 FF93F8000000
:0043E6AD E901010000
|:0043E282(C)
|
:0043E6B2 8B45FC
:0043E6B5 6683B8F200000000
:0043E6BD 0F84F0000000
:0043E6C3 8B5DFC
:0043E6C6 8B55FC
:0043E6C9 8B83F4000000
:0043E6CF FF93F0000000
:0043E6D5 E9D9000000

cmp word ptr [eax+000000FA], 0000
je 0043E7B3
mov eax, dword ptr [ebx+000000FC]
jmp 0043E7B3

cmp word ptr [eax+000000F2], 0000
je 0043E7B3
jmp 0043E7B3

|:0043E275(C)
|
:0043E6DA 8B45FC
:0043E6DD 8B4024
:0043E6E0 50
push eax
|
:0043E6E1 E8C27BFCFF
Call 004062A8
:0043E6E6 85C0
test eax, eax
:0043E6E8 0F85C5000000
jne 0043E7B3
|
:0043E6EE
:0043E6F3
:0043E6F6
:0043E6F9
:0043E6FF
:0043E701
:0043E706
:0043E708
:0043E70E
E86D7AFCFF
8B55FC
3B4224
0F85B4000000
33C0
E8527EFFFF
85C0
0F84A5000000
50
Call 00406160
jne 0043E7B3
xor eax, eax
call 00436558
test eax, eax
je 0043E7B3
push eax

|
:0043E70F E8947CFCFF
Call 004063A8
:0043E714 E99A000000
jmp 0043E7B3
|:0043E2C2(C)
|
:0043E719 8B4DF8
:0043E71C 8B4908
:0043E71F 8B55F8
:0043E722 668B5204
:0043E726 8B45FC
:0043E729 E8F6090000
:0043E72E E980000000
|:0043E2C9(C)
|
:0043E733 8B45F8
:0043E736 83780400
:0043E73A 7515
:0043E73C 8B45F8
:0043E73F 8B4008
:0043E742 FF7004
:0043E745 FF30
:0043E747 8B45FC
:0043E74A E8DD040000
:0043E74F EB62
|:0043E73A(C)
|
:0043E751 8B45F8
:0043E754 8B4008
:0043E757 FF7004
:0043E75A FF30
:0043E75C 8B45FC
:0043E75F E824050000
:0043E764 EB4D
|:0043E2D2(C)
|
:0043E766 8B45F8
:0043E769 83780401
:0043E76D 7511
:0043E76F 8B45FC
:0043E772 8B8098000000
:0043E778 8B55F8

mov dx, word ptr [edx+04]
call 0043F124
jmp 0043E7B3

jne 0043E751
push [eax+04]
call 0043EC2C
jmp 0043E7B3
mov eax, dword

mov eax, dword
push [eax+04]
push dword ptr
mov eax, dword
call 0043EC88
jmp 0043E7B3
mov
cmp
jne
mov
mov
mov
ptr [ebp-08]
ptr [eax+08]
[eax]
ptr [ebp-04]

dword ptr [eax+04], 00000001
0043E780
:0043E77B 89420C
:0043E77E EB33

jmp 0043E7B3
|:0043E76D(C)
|
:0043E780 8B45F8
:0043E783 8B4008
:0043E786 8B55FC
:0043E789 898298000000
:0043E78F EB22
|:0043E24C(C)
|
:0043E791 8B55F8
:0043E794 8B5204
:0043E797 A1182D4400
:0043E79C 8B00
:0043E79E E885E8FEFF
:0043E7A3 55
:0043E7A4 E823F9FFFF
:0043E7A9 59
:0043E7AA EB07
mov
mov
mov
mov
jmp

0043E7B3
mov edx, dword

mov edx, dword
mov eax, dword
mov eax, dword
call 0042D028
push ebp
call 0043E0CC
pop ecx
jmp 0043E7B3
ptr
ptr
ptr
ptr
[ebp-08]
[edx+04]
[00442D18]
[eax]

|:0043E1F0(C), :0043E252(U), :0043E269(U), :0043E2A1(U), :0043E2B8(U)
|:0043E2E4(U)
|
:0043E7AC 55
push ebp
:0043E7AD E81AF9FFFF
call 0043E0CC
:0043E7B2 59
pop ecx
|:0043E30C(U), :0043E319(U), :0043E325(U), :0043E332(C), :0043E33D(U)
|:0043E349(C), :0043E356(C), :0043E363(C), :0043E36F(U), :0043E38B(U)
|:0043E397(U), :0043E3AC(U), :0043E3BF(U), :0043E3E0(U), :0043E427(U)
|:0043E449(U), :0043E483(U), :0043E4B7(U), :0043E4E3(U), :0043E4EF(C)
|:0043E4FA(U), :0043E50B(C), :0043E51B(C), :0043E568(C), :0043E581(U)
|:0043E59C(U), :0043E5A9(U), :0043E5CA(U), :0043E5DC(C), :0043E5EC(U)
|:0043E5F9(C), :0043E60A(C), :0043E61F(C), :0043E634(C), :0043E685(U)
|:0043E695(C), :0043E6AD(U), :0043E6BD(C), :0043E6D5(U), :0043E6E8(C)
|:0043E6F9(C), :0043E708(C), :0043E714(U), :0043E72E(U), :0043E74F(U)
|:0043E764(U), :0043E77E(U), :0043E78F(U), :0043E7AA(U)
|
:0043E7B3 33C0
xor eax, eax
:0043E7B5 5A
pop edx
:0043E7B6 59
pop ecx
:0043E7B7 59
pop ecx
:0043E7B8 648910
:0043E7BB EB15
jmp 0043E7D2
:0043E7BD E9AE48FCFF
jmp 00403070
:0043E7C2 8B55FC
:0043E7C5 8B45FC
:0043E7C8 E897060000
call 0043EE64
:0043E7CD E84E4BFCFF
call 00403320
|:0043E1B3(U), :0043E7BB(U)
|
:0043E7D2
:0043E7D3
:0043E7D4
:0043E7D5
:0043E7D6
:0043E7D7
:0043E7D8
5F
5E
5B
59
59
5D
C3
pop
pop
pop
pop
pop
pop
ret
edi
esi
ebx
ecx
ecx
ebp
:0043E7D9 000000
BYTE 3 DUP(0)
:0043E7DC
:0043E7DE
:0043E7DF
:0043E7E1
:0043E7E3
:0043E7E5
jbe 0043E841
insb
je 0043E846
jnb 0043E857
xor ebp, dword ptr [esi]
BYTE 064h
7663
6C
7465
7374
332E
64
:0043E7E6 6C
:0043E7E7 6C
:0043E7E8 00000000
insb
insb
BYTE 4 DUP(0)
:0043E7EC
:0043E7ED
:0043E7F6
:0043E7F8
:0043E7F9
:0043E7FA
:0043E7FC
:0043E7FD
:0043E7FE
push edx
imul esi, gs:[bp+di+74], 75417265
je 0043E867
insd
popad
je 0043E865
outsd
outsb
52
656769737465724175
746F
6D
61
7469
6F
6E
0000

|:0043ABC0 , :0043DE06 , :0043E12A , :0043E3B4 , :0043F4F3
|
:0043E800 8B8080000000
:0043E806 E821BAFDFF
call 0041A22C
:0043E80B 85C0
test eax, eax
:0043E80D 750C
jne 0043E81B
:0043E80F 68007F0000
push 00007F00
:0043E814 6A00
push 00000000
|
:0043E816 E8CD7AFCFF
Call 004062E8
|:0043E80D(C)
|
:0043E81B C3
ret
|:0043B2B8 , :0043E307 , :0043EE0C
|
:0043E81C 53
push ebx
:0043E81D 8BD8
mov ebx, eax
:0043E81F 8B4324
:0043E822 50
push eax

|
:0043E823 E8807AFCFF
Call 004062A8
:0043E828 85C0
test eax, eax
:0043E82A 7535
jne 0043E861
:0043E82C 8BC3
mov eax, ebx
:0043E82E E8ADF7FFFF
call 0043DFE0
:0043E833 8B4324
:0043E836 50
push eax
|
:0043E837 E8547BFCFF
Call 00406390
:0043E83C BA06000000
mov edx, 00000006
|:0043E7DC(C)
|
:0043E841 8B4324
:0043E844 E8EFF1FFFF
:0043E849 6683BB0201000000
:0043E851 740E
:0043E853 8BD3
:0043E855 8B8304010000
:0043E85B FF9300010000

call 0043DA38
cmp word ptr [ebx+00000102], 0000
je 0043E861
mov edx, ebx

|:0043E82A(C), :0043E851(C)
|
:0043E861 5B
pop ebx
:0043E862 C3
ret
:0043E863 90
nop

|:0043E314
|
:0043E864 53
push ebx
|:0043E7FA(C)
|
:0043E865 56
push esi
:0043E866 8BD8
mov ebx, eax
:0043E868 8B4324
:0043E86B 50
push eax
|
:0043E86C E8377AFCFF
Call 004062A8
:0043E871 85C0
test eax, eax
:0043E873 7473
je 0043E8E8
:0043E875 8B4324
:0043E878 50
push eax
|
:0043E879
:0043E87E
:0043E883
:0043E886
:0043E88B
:0043E88E
:0043E890
:0043E892
:0043E899
:0043E89B
:0043E89F
:0043E8A1
:0043E8A3
:0043E8A8
:0043E8AB
E8127BFCFF
BA09000000
8B4324
E8ADF1FFFF
8B4330
85C0
741E
80B80B02000001
7515
80784700
750F
33D2
E8ECB4FFFF
8B4330
E8C8D5FFFF
Call 00406390
mov edx, 00000009
call 0043DA38
test eax, eax
je 0043E8B0
jne 0043E8B0
jne 0043E8B0
xor edx, edx
call 00439D94
call 0043BE78

|:0043E890(C), :0043E899(C), :0043E89F(C)
|
:0043E8B0 8BC3
mov eax, ebx
:0043E8B2 E839F7FFFF
call 0043DFF0
:0043E8B7 A1A8374400
:0043E8BC 8B7058
:0043E8BF 85F6
test esi, esi
:0043E8C1 740D
je 0043E8D0
:0043E8C3 8BC6
mov eax, esi
:0043E8C5 E836A6FEFF
call 00428F00
:0043E8CA 50
push eax
|
:0043E8CB E8D87AFCFF
Call 004063A8
|:0043E8C1(C)
|
:0043E8D0 6683BB0A01000000
:0043E8D8 740E
:0043E8DA 8BD3
:0043E8DC 8B830C010000
:0043E8E2 FF9308010000
|:0043E873(C), :0043E8D8(C)
|
:0043E8E8 5E
:0043E8E9 5B
:0043E8EA C3
:0043E8EB 90
nop

je 0043E8E8
mov edx, ebx
pop esi
pop ebx
ret

|:00427550
|
:0043E8EC 53
push ebx
:0043E8ED 56
push esi
:0043E8EE 8BD8
mov ebx, eax
:0043E8F0 8B4324
:0043E8F3 85C0
test eax, eax
:0043E8F5 742B
:0043E8F7 50
je 0043E922
push eax

|
:0043E8F8 E8A378FCFF
Call 004061A0
:0043E8FD 8BF0
mov esi, eax
:0043E8FF 85F6
test esi, esi
:0043E901 741F
je 0043E922
:0043E903 3B7324
:0043E906 741A
je 0043E922
:0043E908 56
push esi
|
:0043E909 E8B279FCFF
Call 004062C0
:0043E90E 85C0
test eax, eax
:0043E910 7410
je 0043E922
:0043E912 56
push esi
|
:0043E913 E8A079FCFF
Call 004062B8
:0043E918 85C0
test eax, eax
:0043E91A 7406
je 0043E922
:0043E91C 56
push esi
* Reference To: user32.SetForegroundWindow, Ord:0000h
|
:0043E91D E88E7AFCFF
Call 004063B0
|:0043E8F5(C), :0043E901(C), :0043E906(C), :0043E910(C), :0043E91A(C)
|
:0043E922 5E
pop esi
:0043E923 5B
pop ebx
:0043E924 C3
ret
:0043E925 8D4000

|:0043F0C3 , :00440FFA
|
:0043E928 53
push ebx
:0043E929 56
push esi
:0043E92A 81C400FFFFFF
add esp, FFFFFF00
:0043E930 8BF2
mov esi, edx
:0043E932 8BD8
mov ebx, eax
:0043E934 80BB8C00000000
:0043E93B 7420
je 0043E95D
:0043E93D 6800010000
push 00000100
:0043E942 8D442404
:0043E946 50
push eax
:0043E947 8B4324
:0043E94A 50
push eax
* Reference To: user32.GetWindowTextA, Ord:0000h
|
:0043E94B E81079FCFF
Call 00406260
:0043E950
:0043E952
:0043E954
:0043E956
:0043E95B
8BC8
8BD4
8BC6
E8414FFCFF
EB0A
mov ecx, eax

mov edx, esp
mov eax, esi
call 0040389C
jmp 0043E967
|:0043E93B(C)
|
:0043E95D 8BC6
:0043E95F 8B5374
:0043E962 E8E94EFCFF
|:0043E95B(U)
|
:0043E967 81C400010000
:0043E96D 5E
:0043E96E 5B
:0043E96F C3
mov eax, esi

call 00403850
add esp, 00000100

pop esi
pop ebx
ret

|:0043EBE3
|
:0043E970 53
push ebx
:0043E971 56
push esi
:0043E972 57
push edi
:0043E973 8BFA
mov edi, edx
:0043E975 8BD8
mov ebx, eax
:0043E977 33C0
xor eax, eax
:0043E979 8BB398000000
:0043E97F 85F6
test esi, esi
:0043E981 740D
je 0043E990
:0043E983 57
push edi
:0043E984 56
push esi
* Reference To: user32.IsDialogMessageA, Ord:0000h
|
:0043E985 E81679FCFF
Call 004062A0
:0043E98A F7D8
neg eax
:0043E98C 1BC0
sbb eax, eax
:0043E98E F7D8
neg eax
|:0043E981(C)
|
:0043E990 5F
pop edi
:0043E991 5E
pop esi
:0043E992 5B
pop ebx
:0043E993 C3
ret

|:0043F435
|
:0043E994 56
push esi
:0043E995 57
push edi
:0043E996
:0043E999
:0043E99F
:0043E9A1
:0043E9A7
8B4A04
81F900020000
7408
81F9A0000000
7539
|:0043E99F(C)
|
:0043E9A9 8B4A04
:0043E9AC 3B88A0000000
:0043E9B2 751A
:0043E9B4 8B4A14
:0043E9B7 3B88B0000000
:0043E9BD 750F
:0043E9BF 8B4A18
:0043E9C2 3B88B4000000
:0043E9C8 7504
:0043E9CA 33C0
:0043E9CC EB1D

cmp ecx, 00000200
je 0043E9A9
cmp ecx, 000000A0
jne 0043E9E2
mov
cmp
jne
mov
cmp
jne
mov
cmp
jne
xor
jmp
ecx, dword
ecx, dword
0043E9CE
ecx, dword
ecx, dword
0043E9CE
ecx, dword
ecx, dword
0043E9CE
eax, eax
0043E9EB
ptr [edx+04]
ptr [eax+000000A0]
ptr [edx+14]
ptr [eax+000000B0]
ptr [edx+18]
ptr [eax+000000B4]

|:0043E9B2(C), :0043E9BD(C), :0043E9C8(C)
|
:0043E9CE 8BF2
mov esi, edx
:0043E9D0 8DB89C000000
lea edi, dword ptr [eax+0000009C]
:0043E9D6 B907000000
mov ecx, 00000007
:0043E9DB F3
repz
:0043E9DC A5
movsd
:0043E9DD B001
mov al, 01
:0043E9DF 5F
pop edi
:0043E9E0 5E
pop esi
:0043E9E1 C3
ret

|:0043E9A7(C)
|
:0043E9E2 81F918010000
cmp ecx, 00000118
:0043E9E8 0F95C0
setne al
|:0043E9CC(U)
|
:0043E9EB 5F
pop edi
:0043E9EC 5E
pop esi
:0043E9ED C3
ret
:0043E9EE 8BC0
mov eax, eax

|:0043EBC9
|
:0043E9F0 53
push ebx
:0043E9F1 56
push esi
:0043E9F2 57
push edi
:0043E9F3 8BFA
mov edi, edx
:0043E9F5 8BD8
mov ebx, eax
:0043E9F7
:0043E9F9
:0043E9FC
:0043E9FE
:0043EA00
:0043EA07
:0043EA09
:0043EA0F
:0043EA13
:0043EA15
:0043EA1B
:0043EA1E
:0043EA25
:0043EA27
:0043EA28
:0043EA2E
33C0
8B7330
85F6
743A
80BE0F02000002
7531
8B15A8374400
837A6000
7425
8B15A8374400
8B5260
80BA0F02000001
7513
57
8B8634020000
50
xor eax, eax

test esi, esi
je 0043EA3A
jne 0043EA3A
je 0043EA3A
cmp byte ptr [edx+0000020F], 01
jne 0043EA3A
push edi
push eax
* Reference To: user32.TranslateMDISysAccel, Ord:0000h

|
:0043EA2F E8247AFCFF
Call 00406458
:0043EA34 F7D8
neg eax
:0043EA36 1BC0
sbb eax, eax
:0043EA38 F7D8
neg eax
|:0043E9FE(C), :0043EA07(C), :0043EA13(C), :0043EA25(C)
|
:0043EA3A 5F
pop edi
:0043EA3B 5E
pop esi
:0043EA3C 5B
pop ebx
:0043EA3D C3
ret
:0043EA3E 8BC0
mov eax, eax

|:0043EBD6
|
:0043EA40 53
push ebx
:0043EA41 56
push esi
:0043EA42 57
push edi
:0043EA43 55
push ebp
:0043EA44 8BFA
mov edi, edx
:0043EA46 8BE8
mov ebp, eax
:0043EA48 33DB
xor ebx, ebx
:0043EA4A 8B4704
:0043EA4D 3D00010000
cmp eax, 00000100
:0043EA52 7278
jb 0043EACC
:0043EA54 3D08010000
cmp eax, 00000108
:0043EA59 7771
ja 0043EACC
|
:0043EA5B E8B876FCFF
Call 00406118
:0043EA60 8BF0
mov esi, eax
:0043EA62 85F6
test esi, esi
:0043EA64 7537
jne 0043EA9D
:0043EA66 8B37
:0043EA68 8B4530
:0043EA6B 85C0
test eax, eax
:0043EA6D
:0043EA6F
:0043EA75
:0043EA77
:0043EA7C
740F
3BB034020000
7507
E884A4FEFF
8BF0
|:0043EA6D(C), :0043EA75(C)
|
:0043EA7E 8B470C
:0043EA81 50
:0043EA82 8B4708
:0043EA85 50
:0043EA86 8B4704
:0043EA89 0500BC0000
:0043EA8E 50
:0043EA8F 56
je 0043EA7E
jne 0043EA7E
call 00428F00
mov esi, eax
mov eax,
push eax
mov eax,
push eax
mov eax,
add eax,
push eax
push esi
dword ptr [edi+0C]

dword ptr [edi+08]
dword ptr [edi+04]
0000BC00

|
:0043EA90 E8F378FCFF
Call 00406388
:0043EA95 85C0
test eax, eax
:0043EA97 7433
je 0043EACC
:0043EA99 B301
mov bl, 01
:0043EA9B EB2F
jmp 0043EACC
|:0043EA64(C)
|
:0043EA9D 6AFA
push FFFFFFFA
:0043EA9F 56
push esi
|
:0043EAA0 E89B77FCFF
Call 00406240
:0043EAA5 8B15E02B4400
mov edx, dword ptr
:0043EAAB 3B02
cmp eax, dword ptr
:0043EAAD 751D
jne 0043EACC
:0043EAAF 8B470C
mov eax, dword ptr
:0043EAB2 50
push eax
:0043EAB3 8B4708
mov eax, dword ptr
:0043EAB6 50
push eax
:0043EAB7 8B4704
mov eax, dword ptr
:0043EABA 0500BC0000
add eax, 0000BC00
:0043EABF 50
push eax
:0043EAC0 56
push esi
[00442BE0]
[edx]
[edi+0C]
[edi+08]
[edi+04]

|
:0043EAC1 E8C278FCFF
Call 00406388
:0043EAC6 85C0
test eax, eax
:0043EAC8 7402
je 0043EACC
:0043EACA B301
mov bl, 01
|:0043EA52(C), :0043EA59(C), :0043EA97(C), :0043EA9B(U), :0043EAAD(C)
|:0043EAC8(C)
|
:0043EACC 8BC3
mov eax, ebx
:0043EACE 5D
pop ebp
:0043EACF
:0043EAD0
:0043EAD1
:0043EAD2
5F
5E
5B
C3
:0043EAD3 90
pop edi
pop esi
pop ebx
ret
nop

|:0043D8FF , :0043EBB6
|
:0043EAD4 53
push ebx
:0043EAD5 56
push esi
:0043EAD6 57
push edi
:0043EAD7 55
push ebp
:0043EAD8 8BFA
mov edi, edx
:0043EADA 8BE8
mov ebp, eax
:0043EADC 33DB
xor ebx, ebx
:0043EADE 8B756C
:0043EAE1 85F6
test esi, esi
:0043EAE3 7417
je 0043EAFC
:0043EAE5 8BD7
mov edx, edi
:0043EAE7 8BC6
mov eax, esi
:0043EAE9 8B08
:0043EAEB FF91C8000000
:0043EAF1 84C0
test al, al
:0043EAF3 7407
je 0043EAFC
:0043EAF5 8BC5
mov eax, ebp
:0043EAF7 E8540D0000
call 0043F850
|:0043EAE3(C), :0043EAF3(C)
|
:0043EAFC 8BC3
:0043EAFE 5D
:0043EAFF 5F
:0043EB00 5E
:0043EB01 5B
:0043EB02 C3
:0043EB03 90
nop
mov
pop
pop
pop
pop
ret
eax, ebx
ebp
edi
esi
ebx

|:0043E5D5
|
:0043EB04 53
push ebx
:0043EB05 56
push esi
:0043EB06 57
push edi
:0043EB07 55
push ebp
:0043EB08 51
push ecx
:0043EB09 8BEA
mov ebp, edx
:0043EB0B 8BF0
mov esi, eax
:0043EB0D C6042400
:0043EB11 6683BE1201000000
cmp word ptr [esi+00000112], 0000
:0043EB19 7410
je 0043EB2B
:0043EB1B 8BCC
mov ecx, esp
:0043EB1D 8BD5
mov edx, ebp
:0043EB1F 8B8614010000
:0043EB25 FF9610010000
|:0043EB19(C)
|
:0043EB2B 803C2400
:0043EB2F 752E
:0043EB31 8B7E30
:0043EB34 85FF
:0043EB36 7423
:0043EB38 8BC7
:0043EB3A E8C1A3FEFF
:0043EB3F 50

jne 0043EB5F
test edi, edi
je 0043EB5B
mov eax, edi
call 00428F00
push eax

|
:0043EB40 E87377FCFF
Call 004062B8
:0043EB45 85C0
test eax, eax
:0043EB47 7412
je 0043EB5B
:0043EB49 8BD5
mov edx, ebp
:0043EB4B 8B4630
:0043EB4E 66BBB1FF
mov bx, FFB1
:0043EB52 E89D42FCFF
call 00402DF4
:0043EB57 84C0
test al, al
:0043EB59 7504
jne 0043EB5F
|:0043EB36(C), :0043EB47(C)
|
:0043EB5B 33C0
xor eax, eax
:0043EB5D EB02
jmp 0043EB61
|:0043EB2F(C), :0043EB59(C)
|
:0043EB5F B001
mov al, 01
|:0043EB5D(U)
|
:0043EB61 880424
:0043EB64 8A0424
:0043EB67 5A
pop edx
:0043EB68 5D
pop ebp
:0043EB69 5F
pop edi
:0043EB6A 5E
pop esi
:0043EB6B 5B
pop ebx
:0043EB6C C3
ret
:0043EB6D 8D4000

|:0043EC12
|
:0043EB70 53
push ebx
:0043EB71 56
push esi
:0043EB72 57
push edi
:0043EB73 51
push ecx
:0043EB74 8BFA
mov edi, edx
:0043EB76 8BF0
mov esi, eax
:0043EB78
:0043EB7A
:0043EB7C
:0043EB7E
:0043EB80
:0043EB82
33DB
6A01
6A00
6A00
6A00
57
xor ebx, ebx

push 00000001
push 00000000
push 00000000
push 00000000
push edi
* Reference To: user32.PeekMessageA, Ord:0000h

|
:0043EB83 E89877FCFF
Call 00406320
:0043EB88 85C0
test eax, eax
:0043EB8A 7475
je 0043EC01
:0043EB8C B301
mov bl, 01
:0043EB8E 837F0412
:0043EB92 7466
je 0043EBFA
:0043EB94 C6042400
:0043EB98 6683BED200000000
cmp word ptr [esi+000000D2], 0000
:0043EBA0 7410
je 0043EBB2
:0043EBA2 8BCC
mov ecx, esp
:0043EBA4 8BD7
mov edx, edi
:0043EBA6 8B86D4000000
mov eax, dword ptr [esi+000000D4]
:0043EBAC FF96D0000000
call dword ptr [esi+000000D0]
|:0043EBA0(C)
|
:0043EBB2 8BD7
:0043EBB4 8BC6
:0043EBB6 E819FFFFFF
:0043EBBB 84C0
:0043EBBD 7542
:0043EBBF 803C2400
:0043EBC3 753C
:0043EBC5 8BD7
:0043EBC7 8BC6
:0043EBC9 E822FEFFFF
:0043EBCE 84C0
:0043EBD0 752F
:0043EBD2 8BD7
:0043EBD4 8BC6
:0043EBD6 E865FEFFFF
:0043EBDB 84C0
:0043EBDD 7522
:0043EBDF 8BD7
:0043EBE1 8BC6
:0043EBE3 E888FDFFFF
:0043EBE8 84C0
:0043EBEA 7515
:0043EBEC 57

mov edx, edi
mov eax, esi
call 0043EAD4
test al, al
jne 0043EC01
jne 0043EC01
mov edx, edi
mov eax, esi
call 0043E9F0
test al, al
jne 0043EC01
mov edx, edi
mov eax, esi
call 0043EA40
test al, al
jne 0043EC01
mov edx, edi
mov eax, esi
call 0043E970
test al, al
jne 0043EC01
push edi
* Reference To: user32.TranslateMessage, Ord:0000h

|
:0043EBED E86E78FCFF
Call 00406460
:0043EBF2 57
push edi
* Reference To: user32.DispatchMessageA, Ord:0000h
|
:0043EBF3 E89874FCFF
Call 00406090
:0043EBF8 EB07
jmp 0043EC01

|:0043EB92(C)
|
:0043EBFA C6868400000001
|:0043EB8A(C), :0043EBBD(C), :0043EBC3(C), :0043EBD0(C), :0043EBDD(C)
|:0043EBEA(C), :0043EBF8(U)
|
:0043EC01 8BC3
mov eax, ebx
:0043EC03 5A
pop edx
:0043EC04 5F
pop edi
:0043EC05 5E
pop esi
:0043EC06 5B
pop ebx
:0043EC07 C3
ret

|:0043C06F , :0043EE1D
|
:0043EC08 53
push ebx
:0043EC09 83C4E4
add esp, FFFFFFE4
:0043EC0C 8BD8
mov ebx, eax
:0043EC0E 8BD4
mov edx, esp
:0043EC10 8BC3
mov eax, ebx
:0043EC12 E859FFFFFF
call 0043EB70
:0043EC17 84C0
test al, al
:0043EC19 7509
jne 0043EC24
:0043EC1B 8BD4
mov edx, esp
:0043EC1D 8BC3
mov eax, ebx
:0043EC1F E868070000
call 0043F38C
|:0043EC19(C)
|
:0043EC24 83C41C
add esp, 0000001C
:0043EC27 5B
pop ebx
:0043EC28 C3
ret
:0043EC29 8D4000

|:0043E74A
|
:0043EC2C 55
push ebp
:0043EC2D 8BEC
mov ebp, esp
:0043EC2F 53
push ebx
:0043EC30 8BD8
mov ebx, eax
:0043EC32 80BB8C00000000
:0043EC39 751A
jne 0043EC55
:0043EC3B 8B4324
:0043EC3E 85C0
test eax, eax
:0043EC40 7440
je 0043EC82
:0043EC42 8D5508
:0043EC45 52
push edx
:0043EC46 6A00
push 00000000
:0043EC48 6820B00000
push 0000B020
:0043EC4D 50
push eax

|
:0043EC4E E83577FCFF
Call 00406388
:0043EC53 EB2D
jmp 0043EC82
|:0043EC39(C)
|
:0043EC55 8B8390000000
:0043EC5B E8F8DEFCFF
:0043EC60 B808000000
:0043EC65 E82A3AFCFF
:0043EC6A 8B5508
:0043EC6D 8910
:0043EC6F 8B550C
:0043EC72 895004
:0043EC75 8BD0
:0043EC77 8B8390000000
:0043EC7D E8DEDDFCFF
|:0043EC40(C), :0043EC53(U)
|
:0043EC82 5B
:0043EC83 5D
:0043EC84 C20800
:0043EC87 90
nop

call 0040CB58
mov eax, 00000008
call 00402694
mov edx, eax
call 0040CA60
pop ebx
pop ebp
ret 0008

|:0043DC76 , :0043E75F
|
:0043EC88 55
push ebp
:0043EC89 8BEC
mov ebp, esp
:0043EC8B 53
push ebx
:0043EC8C 56
push esi
:0043EC8D 57
push edi
:0043EC8E 8BD8
mov ebx, eax
:0043EC90 80BB8C00000000
:0043EC97 751A
jne 0043ECB3
:0043EC99 8B4324
:0043EC9C 85C0
test eax, eax
:0043EC9E 745D
je 0043ECFD
:0043ECA0 8D5508
:0043ECA3 52
push edx
:0043ECA4 6A01
push 00000001
:0043ECA6 6820B00000
push 0000B020
:0043ECAB 50
push eax
|
:0043ECAC E8D776FCFF
Call 00406388
:0043ECB1 EB4A
jmp 0043ECFD
|:0043EC97(C)
|
:0043ECB3 8B8390000000
:0043ECB9
:0043ECBC
:0043ECBD
:0043ECBF
:0043ECC1
:0043ECC2
8B7808
4F
85FF
7C3C
47
33F6

dec edi
test edi, edi
jl 0043ECFD
inc edi
xor esi, esi
|:0043ECFB(C)
|
:0043ECC4 8BD6
:0043ECC6 8B8390000000
:0043ECCC E8A7DEFCFF
:0043ECD1 8B10
:0043ECD3 3B5508
:0043ECD6 7521
:0043ECD8 8B550C
:0043ECDB 3B5004
:0043ECDE 7519
:0043ECE0 BA08000000
:0043ECE5 E8C239FCFF
:0043ECEA 8BD6
:0043ECEC 8B8390000000
:0043ECF2 E8A5DDFCFF
:0043ECF7 EB04
|:0043ECD6(C), :0043ECDE(C)
|
:0043ECF9 46
:0043ECFA 4F
:0043ECFB 75C7
mov edx, esi

mov eax, dword ptr
call 0040CB78
mov edx, dword ptr
cmp edx, dword ptr
jne 0043ECF9
mov edx, dword ptr
cmp edx, dword ptr
jne 0043ECF9
mov edx, 00000008
call 004026AC
mov edx, esi
mov eax, dword ptr
call 0040CA9C
jmp 0043ECFD
[ebx+00000090]
[eax]
[ebp+08]
[ebp+0C]
[eax+04]
[ebx+00000090]
inc esi
dec edi
jne 0043ECC4

|:0043EC9E(C), :0043ECB1(U), :0043ECBF(C), :0043ECF7(U)
|
:0043ECFD 5F
pop edi
:0043ECFE 5E
pop esi
:0043ECFF 5B
pop ebx
:0043ED00 5D
pop ebp
:0043ED01 C20800
ret 0008

|:004419DB
|
:0043ED04 53
push ebx
:0043ED05 A1B82B4400
mov eax, dword ptr [00442BB8]
:0043ED0A 833800
:0043ED0D 740A
je 0043ED19
:0043ED0F 8B1DB82B4400
mov ebx, dword ptr [00442BB8]
:0043ED15 8B1B
:0043ED17 FFD3
call ebx
|:0043ED0D(C)
|
:0043ED19 5B
pop ebx
:0043ED1A C3
ret
:0043ED1B 90
nop

|:004419F3
|
:0043ED1C 55
push ebp
:0043ED1D 8BEC
mov ebp, esp
:0043ED1F 51
push ecx
:0043ED20 53
push ebx
:0043ED21 56
push esi
:0043ED22 57
push edi
:0043ED23 894DFC
:0043ED26 8BDA
mov ebx, edx
:0043ED28 8BF0
mov esi, eax
:0043ED2A 8BC3
mov eax, ebx
:0043ED2C FF50F4
call [eax-0C]
:0043ED2F 8BD8
mov ebx, eax
:0043ED31 8B45FC
:0043ED34 8918
:0043ED36 33C0
xor eax, eax
:0043ED38 55
push ebp
:0043ED39 685AED4300
push 0043ED5A
:0043ED3E 64FF30
:0043ED41 648920
:0043ED44 8BCE
mov ecx, esi
:0043ED46 83CAFF
or edx, FFFFFFFF
:0043ED49 8BC3
mov eax, ebx
:0043ED4B 8B38
:0043ED4D FF572C
call [edi+2C]
:0043ED50 33C0
xor eax, eax
:0043ED52 5A
pop edx
:0043ED53 59
pop ecx
:0043ED54 59
pop ecx
:0043ED55 648910
:0043ED58 EB16
jmp 0043ED70
:0043ED5A E91143FCFF
jmp 00403070
:0043ED5F 8B45FC
:0043ED62 33D2
xor edx, edx
:0043ED64 8910
:0043ED66 E86145FCFF
call 004032CC
:0043ED6B E8B045FCFF
call 00403320
|:0043ED58(U)
|
:0043ED70 837E3000
:0043ED74 751D
:0043ED76 8BC3
:0043ED78 8B1518534300
:0043ED7E E80D40FCFF
:0043ED83 84C0
:0043ED85 740C
:0043ED87 8BFB
:0043ED89 8BC7
:0043ED8B E84CA1FEFF
:0043ED90 897E30

jne 0043ED93
mov eax, ebx
call 00402D90
test al, al
je 0043ED93
mov edi, ebx
mov eax, edi
call 00428EDC
|:0043ED74(C), :0043ED85(C)
|
:0043ED93 5F
:0043ED94 5E
:0043ED95 5B
:0043ED96 59
:0043ED97 5D
:0043ED98 C3
pop
pop
pop
pop
pop
ret
:0043ED99 8D4000
edi
esi
ebx
ecx
ebp

|:004419FF
|
:0043ED9C 55
push ebp
:0043ED9D 8BEC
mov ebp, esp
:0043ED9F 51
push ecx
:0043EDA0 8945FC
:0043EDA3 8B45FC
:0043EDA6 C6808D00000001
mov byte ptr [eax+0000008D], 01
:0043EDAD 33D2
xor edx, edx
:0043EDAF 55
push ebp
:0043EDB0 6846EE4300
push 0043EE46
:0043EDB5 64FF32
:0043EDB8 648922
:0043EDBB B880634300
mov eax, 00436380
:0043EDC0 E8CF86FCFF
call 00407494
:0043EDC5 8B45FC
:0043EDC8 8B4030
:0043EDCB 85C0
test eax, eax
:0043EDCD 745F
je 0043EE2E
:0043EDCF 8B15042C4400
:0043EDD5 8B12
:0043EDD7 83EA03
sub edx, 00000003
:0043EDDA 740E
je 0043EDEA
:0043EDDC 83EA04
sub edx, 00000004
:0043EDDF 7510
jne 0043EDF1
:0043EDE1 C6800B02000001
mov byte ptr [eax+0000020B], 01
:0043EDE8 EB07
jmp 0043EDF1
|:0043EDDA(C)
|
:0043EDEA B202
mov dl, 02
:0043EDEC E8A3AFFFFF
call 00439D94
|:0043EDDF(C), :0043EDE8(U)
|
:0043EDF1 8B45FC
:0043EDF4 80784300
:0043EDF8 7420
:0043EDFA 8B45FC
:0043EDFD 8B4030
:0043EE00 80B80B02000001
:0043EE07 750A
:0043EE09 8B45FC
:0043EE0C E80BFAFFFF
:0043EE11 EB07

je 0043EE1A
jne 0043EE13
call 0043E81C
jmp 0043EE1A

|:0043EE07(C)
|
:0043EE13 B201
mov dl, 01
:0043EE15 E86A9FFFFF
call 00438D84
|:0043EDF8(C), :0043EE11(U), :0043EE2C(C)
|
:0043EE1A 8B45FC
:0043EE1D E8E6FDFFFF
call 0043EC08
:0043EE22 8B45FC
:0043EE25 80B88400000000
:0043EE2C 74EC
je 0043EE1A
|:0043EDCD(C)
|
:0043EE2E 33C0
:0043EE30 5A
:0043EE31 59
:0043EE32 59
:0043EE33 648910
:0043EE36 684DEE4300
|:0043EE4B(U)
|
:0043EE3B 8B45FC
:0043EE3E C6808D00000000
:0043EE45 C3
:0043EE46
:0043EE4B
:0043EE4D
:0043EE4E
:0043EE4F
jmp
jmp
pop
pop
ret
E92D44FCFF
EBEE
59
5D
C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 0043EE4D

mov byte ptr [eax+0000008D], 00
ret
00403278
0043EE3B
ecx
ebp

|:0043BD2F
|
:0043EE50 E843A9FCFF
call 00409798
:0043EE55 84C0
test al, al
:0043EE57 7407
je 0043EE60
:0043EE59 6A00
push 00000000
* Reference To: user32.PostQuitMessage, Ord:0000h
|
:0043EE5B E8D074FCFF
Call 00406330
|:0043EE57(C)
|
:0043EE60 C3
ret
:0043EE61 8D4000

|:00426873 , :00432D14 , :00433C92 , :00438496
|:0043B819 , :0043BABD , :0043BE5F , :0043E7C8
|
:0043EE64 53
push ebx
:0043EE65 56
push esi
:0043EE66 8BF2
mov esi, edx
:0043EE68 8BD8
mov ebx, eax
, :0043850A
, :0043F467

|
:0043EE6A E8A972FCFF
Call 00406118
:0043EE6F 85C0
test eax, eax
:0043EE71 7411
je 0043EE84
:0043EE73 6A00
push 00000000
:0043EE75 6A00
push 00000000
:0043EE77 6A1F
push 0000001F
|
Call 00406118
:0043EE7E 50
push eax
|
:0043EE7F E80475FCFF
Call 00406388
|:0043EE71(C)
|
:0043EE89 8B1584694000
:0043EE8F E8FC3EFCFF
:0043EE94 84C0
:0043EE96 7446
:0043EE98 E88F97FCFF
:0043EE9D 8B15EC694000
:0043EEA3 E8E83EFCFF
:0043EEA8 84C0
:0043EEAA 7543
:0043EEAC 6683BBCA00000000
:0043EEB4 7417
:0043EEB6 E87197FCFF
:0043EEBB 8BC8
:0043EEBD 8BD6
:0043EEBF 8B83CC000000
:0043EEC5 FF93C8000000
:0043EECB EB22
|:0043EEB4(C)
|
:0043EECD E85A97FCFF
:0043EED2 8BD0
:0043EED4 8BC3
:0043EED6 E871010000
:0043EEDB 5E
:0043EEDC 5B
:0043EEDD C3
call 0040862C
call 00402D90
test al, al
je 0043EEDE
call 0040862C
mov edx, dword ptr [004069EC]
call 00402D90
test al, al
jne 0043EEEF
cmp word ptr [ebx+000000CA], 0000
je 0043EECD
call 0040862C
mov ecx, eax
mov edx, esi
mov eax, dword ptr [ebx+000000CC]
jmp 0043EEEF
call 0040862C
mov edx, eax
mov eax, ebx
call 0043F04C
pop esi
pop ebx
ret
|:0043EE96(C)
|
:0043EEDE E86197FCFF
:0043EEE3 50
:0043EEE4 E84397FCFF
:0043EEE9 5A
:0043EEEA E80599FCFF
|:0043EEAA(C), :0043EECB(U)
|
:0043EEEF 5E
:0043EEF0 5B
:0043EEF1 C3
:0043EEF2 8BC0
mov eax, eax
call 00408644
push eax
call 0040862C
pop edx
call 004087F4
pop esi
pop ebx
ret

|:0043F0E1
|
:0043EEF4 55
push ebp
:0043EEF5 8BEC
mov ebp, esp
:0043EEF7 83C4B0
add esp, FFFFFFB0
:0043EEFA 53
push ebx
:0043EEFB 56
push esi
:0043EEFC 57
push edi
:0043EEFD 8BF9
mov edi, ecx
:0043EEFF 8BF2
mov esi, edx
:0043EF01 8945FC
:0043EF04 8B5D08
|
:0043EF07 E80472FCFF
Call 00406110
:0043EF0C 8945F4
:0043EF0F 6A02
push 00000002
:0043EF11 8B45F4
:0043EF14 50
push eax
:0043EF15 A19C2B4400
:0043EF1A 8B00
:0043EF1C FFD0
call eax
:0043EF1E 8945EC
:0043EF21 6A02
push 00000002
:0043EF23 8B45FC
:0043EF26 8B4024
:0043EF29 50
push eax
:0043EF2A A19C2B4400
:0043EF2F 8B00
:0043EF31 FFD0
call eax
:0043EF33 8945E8
:0043EF36 8B45EC
:0043EF39 3B45E8
:0043EF3C 7460
je 0043EF9E
:0043EF3E C745C028000000
mov [ebp-40], 00000028
:0043EF45 8D45C0
:0043EF48 50
push eax
:0043EF49
:0043EF4C
:0043EF4D
:0043EF52
:0043EF54
:0043EF56
:0043EF59
:0043EF5A
:0043EF5D
:0043EF60
8B45EC
50
A1082B4400
8B00
FFD0
8D45B0
50
8B45FC
8B4024
50
mov eax,
push eax
mov eax,
mov eax,
call eax
lea eax,
push eax
mov eax,
mov eax,
push eax
dword ptr [ebp-14]

dword ptr [00442B08]
dword ptr [eax]
dword ptr [ebp-50]
dword ptr [ebp-04]
dword ptr [eax+24]

|
:0043EF61 E8EA72FCFF
Call 00406250
:0043EF66 6A1D
push 0000001D
:0043EF68 6A00
push 00000000
:0043EF6A 6A00
push 00000000
:0043EF6C 8B4DD0
:0043EF6F 8B55C8
:0043EF72 2BCA
sub ecx, edx
:0043EF74 D1F9
sar ecx, 1
:0043EF76 7903
jns 0043EF7B
:0043EF78 83D100
adc ecx, 00000000
|:0043EF76(C)
|
:0043EF7B 03CA
add ecx, edx
:0043EF7D 51
push ecx
:0043EF7E 8B55CC
:0043EF81 8B45C4
:0043EF84 2BD0
sub edx, eax
:0043EF86 D1FA
sar edx, 1
:0043EF88 7903
jns 0043EF8D
:0043EF8A 83D200
adc edx, 00000000
|:0043EF88(C)
|
:0043EF8D 03D0
add edx, eax
:0043EF8F 52
push edx
:0043EF90 6A00
push 00000000
:0043EF92 8B45FC
:0043EF95 8B4024
:0043EF98 50
push eax
|
:0043EF99 E86A74FCFF
Call 00406408
|:0043EF3C(C)
|
:0043EF9E 33C0
:0043EFA0 E86374FFFF
:0043EFA5 8945F0
:0043EFA8 8B45FC
:0043EFAB E89CF0FFFF
:0043EFB0 84C0
:0043EFB2 7406

xor eax, eax
call 00436408
call 0043E04C
test al, al
je 0043EFBA
:0043EFB4 81CB00001000
or ebx, 00100000
|:0043EFB2(C)
|
:0043EFBA 33C9
:0043EFBC 55
:0043EFBD 6839F04300
:0043EFC2 64FF31
:0043EFC5 648921
:0043EFC8 53
:0043EFC9 57
:0043EFCA 56
:0043EFCB 8B45FC
:0043EFCE 8B4024
:0043EFD1 50

xor ecx, ecx
push ebp
push 0043F039
push ebx
push edi
push esi
push eax

|
:0043EFD2 E83173FCFF
Call 00406308
:0043EFD7 8945F8
:0043EFDA 33C0
xor eax, eax
:0043EFDC 5A
pop edx
:0043EFDD 59
pop ecx
:0043EFDE 59
pop ecx
:0043EFDF 648910
:0043EFE2 6840F04300
push 0043F040
|:0043F03E(U)
|
:0043EFE7 8B45EC
:0043EFEA 3B45E8
:0043EFED 7438
je 0043F027
:0043EFEF 6A1D
push 0000001D
:0043EFF1 6A00
push 00000000
:0043EFF3 6A00
push 00000000
:0043EFF5 8B4DBC
:0043EFF8 8B55B4
:0043EFFB 2BCA
sub ecx, edx
:0043EFFD D1F9
sar ecx, 1
:0043EFFF 7903
jns 0043F004
:0043F001 83D100
adc ecx, 00000000
|:0043EFFF(C)
|
:0043F004 03CA
add ecx, edx
:0043F006 51
push ecx
:0043F007 8B55B8
:0043F00A 8B45B0
:0043F00D 2BD0
sub edx, eax
:0043F00F D1FA
sar edx, 1
:0043F011 7903
jns 0043F016
:0043F013 83D200
adc edx, 00000000
|:0043F011(C)
|
:0043F016 03D0
add edx, eax
:0043F018
:0043F019
:0043F01B
:0043F01E
:0043F021
52
6A00
8B45FC
8B4024
50
push edx
push 00000000
push eax

|
:0043F022 E8E173FCFF
Call 00406408
|:0043EFED(C)
|
:0043F027 8B45F0
:0043F02F 8B45F4
:0043F032 50

call 004364BC
push eax

|
:0043F033 E85873FCFF
Call 00406390
:0043F038 C3
ret
:0043F039
:0043F03E
:0043F040
:0043F043
:0043F044
:0043F045
:0043F046
:0043F048
:0043F049
E93A42FCFF
EBA7
8B45F8
5F
5E
5B
8BE5
5D
C20400
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
00403278
0043EFE7
edi
esi
ebx
esp, ebp
ebp
0004

|:0043EED6
|
:0043F04C 55
push ebp
:0043F04D 8BEC
mov ebp, esp
:0043F04F 81C4F8FEFFFF
add esp, FFFFFEF8
:0043F055 53
push ebx
:0043F056 56
push esi
:0043F057 33C9
xor ecx, ecx
:0043F059 898DF8FEFFFF
mov dword ptr [ebp+FFFFFEF8], ecx
:0043F05F 894DFC
:0043F062 8BF2
mov esi, edx
:0043F064 8BD8
mov ebx, eax
:0043F066 33C0
xor eax, eax
:0043F068 55
push ebp
:0043F069 6807F14300
push 0043F107
:0043F06E 64FF30
:0043F071 648920
:0043F074 8D45FC
:0043F077 8B5604
:0043F07A E8D147FCFF
call 00403850
:0043F07F 837DFC00
:0043F083 7434
je 0043F0B9
:0043F085 8B45FC
:0043F088
:0043F08D
:0043F08F
:0043F095
:0043F09A
:0043F0A0
:0043F0A5
:0043F0AA
:0043F0AC
:0043F0AF
:0043F0B4
E8BB86FCFF
8BD0
8D85FCFEFFFF
E88A39FCFF
8D85FCFEFFFF
BA14F14300
E89A37FCFF
760D
8D45FC
BA20F14300
E88349FCFF
call 00407748
mov edx, eax
call 00402A24
mov edx, 0043F114
call 00402844
jbe 0043F0B9
mov edx, 0043F120
call 00403A3C
|:0043F083(C), :0043F0AA(C)
|
:0043F0B9 6A10
:0043F0BB 8D95F8FEFFFF
:0043F0C1 8BC3
:0043F0C8 8B85F8FEFFFF
:0043F0CE E8254BFCFF
:0043F0D3 50
:0043F0D4 8B45FC
:0043F0D7 E81C4BFCFF
:0043F0DC 8BD0
:0043F0DE 8BC3
:0043F0E0 59
:0043F0E1 E80EFEFFFF
:0043F0E6 33C0
:0043F0E8 5A
:0043F0E9 59
:0043F0EA 59
:0043F0EB 648910
:0043F0EE 680EF14300
|:0043F10C(U)
|
:0043F0F3 8D85F8FEFFFF
:0043F0F9 E8BA46FCFF
:0043F0FE 8D45FC
:0043F101 E8B246FCFF
:0043F106 C3
:0043F107
:0043F10C
:0043F10E
:0043F10F
:0043F110
:0043F112
:0043F113
jmp
jmp
pop
pop
mov
pop
ret
E96C41FCFF
EBE5
5E
5B
8BE5
5D
C3
push 00000010
mov eax, ebx
call 0043E928
mov eax, dword ptr [ebp+FFFFFEF8]
call 00403BF8
push eax
call 00403BF8
mov edx, eax
mov eax, ebx
pop ecx
call 0043EEF4
xor eax, eax
pop edx
pop ecx
pop ecx
push 0043F10E

call 004037B8
call 004037B8
ret
00403278
0043F0F3
esi
ebx
esp, ebp
ebp
:0043F114 012E
:0043F116 0000
:0043F118 FFFFFFFF
add dword ptr [esi], ebp

BYTE 4 DUP(0ffh)
:0043F11C 0100
:0043F11E 0000
:0043F120 2E

BYTE 02eh
:0043F121 000000
BYTE 3 DUP(0)

|:0043E729 , :0043F256 , :0043F25C
|
:0043F124 53
push ebx
:0043F125 56
push esi
:0043F126 57
push edi
:0043F127 83C4F4
add esp, FFFFFFF4
:0043F12A 894C2404
:0043F12E 66891424
mov word ptr [esp], dx
:0043F132 8BF0
mov esi, eax
:0043F134 33DB
xor ebx, ebx
:0043F136 C644240801
mov [esp+08], 01
:0043F13B A1A8374400
:0043F140 8B785C
mov edi, dword ptr [eax+5C]
:0043F143 85FF
test edi, edi
:0043F145 7428
je 0043F16F
:0043F147 6683BF8602000000
cmp word ptr [edi+00000286], 0000
:0043F14F 741E
je 0043F16F
:0043F151 8D442408
:0043F155 50
push eax
:0043F156 8B4C2408
:0043F15A 668B542404
mov dx, word ptr [esp+04]
:0043F15F 8B8788020000
:0043F165 FF9784020000
:0043F16B 8BD8
mov ebx, eax
:0043F16D EB26
jmp 0043F195
|:0043F145(C), :0043F14F(C)
|
:0043F16F 6683BEDA00000000
:0043F177 741C
:0043F179 8D442408
:0043F17D 50
:0043F17E 8B4C2408
:0043F182 668B542404
:0043F187 8B86DC000000
:0043F18D FF96D8000000
:0043F193 8BD8
|:0043F16D(U), :0043F177(C)
|
:0043F195 807C240800
:0043F19A 0F84A5000000
:0043F1A0 85FF
:0043F1A2 7444
:0043F1A4 8BC7
:0043F1A6 E835A1FEFF
:0043F1AB 84C0
:0043F1AD 7439
:0043F1AF 83BF1C02000000
cmp word ptr [esi+000000DA], 0000

je 0043F195
push eax
mov dx, word ptr [esp+04]
mov eax, dword ptr [esi+000000DC]
call dword ptr [esi+000000D8]
mov ebx, eax

je 0043F245
test edi, edi
je 0043F1E8
mov eax, edi
call 004292E0
test al, al
je 0043F1E8
:0043F1B6
:0043F1B8
:0043F1BA
:0043F1BF
:0043F1C1
:0043F1C5
:0043F1C6
:0043F1CB
:0043F1CC
:0043F1D2
:0043F1D7
:0043F1D8
7430
8BC7
E8419DFEFF
8BD8
8B442404
50
0FB7442404
50
8B871C020000
E8214AFCFF
50
53
je 0043F1E8
mov eax, edi
call 00428F00
mov ebx, eax
push eax
movzx eax, word ptr [esp+04]
push eax
call 00403BF8
push eax
push ebx

|
:0043F1D9 E8AA72FCFF
Call 00406488
:0043F1DE F7D8
neg eax
:0043F1E0 1BC0
sbb eax, eax
:0043F1E2 F7D8
neg eax
:0043F1E4 8BD8
mov ebx, eax
:0043F1E6 EB5D
jmp 0043F245
|:0043F1A2(C), :0043F1AD(C), :0043F1B6(C)
|
:0043F1E8 837E3800
:0043F1EC 7435
je 0043F223
:0043F1EE 8B5E24
:0043F1F1 8B4630
:0043F1F4 85C0
test eax, eax
:0043F1F6 7407
je 0043F1FF
:0043F1F8 E8039DFEFF
call 00428F00
:0043F1FD 8BD8
mov ebx, eax
|:0043F1F6(C)
|
:0043F1FF 8B442404
:0043F203 50
:0043F204 0FB7442404
:0043F209 50
:0043F20A 8B4638
:0043F20D E8E649FCFF
:0043F212 50
:0043F213 53

push eax
push eax
call 00403BF8
push eax
push ebx

|
:0043F214 E86F72FCFF
Call 00406488
:0043F219 F7D8
neg eax
:0043F21B 1BC0
sbb eax, eax
:0043F21D F7D8
neg eax
:0043F21F 8BD8
mov ebx, eax
:0043F221 EB22
jmp 0043F245
|:0043F1EC(C)
|
:0043F223 80BE8C00000000
:0043F22A 7519
jne 0043F245
:0043F22C
:0043F230
:0043F231
:0043F236
:0043F237
:0043F23C
:0043F23F
8B442404
50
0FB7442404
50
681FB00000
8B4624
50

push eax
push eax
push 0000B01F
push eax

|
:0043F240 E8E370FCFF
Call 00406328
|:0043F19A(C), :0043F1E6(U), :0043F221(U), :0043F22A(C)
|
:0043F245 8BC3
mov eax, ebx
:0043F247 83C40C
add esp, 0000000C
:0043F24A 5F
pop edi
:0043F24B 5E
pop esi
:0043F24C 5B
pop ebx
:0043F24D C3
ret
:0043F24E 8BC0
mov eax, eax

|:00433926 , :0043B58B , :00440C5F
|
:0043F250 8BCA
mov ecx, edx
:0043F252 66BA0100
mov dx, 0001
:0043F256 E8C9FEFFFF
call 0043F124
:0043F25B C3
ret

|:00433916 , :0043B56C , :0043B57D , :0043DC46
|
:0043F25C E8C3FEFFFF
call 0043F124
:0043F261 C3
ret
:0043F262 8BC0
mov eax, eax

|:0042D540 , :0043639B , :0043DC5D , :0043E0B8 , :0043E0C1
|
:0043F264 53
push ebx
:0043F265 56
push esi
:0043F266 8BD8
mov ebx, eax
:0043F268 3A5370
:0043F26B 7433
je 0043F2A0
:0043F26D 8BC2
mov eax, edx
:0043F26F 884370
:0043F272 84C0
test al, al
:0043F274 741D
je 0043F293
:0043F276 8BCB
mov ecx, ebx
:0043F278 B201
mov dl, 01
:0043F27A A134284400
:0043F27F FF502C
call [eax+2C]
:0043F282
:0043F284
:0043F287
:0043F28A
:0043F28C
:0043F291
8BF0
89736C
8B5344
8BC6
E89F40FEFF
EB0D
mov esi, eax

mov eax, esi
call 00423330
jmp 0043F2A0
|:0043F274(C)
|
:0043F293 8B436C
:0043F296 E88539FCFF
:0043F29B 33C0
:0043F29D 89436C
|:0043F26B(C), :0043F291(U)
|
:0043F2A0 5E
:0043F2A1 5B
:0043F2A2 C3
:0043F2A3 90
nop

call 00402C20
xor eax, eax
pop esi
pop ebx
ret

|:0043F441
|
:0043F2A4 53
push ebx
:0043F2A5 56
push esi
:0043F2A6 57
push edi
:0043F2A7 A1A8374400
:0043F2AC E8ABDBFFFF
call 0043CE5C
:0043F2B1 8BF0
mov esi, eax
:0043F2B3 4E
dec esi
:0043F2B4 85F6
test esi, esi
:0043F2B6 7C4C
jl 0043F304
:0043F2B8 46
inc esi
:0043F2B9 33FF
xor edi, edi
|:0043F302(C)
|
:0043F2BB 8BD7
:0043F2BD A1A8374400
:0043F2C2 E881DBFFFF
:0043F2C7 8BD8
:0043F2C9 8BC3
:0043F2CB E810A0FEFF
:0043F2D0 84C0
:0043F2D2 742C
:0043F2D4 8BC3
:0043F2D6 E8259CFEFF
:0043F2DB 50

mov edx, edi
call 0043CE48
mov ebx, eax
mov eax, ebx
call 004292E0
test al, al
je 0043F300
mov eax, ebx
call 00428F00
push eax

|
:0043F2DC E8DF6FFCFF
Call 004062C0
:0043F2E1 85C0
test eax, eax
:0043F2E3 741B
je 0043F300
:0043F2E5 8BC3
:0043F2E7 E8149CFEFF
:0043F2EC 50
mov eax, ebx

call 00428F00
push eax

|
:0043F2ED E8C66FFCFF
Call 004062B8
:0043F2F2 85C0
test eax, eax
:0043F2F4 740A
je 0043F300
:0043F2F6 8BC3
mov eax, ebx
:0043F2F8 8B10
:0043F2FA FF92BC000000
|:0043F2D2(C), :0043F2E3(C), :0043F2F4(C)
|
:0043F300 47
inc edi
:0043F301 4E
dec esi
:0043F302 75B7
jne 0043F2BB
|:0043F2B6(C)
|
:0043F304 5F
pop edi
:0043F305 5E
pop esi
:0043F306 5B
pop ebx
:0043F307 C3
ret

|:0043F3B3
|
:0043F308 53
push ebx
:0043F309 56
push esi
:0043F30A 57
push edi
:0043F30B 83C4F8
add esp, FFFFFFF8
:0043F30E 8BD8
mov ebx, eax
:0043F310 54
push esp
|
:0043F311 E82A6EFCFF
Call 00406140
:0043F316 8BC4
mov eax, esp
:0043F318 B201
mov dl, 01
:0043F31A E87929FEFF
call 00421C98
:0043F31F 8BF0
mov esi, eax
:0043F321 85F6
test esi, esi
:0043F323 7408
je 0043F32D
:0043F325 F6462010
test [esi+20], 10
:0043F329 7402
je 0043F32D
:0043F32B 33F6
xor esi, esi
|:0043F323(C), :0043F329(C)
|
:0043F32D E8D213FEFF
:0043F332 8BF8
:0043F334 3B7334
:0043F337 744B

call 00420704
mov edi, eax
je 0043F384
:0043F339
:0043F33D
:0043F33F
:0043F341
837B3400
7404
85FF
7409

je 0043F343
test edi, edi
je 0043F34C

|:0043F33D(C)
|
:0043F343 85FF
test edi, edi
:0043F345 7416
je 0043F35D
:0043F347 3B7B34
:0043F34A 7511
jne 0043F35D
|:0043F341(C)
|
:0043F34C 6A00
:0043F34E 33C9
:0043F350 BA14B00000
:0043F355 8B4334
:0043F358 E8374EFEFF
|:0043F345(C), :0043F34A(C)
|
:0043F35D 897334
:0043F360 837B3400
:0043F364 7404
:0043F366 85FF
:0043F368 7409
push 00000000
xor ecx, ecx
mov edx, 0000B014
call 00424194

je 0043F36A
test edi, edi
je 0043F373

|:0043F364(C)
|
:0043F36A 85FF
test edi, edi
:0043F36C 7416
je 0043F384
:0043F36E 3B7B34
:0043F371 7511
jne 0043F384
|:0043F368(C)
|
:0043F373 6A00
:0043F375 33C9
:0043F377 BA13B00000
:0043F37C 8B4334
:0043F37F E8104EFEFF

push 00000000
xor ecx, ecx
mov edx, 0000B013
call 00424194

|:0043F337(C), :0043F36C(C), :0043F371(C)
|
:0043F384 8BC6
mov eax, esi
:0043F386 59
pop ecx
:0043F387 5A
pop edx
:0043F388 5F
pop edi
:0043F389 5E
pop esi
:0043F38A 5B
pop ebx
:0043F38B C3
ret

|:0043EC1F
|
:0043F38C 55
push ebp
:0043F38D 8BEC
mov ebp, esp
:0043F38F 83C4F0
add esp, FFFFFFF0
:0043F392 53
push ebx
:0043F393 56
push esi
:0043F394 57
push edi
:0043F395 33C9
xor ecx, ecx
:0043F397 894DF4
:0043F39A 894DF0
:0043F39D 8BF2
mov esi, edx
:0043F39F 8945FC
:0043F3A2 33C0
xor eax, eax
:0043F3A4 55
push ebp
:0043F3A5 6897F44300
push 0043F497
:0043F3AA 64FF30
:0043F3AD 648920
:0043F3B0 8B45FC
:0043F3B3 E850FFFFFF
call 0043F308
:0043F3B8 8BD8
mov ebx, eax
:0043F3BA 8B45FC
:0043F3BD 80787000
:0043F3C1 7411
je 0043F3D4
:0043F3C3 8B45FC
:0043F3C6 83783400
:0043F3CA 7508
jne 0043F3D4
:0043F3CC 8B45FC
:0043F3CF E87C040000
call 0043F850
|:0043F3C1(C), :0043F3CA(C)
|
:0043F3D4 8D55F0
:0043F3D7 8BC3
:0043F3D9 E826E4FFFF
:0043F3DE 8B45F0
:0043F3E1 8D55F4
:0043F3E4 E8D712FEFF
:0043F3E9 8B55F4
:0043F3EC A1A4374400
:0043F3F1 E83E010000
:0043F3F6 C645FB01
:0043F3FA 33C0
:0043F3FC 55
:0043F3FD 6850F44300
:0043F402 64FF30
:0043F405 648920
:0043F408 8B45FC
:0043F40B 6683B8EA00000000
:0043F413 7415
:0043F415 8D4DFB
:0043F418 8B5DFC
:0043F41B 8B55FC
:0043F41E 8B83EC000000
:0043F424 FF93E8000000

mov eax, ebx
call 0043D804
call 004206C0
call 0043F534
mov [ebp-05], 01
xor eax, eax
push ebp
push 0043F450
cmp word ptr [eax+000000EA], 0000
je 0043F42A
|:0043F413(C)
|
:0043F42A 807DFB00
:0043F42E 7416
:0043F430 8BD6
:0043F432 8B45FC
:0043F43A 84C0
:0043F43C 7408
:0043F43E 8B45FC
:0043F441 E85EFEFFFF
|:0043F42E(C), :0043F43C(C)
|
:0043F446 33C0
:0043F448 5A
:0043F449 59
:0043F44A 59
:0043F44B 648910
:0043F44E EB21
:0043F450 E9EB3CFCFF
:0043F455 0100
:0043F457 0000
:0043F459 846940
:0043F45C 0061F4
:0043F45F 43
:0043F460 008B55FC8B45
:0043F466 FC
:0043F467 E8F8F9FFFF
:0043F46C E8AF3EFCFF

je 0043F446
mov edx, esi
call 0043E994
test al, al
je 0043F446
call 0043F2A4
xor eax, eax
pop edx
pop ecx
pop ecx
jmp 0043F471
jmp 00403140
add byte ptr [ecx-0C], ah
inc ebx
add byte ptr [ebx+458BFC55], cl
cld
call 0043EE64
call 00403320

|:0043F44E(U)
|
:0043F471 807DFB00
:0043F475 7405
je 0043F47C
* Reference To: user32.WaitMessage, Ord:0000h
|
:0043F477 E80470FCFF
Call 00406480
|:0043F475(C)
|
:0043F47C 33C0
xor eax, eax
:0043F47E 5A
pop edx
:0043F47F 59
pop ecx
:0043F480 59
pop ecx
:0043F481 648910
|
:0043F484 689EF44300
push 0043F49E
|:0043F49C(U)
|
:0043F489 8D45F0
:0043F48C BA02000000
mov edx, 00000002
:0043F491 E84643FCFF
:0043F496 C3
call 004037DC
ret
:0043F497
:0043F49C
:0043F49E
:0043F49F
:0043F4A0
:0043F4A1
:0043F4A3
:0043F4A4
jmp
jmp
pop
pop
pop
mov
pop
ret
E9DC3DFCFF
EBEB
5F
5E
5B
8BE5
5D
C3
:0043F4A5 8D4000
00403278
0043F489
edi
esi
ebx
esp, ebp
ebp

|:0043D209 , :0043F52B
|
:0043F4A8 53
push ebx
:0043F4A9 56
push esi
:0043F4AA 57
push edi
:0043F4AB 8BFA
mov edi, edx
:0043F4AD A1A8374400
:0043F4B2 E889D9FFFF
call 0043CE40
:0043F4B7 8BD8
mov ebx, eax
:0043F4B9 4B
dec ebx
:0043F4BA 85DB
test ebx, ebx
:0043F4BC 7C1F
jl 0043F4DD
:0043F4BE 43
inc ebx
:0043F4BF 33F6
xor esi, esi
|:0043F4DB(C)
|
:0043F4C1 6A00
:0043F4C3 8BD6
:0043F4C5 A1A8374400
:0043F4CA E85DD9FFFF
:0043F4CF 0FB7D7
:0043F4D2 33C9
:0043F4D4 E8BB4CFEFF
:0043F4D9 46
:0043F4DA 4B
:0043F4DB 75E4

push 00000000
mov edx, esi
call 0043CE2C
movzx edx, di
xor ecx, ecx
call 00424194
inc esi
dec ebx
jne 0043F4C1

|:0043F4BC(C)
|
:0043F4DD 5F
pop edi
:0043F4DE 5E
pop esi
:0043F4DF 5B
pop ebx
:0043F4E0 C3
ret
:0043F4E1
:0043F4E4
:0043F4E5
:0043F4E7
:0043F4EC
8D4000
53
8BD8
A18C2B4400
803800
lea eax,
push ebx
mov ebx,
mov eax,
cmp byte
dword ptr [eax+00]

eax
dword ptr [00442B8C]
ptr [eax], 00
:0043F4EF
:0043F4F1
:0043F4F3
:0043F4F8
:0043F4F9
:0043F4FB
:0043F500
:0043F503
741A
8BC3
E808F3FFFF
50
6A01
6880000000
8B4324
50
je 0043F50B
mov eax, ebx
call 0043E800
push eax
push 00000001
push 00000080
push eax

|
:0043F504 E87F6EFCFF
Call 00406388
:0043F509 EB1A
jmp 0043F525
|:0043F4EF(C)
|
:0043F50B 8B4324
:0043F50E 50
push eax
|
:0043F50F E8946DFCFF
Call 004062A8
:0043F514 85C0
test eax, eax
:0043F516 740D
je 0043F525
:0043F518 6AFF
push FFFFFFFF
:0043F51A 6A00
push 00000000
:0043F51C 8B4324
:0043F51F 50
push eax
|
:0043F520 E86B6DFCFF
Call 00406290
|:0043F509(U), :0043F516(C)
|
:0043F525 66BA1DB0
:0043F529 8BC3
:0043F52B E878FFFFFF
:0043F530 5B
:0043F531 C3
:0043F532 8BC0
mov eax, eax
mov dx, B01D

mov eax, ebx
call 0043F4A8
pop ebx
ret

|:0043380A , :00433829 , :0043B14A , :0043B158 , :0043F3F1
|
:0043F534 55
push ebp
:0043F535 8BEC
mov ebp, esp
:0043F537 51
push ecx
:0043F538 53
push ebx
:0043F539 56
push esi
:0043F53A 8BF2
mov esi, edx
:0043F53C 8BD8
mov ebx, eax
:0043F53E 8B433C
:0043F541 8BD6
mov edx, esi
:0043F543 E8FC45FCFF
call 00403B44
:0043F548 7476
je 0043F5C0
:0043F54A
:0043F54D
:0043F54F
:0043F554
:0043F55C
:0043F55E
:0043F560
:0043F566
:0043F56C
8D433C
8BD6
E8B842FCFF
6683BBE200000000
7410
8BD3
8B83E4000000
FF93E0000000
EB52
|:0043F55C(C)
|
:0043F56E 8BCB
:0043F570 B201
:0043F572 A154E74100
:0043F577 E8C0F2FDFF
:0043F57C 8945FC
:0043F57F 8BD6
:0043F581 8B45FC
:0043F584 E86BECFEFF
:0043F589 33C0
:0043F58B 55
:0043F58C 68B9F54300
:0043F591 64FF30
:0043F594 648920
:0043F597 8B45FC
:0043F59A 66BBF0FF
:0043F59E E85138FCFF
:0043F5A3 33C0
:0043F5A5 5A
:0043F5A6 59
:0043F5A7 59
:0043F5A8 648910

mov edx, esi
call 0040380C
cmp word ptr [ebx+000000E2], 0000
je 0043F56E
mov edx, ebx
jmp 0043F5C0
mov ecx, ebx
mov dl, 01
call 0041E83C
mov edx, esi
call 0042E1F4
xor eax, eax
push ebp
push 0043F5B9
mov bx, FFF0
call 00402DF4
xor eax, eax
pop edx
pop ecx
pop ecx

|
:0043F5AB 68C0F54300
push 0043F5C0
|:0043F5BE(U)
|
:0043F5B0 8B45FC
:0043F5B3 E86836FCFF
:0043F5B8 C3
:0043F5B9 E9BA3CFCFF
:0043F5BE EBF0
jmp 00403278
jmp 0043F5B0
|:0043F548(C), :0043F56C(U)
|
:0043F5C0 5E
:0043F5C1 5B
:0043F5C2 59
:0043F5C3 5D
:0043F5C4 C3

call 00402C20
ret
pop
pop
pop
pop
ret
esi
ebx
ecx
ebp
:0043F5C5 8D4000

|:0043F65F , :0043F66E
|
:0043F5C8 55
push ebp
:0043F5C9 8BEC
mov ebp, esp
:0043F5CB 53
push ebx
:0043F5CC 8BD8
mov ebx, eax
:0043F5CE 8B4508
:0043F5D1 8B40FC
:0043F5D4 8B4024
:0043F5D7 50
push eax
|
:0043F5D8 E8E36CFCFF
Call 004062C0
:0043F5DD F7D8
neg eax
:0043F5DF 1BC0
sbb eax, eax
:0043F5E1 F7D8
neg eax
:0043F5E3 3A0558294400
cmp al, byte ptr [00442958]
:0043F5E9 7534
jne 0043F61F
:0043F5EB 3A1D58294400
cmp bl, byte ptr [00442958]
:0043F5F1 742C
je 0043F61F
:0043F5F3 33C0
xor eax, eax
:0043F5F5 8AC3
mov al, bl
:0043F5F7 0FB704455C294400
movzx eax, word ptr [2*eax+0044295C]
:0043F5FF 50
push eax
:0043F600 6A00
push 00000000
:0043F602 6A00
push 00000000
:0043F604 6A00
push 00000000
:0043F606 6A00
push 00000000
:0043F608 6A00
push 00000000
:0043F60A 8B4508
:0043F60D 8B40FC
:0043F610 8B4024
:0043F613 50
push eax
|
:0043F614 E8EF6DFCFF
Call 00406408
:0043F619 881D58294400
mov byte ptr [00442958], bl
|:0043F5E9(C), :0043F5F1(C)
|
:0043F61F 5B
:0043F620 5D
:0043F621 C3
:0043F622 8BC0
mov eax, eax
pop ebx
pop ebp
ret

|:0043B7AE , :0043CEDC , :0043CF03
|
:0043F624 55
push ebp
:0043F625 8BEC
mov ebp, esp
:0043F627 51
push ecx
:0043F628 53
push ebx
:0043F629
:0043F62A
:0043F62D
:0043F630
:0043F634
:0043F636
:0043F63B
:0043F640
:0043F642
:0043F643
:0043F645
:0043F647
:0043F648
56
8945FC
8B45FC
83782400
743E
A1A8374400
E800D8FFFF
8BD8
4B
85DB
7C24
43
33F6
|:0043F669(C)
|
:0043F64A 8BD6
:0043F64C A1A8374400
:0043F651 E8D6D7FFFF
:0043F656 80784700
:0043F65A 740B
:0043F65C 55
:0043F65D B001
:0043F65F E864FFFFFF
:0043F664 59
:0043F665 EB0D
push esi
je 0043F674
call 0043CE40
mov ebx, eax
dec ebx
test ebx, ebx
jl 0043F66B
inc ebx
xor esi, esi
mov edx, esi
call 0043CE2C
je 0043F667
push ebp
mov al, 01
call 0043F5C8
pop ecx
jmp 0043F674

|:0043F65A(C)
|
:0043F667 46
inc esi
:0043F668 4B
dec ebx
:0043F669 75DF
jne 0043F64A
|:0043F645(C)
|
:0043F66B 55
:0043F66C 33C0
:0043F66E E855FFFFFF
:0043F673 59
|:0043F634(C), :0043F665(U)
|
:0043F674 5E
:0043F675 5B
:0043F676 59
:0043F677 5D
:0043F678 C3
:0043F679 8D4000
push ebp
xor eax, eax
call 0043F5C8
pop ecx
pop
pop
pop
pop
ret
esi
ebx
ecx
ebp

|:0043F7D3 , :0043FD5B , :0043FD69 , :0043FD7D
|
:0043F67C 53
push ebx
:0043F67D 56
push esi
:0043F67E
:0043F67F
:0043F681
:0043F683
:0043F685
:0043F687
:0043F68C
:0043F691
:0043F692
:0043F694
57
8BD9
8BF2
8BF8
8BC7
E828000000
6854D84300
56
6A00
6A00
push edi
mov ebx, ecx
mov esi, edx
mov edi, eax
mov eax, edi
call 0043F6B4
push 0043D854
push esi
push 00000000
push 00000000
* Reference To: user32.SetTimer, Ord:0000h

|
:0043F696 E8556DFCFF
Call 004063F0
:0043F69B 66894772
:0043F69F 885F71
mov byte ptr [edi+71], bl
:0043F6A2 66837F7200
:0043F6A7 7507
jne 0043F6B0
:0043F6A9 8BC7
mov eax, edi
:0043F6AB E8A0010000
call 0043F850
|:0043F6A7(C)
|
:0043F6B0 5F
pop edi
:0043F6B1 5E
pop esi
:0043F6B2 5B
pop ebx
:0043F6B3 C3
ret

|:0043F687 , :0043F7E8 , :0043F870
|
:0043F6B4 53
push ebx
:0043F6B5 8BD8
mov ebx, eax
:0043F6B7 668B4372
:0043F6BB 6685C0
test ax, ax
:0043F6BE 7411
je 0043F6D1
:0043F6C0 0FB7C0
movzx eax, ax
:0043F6C3 50
push eax
:0043F6C4 6A00
push 00000000
* Reference To: user32.KillTimer, Ord:0000h
|
:0043F6C6 E8056CFCFF
Call 004062D0
:0043F6CB 66C743720000
mov [ebx+72], 0000
|:0043F6BE(C)
|
:0043F6D1 5B
pop ebx
:0043F6D2 C3
ret
:0043F6D3 90
|:00424344
|
nop
:0043F6D4
:0043F6D5
:0043F6D6
:0043F6D7
:0043F6D8
:0043F6DB
:0043F6DD
:0043F6DF
:0043F6E1
:0043F6E5
:0043F6E8
:0043F6ED
:0043F6F1
:0043F6F5
:0043F6F7
:0043F6FC
:0043F700
:0043F702
:0043F707
:0043F70C
:0043F70E
:0043F710
:0043F712
:0043F719
53
56
57
55
83C4E0
8BE9
8BFA
8BF0
8D542418
8B4508
E8176EFCFF
8D542418
8D4C2410
8BC7
E8CC35FEFF
8D442410
B201
E89125FEFF
E828E1FFFF
8BD8
85DB
7409
80BB8500000000
750C
push ebx
push esi
push edi
push ebp
add esp, FFFFFFE0
mov ebp, ecx
mov edi, edx
mov esi, eax
call 00406504
mov eax, edi
call 00422CC8
mov dl, 01
call 00421C98
call 0043D834
mov ebx, eax
test ebx, ebx
je 0043F71B
jne 0043F727
|:0043F710(C)
|
:0043F71B 8BC6
:0043F71D E82E010000
:0043F722 E9B1000000
|:0043F719(C)
|
:0043F727 3B5E48
:0043F72A 7530
:0043F72C 8D542418
:0043F730 8B4508
:0043F733 E8CC6DFCFF
:0043F738 8D542418
:0043F73C 8D4C2410
:0043F740 8BC7
:0043F742 E88135FEFF
:0043F747 FF742414
:0043F74B FF742414
:0043F74F 8D464C
:0043F752 50
mov eax, esi

call 0043F850
jmp 0043F7D8
cmp ebx, dword

jne 0043F75C
lea edx, dword
mov eax, dword
call 00406504
lea edx, dword
lea ecx, dword
mov eax, edi
call 00422CC8
push [esp+14]
push [esp+14]
lea eax, dword
push eax
ptr [esi+48]
ptr [esp+18]
ptr [ebp+08]
ptr [esp+18]
ptr [esp+10]
ptr [esi+4C]

|
:0043F753 E8E06BFCFF
Call 00406338
:0043F758 85C0
test eax, eax
:0043F75A 757C
jne 0043F7D8
|:0043F72A(C)
|
:0043F75C 8A4640
:0043F75F 88442404
:0043F763
:0043F768
:0043F76A
:0043F76D
:0043F770
807C240400
7408
8B4668
890424
EB06

je 0043F772
jmp 0043F778

|:0043F768(C)
|
:0043F772 8B4660
:0043F775 890424
|:0043F770(U)
|
:0043F778 8BC4
:0043F77A 50
:0043F77B 33C9
:0043F77D 8A4C2408
:0043F781 BA41B00000
:0043F786 8BC3
:0043F788 E8074AFEFF
:0043F78D 807C240400
:0043F792 7427
:0043F794 833C2400
:0043F798 7521
:0043F79A 8A442404
:0043F79E 884640
:0043F7A1 895E48
:0043F7A4 8D442408
:0043F7A8 50

mov eax, esp
push eax
xor ecx, ecx
mov edx, 0000B041
mov eax, ebx
call 00424194
je 0043F7BB
jne 0043F7BB
push eax

|
:0043F7A9 E89269FCFF
Call 00406140
:0043F7AE 8D542408
:0043F7B2 8BC6
mov eax, esi
:0043F7B4 E877020000
call 0043FA30
:0043F7B9 EB1D
jmp 0043F7D8
|:0043F792(C), :0043F798(C)
|
:0043F7BB 8BC6
:0043F7BD E88E000000
:0043F7C2 8A442404
:0043F7C6 884640
:0043F7C9 895E48
:0043F7CC 33C9
:0043F7CE 8B1424
:0043F7D1 8BC6
:0043F7D3 E8A4FEFFFF

mov eax, esi
call 0043F850
xor ecx, ecx
mov eax, esi
call 0043F67C

|:0043F722(U), :0043F75A(C), :0043F7B9(U)
|
:0043F7D8 83C420
add esp, 00000020
:0043F7DB 5D
pop ebp
:0043F7DC 5F
pop edi
:0043F7DD 5E
pop esi
:0043F7DE 5B
:0043F7DF C3
pop ebx
ret

|:0043D865
|
:0043F7E0 53
push ebx
:0043F7E1 83C4F8
add esp, FFFFFFF8
:0043F7E4 8BD8
mov ebx, eax
:0043F7E6 8BC3
mov eax, ebx
:0043F7E8 E8C7FEFFFF
call 0043F6B4
:0043F7ED 8A4371
:0043F7F0 2C01
sub al, 01
:0043F7F2 720B
jb 0043F7FF
:0043F7F4 7518
jne 0043F80E
:0043F7F6 8BC3
mov eax, ebx
:0043F7F8 E817000000
call 0043F814
:0043F7FD EB0F
jmp 0043F80E
|:0043F7F2(C)
|
:0043F7FF 54
push esp
|
:0043F800 E83B69FCFF
Call 00406140
:0043F805 8BD4
mov edx, esp
:0043F807 8BC3
mov eax, ebx
:0043F809 E822020000
call 0043FA30
|:0043F7F4(C), :0043F7FD(U)
|
:0043F80E 59
:0043F80F 5A
:0043F810 5B
:0043F811 C3
:0043F812 8BC0
mov eax, eax
pop ecx
pop edx
pop ebx
ret

|:0043F7F8 , :0043F85B
|
:0043F814 53
push ebx
:0043F815 56
push esi
:0043F816 8BD8
mov ebx, eax
:0043F818 8B736C
:0043F81B 85F6
test esi, esi
:0043F81D 742D
je 0043F84C
:0043F81F 8BC6
mov eax, esi
:0043F821 E8BA9AFEFF
call 004292E0
:0043F826 84C0
test al, al
:0043F828 7422
je 0043F84C
:0043F82A 8B436C
:0043F82D E8CE96FEFF
call 00428F00
:0043F832 50
push eax

|
:0043F833 E8886AFCFF
Call 004062C0
:0043F838 85C0
test eax, eax
:0043F83A 7410
je 0043F84C
:0043F83C 6A00
push 00000000
:0043F83E 8B436C
:0043F841 E8BA96FEFF
call 00428F00
:0043F846 50
push eax
|
:0043F847 E8F46BFCFF
Call 00406440
|:0043F81D(C), :0043F828(C), :0043F83A(C)
|
:0043F84C 5E
pop esi
:0043F84D 5B
pop ebx
:0043F84E C3
ret
:0043F84F 90
nop

|:0043D8AC , :0043DC54 , :0043EAF7 , :0043F3CF , :0043F6AB
|:0043F71D , :0043F7BD , :0043FD86
|
:0043F850 53
push ebx
:0043F851 8BD8
mov ebx, eax
:0043F853 837B4800
:0043F857 741C
je 0043F875
:0043F859 8BC3
mov eax, ebx
:0043F85B E8B4FFFFFF
call 0043F814
:0043F860 33C0
xor eax, eax
:0043F862 894348
:0043F865 C6434000
mov [ebx+40], 00
:0043F869 E816E1FFFF
call 0043D984
:0043F86E 8BC3
mov eax, ebx
:0043F870 E83FFEFFFF
call 0043F6B4
|:0043F857(C)
|
:0043F875 5B
pop ebx
:0043F876 C3
ret
:0043F877 90
nop

|:0043F945 , :0043F967
|
:0043F878 51
push ecx
:0043F879 89D1
mov ecx, edx
:0043F87B 89FA
mov edx, edi
:0043F87D 89C7
mov edi, eax
:0043F87F 58
pop eax
:0043F880 F3
repz
:0043F881
:0043F882
:0043F884
:0043F886
AE
89C8
89D7
C3
:0043F887 90
scasb
mov eax, ecx
mov edi, edx
ret
nop

|:0043FACC
|
:0043F888 55
push ebp
:0043F889 8BEC
mov ebp, esp
:0043F88B 83C4D8
add esp, FFFFFFD8
:0043F88E 53
push ebx
:0043F88F 56
push esi
:0043F890 57
push edi
:0043F891 6A0E
push 0000000E
:0043F893 A1302B4400
:0043F898 8B00
:0043F89A FFD0
call eax
:0043F89C 8945FC
:0043F89F 8D45D8
:0043F8A2 50
push eax
|
:0043F8A3 E89068FCFF
Call 00406138
:0043F8A8 50
push eax
|
:0043F8A9 E8C268FCFF
Call 00406170
:0043F8AE 85C0
test eax, eax
:0043F8B0 0F841B010000
je 0043F9D1
:0043F8B6 33D2
xor edx, edx
:0043F8B8 55
push ebp
:0043F8B9 68CAF94300
push 0043F9CA
:0043F8BE 64FF32
:0043F8C1 648922
:0043F8C4 8D4DF4
:0043F8C7 8D55F8
:0043F8CA 8B45E4
:0043F8CD E84668FDFF
call 00416118
:0043F8D2 8B45F8
:0043F8D5 0345F4
:0043F8D8 E86B7BFCFF
call 00407448
:0043F8DD 8945F0
:0043F8E0 33D2
xor edx, edx
:0043F8E2 55
push ebp
:0043F8E3 689BF94300
push 0043F99B
:0043F8E8 64FF32
:0043F8EB 648922
:0043F8EE 8B5DF0
:0043F8F1 035DF8
add ebx, dword ptr [ebp-08]
:0043F8F4 53
push ebx
:0043F8F5 8B75F0
:0043F8F8 8BCE
mov ecx, esi
:0043F8FA 33D2
xor edx, edx
:0043F8FC 8B45E4
:0043F8FF
:0043F904
:0043F906
:0043F908
:0043F90B
:0043F910
:0043F912
:0043F915
:0043F917
:0043F91B
:0043F91E
:0043F921
:0043F924
:0043F926
:0043F928
E8CC68FDFF
84C0
7477
8B45F0
6683780E01
756D
8B4604
8BD0
0FB74E0E
0FAFD1
83C21F
83E2E0
85D2
7903
83C207
call 004161D0
test al, al
je 0043F97F
jne 0043F97F
mov edx, eax
movzx ecx, word ptr [esi+0E]
imul edx, ecx
add edx, 0000001F
and edx, FFFFFFE0
test edx, edx
jns 0043F92B
add edx, 00000007
|:0043F926(C)
|
:0043F92B C1FA03
:0043F92E 8955EC
:0043F931 8BF8
:0043F933 0FAF7DEC
:0043F937 035DF4
:0043F93A 2BDF
:0043F93C B9FF000000
:0043F941 8BD7
:0043F943 8BC3
:0043F945 E82EFFFFFF
:0043F94A 8945FC
:0043F94D 837DFC00
:0043F951 751C
:0043F953 8B4608
:0043F956 8B5604
:0043F959 03D2
:0043F95B 3BC2
:0043F95D 7C10
:0043F95F 8BC3
:0043F961 2BC7
:0043F963 33C9
:0043F965 8BD7
:0043F967 E80CFFFFFF
:0043F96C 8945FC
|:0043F951(C), :0043F95D(C)
|
:0043F96F 8B45FC
:0043F972 99
:0043F973 F77DEC
:0043F976 8945FC
:0043F979 8B45E0
:0043F97C 2945FC
|:0043F906(C), :0043F910(C)
|
:0043F97F 33C0
:0043F981 5A
:0043F982 59
sar edx, 03
mov edi, eax
imul edi, dword ptr [ebp-14]
add ebx, dword ptr [ebp-0C]
sub ebx, edi
mov ecx, 000000FF
mov edx, edi
mov eax, ebx
call 0043F878
jne 0043F96F
add edx, edx
cmp eax, edx
jl 0043F96F
mov eax, ebx
sub eax, edi
xor ecx, ecx
mov edx, edi
call 0043F878

cdq
idiv [ebp-14]
xor eax, eax

pop edx
pop ecx
:0043F983 59
:0043F984 648910
:0043F987 68A2F94300
pop ecx
push 0043F9A2
|:0043F9A0(U)
|
:0043F98C 8B55F8
:0043F98F 0355F4
:0043F992 8B45F0
:0043F995 E8122DFCFF
:0043F99A C3
:0043F99B
:0043F9A0
:0043F9A2
:0043F9A4
:0043F9A5
:0043F9A6
:0043F9A7
:0043F9AA
jmp 00403278
jmp 0043F98C
xor eax, eax
pop edx
pop ecx
pop ecx
push 0043F9D1
E9D838FCFF
EBEA
33C0
5A
59
59
648910
68D1F94300

call 004026AC
ret

|:0043F9CF(U)
|
:0043F9AF 8B45E8
:0043F9B2 85C0
test eax, eax
:0043F9B4 7406
je 0043F9BC
:0043F9B6 50
push eax
|
:0043F9B7 E89464FCFF
Call 00405E50
|:0043F9B4(C)
|
:0043F9BC 8B45E4
:0043F9BF 85C0
test eax, eax
:0043F9C1 7406
je 0043F9C9
:0043F9C3 50
push eax
|
:0043F9C4 E88764FCFF
Call 00405E50
|:0043F9C1(C)
|
:0043F9C9 C3
:0043F9CA E9A938FCFF
:0043F9CF EBDE

ret
jmp 00403278
jmp 0043F9AF

|:0043F8B0(C)
|
:0043F9D1 8B45FC
:0043F9D4 5F
pop edi
:0043F9D5 5E
pop esi
:0043F9D6
:0043F9D7
:0043F9D9
:0043F9DA
5B
8BE5
5D
C3
:0043F9DB 90
pop ebx
mov esp, ebp
pop ebp
ret
nop

|:0043FC4F
|
:0043F9DC 55
push ebp
:0043F9DD 8BEC
mov ebp, esp
:0043F9DF 53
push ebx
:0043F9E0 56
push esi
:0043F9E1 8BD8
mov ebx, eax
:0043F9E3 85DB
test ebx, ebx
:0043F9E5 7506
jne 0043F9ED
:0043F9E7 8B1D34284400
|:0043F9E5(C)
|
:0043F9ED 8B4508
:0043F9F0 8B40FC
:0043F9F3 8B706C
:0043F9F6 85F6
:0043F9F8 740E
:0043F9FA 8B4508
:0043F9FD 8BC6
:0043F9FF E86431FCFF
:0043FA04 3BD8
:0043FA06 7424
|:0043F9F8(C)
|
:0043FA08 8B4508
:0043FA0B 8B40FC
:0043FA0E 8B406C
:0043FA11 E80A32FCFF
:0043FA16 8B4508
:0043FA19 8B48FC
:0043FA1C B201
:0043FA1E 8BC3
:0043FA20 FF502C
:0043FA23 8B5508
:0043FA26 8B52FC
:0043FA29 89426C
mov eax, dword

mov eax, dword
mov esi, dword
test esi, esi
je 0043FA08
mov eax, dword
mov eax, esi
call 00402B68
cmp ebx, eax
je 0043FA2C
ptr [ebp+08]
ptr [eax-04]
ptr [eax+6C]
ptr [ebp+08]

call 00402C20
mov dl, 01
mov eax, ebx
call [eax+2C]

|:0043FA06(C)
|
:0043FA2C 5E
pop esi
:0043FA2D 5B
pop ebx
:0043FA2E 5D
pop ebp
:0043FA2F C3
ret

|:0043F7B4 , :0043F809
|
:0043FA30 55
push ebp
:0043FA31 8BEC
mov ebp, esp
:0043FA33 81C470FFFFFF
add esp, FFFFFF70
:0043FA39 53
push ebx
:0043FA3A 56
push esi
:0043FA3B 57
push edi
:0043FA3C 33C9
xor ecx, ecx
:0043FA3E 898D74FFFFFF
mov dword ptr [ebp+FFFFFF74], ecx
:0043FA44 898D70FFFFFF
mov dword ptr [ebp+FFFFFF70], ecx
:0043FA4A 8BF2
mov esi, edx
:0043FA4C 8D7DF4
:0043FA4F A5
movsd
:0043FA50 A5
movsd
:0043FA51 8945FC
:0043FA54 8D45A0
:0043FA57 8B1544624300
:0043FA5D E8A244FCFF
call 00403F04
:0043FA62 8D75FC
:0043FA65 33C0
xor eax, eax
:0043FA67 55
push ebp
:0043FA68 68B7FD4300
push 0043FDB7
:0043FA6D 64FF30
:0043FA70 648920
:0043FA73 8B06
:0043FA75 C6404000
mov [eax+40], 00
:0043FA79 8B06
:0043FA7B 80787000
:0043FA7F 0F84EB020000
je 0043FD70
:0043FA85 8B06
:0043FA87 83784800
:0043FA8B 0F84DF020000
je 0043FD70
:0043FA91 E83E6BFFFF
call 004365D4
:0043FA96 84C0
test al, al
:0043FA98 0F84D2020000
je 0043FD70
:0043FA9E 8D45F4
:0043FAA1 B201
mov dl, 01
:0043FAA3 E8F021FEFF
call 00421C98
:0043FAA8 E887DDFFFF
call 0043D834
:0043FAAD 8B16
:0043FAAF 3B4248
:0043FAB2 0F85B8020000
jne 0043FD70
:0043FAB8 8B06
:0043FABA 8B4048
:0043FABD 8945A0
:0043FAC0 8B45F4
:0043FAC3 8945A8
:0043FAC6 8B45F8
:0043FAC9 8945AC
:0043FACC E8B7FDFFFF
call 0043F888
:0043FAD1 0145AC
:0043FAD4 A1A8374400
:0043FAD9 E8E2D2FFFF
call 0043CDC0
:0043FADE 8945B0
:0043FAE1 8B06
:0043FAE3 8B4044
:0043FAE6 8945B4
:0043FAE9 8D5580
:0043FAEC
:0043FAEE
:0043FAF1
:0043FAF6
:0043FAF7
:0043FAFA
:0043FAFD
:0043FB02
:0043FB03
:0043FB04
:0043FB05
:0043FB08
:0043FB0A
:0043FB0D
:0043FB0F
:0043FB12
:0043FB14
:0043FB17
:0043FB19
:0043FB1C
:0043FB1E
:0043FB21
:0043FB24
:0043FB26
:0043FB28
:0043FB2B
:0043FB2D
:0043FB2F
:0043FB32
8B06
8B4048
E86230FEFF
56
8D7580
8D7DB8
B904000000
F3
A5
5E
8D55EC
8B06
8B4048
8B08
FF5140
33C0
8945E4
33C0
8945E8
8B06
8B4048
8B5824
85DB
740C
8D55E4
8BC3
8B08
FF5140
EB2F
|:0043FB26(C)
|
:0043FB34 8B06
:0043FB36 8B5848
:0043FB39 8BC3
:0043FB3B 8B15CCF94100
:0043FB41 E84A32FCFF
:0043FB46 84C0
:0043FB48 7419
:0043FB4A 83BB6801000000
:0043FB51 7410
:0043FB53 8D45E4
:0043FB56 50
:0043FB57 8B8368010000
:0043FB5D 50

call 00422B58
push esi
mov ecx, 00000004
repz
movsd
pop esi
call [ecx+40]
xor eax, eax
xor eax, eax
test ebx, ebx
je 0043FB34
mov eax, ebx
call [ecx+40]
jmp 0043FB63
mov eax, ebx
call 00402D90
test al, al
je 0043FB63
cmp dword ptr [ebx+00000168], 00000000
je 0043FB63
push eax
push eax

|
:0043FB5E E8C564FCFF
Call 00406028
|:0043FB32(U), :0043FB48(C), :0043FB51(C)
|
:0043FB63 8B45E8
:0043FB66 2B45F0
:0043FB69 50
push eax
:0043FB6A 8B45E4
:0043FB6D 2B45EC
:0043FB70 50
push eax
:0043FB71 8D45B8
:0043FB74 50

push eax

|
:0043FB75 E89E67FCFF
Call 00406318
:0043FB7A 8D8D78FFFFFF
:0043FB80 8D55F4
:0043FB83 8B06
:0043FB85 8B4048
:0043FB88 E86731FEFF
call 00422CF4
:0043FB8D 8B8578FFFFFF
mov eax, dword ptr [ebp+FFFFFF78]
:0043FB93 8945C8
:0043FB96 8B857CFFFFFF
mov eax, dword ptr [ebp+FFFFFF7C]
:0043FB9C 8945CC
:0043FB9F 8D9570FFFFFF
:0043FBA5 8B06
:0043FBA7 8B4048
:0043FBAA E855DCFFFF
call 0043D804
:0043FBAF 8B8570FFFFFF
mov eax, dword ptr [ebp+FFFFFF70]
:0043FBB5 8D9574FFFFFF
:0043FBBB E8BC0AFEFF
call 0042067C
:0043FBC0 8B9574FFFFFF
mov edx, dword ptr [ebp+FFFFFF74]
:0043FBC6 8D45D8
:0043FBC9 E8823CFCFF
call 00403850
:0043FBCE 33C0
xor eax, eax
:0043FBD0 8945D0
:0043FBD3 8B06
:0043FBD5 8B405C
:0043FBD8 8945D4
:0043FBDB A134284400
:0043FBE0 8945A4
:0043FBE3 33C0
xor eax, eax
:0043FBE5 8945DC
:0043FBE8 8D45A0
:0043FBEB 50
push eax
:0043FBEC 8B06
:0043FBEE 8B4048
:0043FBF1 33C9
xor ecx, ecx
:0043FBF3 BA30B00000
mov edx, 0000B030
:0043FBF8 E89745FEFF
call 00424194
:0043FBFD 85C0
test eax, eax
:0043FBFF 0F9445E3
sete byte ptr [ebp-1D]
:0043FC03 807DE300
:0043FC07 7424
je 0043FC2D
:0043FC09 8B06
:0043FC0B 6683B81A01000000
:0043FC13 7418
je 0043FC2D
:0043FC15 8D45A0
:0043FC18 50
push eax
:0043FC19 8D4DE3
lea ecx, dword ptr [ebp-1D]
:0043FC1C 8D55D8
:0043FC1F 8B1E
mov ebx, dword ptr [esi]
:0043FC21 8B831C010000
:0043FC27 FF9318010000
|:0043FC07(C), :0043FC13(C)
|
:0043FC2D 8B06
:0043FC2F
:0043FC32
:0043FC35
:0043FC37
:0043FC3B
:0043FC41
:0043FC45
:0043FC4B
:0043FC4C
:0043FC4F
:0043FC54
:0043FC55
:0043FC57
:0043FC5A
:0043FC5D
:0043FC5F
:0043FC62
:0043FC64
:0043FC67
:0043FC6A
:0043FC6B
:0043FC6E
:0043FC6F
:0043FC71
:0043FC74
:0043FC77
:0043FC7A
:0043FC7C
:0043FC82
:0043FC85
:0043FC86
:0043FC89
:0043FC8A
:0043FC8D
8A55E3
885040
8B06
80784000
0F842F010000
837DD800
0F8425010000
55
8B45A4
E888FDFFFF
59
8B06
8B4048
8A504F
8B06
8B406C
8B08
FF516C
8B45DC
50
8D4590
50
8B06
8B406C
8B4DD8
8B55B0
8B18
FF93C4000000
8B45AC
50
8B45A8
50
8D4590
50
mov dl, byte ptr [ebp-1D]

je 0043FD70
je 0043FD70
push ebp
call 0043F9DC
pop ecx
call [ecx+6C]
push eax
push eax
push eax
push eax
push eax

|
:0043FC8E E88566FCFF
Call 00406318
:0043FC93 8B06
:0043FC95 8B406C
:0043FC98 66BBCFFF
mov bx, FFCF
:0043FC9C E85331FCFF
call 00402DF4
:0043FCA1 84C0
test al, al
:0043FCA3 7432
je 0043FCD7
:0043FCA5 8B06
:0043FCA7 8B406C
:0043FCAA 8B80EC010000
:0043FCB0 8B55D8
:0043FCB3 E80850FDFF
call 00414CC0
:0043FCB8 83C005
add eax, 00000005
:0043FCBB 294590
:0043FCBE 8B06
:0043FCC0 8B406C
:0043FCC3 8B80EC010000
:0043FCC9 8B55D8
:0043FCCC E8EF4FFDFF
call 00414CC0
:0043FCD1 83C005
add eax, 00000005
:0043FCD4 294598
|:0043FCA3(C)
|
:0043FCD7 8D8D78FFFFFF
:0043FCDD 8D55B8
:0043FCE0 8B06
:0043FCE2 8B4048
:0043FCE5 E8DE2FFEFF
:0043FCEA 8B06
:0043FCEC 8B9578FFFFFF
:0043FCF2 89504C
:0043FCF5 8B957CFFFFFF
:0043FCFB 895050
:0043FCFE 8D8D78FFFFFF
:0043FD04 8D55C0
:0043FD07 8B06
:0043FD09 8B4048
:0043FD0C E8B72FFEFF
:0043FD11 8B06
:0043FD13 8B9578FFFFFF
:0043FD19 895054
:0043FD1C 8B957CFFFFFF
:0043FD22 895058
:0043FD25 8B06
:0043FD27 8B406C
:0043FD2A 8B55B4
:0043FD2D E8FE35FEFF
:0043FD32 8B45DC
:0043FD35 50
:0043FD36 8B06
:0043FD38 8B406C
:0043FD3B 8B4DD8
:0043FD3E 8D5590
:0043FD41 8B18
:0043FD43 FF93C0000000
:0043FD49 E8C2DBFFFF
:0043FD4E 8B45D0
:0043FD51 85C0
:0043FD53 7E0D
:0043FD55 33C9
:0043FD57 8BD0
:0043FD59 8B06
:0043FD5B E81CF9FFFF
:0043FD60 EB29
|:0043FD53(C)
|
:0043FD62 B101
:0043FD64 8B55D4
:0043FD67 8B06
:0043FD69 E80EF9FFFF
:0043FD6E EB1B

call 00422CC8
mov edx, dword ptr [ebp+FFFFFF7C]
call 00422CC8
mov edx, dword ptr [ebp+FFFFFF7C]
call 00423330
push eax
call 0043D910
test eax, eax
jle 0043FD62
xor ecx, ecx
mov edx, eax
call 0043F67C
jmp 0043FD8B
mov cl, 01
call 0043F67C
jmp 0043FD8B

|:0043FA7F(C), :0043FA8B(C), :0043FA98(C), :0043FAB2(C), :0043FC3B(C)
|:0043FC45(C)
|
:0043FD70 8B45D0
:0043FD73 85C0
test eax, eax
:0043FD75 7E0D
jle 0043FD84
:0043FD77
:0043FD79
:0043FD7B
:0043FD7D
:0043FD82
33C9
8BD0
8B06
E8FAF8FFFF
EB07
xor ecx, ecx

mov edx, eax
call 0043F67C
jmp 0043FD8B

|:0043FD75(C)
|
:0043FD84 8B06
:0043FD86 E8C5FAFFFF
call 0043F850
|:0043FD60(U), :0043FD6E(U), :0043FD82(U)
|
:0043FD8B 33C0
xor eax, eax
:0043FD8D 5A
pop edx
:0043FD8E 59
pop ecx
:0043FD8F 59
pop ecx
:0043FD90 648910
|
:0043FD93 68BEFD4300
push 0043FDBE
|:0043FDBC(U)
|
:0043FD98 8D8570FFFFFF
:0043FD9E BA02000000
:0043FDA3 E8343AFCFF
:0043FDA8 8D45A0
:0043FDAB 8B1544624300
:0043FDB1 E81A42FCFF
:0043FDB6 C3
:0043FDB7
:0043FDBC
:0043FDBE
:0043FDBF
:0043FDC0
:0043FDC1
:0043FDC3
:0043FDC4
jmp
jmp
pop
pop
pop
mov
pop
ret
E9BC34FCFF
EBDA
5F
5E
5B
8BE5
5D
C3
:0043FDC5 8D4000

mov edx, 00000002
call 004037DC
call 00403FD0
ret
00403278
0043FD98
edi
esi
ebx
esp, ebp
ebp

|:0043E5BC
|
:0043FDC8 53
push ebx
:0043FDC9 56
push esi
:0043FDCA 57
push edi
:0043FDCB 55
push ebp
:0043FDCC 83C4F8
add esp, FFFFFFF8
:0043FDCF 8BD9
mov ebx, ecx
:0043FDD1 891424
:0043FDD4 8BF0
mov esi, eax
:0043FDD6
:0043FDDB
:0043FDDE
:0043FDE0
:0043FDE2
:0043FDE3
:0043FDE5
:0043FDE9
:0043FDEB
:0043FDF0
:0043FDF1
A1A8374400
8B7860
85FF
7411
53
33C9
8B542404
8BC7
E8A443FEFF
48
7420
|:0043FDE0(C)
|
:0043FDF3 8B6E30
:0043FDF6 3BFD
:0043FDF8 7415
:0043FDFA 85ED
:0043FDFC 7411
:0043FDFE 53
:0043FDFF 33C9
:0043FE01 8B542404
:0043FE05 8BC5
:0043FE07 E88843FEFF
:0043FE0C 48
:0043FE0D 7404

test edi, edi
je 0043FDF3
push ebx
xor ecx, ecx
mov eax, edi
call 00424194
dec eax
je 0043FE13
cmp edi, ebp
je 0043FE0F
test ebp, ebp
je 0043FE0F
push ebx
xor ecx, ecx
mov eax, ebp
call 00424194
dec eax
je 0043FE13

|:0043FDF8(C), :0043FDFC(C)
|
:0043FE0F 33C0
xor eax, eax
:0043FE11 EB02
jmp 0043FE15
|:0043FDF1(C), :0043FE0D(C)
|
:0043FE13 B001
mov al, 01
|:0043FE11(U)
|
:0043FE15 88442404
:0043FE19 807C240400
:0043FE1E 752C
:0043FE20 8BC3
:0043FE22 8B15F4D74200
:0043FE28 E8632FFCFF
:0043FE2D 84C0
:0043FE2F 741B
:0043FE31 807B5100
:0043FE35 7415
:0043FE37 807B4800
:0043FE3B 740F
:0043FE3D 66837B2E00
:0043FE42 0F95C2
:0043FE45 8BC3
:0043FE47 E8F8E2FEFF

jne 0043FE4C
mov eax, ebx
call 00402D90
test al, al
je 0043FE4C
je 0043FE4C
je 0043FE4C
setne dl
mov eax, ebx
call 0042E144
|:0043FE1E(C), :0043FE2F(C), :0043FE35(C), :0043FE3B(C)

|
:0043FE4C 8A442404
:0043FE50 59
pop ecx
:0043FE51 5A
pop edx
:0043FE52 5D
pop ebp
:0043FE53 5F
pop edi
:0043FE54 5E
pop esi
:0043FE55 5B
pop ebx
:0043FE56 C3
ret
:0043FE57 90
nop

|:0042DB26
|
:0043FE58 53
push ebx
:0043FE59 51
push ecx
:0043FE5A C6042400
:0043FE5E 6683B8BA00000000
cmp word ptr [eax+000000BA], 0000
:0043FE66 7410
je 0043FE78
:0043FE68 8BCC
mov ecx, esp
:0043FE6A 8BD8
mov ebx, eax
:0043FE6C 8B83BC000000
mov eax, dword ptr [ebx+000000BC]
:0043FE72 FF93B8000000
|:0043FE66(C)
|
:0043FE78 8A0424
:0043FE7B 5A
pop edx
:0043FE7C 5B
pop ebx
:0043FE7D C3
ret
:0043FE7E 8BC0
mov eax, eax

|:0042DB7E
|
:0043FE80 53
push ebx
:0043FE81 51
push ecx
:0043FE82 C6042400
:0043FE86 6683B8C200000000
:0043FE8E 7410
je 0043FEA0
:0043FE90 8BCC
mov ecx, esp
:0043FE92 8BD8
mov ebx, eax
:0043FE94 8B83C4000000
:0043FE9A FF93C0000000
|:0043FE8E(C)
|
:0043FEA0 8A0424
:0043FEA3 5A
pop edx
:0043FEA4 5B
pop ebx
:0043FEA5 C3
ret
:0043FEA6
:0043FEA8
:0043FEAA
:0043FEAC
:0043FEAE
:0043FEAF
:0043FEB1
:0043FEB4
8BC0
0100
0000
3428
44
0030
004200
00000000
mov eax, eax

xor al, 28
inc esp
add byte ptr [edx+00], al
BYTE 4 DUP(0)
:0043FEB8
:0043FEB9
:0043FEBB
:0043FEBD
:0043FEBE
:0043FEC3
:0043FEC6
:0043FEC9
:0043FECF
:0043FED1
:0043FED8
:0043FEDA
55
8BEC
33C0
55
6801FF4300
64FF30
648920
FF05AC374400
7522
833DA437440000
7405
E8A164FFFF
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0043FF01
inc dword ptr [004437AC]
jne 0043FEF3
cmp dword ptr [004437A4], 00000000
je 0043FEDF
call 00436380
|:0043FED8(C)
|
:0043FEDF 833DDC37440000
:0043FEE6 740B
:0043FEE8 A1DC374400
:0043FEED 50

cmp dword ptr [004437DC], 00000000
je 0043FEF3
push eax

|
:0043FEEE E8355DFCFF
Call 00405C28
|:0043FECF(C), :0043FEE6(C)
|
:0043FEF3 33C0
:0043FEF5 5A
:0043FEF6 59
:0043FEF7 59
:0043FEF8 648910
:0043FEFB 6808FF4300
|:0043FF06(U)
|
:0043FF00 C3
:0043FF01 E97233FCFF
:0043FF06 EBF8
:0043FF08 5D
:0043FF09 C3
:0043FF0A
:0043FF0C
:0043FF13
:0043FF15
:0043FF1A
mov eax, eax

sub dword ptr [004437AC], 00000001
jnb 0043FF2A
mov eax, 0043FEA8
call 004035E4
8BC0
832DAC37440001
7315
B8A8FE4300
E8C536FCFF
xor eax, eax

pop edx
pop ecx
pop ecx
push 0043FF08
ret
jmp 00403278
jmp 0043FF00
pop ebp
ret
:0043FF1F A1982A4400
* Possible StringData Ref from Code Obj ->"SVWU"

|
:0043FF24 C70000664300
|:0043FF13(C)
|
:0043FF2A C3
:0043FF2B 90
:0043FF2C 55
:0043FF2D 8BEC
:0043FF2F 33C0
:0043FF31 55
:0043FF32 6851FF4300
:0043FF37 64FF30
:0043FF3A 648920
:0043FF3D FF05E8374400
:0043FF43 33C0
:0043FF45 5A
:0043FF46 59
:0043FF47 59
:0043FF48 648910
:0043FF4B 6858FF4300
|:0043FF56(U)
|
:0043FF50 C3
:0043FF51 E92233FCFF
:0043FF56 EBF8
:0043FF58 5D
:0043FF59 C3
:0043FF5A 8BC0
:0043FF5C 832DE837440001
:0043FF63 C3
mov eax, eax

sub dword ptr [004437E8], 00000001
ret
:0043FF64
:0043FF66
:0043FF67
:0043FF71
mov al, FF
inc ebx
BYTE 10 DUP(0)
BYTE 3 DUP(0)
B0FF
43
00000000000000000000
000000
ret
nop
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 0043FF51
xor eax, eax
pop edx
pop ecx
pop ecx
push 0043FF58
ret
jmp 00403278
jmp 0043FF50
pop ebp
ret
:0043FF74 58
:0043FF75 00440000
:0043FF79 00000000000000
pop eax
BYTE 7 DUP(0)
:0043FF80
:0043FF82
:0043FF83
:0043FF86
:0043FF87
:0043FF8A
:0043FF8C
:0043FF90
cmp al, 00
inc esp
add byte ptr [edx+00], cl
inc esp
enter 41FD, 00
push 3400411C
3C00
44
004A00
44
002C01
0000
C8FD4100
681C410034
:0043FF95 2E
BYTE 02eh
:0043FF96 40
:0043FF97 0038
:0043FF99 2E
inc eax
BYTE 02eh
:0043FF9A
:0043FF9B
:0043FF9E
:0043FF9F
:0043FFA5
:0043FFA8
:0043FFAC
:0043FFB2
:0043FFB3
:0043FFB6
:0043FFB7
:0043FFB9
:0043FFBC
:0043FFBE
:0043FFBF
:0043FFC1
:0043FFC2
:0043FFC3
:0043FFC6
:0043FFC7
:0043FFC9
:0043FFCA
:0043FFCB
:0043FFD1
:0043FFD4
:0043FFD9
:0043FFDB
:0043FFE2
:0043FFE3
:0043FFE5
:0043FFE6
:0043FFE7
:0043FFEB
:0043FFF1
:0043FFF3
:0043FFFA
:0043FFFB
:00440001
:00440006
:00440007
:0044000A
:0044000B
:0044000E
:0044000F
:00440011
:00440014
:00440016
:00440017
:0044001B
:0044001D
:00440020
:00440022
inc eax
inc eax
enter 402B, 00
sub byte ptr [4F6C0044], al
inc edx
inc edx
cmp al, 4F
inc edx
add ah, bl
daa
inc edx
inc edx
das
inc edx
mov esp, 88004118
sbb al, 41
add byte ptr [esp+eax+51EC0044], dl
inc edx
add ah, al
aas
inc edx
add byte ptr [ecx+ecx+44], cl
sub al, 42
inc edx
and eax, 51000042
inc edx
inc edx
inc edx
add al, bl
inc edx
js 00440064
inc edx
40
003C2E
40
0090434200B4
2B4000
C82B4000
280544006C4F
42
006844
42
0008
D24000
3C4F
42
00DC
27
42
004827
42
0028
2F
42
00801C4100C4
184100
BC18410088
1C41
0094044400EC51
42
00C4
3F
42
004C0944
009040420038
2C42
009C2B42009C34
42
00B8254200BC
2542000051
42
002C51
42
001427
42
00D8
304200
1030
42
00743342
0038
324200
7842
42
:00440023 00B05142005C
:00440029 36

BYTE 036h
:0044002A
:0044002B
:00440031
:00440034
:00440035
42
0080364200B8
284200
6C
36
inc edx
insb
BYTE 036h
:00440036
:00440037
:0044003A
:0044003B
:0044003D
:0044003F
:00440041
:00440044
:00440045
:00440049
:0044004B
:0044004C
:0044004D
:0044004E
:0044004F
:00440054
:00440055
:00440059
:0044005A
:0044005B
:0044005C
:0044005D
:0044005E
:0044005F
42
001406
44
0002
00DD
FFCE
FF5805
44
006C0744
0006
54
49
6D
61
67658D4000
58
00440007
06
54
49
6D
61
67
65
inc edx
add byte ptr [esi+eax], dl
inc esp
add ch, bl
dec esi
call far [eax+05]
inc esp
add byte ptr [edi+eax+44], ch
push esp
dec ecx
insd
popad
pop eax
add byte ptr [eax+eax+07], al
push es
push esp
dec ecx
insd
popad
BYTE 067h
BYTE 065h
:00440060
:00440062
:00440063
:00440069
:0044006B
:0044006C
:0044006E
:0044006F
:00440071
:00440072
:00440074
:00440076
:0044007B
:0044007D
:0044007F
:00440080
:00440082
B0FF
43
00B8FE410025
0008
45
7874
43
7472
6C
731D
00C8
E841004B00
00FF
2028
42
0001
000000000000
mov al, FF
inc ebx
add byte ptr [eax+250041FE], bh
inc ebp
js 004400E2
inc ebx
je 004400E3
insb
jnb 00440091
add al, cl
call 008F00BC
add bh, bh
inc edx
BYTE 6 DUP(0)
:00440088
:0044008B
:0044008D
:0044008F
800000
0000
0800
05416C6967

add eax, 67696C41
:00440094
:00440095
:00440096
:00440097
:00440098
:0044009B
:0044009D
:0044009E
:004400A0
:004400A1
:004400A2
6E
54
ED
41
006000
00FF
60
0000
FF
FC
26
outsb
push esp
in ax, dx
inc ecx
add bh, bh
pushad
BYTE 0ffh
cld
BYTE 026h
:004400A3 42
:004400A4 00000000
inc edx
BYTE 4 DUP(0)
:004400A8
:004400AB
:004400AD
:004400AF
:004400B0
:004400B1
:004400B2
:004400B5
:004400B7
:004400B9
:004400BA
:004400BE
:004400C0
:004400C1
:004400C2
:004400C4
800300
0000
0900
07
41
6E
63686F
7273
0010
40
004C0000
FF10
2F
42
0001
000000000000

pop es
inc ecx
outsb
jb 0044012A
inc eax
das
inc edx
BYTE 6 DUP(0)
:004400CA
:004400CD
:004400CF
:004400D1
:004400D4
:004400D6
:004400D7
:004400DE
800000
0000
0A00
084175
746F
53
697A6500104000
250100FFD8

je 00440145
push ebx
and eax, D8FF0001
|:0044006F(C)
|
:004400E3 07
:004400E4 44
:004400E5 0001
:004400E7 000000000000
:004400ED
:004400F0
:004400F2
:004400F4
:004400F5
:004400F6

push es
inc ebx
BYTE 065h
800000
0000
0B00
06
43
65
pop es
inc esp
BYTE 6 DUP(0)
:004400F7 6E
:004400F8 7465
:004400FA 7200
outsb
je 0044015F
jb 004400FC
|:004400FA(C)
|
:004400FC EE
:004400FD 41
:004400FE 006800
:00440101 00FF
:00440103 680000FF01
:00440108 000000000000
:0044010E
:00440111
:00440117
:00440118
:00440119
:0044011B
:0044011D
:00440124
:00440127
:00440129

add byte ptr [eax+430B000C], al
outsd
outsb
jnb 0044018F
jb 0044017E
imul ebp, dword ptr [esi+74], 41E8B073
add bh, bh
outsb
800000
00800C000B43
6F
6E
7374
7261
696E7473B0E841
006E00
00FF
6E
out dx, al
inc ecx
add bh, bh
push 01FF0000
BYTE 6 DUP(0)
|:004400B5(C)
|
:0044012A 0000
:0044012C FF01
:0044012E 000000000000
:00440134 80F4FF
:00440137 FFFF
xor ah, FF
BYTE 2 DUP(0ffh)
:00440139
:0044013E
:0044013F
:00440141
:00440143
or eax, 72440A00
popad
inc ebx
jne 004401B5
jnb 004401B4
0D000A4472
61
6743
7572
736F

inc dword ptr [ecx]
BYTE 6 DUP(0)
|:004400D4(C)
|
:00440145 72C4
:00440147 EC
:00440148 41
:00440149 00870000FF87
:0044014F 0000
:00440151 FF01
:00440153 000000000000
:00440159 800000
:0044015C 0000
:0044015E 0E

push cs
jb 0044010B
in al, dx
inc ecx
inc dword ptr [ecx]
BYTE 6 DUP(0)
|:004400F8(C)
|
:0044015F 0008
:00440161 44
:00440162 7261
:00440164 674B
:00440166 696E6490EC4100
:0044016D 4D
:0044016E 0000
:00440170 FF5C0000
:00440174 FE01
:00440176 000000000000
:0044017C
:0044017F
:00440181
:00440184
:00440185
:00440187
:00440189
:0044018A

str dword ptr [eax]
inc esp
jb 004401E8
dec ebp
outsd
BYTE 064h
800000
0000
0F0008
44
7261
674D
6F
64

inc esp
jb 004401C5
dec ebx
dec ebp
call far [eax+eax]
inc byte ptr [ecx]
BYTE 6 DUP(0)
:0044018B 650010
:0044018E 40

inc eax
|:00440119(C)
|
:0044018F 005000
:00440192 00FE
:00440194 60
:00440195 0000
:00440197 FE
:00440198 BC4E420000
:0044019D 0000
:0044019F 800100
:004401A2 0000
:004401A4 1000
:004401A6 07
:004401A7 45
:004401A8 6E
:004401A9 61
:004401AA 626C6564
:004401AE 0010
:004401B0 40
:004401B1 0026
:004401B3 0100
|:00440141(C)
|
:004401B5 FF26
:004401B7 0100
:004401B9 FF01
:004401BB 000000000000

add dh, bh
pushad
BYTE 0feh
mov esp, 0000424E
pop es
inc ebp
outsb
popad
inc eax
add byte ptr [esi], ah
jmp dword ptr [esi]

inc dword ptr [ecx]
BYTE 6 DUP(0)
:004401C1
:004401C4
:004401C6
:004401C8
:004401CB
:004401CE
:004401CF
800000
0000
1100
12496E
637265
6D
65

adc cl, byte ptr [ecx+6E]
insd
BYTE 065h
:004401D0
:004401D1
:004401D3
:004401D4
:004401D5
:004401DC
:004401DF
:004401E1
:004401E3
:004401E5
:004401E6
6E
7461
6C
44
6973706C617900
104000
8600
00FF
0C33
42
0001
outsb
je 00440234
insb
inc esp
imul esi, dword ptr [ebx+70], 0079616C
add bh, bh
or al, 33
inc edx

|:00440185(C)
|
:004401E8 000000000000
BYTE 6 DUP(0)
:004401EE 800100
|:00440203(C)
|
:004401F1 0000
:004401F3 1200
:004401F5 0E
:004401F6 50
:004401F7 61
:004401F8 7265
:004401FA 6E
:004401FB 7453
:004401FD 686F774869
:00440202 6E
:00440203 74EC
:00440205 2E
:00440206
:00440207
:00440209
:0044020B
:0044020D
:0044020E
:0044020F
:00440211
41
0018
0100
FFF0
07
44
0001
000000000000
inc ecx
push eax
pop es
inc esp
BYTE 6 DUP(0)
:00440217
:0044021A
:00440220
:00440227
:00440229
800000
008013000750
69637475726538
0443
007000

imul esp, dword ptr [ebx+74], 38657275
add al, 43

push cs
push eax
popad
jb 0044025F
outsb
je 00440250
push 6948776F
outsb
je 004401F1
BYTE 02eh
:0044022C
:0044022E
:0044022F
:00440232
00FF
5C
314200
0100
add
pop
xor
add
bh, bh
esp
|:004401D1(C)
|
:00440234 0000000000
:00440239 800000
:0044023C 008014000950
:00440242 6F
:00440243 7075
:00440245 704D
:00440247 65
:00440248 6E
:00440249 7500
outsb
jne 0044024B
BYTE 5 DUP(0)
outsd
jo 004402BA
jo 00440294
BYTE 065h

|:00440249(C)
|
:0044024B 104000
:0044024E 8500
|:004401FB(C)
|
:00440250 00FF
:00440252 E8324200B4
:00440257 324200
:0044025A 000000
:0044025D
:00440260
:00440266
:0044026B
:0044026C

push 6948776F
outsb
je 0044026E
800000
008015000853
686F774869
6E
7400
add bh, bh
call B4444489
BYTE 3 DUP(0)
|:0044026C(C)
|
:0044026E 104000
:00440271 2401
:00440273 00FF
:00440275 0008
:00440277 44
:00440278 0001
:0044027A 000000000000
:00440280
:00440283
:00440285
:00440286
:00440288
:00440289
:0044028B

push ss
push ebx
je 004402FD
BYTE 065h
800000
0000
16
0007
53
7472
65

and al, 01
add bh, bh
inc esp
BYTE 6 DUP(0)
:0044028C 7463
:0044028E 6800104000
:00440293 27
je 004402F1
push 00401000
daa
|:00440245(C)
|
:00440294 0100
:00440296 FF18
:00440298 08440001
:0044029C 000000000000
:004402A2
:004402A5
:004402A7
:004402A8
:004402AA
:004402AB
:004402AD
:004402AE
:004402B0
:004402B1
:004402B3
:004402B4

pop ss
push esp
jb 0044030E
outsb
jnb 00440320
popad
jb 00440318
outsb
je 004402B6
800000
0000
17
000B
54
7261
6E
7370
61
7265
6E
7400

or byte ptr [eax+eax+01], al
BYTE 6 DUP(0)

|:004402B4(C)
|
:004402B6 104000
:004402B9 47
inc edi
|:00440243(C)
|
:004402BA 0000
:004402BC FF94304200FC4E
:004402C3 42
:004402C4 00000000
:004402C8
:004402CB
:004402CD
:004402CF
:004402D0
:004402D1
:004402D8
:004402D9
:004402DA
:004402DD
:004402DF
:004402E1
:004402E3
:004402E5
:004402E6

pop es
push esi
scasd
inc eax
add bh, bh
add al, 01
add bh, bh
sbb al, 4F
inc edx
BYTE 4 DUP(0)
800100
0000
1800
07
56
697369626C65F0
AF
40
000401
00FF
0401
00FF
1C4F
42
00000000

inc edx
BYTE 4 DUP(0)
:004402EA
:004402ED
:004402F3
:004402F4
:004402F5
:004402F6
800000
00801900074F
6E
43
6C
69636BF0AF4000

outsb
inc ebx
insb
|:00440289(C)
|
:004402FD 0C01
:004402FF 00FF
:00440301 0C01
:00440303 00FF
:00440305 0100
:00440307 0000000000
:0044030C
:0044030F
:00440315
:00440316
:00440317
:0044031B
:00440322
:00440323
:00440325
:00440327
:00440329
:0044032B
800000
00801A000A4F
6E
44
626C436C
69636B50F04100
CC
0000
FFCC
0000
FF01
000000000000

add byte ptr [eax+4F0A001A], al
outsb
inc esp
int 03
dec esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00440331
:00440334
:0044033A
:0044033B
:0044033C
:0044033E
:00440340
:00440342
:00440344
800000
00801B000A4F
6E
44
7261
6744
726F
70E0
EF

outsb
inc esp
jb 0044039F
inc esp
jb 004403B1
jo 00440324
out dx, ax
or al, 01
add bh, bh
or al, 01
add bh, bh
BYTE 5 DUP(0)
|:00440367(C)
|
:00440345 41
:00440346 00D4
:00440348 0000
:0044034A FFD4
:0044034C 0000
:0044034E FF01
:00440350 000000000000
:00440356
:00440359
:0044035F
:00440360
:00440361
:00440363

add byte ptr [eax+4F0A001C], al
outsb
inc esp
jb 004403C4
dec edi
800000
00801C000A4F
6E
44
7261
674F
inc ecx
add ah, dl
call esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00440365
:00440367
:00440369
:0044036A
:0044036B
:0044036D
:0044036F
:00440371
:00440373
:00440375
7665
72DC
F0
41
00EC
0000
FFEC
0000
FF01
000000000000
jbe 004403CC
jb 00440345
lock
inc ecx
add ah, ch
jmp far esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0044037B
:0044037E
:00440384
:00440385
:00440386
:00440387
800000
00801D00094F
6E
45
6E
64

outsb
inc ebp
outsb
BYTE 064h
:00440388
:00440389
:0044038A
:0044038D
:0044038E
:0044038F
:00440391
:00440393
:00440394
:00440395
:00440397
:00440399
44
6F
636BDC
F0
41
00FC
0000
FF
FC
0000
FF01
000000000000
inc esp
outsd
lock
inc ecx
add ah, bh
BYTE 0ffh
cld
inc dword ptr [ecx]
BYTE 6 DUP(0)
|:0044033C(C)
|
:0044039F 800000
:004403A2 00801E00094F
:004403A8 6E
:004403A9 45
:004403AA 6E
:004403AB 64
:004403AC
:004403AD
:004403AF
:004403B5
:004403B7
:004403BE
inc esp
jb 00440410
mov esp, B40041EE
push dword ptr [eax+eax+0001FF00]
BYTE 5 DUP(0)
44
7261
67BCEE4100B4
0000
FFB40000FF0100
0000000000
:004403C3 800000
:004403C6 00801F000B4F

outsb
inc ebp
outsb
BYTE 064h

add byte ptr [eax+4F0B001F], al

|:00440365(C)
|
:004403CC
:004403CD
:004403CE
:004403CF
:004403D1
6E
4D
6F
7573
65
outsb
dec ebp
outsd
jne 00440444
BYTE 065h
:004403D2
:004403D3
:004403D4
:004403D6
:004403D8
:004403D9
:004403E0
:004403E2
:004403E4
44
6F
776E
20EF
41
00BC0000FFBC00
00FF
0100
0000000000
inc esp
outsd
ja 00440444
and bh, ch
inc ecx
add bh, bh
BYTE 5 DUP(0)
:004403E9
:004403EC
:004403F2
:004403F3
:004403F4
:004403F5
:004403F7
800000
008020000B4F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 0044046A
BYTE 065h
:004403F8
:004403F9
:004403FA
:004403FC
:00440401
:00440403
:00440405
:00440407
:00440409
4D
6F
7665
BCEE4100C4
0000
FFC4
0000
FF01
000000000000
dec ebp
outsd
jbe 00440461
mov esp, C40041EE
inc esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:0044040F
:00440412
:00440418
:00440419
:0044041A
:0044041B
:0044041D
800000
00802100094F
6E
4D
6F
7573
65

outsb
dec ebp
outsd
jne 00440490
BYTE 065h
:0044041E
:0044041F
:00440421
:00440426
:00440428
:0044042A
:0044042C
:0044042E
55
700C
2D41001C01
00FF
1C01
00FF
0100
0000000000
push ebp
jo 0044042D
sub eax, 011C0041
add bh, bh
sbb al, 01
add bh, bh
BYTE 5 DUP(0)
:00440433 800000
:00440436 008022000A4F
:0044043C 6E

outsb
:0044043D
:0044043E
:00440440
:00440443
:00440445
:00440446
:00440447
:00440448
:0044044A
:0044044C
:0044044E
:00440450
:00440452
50
726F
677265
7373
50
F2
41
00E4
0000
FFE4
0000
FF01
000000000000
push eax
jb 004404AF
jb 004404A8
jnb 004404B8
push eax
repnz
inc ecx
add ah, ah
jmp esp
inc dword ptr [ecx]
BYTE 6 DUP(0)
:00440458 800000
:0044045B 008023000B4F

|:004403FA(C)
|
:00440461 6E
:00440462 53
:00440463 7461
:00440465 7274
:00440467 44
:00440468 6F
:00440469 636B9C
:0044046C F0
:0044046D 41
:0044046E 00F4
:00440470 0000
:00440472 FFF4
:00440474 0000
:00440476 FF01
:00440478 000000000000
:0044047E
:00440481
:00440487
:00440488
:00440489
:0044048B
:0044048D
:0044048E

outsb
push ebx
je 004404EC
jb 00440501
inc esp
jb 004404F1
800000
008024000B4F
6E
53
7461
7274
44
7261
outsb
push ebx
je 004404C6
jb 004404DB
inc esp
outsd
lock
inc ecx
add ah, dh
push esp
inc dword ptr [ecx]
BYTE 6 DUP(0)

|:0044041B(C)
|
:00440490 678D4000
lea eax, [bx+si+00]
|:00441018
|
:00440494 55
push ebp
:00440495 8BEC
mov ebp, esp
:00440497 51
push ecx
:00440498 53
push ebx
:00440499 56
push esi
:0044049A
:0044049C
:0044049E
:004404A1
84D2
7408
83C4F0
E85E2AFCFF
test dl, dl
je 004404A6
add esp, FFFFFFF0
call 00402F04

|:0044049C(C)
|
:004404A6 8855FF
:004404A9 8BD8
mov ebx, eax
:004404AB 33D2
xor edx, edx
:004404AD 8BC3
mov eax, ebx
|:0044043E(C)
|
:004404AF E8189BFEFF
:004404B4 A124054400
:004404B9 0B4340
:004404BC 894340
:004404BF B201
:004404C1 A1682E4100
|:00440463(C)
|
:004404C6 E84567FDFF
:004404CB 8BF0
:004404CD 89B318010000
:004404D3 895E0C
:004404D6 C7460830084400
:004404DD 895E18
:004404E0 8BC3
:004404E2 66BACEFF
:004404E6 E82129FCFF
:004404EB 894614
:004404EE BA69000000
:004404F3 8BC3
:004404F5 E8D624FEFF
:004404FA BA69000000
:004404FF 8BC3
|:0044048B(C)
|
:00440501 E8A624FEFF
:00440506 8BC3
:00440508 807DFF00
:0044050C 740F
:0044050E E8492AFCFF
:00440513 648F0500000000
:0044051A 83C40C
call 00429FCC
mov dl, 01
call 00416C10
mov esi, eax
mov [esi+08], 00440830
mov eax, ebx
mov dx, FFCE
call 00402E0C
mov edx, 00000069
mov eax, ebx
call 004229D0
mov edx, 00000069
mov eax, ebx
call 004229AC
mov eax, ebx
je 0044051D
call 00402F5C
add esp, 0000000C

|:0044050C(C)
|
:0044051D 8BC3
mov eax, ebx
:0044051F 5E
pop esi
:00440520 5B
pop ebx
:00440521 59
pop ecx
:00440522 5D
:00440523 C3
pop ebp
ret
:00440524 00
BYTE 0
:00440525
:00440527
:0044052A
:0044052F
:00440531
:00440533
:00440539
:0044053E
:00440540
:00440543
:00440545
:0044054A
:0044054C
:0044054E
:00440550

call 00402F64
mov ebx, edx
mov esi, eax
call 00402C20
mov edx, ebx
and dl, FC
mov eax, esi
call 0042A028
test bl, bl
jle 00440555
mov eax, esi
call 00402F54
0800
005356
E8352AFCFF
8BDA
8BF0
8B8618010000
E8E226FCFF
8BD3
80E2FC
8BC6
E8DE9AFEFF
84DB
7E07
8BC6
E8FF29FCFF

|:0044054C(C)
|
:00440555 5E
pop esi
:00440556 5B
pop ebx
:00440557 C3
ret
:00440558
:0044055A
:00440560
:00440563
:00440565
:00440567
:00440569
:0044056B
:0044056E
33D2
8B8818010000
8B4904
85C9
7409
8BC1
8B10
FF5224
8BD0
xor edx, edx

test ecx, ecx
je 00440570
mov eax, ecx
call [edx+24]
mov edx, eax

|:00440565(C)
|
:00440570 8BC2
mov eax, edx
:00440572 C3
ret
:00440573 90
nop

|:00440690
|
:00440574 53
push ebx
:00440575 56
push esi
:00440576 8BF2
mov esi, edx
:00440578 8BD8
mov ebx, eax
:0044057A 80BB2401000000
:00440581 740C
je 0044058F
:00440583 8BD6
mov edx, esi
:00440585
:00440587
:00440589
:0044058C
:0044058D
:0044058E
8BC3
8B08
FF5144
5E
5B
C3
mov eax, ebx

call [ecx+44]
pop esi
pop ebx
ret
|:00440581(C)
|
:0044058F 80BB2501000000
:00440596 7453
:00440598 8B8318010000
:0044059E E80D6BFDFF
:004405A3 50
:004405A4 56
:004405A5 8B8318010000
:004405AB E8006BFDFF
:004405B0 8B533C
:004405B3 2BD0
:004405B5 D1FA
:004405B7 7903
:004405B9 83D200
|:004405B7(C)
|
:004405BC 52
:004405BD 8B8318010000
:004405C3 E8D06AFDFF
:004405C8 8B5338
:004405CB 2BD0
:004405CD D1FA
:004405CF 7903
:004405D1 83D200
|:004405CF(C)
|
:004405D4 52
:004405D5 8B8318010000
:004405DB E8B86AFDFF
:004405E0 8BC8
:004405E2 58
:004405E3 5A
:004405E4 E8CBBBFCFF
:004405E9 EB23
|:00440596(C)
|
:004405EB 8B8318010000
:004405F1 E8BA6AFDFF
:004405F6 50
:004405F7 56
:004405F8 8B8318010000
:004405FE E8956AFDFF
:00440603 8BC8

je 004405EB
call 004170B0
push eax
push esi
call 004170B0
sub edx, eax
sar edx, 1
jns 004405BC
adc edx, 00000000
push edx
call 00417098
sub edx, eax
sar edx, 1
jns 004405D4
adc edx, 00000000
push edx
call 00417098
mov ecx, eax
pop eax
pop edx
call 0040C1B4
jmp 0044060E

call 004170B0
push eax
push esi
call 00417098
mov ecx, eax
:00440605 33D2
:00440607 33C0
:00440609 E88ABBFCFF
xor edx, edx

xor eax, eax
call 0040C198

|:004405E9(U)
|
:0044060E 5E
pop esi
:0044060F 5B
pop ebx
:00440610 C3
ret
:00440611
:00440614
:00440615
:00440617
:0044061A
:0044061B
:0044061E
:00440621
:00440625
:00440627
:0044062A
:00440630
:00440633
:00440635
:0044063A
:0044063D
:0044063F
:00440644
:00440647
:0044064A
:0044064B
:0044064E
:00440651
:00440652
:00440654
:00440656
:00440658
8D4000
55
8BEC
83C4E8
53
8945FC
8B45FC
F6402010
7436
8B45FC
8B9814010000
8B4310
B201
E84A3FFDFF
8B4314
B201
E86442FDFF
8B45FC
8B4038
50
8B45FC
8B403C
50
33C9
33D2
8BC3
E89B45FDFF

push ebp
mov ebp, esp
add esp, FFFFFFE8
push ebx
test [eax+20], 10
je 0044065D
mov dl, 01
call 00414584
mov dl, 01
call 004148A8
push eax
push eax
xor ecx, ecx
xor edx, edx
mov eax, ebx
call 00414BF8
|:00440625(C)
|
:0044065D 8B45FC
:00440660 8A8028010000
:00440666 8845FB
:00440669 8B45FC
:0044066C C6802801000001
:00440673 33C0
:00440675 55
:00440676 68C5064400
:0044067B 64FF30
:0044067E 648920
:00440681 8B45FC
:00440684 8B9814010000
:0044068A 8D55E8
:0044068D 8B45FC
:00440690 E8DFFEFFFF
:00440695 8D55E8
:00440698 8B45FC

xor eax, eax
push ebp
push 004406C5
call 00440574
:0044069B
:004406A1
:004406A4
:004406A6
:004406AB
:004406AD
:004406AE
:004406AF
:004406B0
:004406B3
8B8018010000
8B4804
8BC3
E89545FDFF
33C0
5A
59
59
648910
68CC064400

mov eax, ebx
call 00414C40
xor eax, eax
pop edx
pop ecx
pop ecx
push 004406CC
|:004406CA(U)
|
:004406B8 8B45FC
:004406BB 8A55FB
:004406BE 889028010000
:004406C4 C3
:004406C5
:004406CA
:004406CC
:004406CD
:004406CF
:004406D0
jmp
jmp
pop
mov
pop
ret
E9AE2BFCFF
EBEC
5B
8BE5
5D
C3
:004406D1 8D4000

ret
00403278
004406B8
ebx
esp, ebp
ebp

|:00440787 , :00440908
|
:004406D4 53
push ebx
:004406D5 56
push esi
:004406D6 57
push edi
:004406D7 55
push ebp
:004406D8 8BE8
mov ebp, eax
:004406DA 33DB
xor ebx, ebx
:004406DC 8B8518010000
:004406E2 8B7004
:004406E5 807D4700
:004406E9 7479
je 00440764
:004406EB F6452001
test [ebp+20], 01
:004406EF 7573
jne 00440764
:004406F1 85F6
test esi, esi
:004406F3 746F
je 00440764
:004406F5 807E1600
:004406F9 7469
je 00440764
:004406FB 8BC6
mov eax, esi
:004406FD 8B10
:004406FF FF5224
call [edx+24]
:00440702 85C0
test eax, eax
:00440704 7506
jne 0044070C
:00440706 C6461600
mov [esi+16], 00
:0044070A EB58
jmp 00440764
|:00440704(C)
|
:0044070C
:0044070E
:00440713
:00440715
:00440717
:00440719
:00440720
:00440722
:00440724
:00440729
:0044072B
:0044072D
:00440734
:00440736
:00440738
:0044073A
:0044073F
:00440741
:00440746
8BC5
E8FD64FFFF
8BF8
85FF
744B
80BF0E02000000
7442
8BC7
E8B78BFEFF
84C0
7437
80BD2801000000
7412
6A00
33C9
BA0F030000
8BC7
E84E3AFEFF
EB16
|:00440734(C)
|
:00440748 6A00
:0044074A 6A00
:0044074C 680F030000
:00440751 8BC7
:00440753 E8A887FEFF
:00440758 50
mov eax, ebp

call 00436C10
mov edi, eax
test edi, edi
je 00440764
cmp byte ptr [edi+0000020E], 00
je 00440764
mov eax, edi
call 004292E0
test al, al
je 00440764
je 00440748
push 00000000
xor ecx, ecx
mov edx, 0000030F
mov eax, edi
call 00424194
jmp 0044075E
push 00000000
push 00000000
push 0000030F
mov eax, edi
call 00428F00
push eax

|
:00440759 E8CA5BFCFF
Call 00406328
|:00440746(U)
|
:0044075E B301
mov bl, 01
:00440760 C6461600
mov [esi+16], 00
|:004406E9(C), :004406EF(C), :004406F3(C), :004406F9(C), :0044070A(U)
|:00440717(C), :00440720(C), :0044072B(C)
|
:00440764 8BC3
mov eax, ebx
:00440766 5D
pop ebp
:00440767 5F
pop edi
:00440768 5E
pop esi
:00440769 5B
pop ebx
:0044076A C3
ret
:0044076B
:0044076C
:0044076D
:0044076F
:00440770
:00440771
:00440772
:00440773
90
55
8BEC
51
53
56
57
884DFF
nop
push ebp
mov ebp, esp
push ecx
push ebx
push esi
push edi
:00440776
:00440778
:0044077A
:0044077D
:00440783
:00440785
:00440787
:0044078C
:0044078E
:00440790
:00440792
:00440794
:0044079A
8BFA
8BF0
8B5D10
849E26010000
7421
8BC6
E848FFFFFF
84C0
740C
8BC6
8B10
FF9284000000
EB0A
mov edi, edx

mov esi, eax
test byte ptr [esi+00000126], bl
je 004407A6
mov eax, esi
call 004406D4
test al, al
je 0044079C
mov eax, esi
jmp 004407A6
|:0044078E(C)
|
:0044079C 8BC6
:0044079E 8B10
:004407A0 FF9288000000
|:00440783(C), :0044079A(U)
|
:004407A6 6683BE1E01000000
:004407AE 741E
:004407B0 8A4514
:004407B3 50
:004407B4 53
:004407B5 8B450C
:004407B8 50
:004407B9 8B4508
:004407BC 50
:004407BD 8A4DFF
:004407C0 8BD7
:004407C2 8B8620010000
:004407C8 FF961C010000
mov eax, esi

cmp word ptr [esi+0000011E], 0000

je 004407CE
push eax
push ebx
push eax
push eax
mov edx, edi
call dword ptr [esi+0000011C]

|:004407AE(C)
|
:004407CE 5F
pop edi
:004407CF 5E
pop esi
:004407D0 5B
pop ebx
:004407D1 59
pop ecx
:004407D2 5D
pop ebp
:004407D3 C21000
ret 0010
:004407D6
:004407D8
:004407DE
:004407E0
:004407E6
:004407E8
8BC0
3A9025010000
740D
889025010000
8BD0
E843000000
mov eax, eax

je 004407ED
mov edx, eax
call 00440830

|:004407DE(C)
|
:004407ED C3
ret
:004407EE
:004407F0
:004407F1
:004407F3
:004407F9
:004407FB
:004407FE
:004407FF
8BC0
56
8BF0
8B8618010000
8B08
FF5108
5E
C3
mov eax, eax

push esi
mov esi, eax
call [ecx+08]
pop esi
ret
:00440800
:00440806
:00440808
:0044080E
:00440810
3A9024010000
740D
889024010000
8BD0
E81B000000

je 00440815
mov edx, eax
call 00440830
|:00440806(C)
|
:00440815 C3
:00440816 8BC0
:00440818 3A9027010000
:0044081E 740D
:00440820 889027010000
:00440826 8BD0
:00440828 E803000000

ret
mov eax, eax
je 0044082D
mov edx, eax
call 00440830

|:0044081E(C)
|
:0044082D C3
ret
:0044082E 8BC0
mov eax, eax
|:004407E8 , :00440810 , :00440828
|
:00440830 53
push ebx
:00440831 56
push esi
:00440832 8BD8
mov ebx, eax
:00440834 807B4C00
:00440838 7446
je 00440880
:0044083A 8B8318010000
:00440840 E85368FDFF
call 00417098
:00440845 85C0
test eax, eax
:00440847 7E37
jle 00440880
:00440849 8B8318010000
:0044084F E85C68FDFF
call 004170B0
:00440854 85C0
test eax, eax
:00440856 7E28
jle 00440880
:00440858 8B8318010000
:0044085E E83568FDFF
call 00417098
:00440863 50
push eax
:00440864 8B8318010000
:0044086A E84168FDFF
call 004170B0
:0044086F 50
push eax
:00440870 8B4B34
:00440873 8B5330
:00440876 8BC3
mov eax, ebx
:00440878 8B30
:0044087A FF9680000000

|:00440838(C), :00440847(C), :00440856(C)
|
:00440880 8B8318010000
:00440886 8B7004
:00440889 85F6
test esi, esi
:0044088B 0F8495000000
je 00440926
:00440891 8BC6
mov eax, esi
:00440893 8B15D02F4100
:00440899 E8F224FCFF
call 00402D90
:0044089E 84C0
test al, al
:004408A0 751E
jne 004408C0
:004408A2 8BC6
mov eax, esi
:004408A4 8B154C324100
:004408AA E8E124FCFF
call 00402D90
:004408AF 84C0
test al, al
:004408B1 750D
jne 004408C0
:004408B3 8A9327010000
:004408B9 8BC6
mov eax, esi
:004408BB 8B08
:004408BD FF513C
call [ecx+3C]
|:004408A0(C), :004408B1(C)
|
:004408C0 8BC6
:004408C2 8B10
:004408C4 FF5228
:004408C7 84C0
:004408C9 752E
:004408CB 80BB2401000000
:004408D2 7518
:004408D4 8BC6
:004408D6 8B10
:004408D8 FF522C
:004408DB 3B4338
:004408DE 7C19
:004408E0 8BC6
:004408E2 8B10
:004408E4 FF5220
:004408E7 3B433C
:004408EA 7C0D
|:004408D2(C)
|
:004408EC A148094400
:004408F1 0B4340
:004408F4 894340
:004408F7 EB0D
mov eax, esi

call [edx+28]
test al, al
jne 004408F9
jne 004408EC
mov eax, esi
call [edx+2C]
jl 004408F9
mov eax, esi
call [edx+20]
jl 004408F9

jmp 00440906

|:004408C9(C), :004408DE(C), :004408EA(C)
|
:004408F9 A148094400
:004408FE F7D0
not eax
:00440900 234340
and eax, dword ptr [ebx+40]
:00440903 894340
|:004408F7(U)
|
:00440906 8BC3
:00440908 E8C7FDFFFF
:0044090D 84C0
:0044090F 7422
:00440911 80BB2801000000
:00440918 7419
:0044091A 8BC3
:0044091C 8B10
:0044091E FF9284000000
:00440924 EB0D
|:0044088B(C)
|
:00440926 A148094400
:0044092B F7D0
:0044092D 234340
:00440930 894340
mov eax, ebx

call 004406D4
test al, al
je 00440933
je 00440933
mov eax, ebx
jmp 00440933
mov
not
and
mov

eax

|:0044090F(C), :00440918(C), :00440924(U)
|
:00440933 80BB2801000000
:0044093A 7507
jne 00440943
:0044093C 8BC3
mov eax, ebx
:0044093E 8B10
:00440940 FF5278
call [edx+78]
|:0044093A(C)
|
:00440943 5E
pop esi
:00440944 5B
pop ebx
:00440945 C3
ret
:00440946 0000
BYTE 2 DUP(0)
:00440948 40
:00440949 000000
inc eax
BYTE 3 DUP(0)
:0044094C
:0044094D
:0044094E
:0044094F
:00440950
:00440952
:00440954
:00440956
:00440958
:0044095C
:0044095E
:00440964
:00440969
:0044096B
push ebx
push esi
push edi
push ebp
mov ebp, ecx
mov edi, edx
mov esi, eax
mov bl, 01
test [esi+20], 10
je 0044097C
call 00417098
test eax, eax
jle 004409AB
53
56
57
55
8BE9
8BFA
8BF0
B301
F6462010
741E
8B8618010000
E82F67FDFF
85C0
7E3E
:0044096D
:00440973
:00440978
:0044097A
8B8618010000
E83867FDFF
85C0
7E2F

call 004170B0
test eax, eax
jle 004409AB

|:0044095C(C)
|
:0044097C 8A464B
:0044097F 84C0
test al, al
:00440981 7406
je 00440989
:00440983 04FD
add al, FD
:00440985 2C02
sub al, 02
:00440987 730D
jnb 00440996
|:00440981(C)
|
:00440989 8B8618010000
:0044098F E80467FDFF
:00440994 8907
|:00440987(C)
|
:00440996 8A464B
:00440999 2C03
:0044099B 730E
:0044099D 8B8618010000
:004409A3 E80867FDFF
:004409A8 894500

call 00417098

sub al, 03
jnb 004409AB
call 004170B0

|:0044096B(C), :0044097A(C), :0044099B(C)
|
:004409AB 8BC3
mov eax, ebx
:004409AD 5D
pop ebp
:004409AE 5F
pop edi
:004409AF 5E
pop esi
:004409B0 5B
pop ebx
:004409B1 C3
ret
:004409B2
:004409B4
:004409B5
:004409B7
:004409B9
:004409BA
:004409BF
:004409C2
:004409C5
:004409CB
:004409CD
:004409CE
:004409CF
:004409D0
:004409D3
8BC0
55
8BEC
33C0
55
68D9094400
64FF30
648920
FF05EC374400
33C0
5A
59
59
648910
68E0094400
mov eax, eax

push ebp
mov ebp, esp
xor eax, eax
push ebp
push 004409D9
inc dword ptr [004437EC]
xor eax, eax
pop edx
pop ecx
pop ecx
push 004409E0
|:004409DE(U)
|
:004409D8 C3
:004409D9 E99A28FCFF
:004409DE EBF8
:004409E0 5D
:004409E1 C3
ret
jmp 00403278
jmp 004409D8
pop ebp
ret
:004409E2 8BC0
:004409E4 832DEC37440001
:004409EB C3
mov eax, eax

sub dword ptr [004437EC], 00000001
ret
:004409EC
:004409ED
:004409EF
:004409F1
:004409F2
:004409F7
:004409FA
:004409FD
:00440A03
:00440A05
:00440A06
:00440A07
:00440A08
:00440A0B
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 00440A11
xor eax, eax
pop edx
pop ecx
pop ecx
push 00440A18
55
8BEC
33C0
55
68110A4400
64FF30
648920
FF05F0374400
33C0
5A
59
59
648910
68180A4400
|:00440A16(U)
|
:00440A10 C3
:00440A11 E96228FCFF
:00440A16 EBF8
:00440A18 5D
:00440A19 C3
:00440A1A 8BC0
:00440A1C 832DF037440001
:00440A23 C3
mov eax, eax

sub dword ptr [004437F0], 00000001
ret
ret
jmp 00403278
jmp 00440A10
pop ebp
ret

|:00440F43
|
:00440A24 3BD0
cmp edx, eax
:00440A26 7C02
jl 00440A2A
:00440A28 8BC2
mov eax, edx
|:00440A26(C)
|
:00440A2A C3
ret
:00440A2B 90
nop
|:00440D83
|
:00440A2C
:00440A2D
:00440A2E
:00440A31
:00440A33
:00440A35
:00440A37
53
56
83C4CC
8BDA
8BF0
33C0
8BD4
push ebx
push esi
add esp,
mov ebx,
mov esi,
xor eax,
mov edx,
FFFFFFCC
edx
eax
eax
esp
|:00440A43(C)
|
:00440A39 8D4841
:00440A3C 880A
:00440A3E 40
:00440A3F 42
:00440A40 83F81A
:00440A43 75F4
:00440A45 33C0
:00440A47 8D54241A
|:00440A55(C)
|
:00440A4B 8D4861
:00440A4E 880A
:00440A50 40
:00440A51 42
:00440A52 83F81A
:00440A55 75F4
:00440A57 53
:00440A58 6A34
:00440A5A 8D442408
:00440A5E 50
:00440A5F 8BC6
:00440A61 E8FA43FDFF
:00440A66 50
lea
mov
inc
inc
cmp
jne
xor
lea

byte ptr [edx], cl
eax
edx
eax, 0000001A
00440A39
eax, eax
edx, dword ptr [esp+1A]
lea ecx, dword ptr [eax+61]

mov byte ptr [edx], cl
inc eax
inc edx
cmp eax, 0000001A
jne 00440A4B
push ebx
push 00000034
push eax
mov eax, esi
call 00414E60
push eax

|
:00440A67 E88454FCFF
Call 00405EF0
:00440A6C 8B03
:00440A6E B934000000
mov ecx, 00000034
:00440A73 99
cdq
:00440A74 F7F9
idiv ecx
:00440A76 8903
:00440A78 83C434
add esp, 00000034
:00440A7B 5E
pop esi
:00440A7C 5B
pop ebx
:00440A7D C3
ret
:00440A7E
:00440A80
:00440A81
:00440A85
8BC0
CC
0A440000
00000000000000000000
:00440A8F 00
mov eax, eax

int 03
or al, byte ptr [eax+eax]
BYTE 10 DUP(0)
BYTE 0
:00440A90
:00440A92
:00440A93
:00440A9D
B40B
44
00000000000000000000
000000
mov ah, 0B
inc esp
BYTE 10 DUP(0)
BYTE 3 DUP(0)
:00440AA0
:00440AA5
:00440AA7
:00440AA9
:00440AAA
:00440AAB
:00440AAE
:00440AAF
:00440AB2
:00440AB3
:00440AB7
:00440ABA
:00440ABB
:00440AC2
:00440AC3
:00440AC5
:00440AC8
:00440ACA
:00440ACB
:00440AD1
:00440AD4
:00440AD6
:00440AD7
:00440ADE
:00440ADF
:00440AE2
:00440AE3
:00440AE5
:00440AE6
:00440AE7
:00440AED
:00440AF0
:00440AF5
:00440AF8
:00440AFE
:00440AFF
:00440B01
:00440B02
:00440B03
:00440B05
:00440B0C
:00440B0E
:00440B0F
:00440B12
:00440B13
:00440B15
:00440B18
:00440B1D
:00440B22
:00440B23
:00440B26
:00440B27
:00440B2A
A00B4400C4
0200
0018
53
43
00681C
41
000C82
43
004C8343
003C2E
40
0024A54300B42B
40
00C8
2B4000
B083
43
00B89A42005C
884300
08D2
40
001C8543005485
43
004886
43
0028
2F
42
00801C410068
8E4300
BC184100B0
C54300
848043008C91
42
00C0
95
42
00E8
9A4200149A4200
A88F
42
00488B
43
00DC
8C4200
B8254200BC
2542003C8C
43
002C51
42
001427
42
mov al, byte ptr [C400440B]

push ebx
inc ebx
inc ecx
add byte ptr [edx+4*eax], cl
inc ebx
add byte ptr [ebx+4*eax+43], cl
inc eax
inc eax
add al, cl
mov al, 83
inc ebx
or dl, dl
inc eax
inc ebx
inc ebx
das
inc edx
mov es, [ebx+00]
mov esp, B0004118
inc edx
add al, al
xchg eax,ebp
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
inc ebx
add ah, bl
mov [edx+00], es
mov eax, BC004225
and eax, 8C3C0042
inc ebx
inc edx
inc edx
:00440B2B
:00440B2D
:00440B30
:00440B36
:00440B37
:00440B39
:00440B3C
:00440B3D
:00440B40
:00440B42
:00440B43
:00440B47
:00440B49
:00440B4C
:00440B4E
:00440B4F
:00440B51
:00440B54
:00440B56
:00440B57
:00440B5A
:00440B5B
:00440B5D
00D8
304200
308E4300FC8C
43
0038
324200
EC
8E4300
B051
42
00748D42
00F0
8D4200
1C89
42
00D4
8D4200
747E
43
006895
43
00C4
65
add al, bl
xor byte ptr [esi+8CFC0043], cl
inc ebx
in al, dx
mov es, [ebx+00]
mov al, 51
inc edx
add byte ptr [ebp+4*ecx+42], dh
add al, dh
sbb al, 89
inc edx
add ah, dl
je 00440BD4
inc ebx
add byte ptr [eax-6B], ch
inc ebx
add ah, al
BYTE 065h
:00440B5E
:00440B5F
:00440B65
:00440B6A
:00440B6B
:00440B6D
:00440B6E
:00440B6F
:00440B71
42
00A0A04300E0
A34300A0A2
43
00E0
A4
43
00C8
64
inc edx
inc ebx
add al, ah
movsb
inc ebx
add al, cl
BYTE 064h
:00440B72
:00440B73
:00440B76
:00440B77
:00440B79
:00440B7A
:00440B7B
:00440B82
:00440B83
:00440B85
:00440B87
:00440B89
42
00148F
42
00C8
AB
43
008C8B420090BE
43
00D8
7843
0038
C24300
inc edx
inc edx
add al, cl
stosd
inc ebx
inc ebx
add al, bl
js 00440BCA
ret 0043
:00440B8C
:00440B8E
:00440B8F
:00440B93
:00440B9A
:00440B9B
:00440B9E
:00440B9F
:00440BA2
:00440BA3
1C82
43
0064BD43
00ACA6430028BF
43
002C8E
43
000C54
4D
65
sbb al, 82
inc ebx
add byte ptr
add byte ptr
inc ebx
add byte ptr
inc ebx
add byte ptr
dec ebp
BYTE 065h
[ebp+4*edi+43], ah
[esi-40D7FFBD], ch
[esi+4*ecx], ch
[esp+2*edx], cl
:00440BA4
:00440BA6
:00440BA7
:00440BA8
7373
61
67
65
jnb 00440C19
popad
BYTE 067h
BYTE 065h
:00440BA9
:00440BAA
:00440BAB
:00440BAD
:00440BB0
:00440BB2
:00440BB3
:00440BB5
:00440BB7
:00440BB8
46
6F
726D
8D4000
B40B
44
0007
0C54
4D
65
inc esi
outsd
jb 00440C1A
mov ah, 0B
inc esp
or al, 54
dec ebp
BYTE 065h
:00440BB9
:00440BBB
:00440BBC
:00440BBD
7373
61
67
65
jnb 00440C2E
popad
BYTE 067h
BYTE 065h
:00440BBE
:00440BBF
:00440BC0
:00440BC2
:00440BC3
:00440BC7
:00440BC8
:00440BC9
:00440BCC
:00440BCD
:00440BCE
:00440BD5
:00440BD6
:00440BD7
46
6F
726D
CC
0A440040
54
43
005500
07
44
69616C6F677300
00
8B
C0
inc esi
outsd
jb 00440C2F
int 03
or al, byte ptr [eax+eax+40]
push esp
inc ebx
add byte ptr [ebp+00], dl
pop es
inc esp
imul esp, dword ptr [ecx+6C], 0073676F
BYTE 00h
BYTE 8bh
BYTE c0h

|:00440D41
|
:00440BD8 55
push ebp
:00440BD9 8BEC
mov ebp, esp
:00440BDB 81C4ACFEFFFF
add esp, FFFFFEAC
:00440BE1 53
push ebx
:00440BE2 56
push esi
:00440BE3 84D2
test dl, dl
:00440BE5 7408
je 00440BEF
:00440BE7 83C4F0
add esp, FFFFFFF0
:00440BEA E81523FCFF
call 00402F04
|:00440BE5(C)
|
:00440BEF 8BDA
mov ebx, edx
:00440BF1 8BF0
mov esi, eax
:00440BF3
:00440BF5
:00440BF7
:00440BF9
:00440BFE
:00440C08
:00440C0A
:00440C10
:00440C11
:00440C13
6A00
33D2
8BC6
E81E76FFFF
C785ACFEFFFF54010000
6A00
8D85ACFEFFFF
50
6A00
6A29
push 00000000
xor edx, edx
mov eax, esi
call 0043821C
push 00000000
push eax
push 00000000
push 00000029

|
:00440C15 E82E58FCFF
Call 00406448
|:00440BAB(C)
|
:00440C1A 85C0
test eax, eax
:00440C1C 7413
je 00440C31
:00440C1E 8D45C4
:00440C21 50
push eax
|
:00440C22 E8E951FCFF
Call 00405E10
:00440C27 8BD0
mov edx, eax
:00440C29 8B4658
:00440C2C E84735FDFF
call 00414178
:00440C31 8BC6
mov eax, esi
:00440C33 84DB
test bl, bl
:00440C35 740F
je 00440C46
:00440C37 E82023FCFF
call 00402F5C
:00440C3C 648F0500000000
:00440C43 83C40C
add esp, 0000000C
|:00440C35(C)
|
:00440C46 8BC6
mov eax, esi
:00440C48 5E
pop esi
:00440C49 5B
pop ebx
:00440C4A 8BE5
mov esp, ebp
:00440C4C 5D
pop ebp
:00440C4D C3
ret
:00440C4E
:00440C50
:00440C56
:00440C58
:00440C5E
:00440C5F
:00440C64
8BC0
8B15302C4400
8B12
8B8044010000
92
E8ECE5FFFF
C3
:00440C65 8D4000
:00440C68 FFFFFFFF
mov eax, eax

xchg eax,edx
call 0043F250
ret
BYTE 4 DUP(0ffh)
:00440C6C
:00440C6E
:00440C70
:00440C71
0300
0000
59
65

pop ecx
BYTE 065h
:00440C72 7300
jnb 00440C74
|:00440C72(C)
|
:00440C74 FFFFFFFF
:00440C78 0200
:00440C7A 0000
:00440C7C 4E
:00440C7D 6F
:00440C7E 0000
:00440C80 FFFFFFFF
:00440C84
:00440C86
:00440C88
:00440C89
:00440C8A
:00440C8C

dec edi
dec ebx
BYTE 4 DUP(0ffh)
0200
0000
4F
4B
0000
FFFFFFFF
BYTE 4 DUP(0ffh)
dec esi
outsd
BYTE 4 DUP(0ffh)
:00440C90 06
:00440C91 000000
push es
BYTE 3 DUP(0)
:00440C94
:00440C95
:00440C96
:00440C97
:00440C9A
:00440C9C
inc ebx
popad
outsb
arpl dword ptr [ebp+6C], esp
BYTE 4 DUP(0ffh)
43
61
6E
63656C
0000
FFFFFFFF
:00440CA0 0500000041
:00440CA5 626F72
:00440CA8 7400
add eax, 41000000

bound ebp, dword ptr [edi+72]
je 00440CAA

|:00440CA8(C)
|
:00440CAA 0000
:00440CAC FFFFFFFF
BYTE 4 DUP(0ffh)
:00440CB0 0500000052
:00440CB5 65
add eax, 52000000

BYTE 065h
:00440CB6 7472
:00440CB8 7900
je 00440D2A
jns 00440CBA

|:00440CB8(C)
|
:00440CBA 0000
:00440CBC FFFFFFFF

BYTE 4 DUP(0ffh)
:00440CC0 06
:00440CC1 000000
push es
BYTE 3 DUP(0)
:00440CC4
:00440CC5
:00440CC7
:00440CC8
:00440CCA
:00440CCC
49
676E
6F
7265
0000
FFFFFFFF
dec ecx
outsb
outsd
jb 00440D2F
BYTE 4 DUP(0ffh)
:00440CD0
:00440CD2
:00440CD4
:00440CD5
:00440CD6
:00440CD7
:00440CD9
0300
0000
41
6C
6C
00FF
FFFFFF

inc ecx
insb
insb
add bh, bh
BYTE 3 DUP(0ffh)
:00440CDC 07
:00440CDD 000000
pop es
BYTE 3 DUP(0)
:00440CE0
:00440CE1
:00440CE2
:00440CE3
:00440CE4
:00440CE5
:00440CE6
:00440CE7
:00440CE9
4E
6F
54
6F
41
6C
6C
00FF
FFFFFF
dec esi
outsd
push esp
outsd
inc ecx
insb
insb
add bh, bh
BYTE 3 DUP(0ffh)
:00440CEC
:00440CEE
:00440CF0
:00440CF1
0800
0000
59
65

pop ecx
BYTE 065h
:00440CF2
:00440CF4
:00440CF5
:00440CF6
:00440CF7
:00440CF8
7354
6F
41
6C
6C
00000000
jnb 00440D48
outsd
inc ecx
insb
insb
BYTE 4 DUP(0)
:00440CFC FFFFFFFF
BYTE 4 DUP(0ffh)
:00440D00 0400
:00440D02 0000
add al, 00
:00440D04 48
:00440D05 65
dec eax
BYTE 065h
:00440D06 6C
:00440D07 7000
insb
jo 00440D09

|:00440D07(C)
|
:00440D09 000000
BYTE 3 DUP(0)
|:004412B4
|
:00440D0C 55
push ebp
:00440D0D 8BEC
mov ebp, esp
:00440D0F 83C49C
add esp, FFFFFF9C
:00440D12 53
push ebx
:00440D13 56
push esi
:00440D14 57
push edi
:00440D15 33DB
xor ebx, ebx
:00440D17 895D9C
:00440D1A 66894DF9
mov word ptr [ebp-07], cx
:00440D1E 8855FB
:00440D21 8945FC
:00440D24 33C0
xor eax, eax
:00440D26 55
push ebp
:00440D27 6845124400
push 00441245
:00440D2C 64FF30
|:00440CC8(C)
|
:00440D2F 648920
:00440D32 8B0D302C4400
:00440D38 8B09
:00440D3A B201
:00440D3C A1800A4400
:00440D46 8945F4
:00440D49 A1302C4400
:00440D4E 8B00
:00440D50 8A5028
:00440D53 8B45F4
:00440D56 8B08
:00440D58 FF516C
:00440D5B B203
:00440D5D 8B45F4
:00440D60 E88B89FFFF
:00440D65 8B45F4
:00440D68 E8878BFFFF
:00440D6D 8B55F4
:00440D70 8B5258
:00440D73 E80840FDFF
:00440D78 8B45F4
:00440D7B E8748BFFFF
:00440D80 8D55EC
:00440D83 E8A4FCFFFF
:00440D88 6A04

mov ecx, dword ptr [00442C30]
mov dl, 01
call 00440BD8
call [ecx+6C]
mov dl, 03
call 004396F0
call 004398F4
call 00414D80
call 004398F4
call 00440A2C
push 00000004
:00440D8A 8B5DEC
:00440D8D 53
:00440D8E 6A08

push ebx
push 00000008

|
:00440D90 E8CB4FFCFF
Call 00405D60
:00440D95 8945E8
:00440D98 6A08
push 00000008
:00440D9A 8B75F0
:00440D9D 56
push esi
:00440D9E 6A08
push 00000008
|
:00440DA0 E8BB4FFCFF
Call 00405D60
:00440DA5 8945E4
:00440DA8 6A04
push 00000004
:00440DAA 53
push ebx
:00440DAB 6A0A
push 0000000A
|
:00440DAD E8AE4FFCFF
Call 00405D60
:00440DB2 8945E0
:00440DB5 6A08
push 00000008
:00440DB7 56
push esi
:00440DB8 6A0A
push 0000000A
|
:00440DBA E8A14FFCFF
Call 00405D60
:00440DBF 8945DC
:00440DC2 6A04
push 00000004
:00440DC4 53
push ebx
:00440DC5 6A32
push 00000032
|
:00440DC7 E8944FFCFF
Call 00405D60
:00440DCC 8945D8
:00440DCF 33DB
xor ebx, ebx
:00440DD1 BE00384400
mov esi, 00443800
:00440DD6 C745B4B8294400
mov [ebp-4C], 004429B8
|:00440E5F(C)
|
:00440DDD 8BC3
:00440DDF 3C0F
:00440DE1 7707
:00440DE3 83E07F
:00440DE6 0FA345F9

mov eax, ebx
cmp al, 0F
ja 00440DEA
and eax, 0000007F
bt dword ptr [ebp-07], eax

|:00440DE1(C)
|
:00440DEA 7368
jnb 00440E54
:00440DEC 833E00
:00440DEF 7559
jne 00440E4A
:00440DF1
:00440DF3
:00440DF6
:00440DF7
:00440DF9
:00440DFB
:00440DFD
:00440E02
:00440E05
:00440E0A
:00440E0F
:00440E10
:00440E13
:00440E14
:00440E16
:00440E19
:00440E1C
:00440E1E
:00440E23
:00440E26
:00440E2B
:00440E2C
:00440E2F
:00440E34
:00440E39
6A00
8D45A0
50
33C9
33D2
33C0
E896B3FCFF
8B45F4
E88A43FEFF
0D20040000
50
8D45A0
50
6AFF
8D559C
8B45B4
8B00
E80140FCFF
8B459C
E8CD2DFCFF
50
8B45F4
E8C08AFFFF
E82740FDFF
50
push 00000000
lea eax, dword ptr
push eax
xor ecx, ecx
xor edx, edx
xor eax, eax
call 0040C198
mov eax, dword ptr
call 00425194
or eax, 00000420
push eax
lea eax, dword ptr
push eax
push FFFFFFFF
lea edx, dword ptr
mov eax, dword ptr
mov eax, dword ptr
call 00404E24
mov eax, dword ptr
call 00403BF8
push eax
mov eax, dword ptr
call 004398F4
call 00414E60
push eax
[ebp-60]
[ebp-0C]
[ebp-60]
[ebp-64]
[ebp-4C]
[eax]
[ebp-64]
[ebp-0C]

|
:00440E3A E87952FCFF
Call 004060B8
:00440E3F 8B45A8
:00440E42 2B45A0
:00440E45 83C008
add eax, 00000008
:00440E48 8906
|:00440DEF(C)
|
:00440E4A 8B06
:00440E4C 3B45D8
:00440E4F 7E03
jle 00440E54
:00440E51 8945D8
|:00440DEA(C), :00440E4F(C)
|
:00440E54 43
:00440E55 8345B404
:00440E59 83C604
:00440E5C 80FB0B
:00440E5F 0F8578FFFFFF
:00440E65 6A08
:00440E67 8B45F0
:00440E6A 50
:00440E6B 6A0E

inc ebx
add esi, 00000004
cmp bl, 0B
jne 00440DDD
push 00000008
push eax
push 0000000E

|
:00440E6D E8EE4EFCFF
Call 00405D60
:00440E72 8945D4
:00440E75 6A04
push 00000004
:00440E77 8B45EC
:00440E7A 50
:00440E7B 6A04

push eax
push 00000004

|
:00440E7D E8DE4EFCFF
Call 00405D60
:00440E82 8945D0
:00440E85 6A00
push 00000000
:00440E87 A1382D4400
:00440E8C 8B00
:00440E8E E82DBFFFFF
call 0043CDC0
:00440E93 D1F8
sar eax, 1
:00440E95 7903
jns 00440E9A
:00440E97 83D000
adc eax, 00000000
|:00440E95(C)
|
:00440E9A 50
push eax
:00440E9B 6A00
push 00000000
:00440E9D 6A00
push 00000000
:00440E9F 8D45A0
:00440EA2 50
push eax
|
:00440EA3 E82855FCFF
Call 004063D0
:00440EA8 8B45F4
mov eax, dword ptr
:00440EAB E8E442FEFF
call 00425194
:00440EB0 0D50040000
or eax, 00000450
:00440EB5 50
push eax
:00440EB6 8D45A0
lea eax, dword ptr
:00440EB9 50
push eax
:00440EBA 8B45FC
mov eax, dword ptr
:00440EBD E8722BFCFF
call 00403A34
:00440EC2 50
push eax
:00440EC3 8B45FC
mov eax, dword ptr
:00440EC6 E82D2DFCFF
call 00403BF8
:00440ECB 50
push eax
:00440ECC 8B45F4
mov eax, dword ptr
:00440ECF E8208AFFFF
call 004398F4
:00440ED4 E8873FFDFF
call 00414E60
:00440ED9 50
push eax
[ebp-0C]
[ebp-60]
[ebp-04]
[ebp-04]
[ebp-0C]

|
:00440EDA E8D951FCFF
Call 004060B8
:00440EDF 33C0
xor eax, eax
:00440EE1 8A45FB
:00440EE4 8B3C8578294400
mov edi, dword ptr [4*eax+00442978]
:00440EEB 8B45A8
:00440EEE 8945CC
:00440EF1 8B45AC
:00440EF4 8945C8
:00440EF7 85FF
test edi, edi
:00440EF9 7416
je 00440F11
:00440EFB 8B45E0
:00440EFE 83C020
add eax, 00000020
:00440F01 0145CC
:00440F04 837DC820
:00440F08 7D07
:00440F0A C745C820000000

jge 00440F11
mov [ebp-38], 00000020

|:00440EF9(C), :00440F08(C)
|
:00440F11 33C0
xor eax, eax
:00440F13 33DB
xor ebx, ebx
|:00440F2A(C)
|
:00440F15 8BD3
:00440F17 80FA0F
:00440F1A 7707
:00440F1C 83E27F
:00440F1F 0FA355F9

mov edx, ebx
cmp dl, 0F
ja 00440F23
and edx, 0000007F
bt dword ptr [ebp-07], edx

|:00440F1A(C)
|
:00440F23 7301
jnb 00440F26
:00440F25 40
inc eax
|:00440F23(C)
|
:00440F26 43
inc ebx
:00440F27 80FB0B
cmp bl, 0B
:00440F2A 75E9
jne 00440F15
:00440F2C 33F6
xor esi, esi
:00440F2E 85C0
test eax, eax
:00440F30 740C
je 00440F3E
:00440F32 8B75D8
:00440F35 0FAFF0
imul esi, eax
:00440F38 48
dec eax
:00440F39 F76DD0
imul [ebp-30]
:00440F3C 03F0
add esi, eax
|:00440F30(C)
|
:00440F3E 8BD6
:00440F40 8B45CC
:00440F43 E8DCFAFFFF
:00440F48 8BD0
:00440F4A 8B45E8
:00440F4D 03C0
:00440F4F 03D0
:00440F51 8B45F4
:00440F54 E8CB7DFFFF
:00440F59 8B55C8
:00440F5C 0355D4
:00440F5F 0355DC
:00440F62 8B45E4
:00440F65 03C0
:00440F67 03D0
:00440F69 8B45F4
:00440F6C E8E37DFFFF

mov edx, esi
mov eax, dword
call 00440A24
mov edx, eax
mov eax, dword
add eax, eax
add edx, eax
mov eax, dword
call 00438D24
mov edx, dword
add edx, dword
add edx, dword
mov eax, dword
add eax, eax
add edx, eax
mov eax, dword
call 00438D54
ptr [ebp-34]
ptr [ebp-18]
ptr [ebp-0C]
ptr
ptr
ptr
ptr
[ebp-38]
[ebp-2C]
[ebp-24]
[ebp-1C]
ptr [ebp-0C]
:00440F71
:00440F76
:00440F78
:00440F7D
:00440F7F
:00440F81
:00440F83
A1382D4400
8B00
E843BEFFFF
8BD0
D1FA
7903
83D200

call 0043CDC0
mov edx, eax
sar edx, 1
jns 00440F86
adc edx, 00000000

|:00440F81(C)
|
:00440F86 8B45F4
:00440F89 8B4038
:00440F8C D1F8
sar eax, 1
:00440F8E 7903
jns 00440F93
:00440F90 83D000
adc eax, 00000000
|:00440F8E(C)
|
:00440F93 2BD0
:00440F95 8B45F4
:00440F98 E8C319FEFF
:00440F9D A1382D4400
:00440FA2 8B00
:00440FA4 E80BBEFFFF
:00440FA9 8BD0
:00440FAB D1FA
:00440FAD 7903
:00440FAF 83D200

sub edx, eax
call 00422960
call 0043CDB4
mov edx, eax
sar edx, 1
jns 00440FB2
adc edx, 00000000

|:00440FAD(C)
|
:00440FB2 8B45F4
:00440FB5 8B403C
:00440FB8 D1F8
sar eax, 1
:00440FBA 7903
jns 00440FBF
:00440FBC 83D000
adc eax, 00000000
|:00440FBA(C)
|
:00440FBF 2BD0
:00440FC1 8B45F4
:00440FC4 E8BB19FEFF
:00440FC9 807DFB04
:00440FCD 7421
:00440FCF 8D559C
:00440FD2 33C0
:00440FD4 8A45FB
:00440FD7 8B048564294400
:00440FDE E8413EFCFF
:00440FE3 8B559C
:00440FE6 8B45F4
:00440FE9 E8E621FEFF
:00440FEE EB1A

sub edx, eax
call 00422984
je 00440FF0
xor eax, eax
call 00404E24
call 004231D4
jmp 0044100A

|:00440FCD(C)
|
:00440FF0
:00440FF3
:00440FF8
:00440FFA
:00440FFF
:00441002
:00441005
8D559C
A1302C4400
8B00
E829D9FFFF
8B559C
8B45F4
E8CA21FEFF
lea edx, dword

mov eax, dword
mov eax, dword
call 0043E928
mov edx, dword
mov eax, dword
call 004231D4
ptr [ebp-64]
ptr [00442C30]
ptr [eax]
ptr [ebp-64]
ptr [ebp-0C]

|:00440FEE(U)
|
:0044100A 85FF
test edi, edi
:0044100C 7455
je 00441063
:0044100E 8B4DF4
:00441011 B201
mov dl, 01
|
:00441013 A164FF4300
mov eax, dword ptr [0043FF64]
:00441018 E877F4FFFF
call 00440494
:0044101D 8BD8
mov ebx, eax
* Possible StringData Ref from Code Obj ->"Image"
|
:0044101F BA60124400
mov edx, 00441260
:00441024 8BC3
mov eax, ebx
:00441026 8B08
:00441028 FF5118
call [ecx+18]
:0044102B 8B55F4
:0044102E 8BC3
mov eax, ebx
:00441030 8B08
:00441032 FF5164
call [ecx+64]
:00441035 57
push edi
:00441036 6A00
push 00000000
|
:00441038 E8AB52FCFF
Call 004062E8
:0044103D 50
push eax
:0044103E 8B8318010000
mov eax, dword
:00441044 E8CF5CFDFF
call 00416D18
:00441049 5A
pop edx
:0044104A E84D94FDFF
call 0041A49C
:0044104F 6A20
push 00000020
:00441051 6A20
push 00000020
:00441053 8B4DE4
mov ecx, dword
:00441056 8B55E8
mov edx, dword
:00441059 8BC3
mov eax, ebx
:0044105B 8B18
mov ebx, dword
:0044105D FF9380000000
call dword ptr
ptr [ebx+00000118]
ptr [ebp-1C]
ptr [ebp-18]
ptr [eax]
[ebx+00000080]

|:0044100C(C)
|
:00441063 8B4DF4
:00441066 B201
mov dl, 01
|
:00441068 A120BA4100
:0044106D E87EC2FDFF
:00441072 8BF8

call 0041D2F0
mov edi, eax
* Possible StringData Ref from Code Obj ->"Message"

|
:00441074 BA70124400
mov edx, 00441270
:00441079 8BC7
mov eax, edi
:0044107B 8B08
:0044107D FF5118
call [ecx+18]
:00441080 8B55F4
:00441083 8BC7
mov eax, edi
:00441085 8B08
:00441087 FF5164
call [ecx+64]
:0044108A B201
mov dl, 01
:0044108C 8BC7
mov eax, edi
:0044108E E8F1C6FDFF
call 0041D784
:00441093 8B55FC
:00441096 8BC7
mov eax, edi
:00441098 E83721FEFF
call 004231D4
:0044109D 8D55A0
:004410A0 8BC7
mov eax, edi
:004410A2 E8D11AFEFF
call 00422B78
:004410A7 8B45F4
:004410AA 8A504F
:004410AD 8BC7
mov eax, edi
:004410AF 8B08
:004410B1 FF516C
call [ecx+6C]
:004410B4 8B45CC
:004410B7 2B45A8
:004410BA 0345E8
:004410BD 8945C0
:004410C0 8BC7
mov eax, edi
:004410C2 66BBCFFF
mov bx, FFCF
:004410C6 E8291DFCFF
call 00402DF4
:004410CB 84C0
test al, al
:004410CD 7411
je 004410E0
:004410CF 8B45F4
:004410D2 E8DD1AFEFF
call 00422BB4
:004410D7 2B45C0
:004410DA 2B4738
sub eax, dword ptr [edi+38]
:004410DD 8945C0
|:004410CD(C)
|
:004410E0 8B45A8
:004410E3 50
:004410E4 8B45AC
:004410E7 50
:004410E8 8B4DE4
:004410EB 8B55C0
:004410EE 8BC7
:004410F0 8B18
:004410F2 FF9380000000
:004410F8 F645F904
:004410FC 7406
:004410FE C645BF02
:00441102 EB10

push eax
push eax
mov eax, edi
test [ebp-07], 04
je 00441104
mov [ebp-41], 02
jmp 00441114
|:004410FC(C)
|
:00441104 F645F901
:00441108 7406
:0044110A C645BF00
:0044110E EB04

test [ebp-07], 01
je 00441110
mov [ebp-41], 00
jmp 00441114

|:00441108(C)
|
:00441110 C645BF05
mov [ebp-41], 05
|:00441102(U), :0044110E(U)
|
:00441114 F645F908
:00441118 7406
:0044111A C645BE03
:0044111E EB10
|:00441118(C)
|
:00441120 F645F902
:00441124 7406
:00441126 C645BE01
:0044112A EB04
test [ebp-07], 08
je 00441120
mov [ebp-42], 03
jmp 00441130
test [ebp-07], 02
je 0044112C
mov [ebp-42], 01
jmp 00441130

|:00441124(C)
|
:0044112C C645BE02
mov [ebp-42], 02
|:0044111E(U), :0044112A(U)
|
:00441130 8B45F4
:00441133 E87C1AFEFF
:00441138 2BC6
:0044113A D1F8
:0044113C 7903
:0044113E 83D000

call 00422BB4
sub eax, esi
sar eax, 1
jns 00441141
adc eax, 00000000

|:0044113C(C)
|
:00441141 8945C4
:00441144 33DB
xor ebx, ebx
* Possible StringData Ref from Data Obj ->"p"
|
:00441146 C745B48C294400
mov [ebp-4C], 0044298C
:0044114D BEB8294400
mov esi, 004429B8
:00441152 C745B0E4294400
mov [ebp-50], 004429E4
|:00441229(C)
|
:00441159 8BC3
mov eax, ebx
:0044115B
:0044115D
:0044115F
:00441162
3C0F
7707
83E07F
0FA345F9
cmp al, 0F
ja 00441166
and eax, 0000007F
bt dword ptr [ebp-07], eax
|:0044115D(C)
|
:00441166 0F83AE000000
:0044116C 8B4DF4
:0044116F B201
:00441171 A16CCC4100
:00441176 E84DD2FDFF
:0044117B 8945B8
:0044117E 8B45B4
:00441181 8B10
:00441183 8B45B8
:00441186 8B08
:00441188 FF5118
:0044118B 8B55F4
:0044118E 8B45B8
:00441191 8B08
:00441193 FF5164
:00441196 8D559C
:00441199 8B06
:0044119B E8843CFCFF
:004411A0 8B559C
:004411A3 8B45B8
:004411A6 E82920FEFF
:004411AB 8B45B0
:004411AE 8B00
:004411B0 8B55B8
:004411B3 8982F4010000
:004411B9 3A5DBF
:004411BC 750A
:004411BE B201
:004411C0 8B45B8
:004411C3 E8E0D2FDFF
|:004411BC(C)
|
:004411C8 3A5DBE
:004411CB 750A
:004411CD 8B45B8
:004411D0 C680F101000001
jnb 0044121A
mov dl, 01
mov eax, dword ptr [0041CC6C]
call 0041E3C8
call [ecx+18]
call [ecx+64]
call 00404E24
call 004231D4
mov dword ptr [edx+000001F4], eax
cmp bl, byte ptr [ebp-41]
jne 004411C8
mov dl, 01
call 0041E4A8
cmp
jne
mov
mov
bl, byte ptr [ebp-42]

004411D7
byte ptr [eax+000001F1], 01

|:004411CB(C)
|
:004411D7 8B45D8
:004411DA 50
push eax
:004411DB 8B45D4
:004411DE 50
push eax
:004411DF 8B4DC8
:004411E2 034DE4
add ecx, dword ptr [ebp-1C]
:004411E5 034DDC
add ecx, dword ptr [ebp-24]
:004411E8 8B55C4
:004411EB 8B45B8
:004411EE 8B38
:004411F0
:004411F6
:004411F9
:004411FC
:004411FF
:00441202
:00441204
:00441207
:0044120A
:00441210
FF9780000000
8B45D8
0345D0
0145C4
80FB0A
7516
8B45B8
8B55F4
899008010000
C78004010000500C4400

cmp bl, 0A
jne 0044121A
mov dword ptr [ebx+00000104], 00440C50
|:00441166(C), :00441202(C)
|
:0044121A 43
:0044121B 8345B004
:0044121F 83C604
:00441222 8345B404
:00441226 80FB0B
:00441229 0F852AFFFFFF
:0044122F 33C0
:00441231 5A
:00441232 59
:00441233 59
:00441234 648910
:00441237 684C124400
|:0044124A(U)
|
:0044123C 8D459C
:0044123F E87425FCFF
:00441244 C3
:00441245
:0044124A
:0044124C
:0044124F
:00441250
:00441251
:00441252
:00441254
:00441255
jmp
jmp
mov
pop
pop
pop
mov
pop
ret
E92E20FCFF
EBF0
8B45F4
5F
5E
5B
8BE5
5D
C3
inc ebx
add esi, 00000004
cmp bl, 0B
jne 00441159
xor eax, eax
pop edx
pop ecx
pop ecx
push 0044124C

call 004037B8
ret
00403278
0044123C
edi
esi
ebx
esp, ebp
ebp
:00441256 0000
BYTE 2 DUP(0)
:00441258 FFFFFFFF
BYTE 4 DUP(0ffh)
:0044125C
:00441261
:00441262
:00441263
:00441264
add eax, 49000000

insd
popad
BYTE 067h
BYTE 065h
0500000049
6D
61
67
65
:00441265 000000
BYTE 3 DUP(0)
:00441268 FFFFFFFF
BYTE 4 DUP(0ffh)
:0044126C 07
:0044126D 000000
pop es
BYTE 3 DUP(0)
:00441270 4D
:00441271 65
dec ebp
BYTE 065h
:00441272
:00441274
:00441275
:00441276
jnb 004412E7
popad
BYTE 065h
BYTE 0
7373
61
65
6500

|:00441771 , :00441788 , :00441814
|
:00441278 55
push ebp
:00441279 8BEC
mov ebp, esp
:0044127B 51
push ecx
:0044127C 66894DFE
:00441280 8B4D08
:00441283 51
push ecx
:00441284 6AFF
push FFFFFFFF
:00441286 6AFF
push FFFFFFFF
:00441288 6A00
push 00000000
:0044128A 668B4DFE
mov cx, word ptr [ebp-02]
:0044128E E805000000
call 00441298
:00441293 59
pop ecx
:00441294 5D
pop ebp
:00441295 C20400
ret 0004

|:0044128E
|
:00441298 55
push ebp
:00441299 8BEC
mov ebp, esp
:0044129B 83C4F4
add esp, FFFFFFF4
:0044129E 53
push ebx
:0044129F 56
push esi
:004412A0 66894DFD
:004412A4 8855FF
:004412A7 8B750C
:004412AA 8B5D10
:004412AD 668B4DFD
mov cx, word ptr [ebp-03]
:004412B1 8A55FF
:004412B4 E853FAFFFF
call 00440D0C
:004412B9 8945F4
:004412BC 33C0
xor eax, eax
:004412BE 55
push ebp
:004412BF 6838134400
push 00441338
:004412C4 64FF30
:004412C7
:004412CA
:004412CD
:004412D0
:004412D6
:004412D9
:004412DE
:004412E1
:004412E6
:004412E8
:004412EA
:004412EC
:004412EF
648920
8B45F4
8B5514
899044010000
8B45F4
051C020000
8B5508
E82625FCFF
85DB
7C0A
8BD3
8B45F4
E86C16FEFF

add eax, 0000021C
call 0040380C
test ebx, ebx
jl 004412F4
mov edx, ebx
call 00422960
|:004412E8(C)
|
:004412F4 85F6
:004412F6 7C0A
:004412F8 8BD6
:004412FA 8B45F4
:004412FD E88216FEFF
|:004412F6(C)
|
:00441302 85F6
:00441304 7D0E
:00441306 85DB
:00441308 7D0A
:0044130A B204
:0044130C 8B45F4
:0044130F E86889FFFF
|:00441304(C), :00441308(C)
|
:00441314 8B45F4
:00441317 8B10
:00441319 FF92CC000000
:0044131F 8945F8
:00441322 33C0
:00441324 5A
:00441325 59
:00441326 59
:00441327 648910
:0044132A 683F134400
|:0044133D(U)
|
:0044132F 8B45F4
:00441332 E8E918FCFF
:00441337 C3
:00441338
:0044133D
:0044133F
:00441342
jmp
jmp
mov
pop
E93B1FFCFF
EBF0
8B45F8
5E
test esi, esi

jl 00441302
mov edx, esi
call 00422984
test esi, esi

jge 00441314
test ebx, ebx
jge 00441314
mov dl, 04
call 00439C7C

call dword ptr [edx+000000CC]
xor eax, eax
pop edx
pop ecx
pop ecx
push 0044133F

call 00402C20
ret
00403278
0044132F
esi
:00441343
:00441344
:00441346
:00441347
5B
8BE5
5D
C21000
:0044134A 8BC0
pop
mov
pop
ret
ebx
esp, ebp
ebp
0010
mov eax, eax

|:0044150F
|
:0044134C 83C4D0
add esp, FFFFFFD0
* Possible StringData Ref from Code Obj ->"commdlg_help"
|
:0044134F 68B0134400
push 004413B0
|
:00441354 E8F74FFCFF
Call 00406350
:00441359 A3F8374400
* Possible StringData Ref from Code Obj ->"commdlg_FindReplace"
|
:0044135E 68C0134400
push 004413C0
|
:00441363 E8E84FFCFF
Call 00406350
:00441368 A3FC374400
:0044136D 6A01
push 00000001
:0044136F A1E02B4400
:00441374 8B00
:00441376 89442424
:0044137A C644242800
mov [esp+28], 00
|
:0044137F E81449FCFF
Call 00405C98
:00441384 8944242C
:00441388 C644243000
mov [esp+30], 00
:0044138D 8D4C2424
* Possible StringData Ref from Code Obj ->"WndProcPtr%.8X%.8X"
|
:00441391 BAD4134400
mov edx, 004413D4
:00441396 8D442404
:0044139A E8FD6BFCFF
call 00407F9C
:0044139F 50
push eax
|
:004413A0 E85349FCFF
Call 00405CF8
:004413A5 66A360294400
:004413AB 83C430
add esp, 00000030
:004413AE C3
ret
:004413AF 00
BYTE 0
:004413B0 636F6D
:004413B3 6D
:004413B4 64

insd
BYTE 064h
:004413B5
:004413B6
:004413B8
:004413BD
insb
pop edi
push 00706C65
BYTE 3 DUP(0)
6C
675F
68656C7000
000000
:004413C0 636F6D
:004413C3 6D
:004413C4 64

insd
BYTE 064h
:004413C5
:004413C6
:004413C8
:004413C9
:004413D0
:004413D1
:004413D4
:004413D5
:004413D6
6C
675F
46
696E645265706C
61
636500
57
6E
64
insb
pop edi
inc esi
popad
push edi
outsb
BYTE 064h
:004413D7
:004413D8
:004413DA
:004413DD
:004413DF
:004413E3
:004413E7
:004413E9
50
726F
635074
7225
2E385825
2E385800
000F
000000
push eax
jb 00441449
arpl dword ptr [eax+74], edx
jb 00441404
BYTE 3 DUP(0)
:004413EC E0294400
:004413F0 442A4400
DWORD 004429E0
DWORD 00442A44
:004413F4 00000000
BYTE 4 DUP(0)
:004413F8 DC294400
:004413FC 002C4400
DWORD 004429DC
DWORD 00442C00
:00441400 00000000
BYTE 4 DUP(0)

|:004413DD(C)
|
:00441404 D8294400
DWORD 004429D8
:00441408 282A4400
DWORD 00442A28
:0044140C 00000000
BYTE 4 DUP(0)
:00441410 D4294400
:00441414 D02C4400
DWORD 004429D4
DWORD 00442CD0
:00441418 00000000
BYTE 4 DUP(0)
:0044141C D0294400
:00441420 182C4400
DWORD 004429D0
DWORD 00442C18
:00441424 00000000
BYTE 4 DUP(0)
:00441428 CC294400
:0044142C C82B4400
DWORD 004429CC
DWORD 00442BC8
:00441430 00000000
BYTE 4 DUP(0)
:00441434 C8294400
:00441438 742C4400
DWORD 004429C8
DWORD 00442C74
:0044143C 00000000
BYTE 4 DUP(0)
:00441440 C4294400
:00441444 482B4400
DWORD 004429C4
DWORD 00442B48
:00441448 00000000
BYTE 4 DUP(0)
:0044144C C0294400
:00441450 D82B4400
DWORD 004429C0
DWORD 00442BD8
:00441454 00000000
BYTE 4 DUP(0)
:00441458 BC294400
:0044145C 642B4400
DWORD 004429BC
DWORD 00442B64
:00441460 00000000
BYTE 4 DUP(0)
:00441464 B8294400
:00441468 242D4400
DWORD 004429B8
DWORD 00442D24
:0044146C 00000000
BYTE 4 DUP(0)
:00441470 70294400
:00441474 7C2A4400
DWORD 00442970
DWORD 00442A7C
:00441478 00000000
BYTE 4 DUP(0)
:0044147C 6C294400
:00441480 B82C4400
DWORD 0044296C
DWORD 00442CB8
:00441484 00000000
BYTE 4 DUP(0)
:00441488 68294400
:0044148C F82C4400
DWORD 00442968
DWORD 00442CF8
:00441490 00000000
BYTE 4 DUP(0)
:00441494 64294400
:00441498 982B4400
DWORD 00442964
DWORD 00442B98
:0044149C 00000000
BYTE 4 DUP(0)
:004414A0
:004414A1
:004414A3
:004414A5
:004414A6
:004414AB
:004414AE
:004414B1
:004414B7
:004414B9
:004414C1
:004414C3
:004414C9
push ebp
mov ebp, esp
xor eax, eax
push ebp
push 004414F2
jne 004414E4
cmp word ptr [00442960], 0000
je 004414CF
mov ax, word ptr [00442960]
push eax
55
8BEC
33C0
55
68F2144400
64FF30
648920
FF05F4374400
752B
66833D6029440000
740C
66A160294400
50

|
:004414CA E83948FCFF
Call 00405D08

|:004414C1(C)
|
* Possible StringData Ref from Data Obj ->"p"
|
:004414CF B88C294400
mov eax, 0044298C
:004414D4 B90B000000
mov ecx, 0000000B
:004414D9 8B157C104000
:004414DF E8182BFCFF
call 00403FFC
|:004414B7(C)
|
:004414E4 33C0
:004414E6 5A
:004414E7 59
:004414E8 59
:004414E9 648910
:004414EC 68F9144400
|:004414F7(U)
|
:004414F1 C3
:004414F2 E9811DFCFF
:004414F7 EBF8
:004414F9 5D
:004414FA C3
:004414FB
:004414FC
:00441503
:00441505
:0044150A
:0044150F
nop
sub dword ptr [004437F4], 00000001
jnb 00441514
mov eax, 004413E8
call 004035E4
call 0044134C
90
832DF437440001
730F
B8E8134400
E8D520FCFF
E838FEFFFF
xor eax, eax

pop edx
pop ecx
pop ecx
push 004414F9
ret
jmp 00403278
jmp 004414F1
pop ebp
ret

|:00441503(C)
|
:00441514 C3
ret
:00441515 8D4000
:00441518 64
BYTE 064h
:00441519 1544000000
:0044151E 00000000000000000000
adc eax, 00000044

BYTE 10 DUP(0)
:00441528 D0164400
:0044152C 38164400
:00441530 8C164400
DWORD 004416D0
DWORD 00441638
DWORD 0044168C
:00441534 00000000
BYTE 4 DUP(0)
:00441538 B416
mov ah, 16
:0044153A
:0044153B
:0044153D
:0044153F
:00441541
:00441542
:00441543
:00441546
:00441547
:0044154A
:0044154B
:0044154F
:00441552
:00441553
:0044155A
:0044155B
:0044155D
:00441560
:00441562
:00441563
:00441569
:0044156C
:0044156E
:0044156F
:00441576
:00441577
:0044157A
:0044157B
:0044157D
:0044157E
:0044157F
:00441585
:00441588
:0044158D
:00441590
:00441596
:00441597
:00441599
:0044159A
:0044159B
:0044159D
:004415A4
:004415A6
:004415A7
:004415AA
:004415AB
:004415AD
:004415B0
:004415B5
:004415BA
:004415BB
:004415BE
:004415BF
:004415C2
:004415C3
:004415C5
:004415C8
:004415CE
:004415CF
:004415D1
44
00DC
0200
0018
53
43
00681C
41
000C82
43
004C8343
003C2E
40
0024A54300B42B
40
00C8
2B4000
B083
43
00B89A42005C
884300
08D2
40
001C8543005485
43
004886
43
0028
2F
42
00801C410068
8E4300
BC184100B0
C54300
848043008C91
42
00C0
95
42
00E8
9A4200149A4200
A88F
42
00488B
43
00DC
8C4200
B8254200BC
2542003C8C
43
002C51
42
001427
42
00D8
304200
308E4300FC8C
43
0038
324200
inc esp
add ah, bl
push ebx
inc ebx
inc ecx
inc ebx
add byte ptr [ebx+4*eax+43], cl
inc eax
inc eax
add al, cl
mov al, 83
inc ebx
or dl, dl
inc eax
inc ebx
inc ebx
das
inc edx
mov es, [ebx+00]
mov esp, B0004118
inc edx
add al, al
xchg eax,ebp
inc edx
add al, ch
call 0042:9A140042
test al, 8F
inc edx
inc ebx
add ah, bl
mov [edx+00], es
mov eax, BC004225
and eax, 8C3C0042
inc ebx
inc edx
inc edx
add al, bl
xor byte ptr [esi+8CFC0043], cl
inc ebx
:004415D4
:004415D5
:004415D8
:004415DA
:004415DB
:004415DF
:004415E1
:004415E4
:004415E6
:004415E7
:004415E9
:004415EC
:004415EE
:004415EF
:004415F2
:004415F3
:004415F5
EC
8E4300
B051
42
00748D42
00F0
8D4200
1C89
42
00D4
8D4200
747E
43
006895
43
00C4
65
in al, dx
mov es, [ebx+00]
mov al, 51
inc edx
add byte ptr [ebp+4*ecx+42], dh
add al, dh
sbb al, 89
inc edx
add ah, dl
je 0044166C
inc ebx
add byte ptr [eax-6B], ch
inc ebx
add ah, al
BYTE 065h
:004415F6
:004415F7
:004415FD
:00441602
:00441603
:00441605
:00441606
:00441607
:00441609
42
00A0A04300E0
A34300A0A2
43
00E0
A4
43
00C8
64
inc edx
inc ebx
add al, ah
movsb
inc ebx
add al, cl
BYTE 064h
:0044160A
:0044160B
:0044160E
:0044160F
:00441611
:00441612
:00441613
:0044161A
:0044161B
:0044161D
:0044161F
:00441621
42
00148F
42
00C8
AB
43
008C8B420090BE
43
00D8
7843
0038
C24300
inc edx
inc edx
add al, cl
stosd
inc ebx
inc ebx
add al, bl
js 00441662
ret 0043
:00441624
:00441626
:00441627
:0044162B
:00441632
:00441633
:00441636
:00441637
:00441639
:0044163F
:00441641
1C82
43
0064BD43
00ACA6430028BF
43
002C8E
43
0006
00BB164400C4
0200
000000
sbb al, 82
inc ebx
add byte ptr [ebp+4*edi+43], ah
add byte ptr [esi-40D7FFBD], ch
inc ebx
add byte ptr [esi+4*ecx], ch
inc ebx
add byte ptr [ebx+C4004416], bh
BYTE 3 DUP(0)
:00441644 0545646974
:00441649 31C8
:0044164B 0200
add eax, 74696445

xor eax, ecx
:0044164D 000000
BYTE 3 DUP(0)
:00441650
:00441655
:00441657
:00441659
:0044165B
:0044165D
:0044165E
:00441660
add eax, 74696445

xor cl, ah
inc edx
jne 004416D4
je 004416D1
0545646974
32CC
0200
0001
0007
42
7574
746F

|:0044161D(C)
|
:00441662 6E
outsb
:00441663 31D0
xor eax, edx
:00441665 0200
:00441667 0002
:00441669 0006
:0044166B 4C
dec esp
|:004415EC(C)
|
:0044166C 61
:0044166D 62656C
:00441670 31D4
:00441672 0200
:00441674 0002
:00441676 0006
:00441678 4C
:00441679 61
:0044167A 62656C
:0044167D 32D8
:0044167F 0200
:00441681 0001
:00441683 0007
:00441685 42
:00441686 7574
:00441688 746F
:0044168A 6E
:0044168B 3202
:0044168D 0013
:0044168F 00EC
:00441691 16
:00441692 44
:00441693 000C42
:00441696 7574
:00441698 746F
:0044169A 6E
:0044169B 31436C
:0044169E 69636B13000418
:004416A5 44
:004416A6 000C42
:004416A9 7574
:004416AB 746F
:004416AD 6E
:004416AE 32436C
:004416B1 69636B0654466F

popad
xor esp, edx
dec esp
popad
xor bl, al
inc edx
jne 004416FC
je 004416F9
outsb
xor al, byte ptr [edx]
add byte ptr [ebx], dl
add ah, ch
push ss
inc esp
jne 0044170C
je 00441709
outsb
xor dword ptr [ebx+6C], eax
imul esp, dword ptr [ebx+6B], 18040013
inc esp
jne 0044171F
je 0044171C
outsb
xor al, byte ptr [ebx+6C]
:004416B8
:004416BA
:004416BC
:004416BE
726D
3103
0028
C24100
jb 00441727
xor dword ptr [ebx], eax
ret 0041
:004416C1
:004416C2
:004416C3
:004416C4
:004416C6
:004416CB
:004416CD
:004416CE
:004416CF
6C
CC
41
0020
BA41008D40
00D0
16
44
0007
insb
int 03
inc ecx
mov edx, 408D0041
add al, dl
push ss
inc esp

|:00441660(C)
|
:004416D1 06
push es
:004416D2 54
push esp
:004416D3 46
inc esi
|:0044165E(C)
|
:004416D4 6F
:004416D5 726D
:004416D7 31641544
:004416DB 004054
:004416DE 43
:004416DF 005500
:004416E2 05556E6974
:004416E7 3100
:004416E9 008BC0558BEC
:004416EF 33C9
:004416F1 51
:004416F2 51
:004416F3 51
:004416F4 51
:004416F5 53
:004416F6 8BD8
:004416F8 33C0
:004416FA 55
:004416FB 68A8174400
:00441700 64FF30
:00441703 648920
:00441706 8D55FC
|:00441698(C)
|
:00441709 8B83C8020000
:0044170F E8901AFEFF
:00441714 8B45FC
:00441717 50
:00441718 8D55F4
:0044171B 8B83C4020000
:00441721 E87E1AFEFF
:00441726 FF75F4
outsd
jb 00441744
xor dword ptr [ebp+edx+44], esp
inc ebx
add byte ptr [ebp+00], dl
add eax, 74696E55
add byte ptr [ebx+EC8B55C0], cl
xor ecx, ecx
push ecx
push ecx
push ecx
push ecx
push ebx
mov ebx, eax
xor eax, eax
push ebp
push 004417A8
mov eax, dword

call 004231A4
mov eax, dword
push eax
lea edx, dword
mov eax, dword
call 004231A4
push [ebp-0C]
ptr [ebx+000002C8]
ptr [ebp-04]
ptr [ebp-0C]
ptr [ebx+000002C4]
:00441729
:0044172C
:00441732
:00441737
8D55F0
8B83C4020000
E86D1AFEFF
FF75F0

call 004231A4
push [ebp-10]
* Possible StringData Ref from Code Obj ->"625"

|
:0044173A 68BC174400
push 004417BC
:0044173F 68C8174400
push 004417C8
|:004416D5(C)
|
:00441744 68D4174400
:00441749 8D45F8
:0044174C BA05000000
:00441751 E89E23FCFF
:00441756 8B55F8
:00441759 58
:0044175A E8E523FCFF
:0044175F 7517
:00441761 6A00
:00441763 668B0DD8174400
:0044176A B202

push 004417D4
mov edx, 00000005
call 00403AF4
pop eax
call 00403B44
jne 00441778
push 00000000
mov cx, word ptr [004417D8]
mov dl, 02
* Possible StringData Ref from Code Obj ->"Right Code"

|
:0044176C B8E4174400
mov eax, 004417E4
:00441771 E802FBFFFF
call 00441278
:00441776 EB15
jmp 0044178D
|:0044175F(C)
|
:00441778 6A00
:0044177A 668B0DD8174400
:00441781 B201

push 00000000
mov cx, word ptr [004417D8]
mov dl, 01
* Possible StringData Ref from Code Obj ->"Wrong Code"

|
:00441783 B8F8174400
mov eax, 004417F8
:00441788 E8EBFAFFFF
call 00441278
|:00441776(U)
|
:0044178D 33C0
:0044178F 5A
:00441790 59
:00441791 59
:00441792 648910
:00441795 68AF174400
|:004417AD(U)
|
:0044179A 8D45F0
:0044179D BA04000000
:004417A2 E83520FCFF
:004417A7 C3
xor eax, eax

pop edx
pop ecx
pop ecx
push 004417AF

mov edx, 00000004
call 004037DC
ret
:004417A8
:004417AD
:004417AF
:004417B0
:004417B2
:004417B3
E9CB1AFCFF
EBEB
5B
8BE5
5D
C3
jmp
jmp
pop
mov
pop
ret
00403278
0044179A
ebx
esp, ebp
ebp
:004417B4 FFFFFFFF
BYTE 4 DUP(0ffh)
:004417B8
:004417BA
:004417BC
:004417C3
:004417C5

xor dh, byte ptr ss:[FFFFFF00]
inc dword ptr [ecx]
BYTE 3 DUP(0)
0300
0000
36323500FFFFFF
FF01
000000
:004417C8 00
:004417C9 000000
BYTE 000h
BYTE 3 DUP(0)
:004417CC FFFFFFFF
BYTE 4 DUP(0ffh)
:004417D0
:004417D2
:004417D4
:004417D5
:004417D7
:004417DA
:004417DC
0200
0000
37
3200
000400
0000
FFFFFFFF

aaa
xor al, byte ptr [eax]
BYTE 4 DUP(0ffh)
:004417E0
:004417E2
:004417E4
:004417E5
:004417EC
0A00
0000
52
6967687420436F
64

push edx
imul esp, dword ptr [edi+68], 6F432074
BYTE 064h
:004417ED 65
BYTE 065h
:004417EE 0000
:004417F0 FFFFFFFF

BYTE 4 DUP(0ffh)
:004417F4
:004417F6
:004417F8
:004417F9
:004417FB
:004417FC
:00441800

push edi
jb 0044186A
outsb
and [bp+di+6F], al
BYTE 064h
0A00
0000
57
726F
6E
6720436F
64
:00441801 65
BYTE 065h
:00441802
:00441804
:00441806
:0044180D
0000
6A00
668B0D1C184400
B202

push 00000000
mov cx, word ptr [0044181C]
mov dl, 02
* Possible StringData Ref from Code Obj ->"Made by FireWorx/Revolt/Factory, "

->"Rulez: No patching"
|
:0044180F B828184400
mov eax, 00441828
:00441814 E85FFAFFFF
call 00441278
:00441819 C3
ret
:0044181A 0000
BYTE 2 DUP(0)
:0044181C 0400
:0044181E 0000
:00441820 FFFFFFFF
add al, 00
BYTE 4 DUP(0ffh)
:00441824
:00441826
:00441828
:00441829
:0044182A
3300
0000
4D
61
64
xor eax, dword ptr [eax]

dec ebp
popad
BYTE 064h
:0044182B
:0044182F
:00441832
:00441834
:00441835
:00441836
:00441838
:00441839
:0044183A
65206279
204669
7265
57
6F
7278
2F
52
65
and byte ptr gs:[edx+79], ah

and byte ptr [esi+69], al
jb 00441899
push edi
outsd
jb 004418B0
das
push edx
BYTE 065h
:0044183B
:0044183D
:0044183E
:00441840
:00441841
:00441842
:00441846
:00441848
:0044184B
:0044184C
766F
6C
742F
46
61
63746F72
792C
205275
6C
65
jbe 004418AC
insb
je 0044186F
inc esi
popad
arpl dword ptr [edi+2*ebp+72], esi
jns 00441874
and byte ptr [edx+75], dl
insb
BYTE 065h
:0044184D
:0044184F
:00441852
:00441855
:00441857
:0044185C
:0044185D
7A3A
204E6F
207061
7463
68696E6700
55
8BEC
jpe 00441889
and byte ptr [esi+6F], cl
and byte ptr [eax+61], dh
je 004418BA
push 00676E69
push ebp
mov ebp, esp
:0044185F
:00441861
:00441862
:00441867
33C0
55
6881184400
64FF30
xor eax, eax

push ebp
push 00441881
|:004417F9(C)
|
:0044186A 648920
:0044186D FF0530384400
:00441873 33C0
:00441875 5A
:00441876 59
:00441877 59
:00441878 648910
:0044187B 6888184400
|:00441886(U)
|
:00441880 C3
:00441881 E9F219FCFF
:00441886 EBF8
:00441888 5D
|:0044184D(C)
|
:00441889 C3
:0044188A 8BC0
:0044188C 832D3038440001
:00441893 C3
:00441894 55
:00441895 8BEC
:00441897 33C0
push ebp
mov ebp, esp
xor eax, eax
|:00441832(C)
|
:00441899 55
:0044189A 68B3184400
:0044189F 64FF30
:004418A2 648920
:004418A5 33C0
:004418A7 5A
:004418A8 59
:004418A9 59
:004418AA 648910
:004418AD 68BA184400
|:004418B8(U)
|
:004418B2 C3
:004418B3 E9C019FCFF
:004418B8 EBF8

xor eax, eax
pop edx
pop ecx
pop ecx
push 00441888
ret
jmp 00403278
jmp 00441880
pop ebp
ret
mov eax, eax
sub dword ptr [00443830], 00000001
ret
push ebp
push 004418B3
xor eax, eax
pop edx
pop ecx
pop ecx
push 004418BA
ret
jmp 00403278
jmp 004418B2
|:00441855(C)
|
:004418BA 5D
:004418BB C3
pop ebp
ret
:004418BC
:004418BE
:004418C0
:004418C2
:004418C3
:004418C5
:004418C6
:004418C7
:004418C9
:004418CA
:004418CB
:004418D2
:004418D3
:004418DA
:004418DB
:004418DE
:004418DF
:004418E2
:004418E3
:004418E5
:004418E7
:004418EE
:004418EF
:004418F1
:004418F2
:004418F3
:004418F5
:004418F6
:004418F7
:004418F9
:004418FA
:004418FB
:004418FF
:00441903
:00441906
:00441907
:00441909
:0044190A
:0044190B
:0044190D
:0044190E
:0044190F
:00441915
:00441916
:00441917
:00441919
:0044191E
:0044191F
:00441926
:00441927
:00441929
:0044192A
:0044192B
:0044192D

inc esp
pop esp
inc eax
add al, bl
pop ebx
inc eax
add byte ptr [ecx+2*ebx+593C0040], ah
inc eax
add byte ptr [esi+665C0040], cl
inc eax
add byte ptr [eax-4C], dh
inc ecx
add byte ptr [eax-4C], al
inc ecx
add ah, al
inc ax
add byte ptr [esi-5907FFC0], dl
inc eax
add al, cl
cmpsb
inc eax
add ah, dh
lodsb
inc ecx
add ah, al
lodsb
inc ecx
add byte ptr [ecx+2*ebp+40], bh
add byte ptr [ecx+2*ebp+40], cl
add byte ptr [eax-5A], al
inc eax
add ah, dh
movsb
inc eax
scasd
inc eax
add byte ptr [eax+180040AE], bh
stosb
inc eax
add al, ch
test eax, 24500040
inc ecx
add byte ptr [ebx-54F3FFBF], ah
inc ecx
stosb
inc ecx
sti
2000
0000
C418
44
0008
5C
40
00D8
5B
40
00A45940003C59
40
008C6640005C66
40
0070B4
41
0040B4
41
00C4
6640
0094664000F8A6
40
00C8
A6
40
00F4
AC
41
00C4
AC
41
007C6940
004C6940
0040A6
40
00F4
A4
40
0008
AF
40
00B8AE400018
AA
40
00E8
A940005024
41
00A42341000CAB
41
0038
AA
41
0038
FB
:0044192E
:0044192F
:00441931
:00441932
:00441933
:00441939
:0044193B
:0044193D
:0044193E
:0044193F
:00441943
:00441945
:00441947
:0044194D
:0044194F
:00441951
:00441953
:00441959
:0044195B
:0044195D
:0044195F
:00441961
:00441963
:00441969
:0044196E
:0044196F
:00441972
:00441973
:00441975
:00441977
:00441979
:0044197B
:0044197F
:00441981
:00441983
:00441985
:00441987
:00441989
:0044198B
:0044198E
:0044198F
:00441995
:00441998
:0044199A
:0044199B
:0044199E
:0044199F
:004419A1
:004419A5
:004419A9
:004419AD
:004419AF
:004419B5
:004419B9
:004419BD
42
0008
FB
42
00B0B4410080
B441
00C8
3F
43
006C3F43
00D4
D542
0080D5420028
E442
00F8
E342
00B8E6410088
E641
00FC
E641
00C0
E641
00A8E8410078
E84100A0B8
41
0070B8
41
0028
B541
00F8
B441
006CB541
0030
B541
00F0
B441
00C0
B441
000CFF
43
00B8FE43005C
FF4300
2CFF
43
001C0A
44
00EC
094400E4
094400B4
094400FC
1444
00A01444008C
1844005C
18440000
000000
:004419C0 94
:004419C1 18
:004419C2 44
inc edx
sti
inc edx
add byte ptr [eax+800041B4], dh
mov ah, 41
add al, cl
aas
inc ebx
add byte ptr [edi+edi+43], ch
add ah, dl
aad (base=66)
in al, 42
add al, bh
jcxz 00441995
add byte ptr [eax+880041E6], bh
out 41, al
add ah, bh
out 41, al
add al, al
out 41, al
add byte ptr [eax+780041E8], ch
call B8E419AF
inc ecx
add byte ptr [eax-48], dh
inc ecx
mov ch, 41
add al, bh
mov ah, 41
add byte ptr [ebp+4*esi+41], ch
mov ch, 41
add al, dh
mov ah, 41
add al, al
mov ah, 41
add byte ptr [edi+8*edi], cl
inc ebx
add byte ptr [eax+5C0043FE], bh
inc [ebx+00]
sub al, FF
inc ebx
add byte ptr [edx+ecx], bl
inc esp
add ah, ch
or dword ptr [eax+eax-1C], eax
or dword ptr [eax+eax-4C], eax
or dword ptr [eax+eax-04], eax
adc al, 44
add byte ptr [eax+8C004414], ah
sbb byte ptr [eax+eax+5C], al
sbb byte ptr [eax+eax], al
BYTE 3 DUP(0)
xchg eax,esp
BYTE 18h
BYTE 44h
:004419C3 00
BYTE 00h
//******************** Program Entry Point ********

:004419C4 55
push ebp
:004419C5 8BEC
mov ebp, esp
:004419C7 83C4F4
add esp, FFFFFFF4
:004419CA B8BC184400
mov eax, 004418BC
:004419CF E8D041FCFF
call 00405BA4
:004419D4 A1302C4400
:004419D9 8B00
:004419DB E824D3FFFF
call 0043ED04
:004419E0 8B0D002D4400
:004419E6 A1302C4400
:004419EB 8B00
:004419ED 8B1518154400
:004419F3 E824D3FFFF
call 0043ED1C
:004419F8 A1302C4400
:004419FD 8B00
:004419FF E898D3FFFF
call 0043ED9C
:00441A04 E87F1CFCFF
call 00403688
:00441A09 8D4000
:00441A0C 00000000000000000000
BYTE 10 DUP(0)
:00441A16 00000000000000000000
BYTE 10 DUP(0)
:00441A20 00000000000000000000
BYTE 10 DUP(0)
:00441A2A 00000000000000000000
BYTE 10 DUP(0)
:00441A34 00000000000000000000
BYTE 10 DUP(0)
:00441A3E 00000000000000000000
BYTE 10 DUP(0)
:00441A48 00000000000000000000
BYTE 10 DUP(0)
:00441A52 00000000000000000000
BYTE 10 DUP(0)
:00441A5C 00000000000000000000
BYTE 10 DUP(0)
:00441A66 00000000000000000000
BYTE 10 DUP(0)
:00441A70 00000000000000000000
BYTE 10 DUP(0)
:00441A7A 00000000000000000000
BYTE 10 DUP(0)
:00441A84 00000000000000000000
BYTE 10 DUP(0)
:00441A8E 00000000000000000000
BYTE 10 DUP(0)
:00441A98 00000000000000000000
BYTE 10 DUP(0)
:00441AA2 00000000000000000000
BYTE 10 DUP(0)
:00441AAC 00000000000000000000
BYTE 10 DUP(0)
:00441AB6 00000000000000000000
BYTE 10 DUP(0)
:00441AC0 00000000000000000000
BYTE 10 DUP(0)
:00441ACA 00000000000000000000
BYTE 10 DUP(0)
:00441AD4 00000000000000000000
BYTE 10 DUP(0)
:00441ADE 00000000000000000000
BYTE 10 DUP(0)
:00441AE8 00000000000000000000
BYTE 10 DUP(0)
:00441AF2 00000000000000000000
BYTE 10 DUP(0)
:00441AFC 00000000000000000000
BYTE 10 DUP(0)
:00441B06 00000000000000000000
BYTE 10 DUP(0)
:00441B10 00000000000000000000
BYTE 10 DUP(0)
:00441B1A 00000000000000000000
BYTE 10 DUP(0)
:00441B24 00000000000000000000
BYTE 10 DUP(0)
:00441B2E 00000000000000000000
BYTE 10 DUP(0)
:00441B38 00000000000000000000
BYTE 10 DUP(0)
:00441B42 00000000000000000000
BYTE 10 DUP(0)
:00441B4C 00000000000000000000
BYTE 10 DUP(0)
:00441B56 00000000000000000000
BYTE 10 DUP(0)
:00441B60 00000000000000000000
BYTE 10 DUP(0)
:00441B6A 00000000000000000000
BYTE 10 DUP(0)
:00441B74 00000000000000000000
BYTE 10 DUP(0)
:00441B7E 00000000000000000000
BYTE 10 DUP(0)
:00441B88
:00441B92
:00441B9C
:00441BA6
:00441BB0
:00441BBA
:00441BC4
:00441BCE
:00441BD8
:00441BE2
:00441BEC
:00441BF6
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
00000000000000000000
BYTE
BYTE
BYTE
BYTE
BYTE
BYTE
BYTE
BYTE
BYTE
BYTE
BYTE
BYTE
10
10
10
10
10
10
10
10
10
10
10
10
DUP(0)
DUP(0)
DUP(0)
DUP(0)
DUP(0)
DUP(0)
DUP(0)
DUP(0)
DUP(0)
DUP(0)
DUP(0)
DUP(0)

Crack Me 3

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Crack Me 3

Transféré par

Droits d'auteur :

Formats disponibles

Disassembly of File: C:\Users\hervet\Desktop\Crackme3\Crackme3.

RVA: 00001000 Offset: 00000400 Size: 00040C00 Flags: 60000

RVA: 00042000 Offset: 00041000 Size: 00000E00 Flags: C0000

RVA: 00043000 Offset: 00041E00 Size: 00000000 Flags: C0000

RVA: 00044000 Offset: 00041E00 Size: 00002000 Flags: C0000

RVA: 00046000 Offset: 00043E00 Size: 00000000 Flags: C0000

RVA: 00047000 Offset: 00043E00 Size: 00000200 Flags: 50000

RVA: 00048000 Offset: 00044000 Size: 00004A00 Flags: 50000

RVA: 0004D000 Offset: 00048A00 Size: 00003200 Flags: 50000

+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++

Import Module 002: user32.dll

Import Module 005: kernel32.dll

Import Module 006: advapi32.dll

Addr:00044A8A hint(0000) Name: RegQueryValueExA

Import Module 008: gdi32.dll

Import Module 009: user32.dll

Import Module 010: ole32.dll

+++++++++++++++++++ EXPORTED FUNCTIONS ++++++++++++++++++

+++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++

add dword ptr [eax], eax

adc byte ptr [eax+00], al

add al, byte ptr [ebx+2*eax]

inc dword ptr [eax]

inc dword ptr [eax]

add byte ptr [eax],

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

or (C)onditional Jump at Address:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

adc dword ptr [eax+00], eax

add dword ptr [eax], eax

rol byte ptr [eax], 00

add dword ptr [eax], eax

or (C)onditional Jump at Address:

mov eax, eax

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

adc dword ptr [ecx+2*ecx+6E], edx

edx, dword ptr [ecx]

* Referenced by a CALL at Addresses:

* Reference To: kernel32.GetStdHandle, Ord:0000h

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

Jmp dword ptr [00444158]

* Referenced by a CALL at Address:

* Reference To: kernel32.GetLastError, Ord:0000h

* Reference To: kernel32.GetLocaleInfoA, Ord:0000h

* Reference To: kernel32.lstrcpyA, Ord:0000h

* Referenced by a CALL at Address:

* Reference To: kernel32.MultiByteToWideChar, Ord:0000h

* Reference To: kernel32.WideCharToMultiByte, Ord:0000h

* Reference To: kernel32.VirtualQuery, Ord:0000h

* Reference To: oleaut32.SysAllocStringLen, Ord:0000h

* Reference To: oleaut32.SysFreeString, Ord:0000h

* Reference To: oleaut32.VariantChangeTypeEx, Ord:0000h

mov eax, eax

* Referenced by a CALL at Addresses:

* Referenced by a CALL at Addresses:

* Reference To: kernel32.VirtualAlloc, Ord:0000h

* Reference To: kernel32.VirtualFree, Ord:0000h

* Reference To: kernel32.EnterCriticalSection, Ord:0000h

* Reference To: kernel32.LeaveCriticalSection, Ord:0000h

* Referenced by a CALL at Address:

or (C)onditional Jump at Address:

or (C)onditional Jump at Address:

eax, dword ptr [0044344C]

* Referenced by a (U)nconditional or (C)onditional Jump at Address: